ScreenShot
| Created | 2021.08.13 20:03 | Machine | s1_win7_x6403 |
| Filename | wvieedr.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 42 detected (AIDetect, malware2, malicious, high confidence, GenericKD, HwoCOQcA, SmokeLoader, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, GenKryptik, FIWW, Raccoon, Chapak, Siggen14, Outbreak, FOMP91, kcloud, Sabsik, score, ai score=84, Azorult, Obscure, CLASSIC, Static AI, Suspicious PE, Wacatac, ZexaF, tuW@a8TLpfoH, susgen) | ||
| md5 | 06a029882deabf229f62728afe3baf4f | ||
| sha256 | f24a559e79ba3121c7e0fed4ac995da056fe6a0dac71b2360f9e340b97117d05 | ||
| ssdeep | 6144:NaBzncNI4Z6pFBJIJZ0xe0cgFVmAS60bwzINf3gf481PJ/ZUt/b3tuV1:0cr0HXIJZ0xeKVmAS60bwSf4JGt/kP | ||
| imphash | c4bbba65aaf569dae0a87d41cd5cbbf2 | ||
| impfuzzy | 48:mTzUbkYJq3mK8wQyMmaEBcftq9JX852dVp:mVYIPL7MjEBcftwJX852dVp | ||
Network IP location
Signature (14cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 42 AntiVirus engines on VirusTotal as malicious |
| danger | Executed a process and injected code into it |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Detects Avast Antivirus through the presence of a library |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | Used NtSetContextThread to modify a thread in a remote process indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | One or more potentially interesting buffers were extracted |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Yara rule detected in process memory |
| info | Checks if process is being debugged by a debugger |
| info | This executable has a PDB path |
Rules (12cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x42a000 GetComputerNameA
0x42a004 EnumResourceNamesW
0x42a008 UnregisterWait
0x42a00c SetPriorityClass
0x42a010 WriteConsoleInputW
0x42a014 SetFilePointer
0x42a018 GetConsoleAliasesLengthW
0x42a01c InterlockedIncrement
0x42a020 InterlockedDecrement
0x42a024 WaitNamedPipeA
0x42a028 CompareFileTime
0x42a02c SetEnvironmentVariableW
0x42a030 CreateDirectoryW
0x42a034 GlobalLock
0x42a038 SetEvent
0x42a03c FreeEnvironmentStringsA
0x42a040 GetTickCount
0x42a044 GetCommandLineA
0x42a048 GlobalAlloc
0x42a04c AddRefActCtx
0x42a050 LoadLibraryW
0x42a054 GetSystemWow64DirectoryW
0x42a058 IsProcessorFeaturePresent
0x42a05c CreateSemaphoreA
0x42a060 ReadFile
0x42a064 GetModuleFileNameW
0x42a068 CompareStringW
0x42a06c lstrlenW
0x42a070 LCMapStringA
0x42a074 GetFileSizeEx
0x42a078 GetStartupInfoA
0x42a07c OpenMutexW
0x42a080 GetHandleInformation
0x42a084 GetCurrentDirectoryW
0x42a088 SetLastError
0x42a08c GetProcAddress
0x42a090 VirtualAlloc
0x42a094 WriteProfileSectionA
0x42a098 ReadFileEx
0x42a09c CopyFileA
0x42a0a0 GetPrivateProfileStringA
0x42a0a4 LoadLibraryA
0x42a0a8 OpenMutexA
0x42a0ac GetConsoleScreenBufferInfo
0x42a0b0 GetExitCodeThread
0x42a0b4 SetCurrentDirectoryW
0x42a0b8 PostQueuedCompletionStatus
0x42a0bc FindAtomA
0x42a0c0 CreateIoCompletionPort
0x42a0c4 HeapSetInformation
0x42a0c8 GetConsoleCursorInfo
0x42a0cc FatalAppExitA
0x42a0d0 GetCPInfoExA
0x42a0d4 OpenSemaphoreW
0x42a0d8 GetVersionExA
0x42a0dc TlsAlloc
0x42a0e0 GetSystemTime
0x42a0e4 CopyFileExA
0x42a0e8 HeapValidate
0x42a0ec IsBadReadPtr
0x42a0f0 RaiseException
0x42a0f4 EnterCriticalSection
0x42a0f8 LeaveCriticalSection
0x42a0fc TerminateProcess
0x42a100 GetCurrentProcess
0x42a104 UnhandledExceptionFilter
0x42a108 SetUnhandledExceptionFilter
0x42a10c IsDebuggerPresent
0x42a110 SetHandleCount
0x42a114 GetStdHandle
0x42a118 GetFileType
0x42a11c DeleteCriticalSection
0x42a120 QueryPerformanceCounter
0x42a124 GetCurrentThreadId
0x42a128 GetCurrentProcessId
0x42a12c GetSystemTimeAsFileTime
0x42a130 GetModuleHandleW
0x42a134 Sleep
0x42a138 ExitProcess
0x42a13c GetModuleFileNameA
0x42a140 GetEnvironmentStrings
0x42a144 FreeEnvironmentStringsW
0x42a148 WideCharToMultiByte
0x42a14c GetLastError
0x42a150 GetEnvironmentStringsW
0x42a154 TlsGetValue
0x42a158 TlsSetValue
0x42a15c TlsFree
0x42a160 HeapDestroy
0x42a164 HeapCreate
0x42a168 HeapFree
0x42a16c VirtualFree
0x42a170 WriteFile
0x42a174 HeapAlloc
0x42a178 HeapSize
0x42a17c HeapReAlloc
0x42a180 GetACP
0x42a184 GetOEMCP
0x42a188 GetCPInfo
0x42a18c IsValidCodePage
0x42a190 RtlUnwind
0x42a194 DebugBreak
0x42a198 OutputDebugStringA
0x42a19c WriteConsoleW
0x42a1a0 OutputDebugStringW
0x42a1a4 MultiByteToWideChar
0x42a1a8 InitializeCriticalSectionAndSpinCount
0x42a1ac LCMapStringW
0x42a1b0 GetStringTypeA
0x42a1b4 GetStringTypeW
0x42a1b8 GetLocaleInfoA
0x42a1bc FlushFileBuffers
0x42a1c0 GetConsoleCP
0x42a1c4 GetConsoleMode
0x42a1c8 CloseHandle
0x42a1cc SetStdHandle
0x42a1d0 WriteConsoleA
0x42a1d4 GetConsoleOutputCP
0x42a1d8 CreateFileA
0x42a1dc GetModuleHandleA
EAT(Export Address Table) is none
KERNEL32.dll
0x42a000 GetComputerNameA
0x42a004 EnumResourceNamesW
0x42a008 UnregisterWait
0x42a00c SetPriorityClass
0x42a010 WriteConsoleInputW
0x42a014 SetFilePointer
0x42a018 GetConsoleAliasesLengthW
0x42a01c InterlockedIncrement
0x42a020 InterlockedDecrement
0x42a024 WaitNamedPipeA
0x42a028 CompareFileTime
0x42a02c SetEnvironmentVariableW
0x42a030 CreateDirectoryW
0x42a034 GlobalLock
0x42a038 SetEvent
0x42a03c FreeEnvironmentStringsA
0x42a040 GetTickCount
0x42a044 GetCommandLineA
0x42a048 GlobalAlloc
0x42a04c AddRefActCtx
0x42a050 LoadLibraryW
0x42a054 GetSystemWow64DirectoryW
0x42a058 IsProcessorFeaturePresent
0x42a05c CreateSemaphoreA
0x42a060 ReadFile
0x42a064 GetModuleFileNameW
0x42a068 CompareStringW
0x42a06c lstrlenW
0x42a070 LCMapStringA
0x42a074 GetFileSizeEx
0x42a078 GetStartupInfoA
0x42a07c OpenMutexW
0x42a080 GetHandleInformation
0x42a084 GetCurrentDirectoryW
0x42a088 SetLastError
0x42a08c GetProcAddress
0x42a090 VirtualAlloc
0x42a094 WriteProfileSectionA
0x42a098 ReadFileEx
0x42a09c CopyFileA
0x42a0a0 GetPrivateProfileStringA
0x42a0a4 LoadLibraryA
0x42a0a8 OpenMutexA
0x42a0ac GetConsoleScreenBufferInfo
0x42a0b0 GetExitCodeThread
0x42a0b4 SetCurrentDirectoryW
0x42a0b8 PostQueuedCompletionStatus
0x42a0bc FindAtomA
0x42a0c0 CreateIoCompletionPort
0x42a0c4 HeapSetInformation
0x42a0c8 GetConsoleCursorInfo
0x42a0cc FatalAppExitA
0x42a0d0 GetCPInfoExA
0x42a0d4 OpenSemaphoreW
0x42a0d8 GetVersionExA
0x42a0dc TlsAlloc
0x42a0e0 GetSystemTime
0x42a0e4 CopyFileExA
0x42a0e8 HeapValidate
0x42a0ec IsBadReadPtr
0x42a0f0 RaiseException
0x42a0f4 EnterCriticalSection
0x42a0f8 LeaveCriticalSection
0x42a0fc TerminateProcess
0x42a100 GetCurrentProcess
0x42a104 UnhandledExceptionFilter
0x42a108 SetUnhandledExceptionFilter
0x42a10c IsDebuggerPresent
0x42a110 SetHandleCount
0x42a114 GetStdHandle
0x42a118 GetFileType
0x42a11c DeleteCriticalSection
0x42a120 QueryPerformanceCounter
0x42a124 GetCurrentThreadId
0x42a128 GetCurrentProcessId
0x42a12c GetSystemTimeAsFileTime
0x42a130 GetModuleHandleW
0x42a134 Sleep
0x42a138 ExitProcess
0x42a13c GetModuleFileNameA
0x42a140 GetEnvironmentStrings
0x42a144 FreeEnvironmentStringsW
0x42a148 WideCharToMultiByte
0x42a14c GetLastError
0x42a150 GetEnvironmentStringsW
0x42a154 TlsGetValue
0x42a158 TlsSetValue
0x42a15c TlsFree
0x42a160 HeapDestroy
0x42a164 HeapCreate
0x42a168 HeapFree
0x42a16c VirtualFree
0x42a170 WriteFile
0x42a174 HeapAlloc
0x42a178 HeapSize
0x42a17c HeapReAlloc
0x42a180 GetACP
0x42a184 GetOEMCP
0x42a188 GetCPInfo
0x42a18c IsValidCodePage
0x42a190 RtlUnwind
0x42a194 DebugBreak
0x42a198 OutputDebugStringA
0x42a19c WriteConsoleW
0x42a1a0 OutputDebugStringW
0x42a1a4 MultiByteToWideChar
0x42a1a8 InitializeCriticalSectionAndSpinCount
0x42a1ac LCMapStringW
0x42a1b0 GetStringTypeA
0x42a1b4 GetStringTypeW
0x42a1b8 GetLocaleInfoA
0x42a1bc FlushFileBuffers
0x42a1c0 GetConsoleCP
0x42a1c4 GetConsoleMode
0x42a1c8 CloseHandle
0x42a1cc SetStdHandle
0x42a1d0 WriteConsoleA
0x42a1d4 GetConsoleOutputCP
0x42a1d8 CreateFileA
0x42a1dc GetModuleHandleA
EAT(Export Address Table) is none