ScreenShot
| Created | 2021.08.11 19:08 | Machine | s1_win7_x6402 |
| Filename | GetFile3 | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 28 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, Kryptik, Eldorado, CLASSIC, HPGen, Emotet, A + Troj, Krypt, Static AI, Malicious PE, Wacatac, score, Artemis, MachineLearning, Anomalous, ZexaF, tq0@aeCFEoni, QVM10, confidence, 100%, susgen) | ||
| md5 | 60df31268d2ac9f2c363a9c6d025e3ce | ||
| sha256 | 4f10b46ea98d38b8e2ed7cec9d9f4376a63af2e0eff5484f440882efd95dc64b | ||
| ssdeep | 3072:IPwOp7bxCLC//ORwXKd3cXqcdw+kfv4nAsJWVLBtvIq5nuQ1ScsYh6gSVywo3c+:6oLC//Sw6d3f+k4nAJji7knGyHM | ||
| imphash | 4b405a935ba1896da801696a6c1a4ade | ||
| impfuzzy | 24:j4F4VV4T6WiZgPkrkRUMbMddkCIvOcDS1DbD+v8bnuJjdRiYTt5OovEGAiQFQ8Rw:KDGZgwxMk11HQjiYTt8VGAk9j6cCF7dU | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x430000 GetComputerNameA
0x430004 lstrlenA
0x430008 LocalCompact
0x43000c MoveFileExW
0x430010 InterlockedDecrement
0x430014 WritePrivateProfileSectionA
0x430018 ReadConsoleOutputAttribute
0x43001c GetProfileStringW
0x430020 GetUserDefaultLCID
0x430024 SetEvent
0x430028 IsBadReadPtr
0x43002c GetConsoleAliasesLengthA
0x430030 ReadConsoleOutputA
0x430034 InitializeCriticalSection
0x430038 GetVolumePathNameW
0x43003c GetConsoleCP
0x430040 GetSystemWindowsDirectoryA
0x430044 InterlockedPopEntrySList
0x430048 LeaveCriticalSection
0x43004c lstrcpynW
0x430050 GetConsoleAliasW
0x430054 SetConsoleCursorPosition
0x430058 GetFileAttributesW
0x43005c WriteConsoleW
0x430060 ReadFile
0x430064 CreateFileW
0x430068 CreateActCtxA
0x43006c GetACP
0x430070 VerifyVersionInfoW
0x430074 GetLastError
0x430078 GetProcAddress
0x43007c PeekConsoleInputW
0x430080 EnumDateFormatsExA
0x430084 GetConsoleDisplayMode
0x430088 GetProcessId
0x43008c LocalAlloc
0x430090 DeleteTimerQueue
0x430094 DnsHostnameToComputerNameA
0x430098 CreateTapePartition
0x43009c GlobalGetAtomNameW
0x4300a0 WaitForMultipleObjects
0x4300a4 SetSystemTime
0x4300a8 SetEnvironmentVariableA
0x4300ac SetConsoleTitleW
0x4300b0 GetModuleHandleA
0x4300b4 lstrcatW
0x4300b8 UpdateResourceW
0x4300bc CancelTimerQueueTimer
0x4300c0 GetConsoleTitleW
0x4300c4 BuildCommDCBA
0x4300c8 VirtualProtect
0x4300cc SetCalendarInfoA
0x4300d0 FindFirstVolumeA
0x4300d4 EndUpdateResourceA
0x4300d8 GetVersionExA
0x4300dc AreFileApisANSI
0x4300e0 UnhandledExceptionFilter
0x4300e4 SetUnhandledExceptionFilter
0x4300e8 GetCommandLineA
0x4300ec GetStartupInfoA
0x4300f0 RaiseException
0x4300f4 RtlUnwind
0x4300f8 GetModuleHandleW
0x4300fc Sleep
0x430100 ExitProcess
0x430104 WriteFile
0x430108 GetStdHandle
0x43010c GetModuleFileNameA
0x430110 TerminateProcess
0x430114 GetCurrentProcess
0x430118 IsDebuggerPresent
0x43011c HeapAlloc
0x430120 HeapFree
0x430124 FreeEnvironmentStringsA
0x430128 GetEnvironmentStrings
0x43012c FreeEnvironmentStringsW
0x430130 WideCharToMultiByte
0x430134 GetEnvironmentStringsW
0x430138 SetHandleCount
0x43013c GetFileType
0x430140 DeleteCriticalSection
0x430144 TlsGetValue
0x430148 TlsAlloc
0x43014c TlsSetValue
0x430150 TlsFree
0x430154 InterlockedIncrement
0x430158 SetLastError
0x43015c GetCurrentThreadId
0x430160 HeapCreate
0x430164 VirtualFree
0x430168 QueryPerformanceCounter
0x43016c GetTickCount
0x430170 GetCurrentProcessId
0x430174 GetSystemTimeAsFileTime
0x430178 EnterCriticalSection
0x43017c LoadLibraryA
0x430180 InitializeCriticalSectionAndSpinCount
0x430184 VirtualAlloc
0x430188 HeapReAlloc
0x43018c HeapSize
0x430190 GetCPInfo
0x430194 GetOEMCP
0x430198 IsValidCodePage
0x43019c GetLocaleInfoA
0x4301a0 LCMapStringA
0x4301a4 MultiByteToWideChar
0x4301a8 LCMapStringW
0x4301ac GetStringTypeA
0x4301b0 GetStringTypeW
USER32.dll
0x4301b8 RealGetWindowClassA
EAT(Export Address Table) Library
0x401065 @GetOtherVice@12
KERNEL32.dll
0x430000 GetComputerNameA
0x430004 lstrlenA
0x430008 LocalCompact
0x43000c MoveFileExW
0x430010 InterlockedDecrement
0x430014 WritePrivateProfileSectionA
0x430018 ReadConsoleOutputAttribute
0x43001c GetProfileStringW
0x430020 GetUserDefaultLCID
0x430024 SetEvent
0x430028 IsBadReadPtr
0x43002c GetConsoleAliasesLengthA
0x430030 ReadConsoleOutputA
0x430034 InitializeCriticalSection
0x430038 GetVolumePathNameW
0x43003c GetConsoleCP
0x430040 GetSystemWindowsDirectoryA
0x430044 InterlockedPopEntrySList
0x430048 LeaveCriticalSection
0x43004c lstrcpynW
0x430050 GetConsoleAliasW
0x430054 SetConsoleCursorPosition
0x430058 GetFileAttributesW
0x43005c WriteConsoleW
0x430060 ReadFile
0x430064 CreateFileW
0x430068 CreateActCtxA
0x43006c GetACP
0x430070 VerifyVersionInfoW
0x430074 GetLastError
0x430078 GetProcAddress
0x43007c PeekConsoleInputW
0x430080 EnumDateFormatsExA
0x430084 GetConsoleDisplayMode
0x430088 GetProcessId
0x43008c LocalAlloc
0x430090 DeleteTimerQueue
0x430094 DnsHostnameToComputerNameA
0x430098 CreateTapePartition
0x43009c GlobalGetAtomNameW
0x4300a0 WaitForMultipleObjects
0x4300a4 SetSystemTime
0x4300a8 SetEnvironmentVariableA
0x4300ac SetConsoleTitleW
0x4300b0 GetModuleHandleA
0x4300b4 lstrcatW
0x4300b8 UpdateResourceW
0x4300bc CancelTimerQueueTimer
0x4300c0 GetConsoleTitleW
0x4300c4 BuildCommDCBA
0x4300c8 VirtualProtect
0x4300cc SetCalendarInfoA
0x4300d0 FindFirstVolumeA
0x4300d4 EndUpdateResourceA
0x4300d8 GetVersionExA
0x4300dc AreFileApisANSI
0x4300e0 UnhandledExceptionFilter
0x4300e4 SetUnhandledExceptionFilter
0x4300e8 GetCommandLineA
0x4300ec GetStartupInfoA
0x4300f0 RaiseException
0x4300f4 RtlUnwind
0x4300f8 GetModuleHandleW
0x4300fc Sleep
0x430100 ExitProcess
0x430104 WriteFile
0x430108 GetStdHandle
0x43010c GetModuleFileNameA
0x430110 TerminateProcess
0x430114 GetCurrentProcess
0x430118 IsDebuggerPresent
0x43011c HeapAlloc
0x430120 HeapFree
0x430124 FreeEnvironmentStringsA
0x430128 GetEnvironmentStrings
0x43012c FreeEnvironmentStringsW
0x430130 WideCharToMultiByte
0x430134 GetEnvironmentStringsW
0x430138 SetHandleCount
0x43013c GetFileType
0x430140 DeleteCriticalSection
0x430144 TlsGetValue
0x430148 TlsAlloc
0x43014c TlsSetValue
0x430150 TlsFree
0x430154 InterlockedIncrement
0x430158 SetLastError
0x43015c GetCurrentThreadId
0x430160 HeapCreate
0x430164 VirtualFree
0x430168 QueryPerformanceCounter
0x43016c GetTickCount
0x430170 GetCurrentProcessId
0x430174 GetSystemTimeAsFileTime
0x430178 EnterCriticalSection
0x43017c LoadLibraryA
0x430180 InitializeCriticalSectionAndSpinCount
0x430184 VirtualAlloc
0x430188 HeapReAlloc
0x43018c HeapSize
0x430190 GetCPInfo
0x430194 GetOEMCP
0x430198 IsValidCodePage
0x43019c GetLocaleInfoA
0x4301a0 LCMapStringA
0x4301a4 MultiByteToWideChar
0x4301a8 LCMapStringW
0x4301ac GetStringTypeA
0x4301b0 GetStringTypeW
USER32.dll
0x4301b8 RealGetWindowClassA
EAT(Export Address Table) Library
0x401065 @GetOtherVice@12