ScreenShot
| Created | 2021.08.14 09:42 | Machine | s1_win7_x6402 |
| Filename | index.php | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 22 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, confidence, 100%, ZexaF, MqW@aK46ZMfH, Attribute, HighConfidence, Azorult, susgen, Sabsik, score, Obscure, CLASSIC, Static AI, Malicious PE, QVM10) | ||
| md5 | ab275081299757d7948052046332a6ee | ||
| sha256 | 2f401f17c7d8d391fa11beac9a72ed740ed7d16994cdd0b44831330d7161ad7a | ||
| ssdeep | 12288:HyShqkoeQvArYSoyLxbFYFbqjsABGI0G+P/:HyKoeQGFYVxrb | ||
| imphash | cc12335fcaf380223f708d3b30304b0a | ||
| impfuzzy | 48:ChezaLU/NYJqqmK8wTMMjaEBcftgJX85aBdVE:uefYJPLQMGEBcftgJX85GdVE | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x427000 GetCommandLineW
0x427004 GetComputerNameA
0x427008 EnumResourceNamesW
0x42700c UnregisterWait
0x427010 SetPriorityClass
0x427014 WriteConsoleInputW
0x427018 SetFilePointer
0x42701c lstrlenA
0x427020 GetConsoleAliasesLengthW
0x427024 InterlockedIncrement
0x427028 GetQueuedCompletionStatus
0x42702c InterlockedDecrement
0x427030 WaitNamedPipeA
0x427034 CompareFileTime
0x427038 SetEnvironmentVariableW
0x42703c CreateDirectoryW
0x427040 GlobalLock
0x427044 OpenSemaphoreA
0x427048 FreeEnvironmentStringsA
0x42704c GetTickCount
0x427050 AddRefActCtx
0x427054 LoadLibraryW
0x427058 GetSystemWow64DirectoryW
0x42705c IsProcessorFeaturePresent
0x427060 CreateSemaphoreA
0x427064 ReadFile
0x427068 GetModuleFileNameW
0x42706c CompareStringW
0x427070 LCMapStringA
0x427074 GetFileSizeEx
0x427078 GetStartupInfoA
0x42707c OpenMutexW
0x427080 GetHandleInformation
0x427084 GetCurrentDirectoryW
0x427088 SetLastError
0x42708c GetProcAddress
0x427090 VirtualAlloc
0x427094 WriteProfileSectionA
0x427098 ReadFileEx
0x42709c CopyFileA
0x4270a0 GetPrivateProfileStringA
0x4270a4 ResetEvent
0x4270a8 LoadLibraryA
0x4270ac OpenMutexA
0x4270b0 GetConsoleScreenBufferInfo
0x4270b4 LocalAlloc
0x4270b8 GetExitCodeThread
0x4270bc SetCurrentDirectoryW
0x4270c0 PostQueuedCompletionStatus
0x4270c4 FindAtomA
0x4270c8 CreateIoCompletionPort
0x4270cc HeapSetInformation
0x4270d0 GetConsoleCursorInfo
0x4270d4 FatalAppExitA
0x4270d8 GetCPInfoExA
0x4270dc GetVersionExA
0x4270e0 TlsAlloc
0x4270e4 GetSystemTime
0x4270e8 CopyFileExA
0x4270ec GetStartupInfoW
0x4270f0 HeapValidate
0x4270f4 IsBadReadPtr
0x4270f8 RaiseException
0x4270fc EnterCriticalSection
0x427100 LeaveCriticalSection
0x427104 TerminateProcess
0x427108 GetCurrentProcess
0x42710c UnhandledExceptionFilter
0x427110 SetUnhandledExceptionFilter
0x427114 IsDebuggerPresent
0x427118 DeleteCriticalSection
0x42711c QueryPerformanceCounter
0x427120 GetCurrentThreadId
0x427124 GetCurrentProcessId
0x427128 GetSystemTimeAsFileTime
0x42712c GetModuleHandleW
0x427130 Sleep
0x427134 ExitProcess
0x427138 FreeEnvironmentStringsW
0x42713c GetEnvironmentStringsW
0x427140 SetHandleCount
0x427144 GetStdHandle
0x427148 GetFileType
0x42714c TlsGetValue
0x427150 TlsSetValue
0x427154 TlsFree
0x427158 GetLastError
0x42715c HeapDestroy
0x427160 HeapCreate
0x427164 HeapFree
0x427168 VirtualFree
0x42716c GetModuleFileNameA
0x427170 WriteFile
0x427174 HeapAlloc
0x427178 HeapSize
0x42717c HeapReAlloc
0x427180 GetACP
0x427184 GetOEMCP
0x427188 GetCPInfo
0x42718c IsValidCodePage
0x427190 RtlUnwind
0x427194 DebugBreak
0x427198 OutputDebugStringA
0x42719c WriteConsoleW
0x4271a0 OutputDebugStringW
0x4271a4 MultiByteToWideChar
0x4271a8 InitializeCriticalSectionAndSpinCount
0x4271ac WideCharToMultiByte
0x4271b0 LCMapStringW
0x4271b4 GetStringTypeA
0x4271b8 GetStringTypeW
0x4271bc GetLocaleInfoA
0x4271c0 FlushFileBuffers
0x4271c4 GetConsoleCP
0x4271c8 GetConsoleMode
0x4271cc CloseHandle
0x4271d0 SetStdHandle
0x4271d4 WriteConsoleA
0x4271d8 GetConsoleOutputCP
0x4271dc CreateFileA
0x4271e0 GetModuleHandleA
EAT(Export Address Table) is none
KERNEL32.dll
0x427000 GetCommandLineW
0x427004 GetComputerNameA
0x427008 EnumResourceNamesW
0x42700c UnregisterWait
0x427010 SetPriorityClass
0x427014 WriteConsoleInputW
0x427018 SetFilePointer
0x42701c lstrlenA
0x427020 GetConsoleAliasesLengthW
0x427024 InterlockedIncrement
0x427028 GetQueuedCompletionStatus
0x42702c InterlockedDecrement
0x427030 WaitNamedPipeA
0x427034 CompareFileTime
0x427038 SetEnvironmentVariableW
0x42703c CreateDirectoryW
0x427040 GlobalLock
0x427044 OpenSemaphoreA
0x427048 FreeEnvironmentStringsA
0x42704c GetTickCount
0x427050 AddRefActCtx
0x427054 LoadLibraryW
0x427058 GetSystemWow64DirectoryW
0x42705c IsProcessorFeaturePresent
0x427060 CreateSemaphoreA
0x427064 ReadFile
0x427068 GetModuleFileNameW
0x42706c CompareStringW
0x427070 LCMapStringA
0x427074 GetFileSizeEx
0x427078 GetStartupInfoA
0x42707c OpenMutexW
0x427080 GetHandleInformation
0x427084 GetCurrentDirectoryW
0x427088 SetLastError
0x42708c GetProcAddress
0x427090 VirtualAlloc
0x427094 WriteProfileSectionA
0x427098 ReadFileEx
0x42709c CopyFileA
0x4270a0 GetPrivateProfileStringA
0x4270a4 ResetEvent
0x4270a8 LoadLibraryA
0x4270ac OpenMutexA
0x4270b0 GetConsoleScreenBufferInfo
0x4270b4 LocalAlloc
0x4270b8 GetExitCodeThread
0x4270bc SetCurrentDirectoryW
0x4270c0 PostQueuedCompletionStatus
0x4270c4 FindAtomA
0x4270c8 CreateIoCompletionPort
0x4270cc HeapSetInformation
0x4270d0 GetConsoleCursorInfo
0x4270d4 FatalAppExitA
0x4270d8 GetCPInfoExA
0x4270dc GetVersionExA
0x4270e0 TlsAlloc
0x4270e4 GetSystemTime
0x4270e8 CopyFileExA
0x4270ec GetStartupInfoW
0x4270f0 HeapValidate
0x4270f4 IsBadReadPtr
0x4270f8 RaiseException
0x4270fc EnterCriticalSection
0x427100 LeaveCriticalSection
0x427104 TerminateProcess
0x427108 GetCurrentProcess
0x42710c UnhandledExceptionFilter
0x427110 SetUnhandledExceptionFilter
0x427114 IsDebuggerPresent
0x427118 DeleteCriticalSection
0x42711c QueryPerformanceCounter
0x427120 GetCurrentThreadId
0x427124 GetCurrentProcessId
0x427128 GetSystemTimeAsFileTime
0x42712c GetModuleHandleW
0x427130 Sleep
0x427134 ExitProcess
0x427138 FreeEnvironmentStringsW
0x42713c GetEnvironmentStringsW
0x427140 SetHandleCount
0x427144 GetStdHandle
0x427148 GetFileType
0x42714c TlsGetValue
0x427150 TlsSetValue
0x427154 TlsFree
0x427158 GetLastError
0x42715c HeapDestroy
0x427160 HeapCreate
0x427164 HeapFree
0x427168 VirtualFree
0x42716c GetModuleFileNameA
0x427170 WriteFile
0x427174 HeapAlloc
0x427178 HeapSize
0x42717c HeapReAlloc
0x427180 GetACP
0x427184 GetOEMCP
0x427188 GetCPInfo
0x42718c IsValidCodePage
0x427190 RtlUnwind
0x427194 DebugBreak
0x427198 OutputDebugStringA
0x42719c WriteConsoleW
0x4271a0 OutputDebugStringW
0x4271a4 MultiByteToWideChar
0x4271a8 InitializeCriticalSectionAndSpinCount
0x4271ac WideCharToMultiByte
0x4271b0 LCMapStringW
0x4271b4 GetStringTypeA
0x4271b8 GetStringTypeW
0x4271bc GetLocaleInfoA
0x4271c0 FlushFileBuffers
0x4271c4 GetConsoleCP
0x4271c8 GetConsoleMode
0x4271cc CloseHandle
0x4271d0 SetStdHandle
0x4271d4 WriteConsoleA
0x4271d8 GetConsoleOutputCP
0x4271dc CreateFileA
0x4271e0 GetModuleHandleA
EAT(Export Address Table) is none