ScreenShot
| Created | 2021.08.17 17:58 | Machine | s1_win7_x6402 |
| Filename | 03da82f27a042bb21948e80c78809783.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 20 detected (Sdum, GenericKD, GenericRXAA, Unsafe, Malicious, Artemis, Clipbanker, Score, ai score=85, Sabsik, BScope, susgen, PossibleThreat) | ||
| md5 | 445dfcd1f7f35099093f7320d467c76d | ||
| sha256 | c4238705bebeb7b5a347ddb5d858a2f9748166cf633b949619dbd69802839db0 | ||
| ssdeep | 1536:8WvNrof2xIZ2ToPCt6VkPRYLUbrjhd3d7t20WYwuIJLO+s8jcdi1vzGHY:8WufhgTeCt0uREWrdhdY0W5uIVO7AvKH | ||
| imphash | c7d3661f79d58d30854a3af50a6f4c2f | ||
| impfuzzy | 24:FXlEjIbD3UMUXviucHPtdS1KGctYbJh9roHOovbOuHN2AKLEYBqHEQm:hZHGwtdS1FciDZB3mpKwYd9 | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 20 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| info | Checks amount of memory in system |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x410000 WriteFile
0x410004 InterlockedDecrement
0x410008 InitializeCriticalSectionAndSpinCount
0x41000c CreateFileW
0x410010 GetLastError
0x410014 LoadLibraryA
0x410018 lstrcatW
0x41001c CloseHandle
0x410020 RaiseException
0x410024 DecodePointer
0x410028 GetProcAddress
0x41002c DeleteCriticalSection
0x410030 WriteConsoleW
0x410034 SetFilePointerEx
0x410038 GetConsoleMode
0x41003c GetConsoleCP
0x410040 FlushFileBuffers
0x410044 HeapReAlloc
0x410048 HeapSize
0x41004c GetStringTypeW
0x410050 SetStdHandle
0x410054 GetFileType
0x410058 GetProcessHeap
0x41005c SetEnvironmentVariableA
0x410060 FreeEnvironmentStringsW
0x410064 GetEnvironmentStringsW
0x410068 GetCPInfo
0x41006c GetOEMCP
0x410070 UnhandledExceptionFilter
0x410074 SetUnhandledExceptionFilter
0x410078 GetCurrentProcess
0x41007c TerminateProcess
0x410080 IsProcessorFeaturePresent
0x410084 IsDebuggerPresent
0x410088 GetStartupInfoW
0x41008c GetModuleHandleW
0x410090 QueryPerformanceCounter
0x410094 GetCurrentProcessId
0x410098 GetCurrentThreadId
0x41009c GetSystemTimeAsFileTime
0x4100a0 InitializeSListHead
0x4100a4 OutputDebugStringW
0x4100a8 EnterCriticalSection
0x4100ac LeaveCriticalSection
0x4100b0 MultiByteToWideChar
0x4100b4 WideCharToMultiByte
0x4100b8 LocalFree
0x4100bc EncodePointer
0x4100c0 RtlUnwind
0x4100c4 SetLastError
0x4100c8 TlsAlloc
0x4100cc TlsGetValue
0x4100d0 TlsSetValue
0x4100d4 TlsFree
0x4100d8 FreeLibrary
0x4100dc LoadLibraryExW
0x4100e0 ExitProcess
0x4100e4 GetModuleHandleExW
0x4100e8 GetModuleFileNameA
0x4100ec GetStdHandle
0x4100f0 GetCommandLineA
0x4100f4 GetCommandLineW
0x4100f8 GetACP
0x4100fc HeapFree
0x410100 HeapAlloc
0x410104 CompareStringW
0x410108 LCMapStringW
0x41010c FindClose
0x410110 FindFirstFileExA
0x410114 FindNextFileA
0x410118 IsValidCodePage
USER32.dll
0x41015c wsprintfW
ole32.dll
0x410164 CoUninitialize
0x410168 CoInitialize
OLEAUT32.dll
0x410120 SafeArrayGetDim
0x410124 VariantInit
0x410128 SafeArrayGetUBound
0x41012c SafeArrayGetLBound
0x410130 SysFreeString
0x410134 SysStringByteLen
0x410138 SysAllocStringByteLen
0x41013c SysAllocString
0x410140 SysStringLen
0x410144 SafeArrayUnaccessData
0x410148 SysAllocStringLen
0x41014c SafeArrayAccessData
0x410150 VariantClear
0x410154 GetErrorInfo
EAT(Export Address Table) is none
KERNEL32.dll
0x410000 WriteFile
0x410004 InterlockedDecrement
0x410008 InitializeCriticalSectionAndSpinCount
0x41000c CreateFileW
0x410010 GetLastError
0x410014 LoadLibraryA
0x410018 lstrcatW
0x41001c CloseHandle
0x410020 RaiseException
0x410024 DecodePointer
0x410028 GetProcAddress
0x41002c DeleteCriticalSection
0x410030 WriteConsoleW
0x410034 SetFilePointerEx
0x410038 GetConsoleMode
0x41003c GetConsoleCP
0x410040 FlushFileBuffers
0x410044 HeapReAlloc
0x410048 HeapSize
0x41004c GetStringTypeW
0x410050 SetStdHandle
0x410054 GetFileType
0x410058 GetProcessHeap
0x41005c SetEnvironmentVariableA
0x410060 FreeEnvironmentStringsW
0x410064 GetEnvironmentStringsW
0x410068 GetCPInfo
0x41006c GetOEMCP
0x410070 UnhandledExceptionFilter
0x410074 SetUnhandledExceptionFilter
0x410078 GetCurrentProcess
0x41007c TerminateProcess
0x410080 IsProcessorFeaturePresent
0x410084 IsDebuggerPresent
0x410088 GetStartupInfoW
0x41008c GetModuleHandleW
0x410090 QueryPerformanceCounter
0x410094 GetCurrentProcessId
0x410098 GetCurrentThreadId
0x41009c GetSystemTimeAsFileTime
0x4100a0 InitializeSListHead
0x4100a4 OutputDebugStringW
0x4100a8 EnterCriticalSection
0x4100ac LeaveCriticalSection
0x4100b0 MultiByteToWideChar
0x4100b4 WideCharToMultiByte
0x4100b8 LocalFree
0x4100bc EncodePointer
0x4100c0 RtlUnwind
0x4100c4 SetLastError
0x4100c8 TlsAlloc
0x4100cc TlsGetValue
0x4100d0 TlsSetValue
0x4100d4 TlsFree
0x4100d8 FreeLibrary
0x4100dc LoadLibraryExW
0x4100e0 ExitProcess
0x4100e4 GetModuleHandleExW
0x4100e8 GetModuleFileNameA
0x4100ec GetStdHandle
0x4100f0 GetCommandLineA
0x4100f4 GetCommandLineW
0x4100f8 GetACP
0x4100fc HeapFree
0x410100 HeapAlloc
0x410104 CompareStringW
0x410108 LCMapStringW
0x41010c FindClose
0x410110 FindFirstFileExA
0x410114 FindNextFileA
0x410118 IsValidCodePage
USER32.dll
0x41015c wsprintfW
ole32.dll
0x410164 CoUninitialize
0x410168 CoInitialize
OLEAUT32.dll
0x410120 SafeArrayGetDim
0x410124 VariantInit
0x410128 SafeArrayGetUBound
0x41012c SafeArrayGetLBound
0x410130 SysFreeString
0x410134 SysStringByteLen
0x410138 SysAllocStringByteLen
0x41013c SysAllocString
0x410140 SysStringLen
0x410144 SafeArrayUnaccessData
0x410148 SysAllocStringLen
0x41014c SafeArrayAccessData
0x410150 VariantClear
0x410154 GetErrorInfo
EAT(Export Address Table) is none