ScreenShot
| Created | 2021.08.15 12:54 | Machine | s1_win7_x6401 |
| Filename | runvd.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 24 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, ZexaF, Iq0@aO4KVNnG, Attribute, HighConfidence, Lockbit, Sabsik, score, BScope, MachineLearning, Anomalous, Kryptik, CLASSIC, Static AI, Malicious PE, susgen, confidence, 100%, QVM10) | ||
| md5 | aa95e1e1d2c37f9a0323f8b9fd07d477 | ||
| sha256 | 677393e2333b712609ff612b8ec90c1244fea6a423af0e885de61c0464e4d2f5 | ||
| ssdeep | 12288:AbgEISC38lIOtRLzUrnnUGG+tRza4NPw7tPdCsAiDXdPXvH:LySkRXUrg+Da55Es/H | ||
| imphash | 6b22ece31495fe337ab5b098b4e30ca3 | ||
| impfuzzy | 48:k5ZXEUg/XdljM+RFxrWt/7suD+cnU5nemU:kDaVljMwrWt/7l+cnU5nep | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 24 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x470000 EnumDateFormatsExW
0x470004 MoveFileExA
0x470008 EndUpdateResourceW
0x47000c InterlockedIncrement
0x470010 InterlockedDecrement
0x470014 ReadConsoleOutputAttribute
0x470018 GetSystemWindowsDirectoryW
0x47001c GetEnvironmentStringsW
0x470020 GetUserDefaultLCID
0x470024 WaitForSingleObject
0x470028 SetConsoleScreenBufferSize
0x47002c GetComputerNameW
0x470030 SetEvent
0x470034 GetConsoleAliasesLengthA
0x470038 CreateActCtxW
0x47003c GetConsoleCP
0x470040 LocalShrink
0x470044 ReadConsoleOutputW
0x470048 GetVersionExW
0x47004c GetFileAttributesA
0x470050 lstrcpynW
0x470054 GetConsoleAliasW
0x470058 VerifyVersionInfoA
0x47005c WriteConsoleW
0x470060 WritePrivateProfileSectionW
0x470064 IsBadWritePtr
0x470068 ReadFile
0x47006c GetModuleFileNameW
0x470070 GetCompressedFileSizeA
0x470074 GetSystemDirectoryA
0x470078 CreateFileW
0x47007c lstrcatA
0x470080 GetACP
0x470084 GetVolumePathNameA
0x470088 lstrlenW
0x47008c SetConsoleTitleA
0x470090 VerifyVersionInfoW
0x470094 InterlockedExchange
0x470098 GetLastError
0x47009c GetProcAddress
0x4700a0 EnterCriticalSection
0x4700a4 GetLocalTime
0x4700a8 GetProcessId
0x4700ac LocalAlloc
0x4700b0 SetCalendarInfoW
0x4700b4 DnsHostnameToComputerNameA
0x4700b8 CreateTapePartition
0x4700bc SetConsoleDisplayMode
0x4700c0 SetFileApisToANSI
0x4700c4 GlobalGetAtomNameW
0x4700c8 SetEnvironmentVariableA
0x4700cc GetModuleHandleA
0x4700d0 UpdateResourceW
0x4700d4 CancelTimerQueueTimer
0x4700d8 GetConsoleTitleW
0x4700dc BuildCommDCBA
0x4700e0 VirtualProtect
0x4700e4 PeekConsoleInputA
0x4700e8 FindFirstVolumeW
0x4700ec GetSystemDefaultLangID
0x4700f0 GetStartupInfoW
0x4700f4 HeapAlloc
0x4700f8 UnhandledExceptionFilter
0x4700fc SetUnhandledExceptionFilter
0x470100 GetModuleHandleW
0x470104 TlsGetValue
0x470108 TlsAlloc
0x47010c TlsSetValue
0x470110 TlsFree
0x470114 SetLastError
0x470118 GetCurrentThreadId
0x47011c Sleep
0x470120 ExitProcess
0x470124 WriteFile
0x470128 GetStdHandle
0x47012c GetModuleFileNameA
0x470130 FreeEnvironmentStringsW
0x470134 GetCommandLineW
0x470138 SetHandleCount
0x47013c GetFileType
0x470140 GetStartupInfoA
0x470144 DeleteCriticalSection
0x470148 HeapCreate
0x47014c VirtualFree
0x470150 HeapFree
0x470154 QueryPerformanceCounter
0x470158 GetTickCount
0x47015c GetCurrentProcessId
0x470160 GetSystemTimeAsFileTime
0x470164 RaiseException
0x470168 TerminateProcess
0x47016c GetCurrentProcess
0x470170 IsDebuggerPresent
0x470174 LeaveCriticalSection
0x470178 VirtualAlloc
0x47017c HeapReAlloc
0x470180 GetCPInfo
0x470184 GetOEMCP
0x470188 IsValidCodePage
0x47018c RtlUnwind
0x470190 LoadLibraryA
0x470194 InitializeCriticalSectionAndSpinCount
0x470198 GetLocaleInfoA
0x47019c GetStringTypeA
0x4701a0 MultiByteToWideChar
0x4701a4 GetStringTypeW
0x4701a8 LCMapStringA
0x4701ac WideCharToMultiByte
0x4701b0 LCMapStringW
0x4701b4 HeapSize
USER32.dll
0x4701bc RealGetWindowClassA
EAT(Export Address Table) is none
KERNEL32.dll
0x470000 EnumDateFormatsExW
0x470004 MoveFileExA
0x470008 EndUpdateResourceW
0x47000c InterlockedIncrement
0x470010 InterlockedDecrement
0x470014 ReadConsoleOutputAttribute
0x470018 GetSystemWindowsDirectoryW
0x47001c GetEnvironmentStringsW
0x470020 GetUserDefaultLCID
0x470024 WaitForSingleObject
0x470028 SetConsoleScreenBufferSize
0x47002c GetComputerNameW
0x470030 SetEvent
0x470034 GetConsoleAliasesLengthA
0x470038 CreateActCtxW
0x47003c GetConsoleCP
0x470040 LocalShrink
0x470044 ReadConsoleOutputW
0x470048 GetVersionExW
0x47004c GetFileAttributesA
0x470050 lstrcpynW
0x470054 GetConsoleAliasW
0x470058 VerifyVersionInfoA
0x47005c WriteConsoleW
0x470060 WritePrivateProfileSectionW
0x470064 IsBadWritePtr
0x470068 ReadFile
0x47006c GetModuleFileNameW
0x470070 GetCompressedFileSizeA
0x470074 GetSystemDirectoryA
0x470078 CreateFileW
0x47007c lstrcatA
0x470080 GetACP
0x470084 GetVolumePathNameA
0x470088 lstrlenW
0x47008c SetConsoleTitleA
0x470090 VerifyVersionInfoW
0x470094 InterlockedExchange
0x470098 GetLastError
0x47009c GetProcAddress
0x4700a0 EnterCriticalSection
0x4700a4 GetLocalTime
0x4700a8 GetProcessId
0x4700ac LocalAlloc
0x4700b0 SetCalendarInfoW
0x4700b4 DnsHostnameToComputerNameA
0x4700b8 CreateTapePartition
0x4700bc SetConsoleDisplayMode
0x4700c0 SetFileApisToANSI
0x4700c4 GlobalGetAtomNameW
0x4700c8 SetEnvironmentVariableA
0x4700cc GetModuleHandleA
0x4700d0 UpdateResourceW
0x4700d4 CancelTimerQueueTimer
0x4700d8 GetConsoleTitleW
0x4700dc BuildCommDCBA
0x4700e0 VirtualProtect
0x4700e4 PeekConsoleInputA
0x4700e8 FindFirstVolumeW
0x4700ec GetSystemDefaultLangID
0x4700f0 GetStartupInfoW
0x4700f4 HeapAlloc
0x4700f8 UnhandledExceptionFilter
0x4700fc SetUnhandledExceptionFilter
0x470100 GetModuleHandleW
0x470104 TlsGetValue
0x470108 TlsAlloc
0x47010c TlsSetValue
0x470110 TlsFree
0x470114 SetLastError
0x470118 GetCurrentThreadId
0x47011c Sleep
0x470120 ExitProcess
0x470124 WriteFile
0x470128 GetStdHandle
0x47012c GetModuleFileNameA
0x470130 FreeEnvironmentStringsW
0x470134 GetCommandLineW
0x470138 SetHandleCount
0x47013c GetFileType
0x470140 GetStartupInfoA
0x470144 DeleteCriticalSection
0x470148 HeapCreate
0x47014c VirtualFree
0x470150 HeapFree
0x470154 QueryPerformanceCounter
0x470158 GetTickCount
0x47015c GetCurrentProcessId
0x470160 GetSystemTimeAsFileTime
0x470164 RaiseException
0x470168 TerminateProcess
0x47016c GetCurrentProcess
0x470170 IsDebuggerPresent
0x470174 LeaveCriticalSection
0x470178 VirtualAlloc
0x47017c HeapReAlloc
0x470180 GetCPInfo
0x470184 GetOEMCP
0x470188 IsValidCodePage
0x47018c RtlUnwind
0x470190 LoadLibraryA
0x470194 InitializeCriticalSectionAndSpinCount
0x470198 GetLocaleInfoA
0x47019c GetStringTypeA
0x4701a0 MultiByteToWideChar
0x4701a4 GetStringTypeW
0x4701a8 LCMapStringA
0x4701ac WideCharToMultiByte
0x4701b0 LCMapStringW
0x4701b4 HeapSize
USER32.dll
0x4701bc RealGetWindowClassA
EAT(Export Address Table) is none