ScreenShot
| Created | 2021.08.11 18:57 | Machine | s1_win7_x6402 |
| Filename | racoon.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 53 detected (AIDetect, malware1, malicious, high confidence, GenericKDZ, HwoCueAA, Unsafe, Save, Kryptik, Eldorado, HLZR, Raccoon, Zenpak, MalwareX, Malware@#1yc52m71ajueh, ekluc, DownLoader41, HPGen, Emotet, Glupteba, kcloud, StopCrypt, FC0O54, score, R436162, ai score=88, CLASSIC, CS8UKE284FA, Static AI, Malicious PE, HLZT, ZexaF, zq0@aGC@uqpG, GdSda, confidence, susgen) | ||
| md5 | 54f514d1a984a45bfa635e33b6e097a1 | ||
| sha256 | 5bdacdc106dccb1068826353c41ec72f533718cf09a398a0b5966f40d9863165 | ||
| ssdeep | 12288:q5VcdY1POjU8cB06VtORB1tDT8Qk7MQnELO:RAPBBFVtqtDTDk7XE | ||
| imphash | 00a47d6be4445a02dce374ef34dd9b76 | ||
| impfuzzy | 48:nzR+ZqFZm/MF/doUwtdTY+t7B81uyMWChyqf:n1mwQ4oUwb8+t7B8zMWChL | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x45b000 SetProcessAffinityMask
0x45b004 WriteConsoleInputW
0x45b008 lstrlenA
0x45b00c GetConsoleAliasesLengthW
0x45b010 EnumDateFormatsExW
0x45b014 FindResourceExW
0x45b018 WriteConsoleOutputCharacterA
0x45b01c EndUpdateResourceW
0x45b020 GetUserDefaultLCID
0x45b024 SetConsoleScreenBufferSize
0x45b028 GetComputerNameW
0x45b02c SetEvent
0x45b030 GetSystemDefaultLCID
0x45b034 GetProcessHeap
0x45b038 ReadConsoleW
0x45b03c SetFileTime
0x45b040 WriteFile
0x45b044 CreateActCtxW
0x45b048 InitializeCriticalSection
0x45b04c GetVolumePathNameW
0x45b050 ActivateActCtx
0x45b054 GetConsoleCP
0x45b058 GlobalFindAtomA
0x45b05c TerminateThread
0x45b060 ReadConsoleInputA
0x45b064 GetSystemWindowsDirectoryA
0x45b068 ReadConsoleOutputW
0x45b06c GetVersionExW
0x45b070 SetConsoleCP
0x45b074 InterlockedPopEntrySList
0x45b078 DnsHostnameToComputerNameW
0x45b07c GetConsoleAliasW
0x45b080 VerifyVersionInfoA
0x45b084 GetMailslotInfo
0x45b088 GetTimeZoneInformation
0x45b08c CreateActCtxA
0x45b090 SetConsoleTitleA
0x45b094 GetConsoleOutputCP
0x45b098 InterlockedExchange
0x45b09c GetLastError
0x45b0a0 GetLongPathNameW
0x45b0a4 SetLastError
0x45b0a8 GetProcAddress
0x45b0ac GetConsoleDisplayMode
0x45b0b0 EnterCriticalSection
0x45b0b4 LoadLibraryA
0x45b0b8 WriteConsoleA
0x45b0bc CreateTapePartition
0x45b0c0 GetProfileStringA
0x45b0c4 WaitForMultipleObjects
0x45b0c8 SetEnvironmentVariableA
0x45b0cc GetModuleHandleA
0x45b0d0 UpdateResourceW
0x45b0d4 CancelTimerQueueTimer
0x45b0d8 BuildCommDCBA
0x45b0dc VirtualProtect
0x45b0e0 GetFileAttributesExW
0x45b0e4 GetCPInfoExA
0x45b0e8 SetCalendarInfoA
0x45b0ec FindFirstVolumeW
0x45b0f0 GetCurrentProcessId
0x45b0f4 GetPrivateProfileSectionW
0x45b0f8 GlobalReAlloc
0x45b0fc GetSystemTime
0x45b100 AreFileApisANSI
0x45b104 CreateThread
0x45b108 CreateFileA
0x45b10c UnhandledExceptionFilter
0x45b110 SetUnhandledExceptionFilter
0x45b114 HeapReAlloc
0x45b118 HeapAlloc
0x45b11c GetStartupInfoW
0x45b120 GetModuleHandleW
0x45b124 Sleep
0x45b128 ExitProcess
0x45b12c GetStdHandle
0x45b130 GetModuleFileNameA
0x45b134 LeaveCriticalSection
0x45b138 TerminateProcess
0x45b13c GetCurrentProcess
0x45b140 IsDebuggerPresent
0x45b144 DeleteCriticalSection
0x45b148 HeapCreate
0x45b14c VirtualFree
0x45b150 HeapFree
0x45b154 VirtualAlloc
0x45b158 GetModuleFileNameW
0x45b15c FreeEnvironmentStringsW
0x45b160 GetEnvironmentStringsW
0x45b164 GetCommandLineW
0x45b168 SetHandleCount
0x45b16c GetFileType
0x45b170 GetStartupInfoA
0x45b174 TlsGetValue
0x45b178 TlsAlloc
0x45b17c TlsSetValue
0x45b180 TlsFree
0x45b184 InterlockedIncrement
0x45b188 GetCurrentThreadId
0x45b18c InterlockedDecrement
0x45b190 QueryPerformanceCounter
0x45b194 GetTickCount
0x45b198 GetSystemTimeAsFileTime
0x45b19c InitializeCriticalSectionAndSpinCount
0x45b1a0 GetCPInfo
0x45b1a4 GetACP
0x45b1a8 GetOEMCP
0x45b1ac IsValidCodePage
0x45b1b0 WideCharToMultiByte
0x45b1b4 RtlUnwind
0x45b1b8 HeapSize
0x45b1bc GetLocaleInfoA
0x45b1c0 GetConsoleMode
0x45b1c4 FlushFileBuffers
0x45b1c8 LCMapStringA
0x45b1cc MultiByteToWideChar
0x45b1d0 LCMapStringW
0x45b1d4 GetStringTypeA
0x45b1d8 GetStringTypeW
0x45b1dc SetFilePointer
0x45b1e0 CloseHandle
0x45b1e4 WriteConsoleW
0x45b1e8 SetStdHandle
USER32.dll
0x45b1f0 GetAltTabInfoA
0x45b1f4 RealChildWindowFromPoint
EAT(Export Address Table) is none
KERNEL32.dll
0x45b000 SetProcessAffinityMask
0x45b004 WriteConsoleInputW
0x45b008 lstrlenA
0x45b00c GetConsoleAliasesLengthW
0x45b010 EnumDateFormatsExW
0x45b014 FindResourceExW
0x45b018 WriteConsoleOutputCharacterA
0x45b01c EndUpdateResourceW
0x45b020 GetUserDefaultLCID
0x45b024 SetConsoleScreenBufferSize
0x45b028 GetComputerNameW
0x45b02c SetEvent
0x45b030 GetSystemDefaultLCID
0x45b034 GetProcessHeap
0x45b038 ReadConsoleW
0x45b03c SetFileTime
0x45b040 WriteFile
0x45b044 CreateActCtxW
0x45b048 InitializeCriticalSection
0x45b04c GetVolumePathNameW
0x45b050 ActivateActCtx
0x45b054 GetConsoleCP
0x45b058 GlobalFindAtomA
0x45b05c TerminateThread
0x45b060 ReadConsoleInputA
0x45b064 GetSystemWindowsDirectoryA
0x45b068 ReadConsoleOutputW
0x45b06c GetVersionExW
0x45b070 SetConsoleCP
0x45b074 InterlockedPopEntrySList
0x45b078 DnsHostnameToComputerNameW
0x45b07c GetConsoleAliasW
0x45b080 VerifyVersionInfoA
0x45b084 GetMailslotInfo
0x45b088 GetTimeZoneInformation
0x45b08c CreateActCtxA
0x45b090 SetConsoleTitleA
0x45b094 GetConsoleOutputCP
0x45b098 InterlockedExchange
0x45b09c GetLastError
0x45b0a0 GetLongPathNameW
0x45b0a4 SetLastError
0x45b0a8 GetProcAddress
0x45b0ac GetConsoleDisplayMode
0x45b0b0 EnterCriticalSection
0x45b0b4 LoadLibraryA
0x45b0b8 WriteConsoleA
0x45b0bc CreateTapePartition
0x45b0c0 GetProfileStringA
0x45b0c4 WaitForMultipleObjects
0x45b0c8 SetEnvironmentVariableA
0x45b0cc GetModuleHandleA
0x45b0d0 UpdateResourceW
0x45b0d4 CancelTimerQueueTimer
0x45b0d8 BuildCommDCBA
0x45b0dc VirtualProtect
0x45b0e0 GetFileAttributesExW
0x45b0e4 GetCPInfoExA
0x45b0e8 SetCalendarInfoA
0x45b0ec FindFirstVolumeW
0x45b0f0 GetCurrentProcessId
0x45b0f4 GetPrivateProfileSectionW
0x45b0f8 GlobalReAlloc
0x45b0fc GetSystemTime
0x45b100 AreFileApisANSI
0x45b104 CreateThread
0x45b108 CreateFileA
0x45b10c UnhandledExceptionFilter
0x45b110 SetUnhandledExceptionFilter
0x45b114 HeapReAlloc
0x45b118 HeapAlloc
0x45b11c GetStartupInfoW
0x45b120 GetModuleHandleW
0x45b124 Sleep
0x45b128 ExitProcess
0x45b12c GetStdHandle
0x45b130 GetModuleFileNameA
0x45b134 LeaveCriticalSection
0x45b138 TerminateProcess
0x45b13c GetCurrentProcess
0x45b140 IsDebuggerPresent
0x45b144 DeleteCriticalSection
0x45b148 HeapCreate
0x45b14c VirtualFree
0x45b150 HeapFree
0x45b154 VirtualAlloc
0x45b158 GetModuleFileNameW
0x45b15c FreeEnvironmentStringsW
0x45b160 GetEnvironmentStringsW
0x45b164 GetCommandLineW
0x45b168 SetHandleCount
0x45b16c GetFileType
0x45b170 GetStartupInfoA
0x45b174 TlsGetValue
0x45b178 TlsAlloc
0x45b17c TlsSetValue
0x45b180 TlsFree
0x45b184 InterlockedIncrement
0x45b188 GetCurrentThreadId
0x45b18c InterlockedDecrement
0x45b190 QueryPerformanceCounter
0x45b194 GetTickCount
0x45b198 GetSystemTimeAsFileTime
0x45b19c InitializeCriticalSectionAndSpinCount
0x45b1a0 GetCPInfo
0x45b1a4 GetACP
0x45b1a8 GetOEMCP
0x45b1ac IsValidCodePage
0x45b1b0 WideCharToMultiByte
0x45b1b4 RtlUnwind
0x45b1b8 HeapSize
0x45b1bc GetLocaleInfoA
0x45b1c0 GetConsoleMode
0x45b1c4 FlushFileBuffers
0x45b1c8 LCMapStringA
0x45b1cc MultiByteToWideChar
0x45b1d0 LCMapStringW
0x45b1d4 GetStringTypeA
0x45b1d8 GetStringTypeW
0x45b1dc SetFilePointer
0x45b1e0 CloseHandle
0x45b1e4 WriteConsoleW
0x45b1e8 SetStdHandle
USER32.dll
0x45b1f0 GetAltTabInfoA
0x45b1f4 RealChildWindowFromPoint
EAT(Export Address Table) is none