ScreenShot
| Created | 2021.08.28 17:50 | Machine | s1_win7_x6402 |
| Filename | file.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 23 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, confidence, 100%, ZexaF, TqW@ayOFF8oG, Kryptik, Eldorado, Attribute, HighConfidence, Obscure, CLASSIC, Static AI, Malicious PE, Sabsik, score, HMFH, susgen) | ||
| md5 | 3c112a39d8866d896f68adfa3b78a16a | ||
| sha256 | da0422f752076d4897a5616ff4ccde0e1088e3048074a869b8fe4da691eed621 | ||
| ssdeep | 12288:aDvBLv2FqZlrfp0gftgk47/jWCsCQPJPo0xnfTSsEUDEPO4I6eil+uQvSwMjcM8N:A5rOuwgftgk2yCsCcnusEUIPO40o3y | ||
| imphash | e68f2e15edc1c604720a74f10b8483a6 | ||
| impfuzzy | 48:B4NtqzODtFZdP+jJGXGORaEBcUDftX9SWnXrqC:WdHP6GXGpEBciftX9S2XrqC | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x425000 GetThreadContext
0x425004 EnumResourceNamesW
0x425008 GetFileSize
0x42500c CreateMutexW
0x425010 SetPriorityClass
0x425014 GetNativeSystemInfo
0x425018 FindFirstChangeNotificationW
0x42501c lstrlenA
0x425020 SetLocalTime
0x425024 SetEndOfFile
0x425028 GetQueuedCompletionStatus
0x42502c GetSystemWindowsDirectoryW
0x425030 GetNamedPipeHandleStateA
0x425034 GetModuleHandleW
0x425038 GetTickCount
0x42503c GetConsoleAliasesLengthA
0x425040 GetSystemTimeAsFileTime
0x425044 GetPrivateProfileStringW
0x425048 ReadConsoleW
0x42504c WriteFile
0x425050 SetCommState
0x425054 GetCommandLineA
0x425058 FindResourceExA
0x42505c GetPrivateProfileIntA
0x425060 LoadLibraryW
0x425064 CopyFileW
0x425068 GetConsoleAliasExesLengthW
0x42506c SetConsoleMode
0x425070 IsDBCSLeadByte
0x425074 GetOverlappedResult
0x425078 GetStartupInfoW
0x42507c GlobalUnlock
0x425080 InterlockedExchange
0x425084 SetCurrentDirectoryA
0x425088 GetLastError
0x42508c ReadConsoleOutputCharacterA
0x425090 GetProcAddress
0x425094 VirtualAlloc
0x425098 WriteProfileSectionA
0x42509c ResetEvent
0x4250a0 LoadLibraryA
0x4250a4 OpenMutexA
0x4250a8 CreateSemaphoreW
0x4250ac LocalAlloc
0x4250b0 IsSystemResumeAutomatic
0x4250b4 HeapWalk
0x4250b8 Process32NextW
0x4250bc FreeEnvironmentStringsW
0x4250c0 EnumResourceNamesA
0x4250c4 GetCurrentThreadId
0x4250c8 GetCPInfoExA
0x4250cc SetThreadAffinityMask
0x4250d0 TlsAlloc
0x4250d4 FindAtomW
0x4250d8 DeleteFileW
0x4250dc LCMapStringW
0x4250e0 CopyFileExA
0x4250e4 MultiByteToWideChar
0x4250e8 HeapValidate
0x4250ec IsBadReadPtr
0x4250f0 RaiseException
0x4250f4 EnterCriticalSection
0x4250f8 LeaveCriticalSection
0x4250fc SetHandleCount
0x425100 GetStdHandle
0x425104 GetFileType
0x425108 GetStartupInfoA
0x42510c DeleteCriticalSection
0x425110 TerminateProcess
0x425114 GetCurrentProcess
0x425118 UnhandledExceptionFilter
0x42511c SetUnhandledExceptionFilter
0x425120 IsDebuggerPresent
0x425124 GetModuleFileNameW
0x425128 Sleep
0x42512c InterlockedIncrement
0x425130 InterlockedDecrement
0x425134 ExitProcess
0x425138 TlsGetValue
0x42513c TlsSetValue
0x425140 TlsFree
0x425144 SetLastError
0x425148 GetACP
0x42514c GetOEMCP
0x425150 GetCPInfo
0x425154 IsValidCodePage
0x425158 QueryPerformanceCounter
0x42515c GetCurrentProcessId
0x425160 GetEnvironmentStringsW
0x425164 GetCommandLineW
0x425168 HeapDestroy
0x42516c HeapCreate
0x425170 HeapFree
0x425174 VirtualFree
0x425178 GetModuleFileNameA
0x42517c HeapAlloc
0x425180 HeapSize
0x425184 HeapReAlloc
0x425188 SetFilePointer
0x42518c WideCharToMultiByte
0x425190 GetConsoleCP
0x425194 GetConsoleMode
0x425198 InitializeCriticalSectionAndSpinCount
0x42519c DebugBreak
0x4251a0 OutputDebugStringA
0x4251a4 WriteConsoleW
0x4251a8 OutputDebugStringW
0x4251ac RtlUnwind
0x4251b0 LCMapStringA
0x4251b4 GetStringTypeA
0x4251b8 GetStringTypeW
0x4251bc GetLocaleInfoA
0x4251c0 FlushFileBuffers
0x4251c4 SetStdHandle
0x4251c8 WriteConsoleA
0x4251cc GetConsoleOutputCP
0x4251d0 CloseHandle
0x4251d4 CreateFileA
0x4251d8 GetModuleHandleA
EAT(Export Address Table) is none
KERNEL32.dll
0x425000 GetThreadContext
0x425004 EnumResourceNamesW
0x425008 GetFileSize
0x42500c CreateMutexW
0x425010 SetPriorityClass
0x425014 GetNativeSystemInfo
0x425018 FindFirstChangeNotificationW
0x42501c lstrlenA
0x425020 SetLocalTime
0x425024 SetEndOfFile
0x425028 GetQueuedCompletionStatus
0x42502c GetSystemWindowsDirectoryW
0x425030 GetNamedPipeHandleStateA
0x425034 GetModuleHandleW
0x425038 GetTickCount
0x42503c GetConsoleAliasesLengthA
0x425040 GetSystemTimeAsFileTime
0x425044 GetPrivateProfileStringW
0x425048 ReadConsoleW
0x42504c WriteFile
0x425050 SetCommState
0x425054 GetCommandLineA
0x425058 FindResourceExA
0x42505c GetPrivateProfileIntA
0x425060 LoadLibraryW
0x425064 CopyFileW
0x425068 GetConsoleAliasExesLengthW
0x42506c SetConsoleMode
0x425070 IsDBCSLeadByte
0x425074 GetOverlappedResult
0x425078 GetStartupInfoW
0x42507c GlobalUnlock
0x425080 InterlockedExchange
0x425084 SetCurrentDirectoryA
0x425088 GetLastError
0x42508c ReadConsoleOutputCharacterA
0x425090 GetProcAddress
0x425094 VirtualAlloc
0x425098 WriteProfileSectionA
0x42509c ResetEvent
0x4250a0 LoadLibraryA
0x4250a4 OpenMutexA
0x4250a8 CreateSemaphoreW
0x4250ac LocalAlloc
0x4250b0 IsSystemResumeAutomatic
0x4250b4 HeapWalk
0x4250b8 Process32NextW
0x4250bc FreeEnvironmentStringsW
0x4250c0 EnumResourceNamesA
0x4250c4 GetCurrentThreadId
0x4250c8 GetCPInfoExA
0x4250cc SetThreadAffinityMask
0x4250d0 TlsAlloc
0x4250d4 FindAtomW
0x4250d8 DeleteFileW
0x4250dc LCMapStringW
0x4250e0 CopyFileExA
0x4250e4 MultiByteToWideChar
0x4250e8 HeapValidate
0x4250ec IsBadReadPtr
0x4250f0 RaiseException
0x4250f4 EnterCriticalSection
0x4250f8 LeaveCriticalSection
0x4250fc SetHandleCount
0x425100 GetStdHandle
0x425104 GetFileType
0x425108 GetStartupInfoA
0x42510c DeleteCriticalSection
0x425110 TerminateProcess
0x425114 GetCurrentProcess
0x425118 UnhandledExceptionFilter
0x42511c SetUnhandledExceptionFilter
0x425120 IsDebuggerPresent
0x425124 GetModuleFileNameW
0x425128 Sleep
0x42512c InterlockedIncrement
0x425130 InterlockedDecrement
0x425134 ExitProcess
0x425138 TlsGetValue
0x42513c TlsSetValue
0x425140 TlsFree
0x425144 SetLastError
0x425148 GetACP
0x42514c GetOEMCP
0x425150 GetCPInfo
0x425154 IsValidCodePage
0x425158 QueryPerformanceCounter
0x42515c GetCurrentProcessId
0x425160 GetEnvironmentStringsW
0x425164 GetCommandLineW
0x425168 HeapDestroy
0x42516c HeapCreate
0x425170 HeapFree
0x425174 VirtualFree
0x425178 GetModuleFileNameA
0x42517c HeapAlloc
0x425180 HeapSize
0x425184 HeapReAlloc
0x425188 SetFilePointer
0x42518c WideCharToMultiByte
0x425190 GetConsoleCP
0x425194 GetConsoleMode
0x425198 InitializeCriticalSectionAndSpinCount
0x42519c DebugBreak
0x4251a0 OutputDebugStringA
0x4251a4 WriteConsoleW
0x4251a8 OutputDebugStringW
0x4251ac RtlUnwind
0x4251b0 LCMapStringA
0x4251b4 GetStringTypeA
0x4251b8 GetStringTypeW
0x4251bc GetLocaleInfoA
0x4251c0 FlushFileBuffers
0x4251c4 SetStdHandle
0x4251c8 WriteConsoleA
0x4251cc GetConsoleOutputCP
0x4251d0 CloseHandle
0x4251d4 CreateFileA
0x4251d8 GetModuleHandleA
EAT(Export Address Table) is none