ScreenShot
| Created | 2021.08.13 10:04 | Machine | s1_win7_x6402 |
| Filename | bin.exe.bin | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 14 detected (GenericRXAA, Artemis, Gen2, ASMalwS, Sabsik, Malicious, score, +UIBoKY41eQ) | ||
| md5 | fe8953e299b378a06e2345d0ee75f710 | ||
| sha256 | f847f5c6c64a33516e814a4bbc392ab3a8f0dc331bd24be7fa400bd753a7b20a | ||
| ssdeep | 24576:FusF1d7wswVMxq8NTREEPQp4W+tzFDSZUfTR6eOU:FusFD90MhTREEIp4WQFDSsZn | ||
| imphash | e453b5fd6cb41875bd9963c4aad71d3b | ||
| impfuzzy | 24:U9jDUyiOIGodJ3Wv9qSBZatRltcYHjMHb:UvJug9qSCtRjcYq | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | File has been identified by 14 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | One or more processes crashed |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40e000 FreeLibrary
0x40e004 LoadLibraryExW
0x40e008 GetProcAddress
0x40e00c MultiByteToWideChar
0x40e010 WideCharToMultiByte
0x40e014 CloseHandle
0x40e018 GetLastError
0x40e01c Sleep
0x40e020 GetCurrentProcess
0x40e024 TerminateProcess
0x40e028 GetModuleFileNameW
0x40e02c GetModuleHandleW
0x40e030 EncodePointer
0x40e034 DecodePointer
0x40e038 GetCommandLineW
0x40e03c HeapFree
0x40e040 HeapAlloc
0x40e044 IsDebuggerPresent
0x40e048 IsProcessorFeaturePresent
0x40e04c ExitProcess
0x40e050 GetModuleHandleExW
0x40e054 HeapSize
0x40e058 SetLastError
0x40e05c GetCurrentThreadId
0x40e060 GetProcessHeap
0x40e064 GetStdHandle
0x40e068 GetFileType
0x40e06c DeleteCriticalSection
0x40e070 GetStartupInfoW
0x40e074 WriteFile
0x40e078 QueryPerformanceCounter
0x40e07c GetCurrentProcessId
0x40e080 GetSystemTimeAsFileTime
0x40e084 GetEnvironmentStringsW
0x40e088 FreeEnvironmentStringsW
0x40e08c UnhandledExceptionFilter
0x40e090 SetUnhandledExceptionFilter
0x40e094 InitializeCriticalSectionAndSpinCount
0x40e098 TlsAlloc
0x40e09c TlsGetValue
0x40e0a0 TlsSetValue
0x40e0a4 TlsFree
0x40e0a8 IsValidCodePage
0x40e0ac GetACP
0x40e0b0 GetOEMCP
0x40e0b4 GetCPInfo
0x40e0b8 GetStringTypeW
0x40e0bc EnterCriticalSection
0x40e0c0 LeaveCriticalSection
0x40e0c4 HeapReAlloc
0x40e0c8 RtlUnwind
0x40e0cc GetConsoleCP
0x40e0d0 GetConsoleMode
0x40e0d4 SetFilePointerEx
0x40e0d8 OutputDebugStringW
0x40e0dc LCMapStringW
0x40e0e0 SetStdHandle
0x40e0e4 WriteConsoleW
0x40e0e8 FlushFileBuffers
0x40e0ec CreateFileW
EAT(Export Address Table) is none
KERNEL32.dll
0x40e000 FreeLibrary
0x40e004 LoadLibraryExW
0x40e008 GetProcAddress
0x40e00c MultiByteToWideChar
0x40e010 WideCharToMultiByte
0x40e014 CloseHandle
0x40e018 GetLastError
0x40e01c Sleep
0x40e020 GetCurrentProcess
0x40e024 TerminateProcess
0x40e028 GetModuleFileNameW
0x40e02c GetModuleHandleW
0x40e030 EncodePointer
0x40e034 DecodePointer
0x40e038 GetCommandLineW
0x40e03c HeapFree
0x40e040 HeapAlloc
0x40e044 IsDebuggerPresent
0x40e048 IsProcessorFeaturePresent
0x40e04c ExitProcess
0x40e050 GetModuleHandleExW
0x40e054 HeapSize
0x40e058 SetLastError
0x40e05c GetCurrentThreadId
0x40e060 GetProcessHeap
0x40e064 GetStdHandle
0x40e068 GetFileType
0x40e06c DeleteCriticalSection
0x40e070 GetStartupInfoW
0x40e074 WriteFile
0x40e078 QueryPerformanceCounter
0x40e07c GetCurrentProcessId
0x40e080 GetSystemTimeAsFileTime
0x40e084 GetEnvironmentStringsW
0x40e088 FreeEnvironmentStringsW
0x40e08c UnhandledExceptionFilter
0x40e090 SetUnhandledExceptionFilter
0x40e094 InitializeCriticalSectionAndSpinCount
0x40e098 TlsAlloc
0x40e09c TlsGetValue
0x40e0a0 TlsSetValue
0x40e0a4 TlsFree
0x40e0a8 IsValidCodePage
0x40e0ac GetACP
0x40e0b0 GetOEMCP
0x40e0b4 GetCPInfo
0x40e0b8 GetStringTypeW
0x40e0bc EnterCriticalSection
0x40e0c0 LeaveCriticalSection
0x40e0c4 HeapReAlloc
0x40e0c8 RtlUnwind
0x40e0cc GetConsoleCP
0x40e0d0 GetConsoleMode
0x40e0d4 SetFilePointerEx
0x40e0d8 OutputDebugStringW
0x40e0dc LCMapStringW
0x40e0e0 SetStdHandle
0x40e0e4 WriteConsoleW
0x40e0e8 FlushFileBuffers
0x40e0ec CreateFileW
EAT(Export Address Table) is none