ScreenShot
| Created | 2021.08.09 11:28 | Machine | s1_win7_x6401 |
| Filename | sys.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 11 detected (malicious, high confidence, Artemis, MachineLearning, Anomalous, Attribute, HighConfidence, Glupteba, score) | ||
| md5 | e4ec80c2fd3c010788215a45cd7569dc | ||
| sha256 | 89c6800c3bb737ea1652c5280b4e0582fe8e2acd4c9298f691211c1a7bb1f601 | ||
| ssdeep | 12288:gVmrjy02JLWXXSUnad8SQavkpAcPEsFux2TMj23oaBIQuSLtkzv0D3Tm:Ry0uLyiUfSQaKXP0cD3PBIQMzcD3T | ||
| imphash | 94fa1b81286292ae26a8283979066c16 | ||
| impfuzzy | 96:6OFSOfpe2tV1lBehARdVLOCNtNTS9CV56RRXV:nRehAR7SCV5ARXV | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 11 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x462018 MultiByteToWideChar
0x46201c GlobalAlloc
0x462020 GlobalFree
0x462024 GlobalLock
0x462028 WideCharToMultiByte
0x46202c GlobalUnlock
0x462030 GetModuleHandleA
0x462034 LoadLibraryA
0x462038 QueryPerformanceFrequency
0x46203c GetProcAddress
0x462040 VerSetConditionMask
0x462044 FreeLibrary
0x462048 VerifyVersionInfoW
0x46204c QueryPerformanceCounter
0x462050 Module32Next
0x462054 OpenProcess
0x462058 CreateToolhelp32Snapshot
0x46205c Process32Next
0x462060 VirtualQueryEx
0x462064 GetModuleFileNameA
0x462068 SetFileTime
0x46206c CreateRemoteThread
0x462070 SystemTimeToFileTime
0x462074 GetSystemTime
0x462078 LeaveCriticalSection
0x46207c InitializeCriticalSectionAndSpinCount
0x462080 DeleteCriticalSection
0x462084 SetEvent
0x462088 ResetEvent
0x46208c WaitForSingleObjectEx
0x462090 CreateEventW
0x462094 GetModuleHandleW
0x462098 UnhandledExceptionFilter
0x46209c SetUnhandledExceptionFilter
0x4620a0 GetCurrentProcess
0x4620a4 TerminateProcess
0x4620a8 IsProcessorFeaturePresent
0x4620ac IsDebuggerPresent
0x4620b0 GetStartupInfoW
0x4620b4 GetCurrentProcessId
0x4620b8 GetCurrentThreadId
0x4620bc GetSystemTimeAsFileTime
0x4620c0 InitializeSListHead
0x4620c4 VirtualFreeEx
0x4620c8 VirtualAllocEx
0x4620cc CloseHandle
0x4620d0 WriteProcessMemory
0x4620d4 WaitForSingleObject
0x4620d8 CreateFileA
0x4620dc ReadProcessMemory
0x4620e0 EnterCriticalSection
USER32.dll
0x462118 TranslateMessage
0x46211c DispatchMessageA
0x462120 MessageBoxA
0x462124 GetDesktopWindow
0x462128 PeekMessageA
0x46212c PostQuitMessage
0x462130 DefWindowProcA
0x462134 CreateWindowExA
0x462138 SetLayeredWindowAttributes
0x46213c SetFocus
0x462140 UpdateWindow
0x462144 GetWindowLongW
0x462148 AdjustWindowRectEx
0x46214c GetForegroundWindow
0x462150 LoadCursorA
0x462154 DestroyWindow
0x462158 GetDC
0x46215c SetWindowPos
0x462160 MonitorFromWindow
0x462164 EnumDisplayMonitors
0x462168 ScreenToClient
0x46216c SetWindowTextW
0x462170 WindowFromPoint
0x462174 GetCapture
0x462178 GetMonitorInfoA
0x46217c SetWindowLongA
0x462180 ClientToScreen
0x462184 IsChild
0x462188 GetWindowRect
0x46218c BringWindowToTop
0x462190 SetCapture
0x462194 SetCursor
0x462198 SetWindowLongW
0x46219c ShowWindow
0x4621a0 GetAsyncKeyState
0x4621a4 GetClientRect
0x4621a8 UnregisterClassA
0x4621ac SetClipboardData
0x4621b0 GetClipboardData
0x4621b4 EmptyClipboard
0x4621b8 CloseClipboard
0x4621bc OpenClipboard
0x4621c0 GetCursorPos
0x4621c4 ReleaseDC
0x4621c8 SetCursorPos
0x4621cc IsIconic
0x4621d0 SetForegroundWindow
0x4621d4 ReleaseCapture
0x4621d8 RegisterClassExA
0x4621dc GetKeyState
GDI32.dll
0x462000 GetDeviceCaps
MSVCP140.dll
0x4620e8 ?_Xout_of_range@std@@YAXPBD@Z
0x4620ec _Thrd_detach
0x4620f0 _Cnd_do_broadcast_at_thread_exit
0x4620f4 ?_Throw_C_error@std@@YAXH@Z
0x4620f8 ?_Throw_Cpp_error@std@@YAXH@Z
0x4620fc ?_Xlength_error@std@@YAXPBD@Z
0x462100 _Xtime_get_ticks
0x462104 _Query_perf_counter
0x462108 _Thrd_sleep
0x46210c ?_Random_device@std@@YAIXZ
0x462110 _Query_perf_frequency
IMM32.dll
0x462008 ImmReleaseContext
0x46200c ImmGetContext
0x462010 ImmSetCompositionWindow
d3d9.dll
0x46234c Direct3DCreate9
VCRUNTIME140.dll
0x4621e4 _except_handler4_common
0x4621e8 memset
0x4621ec __current_exception_context
0x4621f0 __current_exception
0x4621f4 _purecall
0x4621f8 _CxxThrowException
0x4621fc __std_exception_destroy
0x462200 strstr
0x462204 __std_terminate
0x462208 __CxxFrameHandler3
0x46220c memchr
0x462210 memcpy
0x462214 memmove
0x462218 __std_exception_copy
api-ms-win-crt-runtime-l1-1-0.dll
0x46228c _crt_atexit
0x462290 _get_narrow_winmain_command_line
0x462294 _initterm
0x462298 _initterm_e
0x46229c _exit
0x4622a0 _c_exit
0x4622a4 _register_thread_local_exe_atexit_callback
0x4622a8 _set_app_type
0x4622ac _initialize_onexit_table
0x4622b0 _initialize_narrow_environment
0x4622b4 _controlfp_s
0x4622b8 _configure_narrow_argv
0x4622bc _wassert
0x4622c0 _invalid_parameter_noinfo_noreturn
0x4622c4 _seh_filter_exe
0x4622c8 exit
0x4622cc _register_onexit_function
0x4622d0 terminate
0x4622d4 _beginthreadex
0x4622d8 _cexit
api-ms-win-crt-stdio-l1-1-0.dll
0x4622e0 fread
0x4622e4 __stdio_common_vsprintf_s
0x4622e8 __stdio_common_vsprintf
0x4622ec _wfopen
0x4622f0 fwrite
0x4622f4 fopen_s
0x4622f8 fputs
0x4622fc _set_fmode
0x462300 fseek
0x462304 fclose
0x462308 fflush
0x46230c __acrt_iob_func
0x462310 __p__commode
0x462314 ftell
0x462318 __stdio_common_vsscanf
api-ms-win-crt-string-l1-1-0.dll
0x462320 strncmp
0x462324 strncpy
api-ms-win-crt-utility-l1-1-0.dll
0x46233c srand
0x462340 rand
0x462344 qsort
api-ms-win-crt-heap-l1-1-0.dll
0x462238 _set_new_mode
0x46223c malloc
0x462240 _callnewh
0x462244 free
api-ms-win-crt-convert-l1-1-0.dll
0x462220 atof
0x462224 strtod
0x462228 strtol
api-ms-win-crt-multibyte-l1-1-0.dll
0x462284 _mbsicmp
api-ms-win-crt-time-l1-1-0.dll
0x46232c strftime
0x462330 _time64
0x462334 _localtime64
api-ms-win-crt-filesystem-l1-1-0.dll
0x462230 rename
api-ms-win-crt-math-l1-1-0.dll
0x462254 _libm_sse2_cos_precise
0x462258 _libm_sse2_atan_precise
0x46225c _libm_sse2_pow_precise
0x462260 _libm_sse2_asin_precise
0x462264 _libm_sse2_acos_precise
0x462268 _libm_sse2_sin_precise
0x46226c _CIatan2
0x462270 _CIfmod
0x462274 _libm_sse2_sqrt_precise
0x462278 ceil
0x46227c __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll
0x46224c _configthreadlocale
EAT(Export Address Table) is none
KERNEL32.dll
0x462018 MultiByteToWideChar
0x46201c GlobalAlloc
0x462020 GlobalFree
0x462024 GlobalLock
0x462028 WideCharToMultiByte
0x46202c GlobalUnlock
0x462030 GetModuleHandleA
0x462034 LoadLibraryA
0x462038 QueryPerformanceFrequency
0x46203c GetProcAddress
0x462040 VerSetConditionMask
0x462044 FreeLibrary
0x462048 VerifyVersionInfoW
0x46204c QueryPerformanceCounter
0x462050 Module32Next
0x462054 OpenProcess
0x462058 CreateToolhelp32Snapshot
0x46205c Process32Next
0x462060 VirtualQueryEx
0x462064 GetModuleFileNameA
0x462068 SetFileTime
0x46206c CreateRemoteThread
0x462070 SystemTimeToFileTime
0x462074 GetSystemTime
0x462078 LeaveCriticalSection
0x46207c InitializeCriticalSectionAndSpinCount
0x462080 DeleteCriticalSection
0x462084 SetEvent
0x462088 ResetEvent
0x46208c WaitForSingleObjectEx
0x462090 CreateEventW
0x462094 GetModuleHandleW
0x462098 UnhandledExceptionFilter
0x46209c SetUnhandledExceptionFilter
0x4620a0 GetCurrentProcess
0x4620a4 TerminateProcess
0x4620a8 IsProcessorFeaturePresent
0x4620ac IsDebuggerPresent
0x4620b0 GetStartupInfoW
0x4620b4 GetCurrentProcessId
0x4620b8 GetCurrentThreadId
0x4620bc GetSystemTimeAsFileTime
0x4620c0 InitializeSListHead
0x4620c4 VirtualFreeEx
0x4620c8 VirtualAllocEx
0x4620cc CloseHandle
0x4620d0 WriteProcessMemory
0x4620d4 WaitForSingleObject
0x4620d8 CreateFileA
0x4620dc ReadProcessMemory
0x4620e0 EnterCriticalSection
USER32.dll
0x462118 TranslateMessage
0x46211c DispatchMessageA
0x462120 MessageBoxA
0x462124 GetDesktopWindow
0x462128 PeekMessageA
0x46212c PostQuitMessage
0x462130 DefWindowProcA
0x462134 CreateWindowExA
0x462138 SetLayeredWindowAttributes
0x46213c SetFocus
0x462140 UpdateWindow
0x462144 GetWindowLongW
0x462148 AdjustWindowRectEx
0x46214c GetForegroundWindow
0x462150 LoadCursorA
0x462154 DestroyWindow
0x462158 GetDC
0x46215c SetWindowPos
0x462160 MonitorFromWindow
0x462164 EnumDisplayMonitors
0x462168 ScreenToClient
0x46216c SetWindowTextW
0x462170 WindowFromPoint
0x462174 GetCapture
0x462178 GetMonitorInfoA
0x46217c SetWindowLongA
0x462180 ClientToScreen
0x462184 IsChild
0x462188 GetWindowRect
0x46218c BringWindowToTop
0x462190 SetCapture
0x462194 SetCursor
0x462198 SetWindowLongW
0x46219c ShowWindow
0x4621a0 GetAsyncKeyState
0x4621a4 GetClientRect
0x4621a8 UnregisterClassA
0x4621ac SetClipboardData
0x4621b0 GetClipboardData
0x4621b4 EmptyClipboard
0x4621b8 CloseClipboard
0x4621bc OpenClipboard
0x4621c0 GetCursorPos
0x4621c4 ReleaseDC
0x4621c8 SetCursorPos
0x4621cc IsIconic
0x4621d0 SetForegroundWindow
0x4621d4 ReleaseCapture
0x4621d8 RegisterClassExA
0x4621dc GetKeyState
GDI32.dll
0x462000 GetDeviceCaps
MSVCP140.dll
0x4620e8 ?_Xout_of_range@std@@YAXPBD@Z
0x4620ec _Thrd_detach
0x4620f0 _Cnd_do_broadcast_at_thread_exit
0x4620f4 ?_Throw_C_error@std@@YAXH@Z
0x4620f8 ?_Throw_Cpp_error@std@@YAXH@Z
0x4620fc ?_Xlength_error@std@@YAXPBD@Z
0x462100 _Xtime_get_ticks
0x462104 _Query_perf_counter
0x462108 _Thrd_sleep
0x46210c ?_Random_device@std@@YAIXZ
0x462110 _Query_perf_frequency
IMM32.dll
0x462008 ImmReleaseContext
0x46200c ImmGetContext
0x462010 ImmSetCompositionWindow
d3d9.dll
0x46234c Direct3DCreate9
VCRUNTIME140.dll
0x4621e4 _except_handler4_common
0x4621e8 memset
0x4621ec __current_exception_context
0x4621f0 __current_exception
0x4621f4 _purecall
0x4621f8 _CxxThrowException
0x4621fc __std_exception_destroy
0x462200 strstr
0x462204 __std_terminate
0x462208 __CxxFrameHandler3
0x46220c memchr
0x462210 memcpy
0x462214 memmove
0x462218 __std_exception_copy
api-ms-win-crt-runtime-l1-1-0.dll
0x46228c _crt_atexit
0x462290 _get_narrow_winmain_command_line
0x462294 _initterm
0x462298 _initterm_e
0x46229c _exit
0x4622a0 _c_exit
0x4622a4 _register_thread_local_exe_atexit_callback
0x4622a8 _set_app_type
0x4622ac _initialize_onexit_table
0x4622b0 _initialize_narrow_environment
0x4622b4 _controlfp_s
0x4622b8 _configure_narrow_argv
0x4622bc _wassert
0x4622c0 _invalid_parameter_noinfo_noreturn
0x4622c4 _seh_filter_exe
0x4622c8 exit
0x4622cc _register_onexit_function
0x4622d0 terminate
0x4622d4 _beginthreadex
0x4622d8 _cexit
api-ms-win-crt-stdio-l1-1-0.dll
0x4622e0 fread
0x4622e4 __stdio_common_vsprintf_s
0x4622e8 __stdio_common_vsprintf
0x4622ec _wfopen
0x4622f0 fwrite
0x4622f4 fopen_s
0x4622f8 fputs
0x4622fc _set_fmode
0x462300 fseek
0x462304 fclose
0x462308 fflush
0x46230c __acrt_iob_func
0x462310 __p__commode
0x462314 ftell
0x462318 __stdio_common_vsscanf
api-ms-win-crt-string-l1-1-0.dll
0x462320 strncmp
0x462324 strncpy
api-ms-win-crt-utility-l1-1-0.dll
0x46233c srand
0x462340 rand
0x462344 qsort
api-ms-win-crt-heap-l1-1-0.dll
0x462238 _set_new_mode
0x46223c malloc
0x462240 _callnewh
0x462244 free
api-ms-win-crt-convert-l1-1-0.dll
0x462220 atof
0x462224 strtod
0x462228 strtol
api-ms-win-crt-multibyte-l1-1-0.dll
0x462284 _mbsicmp
api-ms-win-crt-time-l1-1-0.dll
0x46232c strftime
0x462330 _time64
0x462334 _localtime64
api-ms-win-crt-filesystem-l1-1-0.dll
0x462230 rename
api-ms-win-crt-math-l1-1-0.dll
0x462254 _libm_sse2_cos_precise
0x462258 _libm_sse2_atan_precise
0x46225c _libm_sse2_pow_precise
0x462260 _libm_sse2_asin_precise
0x462264 _libm_sse2_acos_precise
0x462268 _libm_sse2_sin_precise
0x46226c _CIatan2
0x462270 _CIfmod
0x462274 _libm_sse2_sqrt_precise
0x462278 ceil
0x46227c __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll
0x46224c _configthreadlocale
EAT(Export Address Table) is none