ScreenShot
| Created | 2021.08.20 09:17 | Machine | s1_win7_x6402 |
| Filename | apines1.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 36 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, ZexaF, pq0@a4BqYjgi, Kryptik, Eldorado, Attribute, HighConfidence, GenKryptik, FJFD, TrojanX, HPGen, Emotet, A + Troj, Krypt, RedLineSteal, ienyq, Sabsik, Zenpak, NetSteal, 44O13B, score, Artemis, BScope, Glupteba, Static AI, Suspicious PE, susgen, FJEX, Genetic, confidence, 100%) | ||
| md5 | d942626640bd34a96b1887f24feeecf7 | ||
| sha256 | 7b988271813c4427f60be1eb527fff7d3270308b3e8d750663d70028e084e018 | ||
| ssdeep | 3072:YjpHUCWz751iuPJv0+ZTCUb1TzMUIxapGa38Are8gecmQqEEOuARg9joKKT0yB3M:gCC651iwlMFiGajgex9pO89j2 | ||
| imphash | d14e6f286b56e073587d660c9cc6ef7f | ||
| impfuzzy | 24:CbkDwu9ErjtZ8XBkrkRri/xEIOV4FndcKcDS1+pX86+chgYDttoLOovEGb2cwSJW:cZ8Xef/5ndH1KAMgYDtto6VGacTvv0wU | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 36 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x42b000 SetLocalTime
0x42b004 WriteConsoleOutputW
0x42b008 InterlockedIncrement
0x42b00c GetConsoleAliasA
0x42b010 InterlockedDecrement
0x42b014 GetSystemWindowsDirectoryW
0x42b018 SetEnvironmentVariableW
0x42b01c GetEnvironmentStringsW
0x42b020 WaitForSingleObject
0x42b024 GetSystemDefaultLCID
0x42b028 GetModuleHandleW
0x42b02c SetThreadUILanguage
0x42b030 GetConsoleAliasesLengthA
0x42b034 GetCompressedFileSizeW
0x42b038 CreateActCtxW
0x42b03c InitializeCriticalSection
0x42b040 GetConsoleCP
0x42b044 GetSystemDirectoryW
0x42b048 ReadConsoleInputA
0x42b04c GetVersionExW
0x42b050 GetFileAttributesA
0x42b054 lstrcpynW
0x42b058 SetConsoleCursorPosition
0x42b05c VerifyVersionInfoA
0x42b060 WritePrivateProfileSectionW
0x42b064 IsBadWritePtr
0x42b068 GetModuleFileNameW
0x42b06c CreateFileW
0x42b070 lstrcatA
0x42b074 GetACP
0x42b078 lstrlenW
0x42b07c FlushFileBuffers
0x42b080 InterlockedExchange
0x42b084 GetCPInfoExW
0x42b088 FillConsoleOutputCharacterW
0x42b08c GetLastError
0x42b090 GetProcAddress
0x42b094 PeekConsoleInputW
0x42b098 EnumDateFormatsExA
0x42b09c CreateTimerQueueTimer
0x42b0a0 LocalLock
0x42b0a4 GetConsoleDisplayMode
0x42b0a8 EnterCriticalSection
0x42b0ac SetTimerQueueTimer
0x42b0b0 GlobalGetAtomNameA
0x42b0b4 WriteConsoleA
0x42b0b8 LocalAlloc
0x42b0bc DnsHostnameToComputerNameA
0x42b0c0 BeginUpdateResourceA
0x42b0c4 GetModuleHandleA
0x42b0c8 HeapSetInformation
0x42b0cc EraseTape
0x42b0d0 GetConsoleTitleW
0x42b0d4 FindFirstVolumeA
0x42b0d8 EndUpdateResourceA
0x42b0dc GetCurrentProcessId
0x42b0e0 AreFileApisANSI
0x42b0e4 LCMapStringW
0x42b0e8 LCMapStringA
0x42b0ec UnhandledExceptionFilter
0x42b0f0 SetUnhandledExceptionFilter
0x42b0f4 HeapAlloc
0x42b0f8 Sleep
0x42b0fc ExitProcess
0x42b100 GetCommandLineA
0x42b104 GetStartupInfoA
0x42b108 RaiseException
0x42b10c RtlUnwind
0x42b110 WriteFile
0x42b114 GetStdHandle
0x42b118 GetModuleFileNameA
0x42b11c TerminateProcess
0x42b120 GetCurrentProcess
0x42b124 IsDebuggerPresent
0x42b128 HeapFree
0x42b12c DeleteCriticalSection
0x42b130 LeaveCriticalSection
0x42b134 VirtualFree
0x42b138 VirtualAlloc
0x42b13c HeapReAlloc
0x42b140 HeapCreate
0x42b144 TlsGetValue
0x42b148 TlsAlloc
0x42b14c TlsSetValue
0x42b150 TlsFree
0x42b154 SetLastError
0x42b158 GetCurrentThreadId
0x42b15c LoadLibraryA
0x42b160 InitializeCriticalSectionAndSpinCount
0x42b164 FreeEnvironmentStringsA
0x42b168 GetEnvironmentStrings
0x42b16c FreeEnvironmentStringsW
0x42b170 WideCharToMultiByte
0x42b174 SetHandleCount
0x42b178 GetFileType
0x42b17c QueryPerformanceCounter
0x42b180 GetTickCount
0x42b184 GetSystemTimeAsFileTime
0x42b188 GetCPInfo
0x42b18c GetOEMCP
0x42b190 IsValidCodePage
0x42b194 HeapSize
0x42b198 GetLocaleInfoA
0x42b19c GetStringTypeA
0x42b1a0 MultiByteToWideChar
0x42b1a4 GetStringTypeW
USER32.dll
0x42b1ac RealGetWindowClassA
EAT(Export Address Table) Library
0x401068 @GetAnotherVice@12
0x401065 @SetFirstEverVice@4
KERNEL32.dll
0x42b000 SetLocalTime
0x42b004 WriteConsoleOutputW
0x42b008 InterlockedIncrement
0x42b00c GetConsoleAliasA
0x42b010 InterlockedDecrement
0x42b014 GetSystemWindowsDirectoryW
0x42b018 SetEnvironmentVariableW
0x42b01c GetEnvironmentStringsW
0x42b020 WaitForSingleObject
0x42b024 GetSystemDefaultLCID
0x42b028 GetModuleHandleW
0x42b02c SetThreadUILanguage
0x42b030 GetConsoleAliasesLengthA
0x42b034 GetCompressedFileSizeW
0x42b038 CreateActCtxW
0x42b03c InitializeCriticalSection
0x42b040 GetConsoleCP
0x42b044 GetSystemDirectoryW
0x42b048 ReadConsoleInputA
0x42b04c GetVersionExW
0x42b050 GetFileAttributesA
0x42b054 lstrcpynW
0x42b058 SetConsoleCursorPosition
0x42b05c VerifyVersionInfoA
0x42b060 WritePrivateProfileSectionW
0x42b064 IsBadWritePtr
0x42b068 GetModuleFileNameW
0x42b06c CreateFileW
0x42b070 lstrcatA
0x42b074 GetACP
0x42b078 lstrlenW
0x42b07c FlushFileBuffers
0x42b080 InterlockedExchange
0x42b084 GetCPInfoExW
0x42b088 FillConsoleOutputCharacterW
0x42b08c GetLastError
0x42b090 GetProcAddress
0x42b094 PeekConsoleInputW
0x42b098 EnumDateFormatsExA
0x42b09c CreateTimerQueueTimer
0x42b0a0 LocalLock
0x42b0a4 GetConsoleDisplayMode
0x42b0a8 EnterCriticalSection
0x42b0ac SetTimerQueueTimer
0x42b0b0 GlobalGetAtomNameA
0x42b0b4 WriteConsoleA
0x42b0b8 LocalAlloc
0x42b0bc DnsHostnameToComputerNameA
0x42b0c0 BeginUpdateResourceA
0x42b0c4 GetModuleHandleA
0x42b0c8 HeapSetInformation
0x42b0cc EraseTape
0x42b0d0 GetConsoleTitleW
0x42b0d4 FindFirstVolumeA
0x42b0d8 EndUpdateResourceA
0x42b0dc GetCurrentProcessId
0x42b0e0 AreFileApisANSI
0x42b0e4 LCMapStringW
0x42b0e8 LCMapStringA
0x42b0ec UnhandledExceptionFilter
0x42b0f0 SetUnhandledExceptionFilter
0x42b0f4 HeapAlloc
0x42b0f8 Sleep
0x42b0fc ExitProcess
0x42b100 GetCommandLineA
0x42b104 GetStartupInfoA
0x42b108 RaiseException
0x42b10c RtlUnwind
0x42b110 WriteFile
0x42b114 GetStdHandle
0x42b118 GetModuleFileNameA
0x42b11c TerminateProcess
0x42b120 GetCurrentProcess
0x42b124 IsDebuggerPresent
0x42b128 HeapFree
0x42b12c DeleteCriticalSection
0x42b130 LeaveCriticalSection
0x42b134 VirtualFree
0x42b138 VirtualAlloc
0x42b13c HeapReAlloc
0x42b140 HeapCreate
0x42b144 TlsGetValue
0x42b148 TlsAlloc
0x42b14c TlsSetValue
0x42b150 TlsFree
0x42b154 SetLastError
0x42b158 GetCurrentThreadId
0x42b15c LoadLibraryA
0x42b160 InitializeCriticalSectionAndSpinCount
0x42b164 FreeEnvironmentStringsA
0x42b168 GetEnvironmentStrings
0x42b16c FreeEnvironmentStringsW
0x42b170 WideCharToMultiByte
0x42b174 SetHandleCount
0x42b178 GetFileType
0x42b17c QueryPerformanceCounter
0x42b180 GetTickCount
0x42b184 GetSystemTimeAsFileTime
0x42b188 GetCPInfo
0x42b18c GetOEMCP
0x42b190 IsValidCodePage
0x42b194 HeapSize
0x42b198 GetLocaleInfoA
0x42b19c GetStringTypeA
0x42b1a0 MultiByteToWideChar
0x42b1a4 GetStringTypeW
USER32.dll
0x42b1ac RealGetWindowClassA
EAT(Export Address Table) Library
0x401068 @GetAnotherVice@12
0x401065 @SetFirstEverVice@4