Report - info.exe

Malicious Library PE File PE32
ScreenShot
Created 2021.08.29 12:49 Machine s1_win7_x6401
Filename info.exe
Type PE32 executable (console) Intel 80386, for MS Windows
AI Score
1
Behavior Score
2.4
ZERO API file : malware
VT API (file) 49 detected (AIDetect, malware2, Injuke, malicious, high confidence, GenericKDZ, Unsafe, Save, Kryptik, Eldorado, Attribute, HighConfidence, HMEC, Chapak, DropperX, Also, DownLoader41, StopCrypt, R002C0DHL21, Emotet, R + Troj, Krypt, Static AI, Malicious PE, RedLineSteal, sbcew, 147QAG0, score, Ransomware, R438044, ZexaF, wqW@ae7avvmK, ai score=87, Azorult, Obscure, CLASSIC, susgen, HMEJ, GdSda, confidence, 100%)
md5 e89e203d78f37985b615aef3e1b22bc9
sha256 53e9b55e8884a0f5734af7f69ba5b565bcd6cda0615d3e1ed97ee9296ed9c2f5
ssdeep 6144:y+OJ3zvr1e/QUFo2cViTMeo8G9vfWgoiT96s25XLHPIb3+zM3c6:s5zvrOQU/ckoKGx/j6/bV6
imphash f29709d3d8fb23714c868be088ee3357
impfuzzy 48:ujXlzCRxOD6rZS8czn5V1i57ylOJaEZtQkfcJSoXr/g0:ujXlj+eVk57yltEZtQkfcJSur/g0
  Network IP location

Signature (5cnts)

Level Description
danger File has been identified by 49 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
notice The binary likely contains encrypted or compressed data indicative of a packer
info The file contains an unknown PE resource name possibly indicative of a packer
info This executable has a PDB path

Rules (3cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x41e000 FileTimeToDosDateTime
 0x41e004 UnregisterWait
 0x41e008 GetFileSize
 0x41e00c SetThreadContext
 0x41e010 GetNativeSystemInfo
 0x41e014 SetFilePointer
 0x41e018 lstrlenA
 0x41e01c GetConsoleAliasesLengthW
 0x41e020 SetLocalTime
 0x41e024 InterlockedIncrement
 0x41e028 GetQueuedCompletionStatus
 0x41e02c InterlockedDecrement
 0x41e030 GetSystemWindowsDirectoryW
 0x41e034 WaitForSingleObject
 0x41e038 GetComputerNameW
 0x41e03c FreeEnvironmentStringsA
 0x41e040 GetTickCount
 0x41e044 WaitNamedPipeW
 0x41e048 WriteFile
 0x41e04c SetCommState
 0x41e050 GetCommandLineA
 0x41e054 TlsSetValue
 0x41e058 GetPriorityClass
 0x41e05c AddRefActCtx
 0x41e060 LoadLibraryW
 0x41e064 GetConsoleMode
 0x41e068 TerminateThread
 0x41e06c CopyFileW
 0x41e070 GetVersionExW
 0x41e074 SetConsoleMode
 0x41e078 GetBinaryTypeA
 0x41e07c GetOverlappedResult
 0x41e080 CompareStringW
 0x41e084 GetStartupInfoW
 0x41e088 GlobalUnlock
 0x41e08c VerifyVersionInfoW
 0x41e090 CreateDirectoryA
 0x41e094 GetCPInfoExW
 0x41e098 OpenMutexW
 0x41e09c GetLastError
 0x41e0a0 IsDBCSLeadByteEx
 0x41e0a4 ReadConsoleOutputCharacterA
 0x41e0a8 GetProcAddress
 0x41e0ac VirtualAlloc
 0x41e0b0 WriteProfileSectionA
 0x41e0b4 GetPrivateProfileStringA
 0x41e0b8 ResetEvent
 0x41e0bc OpenWaitableTimerA
 0x41e0c0 LoadLibraryA
 0x41e0c4 CreateSemaphoreW
 0x41e0c8 LocalAlloc
 0x41e0cc SetCurrentDirectoryW
 0x41e0d0 WriteProfileSectionW
 0x41e0d4 HeapWalk
 0x41e0d8 Process32NextW
 0x41e0dc WriteProfileStringA
 0x41e0e0 CreateIoCompletionPort
 0x41e0e4 GetModuleHandleA
 0x41e0e8 EnumResourceNamesA
 0x41e0ec GetConsoleCursorInfo
 0x41e0f0 FatalAppExitA
 0x41e0f4 GetCurrentThreadId
 0x41e0f8 OpenSemaphoreW
 0x41e0fc FindAtomW
 0x41e100 LCMapStringW
 0x41e104 CopyFileExA
 0x41e108 DeleteFileA
 0x41e10c WideCharToMultiByte
 0x41e110 GetStartupInfoA
 0x41e114 HeapValidate
 0x41e118 IsBadReadPtr
 0x41e11c RaiseException
 0x41e120 TerminateProcess
 0x41e124 GetCurrentProcess
 0x41e128 UnhandledExceptionFilter
 0x41e12c SetUnhandledExceptionFilter
 0x41e130 IsDebuggerPresent
 0x41e134 GetModuleFileNameW
 0x41e138 GetACP
 0x41e13c GetOEMCP
 0x41e140 GetCPInfo
 0x41e144 IsValidCodePage
 0x41e148 TlsGetValue
 0x41e14c GetModuleHandleW
 0x41e150 TlsAlloc
 0x41e154 TlsFree
 0x41e158 SetLastError
 0x41e15c Sleep
 0x41e160 ExitProcess
 0x41e164 DeleteCriticalSection
 0x41e168 EnterCriticalSection
 0x41e16c LeaveCriticalSection
 0x41e170 QueryPerformanceCounter
 0x41e174 GetCurrentProcessId
 0x41e178 GetSystemTimeAsFileTime
 0x41e17c GetModuleFileNameA
 0x41e180 GetEnvironmentStrings
 0x41e184 FreeEnvironmentStringsW
 0x41e188 GetEnvironmentStringsW
 0x41e18c SetHandleCount
 0x41e190 GetStdHandle
 0x41e194 GetFileType
 0x41e198 HeapDestroy
 0x41e19c HeapCreate
 0x41e1a0 HeapFree
 0x41e1a4 VirtualFree
 0x41e1a8 HeapAlloc
 0x41e1ac HeapSize
 0x41e1b0 HeapReAlloc
 0x41e1b4 DebugBreak
 0x41e1b8 OutputDebugStringA
 0x41e1bc WriteConsoleW
 0x41e1c0 OutputDebugStringW
 0x41e1c4 RtlUnwind
 0x41e1c8 MultiByteToWideChar
 0x41e1cc LCMapStringA
 0x41e1d0 GetStringTypeA
 0x41e1d4 GetStringTypeW
 0x41e1d8 GetLocaleInfoA
 0x41e1dc InitializeCriticalSectionAndSpinCount
 0x41e1e0 GetConsoleCP
 0x41e1e4 SetStdHandle
 0x41e1e8 WriteConsoleA
 0x41e1ec GetConsoleOutputCP
 0x41e1f0 CreateFileA
 0x41e1f4 CloseHandle
 0x41e1f8 FlushFileBuffers

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure