ScreenShot
| Created | 2021.08.24 16:57 | Machine | s1_win7_x6402 |
| Filename | pub1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 24 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, confidence, 100%, Kryptik, Eldorado, Attribute, HighConfidence, Convagent, HPGen, Emotet, A + Troj, Krypt, Sabsik, score, CLASSIC, Static AI, Malicious PE, susgen, ZexaF, jq0@ayi3awmG) | ||
| md5 | 8adf73ac6b7cab5e86b1f456b0651de4 | ||
| sha256 | e9a0cbf3f7e6a2139d7aed5c0de504f3c3878a2c70bf84409c78a8e15ec73de9 | ||
| ssdeep | 1536:1hRxc8reb+kOMgSU+ZwYLRynOdpz7IfpTX4KQU5SBdrddDcE8fRhxAJATEL+hIty:oHb8hD+GvU/E1QU5SrrTcRh6JQKt | ||
| imphash | 02fed18d5788c3d9bcc1897631bb2a01 | ||
| impfuzzy | 48:kJp8Z1Xe5BdH1miOMrJtdVGjUc9HvWNd6:yc1XurVmBMrJtzGjUctvWNo | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 24 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x412000 GetConsoleAliasesLengthW
0x412004 WriteConsoleOutputCharacterA
0x412008 BuildCommDCBAndTimeoutsA
0x41200c WriteConsoleOutputW
0x412010 EndUpdateResourceW
0x412014 InterlockedIncrement
0x412018 InterlockedDecrement
0x41201c GetCurrentProcess
0x412020 GetSystemWindowsDirectoryW
0x412024 SetEnvironmentVariableW
0x412028 WaitForSingleObject
0x41202c GetSystemDefaultLCID
0x412030 GetModuleHandleW
0x412034 EnumCalendarInfoExW
0x412038 SetThreadUILanguage
0x41203c GetConsoleAliasesLengthA
0x412040 GetConsoleTitleA
0x412044 GetEnvironmentStrings
0x412048 GetConsoleCP
0x41204c ReadConsoleInputA
0x412050 SetVolumeMountPointA
0x412054 lstrcpynW
0x412058 SetConsoleCursorPosition
0x41205c GetFileAttributesW
0x412060 SetTimeZoneInformation
0x412064 WriteConsoleW
0x412068 IsBadWritePtr
0x41206c GetMailslotInfo
0x412070 lstrcatA
0x412074 lstrlenW
0x412078 FlushFileBuffers
0x41207c InterlockedExchange
0x412080 FillConsoleOutputCharacterW
0x412084 ChangeTimerQueueTimer
0x412088 SetLastError
0x41208c GetProcAddress
0x412090 PeekConsoleInputW
0x412094 EnumDateFormatsExA
0x412098 CreateTimerQueueTimer
0x41209c LocalLock
0x4120a0 EnterCriticalSection
0x4120a4 GlobalGetAtomNameA
0x4120a8 ResetEvent
0x4120ac GetLocalTime
0x4120b0 LoadLibraryA
0x4120b4 LocalAlloc
0x4120b8 SetConsoleOutputCP
0x4120bc SetFileApisToANSI
0x4120c0 GetOEMCP
0x4120c4 GetModuleHandleA
0x4120c8 HeapSetInformation
0x4120cc GetCPInfoExA
0x4120d0 FindFirstVolumeA
0x4120d4 DeleteTimerQueueTimer
0x4120d8 GetCurrentProcessId
0x4120dc GetConsoleProcessList
0x4120e0 GetModuleFileNameW
0x4120e4 GetSystemDefaultLangID
0x4120e8 UnhandledExceptionFilter
0x4120ec SetUnhandledExceptionFilter
0x4120f0 HeapAlloc
0x4120f4 GetCommandLineA
0x4120f8 GetStartupInfoA
0x4120fc RaiseException
0x412100 RtlUnwind
0x412104 Sleep
0x412108 ExitProcess
0x41210c GetLastError
0x412110 WriteFile
0x412114 GetStdHandle
0x412118 GetModuleFileNameA
0x41211c TerminateProcess
0x412120 IsDebuggerPresent
0x412124 HeapFree
0x412128 DeleteCriticalSection
0x41212c LeaveCriticalSection
0x412130 VirtualFree
0x412134 VirtualAlloc
0x412138 HeapReAlloc
0x41213c HeapCreate
0x412140 FreeEnvironmentStringsA
0x412144 FreeEnvironmentStringsW
0x412148 WideCharToMultiByte
0x41214c GetEnvironmentStringsW
0x412150 SetHandleCount
0x412154 GetFileType
0x412158 TlsGetValue
0x41215c TlsAlloc
0x412160 TlsSetValue
0x412164 TlsFree
0x412168 GetCurrentThreadId
0x41216c QueryPerformanceCounter
0x412170 GetTickCount
0x412174 GetSystemTimeAsFileTime
0x412178 InitializeCriticalSectionAndSpinCount
0x41217c HeapSize
0x412180 GetCPInfo
0x412184 GetACP
0x412188 IsValidCodePage
0x41218c GetLocaleInfoA
0x412190 LCMapStringA
0x412194 MultiByteToWideChar
0x412198 LCMapStringW
0x41219c GetStringTypeA
0x4121a0 GetStringTypeW
USER32.dll
0x4121a8 GetAltTabInfoW
EAT(Export Address Table) Library
0x401065 @SetFirstEverVice@8
KERNEL32.dll
0x412000 GetConsoleAliasesLengthW
0x412004 WriteConsoleOutputCharacterA
0x412008 BuildCommDCBAndTimeoutsA
0x41200c WriteConsoleOutputW
0x412010 EndUpdateResourceW
0x412014 InterlockedIncrement
0x412018 InterlockedDecrement
0x41201c GetCurrentProcess
0x412020 GetSystemWindowsDirectoryW
0x412024 SetEnvironmentVariableW
0x412028 WaitForSingleObject
0x41202c GetSystemDefaultLCID
0x412030 GetModuleHandleW
0x412034 EnumCalendarInfoExW
0x412038 SetThreadUILanguage
0x41203c GetConsoleAliasesLengthA
0x412040 GetConsoleTitleA
0x412044 GetEnvironmentStrings
0x412048 GetConsoleCP
0x41204c ReadConsoleInputA
0x412050 SetVolumeMountPointA
0x412054 lstrcpynW
0x412058 SetConsoleCursorPosition
0x41205c GetFileAttributesW
0x412060 SetTimeZoneInformation
0x412064 WriteConsoleW
0x412068 IsBadWritePtr
0x41206c GetMailslotInfo
0x412070 lstrcatA
0x412074 lstrlenW
0x412078 FlushFileBuffers
0x41207c InterlockedExchange
0x412080 FillConsoleOutputCharacterW
0x412084 ChangeTimerQueueTimer
0x412088 SetLastError
0x41208c GetProcAddress
0x412090 PeekConsoleInputW
0x412094 EnumDateFormatsExA
0x412098 CreateTimerQueueTimer
0x41209c LocalLock
0x4120a0 EnterCriticalSection
0x4120a4 GlobalGetAtomNameA
0x4120a8 ResetEvent
0x4120ac GetLocalTime
0x4120b0 LoadLibraryA
0x4120b4 LocalAlloc
0x4120b8 SetConsoleOutputCP
0x4120bc SetFileApisToANSI
0x4120c0 GetOEMCP
0x4120c4 GetModuleHandleA
0x4120c8 HeapSetInformation
0x4120cc GetCPInfoExA
0x4120d0 FindFirstVolumeA
0x4120d4 DeleteTimerQueueTimer
0x4120d8 GetCurrentProcessId
0x4120dc GetConsoleProcessList
0x4120e0 GetModuleFileNameW
0x4120e4 GetSystemDefaultLangID
0x4120e8 UnhandledExceptionFilter
0x4120ec SetUnhandledExceptionFilter
0x4120f0 HeapAlloc
0x4120f4 GetCommandLineA
0x4120f8 GetStartupInfoA
0x4120fc RaiseException
0x412100 RtlUnwind
0x412104 Sleep
0x412108 ExitProcess
0x41210c GetLastError
0x412110 WriteFile
0x412114 GetStdHandle
0x412118 GetModuleFileNameA
0x41211c TerminateProcess
0x412120 IsDebuggerPresent
0x412124 HeapFree
0x412128 DeleteCriticalSection
0x41212c LeaveCriticalSection
0x412130 VirtualFree
0x412134 VirtualAlloc
0x412138 HeapReAlloc
0x41213c HeapCreate
0x412140 FreeEnvironmentStringsA
0x412144 FreeEnvironmentStringsW
0x412148 WideCharToMultiByte
0x41214c GetEnvironmentStringsW
0x412150 SetHandleCount
0x412154 GetFileType
0x412158 TlsGetValue
0x41215c TlsAlloc
0x412160 TlsSetValue
0x412164 TlsFree
0x412168 GetCurrentThreadId
0x41216c QueryPerformanceCounter
0x412170 GetTickCount
0x412174 GetSystemTimeAsFileTime
0x412178 InitializeCriticalSectionAndSpinCount
0x41217c HeapSize
0x412180 GetCPInfo
0x412184 GetACP
0x412188 IsValidCodePage
0x41218c GetLocaleInfoA
0x412190 LCMapStringA
0x412194 MultiByteToWideChar
0x412198 LCMapStringW
0x41219c GetStringTypeA
0x4121a0 GetStringTypeW
USER32.dll
0x4121a8 GetAltTabInfoW
EAT(Export Address Table) Library
0x401065 @SetFirstEverVice@8