ScreenShot
| Created | 2021.08.24 09:01 | Machine | s1_win7_x6401 |
| Filename | sufile.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 26 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, ZexaF, vq0@aCmFAtpi, Kryptik, Eldorado, Attribute, HighConfidence, Convagent, CLASSIC, A + Troj, Krypt, HPGen, Static AI, Malicious PE, Score, Sabsik, MachineLearning, Anomalous, 100%, susgen, confidence) | ||
| md5 | ff3152ecd477958a1a8dc359a648c651 | ||
| sha256 | d9b5568f87b3cb675eb752cecd36f1db250725e280fdb80fdfeeab8edf9e4c90 | ||
| ssdeep | 6144:t/DSjdV1sFsdEUsg6mBeubzZdujt1D6W2IGBMEv:pShV/rsMrldyGS | ||
| imphash | 7f519e58768c36b2651aa4c0b9c28c9d | ||
| impfuzzy | 48:kJp8Z1Xe5BdH1m6OMrJtdVGjUc9HvWNd6:yc1XurVmpMrJtzGjUctvWNo | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x443000 GetConsoleAliasesLengthW
0x443004 WriteConsoleOutputCharacterA
0x443008 BuildCommDCBAndTimeoutsA
0x44300c WriteConsoleOutputW
0x443010 EndUpdateResourceW
0x443014 InterlockedIncrement
0x443018 InterlockedDecrement
0x44301c GetCurrentProcess
0x443020 GetSystemWindowsDirectoryW
0x443024 SetEnvironmentVariableW
0x443028 WaitForSingleObject
0x44302c GetSystemDefaultLCID
0x443030 GetModuleHandleW
0x443034 EnumCalendarInfoExW
0x443038 SetThreadUILanguage
0x44303c GetConsoleAliasesLengthA
0x443040 GetConsoleTitleA
0x443044 GetEnvironmentStrings
0x443048 GetConsoleCP
0x44304c ReadConsoleInputA
0x443050 SetVolumeMountPointA
0x443054 lstrcpynW
0x443058 SetConsoleCursorPosition
0x44305c GetFileAttributesW
0x443060 SetTimeZoneInformation
0x443064 WriteConsoleW
0x443068 IsBadWritePtr
0x44306c GetMailslotInfo
0x443070 lstrcatA
0x443074 lstrlenW
0x443078 FlushFileBuffers
0x44307c InterlockedExchange
0x443080 FillConsoleOutputCharacterW
0x443084 ChangeTimerQueueTimer
0x443088 SetLastError
0x44308c GetProcAddress
0x443090 PeekConsoleInputW
0x443094 EnumDateFormatsExA
0x443098 CreateTimerQueueTimer
0x44309c LocalLock
0x4430a0 EnterCriticalSection
0x4430a4 GlobalGetAtomNameA
0x4430a8 ResetEvent
0x4430ac GetLocalTime
0x4430b0 LocalAlloc
0x4430b4 SetConsoleOutputCP
0x4430b8 SetFileApisToANSI
0x4430bc GetOEMCP
0x4430c0 GetModuleHandleA
0x4430c4 HeapSetInformation
0x4430c8 GetCPInfoExA
0x4430cc FindFirstVolumeA
0x4430d0 DeleteTimerQueueTimer
0x4430d4 GetCurrentProcessId
0x4430d8 GetConsoleProcessList
0x4430dc GetModuleFileNameW
0x4430e0 GetSystemDefaultLangID
0x4430e4 UnhandledExceptionFilter
0x4430e8 SetUnhandledExceptionFilter
0x4430ec HeapAlloc
0x4430f0 GetCommandLineA
0x4430f4 GetStartupInfoA
0x4430f8 RaiseException
0x4430fc RtlUnwind
0x443100 Sleep
0x443104 ExitProcess
0x443108 GetLastError
0x44310c WriteFile
0x443110 GetStdHandle
0x443114 GetModuleFileNameA
0x443118 TerminateProcess
0x44311c IsDebuggerPresent
0x443120 HeapFree
0x443124 DeleteCriticalSection
0x443128 LeaveCriticalSection
0x44312c VirtualFree
0x443130 VirtualAlloc
0x443134 HeapReAlloc
0x443138 HeapCreate
0x44313c FreeEnvironmentStringsA
0x443140 FreeEnvironmentStringsW
0x443144 WideCharToMultiByte
0x443148 GetEnvironmentStringsW
0x44314c SetHandleCount
0x443150 GetFileType
0x443154 TlsGetValue
0x443158 TlsAlloc
0x44315c TlsSetValue
0x443160 TlsFree
0x443164 GetCurrentThreadId
0x443168 QueryPerformanceCounter
0x44316c GetTickCount
0x443170 GetSystemTimeAsFileTime
0x443174 LoadLibraryA
0x443178 InitializeCriticalSectionAndSpinCount
0x44317c HeapSize
0x443180 GetCPInfo
0x443184 GetACP
0x443188 IsValidCodePage
0x44318c GetLocaleInfoA
0x443190 LCMapStringA
0x443194 MultiByteToWideChar
0x443198 LCMapStringW
0x44319c GetStringTypeA
0x4431a0 GetStringTypeW
USER32.dll
0x4431a8 GetAltTabInfoW
EAT(Export Address Table) Library
0x401065 @SetFirstEverVice@8
KERNEL32.dll
0x443000 GetConsoleAliasesLengthW
0x443004 WriteConsoleOutputCharacterA
0x443008 BuildCommDCBAndTimeoutsA
0x44300c WriteConsoleOutputW
0x443010 EndUpdateResourceW
0x443014 InterlockedIncrement
0x443018 InterlockedDecrement
0x44301c GetCurrentProcess
0x443020 GetSystemWindowsDirectoryW
0x443024 SetEnvironmentVariableW
0x443028 WaitForSingleObject
0x44302c GetSystemDefaultLCID
0x443030 GetModuleHandleW
0x443034 EnumCalendarInfoExW
0x443038 SetThreadUILanguage
0x44303c GetConsoleAliasesLengthA
0x443040 GetConsoleTitleA
0x443044 GetEnvironmentStrings
0x443048 GetConsoleCP
0x44304c ReadConsoleInputA
0x443050 SetVolumeMountPointA
0x443054 lstrcpynW
0x443058 SetConsoleCursorPosition
0x44305c GetFileAttributesW
0x443060 SetTimeZoneInformation
0x443064 WriteConsoleW
0x443068 IsBadWritePtr
0x44306c GetMailslotInfo
0x443070 lstrcatA
0x443074 lstrlenW
0x443078 FlushFileBuffers
0x44307c InterlockedExchange
0x443080 FillConsoleOutputCharacterW
0x443084 ChangeTimerQueueTimer
0x443088 SetLastError
0x44308c GetProcAddress
0x443090 PeekConsoleInputW
0x443094 EnumDateFormatsExA
0x443098 CreateTimerQueueTimer
0x44309c LocalLock
0x4430a0 EnterCriticalSection
0x4430a4 GlobalGetAtomNameA
0x4430a8 ResetEvent
0x4430ac GetLocalTime
0x4430b0 LocalAlloc
0x4430b4 SetConsoleOutputCP
0x4430b8 SetFileApisToANSI
0x4430bc GetOEMCP
0x4430c0 GetModuleHandleA
0x4430c4 HeapSetInformation
0x4430c8 GetCPInfoExA
0x4430cc FindFirstVolumeA
0x4430d0 DeleteTimerQueueTimer
0x4430d4 GetCurrentProcessId
0x4430d8 GetConsoleProcessList
0x4430dc GetModuleFileNameW
0x4430e0 GetSystemDefaultLangID
0x4430e4 UnhandledExceptionFilter
0x4430e8 SetUnhandledExceptionFilter
0x4430ec HeapAlloc
0x4430f0 GetCommandLineA
0x4430f4 GetStartupInfoA
0x4430f8 RaiseException
0x4430fc RtlUnwind
0x443100 Sleep
0x443104 ExitProcess
0x443108 GetLastError
0x44310c WriteFile
0x443110 GetStdHandle
0x443114 GetModuleFileNameA
0x443118 TerminateProcess
0x44311c IsDebuggerPresent
0x443120 HeapFree
0x443124 DeleteCriticalSection
0x443128 LeaveCriticalSection
0x44312c VirtualFree
0x443130 VirtualAlloc
0x443134 HeapReAlloc
0x443138 HeapCreate
0x44313c FreeEnvironmentStringsA
0x443140 FreeEnvironmentStringsW
0x443144 WideCharToMultiByte
0x443148 GetEnvironmentStringsW
0x44314c SetHandleCount
0x443150 GetFileType
0x443154 TlsGetValue
0x443158 TlsAlloc
0x44315c TlsSetValue
0x443160 TlsFree
0x443164 GetCurrentThreadId
0x443168 QueryPerformanceCounter
0x44316c GetTickCount
0x443170 GetSystemTimeAsFileTime
0x443174 LoadLibraryA
0x443178 InitializeCriticalSectionAndSpinCount
0x44317c HeapSize
0x443180 GetCPInfo
0x443184 GetACP
0x443188 IsValidCodePage
0x44318c GetLocaleInfoA
0x443190 LCMapStringA
0x443194 MultiByteToWideChar
0x443198 LCMapStringW
0x44319c GetStringTypeA
0x4431a0 GetStringTypeW
USER32.dll
0x4431a8 GetAltTabInfoW
EAT(Export Address Table) Library
0x401065 @SetFirstEverVice@8