ScreenShot
| Created | 2021.08.13 20:10 | Machine | s1_win7_x6402 |
| Filename | runtimebroker.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 27 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, ZexaF, rq0@a8IQNYhG, Kryptik, Eldorado, Attribute, HighConfidence, CLASSIC, HPGen, A + Troj, Krypt, Zurgop, Sabsik, score, Artemis, MachineLearning, Anomalous, Static AI, Malicious PE, susgen, confidence, 100%) | ||
| md5 | fcce9e904debca11888ba8898e9dca46 | ||
| sha256 | 859fa39701df6b9c12fb6c02e0623d93bd456d9a0d8f65ada0aafec3e74889e6 | ||
| ssdeep | 6144:lLINxILasC41ZddJiE7AJ/GMoNAQfcOROOw0Ci:lsNMtlZdXiE7S/zauOE1i | ||
| imphash | 8dcae17739f93a54640d82b608ad24e8 | ||
| impfuzzy | 24:XckrkVkQ0Zaj3+frkrKbCzDkXV4B/caJcDS1hPFDZvHeyuJ0g4btslXuOZyvDIur:XzzZXzkrK+1hPFZ+ytsvuDIIcR7GH2C | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x42f000 lstrlenA
0x42f004 GetConsoleAliasesLengthW
0x42f008 MoveFileExA
0x42f00c InterlockedIncrement
0x42f010 InterlockedDecrement
0x42f014 ReadConsoleOutputAttribute
0x42f018 GetEnvironmentStringsW
0x42f01c GetUserDefaultLCID
0x42f020 WaitForSingleObject
0x42f024 SetConsoleScreenBufferSize
0x42f028 SetEvent
0x42f02c IsBadReadPtr
0x42f030 GetUserDefaultLangID
0x42f034 GetVolumePathNameW
0x42f038 GetConsoleCP
0x42f03c LocalShrink
0x42f040 GetSystemWindowsDirectoryA
0x42f044 ReadConsoleOutputW
0x42f048 GetFileAttributesA
0x42f04c lstrcpynW
0x42f050 GetConsoleAliasW
0x42f054 VerifyVersionInfoA
0x42f058 WriteConsoleW
0x42f05c WritePrivateProfileSectionW
0x42f060 ReadFile
0x42f064 GetModuleFileNameW
0x42f068 GetCompressedFileSizeA
0x42f06c GetSystemDirectoryA
0x42f070 CreateActCtxA
0x42f074 lstrcatA
0x42f078 GetACP
0x42f07c VerifyVersionInfoW
0x42f080 SetLastError
0x42f084 GetProcAddress
0x42f088 PeekConsoleInputW
0x42f08c EnumDateFormatsExA
0x42f090 EnterCriticalSection
0x42f094 BuildCommDCBW
0x42f098 GetLocalTime
0x42f09c GetProcessId
0x42f0a0 LocalAlloc
0x42f0a4 DeleteTimerQueue
0x42f0a8 SetCalendarInfoW
0x42f0ac DnsHostnameToComputerNameA
0x42f0b0 CreateTapePartition
0x42f0b4 SetConsoleDisplayMode
0x42f0b8 SetFileApisToANSI
0x42f0bc GlobalGetAtomNameW
0x42f0c0 SetEnvironmentVariableA
0x42f0c4 SetConsoleTitleW
0x42f0c8 GetModuleHandleA
0x42f0cc UpdateResourceW
0x42f0d0 GetConsoleTitleW
0x42f0d4 VirtualProtect
0x42f0d8 EndUpdateResourceA
0x42f0dc GetVersionExA
0x42f0e0 FindFirstVolumeW
0x42f0e4 LCMapStringW
0x42f0e8 CreateFileW
0x42f0ec GetComputerNameA
0x42f0f0 UnhandledExceptionFilter
0x42f0f4 SetUnhandledExceptionFilter
0x42f0f8 GetStartupInfoW
0x42f0fc GetModuleHandleW
0x42f100 Sleep
0x42f104 ExitProcess
0x42f108 GetLastError
0x42f10c WriteFile
0x42f110 GetStdHandle
0x42f114 GetModuleFileNameA
0x42f118 HeapAlloc
0x42f11c FreeEnvironmentStringsW
0x42f120 GetCommandLineW
0x42f124 SetHandleCount
0x42f128 GetFileType
0x42f12c GetStartupInfoA
0x42f130 DeleteCriticalSection
0x42f134 TlsGetValue
0x42f138 TlsAlloc
0x42f13c TlsSetValue
0x42f140 TlsFree
0x42f144 GetCurrentThreadId
0x42f148 HeapCreate
0x42f14c VirtualFree
0x42f150 HeapFree
0x42f154 QueryPerformanceCounter
0x42f158 GetTickCount
0x42f15c GetCurrentProcessId
0x42f160 GetSystemTimeAsFileTime
0x42f164 LeaveCriticalSection
0x42f168 TerminateProcess
0x42f16c GetCurrentProcess
0x42f170 IsDebuggerPresent
0x42f174 LoadLibraryA
0x42f178 InitializeCriticalSectionAndSpinCount
0x42f17c RaiseException
0x42f180 VirtualAlloc
0x42f184 HeapReAlloc
0x42f188 GetCPInfo
0x42f18c GetOEMCP
0x42f190 IsValidCodePage
0x42f194 RtlUnwind
0x42f198 HeapSize
0x42f19c GetLocaleInfoA
0x42f1a0 WideCharToMultiByte
0x42f1a4 GetStringTypeA
0x42f1a8 MultiByteToWideChar
0x42f1ac GetStringTypeW
0x42f1b0 LCMapStringA
USER32.dll
0x42f1b8 RealGetWindowClassW
EAT(Export Address Table) Library
0x401000 @GetOtherVice@16
KERNEL32.dll
0x42f000 lstrlenA
0x42f004 GetConsoleAliasesLengthW
0x42f008 MoveFileExA
0x42f00c InterlockedIncrement
0x42f010 InterlockedDecrement
0x42f014 ReadConsoleOutputAttribute
0x42f018 GetEnvironmentStringsW
0x42f01c GetUserDefaultLCID
0x42f020 WaitForSingleObject
0x42f024 SetConsoleScreenBufferSize
0x42f028 SetEvent
0x42f02c IsBadReadPtr
0x42f030 GetUserDefaultLangID
0x42f034 GetVolumePathNameW
0x42f038 GetConsoleCP
0x42f03c LocalShrink
0x42f040 GetSystemWindowsDirectoryA
0x42f044 ReadConsoleOutputW
0x42f048 GetFileAttributesA
0x42f04c lstrcpynW
0x42f050 GetConsoleAliasW
0x42f054 VerifyVersionInfoA
0x42f058 WriteConsoleW
0x42f05c WritePrivateProfileSectionW
0x42f060 ReadFile
0x42f064 GetModuleFileNameW
0x42f068 GetCompressedFileSizeA
0x42f06c GetSystemDirectoryA
0x42f070 CreateActCtxA
0x42f074 lstrcatA
0x42f078 GetACP
0x42f07c VerifyVersionInfoW
0x42f080 SetLastError
0x42f084 GetProcAddress
0x42f088 PeekConsoleInputW
0x42f08c EnumDateFormatsExA
0x42f090 EnterCriticalSection
0x42f094 BuildCommDCBW
0x42f098 GetLocalTime
0x42f09c GetProcessId
0x42f0a0 LocalAlloc
0x42f0a4 DeleteTimerQueue
0x42f0a8 SetCalendarInfoW
0x42f0ac DnsHostnameToComputerNameA
0x42f0b0 CreateTapePartition
0x42f0b4 SetConsoleDisplayMode
0x42f0b8 SetFileApisToANSI
0x42f0bc GlobalGetAtomNameW
0x42f0c0 SetEnvironmentVariableA
0x42f0c4 SetConsoleTitleW
0x42f0c8 GetModuleHandleA
0x42f0cc UpdateResourceW
0x42f0d0 GetConsoleTitleW
0x42f0d4 VirtualProtect
0x42f0d8 EndUpdateResourceA
0x42f0dc GetVersionExA
0x42f0e0 FindFirstVolumeW
0x42f0e4 LCMapStringW
0x42f0e8 CreateFileW
0x42f0ec GetComputerNameA
0x42f0f0 UnhandledExceptionFilter
0x42f0f4 SetUnhandledExceptionFilter
0x42f0f8 GetStartupInfoW
0x42f0fc GetModuleHandleW
0x42f100 Sleep
0x42f104 ExitProcess
0x42f108 GetLastError
0x42f10c WriteFile
0x42f110 GetStdHandle
0x42f114 GetModuleFileNameA
0x42f118 HeapAlloc
0x42f11c FreeEnvironmentStringsW
0x42f120 GetCommandLineW
0x42f124 SetHandleCount
0x42f128 GetFileType
0x42f12c GetStartupInfoA
0x42f130 DeleteCriticalSection
0x42f134 TlsGetValue
0x42f138 TlsAlloc
0x42f13c TlsSetValue
0x42f140 TlsFree
0x42f144 GetCurrentThreadId
0x42f148 HeapCreate
0x42f14c VirtualFree
0x42f150 HeapFree
0x42f154 QueryPerformanceCounter
0x42f158 GetTickCount
0x42f15c GetCurrentProcessId
0x42f160 GetSystemTimeAsFileTime
0x42f164 LeaveCriticalSection
0x42f168 TerminateProcess
0x42f16c GetCurrentProcess
0x42f170 IsDebuggerPresent
0x42f174 LoadLibraryA
0x42f178 InitializeCriticalSectionAndSpinCount
0x42f17c RaiseException
0x42f180 VirtualAlloc
0x42f184 HeapReAlloc
0x42f188 GetCPInfo
0x42f18c GetOEMCP
0x42f190 IsValidCodePage
0x42f194 RtlUnwind
0x42f198 HeapSize
0x42f19c GetLocaleInfoA
0x42f1a0 WideCharToMultiByte
0x42f1a4 GetStringTypeA
0x42f1a8 MultiByteToWideChar
0x42f1ac GetStringTypeW
0x42f1b0 LCMapStringA
USER32.dll
0x42f1b8 RealGetWindowClassW
EAT(Export Address Table) Library
0x401000 @GetOtherVice@16