ScreenShot
| Created | 2021.08.13 20:27 | Machine | s1_win7_x6402 |
| Filename | pysnake.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 11 detected (Artemis, Eldorado, Malicious, FileRepMalware, Disco, Python, ASMalwS, score) | ||
| md5 | eff22c6f6beec66c74ccd00fb1a4b708 | ||
| sha256 | 45a3cf3b9fe14d68e6e67ba32c9efb36df82cf3435f2ec229fb687f59ab06ebf | ||
| ssdeep | 393216:OEbtkOBCEDSamg1KLW9XvGdXtgagXrhhIV8jXTyywYqJKU40iFwTJY2ciIrHWF+c:jtbCEDvKLKXeEr7OimgqJKiTvIL+EbCL | ||
| imphash | 7320b3cae0f7c7e579e85728a091f04b | ||
| impfuzzy | 48:t/gub6EwoQ54rzSv6xviI8ien90MhteS1/c+pFCRcgT+ONa0Kq14r:phzJenXhteS1/c+pF8t+CDHS | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| watch | Deletes a large number of files from the system indicative of ransomware |
| watch | File has been identified by 11 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (16cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (download) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x140025360 CreateWindowExW
0x140025368 MessageBoxW
0x140025370 MessageBoxA
0x140025378 SystemParametersInfoW
0x140025380 DestroyIcon
0x140025388 SetWindowLongPtrW
0x140025390 GetWindowLongPtrW
0x140025398 GetClientRect
0x1400253a0 InvalidateRect
0x1400253a8 ReleaseDC
0x1400253b0 GetDC
0x1400253b8 DrawTextW
0x1400253c0 GetDialogBaseUnits
0x1400253c8 EndDialog
0x1400253d0 DialogBoxIndirectParamW
0x1400253d8 MoveWindow
0x1400253e0 SendMessageW
COMCTL32.dll
0x140025028 None
KERNEL32.dll
0x140025058 GetOEMCP
0x140025060 GetACP
0x140025068 IsValidCodePage
0x140025070 GetFileAttributesExW
0x140025078 FlushFileBuffers
0x140025080 GetCurrentDirectoryW
0x140025088 GetCPInfo
0x140025090 GetEnvironmentStringsW
0x140025098 GetModuleHandleW
0x1400250a0 MulDiv
0x1400250a8 GetLastError
0x1400250b0 SetDllDirectoryW
0x1400250b8 GetModuleFileNameW
0x1400250c0 GetProcAddress
0x1400250c8 GetCommandLineW
0x1400250d0 FreeEnvironmentStringsW
0x1400250d8 SetEnvironmentVariableW
0x1400250e0 ExpandEnvironmentStringsW
0x1400250e8 CreateDirectoryW
0x1400250f0 GetTempPathW
0x1400250f8 WaitForSingleObject
0x140025100 Sleep
0x140025108 GetExitCodeProcess
0x140025110 CreateProcessW
0x140025118 GetStartupInfoW
0x140025120 FreeLibrary
0x140025128 LoadLibraryExW
0x140025130 CloseHandle
0x140025138 GetCurrentProcess
0x140025140 LoadLibraryA
0x140025148 LocalFree
0x140025150 FormatMessageW
0x140025158 MultiByteToWideChar
0x140025160 WideCharToMultiByte
0x140025168 GetStringTypeW
0x140025170 GetProcessHeap
0x140025178 GetTimeZoneInformation
0x140025180 HeapSize
0x140025188 HeapReAlloc
0x140025190 WriteConsoleW
0x140025198 SetEndOfFile
0x1400251a0 GetEnvironmentVariableW
0x1400251a8 RtlUnwindEx
0x1400251b0 RtlCaptureContext
0x1400251b8 RtlLookupFunctionEntry
0x1400251c0 RtlVirtualUnwind
0x1400251c8 UnhandledExceptionFilter
0x1400251d0 SetUnhandledExceptionFilter
0x1400251d8 TerminateProcess
0x1400251e0 IsProcessorFeaturePresent
0x1400251e8 QueryPerformanceCounter
0x1400251f0 GetCurrentProcessId
0x1400251f8 GetCurrentThreadId
0x140025200 GetSystemTimeAsFileTime
0x140025208 InitializeSListHead
0x140025210 IsDebuggerPresent
0x140025218 SetLastError
0x140025220 EnterCriticalSection
0x140025228 LeaveCriticalSection
0x140025230 DeleteCriticalSection
0x140025238 InitializeCriticalSectionAndSpinCount
0x140025240 TlsAlloc
0x140025248 TlsGetValue
0x140025250 TlsSetValue
0x140025258 TlsFree
0x140025260 RaiseException
0x140025268 GetCommandLineA
0x140025270 ReadFile
0x140025278 CreateFileW
0x140025280 GetDriveTypeW
0x140025288 GetFileInformationByHandle
0x140025290 GetFileType
0x140025298 PeekNamedPipe
0x1400252a0 SystemTimeToTzSpecificLocalTime
0x1400252a8 FileTimeToSystemTime
0x1400252b0 GetFullPathNameW
0x1400252b8 RemoveDirectoryW
0x1400252c0 FindClose
0x1400252c8 FindFirstFileExW
0x1400252d0 FindNextFileW
0x1400252d8 SetStdHandle
0x1400252e0 SetConsoleCtrlHandler
0x1400252e8 DeleteFileW
0x1400252f0 GetStdHandle
0x1400252f8 WriteFile
0x140025300 ExitProcess
0x140025308 GetModuleHandleExW
0x140025310 HeapFree
0x140025318 GetConsoleMode
0x140025320 ReadConsoleW
0x140025328 SetFilePointerEx
0x140025330 GetConsoleOutputCP
0x140025338 GetFileSizeEx
0x140025340 HeapAlloc
0x140025348 CompareStringW
0x140025350 LCMapStringW
ADVAPI32.dll
0x140025000 OpenProcessToken
0x140025008 GetTokenInformation
0x140025010 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x140025018 ConvertSidToStringSidW
GDI32.dll
0x140025038 SelectObject
0x140025040 DeleteObject
0x140025048 CreateFontIndirectW
EAT(Export Address Table) is none
USER32.dll
0x140025360 CreateWindowExW
0x140025368 MessageBoxW
0x140025370 MessageBoxA
0x140025378 SystemParametersInfoW
0x140025380 DestroyIcon
0x140025388 SetWindowLongPtrW
0x140025390 GetWindowLongPtrW
0x140025398 GetClientRect
0x1400253a0 InvalidateRect
0x1400253a8 ReleaseDC
0x1400253b0 GetDC
0x1400253b8 DrawTextW
0x1400253c0 GetDialogBaseUnits
0x1400253c8 EndDialog
0x1400253d0 DialogBoxIndirectParamW
0x1400253d8 MoveWindow
0x1400253e0 SendMessageW
COMCTL32.dll
0x140025028 None
KERNEL32.dll
0x140025058 GetOEMCP
0x140025060 GetACP
0x140025068 IsValidCodePage
0x140025070 GetFileAttributesExW
0x140025078 FlushFileBuffers
0x140025080 GetCurrentDirectoryW
0x140025088 GetCPInfo
0x140025090 GetEnvironmentStringsW
0x140025098 GetModuleHandleW
0x1400250a0 MulDiv
0x1400250a8 GetLastError
0x1400250b0 SetDllDirectoryW
0x1400250b8 GetModuleFileNameW
0x1400250c0 GetProcAddress
0x1400250c8 GetCommandLineW
0x1400250d0 FreeEnvironmentStringsW
0x1400250d8 SetEnvironmentVariableW
0x1400250e0 ExpandEnvironmentStringsW
0x1400250e8 CreateDirectoryW
0x1400250f0 GetTempPathW
0x1400250f8 WaitForSingleObject
0x140025100 Sleep
0x140025108 GetExitCodeProcess
0x140025110 CreateProcessW
0x140025118 GetStartupInfoW
0x140025120 FreeLibrary
0x140025128 LoadLibraryExW
0x140025130 CloseHandle
0x140025138 GetCurrentProcess
0x140025140 LoadLibraryA
0x140025148 LocalFree
0x140025150 FormatMessageW
0x140025158 MultiByteToWideChar
0x140025160 WideCharToMultiByte
0x140025168 GetStringTypeW
0x140025170 GetProcessHeap
0x140025178 GetTimeZoneInformation
0x140025180 HeapSize
0x140025188 HeapReAlloc
0x140025190 WriteConsoleW
0x140025198 SetEndOfFile
0x1400251a0 GetEnvironmentVariableW
0x1400251a8 RtlUnwindEx
0x1400251b0 RtlCaptureContext
0x1400251b8 RtlLookupFunctionEntry
0x1400251c0 RtlVirtualUnwind
0x1400251c8 UnhandledExceptionFilter
0x1400251d0 SetUnhandledExceptionFilter
0x1400251d8 TerminateProcess
0x1400251e0 IsProcessorFeaturePresent
0x1400251e8 QueryPerformanceCounter
0x1400251f0 GetCurrentProcessId
0x1400251f8 GetCurrentThreadId
0x140025200 GetSystemTimeAsFileTime
0x140025208 InitializeSListHead
0x140025210 IsDebuggerPresent
0x140025218 SetLastError
0x140025220 EnterCriticalSection
0x140025228 LeaveCriticalSection
0x140025230 DeleteCriticalSection
0x140025238 InitializeCriticalSectionAndSpinCount
0x140025240 TlsAlloc
0x140025248 TlsGetValue
0x140025250 TlsSetValue
0x140025258 TlsFree
0x140025260 RaiseException
0x140025268 GetCommandLineA
0x140025270 ReadFile
0x140025278 CreateFileW
0x140025280 GetDriveTypeW
0x140025288 GetFileInformationByHandle
0x140025290 GetFileType
0x140025298 PeekNamedPipe
0x1400252a0 SystemTimeToTzSpecificLocalTime
0x1400252a8 FileTimeToSystemTime
0x1400252b0 GetFullPathNameW
0x1400252b8 RemoveDirectoryW
0x1400252c0 FindClose
0x1400252c8 FindFirstFileExW
0x1400252d0 FindNextFileW
0x1400252d8 SetStdHandle
0x1400252e0 SetConsoleCtrlHandler
0x1400252e8 DeleteFileW
0x1400252f0 GetStdHandle
0x1400252f8 WriteFile
0x140025300 ExitProcess
0x140025308 GetModuleHandleExW
0x140025310 HeapFree
0x140025318 GetConsoleMode
0x140025320 ReadConsoleW
0x140025328 SetFilePointerEx
0x140025330 GetConsoleOutputCP
0x140025338 GetFileSizeEx
0x140025340 HeapAlloc
0x140025348 CompareStringW
0x140025350 LCMapStringW
ADVAPI32.dll
0x140025000 OpenProcessToken
0x140025008 GetTokenInformation
0x140025010 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x140025018 ConvertSidToStringSidW
GDI32.dll
0x140025038 SelectObject
0x140025040 DeleteObject
0x140025048 CreateFontIndirectW
EAT(Export Address Table) is none