ScreenShot
| Created | 2021.08.12 09:20 | Machine | s1_win7_x6401 |
| Filename | alfile.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 23 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, ZexaF, Eq0@aeaCEAei, Kryptik, Eldorado, CLASSIC, VirRansom, Static AI, Malicious PE, Sabsik, score, TrojanPSW, Racealer, MachineLearning, Anomalous, 100%, confidence, QVM10) | ||
| md5 | 9292c91e8862b1f54b316ac8aee11bc7 | ||
| sha256 | e665bb787c49613e205566af779144156b86b3609c7dcea163dcc8e83f0b5594 | ||
| ssdeep | 6144:4/M/hyUlUO7IEQ5BkUdexAcYRSElCsDv9ueBMeKJPKykoQUXg8n7knGyHM:4/M8fmI/zFPrSYCSv4e50KhoQUDnI | ||
| imphash | aa13d15d6dd2e094d4aa7be42a7367ea | ||
| impfuzzy | 24:XckrkRqWiZaj3+fUdNrKbCzdxkXV4BsJcDS1DXTDZvMKuJjdRGt5OovolXFQ8Ryl:XzTZX6NrKS817TZMxGt8Dc9TIcEGHwdC | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x45d000 lstrlenA
0x45d004 GetConsoleAliasesLengthW
0x45d008 MoveFileExA
0x45d00c InterlockedDecrement
0x45d010 ReadConsoleOutputAttribute
0x45d014 GetProfileStringW
0x45d018 GetUserDefaultLCID
0x45d01c WaitForSingleObject
0x45d020 SetConsoleScreenBufferSize
0x45d024 GetComputerNameW
0x45d028 SetEvent
0x45d02c IsBadReadPtr
0x45d030 ReadConsoleOutputA
0x45d034 GetUserDefaultLangID
0x45d038 GetVolumePathNameW
0x45d03c GetConsoleCP
0x45d040 LocalShrink
0x45d044 GetSystemWindowsDirectoryA
0x45d048 InterlockedPopEntrySList
0x45d04c LeaveCriticalSection
0x45d050 GetFileAttributesA
0x45d054 lstrcpynW
0x45d058 GetConsoleAliasW
0x45d05c VerifyVersionInfoA
0x45d060 WriteConsoleW
0x45d064 WritePrivateProfileSectionW
0x45d068 ReadFile
0x45d06c CreateFileW
0x45d070 CreateActCtxA
0x45d074 GetACP
0x45d078 VerifyVersionInfoW
0x45d07c SetLastError
0x45d080 GetProcAddress
0x45d084 PeekConsoleInputW
0x45d088 EnumDateFormatsExA
0x45d08c GetConsoleDisplayMode
0x45d090 EnterCriticalSection
0x45d094 GetProcessId
0x45d098 LocalAlloc
0x45d09c DeleteTimerQueue
0x45d0a0 SetCalendarInfoW
0x45d0a4 DnsHostnameToComputerNameA
0x45d0a8 CreateTapePartition
0x45d0ac SetFileApisToANSI
0x45d0b0 GlobalGetAtomNameW
0x45d0b4 SetSystemTime
0x45d0b8 SetEnvironmentVariableA
0x45d0bc SetConsoleTitleW
0x45d0c0 GetModuleHandleA
0x45d0c4 lstrcatW
0x45d0c8 UpdateResourceW
0x45d0cc CancelTimerQueueTimer
0x45d0d0 GetConsoleTitleW
0x45d0d4 BuildCommDCBA
0x45d0d8 VirtualProtect
0x45d0dc EndUpdateResourceA
0x45d0e0 GetVersionExA
0x45d0e4 FindFirstVolumeW
0x45d0e8 UnhandledExceptionFilter
0x45d0ec SetUnhandledExceptionFilter
0x45d0f0 GetCommandLineA
0x45d0f4 GetStartupInfoA
0x45d0f8 GetModuleHandleW
0x45d0fc Sleep
0x45d100 ExitProcess
0x45d104 GetLastError
0x45d108 WriteFile
0x45d10c GetStdHandle
0x45d110 GetModuleFileNameA
0x45d114 HeapAlloc
0x45d118 FreeEnvironmentStringsA
0x45d11c GetEnvironmentStrings
0x45d120 FreeEnvironmentStringsW
0x45d124 WideCharToMultiByte
0x45d128 GetEnvironmentStringsW
0x45d12c SetHandleCount
0x45d130 GetFileType
0x45d134 DeleteCriticalSection
0x45d138 TlsGetValue
0x45d13c TlsAlloc
0x45d140 TlsSetValue
0x45d144 TlsFree
0x45d148 InterlockedIncrement
0x45d14c GetCurrentThreadId
0x45d150 HeapCreate
0x45d154 VirtualFree
0x45d158 HeapFree
0x45d15c QueryPerformanceCounter
0x45d160 GetTickCount
0x45d164 GetCurrentProcessId
0x45d168 GetSystemTimeAsFileTime
0x45d16c TerminateProcess
0x45d170 GetCurrentProcess
0x45d174 IsDebuggerPresent
0x45d178 LoadLibraryA
0x45d17c InitializeCriticalSectionAndSpinCount
0x45d180 RaiseException
0x45d184 VirtualAlloc
0x45d188 HeapReAlloc
0x45d18c GetCPInfo
0x45d190 GetOEMCP
0x45d194 IsValidCodePage
0x45d198 RtlUnwind
0x45d19c HeapSize
0x45d1a0 GetLocaleInfoA
0x45d1a4 LCMapStringA
0x45d1a8 MultiByteToWideChar
0x45d1ac LCMapStringW
0x45d1b0 GetStringTypeA
0x45d1b4 GetStringTypeW
USER32.dll
0x45d1bc RealGetWindowClassW
EAT(Export Address Table) Library
0x401000 @GetOtherVice@16
KERNEL32.dll
0x45d000 lstrlenA
0x45d004 GetConsoleAliasesLengthW
0x45d008 MoveFileExA
0x45d00c InterlockedDecrement
0x45d010 ReadConsoleOutputAttribute
0x45d014 GetProfileStringW
0x45d018 GetUserDefaultLCID
0x45d01c WaitForSingleObject
0x45d020 SetConsoleScreenBufferSize
0x45d024 GetComputerNameW
0x45d028 SetEvent
0x45d02c IsBadReadPtr
0x45d030 ReadConsoleOutputA
0x45d034 GetUserDefaultLangID
0x45d038 GetVolumePathNameW
0x45d03c GetConsoleCP
0x45d040 LocalShrink
0x45d044 GetSystemWindowsDirectoryA
0x45d048 InterlockedPopEntrySList
0x45d04c LeaveCriticalSection
0x45d050 GetFileAttributesA
0x45d054 lstrcpynW
0x45d058 GetConsoleAliasW
0x45d05c VerifyVersionInfoA
0x45d060 WriteConsoleW
0x45d064 WritePrivateProfileSectionW
0x45d068 ReadFile
0x45d06c CreateFileW
0x45d070 CreateActCtxA
0x45d074 GetACP
0x45d078 VerifyVersionInfoW
0x45d07c SetLastError
0x45d080 GetProcAddress
0x45d084 PeekConsoleInputW
0x45d088 EnumDateFormatsExA
0x45d08c GetConsoleDisplayMode
0x45d090 EnterCriticalSection
0x45d094 GetProcessId
0x45d098 LocalAlloc
0x45d09c DeleteTimerQueue
0x45d0a0 SetCalendarInfoW
0x45d0a4 DnsHostnameToComputerNameA
0x45d0a8 CreateTapePartition
0x45d0ac SetFileApisToANSI
0x45d0b0 GlobalGetAtomNameW
0x45d0b4 SetSystemTime
0x45d0b8 SetEnvironmentVariableA
0x45d0bc SetConsoleTitleW
0x45d0c0 GetModuleHandleA
0x45d0c4 lstrcatW
0x45d0c8 UpdateResourceW
0x45d0cc CancelTimerQueueTimer
0x45d0d0 GetConsoleTitleW
0x45d0d4 BuildCommDCBA
0x45d0d8 VirtualProtect
0x45d0dc EndUpdateResourceA
0x45d0e0 GetVersionExA
0x45d0e4 FindFirstVolumeW
0x45d0e8 UnhandledExceptionFilter
0x45d0ec SetUnhandledExceptionFilter
0x45d0f0 GetCommandLineA
0x45d0f4 GetStartupInfoA
0x45d0f8 GetModuleHandleW
0x45d0fc Sleep
0x45d100 ExitProcess
0x45d104 GetLastError
0x45d108 WriteFile
0x45d10c GetStdHandle
0x45d110 GetModuleFileNameA
0x45d114 HeapAlloc
0x45d118 FreeEnvironmentStringsA
0x45d11c GetEnvironmentStrings
0x45d120 FreeEnvironmentStringsW
0x45d124 WideCharToMultiByte
0x45d128 GetEnvironmentStringsW
0x45d12c SetHandleCount
0x45d130 GetFileType
0x45d134 DeleteCriticalSection
0x45d138 TlsGetValue
0x45d13c TlsAlloc
0x45d140 TlsSetValue
0x45d144 TlsFree
0x45d148 InterlockedIncrement
0x45d14c GetCurrentThreadId
0x45d150 HeapCreate
0x45d154 VirtualFree
0x45d158 HeapFree
0x45d15c QueryPerformanceCounter
0x45d160 GetTickCount
0x45d164 GetCurrentProcessId
0x45d168 GetSystemTimeAsFileTime
0x45d16c TerminateProcess
0x45d170 GetCurrentProcess
0x45d174 IsDebuggerPresent
0x45d178 LoadLibraryA
0x45d17c InitializeCriticalSectionAndSpinCount
0x45d180 RaiseException
0x45d184 VirtualAlloc
0x45d188 HeapReAlloc
0x45d18c GetCPInfo
0x45d190 GetOEMCP
0x45d194 IsValidCodePage
0x45d198 RtlUnwind
0x45d19c HeapSize
0x45d1a0 GetLocaleInfoA
0x45d1a4 LCMapStringA
0x45d1a8 MultiByteToWideChar
0x45d1ac LCMapStringW
0x45d1b0 GetStringTypeA
0x45d1b4 GetStringTypeW
USER32.dll
0x45d1bc RealGetWindowClassW
EAT(Export Address Table) Library
0x401000 @GetOtherVice@16