ScreenShot
| Created | 2021.08.14 09:45 | Machine | s1_win7_x6401 |
| Filename | raccon.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 31 detected (malicious, high confidence, Artemis, Unsafe, Save, Kryptik, Eldorado, Attribute, HighConfidence, HMBY, Zenpak, FileRepMalware, CLASSIC, HPGen, Zurgop, Sabsik, score, ZexaF, Cq0@aWGz5WcG, BScope, Azorult, Static AI, Malicious PE, susgen, confidence, 100%, HwoCPh8A) | ||
| md5 | ed20a01ec2d93943bd0664fafb76daa6 | ||
| sha256 | 5bc02ebc009910c9625991d64f2170d0c1ddd2b403d34674e3b48e8fd0f22242 | ||
| ssdeep | 12288:+kRfdSeBVKuvlfIGLUzA9iP+ngOu4sl4OxCDi:PfnKu9fIGYzA4PyXOAi | ||
| imphash | d1727cc76cb77410e59de4eb81f68a0b | ||
| impfuzzy | 48:XzR5ZXigPqdlPFM+vRrJtsjuDkIcR7GH2C:X1DFOl9MWrJtskkIcR7GHv | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 31 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x45b000 lstrlenA
0x45b004 GetConsoleAliasesLengthW
0x45b008 EnumDateFormatsExW
0x45b00c MoveFileExA
0x45b010 EndUpdateResourceW
0x45b014 InterlockedIncrement
0x45b018 InterlockedDecrement
0x45b01c ReadConsoleOutputAttribute
0x45b020 GetSystemWindowsDirectoryW
0x45b024 GetEnvironmentStringsW
0x45b028 GetUserDefaultLCID
0x45b02c WaitForSingleObject
0x45b030 SetConsoleScreenBufferSize
0x45b034 SetEvent
0x45b038 CreateActCtxW
0x45b03c GetConsoleCP
0x45b040 LocalShrink
0x45b044 ReadConsoleOutputW
0x45b048 GetVersionExW
0x45b04c GetFileAttributesA
0x45b050 lstrcpynW
0x45b054 GetConsoleAliasW
0x45b058 VerifyVersionInfoA
0x45b05c WriteConsoleW
0x45b060 WritePrivateProfileSectionW
0x45b064 IsBadWritePtr
0x45b068 ReadFile
0x45b06c GetModuleFileNameW
0x45b070 GetComputerNameA
0x45b074 GetSystemDirectoryA
0x45b078 CreateFileW
0x45b07c lstrcatA
0x45b080 GetACP
0x45b084 GetVolumePathNameA
0x45b088 VerifyVersionInfoW
0x45b08c InterlockedExchange
0x45b090 GetLastError
0x45b094 GetProcAddress
0x45b098 EnterCriticalSection
0x45b09c BuildCommDCBW
0x45b0a0 GetLocalTime
0x45b0a4 GetProcessId
0x45b0a8 LocalAlloc
0x45b0ac SetCalendarInfoW
0x45b0b0 DnsHostnameToComputerNameA
0x45b0b4 CreateTapePartition
0x45b0b8 SetConsoleDisplayMode
0x45b0bc SetFileApisToANSI
0x45b0c0 GlobalGetAtomNameW
0x45b0c4 SetEnvironmentVariableA
0x45b0c8 SetConsoleTitleW
0x45b0cc GetModuleHandleA
0x45b0d0 UpdateResourceW
0x45b0d4 CancelTimerQueueTimer
0x45b0d8 GetConsoleTitleW
0x45b0dc VirtualProtect
0x45b0e0 PeekConsoleInputA
0x45b0e4 FindFirstVolumeW
0x45b0e8 LCMapStringW
0x45b0ec GetCompressedFileSizeA
0x45b0f0 GetSystemDefaultLangID
0x45b0f4 UnhandledExceptionFilter
0x45b0f8 SetUnhandledExceptionFilter
0x45b0fc GetStartupInfoW
0x45b100 GetModuleHandleW
0x45b104 Sleep
0x45b108 ExitProcess
0x45b10c WriteFile
0x45b110 GetStdHandle
0x45b114 GetModuleFileNameA
0x45b118 HeapAlloc
0x45b11c FreeEnvironmentStringsW
0x45b120 GetCommandLineW
0x45b124 SetHandleCount
0x45b128 GetFileType
0x45b12c GetStartupInfoA
0x45b130 DeleteCriticalSection
0x45b134 TlsGetValue
0x45b138 TlsAlloc
0x45b13c TlsSetValue
0x45b140 TlsFree
0x45b144 SetLastError
0x45b148 GetCurrentThreadId
0x45b14c HeapCreate
0x45b150 VirtualFree
0x45b154 HeapFree
0x45b158 QueryPerformanceCounter
0x45b15c GetTickCount
0x45b160 GetCurrentProcessId
0x45b164 GetSystemTimeAsFileTime
0x45b168 LeaveCriticalSection
0x45b16c TerminateProcess
0x45b170 GetCurrentProcess
0x45b174 IsDebuggerPresent
0x45b178 LoadLibraryA
0x45b17c InitializeCriticalSectionAndSpinCount
0x45b180 RaiseException
0x45b184 VirtualAlloc
0x45b188 HeapReAlloc
0x45b18c GetCPInfo
0x45b190 GetOEMCP
0x45b194 IsValidCodePage
0x45b198 RtlUnwind
0x45b19c HeapSize
0x45b1a0 GetLocaleInfoA
0x45b1a4 WideCharToMultiByte
0x45b1a8 GetStringTypeA
0x45b1ac MultiByteToWideChar
0x45b1b0 GetStringTypeW
0x45b1b4 LCMapStringA
USER32.dll
0x45b1bc RealGetWindowClassW
EAT(Export Address Table) is none
KERNEL32.dll
0x45b000 lstrlenA
0x45b004 GetConsoleAliasesLengthW
0x45b008 EnumDateFormatsExW
0x45b00c MoveFileExA
0x45b010 EndUpdateResourceW
0x45b014 InterlockedIncrement
0x45b018 InterlockedDecrement
0x45b01c ReadConsoleOutputAttribute
0x45b020 GetSystemWindowsDirectoryW
0x45b024 GetEnvironmentStringsW
0x45b028 GetUserDefaultLCID
0x45b02c WaitForSingleObject
0x45b030 SetConsoleScreenBufferSize
0x45b034 SetEvent
0x45b038 CreateActCtxW
0x45b03c GetConsoleCP
0x45b040 LocalShrink
0x45b044 ReadConsoleOutputW
0x45b048 GetVersionExW
0x45b04c GetFileAttributesA
0x45b050 lstrcpynW
0x45b054 GetConsoleAliasW
0x45b058 VerifyVersionInfoA
0x45b05c WriteConsoleW
0x45b060 WritePrivateProfileSectionW
0x45b064 IsBadWritePtr
0x45b068 ReadFile
0x45b06c GetModuleFileNameW
0x45b070 GetComputerNameA
0x45b074 GetSystemDirectoryA
0x45b078 CreateFileW
0x45b07c lstrcatA
0x45b080 GetACP
0x45b084 GetVolumePathNameA
0x45b088 VerifyVersionInfoW
0x45b08c InterlockedExchange
0x45b090 GetLastError
0x45b094 GetProcAddress
0x45b098 EnterCriticalSection
0x45b09c BuildCommDCBW
0x45b0a0 GetLocalTime
0x45b0a4 GetProcessId
0x45b0a8 LocalAlloc
0x45b0ac SetCalendarInfoW
0x45b0b0 DnsHostnameToComputerNameA
0x45b0b4 CreateTapePartition
0x45b0b8 SetConsoleDisplayMode
0x45b0bc SetFileApisToANSI
0x45b0c0 GlobalGetAtomNameW
0x45b0c4 SetEnvironmentVariableA
0x45b0c8 SetConsoleTitleW
0x45b0cc GetModuleHandleA
0x45b0d0 UpdateResourceW
0x45b0d4 CancelTimerQueueTimer
0x45b0d8 GetConsoleTitleW
0x45b0dc VirtualProtect
0x45b0e0 PeekConsoleInputA
0x45b0e4 FindFirstVolumeW
0x45b0e8 LCMapStringW
0x45b0ec GetCompressedFileSizeA
0x45b0f0 GetSystemDefaultLangID
0x45b0f4 UnhandledExceptionFilter
0x45b0f8 SetUnhandledExceptionFilter
0x45b0fc GetStartupInfoW
0x45b100 GetModuleHandleW
0x45b104 Sleep
0x45b108 ExitProcess
0x45b10c WriteFile
0x45b110 GetStdHandle
0x45b114 GetModuleFileNameA
0x45b118 HeapAlloc
0x45b11c FreeEnvironmentStringsW
0x45b120 GetCommandLineW
0x45b124 SetHandleCount
0x45b128 GetFileType
0x45b12c GetStartupInfoA
0x45b130 DeleteCriticalSection
0x45b134 TlsGetValue
0x45b138 TlsAlloc
0x45b13c TlsSetValue
0x45b140 TlsFree
0x45b144 SetLastError
0x45b148 GetCurrentThreadId
0x45b14c HeapCreate
0x45b150 VirtualFree
0x45b154 HeapFree
0x45b158 QueryPerformanceCounter
0x45b15c GetTickCount
0x45b160 GetCurrentProcessId
0x45b164 GetSystemTimeAsFileTime
0x45b168 LeaveCriticalSection
0x45b16c TerminateProcess
0x45b170 GetCurrentProcess
0x45b174 IsDebuggerPresent
0x45b178 LoadLibraryA
0x45b17c InitializeCriticalSectionAndSpinCount
0x45b180 RaiseException
0x45b184 VirtualAlloc
0x45b188 HeapReAlloc
0x45b18c GetCPInfo
0x45b190 GetOEMCP
0x45b194 IsValidCodePage
0x45b198 RtlUnwind
0x45b19c HeapSize
0x45b1a0 GetLocaleInfoA
0x45b1a4 WideCharToMultiByte
0x45b1a8 GetStringTypeA
0x45b1ac MultiByteToWideChar
0x45b1b0 GetStringTypeW
0x45b1b4 LCMapStringA
USER32.dll
0x45b1bc RealGetWindowClassW
EAT(Export Address Table) is none