ScreenShot
| Created | 2021.08.24 16:48 | Machine | s1_win7_x6402 |
| Filename | fileT2.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 21 detected (malicious, high confidence, ZexaF, wqY@aGADHfcK, Kryptik, Eldorado, Attribute, HighConfidence, GenKryptik, FJLH, Brook, CLASSIC, DownLoader41, Artemis, 3ALHY6, score, InvalidSig, confidence, 100%) | ||
| md5 | 73ca4c10afa6a3f712facb40aa8254ae | ||
| sha256 | d8f723849493f85b6bd44cf8b94261f30ff26fa3080d5e53b537a5eacfdd873d | ||
| ssdeep | 6144:W5cg4yf/CHeM7JSjrkIKN3xyGUyOxDIjl+WMIzgjnHwpR3G8WhQg1CM1SzQf+:Tgffa+Mt1zhUBxDi4WQHxJQwZg/ | ||
| imphash | c3357f55d714ba99dcfee6966059bf12 | ||
| impfuzzy | 48:CzXlvaOOeEn8VBX7QvZqphFO8tjaE0ec+JSc7ssPOJ:IXldBpL6M/FvtGE0ec+JSEssGJ | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 21 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x426000 GetCommandLineW
0x426004 FileTimeToDosDateTime
0x426008 SetThreadContext
0x42600c GetNativeSystemInfo
0x426010 SetFilePointer
0x426014 lstrlenA
0x426018 CopyFileExW
0x42601c TlsGetValue
0x426020 InterlockedIncrement
0x426024 GetQueuedCompletionStatus
0x426028 GetCommState
0x42602c InterlockedDecrement
0x426030 GetSystemWindowsDirectoryW
0x426034 GlobalLock
0x426038 WaitForSingleObject
0x42603c SetEvent
0x426040 FreeEnvironmentStringsA
0x426044 GetTickCount
0x426048 CreateNamedPipeW
0x42604c VirtualFree
0x426050 GetConsoleAliasesLengthA
0x426054 GetDriveTypeA
0x426058 GetPriorityClass
0x42605c LoadLibraryW
0x426060 GetConsoleMode
0x426064 TerminateThread
0x426068 GetVersionExW
0x42606c SetConsoleMode
0x426070 SetConsoleCursorPosition
0x426074 ReadFile
0x426078 GetOverlappedResult
0x42607c CompareStringW
0x426080 GetStartupInfoW
0x426084 GetNamedPipeHandleStateW
0x426088 LCMapStringA
0x42608c GetPrivateProfileIntW
0x426090 CreateDirectoryA
0x426094 GetFileSizeEx
0x426098 GetCPInfoExW
0x42609c GetLastError
0x4260a0 IsDBCSLeadByteEx
0x4260a4 GetProcAddress
0x4260a8 CopyFileA
0x4260ac GetPrivateProfileStringA
0x4260b0 LoadLibraryA
0x4260b4 OpenMutexA
0x4260b8 LocalAlloc
0x4260bc IsSystemResumeAutomatic
0x4260c0 SetCurrentDirectoryW
0x4260c4 WriteProfileSectionW
0x4260c8 HeapWalk
0x4260cc SetNamedPipeHandleState
0x4260d0 Process32NextW
0x4260d4 SetConsoleTitleW
0x4260d8 FindFirstChangeNotificationA
0x4260dc FreeEnvironmentStringsW
0x4260e0 EnumResourceNamesA
0x4260e4 FatalAppExitA
0x4260e8 GetCurrentThreadId
0x4260ec OpenSemaphoreW
0x4260f0 FindAtomW
0x4260f4 ReadConsoleOutputCharacterW
0x4260f8 GetSystemTime
0x4260fc DeleteFileA
0x426100 UnhandledExceptionFilter
0x426104 SetUnhandledExceptionFilter
0x426108 HeapValidate
0x42610c IsBadReadPtr
0x426110 RaiseException
0x426114 GetModuleHandleW
0x426118 Sleep
0x42611c ExitProcess
0x426120 GetModuleFileNameA
0x426124 WriteFile
0x426128 GetStdHandle
0x42612c TlsAlloc
0x426130 TlsSetValue
0x426134 TlsFree
0x426138 SetLastError
0x42613c TerminateProcess
0x426140 GetCurrentProcess
0x426144 IsDebuggerPresent
0x426148 GetModuleFileNameW
0x42614c EnterCriticalSection
0x426150 LeaveCriticalSection
0x426154 DeleteCriticalSection
0x426158 QueryPerformanceCounter
0x42615c GetCurrentProcessId
0x426160 GetSystemTimeAsFileTime
0x426164 GetEnvironmentStringsW
0x426168 SetHandleCount
0x42616c GetFileType
0x426170 GetStartupInfoA
0x426174 HeapDestroy
0x426178 HeapCreate
0x42617c HeapFree
0x426180 HeapAlloc
0x426184 HeapSize
0x426188 HeapReAlloc
0x42618c VirtualAlloc
0x426190 GetACP
0x426194 GetOEMCP
0x426198 GetCPInfo
0x42619c IsValidCodePage
0x4261a0 InitializeCriticalSectionAndSpinCount
0x4261a4 RtlUnwind
0x4261a8 WideCharToMultiByte
0x4261ac GetConsoleCP
0x4261b0 DebugBreak
0x4261b4 OutputDebugStringA
0x4261b8 WriteConsoleW
0x4261bc OutputDebugStringW
0x4261c0 MultiByteToWideChar
0x4261c4 LCMapStringW
0x4261c8 GetStringTypeA
0x4261cc GetStringTypeW
0x4261d0 GetLocaleInfoA
0x4261d4 SetStdHandle
0x4261d8 WriteConsoleA
0x4261dc GetConsoleOutputCP
0x4261e0 FlushFileBuffers
0x4261e4 CreateFileA
0x4261e8 CloseHandle
0x4261ec GetModuleHandleA
USER32.dll
0x4261f4 GetTitleBarInfo
WINHTTP.dll
0x4261fc WinHttpReadData
EAT(Export Address Table) is none
KERNEL32.dll
0x426000 GetCommandLineW
0x426004 FileTimeToDosDateTime
0x426008 SetThreadContext
0x42600c GetNativeSystemInfo
0x426010 SetFilePointer
0x426014 lstrlenA
0x426018 CopyFileExW
0x42601c TlsGetValue
0x426020 InterlockedIncrement
0x426024 GetQueuedCompletionStatus
0x426028 GetCommState
0x42602c InterlockedDecrement
0x426030 GetSystemWindowsDirectoryW
0x426034 GlobalLock
0x426038 WaitForSingleObject
0x42603c SetEvent
0x426040 FreeEnvironmentStringsA
0x426044 GetTickCount
0x426048 CreateNamedPipeW
0x42604c VirtualFree
0x426050 GetConsoleAliasesLengthA
0x426054 GetDriveTypeA
0x426058 GetPriorityClass
0x42605c LoadLibraryW
0x426060 GetConsoleMode
0x426064 TerminateThread
0x426068 GetVersionExW
0x42606c SetConsoleMode
0x426070 SetConsoleCursorPosition
0x426074 ReadFile
0x426078 GetOverlappedResult
0x42607c CompareStringW
0x426080 GetStartupInfoW
0x426084 GetNamedPipeHandleStateW
0x426088 LCMapStringA
0x42608c GetPrivateProfileIntW
0x426090 CreateDirectoryA
0x426094 GetFileSizeEx
0x426098 GetCPInfoExW
0x42609c GetLastError
0x4260a0 IsDBCSLeadByteEx
0x4260a4 GetProcAddress
0x4260a8 CopyFileA
0x4260ac GetPrivateProfileStringA
0x4260b0 LoadLibraryA
0x4260b4 OpenMutexA
0x4260b8 LocalAlloc
0x4260bc IsSystemResumeAutomatic
0x4260c0 SetCurrentDirectoryW
0x4260c4 WriteProfileSectionW
0x4260c8 HeapWalk
0x4260cc SetNamedPipeHandleState
0x4260d0 Process32NextW
0x4260d4 SetConsoleTitleW
0x4260d8 FindFirstChangeNotificationA
0x4260dc FreeEnvironmentStringsW
0x4260e0 EnumResourceNamesA
0x4260e4 FatalAppExitA
0x4260e8 GetCurrentThreadId
0x4260ec OpenSemaphoreW
0x4260f0 FindAtomW
0x4260f4 ReadConsoleOutputCharacterW
0x4260f8 GetSystemTime
0x4260fc DeleteFileA
0x426100 UnhandledExceptionFilter
0x426104 SetUnhandledExceptionFilter
0x426108 HeapValidate
0x42610c IsBadReadPtr
0x426110 RaiseException
0x426114 GetModuleHandleW
0x426118 Sleep
0x42611c ExitProcess
0x426120 GetModuleFileNameA
0x426124 WriteFile
0x426128 GetStdHandle
0x42612c TlsAlloc
0x426130 TlsSetValue
0x426134 TlsFree
0x426138 SetLastError
0x42613c TerminateProcess
0x426140 GetCurrentProcess
0x426144 IsDebuggerPresent
0x426148 GetModuleFileNameW
0x42614c EnterCriticalSection
0x426150 LeaveCriticalSection
0x426154 DeleteCriticalSection
0x426158 QueryPerformanceCounter
0x42615c GetCurrentProcessId
0x426160 GetSystemTimeAsFileTime
0x426164 GetEnvironmentStringsW
0x426168 SetHandleCount
0x42616c GetFileType
0x426170 GetStartupInfoA
0x426174 HeapDestroy
0x426178 HeapCreate
0x42617c HeapFree
0x426180 HeapAlloc
0x426184 HeapSize
0x426188 HeapReAlloc
0x42618c VirtualAlloc
0x426190 GetACP
0x426194 GetOEMCP
0x426198 GetCPInfo
0x42619c IsValidCodePage
0x4261a0 InitializeCriticalSectionAndSpinCount
0x4261a4 RtlUnwind
0x4261a8 WideCharToMultiByte
0x4261ac GetConsoleCP
0x4261b0 DebugBreak
0x4261b4 OutputDebugStringA
0x4261b8 WriteConsoleW
0x4261bc OutputDebugStringW
0x4261c0 MultiByteToWideChar
0x4261c4 LCMapStringW
0x4261c8 GetStringTypeA
0x4261cc GetStringTypeW
0x4261d0 GetLocaleInfoA
0x4261d4 SetStdHandle
0x4261d8 WriteConsoleA
0x4261dc GetConsoleOutputCP
0x4261e0 FlushFileBuffers
0x4261e4 CreateFileA
0x4261e8 CloseHandle
0x4261ec GetModuleHandleA
USER32.dll
0x4261f4 GetTitleBarInfo
WINHTTP.dll
0x4261fc WinHttpReadData
EAT(Export Address Table) is none