ScreenShot
| Created | 2021.08.12 09:16 | Machine | s1_win7_x6402 |
| Filename | ner.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 30 detected (Malicious, high confidence, Unsafe, Save, ZexaF, vq0@aaQCbFbi, Kryptik, Eldorado, GenKryptik, FIVG, Zenpak, FileRepMalware, HPGen, Emotet, Sabsik, score, BScope, Mixer, CLASSIC, Static AI, Malicious PE, susgen, confidence, 100%, QVM10) | ||
| md5 | ce977f0eaaaba80afc05abb7e1832269 | ||
| sha256 | c98cb5ef26c659b30d3fc26fa45b27595337d83c32405d9298d799a975b736fb | ||
| ssdeep | 6144:dl1Mg/IZB2z4/3bvdLgrVejXPNIUi9rm7knGyHM:dbMg/Iy4/3zNFIUOmI | ||
| imphash | aa13d15d6dd2e094d4aa7be42a7367ea | ||
| impfuzzy | 24:XckrkRqWiZaj3+fUdNrKbCzdxkXV4BsJcDS1DXTDZvMKuJjdRGt5OovolXFQ8Ryl:XzTZX6NrKS817TZMxGt8Dc9TIcEGHwdC | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x438000 lstrlenA
0x438004 GetConsoleAliasesLengthW
0x438008 MoveFileExA
0x43800c InterlockedDecrement
0x438010 ReadConsoleOutputAttribute
0x438014 GetProfileStringW
0x438018 GetUserDefaultLCID
0x43801c WaitForSingleObject
0x438020 SetConsoleScreenBufferSize
0x438024 GetComputerNameW
0x438028 SetEvent
0x43802c IsBadReadPtr
0x438030 ReadConsoleOutputA
0x438034 GetUserDefaultLangID
0x438038 GetVolumePathNameW
0x43803c GetConsoleCP
0x438040 LocalShrink
0x438044 GetSystemWindowsDirectoryA
0x438048 InterlockedPopEntrySList
0x43804c LeaveCriticalSection
0x438050 GetFileAttributesA
0x438054 lstrcpynW
0x438058 GetConsoleAliasW
0x43805c VerifyVersionInfoA
0x438060 WriteConsoleW
0x438064 WritePrivateProfileSectionW
0x438068 ReadFile
0x43806c CreateFileW
0x438070 CreateActCtxA
0x438074 GetACP
0x438078 VerifyVersionInfoW
0x43807c SetLastError
0x438080 GetProcAddress
0x438084 PeekConsoleInputW
0x438088 EnumDateFormatsExA
0x43808c GetConsoleDisplayMode
0x438090 EnterCriticalSection
0x438094 GetProcessId
0x438098 LocalAlloc
0x43809c DeleteTimerQueue
0x4380a0 SetCalendarInfoW
0x4380a4 DnsHostnameToComputerNameA
0x4380a8 CreateTapePartition
0x4380ac SetFileApisToANSI
0x4380b0 GlobalGetAtomNameW
0x4380b4 SetSystemTime
0x4380b8 SetEnvironmentVariableA
0x4380bc SetConsoleTitleW
0x4380c0 GetModuleHandleA
0x4380c4 lstrcatW
0x4380c8 UpdateResourceW
0x4380cc CancelTimerQueueTimer
0x4380d0 GetConsoleTitleW
0x4380d4 BuildCommDCBA
0x4380d8 VirtualProtect
0x4380dc EndUpdateResourceA
0x4380e0 GetVersionExA
0x4380e4 FindFirstVolumeW
0x4380e8 UnhandledExceptionFilter
0x4380ec SetUnhandledExceptionFilter
0x4380f0 GetCommandLineA
0x4380f4 GetStartupInfoA
0x4380f8 GetModuleHandleW
0x4380fc Sleep
0x438100 ExitProcess
0x438104 GetLastError
0x438108 WriteFile
0x43810c GetStdHandle
0x438110 GetModuleFileNameA
0x438114 HeapAlloc
0x438118 FreeEnvironmentStringsA
0x43811c GetEnvironmentStrings
0x438120 FreeEnvironmentStringsW
0x438124 WideCharToMultiByte
0x438128 GetEnvironmentStringsW
0x43812c SetHandleCount
0x438130 GetFileType
0x438134 DeleteCriticalSection
0x438138 TlsGetValue
0x43813c TlsAlloc
0x438140 TlsSetValue
0x438144 TlsFree
0x438148 InterlockedIncrement
0x43814c GetCurrentThreadId
0x438150 HeapCreate
0x438154 VirtualFree
0x438158 HeapFree
0x43815c QueryPerformanceCounter
0x438160 GetTickCount
0x438164 GetCurrentProcessId
0x438168 GetSystemTimeAsFileTime
0x43816c TerminateProcess
0x438170 GetCurrentProcess
0x438174 IsDebuggerPresent
0x438178 LoadLibraryA
0x43817c InitializeCriticalSectionAndSpinCount
0x438180 RaiseException
0x438184 VirtualAlloc
0x438188 HeapReAlloc
0x43818c GetCPInfo
0x438190 GetOEMCP
0x438194 IsValidCodePage
0x438198 RtlUnwind
0x43819c HeapSize
0x4381a0 GetLocaleInfoA
0x4381a4 LCMapStringA
0x4381a8 MultiByteToWideChar
0x4381ac LCMapStringW
0x4381b0 GetStringTypeA
0x4381b4 GetStringTypeW
USER32.dll
0x4381bc RealGetWindowClassW
EAT(Export Address Table) Library
0x401000 @GetOtherVice@16
KERNEL32.dll
0x438000 lstrlenA
0x438004 GetConsoleAliasesLengthW
0x438008 MoveFileExA
0x43800c InterlockedDecrement
0x438010 ReadConsoleOutputAttribute
0x438014 GetProfileStringW
0x438018 GetUserDefaultLCID
0x43801c WaitForSingleObject
0x438020 SetConsoleScreenBufferSize
0x438024 GetComputerNameW
0x438028 SetEvent
0x43802c IsBadReadPtr
0x438030 ReadConsoleOutputA
0x438034 GetUserDefaultLangID
0x438038 GetVolumePathNameW
0x43803c GetConsoleCP
0x438040 LocalShrink
0x438044 GetSystemWindowsDirectoryA
0x438048 InterlockedPopEntrySList
0x43804c LeaveCriticalSection
0x438050 GetFileAttributesA
0x438054 lstrcpynW
0x438058 GetConsoleAliasW
0x43805c VerifyVersionInfoA
0x438060 WriteConsoleW
0x438064 WritePrivateProfileSectionW
0x438068 ReadFile
0x43806c CreateFileW
0x438070 CreateActCtxA
0x438074 GetACP
0x438078 VerifyVersionInfoW
0x43807c SetLastError
0x438080 GetProcAddress
0x438084 PeekConsoleInputW
0x438088 EnumDateFormatsExA
0x43808c GetConsoleDisplayMode
0x438090 EnterCriticalSection
0x438094 GetProcessId
0x438098 LocalAlloc
0x43809c DeleteTimerQueue
0x4380a0 SetCalendarInfoW
0x4380a4 DnsHostnameToComputerNameA
0x4380a8 CreateTapePartition
0x4380ac SetFileApisToANSI
0x4380b0 GlobalGetAtomNameW
0x4380b4 SetSystemTime
0x4380b8 SetEnvironmentVariableA
0x4380bc SetConsoleTitleW
0x4380c0 GetModuleHandleA
0x4380c4 lstrcatW
0x4380c8 UpdateResourceW
0x4380cc CancelTimerQueueTimer
0x4380d0 GetConsoleTitleW
0x4380d4 BuildCommDCBA
0x4380d8 VirtualProtect
0x4380dc EndUpdateResourceA
0x4380e0 GetVersionExA
0x4380e4 FindFirstVolumeW
0x4380e8 UnhandledExceptionFilter
0x4380ec SetUnhandledExceptionFilter
0x4380f0 GetCommandLineA
0x4380f4 GetStartupInfoA
0x4380f8 GetModuleHandleW
0x4380fc Sleep
0x438100 ExitProcess
0x438104 GetLastError
0x438108 WriteFile
0x43810c GetStdHandle
0x438110 GetModuleFileNameA
0x438114 HeapAlloc
0x438118 FreeEnvironmentStringsA
0x43811c GetEnvironmentStrings
0x438120 FreeEnvironmentStringsW
0x438124 WideCharToMultiByte
0x438128 GetEnvironmentStringsW
0x43812c SetHandleCount
0x438130 GetFileType
0x438134 DeleteCriticalSection
0x438138 TlsGetValue
0x43813c TlsAlloc
0x438140 TlsSetValue
0x438144 TlsFree
0x438148 InterlockedIncrement
0x43814c GetCurrentThreadId
0x438150 HeapCreate
0x438154 VirtualFree
0x438158 HeapFree
0x43815c QueryPerformanceCounter
0x438160 GetTickCount
0x438164 GetCurrentProcessId
0x438168 GetSystemTimeAsFileTime
0x43816c TerminateProcess
0x438170 GetCurrentProcess
0x438174 IsDebuggerPresent
0x438178 LoadLibraryA
0x43817c InitializeCriticalSectionAndSpinCount
0x438180 RaiseException
0x438184 VirtualAlloc
0x438188 HeapReAlloc
0x43818c GetCPInfo
0x438190 GetOEMCP
0x438194 IsValidCodePage
0x438198 RtlUnwind
0x43819c HeapSize
0x4381a0 GetLocaleInfoA
0x4381a4 LCMapStringA
0x4381a8 MultiByteToWideChar
0x4381ac LCMapStringW
0x4381b0 GetStringTypeA
0x4381b4 GetStringTypeW
USER32.dll
0x4381bc RealGetWindowClassW
EAT(Export Address Table) Library
0x401000 @GetOtherVice@16