ScreenShot
| Created | 2021.08.25 09:18 | Machine | s1_win7_x6401 |
| Filename | nbfile.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 21 detected (AIDetect, malware2, malicious, high confidence, Stop, Unsafe, Save, confidence, 100%, Kryptik, Eldorado, Attribute, HighConfidence, CLASSIC, Static AI, Suspicious PE, susgen, score, ZexaF, GqW@aSzZ) | ||
| md5 | c75ba05218d933731e55edf937460b86 | ||
| sha256 | 6d38d553924cb4d42b4576da91559de3b44d22853bbb70e1d238a86f18616b02 | ||
| ssdeep | 12288:DuaWidoxee0vyiQxm7b4OgDdKdGzCruW8vq9NC51:roxee0rQzWoANC51 | ||
| imphash | ddbb3eef631957f988f10b48742f9549 | ||
| impfuzzy | 48:CzXK5OL5OEKHBJLQvmdSpxKO+tjaE0rc+JSz7sXPOJ:IXKQEn56maxKZtGE0rc+JSnsXGJ | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 21 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x427000 GetCommandLineW
0x427004 FileTimeToDosDateTime
0x427008 SetThreadContext
0x42700c GetNativeSystemInfo
0x427010 lstrlenA
0x427014 CopyFileExW
0x427018 TlsGetValue
0x42701c SetEndOfFile
0x427020 InterlockedIncrement
0x427024 GetCommState
0x427028 InterlockedDecrement
0x42702c GetSystemWindowsDirectoryW
0x427030 GetNamedPipeHandleStateA
0x427034 GlobalLock
0x427038 WaitForSingleObject
0x42703c SetEvent
0x427040 FreeEnvironmentStringsA
0x427044 GetTickCount
0x427048 VirtualFree
0x42704c GetConsoleAliasesLengthA
0x427050 GetSystemTimeAsFileTime
0x427054 WriteFile
0x427058 GetDriveTypeA
0x42705c GetPriorityClass
0x427060 GetPrivateProfileIntA
0x427064 LoadLibraryW
0x427068 GetConsoleMode
0x42706c GetVersionExW
0x427070 SetConsoleMode
0x427074 SetConsoleCursorPosition
0x427078 GetOverlappedResult
0x42707c GetStartupInfoW
0x427080 GetNamedPipeHandleStateW
0x427084 LCMapStringA
0x427088 GetFileSizeEx
0x42708c GetCPInfoExW
0x427090 GetLastError
0x427094 IsDBCSLeadByteEx
0x427098 SetLastError
0x42709c GetProcAddress
0x4270a0 CopyFileA
0x4270a4 GetPrivateProfileStringA
0x4270a8 LoadLibraryA
0x4270ac OpenMutexA
0x4270b0 LocalAlloc
0x4270b4 IsSystemResumeAutomatic
0x4270b8 SetCurrentDirectoryW
0x4270bc WriteProfileSectionW
0x4270c0 HeapWalk
0x4270c4 FindAtomA
0x4270c8 Process32NextW
0x4270cc CreateIoCompletionPort
0x4270d0 FindFirstChangeNotificationA
0x4270d4 FreeEnvironmentStringsW
0x4270d8 EnumResourceNamesA
0x4270dc CompareStringA
0x4270e0 FatalAppExitA
0x4270e4 GetCurrentThreadId
0x4270e8 OpenSemaphoreW
0x4270ec DeleteFileW
0x4270f0 ReadConsoleOutputCharacterW
0x4270f4 GetSystemTime
0x4270f8 UnhandledExceptionFilter
0x4270fc SetUnhandledExceptionFilter
0x427100 HeapValidate
0x427104 IsBadReadPtr
0x427108 RaiseException
0x42710c GetModuleHandleW
0x427110 Sleep
0x427114 ExitProcess
0x427118 GetModuleFileNameA
0x42711c GetStdHandle
0x427120 TlsAlloc
0x427124 TlsSetValue
0x427128 TlsFree
0x42712c TerminateProcess
0x427130 GetCurrentProcess
0x427134 IsDebuggerPresent
0x427138 GetModuleFileNameW
0x42713c EnterCriticalSection
0x427140 LeaveCriticalSection
0x427144 DeleteCriticalSection
0x427148 QueryPerformanceCounter
0x42714c GetCurrentProcessId
0x427150 GetEnvironmentStringsW
0x427154 SetHandleCount
0x427158 GetFileType
0x42715c GetStartupInfoA
0x427160 HeapDestroy
0x427164 HeapCreate
0x427168 HeapFree
0x42716c HeapAlloc
0x427170 HeapSize
0x427174 HeapReAlloc
0x427178 VirtualAlloc
0x42717c GetACP
0x427180 GetOEMCP
0x427184 GetCPInfo
0x427188 IsValidCodePage
0x42718c InitializeCriticalSectionAndSpinCount
0x427190 RtlUnwind
0x427194 SetFilePointer
0x427198 WideCharToMultiByte
0x42719c GetConsoleCP
0x4271a0 DebugBreak
0x4271a4 OutputDebugStringA
0x4271a8 WriteConsoleW
0x4271ac OutputDebugStringW
0x4271b0 MultiByteToWideChar
0x4271b4 LCMapStringW
0x4271b8 GetStringTypeA
0x4271bc GetStringTypeW
0x4271c0 GetLocaleInfoA
0x4271c4 SetStdHandle
0x4271c8 WriteConsoleA
0x4271cc GetConsoleOutputCP
0x4271d0 FlushFileBuffers
0x4271d4 CreateFileA
0x4271d8 CloseHandle
0x4271dc GetModuleHandleA
USER32.dll
0x4271e4 GetTitleBarInfo
WINHTTP.dll
0x4271ec WinHttpReadData
EAT(Export Address Table) is none
KERNEL32.dll
0x427000 GetCommandLineW
0x427004 FileTimeToDosDateTime
0x427008 SetThreadContext
0x42700c GetNativeSystemInfo
0x427010 lstrlenA
0x427014 CopyFileExW
0x427018 TlsGetValue
0x42701c SetEndOfFile
0x427020 InterlockedIncrement
0x427024 GetCommState
0x427028 InterlockedDecrement
0x42702c GetSystemWindowsDirectoryW
0x427030 GetNamedPipeHandleStateA
0x427034 GlobalLock
0x427038 WaitForSingleObject
0x42703c SetEvent
0x427040 FreeEnvironmentStringsA
0x427044 GetTickCount
0x427048 VirtualFree
0x42704c GetConsoleAliasesLengthA
0x427050 GetSystemTimeAsFileTime
0x427054 WriteFile
0x427058 GetDriveTypeA
0x42705c GetPriorityClass
0x427060 GetPrivateProfileIntA
0x427064 LoadLibraryW
0x427068 GetConsoleMode
0x42706c GetVersionExW
0x427070 SetConsoleMode
0x427074 SetConsoleCursorPosition
0x427078 GetOverlappedResult
0x42707c GetStartupInfoW
0x427080 GetNamedPipeHandleStateW
0x427084 LCMapStringA
0x427088 GetFileSizeEx
0x42708c GetCPInfoExW
0x427090 GetLastError
0x427094 IsDBCSLeadByteEx
0x427098 SetLastError
0x42709c GetProcAddress
0x4270a0 CopyFileA
0x4270a4 GetPrivateProfileStringA
0x4270a8 LoadLibraryA
0x4270ac OpenMutexA
0x4270b0 LocalAlloc
0x4270b4 IsSystemResumeAutomatic
0x4270b8 SetCurrentDirectoryW
0x4270bc WriteProfileSectionW
0x4270c0 HeapWalk
0x4270c4 FindAtomA
0x4270c8 Process32NextW
0x4270cc CreateIoCompletionPort
0x4270d0 FindFirstChangeNotificationA
0x4270d4 FreeEnvironmentStringsW
0x4270d8 EnumResourceNamesA
0x4270dc CompareStringA
0x4270e0 FatalAppExitA
0x4270e4 GetCurrentThreadId
0x4270e8 OpenSemaphoreW
0x4270ec DeleteFileW
0x4270f0 ReadConsoleOutputCharacterW
0x4270f4 GetSystemTime
0x4270f8 UnhandledExceptionFilter
0x4270fc SetUnhandledExceptionFilter
0x427100 HeapValidate
0x427104 IsBadReadPtr
0x427108 RaiseException
0x42710c GetModuleHandleW
0x427110 Sleep
0x427114 ExitProcess
0x427118 GetModuleFileNameA
0x42711c GetStdHandle
0x427120 TlsAlloc
0x427124 TlsSetValue
0x427128 TlsFree
0x42712c TerminateProcess
0x427130 GetCurrentProcess
0x427134 IsDebuggerPresent
0x427138 GetModuleFileNameW
0x42713c EnterCriticalSection
0x427140 LeaveCriticalSection
0x427144 DeleteCriticalSection
0x427148 QueryPerformanceCounter
0x42714c GetCurrentProcessId
0x427150 GetEnvironmentStringsW
0x427154 SetHandleCount
0x427158 GetFileType
0x42715c GetStartupInfoA
0x427160 HeapDestroy
0x427164 HeapCreate
0x427168 HeapFree
0x42716c HeapAlloc
0x427170 HeapSize
0x427174 HeapReAlloc
0x427178 VirtualAlloc
0x42717c GetACP
0x427180 GetOEMCP
0x427184 GetCPInfo
0x427188 IsValidCodePage
0x42718c InitializeCriticalSectionAndSpinCount
0x427190 RtlUnwind
0x427194 SetFilePointer
0x427198 WideCharToMultiByte
0x42719c GetConsoleCP
0x4271a0 DebugBreak
0x4271a4 OutputDebugStringA
0x4271a8 WriteConsoleW
0x4271ac OutputDebugStringW
0x4271b0 MultiByteToWideChar
0x4271b4 LCMapStringW
0x4271b8 GetStringTypeA
0x4271bc GetStringTypeW
0x4271c0 GetLocaleInfoA
0x4271c4 SetStdHandle
0x4271c8 WriteConsoleA
0x4271cc GetConsoleOutputCP
0x4271d0 FlushFileBuffers
0x4271d4 CreateFileA
0x4271d8 CloseHandle
0x4271dc GetModuleHandleA
USER32.dll
0x4271e4 GetTitleBarInfo
WINHTTP.dll
0x4271ec WinHttpReadData
EAT(Export Address Table) is none