ScreenShot
| Created | 2021.08.11 19:06 | Machine | s1_win7_x6402 |
| Filename | racoon.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 24 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, confidence, 100%, Kryptik, Eldorado, CLASSIC, A + Troj, Krypt, VirRansom, Static AI, Malicious PE, Sabsik, score, TrojanPSW, Racealer, MachineLearning, Anomalous, susgen, ZexaF, Fq0@aWiuH9fi, QVM10) | ||
| md5 | 2919f1a121d1156f2a62696343002ba3 | ||
| sha256 | d3789743edb20cc0e93d5ce0d7a817fddbe306d3254fad90efde11b3140ef589 | ||
| ssdeep | 6144:N+P6MAXntzNx90bqtefHkKOAcOMxXxA480mUm7knGyHM:N+VKn0G4jOA9MBfcTI | ||
| imphash | 4b405a935ba1896da801696a6c1a4ade | ||
| impfuzzy | 24:j4F4VV4T6WiZgPkrkRUMbMddkCIvOcDS1DbD+v8bnuJjdRiYTt5OovEGAiQFQ8Rw:KDGZgwxMk11HQjiYTt8VGAk9j6cCF7dU | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 24 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x45e000 GetComputerNameA
0x45e004 lstrlenA
0x45e008 LocalCompact
0x45e00c MoveFileExW
0x45e010 InterlockedDecrement
0x45e014 WritePrivateProfileSectionA
0x45e018 ReadConsoleOutputAttribute
0x45e01c GetProfileStringW
0x45e020 GetUserDefaultLCID
0x45e024 SetEvent
0x45e028 IsBadReadPtr
0x45e02c GetConsoleAliasesLengthA
0x45e030 ReadConsoleOutputA
0x45e034 InitializeCriticalSection
0x45e038 GetVolumePathNameW
0x45e03c GetConsoleCP
0x45e040 GetSystemWindowsDirectoryA
0x45e044 InterlockedPopEntrySList
0x45e048 LeaveCriticalSection
0x45e04c lstrcpynW
0x45e050 GetConsoleAliasW
0x45e054 SetConsoleCursorPosition
0x45e058 GetFileAttributesW
0x45e05c WriteConsoleW
0x45e060 ReadFile
0x45e064 CreateFileW
0x45e068 CreateActCtxA
0x45e06c GetACP
0x45e070 VerifyVersionInfoW
0x45e074 GetLastError
0x45e078 GetProcAddress
0x45e07c PeekConsoleInputW
0x45e080 EnumDateFormatsExA
0x45e084 GetConsoleDisplayMode
0x45e088 GetProcessId
0x45e08c LocalAlloc
0x45e090 DeleteTimerQueue
0x45e094 DnsHostnameToComputerNameA
0x45e098 CreateTapePartition
0x45e09c GlobalGetAtomNameW
0x45e0a0 WaitForMultipleObjects
0x45e0a4 SetSystemTime
0x45e0a8 SetEnvironmentVariableA
0x45e0ac SetConsoleTitleW
0x45e0b0 GetModuleHandleA
0x45e0b4 lstrcatW
0x45e0b8 UpdateResourceW
0x45e0bc CancelTimerQueueTimer
0x45e0c0 GetConsoleTitleW
0x45e0c4 BuildCommDCBA
0x45e0c8 VirtualProtect
0x45e0cc SetCalendarInfoA
0x45e0d0 FindFirstVolumeA
0x45e0d4 EndUpdateResourceA
0x45e0d8 GetVersionExA
0x45e0dc AreFileApisANSI
0x45e0e0 UnhandledExceptionFilter
0x45e0e4 SetUnhandledExceptionFilter
0x45e0e8 GetCommandLineA
0x45e0ec GetStartupInfoA
0x45e0f0 RaiseException
0x45e0f4 RtlUnwind
0x45e0f8 GetModuleHandleW
0x45e0fc Sleep
0x45e100 ExitProcess
0x45e104 WriteFile
0x45e108 GetStdHandle
0x45e10c GetModuleFileNameA
0x45e110 TerminateProcess
0x45e114 GetCurrentProcess
0x45e118 IsDebuggerPresent
0x45e11c HeapAlloc
0x45e120 HeapFree
0x45e124 FreeEnvironmentStringsA
0x45e128 GetEnvironmentStrings
0x45e12c FreeEnvironmentStringsW
0x45e130 WideCharToMultiByte
0x45e134 GetEnvironmentStringsW
0x45e138 SetHandleCount
0x45e13c GetFileType
0x45e140 DeleteCriticalSection
0x45e144 TlsGetValue
0x45e148 TlsAlloc
0x45e14c TlsSetValue
0x45e150 TlsFree
0x45e154 InterlockedIncrement
0x45e158 SetLastError
0x45e15c GetCurrentThreadId
0x45e160 HeapCreate
0x45e164 VirtualFree
0x45e168 QueryPerformanceCounter
0x45e16c GetTickCount
0x45e170 GetCurrentProcessId
0x45e174 GetSystemTimeAsFileTime
0x45e178 EnterCriticalSection
0x45e17c LoadLibraryA
0x45e180 InitializeCriticalSectionAndSpinCount
0x45e184 VirtualAlloc
0x45e188 HeapReAlloc
0x45e18c HeapSize
0x45e190 GetCPInfo
0x45e194 GetOEMCP
0x45e198 IsValidCodePage
0x45e19c GetLocaleInfoA
0x45e1a0 LCMapStringA
0x45e1a4 MultiByteToWideChar
0x45e1a8 LCMapStringW
0x45e1ac GetStringTypeA
0x45e1b0 GetStringTypeW
USER32.dll
0x45e1b8 RealGetWindowClassA
EAT(Export Address Table) Library
0x401065 @GetOtherVice@12
KERNEL32.dll
0x45e000 GetComputerNameA
0x45e004 lstrlenA
0x45e008 LocalCompact
0x45e00c MoveFileExW
0x45e010 InterlockedDecrement
0x45e014 WritePrivateProfileSectionA
0x45e018 ReadConsoleOutputAttribute
0x45e01c GetProfileStringW
0x45e020 GetUserDefaultLCID
0x45e024 SetEvent
0x45e028 IsBadReadPtr
0x45e02c GetConsoleAliasesLengthA
0x45e030 ReadConsoleOutputA
0x45e034 InitializeCriticalSection
0x45e038 GetVolumePathNameW
0x45e03c GetConsoleCP
0x45e040 GetSystemWindowsDirectoryA
0x45e044 InterlockedPopEntrySList
0x45e048 LeaveCriticalSection
0x45e04c lstrcpynW
0x45e050 GetConsoleAliasW
0x45e054 SetConsoleCursorPosition
0x45e058 GetFileAttributesW
0x45e05c WriteConsoleW
0x45e060 ReadFile
0x45e064 CreateFileW
0x45e068 CreateActCtxA
0x45e06c GetACP
0x45e070 VerifyVersionInfoW
0x45e074 GetLastError
0x45e078 GetProcAddress
0x45e07c PeekConsoleInputW
0x45e080 EnumDateFormatsExA
0x45e084 GetConsoleDisplayMode
0x45e088 GetProcessId
0x45e08c LocalAlloc
0x45e090 DeleteTimerQueue
0x45e094 DnsHostnameToComputerNameA
0x45e098 CreateTapePartition
0x45e09c GlobalGetAtomNameW
0x45e0a0 WaitForMultipleObjects
0x45e0a4 SetSystemTime
0x45e0a8 SetEnvironmentVariableA
0x45e0ac SetConsoleTitleW
0x45e0b0 GetModuleHandleA
0x45e0b4 lstrcatW
0x45e0b8 UpdateResourceW
0x45e0bc CancelTimerQueueTimer
0x45e0c0 GetConsoleTitleW
0x45e0c4 BuildCommDCBA
0x45e0c8 VirtualProtect
0x45e0cc SetCalendarInfoA
0x45e0d0 FindFirstVolumeA
0x45e0d4 EndUpdateResourceA
0x45e0d8 GetVersionExA
0x45e0dc AreFileApisANSI
0x45e0e0 UnhandledExceptionFilter
0x45e0e4 SetUnhandledExceptionFilter
0x45e0e8 GetCommandLineA
0x45e0ec GetStartupInfoA
0x45e0f0 RaiseException
0x45e0f4 RtlUnwind
0x45e0f8 GetModuleHandleW
0x45e0fc Sleep
0x45e100 ExitProcess
0x45e104 WriteFile
0x45e108 GetStdHandle
0x45e10c GetModuleFileNameA
0x45e110 TerminateProcess
0x45e114 GetCurrentProcess
0x45e118 IsDebuggerPresent
0x45e11c HeapAlloc
0x45e120 HeapFree
0x45e124 FreeEnvironmentStringsA
0x45e128 GetEnvironmentStrings
0x45e12c FreeEnvironmentStringsW
0x45e130 WideCharToMultiByte
0x45e134 GetEnvironmentStringsW
0x45e138 SetHandleCount
0x45e13c GetFileType
0x45e140 DeleteCriticalSection
0x45e144 TlsGetValue
0x45e148 TlsAlloc
0x45e14c TlsSetValue
0x45e150 TlsFree
0x45e154 InterlockedIncrement
0x45e158 SetLastError
0x45e15c GetCurrentThreadId
0x45e160 HeapCreate
0x45e164 VirtualFree
0x45e168 QueryPerformanceCounter
0x45e16c GetTickCount
0x45e170 GetCurrentProcessId
0x45e174 GetSystemTimeAsFileTime
0x45e178 EnterCriticalSection
0x45e17c LoadLibraryA
0x45e180 InitializeCriticalSectionAndSpinCount
0x45e184 VirtualAlloc
0x45e188 HeapReAlloc
0x45e18c HeapSize
0x45e190 GetCPInfo
0x45e194 GetOEMCP
0x45e198 IsValidCodePage
0x45e19c GetLocaleInfoA
0x45e1a0 LCMapStringA
0x45e1a4 MultiByteToWideChar
0x45e1a8 LCMapStringW
0x45e1ac GetStringTypeA
0x45e1b0 GetStringTypeW
USER32.dll
0x45e1b8 RealGetWindowClassA
EAT(Export Address Table) Library
0x401065 @GetOtherVice@12