ScreenShot
| Created | 2021.08.20 11:43 | Machine | s1_win7_x6401 |
| Filename | skin.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 24 detected (AIDetect, malware1, Noon, malicious, high confidence, Artemis, ZexaF, BuW@amaxdHhO, FakeDoc, Eldorado, FileRepMetagen, Kryptik, CLASSIC, ponco@0, kcloud, Wacatac, FormBook, R437881, Static AI, Malicious PE, susgen, confidence, 100%) | ||
| md5 | 35d246695f2bca9c07c187a2b41ca7e3 | ||
| sha256 | 69747996584aba2690d04958b5e2d6446107ae702a0053fd28c8073b4d7c8ad5 | ||
| ssdeep | 6144:UcaJPbmXH5F2pO8z4kf+uy4Ln1QiBSTfMoPXD2u20/7AZRnLIuLenLfHv:U96XTwUYNb1VoTfMoPX6U/7AZZDLeLf | ||
| imphash | 2a6a4e4bd5f8e05c24b3a4f78eb46b1e | ||
| impfuzzy | 48:LvwnqAcalYTb/l1jl1l1K1p1u4flJ6EE2lUlsPUAqHtVtnMUqRSB:LvQqAc+YTbtnT4b44GEECvsAqTtnMXRC | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 24 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| watch | ASPack_Zero | ASPack packed file | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x403000 FreeConsole
0x403004 GetSystemTimeAsFileTime
0x403008 GetCurrentThreadId
0x40300c QueryPerformanceCounter
0x403010 IsProcessorFeaturePresent
0x403014 IsDebuggerPresent
0x403018 DecodePointer
0x40301c EncodePointer
0x403020 GetTickCount64
USER32.dll
0x403110 PostQuitMessage
MSVCP110.dll
0x403028 ?_Xlength_error@std@@YAXPBD@Z
0x40302c ?uncaught_exception@std@@YA_NXZ
0x403030 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
0x403034 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
0x403038 ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
0x40303c ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
0x403040 ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
0x403044 ?ignore@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
0x403048 ?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
0x40304c ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
0x403050 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
0x403054 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
0x403058 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
0x40305c ?_Syserror_map@std@@YAPBDH@Z
0x403060 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x403064 ?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
0x403068 ?_Xbad_alloc@std@@YAXXZ
0x40306c ?_Winerror_map@std@@YAPBDH@Z
0x403070 ?_Xout_of_range@std@@YAXPBD@Z
MSVCR110.dll
0x403078 _unlock
0x40307c _calloc_crt
0x403080 ??2@YAPAXI@Z
0x403084 _onexit
0x403088 ??1type_info@@UAE@XZ
0x40308c _XcptFilter
0x403090 _amsg_exit
0x403094 __getmainargs
0x403098 __set_app_type
0x40309c exit
0x4030a0 _exit
0x4030a4 _cexit
0x4030a8 _configthreadlocale
0x4030ac __setusermatherr
0x4030b0 _initterm_e
0x4030b4 _initterm
0x4030b8 __initenv
0x4030bc _fmode
0x4030c0 _commode
0x4030c4 _crt_debugger_hook
0x4030c8 __crtUnhandledException
0x4030cc __crtTerminateProcess
0x4030d0 _except_handler4_common
0x4030d4 ?terminate@@YAXXZ
0x4030d8 __crtSetUnhandledExceptionFilter
0x4030dc _invoke_watson
0x4030e0 _controlfp_s
0x4030e4 ??3@YAXPAX@Z
0x4030e8 _purecall
0x4030ec printf
0x4030f0 memmove
0x4030f4 __dllonexit
0x4030f8 __CxxFrameHandler3
0x4030fc memcpy
0x403100 _lock
0x403104 _CxxThrowException
0x403108 memset
EAT(Export Address Table) is none
KERNEL32.dll
0x403000 FreeConsole
0x403004 GetSystemTimeAsFileTime
0x403008 GetCurrentThreadId
0x40300c QueryPerformanceCounter
0x403010 IsProcessorFeaturePresent
0x403014 IsDebuggerPresent
0x403018 DecodePointer
0x40301c EncodePointer
0x403020 GetTickCount64
USER32.dll
0x403110 PostQuitMessage
MSVCP110.dll
0x403028 ?_Xlength_error@std@@YAXPBD@Z
0x40302c ?uncaught_exception@std@@YA_NXZ
0x403030 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
0x403034 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
0x403038 ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
0x40303c ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
0x403040 ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
0x403044 ?ignore@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
0x403048 ?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
0x40304c ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
0x403050 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
0x403054 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
0x403058 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
0x40305c ?_Syserror_map@std@@YAPBDH@Z
0x403060 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x403064 ?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
0x403068 ?_Xbad_alloc@std@@YAXXZ
0x40306c ?_Winerror_map@std@@YAPBDH@Z
0x403070 ?_Xout_of_range@std@@YAXPBD@Z
MSVCR110.dll
0x403078 _unlock
0x40307c _calloc_crt
0x403080 ??2@YAPAXI@Z
0x403084 _onexit
0x403088 ??1type_info@@UAE@XZ
0x40308c _XcptFilter
0x403090 _amsg_exit
0x403094 __getmainargs
0x403098 __set_app_type
0x40309c exit
0x4030a0 _exit
0x4030a4 _cexit
0x4030a8 _configthreadlocale
0x4030ac __setusermatherr
0x4030b0 _initterm_e
0x4030b4 _initterm
0x4030b8 __initenv
0x4030bc _fmode
0x4030c0 _commode
0x4030c4 _crt_debugger_hook
0x4030c8 __crtUnhandledException
0x4030cc __crtTerminateProcess
0x4030d0 _except_handler4_common
0x4030d4 ?terminate@@YAXXZ
0x4030d8 __crtSetUnhandledExceptionFilter
0x4030dc _invoke_watson
0x4030e0 _controlfp_s
0x4030e4 ??3@YAXPAX@Z
0x4030e8 _purecall
0x4030ec printf
0x4030f0 memmove
0x4030f4 __dllonexit
0x4030f8 __CxxFrameHandler3
0x4030fc memcpy
0x403100 _lock
0x403104 _CxxThrowException
0x403108 memset
EAT(Export Address Table) is none