ScreenShot
| Created | 2021.08.15 12:36 | Machine | s1_win7_x6402 |
| Filename | 5674d7511aa1fce0a68969dc57375b63.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 16 detected (malicious, high confidence, Unsafe, Save, confidence, ZexaF, @t1@aCntotnG, Attribute, HighConfidence, Static AI, Malicious PE, Sabsik, score, BScope, Kryptik, CLASSIC, QVM10) | ||
| md5 | 7532236d0a13e60372fe249271fc4fd8 | ||
| sha256 | c6f854eef6df8c64f425c3275317db7395e8fbf9cdcc70e2c309c2c3f2ff3277 | ||
| ssdeep | 98304:l0wjM58N8EFWebbT7WPyWNlthbkrbRCJiQL3UlPBTyw:l0wj15vXGyWNjhXJihhyw | ||
| imphash | 6b22ece31495fe337ab5b098b4e30ca3 | ||
| impfuzzy | 48:k5ZXEUg/XdljM+RFxrWt/7suD+cnU5nemU:kDaVljMwrWt/7l+cnU5nep | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 16 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x849000 EnumDateFormatsExW
0x849004 MoveFileExA
0x849008 EndUpdateResourceW
0x84900c InterlockedIncrement
0x849010 InterlockedDecrement
0x849014 ReadConsoleOutputAttribute
0x849018 GetSystemWindowsDirectoryW
0x84901c GetEnvironmentStringsW
0x849020 GetUserDefaultLCID
0x849024 WaitForSingleObject
0x849028 SetConsoleScreenBufferSize
0x84902c GetComputerNameW
0x849030 SetEvent
0x849034 GetConsoleAliasesLengthA
0x849038 CreateActCtxW
0x84903c GetConsoleCP
0x849040 LocalShrink
0x849044 ReadConsoleOutputW
0x849048 GetVersionExW
0x84904c GetFileAttributesA
0x849050 lstrcpynW
0x849054 GetConsoleAliasW
0x849058 VerifyVersionInfoA
0x84905c WriteConsoleW
0x849060 WritePrivateProfileSectionW
0x849064 IsBadWritePtr
0x849068 ReadFile
0x84906c GetModuleFileNameW
0x849070 GetCompressedFileSizeA
0x849074 GetSystemDirectoryA
0x849078 CreateFileW
0x84907c lstrcatA
0x849080 GetACP
0x849084 GetVolumePathNameA
0x849088 lstrlenW
0x84908c SetConsoleTitleA
0x849090 VerifyVersionInfoW
0x849094 InterlockedExchange
0x849098 GetLastError
0x84909c GetProcAddress
0x8490a0 EnterCriticalSection
0x8490a4 GetLocalTime
0x8490a8 GetProcessId
0x8490ac LocalAlloc
0x8490b0 SetCalendarInfoW
0x8490b4 DnsHostnameToComputerNameA
0x8490b8 CreateTapePartition
0x8490bc SetConsoleDisplayMode
0x8490c0 SetFileApisToANSI
0x8490c4 GlobalGetAtomNameW
0x8490c8 SetEnvironmentVariableA
0x8490cc GetModuleHandleA
0x8490d0 UpdateResourceW
0x8490d4 CancelTimerQueueTimer
0x8490d8 GetConsoleTitleW
0x8490dc BuildCommDCBA
0x8490e0 VirtualProtect
0x8490e4 PeekConsoleInputA
0x8490e8 FindFirstVolumeW
0x8490ec GetSystemDefaultLangID
0x8490f0 GetStartupInfoW
0x8490f4 HeapAlloc
0x8490f8 UnhandledExceptionFilter
0x8490fc SetUnhandledExceptionFilter
0x849100 GetModuleHandleW
0x849104 TlsGetValue
0x849108 TlsAlloc
0x84910c TlsSetValue
0x849110 TlsFree
0x849114 SetLastError
0x849118 GetCurrentThreadId
0x84911c Sleep
0x849120 ExitProcess
0x849124 WriteFile
0x849128 GetStdHandle
0x84912c GetModuleFileNameA
0x849130 FreeEnvironmentStringsW
0x849134 GetCommandLineW
0x849138 SetHandleCount
0x84913c GetFileType
0x849140 GetStartupInfoA
0x849144 DeleteCriticalSection
0x849148 HeapCreate
0x84914c VirtualFree
0x849150 HeapFree
0x849154 QueryPerformanceCounter
0x849158 GetTickCount
0x84915c GetCurrentProcessId
0x849160 GetSystemTimeAsFileTime
0x849164 RaiseException
0x849168 TerminateProcess
0x84916c GetCurrentProcess
0x849170 IsDebuggerPresent
0x849174 LeaveCriticalSection
0x849178 VirtualAlloc
0x84917c HeapReAlloc
0x849180 GetCPInfo
0x849184 GetOEMCP
0x849188 IsValidCodePage
0x84918c RtlUnwind
0x849190 LoadLibraryA
0x849194 InitializeCriticalSectionAndSpinCount
0x849198 GetLocaleInfoA
0x84919c GetStringTypeA
0x8491a0 MultiByteToWideChar
0x8491a4 GetStringTypeW
0x8491a8 LCMapStringA
0x8491ac WideCharToMultiByte
0x8491b0 LCMapStringW
0x8491b4 HeapSize
USER32.dll
0x8491bc RealGetWindowClassA
EAT(Export Address Table) is none
KERNEL32.dll
0x849000 EnumDateFormatsExW
0x849004 MoveFileExA
0x849008 EndUpdateResourceW
0x84900c InterlockedIncrement
0x849010 InterlockedDecrement
0x849014 ReadConsoleOutputAttribute
0x849018 GetSystemWindowsDirectoryW
0x84901c GetEnvironmentStringsW
0x849020 GetUserDefaultLCID
0x849024 WaitForSingleObject
0x849028 SetConsoleScreenBufferSize
0x84902c GetComputerNameW
0x849030 SetEvent
0x849034 GetConsoleAliasesLengthA
0x849038 CreateActCtxW
0x84903c GetConsoleCP
0x849040 LocalShrink
0x849044 ReadConsoleOutputW
0x849048 GetVersionExW
0x84904c GetFileAttributesA
0x849050 lstrcpynW
0x849054 GetConsoleAliasW
0x849058 VerifyVersionInfoA
0x84905c WriteConsoleW
0x849060 WritePrivateProfileSectionW
0x849064 IsBadWritePtr
0x849068 ReadFile
0x84906c GetModuleFileNameW
0x849070 GetCompressedFileSizeA
0x849074 GetSystemDirectoryA
0x849078 CreateFileW
0x84907c lstrcatA
0x849080 GetACP
0x849084 GetVolumePathNameA
0x849088 lstrlenW
0x84908c SetConsoleTitleA
0x849090 VerifyVersionInfoW
0x849094 InterlockedExchange
0x849098 GetLastError
0x84909c GetProcAddress
0x8490a0 EnterCriticalSection
0x8490a4 GetLocalTime
0x8490a8 GetProcessId
0x8490ac LocalAlloc
0x8490b0 SetCalendarInfoW
0x8490b4 DnsHostnameToComputerNameA
0x8490b8 CreateTapePartition
0x8490bc SetConsoleDisplayMode
0x8490c0 SetFileApisToANSI
0x8490c4 GlobalGetAtomNameW
0x8490c8 SetEnvironmentVariableA
0x8490cc GetModuleHandleA
0x8490d0 UpdateResourceW
0x8490d4 CancelTimerQueueTimer
0x8490d8 GetConsoleTitleW
0x8490dc BuildCommDCBA
0x8490e0 VirtualProtect
0x8490e4 PeekConsoleInputA
0x8490e8 FindFirstVolumeW
0x8490ec GetSystemDefaultLangID
0x8490f0 GetStartupInfoW
0x8490f4 HeapAlloc
0x8490f8 UnhandledExceptionFilter
0x8490fc SetUnhandledExceptionFilter
0x849100 GetModuleHandleW
0x849104 TlsGetValue
0x849108 TlsAlloc
0x84910c TlsSetValue
0x849110 TlsFree
0x849114 SetLastError
0x849118 GetCurrentThreadId
0x84911c Sleep
0x849120 ExitProcess
0x849124 WriteFile
0x849128 GetStdHandle
0x84912c GetModuleFileNameA
0x849130 FreeEnvironmentStringsW
0x849134 GetCommandLineW
0x849138 SetHandleCount
0x84913c GetFileType
0x849140 GetStartupInfoA
0x849144 DeleteCriticalSection
0x849148 HeapCreate
0x84914c VirtualFree
0x849150 HeapFree
0x849154 QueryPerformanceCounter
0x849158 GetTickCount
0x84915c GetCurrentProcessId
0x849160 GetSystemTimeAsFileTime
0x849164 RaiseException
0x849168 TerminateProcess
0x84916c GetCurrentProcess
0x849170 IsDebuggerPresent
0x849174 LeaveCriticalSection
0x849178 VirtualAlloc
0x84917c HeapReAlloc
0x849180 GetCPInfo
0x849184 GetOEMCP
0x849188 IsValidCodePage
0x84918c RtlUnwind
0x849190 LoadLibraryA
0x849194 InitializeCriticalSectionAndSpinCount
0x849198 GetLocaleInfoA
0x84919c GetStringTypeA
0x8491a0 MultiByteToWideChar
0x8491a4 GetStringTypeW
0x8491a8 LCMapStringA
0x8491ac WideCharToMultiByte
0x8491b0 LCMapStringW
0x8491b4 HeapSize
USER32.dll
0x8491bc RealGetWindowClassA
EAT(Export Address Table) is none