ScreenShot
| Created | 2021.08.24 16:59 | Machine | s1_win7_x6401 |
| Filename | filename.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 48 detected (AIDetect, malware2, Zenpak, malicious, high confidence, Fragtor, Unsafe, Save, ZexaF, Aq0@a8@L, Kryptik, Eldorado, Attribute, HighConfidence, GenKryptik, FJHS, HPGen, PWSX, DownLoader41, R + Troj, Krypt, susgen, ai score=86, kcloud, STOP, se5276, Azorult, score, CoinMiner, Glupteba, R438187, BScope, Blocker, CLASSIC, Static AI, Malicious PE, FJHN, GdSda, confidence, 100%) | ||
| md5 | fc316a48dadfc20ef46f52d892a9c365 | ||
| sha256 | 0d8501287af1bdb73891772549bf9f60e1119327a5c3e7ff3bd75b36dc22a93d | ||
| ssdeep | 12288:Z/Or11PVYODNiWoJhYv3/hvoIYQ8xC4ZL:F2PnDNilh+hvoRhd | ||
| imphash | a84fa8c5c9d81b30cf439f0d2b7f422b | ||
| impfuzzy | 24:jkrkVMbkDOu9ojtZE+XB1ipgIRM0Ednv5JcDS1+nmFhmmPXttoLOovEGhn2cw2Bx:k5Z1XPBdH1mMLvtto6VGgcDvK0oU | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x458000 GetConsoleAliasesLengthW
0x458004 WriteConsoleOutputCharacterA
0x458008 WriteConsoleOutputW
0x45800c EndUpdateResourceW
0x458010 InterlockedIncrement
0x458014 GetConsoleAliasA
0x458018 InterlockedDecrement
0x45801c GetCurrentProcess
0x458020 GetSystemWindowsDirectoryW
0x458024 SetEnvironmentVariableW
0x458028 WaitForSingleObject
0x45802c GetSystemDefaultLCID
0x458030 GetModuleHandleW
0x458034 EnumCalendarInfoExW
0x458038 SetThreadUILanguage
0x45803c GetConsoleTitleA
0x458040 GetEnvironmentStrings
0x458044 GetConsoleCP
0x458048 GetSystemDirectoryW
0x45804c ReadConsoleInputA
0x458050 SetVolumeMountPointA
0x458054 GetVersionExW
0x458058 lstrcpynW
0x45805c SetConsoleCursorPosition
0x458060 GetFileAttributesW
0x458064 SetTimeZoneInformation
0x458068 WriteConsoleW
0x45806c IsBadWritePtr
0x458070 GetMailslotInfo
0x458074 GetModuleFileNameW
0x458078 CreateActCtxA
0x45807c lstrcatA
0x458080 lstrlenW
0x458084 FlushFileBuffers
0x458088 VerifyVersionInfoW
0x45808c InterlockedExchange
0x458090 FillConsoleOutputCharacterW
0x458094 ChangeTimerQueueTimer
0x458098 SetLastError
0x45809c GetProcAddress
0x4580a0 PeekConsoleInputW
0x4580a4 EnumDateFormatsExA
0x4580a8 CreateTimerQueueTimer
0x4580ac LocalLock
0x4580b0 EnterCriticalSection
0x4580b4 GlobalGetAtomNameA
0x4580b8 ResetEvent
0x4580bc GetLocalTime
0x4580c0 LocalAlloc
0x4580c4 DnsHostnameToComputerNameA
0x4580c8 SetConsoleOutputCP
0x4580cc SetFileApisToANSI
0x4580d0 BeginUpdateResourceA
0x4580d4 GetOEMCP
0x4580d8 GetModuleHandleA
0x4580dc HeapSetInformation
0x4580e0 GetCPInfoExA
0x4580e4 FindFirstVolumeA
0x4580e8 DeleteTimerQueueTimer
0x4580ec GetCurrentProcessId
0x4580f0 GetConsoleProcessList
0x4580f4 LCMapStringW
0x4580f8 LCMapStringA
0x4580fc UnhandledExceptionFilter
0x458100 SetUnhandledExceptionFilter
0x458104 HeapAlloc
0x458108 Sleep
0x45810c ExitProcess
0x458110 GetCommandLineA
0x458114 GetStartupInfoA
0x458118 RaiseException
0x45811c RtlUnwind
0x458120 GetLastError
0x458124 WriteFile
0x458128 GetStdHandle
0x45812c GetModuleFileNameA
0x458130 TerminateProcess
0x458134 IsDebuggerPresent
0x458138 HeapFree
0x45813c DeleteCriticalSection
0x458140 LeaveCriticalSection
0x458144 VirtualFree
0x458148 VirtualAlloc
0x45814c HeapReAlloc
0x458150 HeapCreate
0x458154 TlsGetValue
0x458158 TlsAlloc
0x45815c TlsSetValue
0x458160 TlsFree
0x458164 GetCurrentThreadId
0x458168 LoadLibraryA
0x45816c InitializeCriticalSectionAndSpinCount
0x458170 FreeEnvironmentStringsA
0x458174 FreeEnvironmentStringsW
0x458178 WideCharToMultiByte
0x45817c GetEnvironmentStringsW
0x458180 SetHandleCount
0x458184 GetFileType
0x458188 QueryPerformanceCounter
0x45818c GetTickCount
0x458190 GetSystemTimeAsFileTime
0x458194 GetCPInfo
0x458198 GetACP
0x45819c IsValidCodePage
0x4581a0 HeapSize
0x4581a4 GetLocaleInfoA
0x4581a8 GetStringTypeA
0x4581ac MultiByteToWideChar
0x4581b0 GetStringTypeW
USER32.dll
0x4581b8 RealGetWindowClassA
EAT(Export Address Table) Library
0x401065 @SetFirstEverVice@8
KERNEL32.dll
0x458000 GetConsoleAliasesLengthW
0x458004 WriteConsoleOutputCharacterA
0x458008 WriteConsoleOutputW
0x45800c EndUpdateResourceW
0x458010 InterlockedIncrement
0x458014 GetConsoleAliasA
0x458018 InterlockedDecrement
0x45801c GetCurrentProcess
0x458020 GetSystemWindowsDirectoryW
0x458024 SetEnvironmentVariableW
0x458028 WaitForSingleObject
0x45802c GetSystemDefaultLCID
0x458030 GetModuleHandleW
0x458034 EnumCalendarInfoExW
0x458038 SetThreadUILanguage
0x45803c GetConsoleTitleA
0x458040 GetEnvironmentStrings
0x458044 GetConsoleCP
0x458048 GetSystemDirectoryW
0x45804c ReadConsoleInputA
0x458050 SetVolumeMountPointA
0x458054 GetVersionExW
0x458058 lstrcpynW
0x45805c SetConsoleCursorPosition
0x458060 GetFileAttributesW
0x458064 SetTimeZoneInformation
0x458068 WriteConsoleW
0x45806c IsBadWritePtr
0x458070 GetMailslotInfo
0x458074 GetModuleFileNameW
0x458078 CreateActCtxA
0x45807c lstrcatA
0x458080 lstrlenW
0x458084 FlushFileBuffers
0x458088 VerifyVersionInfoW
0x45808c InterlockedExchange
0x458090 FillConsoleOutputCharacterW
0x458094 ChangeTimerQueueTimer
0x458098 SetLastError
0x45809c GetProcAddress
0x4580a0 PeekConsoleInputW
0x4580a4 EnumDateFormatsExA
0x4580a8 CreateTimerQueueTimer
0x4580ac LocalLock
0x4580b0 EnterCriticalSection
0x4580b4 GlobalGetAtomNameA
0x4580b8 ResetEvent
0x4580bc GetLocalTime
0x4580c0 LocalAlloc
0x4580c4 DnsHostnameToComputerNameA
0x4580c8 SetConsoleOutputCP
0x4580cc SetFileApisToANSI
0x4580d0 BeginUpdateResourceA
0x4580d4 GetOEMCP
0x4580d8 GetModuleHandleA
0x4580dc HeapSetInformation
0x4580e0 GetCPInfoExA
0x4580e4 FindFirstVolumeA
0x4580e8 DeleteTimerQueueTimer
0x4580ec GetCurrentProcessId
0x4580f0 GetConsoleProcessList
0x4580f4 LCMapStringW
0x4580f8 LCMapStringA
0x4580fc UnhandledExceptionFilter
0x458100 SetUnhandledExceptionFilter
0x458104 HeapAlloc
0x458108 Sleep
0x45810c ExitProcess
0x458110 GetCommandLineA
0x458114 GetStartupInfoA
0x458118 RaiseException
0x45811c RtlUnwind
0x458120 GetLastError
0x458124 WriteFile
0x458128 GetStdHandle
0x45812c GetModuleFileNameA
0x458130 TerminateProcess
0x458134 IsDebuggerPresent
0x458138 HeapFree
0x45813c DeleteCriticalSection
0x458140 LeaveCriticalSection
0x458144 VirtualFree
0x458148 VirtualAlloc
0x45814c HeapReAlloc
0x458150 HeapCreate
0x458154 TlsGetValue
0x458158 TlsAlloc
0x45815c TlsSetValue
0x458160 TlsFree
0x458164 GetCurrentThreadId
0x458168 LoadLibraryA
0x45816c InitializeCriticalSectionAndSpinCount
0x458170 FreeEnvironmentStringsA
0x458174 FreeEnvironmentStringsW
0x458178 WideCharToMultiByte
0x45817c GetEnvironmentStringsW
0x458180 SetHandleCount
0x458184 GetFileType
0x458188 QueryPerformanceCounter
0x45818c GetTickCount
0x458190 GetSystemTimeAsFileTime
0x458194 GetCPInfo
0x458198 GetACP
0x45819c IsValidCodePage
0x4581a0 HeapSize
0x4581a4 GetLocaleInfoA
0x4581a8 GetStringTypeA
0x4581ac MultiByteToWideChar
0x4581b0 GetStringTypeW
USER32.dll
0x4581b8 RealGetWindowClassA
EAT(Export Address Table) Library
0x401065 @SetFirstEverVice@8