ScreenShot
| Created | 2021.08.10 10:03 | Machine | s1_win7_x6402 |
| Filename | raccon.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 22 detected (malicious, high confidence, Unsafe, Save, confidence, 100%, ZexaF, Fq0@a8xDM5r, Convagent, Kryptik, CLASSIC, SoftPulse, Static AI, Malicious PE, Wacatac, SL2CMN, score, UrSnif, QVM10) | ||
| md5 | bcaf1c7dc97e9cf1499d52bb1df4bd84 | ||
| sha256 | ba82f00041a9a6532de2ef36c3b39e0dde065b97b9c36f24baf9dcc57a7f9180 | ||
| ssdeep | 12288:eJsiGRJMfoFMMZG8W+xp603u2jW09C5QiM:osiGRfMMZGYPD9liM | ||
| imphash | e4703f951d731209d4eda0f101cdb509 | ||
| impfuzzy | 48:XRZqqZPwKuFhzg/nrPYTtRVGAxcgYvc2vdMf:X7xPAhU8TtXGAxc7vc2vM | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x45d008 lstrlenA
0x45d00c FindResourceExW
0x45d010 LocalCompact
0x45d014 UpdateResourceA
0x45d018 MoveFileExW
0x45d01c InterlockedDecrement
0x45d020 GetCurrentProcess
0x45d024 GetUserDefaultLCID
0x45d028 SetConsoleScreenBufferSize
0x45d02c WriteConsoleInputA
0x45d030 GetComputerNameW
0x45d034 SetEvent
0x45d038 GetSystemDefaultLCID
0x45d03c GetProcessHeap
0x45d040 IsBadReadPtr
0x45d044 GetConsoleAliasesLengthA
0x45d048 GetConsoleTitleA
0x45d04c ReadConsoleW
0x45d050 ReadConsoleOutputA
0x45d054 WriteFile
0x45d058 CreateActCtxW
0x45d05c GetVolumePathNameW
0x45d060 ActivateActCtx
0x45d064 GetConsoleCP
0x45d068 GlobalAlloc
0x45d06c TerminateThread
0x45d070 ReadConsoleInputA
0x45d074 GetSystemWindowsDirectoryA
0x45d078 SetConsoleCP
0x45d07c InterlockedPopEntrySList
0x45d080 GetFileAttributesA
0x45d084 DnsHostnameToComputerNameW
0x45d088 lstrcpynW
0x45d08c GetConsoleAliasW
0x45d090 SetTimeZoneInformation
0x45d094 WriteConsoleOutputCharacterW
0x45d098 WriteConsoleW
0x45d09c GetMailslotInfo
0x45d0a0 CreateActCtxA
0x45d0a4 GetCPInfoExW
0x45d0a8 GetLastError
0x45d0ac GetLongPathNameW
0x45d0b0 SetLastError
0x45d0b4 GetProcAddress
0x45d0b8 EnumDateFormatsExA
0x45d0bc EnterCriticalSection
0x45d0c0 GlobalGetAtomNameA
0x45d0c4 BuildCommDCBW
0x45d0c8 LoadLibraryA
0x45d0cc GetProfileStringA
0x45d0d0 GlobalGetAtomNameW
0x45d0d4 WaitForMultipleObjects
0x45d0d8 SetSystemTime
0x45d0dc SetEnvironmentVariableA
0x45d0e0 SetConsoleTitleW
0x45d0e4 GetModuleHandleA
0x45d0e8 lstrcatW
0x45d0ec EraseTape
0x45d0f0 CancelTimerQueueTimer
0x45d0f4 GetPrivateProfileSectionA
0x45d0f8 VirtualProtect
0x45d0fc PeekConsoleInputA
0x45d100 SetCalendarInfoA
0x45d104 EndUpdateResourceA
0x45d108 FindFirstVolumeW
0x45d10c AreFileApisANSI
0x45d110 VerifyVersionInfoA
0x45d114 UnhandledExceptionFilter
0x45d118 SetUnhandledExceptionFilter
0x45d11c HeapReAlloc
0x45d120 HeapAlloc
0x45d124 GetCommandLineA
0x45d128 GetStartupInfoA
0x45d12c RaiseException
0x45d130 RtlUnwind
0x45d134 GetModuleHandleW
0x45d138 Sleep
0x45d13c ExitProcess
0x45d140 GetStdHandle
0x45d144 GetModuleFileNameA
0x45d148 TerminateProcess
0x45d14c IsDebuggerPresent
0x45d150 HeapFree
0x45d154 DeleteCriticalSection
0x45d158 LeaveCriticalSection
0x45d15c HeapCreate
0x45d160 VirtualFree
0x45d164 VirtualAlloc
0x45d168 FreeEnvironmentStringsA
0x45d16c GetEnvironmentStrings
0x45d170 FreeEnvironmentStringsW
0x45d174 WideCharToMultiByte
0x45d178 GetEnvironmentStringsW
0x45d17c SetHandleCount
0x45d180 GetFileType
0x45d184 TlsGetValue
0x45d188 TlsAlloc
0x45d18c TlsSetValue
0x45d190 TlsFree
0x45d194 InterlockedIncrement
0x45d198 GetCurrentThreadId
0x45d19c QueryPerformanceCounter
0x45d1a0 GetTickCount
0x45d1a4 GetCurrentProcessId
0x45d1a8 GetSystemTimeAsFileTime
0x45d1ac InitializeCriticalSectionAndSpinCount
0x45d1b0 HeapSize
0x45d1b4 GetCPInfo
0x45d1b8 GetACP
0x45d1bc GetOEMCP
0x45d1c0 IsValidCodePage
0x45d1c4 GetLocaleInfoA
0x45d1c8 LCMapStringA
0x45d1cc MultiByteToWideChar
0x45d1d0 LCMapStringW
0x45d1d4 GetStringTypeA
0x45d1d8 GetStringTypeW
USER32.dll
0x45d1e0 GetAltTabInfoW
0x45d1e4 RealGetWindowClassA
ADVAPI32.dll
0x45d000 BackupEventLogW
EAT(Export Address Table) is none
KERNEL32.dll
0x45d008 lstrlenA
0x45d00c FindResourceExW
0x45d010 LocalCompact
0x45d014 UpdateResourceA
0x45d018 MoveFileExW
0x45d01c InterlockedDecrement
0x45d020 GetCurrentProcess
0x45d024 GetUserDefaultLCID
0x45d028 SetConsoleScreenBufferSize
0x45d02c WriteConsoleInputA
0x45d030 GetComputerNameW
0x45d034 SetEvent
0x45d038 GetSystemDefaultLCID
0x45d03c GetProcessHeap
0x45d040 IsBadReadPtr
0x45d044 GetConsoleAliasesLengthA
0x45d048 GetConsoleTitleA
0x45d04c ReadConsoleW
0x45d050 ReadConsoleOutputA
0x45d054 WriteFile
0x45d058 CreateActCtxW
0x45d05c GetVolumePathNameW
0x45d060 ActivateActCtx
0x45d064 GetConsoleCP
0x45d068 GlobalAlloc
0x45d06c TerminateThread
0x45d070 ReadConsoleInputA
0x45d074 GetSystemWindowsDirectoryA
0x45d078 SetConsoleCP
0x45d07c InterlockedPopEntrySList
0x45d080 GetFileAttributesA
0x45d084 DnsHostnameToComputerNameW
0x45d088 lstrcpynW
0x45d08c GetConsoleAliasW
0x45d090 SetTimeZoneInformation
0x45d094 WriteConsoleOutputCharacterW
0x45d098 WriteConsoleW
0x45d09c GetMailslotInfo
0x45d0a0 CreateActCtxA
0x45d0a4 GetCPInfoExW
0x45d0a8 GetLastError
0x45d0ac GetLongPathNameW
0x45d0b0 SetLastError
0x45d0b4 GetProcAddress
0x45d0b8 EnumDateFormatsExA
0x45d0bc EnterCriticalSection
0x45d0c0 GlobalGetAtomNameA
0x45d0c4 BuildCommDCBW
0x45d0c8 LoadLibraryA
0x45d0cc GetProfileStringA
0x45d0d0 GlobalGetAtomNameW
0x45d0d4 WaitForMultipleObjects
0x45d0d8 SetSystemTime
0x45d0dc SetEnvironmentVariableA
0x45d0e0 SetConsoleTitleW
0x45d0e4 GetModuleHandleA
0x45d0e8 lstrcatW
0x45d0ec EraseTape
0x45d0f0 CancelTimerQueueTimer
0x45d0f4 GetPrivateProfileSectionA
0x45d0f8 VirtualProtect
0x45d0fc PeekConsoleInputA
0x45d100 SetCalendarInfoA
0x45d104 EndUpdateResourceA
0x45d108 FindFirstVolumeW
0x45d10c AreFileApisANSI
0x45d110 VerifyVersionInfoA
0x45d114 UnhandledExceptionFilter
0x45d118 SetUnhandledExceptionFilter
0x45d11c HeapReAlloc
0x45d120 HeapAlloc
0x45d124 GetCommandLineA
0x45d128 GetStartupInfoA
0x45d12c RaiseException
0x45d130 RtlUnwind
0x45d134 GetModuleHandleW
0x45d138 Sleep
0x45d13c ExitProcess
0x45d140 GetStdHandle
0x45d144 GetModuleFileNameA
0x45d148 TerminateProcess
0x45d14c IsDebuggerPresent
0x45d150 HeapFree
0x45d154 DeleteCriticalSection
0x45d158 LeaveCriticalSection
0x45d15c HeapCreate
0x45d160 VirtualFree
0x45d164 VirtualAlloc
0x45d168 FreeEnvironmentStringsA
0x45d16c GetEnvironmentStrings
0x45d170 FreeEnvironmentStringsW
0x45d174 WideCharToMultiByte
0x45d178 GetEnvironmentStringsW
0x45d17c SetHandleCount
0x45d180 GetFileType
0x45d184 TlsGetValue
0x45d188 TlsAlloc
0x45d18c TlsSetValue
0x45d190 TlsFree
0x45d194 InterlockedIncrement
0x45d198 GetCurrentThreadId
0x45d19c QueryPerformanceCounter
0x45d1a0 GetTickCount
0x45d1a4 GetCurrentProcessId
0x45d1a8 GetSystemTimeAsFileTime
0x45d1ac InitializeCriticalSectionAndSpinCount
0x45d1b0 HeapSize
0x45d1b4 GetCPInfo
0x45d1b8 GetACP
0x45d1bc GetOEMCP
0x45d1c0 IsValidCodePage
0x45d1c4 GetLocaleInfoA
0x45d1c8 LCMapStringA
0x45d1cc MultiByteToWideChar
0x45d1d0 LCMapStringW
0x45d1d4 GetStringTypeA
0x45d1d8 GetStringTypeW
USER32.dll
0x45d1e0 GetAltTabInfoW
0x45d1e4 RealGetWindowClassA
ADVAPI32.dll
0x45d000 BackupEventLogW
EAT(Export Address Table) is none