ScreenShot
| Created | 2021.08.24 09:39 | Machine | s1_win7_x6402 |
| Filename | sefile.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 25 detected (malicious, high confidence, Unsafe, Save, ZexaF, pq0@aucgBlbi, Kryptik, Eldorado, Attribute, HighConfidence, CLASSIC, A + Troj, Krypt, HPGen, Static AI, Suspicious PE, Score, Sabsik, Artemis, susgen, confidence, 100%) | ||
| md5 | b1c5a3368b6c0c2aa2042560821dbe69 | ||
| sha256 | 69d7cda8caed6f8d1ae68bdf79e10bfeb398dbb163301904b8dd7906b05e1381 | ||
| ssdeep | 6144:274Mdt5NhmKSENDuhYMrdfn4l4AEIhygrs0Duho:2nBhCEJ2RniPEIhyg4quh | ||
| imphash | 7f519e58768c36b2651aa4c0b9c28c9d | ||
| impfuzzy | 48:kJp8Z1Xe5BdH1m6OMrJtdVGjUc9HvWNd6:yc1XurVmpMrJtzGjUctvWNo | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 25 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x42c000 GetConsoleAliasesLengthW
0x42c004 WriteConsoleOutputCharacterA
0x42c008 BuildCommDCBAndTimeoutsA
0x42c00c WriteConsoleOutputW
0x42c010 EndUpdateResourceW
0x42c014 InterlockedIncrement
0x42c018 InterlockedDecrement
0x42c01c GetCurrentProcess
0x42c020 GetSystemWindowsDirectoryW
0x42c024 SetEnvironmentVariableW
0x42c028 WaitForSingleObject
0x42c02c GetSystemDefaultLCID
0x42c030 GetModuleHandleW
0x42c034 EnumCalendarInfoExW
0x42c038 SetThreadUILanguage
0x42c03c GetConsoleAliasesLengthA
0x42c040 GetConsoleTitleA
0x42c044 GetEnvironmentStrings
0x42c048 GetConsoleCP
0x42c04c ReadConsoleInputA
0x42c050 SetVolumeMountPointA
0x42c054 lstrcpynW
0x42c058 SetConsoleCursorPosition
0x42c05c GetFileAttributesW
0x42c060 SetTimeZoneInformation
0x42c064 WriteConsoleW
0x42c068 IsBadWritePtr
0x42c06c GetMailslotInfo
0x42c070 lstrcatA
0x42c074 lstrlenW
0x42c078 FlushFileBuffers
0x42c07c InterlockedExchange
0x42c080 FillConsoleOutputCharacterW
0x42c084 ChangeTimerQueueTimer
0x42c088 SetLastError
0x42c08c GetProcAddress
0x42c090 PeekConsoleInputW
0x42c094 EnumDateFormatsExA
0x42c098 CreateTimerQueueTimer
0x42c09c LocalLock
0x42c0a0 EnterCriticalSection
0x42c0a4 GlobalGetAtomNameA
0x42c0a8 ResetEvent
0x42c0ac GetLocalTime
0x42c0b0 LocalAlloc
0x42c0b4 SetConsoleOutputCP
0x42c0b8 SetFileApisToANSI
0x42c0bc GetOEMCP
0x42c0c0 GetModuleHandleA
0x42c0c4 HeapSetInformation
0x42c0c8 GetCPInfoExA
0x42c0cc FindFirstVolumeA
0x42c0d0 DeleteTimerQueueTimer
0x42c0d4 GetCurrentProcessId
0x42c0d8 GetConsoleProcessList
0x42c0dc GetModuleFileNameW
0x42c0e0 GetSystemDefaultLangID
0x42c0e4 UnhandledExceptionFilter
0x42c0e8 SetUnhandledExceptionFilter
0x42c0ec HeapAlloc
0x42c0f0 GetCommandLineA
0x42c0f4 GetStartupInfoA
0x42c0f8 RaiseException
0x42c0fc RtlUnwind
0x42c100 Sleep
0x42c104 ExitProcess
0x42c108 GetLastError
0x42c10c WriteFile
0x42c110 GetStdHandle
0x42c114 GetModuleFileNameA
0x42c118 TerminateProcess
0x42c11c IsDebuggerPresent
0x42c120 HeapFree
0x42c124 DeleteCriticalSection
0x42c128 LeaveCriticalSection
0x42c12c VirtualFree
0x42c130 VirtualAlloc
0x42c134 HeapReAlloc
0x42c138 HeapCreate
0x42c13c FreeEnvironmentStringsA
0x42c140 FreeEnvironmentStringsW
0x42c144 WideCharToMultiByte
0x42c148 GetEnvironmentStringsW
0x42c14c SetHandleCount
0x42c150 GetFileType
0x42c154 TlsGetValue
0x42c158 TlsAlloc
0x42c15c TlsSetValue
0x42c160 TlsFree
0x42c164 GetCurrentThreadId
0x42c168 QueryPerformanceCounter
0x42c16c GetTickCount
0x42c170 GetSystemTimeAsFileTime
0x42c174 LoadLibraryA
0x42c178 InitializeCriticalSectionAndSpinCount
0x42c17c HeapSize
0x42c180 GetCPInfo
0x42c184 GetACP
0x42c188 IsValidCodePage
0x42c18c GetLocaleInfoA
0x42c190 LCMapStringA
0x42c194 MultiByteToWideChar
0x42c198 LCMapStringW
0x42c19c GetStringTypeA
0x42c1a0 GetStringTypeW
USER32.dll
0x42c1a8 GetAltTabInfoW
EAT(Export Address Table) Library
0x401065 @SetFirstEverVice@8
KERNEL32.dll
0x42c000 GetConsoleAliasesLengthW
0x42c004 WriteConsoleOutputCharacterA
0x42c008 BuildCommDCBAndTimeoutsA
0x42c00c WriteConsoleOutputW
0x42c010 EndUpdateResourceW
0x42c014 InterlockedIncrement
0x42c018 InterlockedDecrement
0x42c01c GetCurrentProcess
0x42c020 GetSystemWindowsDirectoryW
0x42c024 SetEnvironmentVariableW
0x42c028 WaitForSingleObject
0x42c02c GetSystemDefaultLCID
0x42c030 GetModuleHandleW
0x42c034 EnumCalendarInfoExW
0x42c038 SetThreadUILanguage
0x42c03c GetConsoleAliasesLengthA
0x42c040 GetConsoleTitleA
0x42c044 GetEnvironmentStrings
0x42c048 GetConsoleCP
0x42c04c ReadConsoleInputA
0x42c050 SetVolumeMountPointA
0x42c054 lstrcpynW
0x42c058 SetConsoleCursorPosition
0x42c05c GetFileAttributesW
0x42c060 SetTimeZoneInformation
0x42c064 WriteConsoleW
0x42c068 IsBadWritePtr
0x42c06c GetMailslotInfo
0x42c070 lstrcatA
0x42c074 lstrlenW
0x42c078 FlushFileBuffers
0x42c07c InterlockedExchange
0x42c080 FillConsoleOutputCharacterW
0x42c084 ChangeTimerQueueTimer
0x42c088 SetLastError
0x42c08c GetProcAddress
0x42c090 PeekConsoleInputW
0x42c094 EnumDateFormatsExA
0x42c098 CreateTimerQueueTimer
0x42c09c LocalLock
0x42c0a0 EnterCriticalSection
0x42c0a4 GlobalGetAtomNameA
0x42c0a8 ResetEvent
0x42c0ac GetLocalTime
0x42c0b0 LocalAlloc
0x42c0b4 SetConsoleOutputCP
0x42c0b8 SetFileApisToANSI
0x42c0bc GetOEMCP
0x42c0c0 GetModuleHandleA
0x42c0c4 HeapSetInformation
0x42c0c8 GetCPInfoExA
0x42c0cc FindFirstVolumeA
0x42c0d0 DeleteTimerQueueTimer
0x42c0d4 GetCurrentProcessId
0x42c0d8 GetConsoleProcessList
0x42c0dc GetModuleFileNameW
0x42c0e0 GetSystemDefaultLangID
0x42c0e4 UnhandledExceptionFilter
0x42c0e8 SetUnhandledExceptionFilter
0x42c0ec HeapAlloc
0x42c0f0 GetCommandLineA
0x42c0f4 GetStartupInfoA
0x42c0f8 RaiseException
0x42c0fc RtlUnwind
0x42c100 Sleep
0x42c104 ExitProcess
0x42c108 GetLastError
0x42c10c WriteFile
0x42c110 GetStdHandle
0x42c114 GetModuleFileNameA
0x42c118 TerminateProcess
0x42c11c IsDebuggerPresent
0x42c120 HeapFree
0x42c124 DeleteCriticalSection
0x42c128 LeaveCriticalSection
0x42c12c VirtualFree
0x42c130 VirtualAlloc
0x42c134 HeapReAlloc
0x42c138 HeapCreate
0x42c13c FreeEnvironmentStringsA
0x42c140 FreeEnvironmentStringsW
0x42c144 WideCharToMultiByte
0x42c148 GetEnvironmentStringsW
0x42c14c SetHandleCount
0x42c150 GetFileType
0x42c154 TlsGetValue
0x42c158 TlsAlloc
0x42c15c TlsSetValue
0x42c160 TlsFree
0x42c164 GetCurrentThreadId
0x42c168 QueryPerformanceCounter
0x42c16c GetTickCount
0x42c170 GetSystemTimeAsFileTime
0x42c174 LoadLibraryA
0x42c178 InitializeCriticalSectionAndSpinCount
0x42c17c HeapSize
0x42c180 GetCPInfo
0x42c184 GetACP
0x42c188 IsValidCodePage
0x42c18c GetLocaleInfoA
0x42c190 LCMapStringA
0x42c194 MultiByteToWideChar
0x42c198 LCMapStringW
0x42c19c GetStringTypeA
0x42c1a0 GetStringTypeW
USER32.dll
0x42c1a8 GetAltTabInfoW
EAT(Export Address Table) Library
0x401065 @SetFirstEverVice@8