ScreenShot
| Created | 2021.08.11 18:58 | Machine | s1_win7_x6401 |
| Filename | dd.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 41 detected (malicious, high confidence, GenericKDZ, QVM10, Unsafe, Save, confidence, Kryptik, Eldorado, Attribute, HighConfidence, HMAM, Upatre, Zenpak, RansomX, HPGen, ai score=81, STOP, se45665, Azorult, score, SmokeLoader, R436340, Artemis, BScope, Androm, CLASSIC, Static AI, Malicious PE, ZexaF, nq0@aWbDIAs, Genetic, susgen) | ||
| md5 | 8c77f9c1103d020b097420791bfb00f3 | ||
| sha256 | 024b8be122d6b658363e0e132d52d469fb107cc5b16e9f78494c89a7756852c4 | ||
| ssdeep | 3072:PTA3s+t66NqQXkIGfCX50d7YWnrf5z3nCNeoBNTfC8IU:Pa06Nd96CW93CIwY8 | ||
| imphash | e4e1e1e6e225074b287b0f65b50fbc7e | ||
| impfuzzy | 48:XdZ8ZewxMtK1sGaYMrJt8VGAO9j6cCF7dMJ:XXceA+CdMrJtYGA8j6cCF7a | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 41 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x414008 lstrlenA
0x41400c WriteConsoleOutputCharacterA
0x414010 LocalCompact
0x414014 MoveFileExW
0x414018 InterlockedDecrement
0x41401c GetCurrentProcess
0x414020 GetSystemWindowsDirectoryW
0x414024 GetUserDefaultLCID
0x414028 WriteConsoleInputA
0x41402c SetEvent
0x414030 GetSystemDefaultLCID
0x414034 IsBadReadPtr
0x414038 GetConsoleAliasesLengthA
0x41403c ReadConsoleOutputA
0x414040 InitializeCriticalSection
0x414044 GetVolumePathNameW
0x414048 FindResourceExA
0x41404c GetConsoleCP
0x414050 GlobalAlloc
0x414054 InterlockedPopEntrySList
0x414058 LeaveCriticalSection
0x41405c DnsHostnameToComputerNameW
0x414060 lstrcpynW
0x414064 GetConsoleAliasW
0x414068 SetConsoleCursorPosition
0x41406c GetFileAttributesW
0x414070 VerifyVersionInfoA
0x414074 WriteConsoleW
0x414078 ReadFile
0x41407c GetComputerNameA
0x414080 GetACP
0x414084 VerifyVersionInfoW
0x414088 GetCPInfoExW
0x41408c GetLastError
0x414090 GetProcAddress
0x414094 PeekConsoleInputW
0x414098 EnumDateFormatsExA
0x41409c DeleteTimerQueue
0x4140a0 GlobalGetAtomNameW
0x4140a4 WaitForMultipleObjects
0x4140a8 SetSystemTime
0x4140ac SetEnvironmentVariableA
0x4140b0 SetConsoleTitleW
0x4140b4 GetModuleHandleA
0x4140b8 lstrcatW
0x4140bc UpdateResourceW
0x4140c0 EraseTape
0x4140c4 GetConsoleTitleW
0x4140c8 BuildCommDCBA
0x4140cc VirtualProtect
0x4140d0 SetCalendarInfoA
0x4140d4 FindFirstVolumeA
0x4140d8 EndUpdateResourceA
0x4140dc ReadConsoleInputW
0x4140e0 GetPrivateProfileSectionW
0x4140e4 AreFileApisANSI
0x4140e8 CreateActCtxA
0x4140ec GetSystemDefaultLangID
0x4140f0 UnhandledExceptionFilter
0x4140f4 SetUnhandledExceptionFilter
0x4140f8 GetCommandLineA
0x4140fc GetStartupInfoA
0x414100 RaiseException
0x414104 RtlUnwind
0x414108 GetModuleHandleW
0x41410c Sleep
0x414110 ExitProcess
0x414114 WriteFile
0x414118 GetStdHandle
0x41411c GetModuleFileNameA
0x414120 TerminateProcess
0x414124 IsDebuggerPresent
0x414128 HeapAlloc
0x41412c HeapFree
0x414130 FreeEnvironmentStringsA
0x414134 GetEnvironmentStrings
0x414138 FreeEnvironmentStringsW
0x41413c WideCharToMultiByte
0x414140 GetEnvironmentStringsW
0x414144 SetHandleCount
0x414148 GetFileType
0x41414c DeleteCriticalSection
0x414150 TlsGetValue
0x414154 TlsAlloc
0x414158 TlsSetValue
0x41415c TlsFree
0x414160 InterlockedIncrement
0x414164 SetLastError
0x414168 GetCurrentThreadId
0x41416c HeapCreate
0x414170 VirtualFree
0x414174 QueryPerformanceCounter
0x414178 GetTickCount
0x41417c GetCurrentProcessId
0x414180 GetSystemTimeAsFileTime
0x414184 EnterCriticalSection
0x414188 LoadLibraryA
0x41418c InitializeCriticalSectionAndSpinCount
0x414190 VirtualAlloc
0x414194 HeapReAlloc
0x414198 HeapSize
0x41419c GetCPInfo
0x4141a0 GetOEMCP
0x4141a4 IsValidCodePage
0x4141a8 GetLocaleInfoA
0x4141ac LCMapStringA
0x4141b0 MultiByteToWideChar
0x4141b4 LCMapStringW
0x4141b8 GetStringTypeA
0x4141bc GetStringTypeW
USER32.dll
0x4141c4 GetAltTabInfoW
0x4141c8 RealGetWindowClassA
ADVAPI32.dll
0x414000 BackupEventLogA
EAT(Export Address Table) Library
0x401065 @GetOtherVice@12
KERNEL32.dll
0x414008 lstrlenA
0x41400c WriteConsoleOutputCharacterA
0x414010 LocalCompact
0x414014 MoveFileExW
0x414018 InterlockedDecrement
0x41401c GetCurrentProcess
0x414020 GetSystemWindowsDirectoryW
0x414024 GetUserDefaultLCID
0x414028 WriteConsoleInputA
0x41402c SetEvent
0x414030 GetSystemDefaultLCID
0x414034 IsBadReadPtr
0x414038 GetConsoleAliasesLengthA
0x41403c ReadConsoleOutputA
0x414040 InitializeCriticalSection
0x414044 GetVolumePathNameW
0x414048 FindResourceExA
0x41404c GetConsoleCP
0x414050 GlobalAlloc
0x414054 InterlockedPopEntrySList
0x414058 LeaveCriticalSection
0x41405c DnsHostnameToComputerNameW
0x414060 lstrcpynW
0x414064 GetConsoleAliasW
0x414068 SetConsoleCursorPosition
0x41406c GetFileAttributesW
0x414070 VerifyVersionInfoA
0x414074 WriteConsoleW
0x414078 ReadFile
0x41407c GetComputerNameA
0x414080 GetACP
0x414084 VerifyVersionInfoW
0x414088 GetCPInfoExW
0x41408c GetLastError
0x414090 GetProcAddress
0x414094 PeekConsoleInputW
0x414098 EnumDateFormatsExA
0x41409c DeleteTimerQueue
0x4140a0 GlobalGetAtomNameW
0x4140a4 WaitForMultipleObjects
0x4140a8 SetSystemTime
0x4140ac SetEnvironmentVariableA
0x4140b0 SetConsoleTitleW
0x4140b4 GetModuleHandleA
0x4140b8 lstrcatW
0x4140bc UpdateResourceW
0x4140c0 EraseTape
0x4140c4 GetConsoleTitleW
0x4140c8 BuildCommDCBA
0x4140cc VirtualProtect
0x4140d0 SetCalendarInfoA
0x4140d4 FindFirstVolumeA
0x4140d8 EndUpdateResourceA
0x4140dc ReadConsoleInputW
0x4140e0 GetPrivateProfileSectionW
0x4140e4 AreFileApisANSI
0x4140e8 CreateActCtxA
0x4140ec GetSystemDefaultLangID
0x4140f0 UnhandledExceptionFilter
0x4140f4 SetUnhandledExceptionFilter
0x4140f8 GetCommandLineA
0x4140fc GetStartupInfoA
0x414100 RaiseException
0x414104 RtlUnwind
0x414108 GetModuleHandleW
0x41410c Sleep
0x414110 ExitProcess
0x414114 WriteFile
0x414118 GetStdHandle
0x41411c GetModuleFileNameA
0x414120 TerminateProcess
0x414124 IsDebuggerPresent
0x414128 HeapAlloc
0x41412c HeapFree
0x414130 FreeEnvironmentStringsA
0x414134 GetEnvironmentStrings
0x414138 FreeEnvironmentStringsW
0x41413c WideCharToMultiByte
0x414140 GetEnvironmentStringsW
0x414144 SetHandleCount
0x414148 GetFileType
0x41414c DeleteCriticalSection
0x414150 TlsGetValue
0x414154 TlsAlloc
0x414158 TlsSetValue
0x41415c TlsFree
0x414160 InterlockedIncrement
0x414164 SetLastError
0x414168 GetCurrentThreadId
0x41416c HeapCreate
0x414170 VirtualFree
0x414174 QueryPerformanceCounter
0x414178 GetTickCount
0x41417c GetCurrentProcessId
0x414180 GetSystemTimeAsFileTime
0x414184 EnterCriticalSection
0x414188 LoadLibraryA
0x41418c InitializeCriticalSectionAndSpinCount
0x414190 VirtualAlloc
0x414194 HeapReAlloc
0x414198 HeapSize
0x41419c GetCPInfo
0x4141a0 GetOEMCP
0x4141a4 IsValidCodePage
0x4141a8 GetLocaleInfoA
0x4141ac LCMapStringA
0x4141b0 MultiByteToWideChar
0x4141b4 LCMapStringW
0x4141b8 GetStringTypeA
0x4141bc GetStringTypeW
USER32.dll
0x4141c4 GetAltTabInfoW
0x4141c8 RealGetWindowClassA
ADVAPI32.dll
0x414000 BackupEventLogA
EAT(Export Address Table) Library
0x401065 @GetOtherVice@12