Report - sefile.exe

UPX Malicious Library OS Processor Check PE File PE32
ScreenShot
Created 2021.08.12 09:32 Machine s1_win7_x6401
Filename sefile.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
2
Behavior Score
2.2
ZERO API file : malware
VT API (file) 22 detected (AIDetect, malware1, malicious, high confidence, Artemis, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, Kryptik, CLASSIC, MultiPlug, Static AI, Malicious PE, Score, Sabsik, ZexaF, yuW@a8DN6viH, QVM10)
md5 9008fe6b62bc7b920591cf8cb77d6f85
sha256 a7d3eb2d7b7efef08b2fa839a08c94249f51e53edf64a443c6c66a47b220c68c
ssdeep 6144:ZUbRSrxYjmI6sFTppewQnaFOe9OtXZ6sj6JamMndZExTV3ZdDryDcZ6lM:ySrmXXFNEtaF7+ZICdZChZdDWDcZ5
imphash 346d1123531c92f702a30851f3faa86c
impfuzzy 48:nu1FJGFTYcwQMhExsaEBcftqP229JSZ9Xz:kZBhEx1EBcftqP2UJSZ9Xz
  Network IP location

Signature (5cnts)

Level Description
warning File has been identified by 22 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
notice Foreign language identified in PE resource
notice The binary likely contains encrypted or compressed data indicative of a packer
info This executable has a PDB path

Rules (5cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x429000 FileTimeToDosDateTime
 0x429004 EnumResourceNamesW
 0x429008 SetPriorityClass
 0x42900c WriteConsoleInputW
 0x429010 SetFilePointer
 0x429014 GetConsoleAliasesLengthW
 0x429018 CopyFileExW
 0x42901c InterlockedIncrement
 0x429020 InterlockedDecrement
 0x429024 WaitNamedPipeA
 0x429028 CreateDirectoryW
 0x42902c GlobalLock
 0x429030 SetComputerNameW
 0x429034 GetComputerNameW
 0x429038 SetEvent
 0x42903c FreeEnvironmentStringsA
 0x429040 GetTickCount
 0x429044 VirtualFree
 0x429048 GetCommandLineA
 0x42904c GetVolumeInformationA
 0x429050 LoadLibraryW
 0x429054 GetSystemWow64DirectoryW
 0x429058 InitAtomTable
 0x42905c GetFileAttributesA
 0x429060 IsProcessorFeaturePresent
 0x429064 CreateSemaphoreA
 0x429068 SetConsoleCursorPosition
 0x42906c GetSystemDirectoryA
 0x429070 CompareStringW
 0x429074 lstrlenW
 0x429078 ReleaseActCtx
 0x42907c GetFileSizeEx
 0x429080 GetStartupInfoA
 0x429084 GetCPInfoExW
 0x429088 OpenMutexW
 0x42908c GetHandleInformation
 0x429090 GetLastError
 0x429094 GetProcAddress
 0x429098 GetProcessHeaps
 0x42909c CreateNamedPipeA
 0x4290a0 WriteProfileSectionA
 0x4290a4 ReadFileEx
 0x4290a8 CopyFileA
 0x4290ac GetPrivateProfileStringA
 0x4290b0 LoadLibraryA
 0x4290b4 OpenMutexA
 0x4290b8 GetConsoleScreenBufferInfo
 0x4290bc LocalAlloc
 0x4290c0 GetExitCodeThread
 0x4290c4 SetCurrentDirectoryW
 0x4290c8 PostQueuedCompletionStatus
 0x4290cc WriteProfileSectionW
 0x4290d0 SetEnvironmentVariableA
 0x4290d4 CreateIoCompletionPort
 0x4290d8 HeapSetInformation
 0x4290dc GetCurrentDirectoryA
 0x4290e0 FatalAppExitA
 0x4290e4 GetCPInfoExA
 0x4290e8 OpenSemaphoreW
 0x4290ec GetVersionExA
 0x4290f0 TlsAlloc
 0x4290f4 FindAtomW
 0x4290f8 UnregisterWaitEx
 0x4290fc GetSystemTime
 0x429100 LCMapStringW
 0x429104 MoveFileA
 0x429108 HeapValidate
 0x42910c IsBadReadPtr
 0x429110 RaiseException
 0x429114 EnterCriticalSection
 0x429118 LeaveCriticalSection
 0x42911c TerminateProcess
 0x429120 GetCurrentProcess
 0x429124 UnhandledExceptionFilter
 0x429128 SetUnhandledExceptionFilter
 0x42912c IsDebuggerPresent
 0x429130 GetModuleFileNameW
 0x429134 RtlUnwind
 0x429138 GetACP
 0x42913c GetOEMCP
 0x429140 GetCPInfo
 0x429144 IsValidCodePage
 0x429148 TlsGetValue
 0x42914c GetModuleHandleW
 0x429150 TlsSetValue
 0x429154 GetCurrentThreadId
 0x429158 TlsFree
 0x42915c SetLastError
 0x429160 Sleep
 0x429164 ExitProcess
 0x429168 SetHandleCount
 0x42916c GetStdHandle
 0x429170 GetFileType
 0x429174 DeleteCriticalSection
 0x429178 QueryPerformanceCounter
 0x42917c GetCurrentProcessId
 0x429180 GetSystemTimeAsFileTime
 0x429184 GetModuleFileNameA
 0x429188 GetEnvironmentStrings
 0x42918c FreeEnvironmentStringsW
 0x429190 WideCharToMultiByte
 0x429194 GetEnvironmentStringsW
 0x429198 HeapDestroy
 0x42919c HeapCreate
 0x4291a0 HeapFree
 0x4291a4 WriteFile
 0x4291a8 HeapAlloc
 0x4291ac HeapSize
 0x4291b0 HeapReAlloc
 0x4291b4 VirtualAlloc
 0x4291b8 DebugBreak
 0x4291bc OutputDebugStringA
 0x4291c0 WriteConsoleW
 0x4291c4 OutputDebugStringW
 0x4291c8 MultiByteToWideChar
 0x4291cc GetStringTypeA
 0x4291d0 GetStringTypeW
 0x4291d4 GetLocaleInfoA
 0x4291d8 LCMapStringA
 0x4291dc InitializeCriticalSectionAndSpinCount
 0x4291e0 FlushFileBuffers
 0x4291e4 GetConsoleCP
 0x4291e8 GetConsoleMode
 0x4291ec ReadFile
 0x4291f0 CloseHandle
 0x4291f4 SetStdHandle
 0x4291f8 WriteConsoleA
 0x4291fc GetConsoleOutputCP
 0x429200 CreateFileA
 0x429204 GetModuleHandleA

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure