ScreenShot
| Created | 2021.08.16 10:49 | Machine | s1_win7_x6402 |
| Filename | fw4.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 38 detected (malicious, high confidence, Siggen14, Zusy, Unsafe, Save, TrojanBanker, ClipBanker, ZexaF, guW@a0iVT8ni, Kryptik, Eldorado, Attribute, HighConfidence, GenKryptik, FCJH, CrypterX, Generic@ML, RDMK, eICIXZzZ5AdhJVE7p72, Generic ML PUA, Artemis, Static AI, Suspicious PE, ai score=81, score, GenericRXPP, BScope, Fuery, BitCoinMiner, FFKQ, susgen, GdSda, HgIASaYA) | ||
| md5 | e3e9e202fbe8ddff674ab73c728a7c89 | ||
| sha256 | d3deba838357bc80db85b39890aa4e44b35ed4376d7ee8a091295be6c100bda7 | ||
| ssdeep | 3072:oHwBuwTfGDTheHB7Elr82TGGl7phC+LDLH3:oHwcabBANLCKnH3 | ||
| imphash | f9dddf0c037cf68c9cddde5fa6d841c1 | ||
| impfuzzy | 24:2MpK1cDRvMUnteS17M3JeDc+pl39xuXSOovbO9Ziv9:9pHbteS17M2c+ppu3A9 | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 38 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40e008 VirtualFree
0x40e00c GetCurrentProcess
0x40e010 VirtualAlloc
0x40e014 GetModuleHandleA
0x40e018 BuildCommDCBAndTimeoutsW
0x40e01c GetLastError
0x40e020 GetProcAddress
0x40e024 ExitProcess
0x40e028 VirtualProtect
0x40e02c WriteConsoleW
0x40e030 CloseHandle
0x40e034 CreateFileW
0x40e038 SetFilePointerEx
0x40e03c GetConsoleMode
0x40e040 GetConsoleCP
0x40e044 FlushFileBuffers
0x40e048 HeapReAlloc
0x40e04c HeapSize
0x40e050 UnhandledExceptionFilter
0x40e054 SetUnhandledExceptionFilter
0x40e058 TerminateProcess
0x40e05c IsProcessorFeaturePresent
0x40e060 QueryPerformanceCounter
0x40e064 GetCurrentProcessId
0x40e068 GetCurrentThreadId
0x40e06c GetSystemTimeAsFileTime
0x40e070 InitializeSListHead
0x40e074 IsDebuggerPresent
0x40e078 GetStartupInfoW
0x40e07c GetModuleHandleW
0x40e080 RtlUnwind
0x40e084 RaiseException
0x40e088 SetLastError
0x40e08c EncodePointer
0x40e090 EnterCriticalSection
0x40e094 LeaveCriticalSection
0x40e098 DeleteCriticalSection
0x40e09c InitializeCriticalSectionAndSpinCount
0x40e0a0 TlsAlloc
0x40e0a4 TlsGetValue
0x40e0a8 TlsSetValue
0x40e0ac TlsFree
0x40e0b0 FreeLibrary
0x40e0b4 LoadLibraryExW
0x40e0b8 GetStdHandle
0x40e0bc WriteFile
0x40e0c0 GetModuleFileNameW
0x40e0c4 GetModuleHandleExW
0x40e0c8 HeapFree
0x40e0cc HeapAlloc
0x40e0d0 FindClose
0x40e0d4 FindFirstFileExW
0x40e0d8 FindNextFileW
0x40e0dc IsValidCodePage
0x40e0e0 GetACP
0x40e0e4 GetOEMCP
0x40e0e8 GetCPInfo
0x40e0ec GetCommandLineA
0x40e0f0 GetCommandLineW
0x40e0f4 MultiByteToWideChar
0x40e0f8 WideCharToMultiByte
0x40e0fc GetEnvironmentStringsW
0x40e100 FreeEnvironmentStringsW
0x40e104 SetStdHandle
0x40e108 GetFileType
0x40e10c GetStringTypeW
0x40e110 LCMapStringW
0x40e114 GetProcessHeap
0x40e118 DecodePointer
GDI32.dll
0x40e000 LPtoDP
EAT(Export Address Table) is none
KERNEL32.dll
0x40e008 VirtualFree
0x40e00c GetCurrentProcess
0x40e010 VirtualAlloc
0x40e014 GetModuleHandleA
0x40e018 BuildCommDCBAndTimeoutsW
0x40e01c GetLastError
0x40e020 GetProcAddress
0x40e024 ExitProcess
0x40e028 VirtualProtect
0x40e02c WriteConsoleW
0x40e030 CloseHandle
0x40e034 CreateFileW
0x40e038 SetFilePointerEx
0x40e03c GetConsoleMode
0x40e040 GetConsoleCP
0x40e044 FlushFileBuffers
0x40e048 HeapReAlloc
0x40e04c HeapSize
0x40e050 UnhandledExceptionFilter
0x40e054 SetUnhandledExceptionFilter
0x40e058 TerminateProcess
0x40e05c IsProcessorFeaturePresent
0x40e060 QueryPerformanceCounter
0x40e064 GetCurrentProcessId
0x40e068 GetCurrentThreadId
0x40e06c GetSystemTimeAsFileTime
0x40e070 InitializeSListHead
0x40e074 IsDebuggerPresent
0x40e078 GetStartupInfoW
0x40e07c GetModuleHandleW
0x40e080 RtlUnwind
0x40e084 RaiseException
0x40e088 SetLastError
0x40e08c EncodePointer
0x40e090 EnterCriticalSection
0x40e094 LeaveCriticalSection
0x40e098 DeleteCriticalSection
0x40e09c InitializeCriticalSectionAndSpinCount
0x40e0a0 TlsAlloc
0x40e0a4 TlsGetValue
0x40e0a8 TlsSetValue
0x40e0ac TlsFree
0x40e0b0 FreeLibrary
0x40e0b4 LoadLibraryExW
0x40e0b8 GetStdHandle
0x40e0bc WriteFile
0x40e0c0 GetModuleFileNameW
0x40e0c4 GetModuleHandleExW
0x40e0c8 HeapFree
0x40e0cc HeapAlloc
0x40e0d0 FindClose
0x40e0d4 FindFirstFileExW
0x40e0d8 FindNextFileW
0x40e0dc IsValidCodePage
0x40e0e0 GetACP
0x40e0e4 GetOEMCP
0x40e0e8 GetCPInfo
0x40e0ec GetCommandLineA
0x40e0f0 GetCommandLineW
0x40e0f4 MultiByteToWideChar
0x40e0f8 WideCharToMultiByte
0x40e0fc GetEnvironmentStringsW
0x40e100 FreeEnvironmentStringsW
0x40e104 SetStdHandle
0x40e108 GetFileType
0x40e10c GetStringTypeW
0x40e110 LCMapStringW
0x40e114 GetProcessHeap
0x40e118 DecodePointer
GDI32.dll
0x40e000 LPtoDP
EAT(Export Address Table) is none