ScreenShot
| Created | 2021.08.20 17:20 | Machine | s1_win7_x6402 |
| Filename | SuccourHippings_2021-08-20_01-58.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 36 detected (AIDetect, malware2, malicious, high confidence, Fragtor, Unsafe, Save, ZexaF, pq0@aakbC7li, Kryptik, Eldorado, Attribute, HighConfidence, FileRepMetagen, HPGen, Emotet, Score, Sabsik, ai score=87, BScope, Blocker, CLASSIC, susgen, confidence, 100%, QVM10) | ||
| md5 | 42fdf557c2eaed4cde25c9bd9e0f9421 | ||
| sha256 | 76a21b0bee6ab30012baad17980251957c0b0e2117a6c17466258c3a5e6a147a | ||
| ssdeep | 3072:lREqr6rTejFbFd37D+F9944/AyrrcvRST5Dj+AUR1AuxYVHIzgFnLm6:jd6/eZbFZ29ZAyrrcZ8DjrMAbHKgFnL | ||
| imphash | dded9f8a501932d43920d95856e3c15b | ||
| impfuzzy | 24:jkrkebkDQu9ErjtZE+XB1Fj76IH42dnoJcDS1+pX8GOPOYCrttoLOovEGhn2cw2G:kzZ1XNa2d81KCGY4tto6VGgcDvv0wU | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 36 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x42b000 GetConsoleAliasesLengthW
0x42b004 SetLocalTime
0x42b008 WriteConsoleOutputW
0x42b00c InterlockedIncrement
0x42b010 GetConsoleAliasA
0x42b014 InterlockedDecrement
0x42b018 GetCurrentProcess
0x42b01c ReadConsoleOutputAttribute
0x42b020 SetEnvironmentVariableW
0x42b024 GetEnvironmentStringsW
0x42b028 WaitForSingleObject
0x42b02c GetSystemDefaultLCID
0x42b030 GetModuleHandleW
0x42b034 EnumCalendarInfoExW
0x42b038 SetThreadUILanguage
0x42b03c GetConsoleTitleA
0x42b040 CreateActCtxW
0x42b044 GetConsoleCP
0x42b048 GetSystemDirectoryW
0x42b04c ReadConsoleInputA
0x42b050 SetVolumeMountPointA
0x42b054 GetSystemWindowsDirectoryA
0x42b058 GetVersionExW
0x42b05c GetFileAttributesA
0x42b060 lstrcpynW
0x42b064 SetConsoleCursorPosition
0x42b068 SetTimeZoneInformation
0x42b06c VerifyVersionInfoA
0x42b070 WriteConsoleW
0x42b074 IsBadWritePtr
0x42b078 GetModuleFileNameW
0x42b07c lstrcatA
0x42b080 GetACP
0x42b084 lstrlenW
0x42b088 FlushFileBuffers
0x42b08c InterlockedExchange
0x42b090 FillConsoleOutputCharacterW
0x42b094 SetLastError
0x42b098 GetProcAddress
0x42b09c PeekConsoleInputW
0x42b0a0 EnumDateFormatsExA
0x42b0a4 CreateTimerQueueTimer
0x42b0a8 LocalLock
0x42b0ac GetConsoleDisplayMode
0x42b0b0 EnterCriticalSection
0x42b0b4 SetTimerQueueTimer
0x42b0b8 GlobalGetAtomNameA
0x42b0bc ResetEvent
0x42b0c0 LocalAlloc
0x42b0c4 DnsHostnameToComputerNameA
0x42b0c8 BeginUpdateResourceA
0x42b0cc GetModuleHandleA
0x42b0d0 HeapSetInformation
0x42b0d4 GetCPInfoExA
0x42b0d8 FindFirstVolumeA
0x42b0dc EndUpdateResourceA
0x42b0e0 GetCurrentProcessId
0x42b0e4 GetConsoleProcessList
0x42b0e8 AreFileApisANSI
0x42b0ec GetMailslotInfo
0x42b0f0 LCMapStringW
0x42b0f4 LCMapStringA
0x42b0f8 UnhandledExceptionFilter
0x42b0fc SetUnhandledExceptionFilter
0x42b100 HeapAlloc
0x42b104 Sleep
0x42b108 ExitProcess
0x42b10c GetCommandLineA
0x42b110 GetStartupInfoA
0x42b114 RaiseException
0x42b118 RtlUnwind
0x42b11c GetLastError
0x42b120 WriteFile
0x42b124 GetStdHandle
0x42b128 GetModuleFileNameA
0x42b12c TerminateProcess
0x42b130 IsDebuggerPresent
0x42b134 HeapFree
0x42b138 DeleteCriticalSection
0x42b13c LeaveCriticalSection
0x42b140 VirtualFree
0x42b144 VirtualAlloc
0x42b148 HeapReAlloc
0x42b14c HeapCreate
0x42b150 TlsGetValue
0x42b154 TlsAlloc
0x42b158 TlsSetValue
0x42b15c TlsFree
0x42b160 GetCurrentThreadId
0x42b164 LoadLibraryA
0x42b168 InitializeCriticalSectionAndSpinCount
0x42b16c FreeEnvironmentStringsA
0x42b170 GetEnvironmentStrings
0x42b174 FreeEnvironmentStringsW
0x42b178 WideCharToMultiByte
0x42b17c SetHandleCount
0x42b180 GetFileType
0x42b184 QueryPerformanceCounter
0x42b188 GetTickCount
0x42b18c GetSystemTimeAsFileTime
0x42b190 GetCPInfo
0x42b194 GetOEMCP
0x42b198 IsValidCodePage
0x42b19c HeapSize
0x42b1a0 GetLocaleInfoA
0x42b1a4 GetStringTypeA
0x42b1a8 MultiByteToWideChar
0x42b1ac GetStringTypeW
USER32.dll
0x42b1b4 RealGetWindowClassA
EAT(Export Address Table) Library
0x401065 @SetFirstEverVice@8
KERNEL32.dll
0x42b000 GetConsoleAliasesLengthW
0x42b004 SetLocalTime
0x42b008 WriteConsoleOutputW
0x42b00c InterlockedIncrement
0x42b010 GetConsoleAliasA
0x42b014 InterlockedDecrement
0x42b018 GetCurrentProcess
0x42b01c ReadConsoleOutputAttribute
0x42b020 SetEnvironmentVariableW
0x42b024 GetEnvironmentStringsW
0x42b028 WaitForSingleObject
0x42b02c GetSystemDefaultLCID
0x42b030 GetModuleHandleW
0x42b034 EnumCalendarInfoExW
0x42b038 SetThreadUILanguage
0x42b03c GetConsoleTitleA
0x42b040 CreateActCtxW
0x42b044 GetConsoleCP
0x42b048 GetSystemDirectoryW
0x42b04c ReadConsoleInputA
0x42b050 SetVolumeMountPointA
0x42b054 GetSystemWindowsDirectoryA
0x42b058 GetVersionExW
0x42b05c GetFileAttributesA
0x42b060 lstrcpynW
0x42b064 SetConsoleCursorPosition
0x42b068 SetTimeZoneInformation
0x42b06c VerifyVersionInfoA
0x42b070 WriteConsoleW
0x42b074 IsBadWritePtr
0x42b078 GetModuleFileNameW
0x42b07c lstrcatA
0x42b080 GetACP
0x42b084 lstrlenW
0x42b088 FlushFileBuffers
0x42b08c InterlockedExchange
0x42b090 FillConsoleOutputCharacterW
0x42b094 SetLastError
0x42b098 GetProcAddress
0x42b09c PeekConsoleInputW
0x42b0a0 EnumDateFormatsExA
0x42b0a4 CreateTimerQueueTimer
0x42b0a8 LocalLock
0x42b0ac GetConsoleDisplayMode
0x42b0b0 EnterCriticalSection
0x42b0b4 SetTimerQueueTimer
0x42b0b8 GlobalGetAtomNameA
0x42b0bc ResetEvent
0x42b0c0 LocalAlloc
0x42b0c4 DnsHostnameToComputerNameA
0x42b0c8 BeginUpdateResourceA
0x42b0cc GetModuleHandleA
0x42b0d0 HeapSetInformation
0x42b0d4 GetCPInfoExA
0x42b0d8 FindFirstVolumeA
0x42b0dc EndUpdateResourceA
0x42b0e0 GetCurrentProcessId
0x42b0e4 GetConsoleProcessList
0x42b0e8 AreFileApisANSI
0x42b0ec GetMailslotInfo
0x42b0f0 LCMapStringW
0x42b0f4 LCMapStringA
0x42b0f8 UnhandledExceptionFilter
0x42b0fc SetUnhandledExceptionFilter
0x42b100 HeapAlloc
0x42b104 Sleep
0x42b108 ExitProcess
0x42b10c GetCommandLineA
0x42b110 GetStartupInfoA
0x42b114 RaiseException
0x42b118 RtlUnwind
0x42b11c GetLastError
0x42b120 WriteFile
0x42b124 GetStdHandle
0x42b128 GetModuleFileNameA
0x42b12c TerminateProcess
0x42b130 IsDebuggerPresent
0x42b134 HeapFree
0x42b138 DeleteCriticalSection
0x42b13c LeaveCriticalSection
0x42b140 VirtualFree
0x42b144 VirtualAlloc
0x42b148 HeapReAlloc
0x42b14c HeapCreate
0x42b150 TlsGetValue
0x42b154 TlsAlloc
0x42b158 TlsSetValue
0x42b15c TlsFree
0x42b160 GetCurrentThreadId
0x42b164 LoadLibraryA
0x42b168 InitializeCriticalSectionAndSpinCount
0x42b16c FreeEnvironmentStringsA
0x42b170 GetEnvironmentStrings
0x42b174 FreeEnvironmentStringsW
0x42b178 WideCharToMultiByte
0x42b17c SetHandleCount
0x42b180 GetFileType
0x42b184 QueryPerformanceCounter
0x42b188 GetTickCount
0x42b18c GetSystemTimeAsFileTime
0x42b190 GetCPInfo
0x42b194 GetOEMCP
0x42b198 IsValidCodePage
0x42b19c HeapSize
0x42b1a0 GetLocaleInfoA
0x42b1a4 GetStringTypeA
0x42b1a8 MultiByteToWideChar
0x42b1ac GetStringTypeW
USER32.dll
0x42b1b4 RealGetWindowClassA
EAT(Export Address Table) Library
0x401065 @SetFirstEverVice@8