ScreenShot
| Created | 2021.08.13 09:46 | Machine | s1_win7_x6402 |
| Filename | runvd.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 26 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, confidence, Kryptik, Eldorado, Attribute, HighConfidence, Chapak, CLASSIC, Azorult, score, Artemis, MachineLearning, Anomalous, 100%, Static AI, Malicious PE, susgen, ZexaF, Iq0@aCKYV4gG, QVM10) | ||
| md5 | a945644533a405a16423fbf5b9a37069 | ||
| sha256 | a5483d1124967a58176f75409270ba071fe0f2f337ffd3b106659852565502f0 | ||
| ssdeep | 12288:V2VRggveXe6UvZRLGkWVx30BwQTvwAW8aLlcCO1Xnmi:V2VygmZYZRL8xiwQzW8TXmi | ||
| imphash | 21f8cbe210ac78e50bb44fcc94551c73 | ||
| impfuzzy | 24:j4FckrkRBZaj3+frkrKbCzDkXV4B/cPJcDS1DXPFDZvMyuJ0ct5OovolXFQ8Ryva:KzaZXzkrKh17PFZM1t8Dc9TIcR7GHwdC | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x470000 GetComputerNameA
0x470004 lstrlenA
0x470008 GetConsoleAliasesLengthW
0x47000c MoveFileExA
0x470010 InterlockedDecrement
0x470014 ReadConsoleOutputAttribute
0x470018 GetUserDefaultLCID
0x47001c WaitForSingleObject
0x470020 SetConsoleScreenBufferSize
0x470024 SetEvent
0x470028 IsBadReadPtr
0x47002c GetUserDefaultLangID
0x470030 GetVolumePathNameW
0x470034 GetConsoleCP
0x470038 LocalShrink
0x47003c GetSystemWindowsDirectoryA
0x470040 ReadConsoleOutputW
0x470044 GetFileAttributesA
0x470048 lstrcpynW
0x47004c GetConsoleAliasW
0x470050 VerifyVersionInfoA
0x470054 WriteConsoleW
0x470058 WritePrivateProfileSectionW
0x47005c ReadFile
0x470060 GetCompressedFileSizeA
0x470064 GetSystemDirectoryA
0x470068 CreateFileW
0x47006c CreateActCtxA
0x470070 lstrcatA
0x470074 GetACP
0x470078 VerifyVersionInfoW
0x47007c SetLastError
0x470080 GetProcAddress
0x470084 PeekConsoleInputW
0x470088 EnumDateFormatsExA
0x47008c GetConsoleDisplayMode
0x470090 EnterCriticalSection
0x470094 BuildCommDCBW
0x470098 GetLocalTime
0x47009c GetProcessId
0x4700a0 LocalAlloc
0x4700a4 DeleteTimerQueue
0x4700a8 SetCalendarInfoW
0x4700ac DnsHostnameToComputerNameA
0x4700b0 CreateTapePartition
0x4700b4 SetFileApisToANSI
0x4700b8 GlobalGetAtomNameW
0x4700bc SetEnvironmentVariableA
0x4700c0 SetConsoleTitleW
0x4700c4 GetModuleHandleA
0x4700c8 UpdateResourceW
0x4700cc GetConsoleTitleW
0x4700d0 VirtualProtect
0x4700d4 EndUpdateResourceA
0x4700d8 GetVersionExA
0x4700dc FindFirstVolumeW
0x4700e0 UnhandledExceptionFilter
0x4700e4 SetUnhandledExceptionFilter
0x4700e8 GetCommandLineA
0x4700ec GetStartupInfoA
0x4700f0 GetModuleHandleW
0x4700f4 Sleep
0x4700f8 ExitProcess
0x4700fc GetLastError
0x470100 WriteFile
0x470104 GetStdHandle
0x470108 GetModuleFileNameA
0x47010c HeapAlloc
0x470110 FreeEnvironmentStringsA
0x470114 GetEnvironmentStrings
0x470118 FreeEnvironmentStringsW
0x47011c WideCharToMultiByte
0x470120 GetEnvironmentStringsW
0x470124 SetHandleCount
0x470128 GetFileType
0x47012c DeleteCriticalSection
0x470130 TlsGetValue
0x470134 TlsAlloc
0x470138 TlsSetValue
0x47013c TlsFree
0x470140 InterlockedIncrement
0x470144 GetCurrentThreadId
0x470148 HeapCreate
0x47014c VirtualFree
0x470150 HeapFree
0x470154 QueryPerformanceCounter
0x470158 GetTickCount
0x47015c GetCurrentProcessId
0x470160 GetSystemTimeAsFileTime
0x470164 LeaveCriticalSection
0x470168 TerminateProcess
0x47016c GetCurrentProcess
0x470170 IsDebuggerPresent
0x470174 LoadLibraryA
0x470178 InitializeCriticalSectionAndSpinCount
0x47017c RaiseException
0x470180 VirtualAlloc
0x470184 HeapReAlloc
0x470188 GetCPInfo
0x47018c GetOEMCP
0x470190 IsValidCodePage
0x470194 RtlUnwind
0x470198 HeapSize
0x47019c GetLocaleInfoA
0x4701a0 LCMapStringA
0x4701a4 MultiByteToWideChar
0x4701a8 LCMapStringW
0x4701ac GetStringTypeA
0x4701b0 GetStringTypeW
USER32.dll
0x4701b8 RealGetWindowClassW
EAT(Export Address Table) Library
0x401000 @GetOtherVice@16
KERNEL32.dll
0x470000 GetComputerNameA
0x470004 lstrlenA
0x470008 GetConsoleAliasesLengthW
0x47000c MoveFileExA
0x470010 InterlockedDecrement
0x470014 ReadConsoleOutputAttribute
0x470018 GetUserDefaultLCID
0x47001c WaitForSingleObject
0x470020 SetConsoleScreenBufferSize
0x470024 SetEvent
0x470028 IsBadReadPtr
0x47002c GetUserDefaultLangID
0x470030 GetVolumePathNameW
0x470034 GetConsoleCP
0x470038 LocalShrink
0x47003c GetSystemWindowsDirectoryA
0x470040 ReadConsoleOutputW
0x470044 GetFileAttributesA
0x470048 lstrcpynW
0x47004c GetConsoleAliasW
0x470050 VerifyVersionInfoA
0x470054 WriteConsoleW
0x470058 WritePrivateProfileSectionW
0x47005c ReadFile
0x470060 GetCompressedFileSizeA
0x470064 GetSystemDirectoryA
0x470068 CreateFileW
0x47006c CreateActCtxA
0x470070 lstrcatA
0x470074 GetACP
0x470078 VerifyVersionInfoW
0x47007c SetLastError
0x470080 GetProcAddress
0x470084 PeekConsoleInputW
0x470088 EnumDateFormatsExA
0x47008c GetConsoleDisplayMode
0x470090 EnterCriticalSection
0x470094 BuildCommDCBW
0x470098 GetLocalTime
0x47009c GetProcessId
0x4700a0 LocalAlloc
0x4700a4 DeleteTimerQueue
0x4700a8 SetCalendarInfoW
0x4700ac DnsHostnameToComputerNameA
0x4700b0 CreateTapePartition
0x4700b4 SetFileApisToANSI
0x4700b8 GlobalGetAtomNameW
0x4700bc SetEnvironmentVariableA
0x4700c0 SetConsoleTitleW
0x4700c4 GetModuleHandleA
0x4700c8 UpdateResourceW
0x4700cc GetConsoleTitleW
0x4700d0 VirtualProtect
0x4700d4 EndUpdateResourceA
0x4700d8 GetVersionExA
0x4700dc FindFirstVolumeW
0x4700e0 UnhandledExceptionFilter
0x4700e4 SetUnhandledExceptionFilter
0x4700e8 GetCommandLineA
0x4700ec GetStartupInfoA
0x4700f0 GetModuleHandleW
0x4700f4 Sleep
0x4700f8 ExitProcess
0x4700fc GetLastError
0x470100 WriteFile
0x470104 GetStdHandle
0x470108 GetModuleFileNameA
0x47010c HeapAlloc
0x470110 FreeEnvironmentStringsA
0x470114 GetEnvironmentStrings
0x470118 FreeEnvironmentStringsW
0x47011c WideCharToMultiByte
0x470120 GetEnvironmentStringsW
0x470124 SetHandleCount
0x470128 GetFileType
0x47012c DeleteCriticalSection
0x470130 TlsGetValue
0x470134 TlsAlloc
0x470138 TlsSetValue
0x47013c TlsFree
0x470140 InterlockedIncrement
0x470144 GetCurrentThreadId
0x470148 HeapCreate
0x47014c VirtualFree
0x470150 HeapFree
0x470154 QueryPerformanceCounter
0x470158 GetTickCount
0x47015c GetCurrentProcessId
0x470160 GetSystemTimeAsFileTime
0x470164 LeaveCriticalSection
0x470168 TerminateProcess
0x47016c GetCurrentProcess
0x470170 IsDebuggerPresent
0x470174 LoadLibraryA
0x470178 InitializeCriticalSectionAndSpinCount
0x47017c RaiseException
0x470180 VirtualAlloc
0x470184 HeapReAlloc
0x470188 GetCPInfo
0x47018c GetOEMCP
0x470190 IsValidCodePage
0x470194 RtlUnwind
0x470198 HeapSize
0x47019c GetLocaleInfoA
0x4701a0 LCMapStringA
0x4701a4 MultiByteToWideChar
0x4701a8 LCMapStringW
0x4701ac GetStringTypeA
0x4701b0 GetStringTypeW
USER32.dll
0x4701b8 RealGetWindowClassW
EAT(Export Address Table) Library
0x401000 @GetOtherVice@16