ScreenShot
Created | 2021.08.12 09:27 | Machine | s1_win7_x6402 |
Filename | sufile.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | 23 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, Attribute, HighConfidence, Sabsik, score, Artemis, Kryptik, CLASSIC, Static AI, Suspicious PE, ZexaF, EuW@aSkYwDgH, QVM10, confidence, 100%, susgen) | ||
md5 | 5cde664f12547b26f2f59237c49b9acf | ||
sha256 | 9f3805a821c12122b67395c50e390d35c70e83d5b82a6e5741e56c0087960a60 | ||
ssdeep | 12288:zSttX3l7WdYcDh2ZSvE3By5IciAiENqeKmukJnym:Gbnl7WdvTi1iAmRy | ||
imphash | 346d1123531c92f702a30851f3faa86c | ||
impfuzzy | 48:nu1FJGFTYcwQMhExsaEBcftqP229JSZ9Xz:kZBhEx1EBcftqP2UJSZ9Xz |
Network IP location
Signature (5cnts)
Level | Description |
---|---|
warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | Foreign language identified in PE resource |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
info | This executable has a PDB path |
Rules (5cnts)
Level | Name | Description | Collection |
---|---|---|---|
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x429000 FileTimeToDosDateTime
0x429004 EnumResourceNamesW
0x429008 SetPriorityClass
0x42900c WriteConsoleInputW
0x429010 SetFilePointer
0x429014 GetConsoleAliasesLengthW
0x429018 CopyFileExW
0x42901c InterlockedIncrement
0x429020 InterlockedDecrement
0x429024 WaitNamedPipeA
0x429028 CreateDirectoryW
0x42902c GlobalLock
0x429030 SetComputerNameW
0x429034 GetComputerNameW
0x429038 SetEvent
0x42903c FreeEnvironmentStringsA
0x429040 GetTickCount
0x429044 VirtualFree
0x429048 GetCommandLineA
0x42904c GetVolumeInformationA
0x429050 LoadLibraryW
0x429054 GetSystemWow64DirectoryW
0x429058 InitAtomTable
0x42905c GetFileAttributesA
0x429060 IsProcessorFeaturePresent
0x429064 CreateSemaphoreA
0x429068 SetConsoleCursorPosition
0x42906c GetSystemDirectoryA
0x429070 CompareStringW
0x429074 lstrlenW
0x429078 ReleaseActCtx
0x42907c GetFileSizeEx
0x429080 GetStartupInfoA
0x429084 GetCPInfoExW
0x429088 OpenMutexW
0x42908c GetHandleInformation
0x429090 GetLastError
0x429094 GetProcAddress
0x429098 GetProcessHeaps
0x42909c CreateNamedPipeA
0x4290a0 WriteProfileSectionA
0x4290a4 ReadFileEx
0x4290a8 CopyFileA
0x4290ac GetPrivateProfileStringA
0x4290b0 LoadLibraryA
0x4290b4 OpenMutexA
0x4290b8 GetConsoleScreenBufferInfo
0x4290bc LocalAlloc
0x4290c0 GetExitCodeThread
0x4290c4 SetCurrentDirectoryW
0x4290c8 PostQueuedCompletionStatus
0x4290cc WriteProfileSectionW
0x4290d0 SetEnvironmentVariableA
0x4290d4 CreateIoCompletionPort
0x4290d8 HeapSetInformation
0x4290dc GetCurrentDirectoryA
0x4290e0 FatalAppExitA
0x4290e4 GetCPInfoExA
0x4290e8 OpenSemaphoreW
0x4290ec GetVersionExA
0x4290f0 TlsAlloc
0x4290f4 FindAtomW
0x4290f8 UnregisterWaitEx
0x4290fc GetSystemTime
0x429100 LCMapStringW
0x429104 MoveFileA
0x429108 HeapValidate
0x42910c IsBadReadPtr
0x429110 RaiseException
0x429114 EnterCriticalSection
0x429118 LeaveCriticalSection
0x42911c TerminateProcess
0x429120 GetCurrentProcess
0x429124 UnhandledExceptionFilter
0x429128 SetUnhandledExceptionFilter
0x42912c IsDebuggerPresent
0x429130 GetModuleFileNameW
0x429134 RtlUnwind
0x429138 GetACP
0x42913c GetOEMCP
0x429140 GetCPInfo
0x429144 IsValidCodePage
0x429148 TlsGetValue
0x42914c GetModuleHandleW
0x429150 TlsSetValue
0x429154 GetCurrentThreadId
0x429158 TlsFree
0x42915c SetLastError
0x429160 Sleep
0x429164 ExitProcess
0x429168 SetHandleCount
0x42916c GetStdHandle
0x429170 GetFileType
0x429174 DeleteCriticalSection
0x429178 QueryPerformanceCounter
0x42917c GetCurrentProcessId
0x429180 GetSystemTimeAsFileTime
0x429184 GetModuleFileNameA
0x429188 GetEnvironmentStrings
0x42918c FreeEnvironmentStringsW
0x429190 WideCharToMultiByte
0x429194 GetEnvironmentStringsW
0x429198 HeapDestroy
0x42919c HeapCreate
0x4291a0 HeapFree
0x4291a4 WriteFile
0x4291a8 HeapAlloc
0x4291ac HeapSize
0x4291b0 HeapReAlloc
0x4291b4 VirtualAlloc
0x4291b8 DebugBreak
0x4291bc OutputDebugStringA
0x4291c0 WriteConsoleW
0x4291c4 OutputDebugStringW
0x4291c8 MultiByteToWideChar
0x4291cc GetStringTypeA
0x4291d0 GetStringTypeW
0x4291d4 GetLocaleInfoA
0x4291d8 LCMapStringA
0x4291dc InitializeCriticalSectionAndSpinCount
0x4291e0 FlushFileBuffers
0x4291e4 GetConsoleCP
0x4291e8 GetConsoleMode
0x4291ec ReadFile
0x4291f0 CloseHandle
0x4291f4 SetStdHandle
0x4291f8 WriteConsoleA
0x4291fc GetConsoleOutputCP
0x429200 CreateFileA
0x429204 GetModuleHandleA
EAT(Export Address Table) is none
KERNEL32.dll
0x429000 FileTimeToDosDateTime
0x429004 EnumResourceNamesW
0x429008 SetPriorityClass
0x42900c WriteConsoleInputW
0x429010 SetFilePointer
0x429014 GetConsoleAliasesLengthW
0x429018 CopyFileExW
0x42901c InterlockedIncrement
0x429020 InterlockedDecrement
0x429024 WaitNamedPipeA
0x429028 CreateDirectoryW
0x42902c GlobalLock
0x429030 SetComputerNameW
0x429034 GetComputerNameW
0x429038 SetEvent
0x42903c FreeEnvironmentStringsA
0x429040 GetTickCount
0x429044 VirtualFree
0x429048 GetCommandLineA
0x42904c GetVolumeInformationA
0x429050 LoadLibraryW
0x429054 GetSystemWow64DirectoryW
0x429058 InitAtomTable
0x42905c GetFileAttributesA
0x429060 IsProcessorFeaturePresent
0x429064 CreateSemaphoreA
0x429068 SetConsoleCursorPosition
0x42906c GetSystemDirectoryA
0x429070 CompareStringW
0x429074 lstrlenW
0x429078 ReleaseActCtx
0x42907c GetFileSizeEx
0x429080 GetStartupInfoA
0x429084 GetCPInfoExW
0x429088 OpenMutexW
0x42908c GetHandleInformation
0x429090 GetLastError
0x429094 GetProcAddress
0x429098 GetProcessHeaps
0x42909c CreateNamedPipeA
0x4290a0 WriteProfileSectionA
0x4290a4 ReadFileEx
0x4290a8 CopyFileA
0x4290ac GetPrivateProfileStringA
0x4290b0 LoadLibraryA
0x4290b4 OpenMutexA
0x4290b8 GetConsoleScreenBufferInfo
0x4290bc LocalAlloc
0x4290c0 GetExitCodeThread
0x4290c4 SetCurrentDirectoryW
0x4290c8 PostQueuedCompletionStatus
0x4290cc WriteProfileSectionW
0x4290d0 SetEnvironmentVariableA
0x4290d4 CreateIoCompletionPort
0x4290d8 HeapSetInformation
0x4290dc GetCurrentDirectoryA
0x4290e0 FatalAppExitA
0x4290e4 GetCPInfoExA
0x4290e8 OpenSemaphoreW
0x4290ec GetVersionExA
0x4290f0 TlsAlloc
0x4290f4 FindAtomW
0x4290f8 UnregisterWaitEx
0x4290fc GetSystemTime
0x429100 LCMapStringW
0x429104 MoveFileA
0x429108 HeapValidate
0x42910c IsBadReadPtr
0x429110 RaiseException
0x429114 EnterCriticalSection
0x429118 LeaveCriticalSection
0x42911c TerminateProcess
0x429120 GetCurrentProcess
0x429124 UnhandledExceptionFilter
0x429128 SetUnhandledExceptionFilter
0x42912c IsDebuggerPresent
0x429130 GetModuleFileNameW
0x429134 RtlUnwind
0x429138 GetACP
0x42913c GetOEMCP
0x429140 GetCPInfo
0x429144 IsValidCodePage
0x429148 TlsGetValue
0x42914c GetModuleHandleW
0x429150 TlsSetValue
0x429154 GetCurrentThreadId
0x429158 TlsFree
0x42915c SetLastError
0x429160 Sleep
0x429164 ExitProcess
0x429168 SetHandleCount
0x42916c GetStdHandle
0x429170 GetFileType
0x429174 DeleteCriticalSection
0x429178 QueryPerformanceCounter
0x42917c GetCurrentProcessId
0x429180 GetSystemTimeAsFileTime
0x429184 GetModuleFileNameA
0x429188 GetEnvironmentStrings
0x42918c FreeEnvironmentStringsW
0x429190 WideCharToMultiByte
0x429194 GetEnvironmentStringsW
0x429198 HeapDestroy
0x42919c HeapCreate
0x4291a0 HeapFree
0x4291a4 WriteFile
0x4291a8 HeapAlloc
0x4291ac HeapSize
0x4291b0 HeapReAlloc
0x4291b4 VirtualAlloc
0x4291b8 DebugBreak
0x4291bc OutputDebugStringA
0x4291c0 WriteConsoleW
0x4291c4 OutputDebugStringW
0x4291c8 MultiByteToWideChar
0x4291cc GetStringTypeA
0x4291d0 GetStringTypeW
0x4291d4 GetLocaleInfoA
0x4291d8 LCMapStringA
0x4291dc InitializeCriticalSectionAndSpinCount
0x4291e0 FlushFileBuffers
0x4291e4 GetConsoleCP
0x4291e8 GetConsoleMode
0x4291ec ReadFile
0x4291f0 CloseHandle
0x4291f4 SetStdHandle
0x4291f8 WriteConsoleA
0x4291fc GetConsoleOutputCP
0x429200 CreateFileA
0x429204 GetModuleHandleA
EAT(Export Address Table) is none