ScreenShot
| Created | 2021.08.24 12:29 | Machine | s1_win7_x6401 |
| Filename | 5.php | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 20 detected (AIDetect, malware1, malicious, high confidence, Artemis, Unsafe, confidence, 100%, Attribute, HighConfidence, Kryptik, CLASSIC, HPGen, susgen, Azorult, score, MachineLearning, Anomalous, Static AI, Malicious PE) | ||
| md5 | da06f080170b823ad617874958f2fcaf | ||
| sha256 | b874e1727cc652a60a2f879d8f3e233d554e013c6d78d6496c3823abe5fbbcfa | ||
| ssdeep | 1536:/h4ZeRwR3gZqkmc3SOIvp2i0Tn2Q6n+c6vr9xGO3JcMgu5oxQgf9jNjvJATEL+hZ:+R3gZQplvpR2/iQ5xGA2M95oagzJQKt | ||
| imphash | 7f519e58768c36b2651aa4c0b9c28c9d | ||
| impfuzzy | 48:kJp8Z1Xe5BdH1m6OMrJtdVGjUc9HvWNd6:yc1XurVmpMrJtzGjUctvWNo | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 20 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x416000 GetConsoleAliasesLengthW
0x416004 WriteConsoleOutputCharacterA
0x416008 BuildCommDCBAndTimeoutsA
0x41600c WriteConsoleOutputW
0x416010 EndUpdateResourceW
0x416014 InterlockedIncrement
0x416018 InterlockedDecrement
0x41601c GetCurrentProcess
0x416020 GetSystemWindowsDirectoryW
0x416024 SetEnvironmentVariableW
0x416028 WaitForSingleObject
0x41602c GetSystemDefaultLCID
0x416030 GetModuleHandleW
0x416034 EnumCalendarInfoExW
0x416038 SetThreadUILanguage
0x41603c GetConsoleAliasesLengthA
0x416040 GetConsoleTitleA
0x416044 GetEnvironmentStrings
0x416048 GetConsoleCP
0x41604c ReadConsoleInputA
0x416050 SetVolumeMountPointA
0x416054 lstrcpynW
0x416058 SetConsoleCursorPosition
0x41605c GetFileAttributesW
0x416060 SetTimeZoneInformation
0x416064 WriteConsoleW
0x416068 IsBadWritePtr
0x41606c GetMailslotInfo
0x416070 lstrcatA
0x416074 lstrlenW
0x416078 FlushFileBuffers
0x41607c InterlockedExchange
0x416080 FillConsoleOutputCharacterW
0x416084 ChangeTimerQueueTimer
0x416088 SetLastError
0x41608c GetProcAddress
0x416090 PeekConsoleInputW
0x416094 EnumDateFormatsExA
0x416098 CreateTimerQueueTimer
0x41609c LocalLock
0x4160a0 EnterCriticalSection
0x4160a4 GlobalGetAtomNameA
0x4160a8 ResetEvent
0x4160ac GetLocalTime
0x4160b0 LocalAlloc
0x4160b4 SetConsoleOutputCP
0x4160b8 SetFileApisToANSI
0x4160bc GetOEMCP
0x4160c0 GetModuleHandleA
0x4160c4 HeapSetInformation
0x4160c8 GetCPInfoExA
0x4160cc FindFirstVolumeA
0x4160d0 DeleteTimerQueueTimer
0x4160d4 GetCurrentProcessId
0x4160d8 GetConsoleProcessList
0x4160dc GetModuleFileNameW
0x4160e0 GetSystemDefaultLangID
0x4160e4 UnhandledExceptionFilter
0x4160e8 SetUnhandledExceptionFilter
0x4160ec HeapAlloc
0x4160f0 GetCommandLineA
0x4160f4 GetStartupInfoA
0x4160f8 RaiseException
0x4160fc RtlUnwind
0x416100 Sleep
0x416104 ExitProcess
0x416108 GetLastError
0x41610c WriteFile
0x416110 GetStdHandle
0x416114 GetModuleFileNameA
0x416118 TerminateProcess
0x41611c IsDebuggerPresent
0x416120 HeapFree
0x416124 DeleteCriticalSection
0x416128 LeaveCriticalSection
0x41612c VirtualFree
0x416130 VirtualAlloc
0x416134 HeapReAlloc
0x416138 HeapCreate
0x41613c FreeEnvironmentStringsA
0x416140 FreeEnvironmentStringsW
0x416144 WideCharToMultiByte
0x416148 GetEnvironmentStringsW
0x41614c SetHandleCount
0x416150 GetFileType
0x416154 TlsGetValue
0x416158 TlsAlloc
0x41615c TlsSetValue
0x416160 TlsFree
0x416164 GetCurrentThreadId
0x416168 QueryPerformanceCounter
0x41616c GetTickCount
0x416170 GetSystemTimeAsFileTime
0x416174 LoadLibraryA
0x416178 InitializeCriticalSectionAndSpinCount
0x41617c HeapSize
0x416180 GetCPInfo
0x416184 GetACP
0x416188 IsValidCodePage
0x41618c GetLocaleInfoA
0x416190 LCMapStringA
0x416194 MultiByteToWideChar
0x416198 LCMapStringW
0x41619c GetStringTypeA
0x4161a0 GetStringTypeW
USER32.dll
0x4161a8 GetAltTabInfoW
EAT(Export Address Table) Library
0x401065 @SetFirstEverVice@8
KERNEL32.dll
0x416000 GetConsoleAliasesLengthW
0x416004 WriteConsoleOutputCharacterA
0x416008 BuildCommDCBAndTimeoutsA
0x41600c WriteConsoleOutputW
0x416010 EndUpdateResourceW
0x416014 InterlockedIncrement
0x416018 InterlockedDecrement
0x41601c GetCurrentProcess
0x416020 GetSystemWindowsDirectoryW
0x416024 SetEnvironmentVariableW
0x416028 WaitForSingleObject
0x41602c GetSystemDefaultLCID
0x416030 GetModuleHandleW
0x416034 EnumCalendarInfoExW
0x416038 SetThreadUILanguage
0x41603c GetConsoleAliasesLengthA
0x416040 GetConsoleTitleA
0x416044 GetEnvironmentStrings
0x416048 GetConsoleCP
0x41604c ReadConsoleInputA
0x416050 SetVolumeMountPointA
0x416054 lstrcpynW
0x416058 SetConsoleCursorPosition
0x41605c GetFileAttributesW
0x416060 SetTimeZoneInformation
0x416064 WriteConsoleW
0x416068 IsBadWritePtr
0x41606c GetMailslotInfo
0x416070 lstrcatA
0x416074 lstrlenW
0x416078 FlushFileBuffers
0x41607c InterlockedExchange
0x416080 FillConsoleOutputCharacterW
0x416084 ChangeTimerQueueTimer
0x416088 SetLastError
0x41608c GetProcAddress
0x416090 PeekConsoleInputW
0x416094 EnumDateFormatsExA
0x416098 CreateTimerQueueTimer
0x41609c LocalLock
0x4160a0 EnterCriticalSection
0x4160a4 GlobalGetAtomNameA
0x4160a8 ResetEvent
0x4160ac GetLocalTime
0x4160b0 LocalAlloc
0x4160b4 SetConsoleOutputCP
0x4160b8 SetFileApisToANSI
0x4160bc GetOEMCP
0x4160c0 GetModuleHandleA
0x4160c4 HeapSetInformation
0x4160c8 GetCPInfoExA
0x4160cc FindFirstVolumeA
0x4160d0 DeleteTimerQueueTimer
0x4160d4 GetCurrentProcessId
0x4160d8 GetConsoleProcessList
0x4160dc GetModuleFileNameW
0x4160e0 GetSystemDefaultLangID
0x4160e4 UnhandledExceptionFilter
0x4160e8 SetUnhandledExceptionFilter
0x4160ec HeapAlloc
0x4160f0 GetCommandLineA
0x4160f4 GetStartupInfoA
0x4160f8 RaiseException
0x4160fc RtlUnwind
0x416100 Sleep
0x416104 ExitProcess
0x416108 GetLastError
0x41610c WriteFile
0x416110 GetStdHandle
0x416114 GetModuleFileNameA
0x416118 TerminateProcess
0x41611c IsDebuggerPresent
0x416120 HeapFree
0x416124 DeleteCriticalSection
0x416128 LeaveCriticalSection
0x41612c VirtualFree
0x416130 VirtualAlloc
0x416134 HeapReAlloc
0x416138 HeapCreate
0x41613c FreeEnvironmentStringsA
0x416140 FreeEnvironmentStringsW
0x416144 WideCharToMultiByte
0x416148 GetEnvironmentStringsW
0x41614c SetHandleCount
0x416150 GetFileType
0x416154 TlsGetValue
0x416158 TlsAlloc
0x41615c TlsSetValue
0x416160 TlsFree
0x416164 GetCurrentThreadId
0x416168 QueryPerformanceCounter
0x41616c GetTickCount
0x416170 GetSystemTimeAsFileTime
0x416174 LoadLibraryA
0x416178 InitializeCriticalSectionAndSpinCount
0x41617c HeapSize
0x416180 GetCPInfo
0x416184 GetACP
0x416188 IsValidCodePage
0x41618c GetLocaleInfoA
0x416190 LCMapStringA
0x416194 MultiByteToWideChar
0x416198 LCMapStringW
0x41619c GetStringTypeA
0x4161a0 GetStringTypeW
USER32.dll
0x4161a8 GetAltTabInfoW
EAT(Export Address Table) Library
0x401065 @SetFirstEverVice@8