ScreenShot
| Created | 2021.08.09 19:02 | Machine | s1_win7_x6401 |
| Filename | alfile.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 42 detected (AIDetect, malware1, Racealer, malicious, high confidence, GenericKD, GenericRXAA, Unsafe, Save, confidence, 100%, Kryptik, Eldorado, HLZW, RansomX, Filerepmalware, CLASSIC, StellarStealer, rluer, ai score=99, Aicat, SL2CMN, score, MalPE, R436231, ZexaF, Fq0@ayqzJmD, Static AI, Malicious PE, susgen, HLZT, GdSda, HwoCueAA) | ||
| md5 | cc350161b58a017e09a9a50288ae3fc5 | ||
| sha256 | 41f3daea057e507439d38c4ce3c090576f34cdf9bc14c1d765894557083cafdb | ||
| ssdeep | 6144:bUoWsiCdYnwBD/uY/wYWdQn3oxcYIYCnyzLtJ2VKMxt3eOP/PYqorjWWCIwv3D:4HsiCZLDu1CnyzpwVht3eOXwqon9C5v | ||
| imphash | e4703f951d731209d4eda0f101cdb509 | ||
| impfuzzy | 48:XRZqqZPwKuFhzg/nrPYTtRVGAxcgYvc2vdMf:X7xPAhU8TtXGAxc7vc2vM | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 42 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x45e008 lstrlenA
0x45e00c FindResourceExW
0x45e010 LocalCompact
0x45e014 UpdateResourceA
0x45e018 MoveFileExW
0x45e01c InterlockedDecrement
0x45e020 GetCurrentProcess
0x45e024 GetUserDefaultLCID
0x45e028 SetConsoleScreenBufferSize
0x45e02c WriteConsoleInputA
0x45e030 GetComputerNameW
0x45e034 SetEvent
0x45e038 GetSystemDefaultLCID
0x45e03c GetProcessHeap
0x45e040 IsBadReadPtr
0x45e044 GetConsoleAliasesLengthA
0x45e048 GetConsoleTitleA
0x45e04c ReadConsoleW
0x45e050 ReadConsoleOutputA
0x45e054 WriteFile
0x45e058 CreateActCtxW
0x45e05c GetVolumePathNameW
0x45e060 ActivateActCtx
0x45e064 GetConsoleCP
0x45e068 GlobalAlloc
0x45e06c TerminateThread
0x45e070 ReadConsoleInputA
0x45e074 GetSystemWindowsDirectoryA
0x45e078 SetConsoleCP
0x45e07c InterlockedPopEntrySList
0x45e080 GetFileAttributesA
0x45e084 DnsHostnameToComputerNameW
0x45e088 lstrcpynW
0x45e08c GetConsoleAliasW
0x45e090 SetTimeZoneInformation
0x45e094 WriteConsoleOutputCharacterW
0x45e098 WriteConsoleW
0x45e09c GetMailslotInfo
0x45e0a0 CreateActCtxA
0x45e0a4 GetCPInfoExW
0x45e0a8 GetLastError
0x45e0ac GetLongPathNameW
0x45e0b0 SetLastError
0x45e0b4 GetProcAddress
0x45e0b8 EnumDateFormatsExA
0x45e0bc EnterCriticalSection
0x45e0c0 GlobalGetAtomNameA
0x45e0c4 BuildCommDCBW
0x45e0c8 LoadLibraryA
0x45e0cc GetProfileStringA
0x45e0d0 GlobalGetAtomNameW
0x45e0d4 WaitForMultipleObjects
0x45e0d8 SetSystemTime
0x45e0dc SetEnvironmentVariableA
0x45e0e0 SetConsoleTitleW
0x45e0e4 GetModuleHandleA
0x45e0e8 lstrcatW
0x45e0ec EraseTape
0x45e0f0 CancelTimerQueueTimer
0x45e0f4 GetPrivateProfileSectionA
0x45e0f8 VirtualProtect
0x45e0fc PeekConsoleInputA
0x45e100 SetCalendarInfoA
0x45e104 EndUpdateResourceA
0x45e108 FindFirstVolumeW
0x45e10c AreFileApisANSI
0x45e110 VerifyVersionInfoA
0x45e114 UnhandledExceptionFilter
0x45e118 SetUnhandledExceptionFilter
0x45e11c HeapReAlloc
0x45e120 HeapAlloc
0x45e124 GetCommandLineA
0x45e128 GetStartupInfoA
0x45e12c RaiseException
0x45e130 RtlUnwind
0x45e134 GetModuleHandleW
0x45e138 Sleep
0x45e13c ExitProcess
0x45e140 GetStdHandle
0x45e144 GetModuleFileNameA
0x45e148 TerminateProcess
0x45e14c IsDebuggerPresent
0x45e150 HeapFree
0x45e154 DeleteCriticalSection
0x45e158 LeaveCriticalSection
0x45e15c HeapCreate
0x45e160 VirtualFree
0x45e164 VirtualAlloc
0x45e168 FreeEnvironmentStringsA
0x45e16c GetEnvironmentStrings
0x45e170 FreeEnvironmentStringsW
0x45e174 WideCharToMultiByte
0x45e178 GetEnvironmentStringsW
0x45e17c SetHandleCount
0x45e180 GetFileType
0x45e184 TlsGetValue
0x45e188 TlsAlloc
0x45e18c TlsSetValue
0x45e190 TlsFree
0x45e194 InterlockedIncrement
0x45e198 GetCurrentThreadId
0x45e19c QueryPerformanceCounter
0x45e1a0 GetTickCount
0x45e1a4 GetCurrentProcessId
0x45e1a8 GetSystemTimeAsFileTime
0x45e1ac InitializeCriticalSectionAndSpinCount
0x45e1b0 HeapSize
0x45e1b4 GetCPInfo
0x45e1b8 GetACP
0x45e1bc GetOEMCP
0x45e1c0 IsValidCodePage
0x45e1c4 GetLocaleInfoA
0x45e1c8 LCMapStringA
0x45e1cc MultiByteToWideChar
0x45e1d0 LCMapStringW
0x45e1d4 GetStringTypeA
0x45e1d8 GetStringTypeW
USER32.dll
0x45e1e0 GetAltTabInfoW
0x45e1e4 RealGetWindowClassA
ADVAPI32.dll
0x45e000 BackupEventLogW
EAT(Export Address Table) is none
KERNEL32.dll
0x45e008 lstrlenA
0x45e00c FindResourceExW
0x45e010 LocalCompact
0x45e014 UpdateResourceA
0x45e018 MoveFileExW
0x45e01c InterlockedDecrement
0x45e020 GetCurrentProcess
0x45e024 GetUserDefaultLCID
0x45e028 SetConsoleScreenBufferSize
0x45e02c WriteConsoleInputA
0x45e030 GetComputerNameW
0x45e034 SetEvent
0x45e038 GetSystemDefaultLCID
0x45e03c GetProcessHeap
0x45e040 IsBadReadPtr
0x45e044 GetConsoleAliasesLengthA
0x45e048 GetConsoleTitleA
0x45e04c ReadConsoleW
0x45e050 ReadConsoleOutputA
0x45e054 WriteFile
0x45e058 CreateActCtxW
0x45e05c GetVolumePathNameW
0x45e060 ActivateActCtx
0x45e064 GetConsoleCP
0x45e068 GlobalAlloc
0x45e06c TerminateThread
0x45e070 ReadConsoleInputA
0x45e074 GetSystemWindowsDirectoryA
0x45e078 SetConsoleCP
0x45e07c InterlockedPopEntrySList
0x45e080 GetFileAttributesA
0x45e084 DnsHostnameToComputerNameW
0x45e088 lstrcpynW
0x45e08c GetConsoleAliasW
0x45e090 SetTimeZoneInformation
0x45e094 WriteConsoleOutputCharacterW
0x45e098 WriteConsoleW
0x45e09c GetMailslotInfo
0x45e0a0 CreateActCtxA
0x45e0a4 GetCPInfoExW
0x45e0a8 GetLastError
0x45e0ac GetLongPathNameW
0x45e0b0 SetLastError
0x45e0b4 GetProcAddress
0x45e0b8 EnumDateFormatsExA
0x45e0bc EnterCriticalSection
0x45e0c0 GlobalGetAtomNameA
0x45e0c4 BuildCommDCBW
0x45e0c8 LoadLibraryA
0x45e0cc GetProfileStringA
0x45e0d0 GlobalGetAtomNameW
0x45e0d4 WaitForMultipleObjects
0x45e0d8 SetSystemTime
0x45e0dc SetEnvironmentVariableA
0x45e0e0 SetConsoleTitleW
0x45e0e4 GetModuleHandleA
0x45e0e8 lstrcatW
0x45e0ec EraseTape
0x45e0f0 CancelTimerQueueTimer
0x45e0f4 GetPrivateProfileSectionA
0x45e0f8 VirtualProtect
0x45e0fc PeekConsoleInputA
0x45e100 SetCalendarInfoA
0x45e104 EndUpdateResourceA
0x45e108 FindFirstVolumeW
0x45e10c AreFileApisANSI
0x45e110 VerifyVersionInfoA
0x45e114 UnhandledExceptionFilter
0x45e118 SetUnhandledExceptionFilter
0x45e11c HeapReAlloc
0x45e120 HeapAlloc
0x45e124 GetCommandLineA
0x45e128 GetStartupInfoA
0x45e12c RaiseException
0x45e130 RtlUnwind
0x45e134 GetModuleHandleW
0x45e138 Sleep
0x45e13c ExitProcess
0x45e140 GetStdHandle
0x45e144 GetModuleFileNameA
0x45e148 TerminateProcess
0x45e14c IsDebuggerPresent
0x45e150 HeapFree
0x45e154 DeleteCriticalSection
0x45e158 LeaveCriticalSection
0x45e15c HeapCreate
0x45e160 VirtualFree
0x45e164 VirtualAlloc
0x45e168 FreeEnvironmentStringsA
0x45e16c GetEnvironmentStrings
0x45e170 FreeEnvironmentStringsW
0x45e174 WideCharToMultiByte
0x45e178 GetEnvironmentStringsW
0x45e17c SetHandleCount
0x45e180 GetFileType
0x45e184 TlsGetValue
0x45e188 TlsAlloc
0x45e18c TlsSetValue
0x45e190 TlsFree
0x45e194 InterlockedIncrement
0x45e198 GetCurrentThreadId
0x45e19c QueryPerformanceCounter
0x45e1a0 GetTickCount
0x45e1a4 GetCurrentProcessId
0x45e1a8 GetSystemTimeAsFileTime
0x45e1ac InitializeCriticalSectionAndSpinCount
0x45e1b0 HeapSize
0x45e1b4 GetCPInfo
0x45e1b8 GetACP
0x45e1bc GetOEMCP
0x45e1c0 IsValidCodePage
0x45e1c4 GetLocaleInfoA
0x45e1c8 LCMapStringA
0x45e1cc MultiByteToWideChar
0x45e1d0 LCMapStringW
0x45e1d4 GetStringTypeA
0x45e1d8 GetStringTypeW
USER32.dll
0x45e1e0 GetAltTabInfoW
0x45e1e4 RealGetWindowClassA
ADVAPI32.dll
0x45e000 BackupEventLogW
EAT(Export Address Table) is none