ScreenShot
| Created | 2021.08.17 09:33 | Machine | s1_win7_x6401 |
| Filename | sufile.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 42 detected (AIDetect, malware2, malicious, high confidence, Jaik, Unsafe, Save, confidence, 100%, ZexaF, xq0@ay72YedG, Kryptik, Eldorado, Attribute, HighConfidence, HMCH, Racealer, PWSX, CLASSIC, HPGen, Emotet, Static AI, Malicious PE, susgen, ai score=85, Sabsik, score, CoinMiner, Glupteba, R437351, BScope, MachineLearning, Anomalous, Zurgop, HMCE, Genetic, QVM10) | ||
| md5 | 0ca116299ae13d37e2368d09f208fd2d | ||
| sha256 | 4934962518447fe675fc3e72322d7e8eb1521bddcd45eae280f98d0b4d138c01 | ||
| ssdeep | 6144:CLKsmMA1zQULl9z6mSXMhAuyygEdbHLmDHIDR/AI7c/mnUIqq:CWsy6RCg2iC/A1RIq | ||
| imphash | a93d3aeb5048cb343bc92212709955c9 | ||
| impfuzzy | 48:kKPEcr59fWdFo7PFHYzrJtOPQc7kuHcnH2c:kir7CFo7ezrJtOPQc7pcnHj | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 42 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x446008 EnumDateFormatsExW
0x44600c EndUpdateResourceW
0x446010 InterlockedIncrement
0x446014 MoveFileExW
0x446018 GetConsoleAliasA
0x44601c InterlockedDecrement
0x446020 WritePrivateProfileSectionA
0x446024 GetSystemWindowsDirectoryW
0x446028 GetEnvironmentStringsW
0x44602c WaitForSingleObject
0x446030 SetConsoleScreenBufferSize
0x446034 GetComputerNameW
0x446038 SetEvent
0x44603c GetConsoleAliasesLengthA
0x446040 GetConsoleTitleA
0x446044 ReadConsoleOutputA
0x446048 GetUserDefaultLangID
0x44604c CreateActCtxW
0x446050 GetConsoleCP
0x446054 GetVersionExW
0x446058 GetFileAttributesA
0x44605c DnsHostnameToComputerNameW
0x446060 lstrcpynW
0x446064 VerifyVersionInfoA
0x446068 IsBadWritePtr
0x44606c GetModuleFileNameW
0x446070 GetCompressedFileSizeA
0x446074 GetSystemDirectoryA
0x446078 CreateFileW
0x44607c lstrcatA
0x446080 GetACP
0x446084 GetVolumePathNameA
0x446088 lstrlenW
0x44608c SetConsoleTitleA
0x446090 FlushFileBuffers
0x446094 InterlockedExchange
0x446098 GetLastError
0x44609c GetProcAddress
0x4460a0 BeginUpdateResourceW
0x4460a4 CreateTimerQueueTimer
0x4460a8 LocalLock
0x4460ac EnterCriticalSection
0x4460b0 GetLocalTime
0x4460b4 WriteConsoleA
0x4460b8 GetProcessId
0x4460bc LocalAlloc
0x4460c0 CreateTapePartition
0x4460c4 SetConsoleDisplayMode
0x4460c8 GlobalGetAtomNameW
0x4460cc SetEnvironmentVariableA
0x4460d0 GetModuleHandleA
0x4460d4 CancelTimerQueueTimer
0x4460d8 BuildCommDCBA
0x4460dc VirtualProtect
0x4460e0 PeekConsoleInputA
0x4460e4 WriteConsoleOutputAttribute
0x4460e8 SetCalendarInfoA
0x4460ec FindFirstVolumeW
0x4460f0 AreFileApisANSI
0x4460f4 LCMapStringW
0x4460f8 GetSystemDefaultLangID
0x4460fc UnhandledExceptionFilter
0x446100 SetUnhandledExceptionFilter
0x446104 GetModuleHandleW
0x446108 Sleep
0x44610c ExitProcess
0x446110 GetStartupInfoW
0x446114 WriteFile
0x446118 GetStdHandle
0x44611c GetModuleFileNameA
0x446120 HeapAlloc
0x446124 TlsGetValue
0x446128 TlsAlloc
0x44612c TlsSetValue
0x446130 TlsFree
0x446134 SetLastError
0x446138 GetCurrentThreadId
0x44613c DeleteCriticalSection
0x446140 LeaveCriticalSection
0x446144 TerminateProcess
0x446148 GetCurrentProcess
0x44614c IsDebuggerPresent
0x446150 LoadLibraryA
0x446154 InitializeCriticalSectionAndSpinCount
0x446158 FreeEnvironmentStringsW
0x44615c GetCommandLineW
0x446160 SetHandleCount
0x446164 GetFileType
0x446168 GetStartupInfoA
0x44616c HeapCreate
0x446170 VirtualFree
0x446174 HeapFree
0x446178 QueryPerformanceCounter
0x44617c GetTickCount
0x446180 GetCurrentProcessId
0x446184 GetSystemTimeAsFileTime
0x446188 RaiseException
0x44618c VirtualAlloc
0x446190 HeapReAlloc
0x446194 GetCPInfo
0x446198 GetOEMCP
0x44619c IsValidCodePage
0x4461a0 RtlUnwind
0x4461a4 HeapSize
0x4461a8 GetLocaleInfoA
0x4461ac WideCharToMultiByte
0x4461b0 GetStringTypeA
0x4461b4 MultiByteToWideChar
0x4461b8 GetStringTypeW
0x4461bc LCMapStringA
USER32.dll
0x4461c4 RealGetWindowClassA
ADVAPI32.dll
0x446000 AdjustTokenPrivileges
EAT(Export Address Table) Library
0x401003 @GetAnotherVice@12
0x401000 @SetFirstEverVice@4
KERNEL32.dll
0x446008 EnumDateFormatsExW
0x44600c EndUpdateResourceW
0x446010 InterlockedIncrement
0x446014 MoveFileExW
0x446018 GetConsoleAliasA
0x44601c InterlockedDecrement
0x446020 WritePrivateProfileSectionA
0x446024 GetSystemWindowsDirectoryW
0x446028 GetEnvironmentStringsW
0x44602c WaitForSingleObject
0x446030 SetConsoleScreenBufferSize
0x446034 GetComputerNameW
0x446038 SetEvent
0x44603c GetConsoleAliasesLengthA
0x446040 GetConsoleTitleA
0x446044 ReadConsoleOutputA
0x446048 GetUserDefaultLangID
0x44604c CreateActCtxW
0x446050 GetConsoleCP
0x446054 GetVersionExW
0x446058 GetFileAttributesA
0x44605c DnsHostnameToComputerNameW
0x446060 lstrcpynW
0x446064 VerifyVersionInfoA
0x446068 IsBadWritePtr
0x44606c GetModuleFileNameW
0x446070 GetCompressedFileSizeA
0x446074 GetSystemDirectoryA
0x446078 CreateFileW
0x44607c lstrcatA
0x446080 GetACP
0x446084 GetVolumePathNameA
0x446088 lstrlenW
0x44608c SetConsoleTitleA
0x446090 FlushFileBuffers
0x446094 InterlockedExchange
0x446098 GetLastError
0x44609c GetProcAddress
0x4460a0 BeginUpdateResourceW
0x4460a4 CreateTimerQueueTimer
0x4460a8 LocalLock
0x4460ac EnterCriticalSection
0x4460b0 GetLocalTime
0x4460b4 WriteConsoleA
0x4460b8 GetProcessId
0x4460bc LocalAlloc
0x4460c0 CreateTapePartition
0x4460c4 SetConsoleDisplayMode
0x4460c8 GlobalGetAtomNameW
0x4460cc SetEnvironmentVariableA
0x4460d0 GetModuleHandleA
0x4460d4 CancelTimerQueueTimer
0x4460d8 BuildCommDCBA
0x4460dc VirtualProtect
0x4460e0 PeekConsoleInputA
0x4460e4 WriteConsoleOutputAttribute
0x4460e8 SetCalendarInfoA
0x4460ec FindFirstVolumeW
0x4460f0 AreFileApisANSI
0x4460f4 LCMapStringW
0x4460f8 GetSystemDefaultLangID
0x4460fc UnhandledExceptionFilter
0x446100 SetUnhandledExceptionFilter
0x446104 GetModuleHandleW
0x446108 Sleep
0x44610c ExitProcess
0x446110 GetStartupInfoW
0x446114 WriteFile
0x446118 GetStdHandle
0x44611c GetModuleFileNameA
0x446120 HeapAlloc
0x446124 TlsGetValue
0x446128 TlsAlloc
0x44612c TlsSetValue
0x446130 TlsFree
0x446134 SetLastError
0x446138 GetCurrentThreadId
0x44613c DeleteCriticalSection
0x446140 LeaveCriticalSection
0x446144 TerminateProcess
0x446148 GetCurrentProcess
0x44614c IsDebuggerPresent
0x446150 LoadLibraryA
0x446154 InitializeCriticalSectionAndSpinCount
0x446158 FreeEnvironmentStringsW
0x44615c GetCommandLineW
0x446160 SetHandleCount
0x446164 GetFileType
0x446168 GetStartupInfoA
0x44616c HeapCreate
0x446170 VirtualFree
0x446174 HeapFree
0x446178 QueryPerformanceCounter
0x44617c GetTickCount
0x446180 GetCurrentProcessId
0x446184 GetSystemTimeAsFileTime
0x446188 RaiseException
0x44618c VirtualAlloc
0x446190 HeapReAlloc
0x446194 GetCPInfo
0x446198 GetOEMCP
0x44619c IsValidCodePage
0x4461a0 RtlUnwind
0x4461a4 HeapSize
0x4461a8 GetLocaleInfoA
0x4461ac WideCharToMultiByte
0x4461b0 GetStringTypeA
0x4461b4 MultiByteToWideChar
0x4461b8 GetStringTypeW
0x4461bc LCMapStringA
USER32.dll
0x4461c4 RealGetWindowClassA
ADVAPI32.dll
0x446000 AdjustTokenPrivileges
EAT(Export Address Table) Library
0x401003 @GetAnotherVice@12
0x401000 @SetFirstEverVice@4