ScreenShot
| Created | 2021.08.12 09:45 | Machine | s1_win7_x6402 |
| Filename | Shapeless.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 50 detected (AIDetect, malware1, mBud, malicious, high confidence, GenericKD, Unsafe, Save, GandCrab, confidence, 100%, Kryptik, Eldorado, HMAJ, Upatre, Zenpak, RansomX, CLASSIC, Siggen3, HPGen, UrSnif, habom, RedLineSteal, ssyma, Score, ai score=82, STOP, se8085, Azorult, YR40KC, CoinMiner, Glupteba, R436299, GenericRXAA, BScope, Androm, Static AI, Malicious PE, ZexaF, uq0@aququBA, Genetic, HwoCKlEA) | ||
| md5 | 69e5b67145f3dd4879642cb809a413bc | ||
| sha256 | 87f133407e85aa6bf25c9f7e3571e1e9b63be96c9e2295d6579c0c651eac43c9 | ||
| ssdeep | 6144:HR82snBuYslmjjdDMjT4N9tdWWCIwClf:HR82ku2jjGjTW9H9C5Y | ||
| imphash | 9d007788623d69514f22ced610d164ef | ||
| impfuzzy | 48:XdZ8ZewK/MtVjbF9YMrJtRVGAxfg0vc2FdMJ:XXced+V0MrJtXGAxf7vc2Fa | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x430008 lstrlenA
0x43000c WriteConsoleOutputCharacterA
0x430010 LocalCompact
0x430014 MoveFileExW
0x430018 InterlockedDecrement
0x43001c GetCurrentProcess
0x430020 GetSystemWindowsDirectoryW
0x430024 GetUserDefaultLCID
0x430028 WriteConsoleInputA
0x43002c SetEvent
0x430030 GetSystemDefaultLCID
0x430034 IsBadReadPtr
0x430038 GetConsoleAliasesLengthA
0x43003c GetConsoleTitleA
0x430040 ReadConsoleW
0x430044 ReadConsoleOutputA
0x430048 WriteFile
0x43004c CreateActCtxW
0x430050 InitializeCriticalSection
0x430054 GetVolumePathNameW
0x430058 FindResourceExA
0x43005c GetConsoleCP
0x430060 GlobalAlloc
0x430064 InterlockedPopEntrySList
0x430068 LeaveCriticalSection
0x43006c GetFileAttributesA
0x430070 DnsHostnameToComputerNameW
0x430074 lstrcpynW
0x430078 GetConsoleAliasW
0x43007c SetConsoleCursorPosition
0x430080 VerifyVersionInfoA
0x430084 WriteConsoleW
0x430088 GetComputerNameA
0x43008c GetACP
0x430090 DeactivateActCtx
0x430094 GetCPInfoExW
0x430098 GetLastError
0x43009c GetLongPathNameW
0x4300a0 GetProcAddress
0x4300a4 EnumDateFormatsExA
0x4300a8 GlobalGetAtomNameA
0x4300ac LoadLibraryA
0x4300b0 GlobalGetAtomNameW
0x4300b4 WaitForMultipleObjects
0x4300b8 SetSystemTime
0x4300bc SetEnvironmentVariableA
0x4300c0 SetConsoleTitleW
0x4300c4 GetModuleHandleA
0x4300c8 lstrcatW
0x4300cc UpdateResourceW
0x4300d0 EraseTape
0x4300d4 CancelTimerQueueTimer
0x4300d8 BuildCommDCBA
0x4300dc VirtualProtect
0x4300e0 PeekConsoleInputA
0x4300e4 SetCalendarInfoA
0x4300e8 FindFirstVolumeA
0x4300ec EndUpdateResourceA
0x4300f0 ReadConsoleInputW
0x4300f4 GetPrivateProfileSectionW
0x4300f8 AreFileApisANSI
0x4300fc CreateActCtxA
0x430100 GetSystemDefaultLangID
0x430104 UnhandledExceptionFilter
0x430108 SetUnhandledExceptionFilter
0x43010c HeapReAlloc
0x430110 HeapAlloc
0x430114 GetCommandLineA
0x430118 GetStartupInfoA
0x43011c RaiseException
0x430120 RtlUnwind
0x430124 GetModuleHandleW
0x430128 Sleep
0x43012c ExitProcess
0x430130 GetStdHandle
0x430134 GetModuleFileNameA
0x430138 TerminateProcess
0x43013c IsDebuggerPresent
0x430140 HeapFree
0x430144 DeleteCriticalSection
0x430148 EnterCriticalSection
0x43014c HeapCreate
0x430150 VirtualFree
0x430154 VirtualAlloc
0x430158 FreeEnvironmentStringsA
0x43015c GetEnvironmentStrings
0x430160 FreeEnvironmentStringsW
0x430164 WideCharToMultiByte
0x430168 GetEnvironmentStringsW
0x43016c SetHandleCount
0x430170 GetFileType
0x430174 TlsGetValue
0x430178 TlsAlloc
0x43017c TlsSetValue
0x430180 TlsFree
0x430184 InterlockedIncrement
0x430188 SetLastError
0x43018c GetCurrentThreadId
0x430190 QueryPerformanceCounter
0x430194 GetTickCount
0x430198 GetCurrentProcessId
0x43019c GetSystemTimeAsFileTime
0x4301a0 InitializeCriticalSectionAndSpinCount
0x4301a4 HeapSize
0x4301a8 GetCPInfo
0x4301ac GetOEMCP
0x4301b0 IsValidCodePage
0x4301b4 GetLocaleInfoA
0x4301b8 LCMapStringA
0x4301bc MultiByteToWideChar
0x4301c0 LCMapStringW
0x4301c4 GetStringTypeA
0x4301c8 GetStringTypeW
USER32.dll
0x4301d0 GetAltTabInfoW
0x4301d4 RealGetWindowClassA
ADVAPI32.dll
0x430000 BackupEventLogA
EAT(Export Address Table) is none
KERNEL32.dll
0x430008 lstrlenA
0x43000c WriteConsoleOutputCharacterA
0x430010 LocalCompact
0x430014 MoveFileExW
0x430018 InterlockedDecrement
0x43001c GetCurrentProcess
0x430020 GetSystemWindowsDirectoryW
0x430024 GetUserDefaultLCID
0x430028 WriteConsoleInputA
0x43002c SetEvent
0x430030 GetSystemDefaultLCID
0x430034 IsBadReadPtr
0x430038 GetConsoleAliasesLengthA
0x43003c GetConsoleTitleA
0x430040 ReadConsoleW
0x430044 ReadConsoleOutputA
0x430048 WriteFile
0x43004c CreateActCtxW
0x430050 InitializeCriticalSection
0x430054 GetVolumePathNameW
0x430058 FindResourceExA
0x43005c GetConsoleCP
0x430060 GlobalAlloc
0x430064 InterlockedPopEntrySList
0x430068 LeaveCriticalSection
0x43006c GetFileAttributesA
0x430070 DnsHostnameToComputerNameW
0x430074 lstrcpynW
0x430078 GetConsoleAliasW
0x43007c SetConsoleCursorPosition
0x430080 VerifyVersionInfoA
0x430084 WriteConsoleW
0x430088 GetComputerNameA
0x43008c GetACP
0x430090 DeactivateActCtx
0x430094 GetCPInfoExW
0x430098 GetLastError
0x43009c GetLongPathNameW
0x4300a0 GetProcAddress
0x4300a4 EnumDateFormatsExA
0x4300a8 GlobalGetAtomNameA
0x4300ac LoadLibraryA
0x4300b0 GlobalGetAtomNameW
0x4300b4 WaitForMultipleObjects
0x4300b8 SetSystemTime
0x4300bc SetEnvironmentVariableA
0x4300c0 SetConsoleTitleW
0x4300c4 GetModuleHandleA
0x4300c8 lstrcatW
0x4300cc UpdateResourceW
0x4300d0 EraseTape
0x4300d4 CancelTimerQueueTimer
0x4300d8 BuildCommDCBA
0x4300dc VirtualProtect
0x4300e0 PeekConsoleInputA
0x4300e4 SetCalendarInfoA
0x4300e8 FindFirstVolumeA
0x4300ec EndUpdateResourceA
0x4300f0 ReadConsoleInputW
0x4300f4 GetPrivateProfileSectionW
0x4300f8 AreFileApisANSI
0x4300fc CreateActCtxA
0x430100 GetSystemDefaultLangID
0x430104 UnhandledExceptionFilter
0x430108 SetUnhandledExceptionFilter
0x43010c HeapReAlloc
0x430110 HeapAlloc
0x430114 GetCommandLineA
0x430118 GetStartupInfoA
0x43011c RaiseException
0x430120 RtlUnwind
0x430124 GetModuleHandleW
0x430128 Sleep
0x43012c ExitProcess
0x430130 GetStdHandle
0x430134 GetModuleFileNameA
0x430138 TerminateProcess
0x43013c IsDebuggerPresent
0x430140 HeapFree
0x430144 DeleteCriticalSection
0x430148 EnterCriticalSection
0x43014c HeapCreate
0x430150 VirtualFree
0x430154 VirtualAlloc
0x430158 FreeEnvironmentStringsA
0x43015c GetEnvironmentStrings
0x430160 FreeEnvironmentStringsW
0x430164 WideCharToMultiByte
0x430168 GetEnvironmentStringsW
0x43016c SetHandleCount
0x430170 GetFileType
0x430174 TlsGetValue
0x430178 TlsAlloc
0x43017c TlsSetValue
0x430180 TlsFree
0x430184 InterlockedIncrement
0x430188 SetLastError
0x43018c GetCurrentThreadId
0x430190 QueryPerformanceCounter
0x430194 GetTickCount
0x430198 GetCurrentProcessId
0x43019c GetSystemTimeAsFileTime
0x4301a0 InitializeCriticalSectionAndSpinCount
0x4301a4 HeapSize
0x4301a8 GetCPInfo
0x4301ac GetOEMCP
0x4301b0 IsValidCodePage
0x4301b4 GetLocaleInfoA
0x4301b8 LCMapStringA
0x4301bc MultiByteToWideChar
0x4301c0 LCMapStringW
0x4301c4 GetStringTypeA
0x4301c8 GetStringTypeW
USER32.dll
0x4301d0 GetAltTabInfoW
0x4301d4 RealGetWindowClassA
ADVAPI32.dll
0x430000 BackupEventLogA
EAT(Export Address Table) is none