ScreenShot
| Created | 2021.08.25 10:11 | Machine | s1_win7_x6401 |
| Filename | file.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 27 detected (malicious, high confidence, Artemis, Unsafe, Save, ZexaF, Kq0@amB3n5bG, Kryptik, Eldorado, Attribute, HighConfidence, A + Troj, Krypt, Emotet, Score, Sabsik, CLASSIC, Static AI, Malicious PE, susgen, confidence, 100%) | ||
| md5 | 03903dd6bc470a44ed1cb27e4e965854 | ||
| sha256 | fb6e522546a83e50fb8759d02881ded745926b7746f06f64694a13aedadd2d6e | ||
| ssdeep | 12288:0sdaynF/iUKXvE0nmG8Um2HmD06lSxYwR8m4QgnpNnJwrEcF:0s5JifTmV2GgsSSwR8dRC | ||
| imphash | 3bdc58d7d3add14fdfc74404aa032a2d | ||
| impfuzzy | 48:/RbZ1XYwvrnvIdP3pJ1f/to6VGkfTzK0Zy6:JN1XYkrn4BnXtoWGkfTzvZJ | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x472000 WriteConsoleOutputCharacterW
0x472004 GetConsoleAliasesLengthW
0x472008 EnumDateFormatsExW
0x47200c InterlockedIncrement
0x472010 InterlockedDecrement
0x472014 GetCurrentProcess
0x472018 SetEnvironmentVariableW
0x47201c GetSystemDefaultLCID
0x472020 GetModuleHandleW
0x472024 EnumCalendarInfoExW
0x472028 SetThreadUILanguage
0x47202c IsBadReadPtr
0x472030 GetConsoleAliasesLengthA
0x472034 GetUserDefaultLangID
0x472038 GetEnvironmentStrings
0x47203c GetConsoleCP
0x472040 ReadConsoleInputA
0x472044 SetVolumeMountPointA
0x472048 GetSystemWindowsDirectoryA
0x47204c WriteConsoleOutputA
0x472050 LeaveCriticalSection
0x472054 GetFileAttributesA
0x472058 lstrcpynW
0x47205c SetConsoleCursorPosition
0x472060 GetMailslotInfo
0x472064 ReadFile
0x472068 CreateTimerQueue
0x47206c GetTimeZoneInformation
0x472070 lstrcatA
0x472074 lstrlenW
0x472078 GetConsoleOutputCP
0x47207c InterlockedExchange
0x472080 FillConsoleOutputCharacterW
0x472084 GetLastError
0x472088 ChangeTimerQueueTimer
0x47208c GetProcAddress
0x472090 PeekConsoleInputW
0x472094 BeginUpdateResourceW
0x472098 ResetEvent
0x47209c GetLocalTime
0x4720a0 LoadLibraryA
0x4720a4 WriteConsoleA
0x4720a8 LocalAlloc
0x4720ac BuildCommDCBAndTimeoutsW
0x4720b0 SetFileApisToANSI
0x4720b4 GetOEMCP
0x4720b8 HeapSetInformation
0x4720bc GetConsoleTitleW
0x4720c0 GetCPInfoExA
0x4720c4 ReleaseMutex
0x4720c8 FindFirstVolumeW
0x4720cc DeleteTimerQueueTimer
0x4720d0 GetCurrentProcessId
0x4720d4 GetConsoleProcessList
0x4720d8 GetModuleFileNameW
0x4720dc LocalUnlock
0x4720e0 CreateFileA
0x4720e4 UnhandledExceptionFilter
0x4720e8 SetUnhandledExceptionFilter
0x4720ec HeapAlloc
0x4720f0 Sleep
0x4720f4 ExitProcess
0x4720f8 GetCommandLineA
0x4720fc GetStartupInfoA
0x472100 RaiseException
0x472104 RtlUnwind
0x472108 WriteFile
0x47210c GetStdHandle
0x472110 GetModuleFileNameA
0x472114 TerminateProcess
0x472118 IsDebuggerPresent
0x47211c HeapFree
0x472120 DeleteCriticalSection
0x472124 EnterCriticalSection
0x472128 VirtualFree
0x47212c VirtualAlloc
0x472130 HeapReAlloc
0x472134 HeapCreate
0x472138 TlsGetValue
0x47213c TlsAlloc
0x472140 TlsSetValue
0x472144 TlsFree
0x472148 SetLastError
0x47214c GetCurrentThreadId
0x472150 InitializeCriticalSectionAndSpinCount
0x472154 FreeEnvironmentStringsA
0x472158 FreeEnvironmentStringsW
0x47215c WideCharToMultiByte
0x472160 GetEnvironmentStringsW
0x472164 SetHandleCount
0x472168 GetFileType
0x47216c QueryPerformanceCounter
0x472170 GetTickCount
0x472174 GetSystemTimeAsFileTime
0x472178 GetCPInfo
0x47217c GetACP
0x472180 IsValidCodePage
0x472184 HeapSize
0x472188 GetLocaleInfoA
0x47218c GetConsoleMode
0x472190 FlushFileBuffers
0x472194 LCMapStringA
0x472198 MultiByteToWideChar
0x47219c LCMapStringW
0x4721a0 GetStringTypeA
0x4721a4 GetStringTypeW
0x4721a8 SetFilePointer
0x4721ac CloseHandle
0x4721b0 WriteConsoleW
0x4721b4 SetStdHandle
USER32.dll
0x4721bc GetAltTabInfoW
EAT(Export Address Table) Library
0x401065 @SetFirstEverVice@8
KERNEL32.dll
0x472000 WriteConsoleOutputCharacterW
0x472004 GetConsoleAliasesLengthW
0x472008 EnumDateFormatsExW
0x47200c InterlockedIncrement
0x472010 InterlockedDecrement
0x472014 GetCurrentProcess
0x472018 SetEnvironmentVariableW
0x47201c GetSystemDefaultLCID
0x472020 GetModuleHandleW
0x472024 EnumCalendarInfoExW
0x472028 SetThreadUILanguage
0x47202c IsBadReadPtr
0x472030 GetConsoleAliasesLengthA
0x472034 GetUserDefaultLangID
0x472038 GetEnvironmentStrings
0x47203c GetConsoleCP
0x472040 ReadConsoleInputA
0x472044 SetVolumeMountPointA
0x472048 GetSystemWindowsDirectoryA
0x47204c WriteConsoleOutputA
0x472050 LeaveCriticalSection
0x472054 GetFileAttributesA
0x472058 lstrcpynW
0x47205c SetConsoleCursorPosition
0x472060 GetMailslotInfo
0x472064 ReadFile
0x472068 CreateTimerQueue
0x47206c GetTimeZoneInformation
0x472070 lstrcatA
0x472074 lstrlenW
0x472078 GetConsoleOutputCP
0x47207c InterlockedExchange
0x472080 FillConsoleOutputCharacterW
0x472084 GetLastError
0x472088 ChangeTimerQueueTimer
0x47208c GetProcAddress
0x472090 PeekConsoleInputW
0x472094 BeginUpdateResourceW
0x472098 ResetEvent
0x47209c GetLocalTime
0x4720a0 LoadLibraryA
0x4720a4 WriteConsoleA
0x4720a8 LocalAlloc
0x4720ac BuildCommDCBAndTimeoutsW
0x4720b0 SetFileApisToANSI
0x4720b4 GetOEMCP
0x4720b8 HeapSetInformation
0x4720bc GetConsoleTitleW
0x4720c0 GetCPInfoExA
0x4720c4 ReleaseMutex
0x4720c8 FindFirstVolumeW
0x4720cc DeleteTimerQueueTimer
0x4720d0 GetCurrentProcessId
0x4720d4 GetConsoleProcessList
0x4720d8 GetModuleFileNameW
0x4720dc LocalUnlock
0x4720e0 CreateFileA
0x4720e4 UnhandledExceptionFilter
0x4720e8 SetUnhandledExceptionFilter
0x4720ec HeapAlloc
0x4720f0 Sleep
0x4720f4 ExitProcess
0x4720f8 GetCommandLineA
0x4720fc GetStartupInfoA
0x472100 RaiseException
0x472104 RtlUnwind
0x472108 WriteFile
0x47210c GetStdHandle
0x472110 GetModuleFileNameA
0x472114 TerminateProcess
0x472118 IsDebuggerPresent
0x47211c HeapFree
0x472120 DeleteCriticalSection
0x472124 EnterCriticalSection
0x472128 VirtualFree
0x47212c VirtualAlloc
0x472130 HeapReAlloc
0x472134 HeapCreate
0x472138 TlsGetValue
0x47213c TlsAlloc
0x472140 TlsSetValue
0x472144 TlsFree
0x472148 SetLastError
0x47214c GetCurrentThreadId
0x472150 InitializeCriticalSectionAndSpinCount
0x472154 FreeEnvironmentStringsA
0x472158 FreeEnvironmentStringsW
0x47215c WideCharToMultiByte
0x472160 GetEnvironmentStringsW
0x472164 SetHandleCount
0x472168 GetFileType
0x47216c QueryPerformanceCounter
0x472170 GetTickCount
0x472174 GetSystemTimeAsFileTime
0x472178 GetCPInfo
0x47217c GetACP
0x472180 IsValidCodePage
0x472184 HeapSize
0x472188 GetLocaleInfoA
0x47218c GetConsoleMode
0x472190 FlushFileBuffers
0x472194 LCMapStringA
0x472198 MultiByteToWideChar
0x47219c LCMapStringW
0x4721a0 GetStringTypeA
0x4721a4 GetStringTypeW
0x4721a8 SetFilePointer
0x4721ac CloseHandle
0x4721b0 WriteConsoleW
0x4721b4 SetStdHandle
USER32.dll
0x4721bc GetAltTabInfoW
EAT(Export Address Table) Library
0x401065 @SetFirstEverVice@8