ScreenShot
| Created | 2021.08.20 09:46 | Machine | s1_win7_x6402 |
| Filename | sefile2.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 33 detected (AIDetect, malware1, malicious, high confidence, Fragtor, MachineLearning, Anomalous, Save, confidence, 100%, ZexaF, oq0@aC8gbroi, Kryptik, Eldorado, Attribute, HighConfidence, HPGen, Emotet, susgen, Azorult, score, BScope, Blocker, ai score=83, Unsafe, CLASSIC, Static AI, Suspicious PE) | ||
| md5 | 46153e33a9297cec0237938991f4f3d0 | ||
| sha256 | 32ab7f14e4e96ab234dd47a1341d0aa059a4c519c509365b4550d6072ece5f05 | ||
| ssdeep | 6144:o0wFwXKLpOpu1vPCWPJ7jVZZcdfXulHgFnL:twq43XZqdZL | ||
| imphash | dded9f8a501932d43920d95856e3c15b | ||
| impfuzzy | 24:jkrkebkDQu9ErjtZE+XB1Fj76IH42dnoJcDS1+pX8GOPOYCrttoLOovEGhn2cw2G:kzZ1XNa2d81KCGY4tto6VGgcDvv0wU | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 33 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x425000 GetConsoleAliasesLengthW
0x425004 SetLocalTime
0x425008 WriteConsoleOutputW
0x42500c InterlockedIncrement
0x425010 GetConsoleAliasA
0x425014 InterlockedDecrement
0x425018 GetCurrentProcess
0x42501c ReadConsoleOutputAttribute
0x425020 SetEnvironmentVariableW
0x425024 GetEnvironmentStringsW
0x425028 WaitForSingleObject
0x42502c GetSystemDefaultLCID
0x425030 GetModuleHandleW
0x425034 EnumCalendarInfoExW
0x425038 SetThreadUILanguage
0x42503c GetConsoleTitleA
0x425040 CreateActCtxW
0x425044 GetConsoleCP
0x425048 GetSystemDirectoryW
0x42504c ReadConsoleInputA
0x425050 SetVolumeMountPointA
0x425054 GetSystemWindowsDirectoryA
0x425058 GetVersionExW
0x42505c GetFileAttributesA
0x425060 lstrcpynW
0x425064 SetConsoleCursorPosition
0x425068 SetTimeZoneInformation
0x42506c VerifyVersionInfoA
0x425070 WriteConsoleW
0x425074 IsBadWritePtr
0x425078 GetModuleFileNameW
0x42507c lstrcatA
0x425080 GetACP
0x425084 lstrlenW
0x425088 FlushFileBuffers
0x42508c InterlockedExchange
0x425090 FillConsoleOutputCharacterW
0x425094 SetLastError
0x425098 GetProcAddress
0x42509c PeekConsoleInputW
0x4250a0 EnumDateFormatsExA
0x4250a4 CreateTimerQueueTimer
0x4250a8 LocalLock
0x4250ac GetConsoleDisplayMode
0x4250b0 EnterCriticalSection
0x4250b4 SetTimerQueueTimer
0x4250b8 GlobalGetAtomNameA
0x4250bc ResetEvent
0x4250c0 LocalAlloc
0x4250c4 DnsHostnameToComputerNameA
0x4250c8 BeginUpdateResourceA
0x4250cc GetModuleHandleA
0x4250d0 HeapSetInformation
0x4250d4 GetCPInfoExA
0x4250d8 FindFirstVolumeA
0x4250dc EndUpdateResourceA
0x4250e0 GetCurrentProcessId
0x4250e4 GetConsoleProcessList
0x4250e8 AreFileApisANSI
0x4250ec GetMailslotInfo
0x4250f0 LCMapStringW
0x4250f4 LCMapStringA
0x4250f8 UnhandledExceptionFilter
0x4250fc SetUnhandledExceptionFilter
0x425100 HeapAlloc
0x425104 Sleep
0x425108 ExitProcess
0x42510c GetCommandLineA
0x425110 GetStartupInfoA
0x425114 RaiseException
0x425118 RtlUnwind
0x42511c GetLastError
0x425120 WriteFile
0x425124 GetStdHandle
0x425128 GetModuleFileNameA
0x42512c TerminateProcess
0x425130 IsDebuggerPresent
0x425134 HeapFree
0x425138 DeleteCriticalSection
0x42513c LeaveCriticalSection
0x425140 VirtualFree
0x425144 VirtualAlloc
0x425148 HeapReAlloc
0x42514c HeapCreate
0x425150 TlsGetValue
0x425154 TlsAlloc
0x425158 TlsSetValue
0x42515c TlsFree
0x425160 GetCurrentThreadId
0x425164 LoadLibraryA
0x425168 InitializeCriticalSectionAndSpinCount
0x42516c FreeEnvironmentStringsA
0x425170 GetEnvironmentStrings
0x425174 FreeEnvironmentStringsW
0x425178 WideCharToMultiByte
0x42517c SetHandleCount
0x425180 GetFileType
0x425184 QueryPerformanceCounter
0x425188 GetTickCount
0x42518c GetSystemTimeAsFileTime
0x425190 GetCPInfo
0x425194 GetOEMCP
0x425198 IsValidCodePage
0x42519c HeapSize
0x4251a0 GetLocaleInfoA
0x4251a4 GetStringTypeA
0x4251a8 MultiByteToWideChar
0x4251ac GetStringTypeW
USER32.dll
0x4251b4 RealGetWindowClassA
EAT(Export Address Table) Library
0x401065 @SetFirstEverVice@8
KERNEL32.dll
0x425000 GetConsoleAliasesLengthW
0x425004 SetLocalTime
0x425008 WriteConsoleOutputW
0x42500c InterlockedIncrement
0x425010 GetConsoleAliasA
0x425014 InterlockedDecrement
0x425018 GetCurrentProcess
0x42501c ReadConsoleOutputAttribute
0x425020 SetEnvironmentVariableW
0x425024 GetEnvironmentStringsW
0x425028 WaitForSingleObject
0x42502c GetSystemDefaultLCID
0x425030 GetModuleHandleW
0x425034 EnumCalendarInfoExW
0x425038 SetThreadUILanguage
0x42503c GetConsoleTitleA
0x425040 CreateActCtxW
0x425044 GetConsoleCP
0x425048 GetSystemDirectoryW
0x42504c ReadConsoleInputA
0x425050 SetVolumeMountPointA
0x425054 GetSystemWindowsDirectoryA
0x425058 GetVersionExW
0x42505c GetFileAttributesA
0x425060 lstrcpynW
0x425064 SetConsoleCursorPosition
0x425068 SetTimeZoneInformation
0x42506c VerifyVersionInfoA
0x425070 WriteConsoleW
0x425074 IsBadWritePtr
0x425078 GetModuleFileNameW
0x42507c lstrcatA
0x425080 GetACP
0x425084 lstrlenW
0x425088 FlushFileBuffers
0x42508c InterlockedExchange
0x425090 FillConsoleOutputCharacterW
0x425094 SetLastError
0x425098 GetProcAddress
0x42509c PeekConsoleInputW
0x4250a0 EnumDateFormatsExA
0x4250a4 CreateTimerQueueTimer
0x4250a8 LocalLock
0x4250ac GetConsoleDisplayMode
0x4250b0 EnterCriticalSection
0x4250b4 SetTimerQueueTimer
0x4250b8 GlobalGetAtomNameA
0x4250bc ResetEvent
0x4250c0 LocalAlloc
0x4250c4 DnsHostnameToComputerNameA
0x4250c8 BeginUpdateResourceA
0x4250cc GetModuleHandleA
0x4250d0 HeapSetInformation
0x4250d4 GetCPInfoExA
0x4250d8 FindFirstVolumeA
0x4250dc EndUpdateResourceA
0x4250e0 GetCurrentProcessId
0x4250e4 GetConsoleProcessList
0x4250e8 AreFileApisANSI
0x4250ec GetMailslotInfo
0x4250f0 LCMapStringW
0x4250f4 LCMapStringA
0x4250f8 UnhandledExceptionFilter
0x4250fc SetUnhandledExceptionFilter
0x425100 HeapAlloc
0x425104 Sleep
0x425108 ExitProcess
0x42510c GetCommandLineA
0x425110 GetStartupInfoA
0x425114 RaiseException
0x425118 RtlUnwind
0x42511c GetLastError
0x425120 WriteFile
0x425124 GetStdHandle
0x425128 GetModuleFileNameA
0x42512c TerminateProcess
0x425130 IsDebuggerPresent
0x425134 HeapFree
0x425138 DeleteCriticalSection
0x42513c LeaveCriticalSection
0x425140 VirtualFree
0x425144 VirtualAlloc
0x425148 HeapReAlloc
0x42514c HeapCreate
0x425150 TlsGetValue
0x425154 TlsAlloc
0x425158 TlsSetValue
0x42515c TlsFree
0x425160 GetCurrentThreadId
0x425164 LoadLibraryA
0x425168 InitializeCriticalSectionAndSpinCount
0x42516c FreeEnvironmentStringsA
0x425170 GetEnvironmentStrings
0x425174 FreeEnvironmentStringsW
0x425178 WideCharToMultiByte
0x42517c SetHandleCount
0x425180 GetFileType
0x425184 QueryPerformanceCounter
0x425188 GetTickCount
0x42518c GetSystemTimeAsFileTime
0x425190 GetCPInfo
0x425194 GetOEMCP
0x425198 IsValidCodePage
0x42519c HeapSize
0x4251a0 GetLocaleInfoA
0x4251a4 GetStringTypeA
0x4251a8 MultiByteToWideChar
0x4251ac GetStringTypeW
USER32.dll
0x4251b4 RealGetWindowClassA
EAT(Export Address Table) Library
0x401065 @SetFirstEverVice@8