ScreenShot
| Created | 2021.08.30 09:46 | Machine | s1_win7_x6401 |
| Filename | inst1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 32 detected (AIDetect, malware1, Zusy, malicious, high confidence, score, Artemis, Unsafe, confidence, ZexaF, qy0@aeszWEci, Attribute, HighConfidence, BadOffer, ccnc, SuspBehav, Ramnit, Generic ML PUA, Glupteba, ai score=81, R06CH0CHP21, Static AI, Malicious PE) | ||
| md5 | c06d807e7287add5d460530e3d87648c | ||
| sha256 | d5855e6292d04c6ab247c1b550168cde3d4a73831ed792cf15c1d0c650137e3d | ||
| ssdeep | 6144:bajSf7oQiNDh3K8UBO4N6dH6oc+m7OymiPs5qg6D:bajSBYRGqda0EJE5 | ||
| imphash | b900dc5ab09e702140c5c289f35fb91f | ||
| impfuzzy | 48:dQLfG1LY+5xcwW7p3GTXlwFGAzACSv6x9Se44vuoo/1CKEvall/RS5tiiKl0vnsh:dMfG1LH5xcwAoCvabwKT | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 32 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
COMCTL32.dll
0x411024 None
0x411028 None
KERNEL32.dll
0x411060 GetCommandLineW
0x411064 OutputDebugStringW
0x411068 RtlUnwind
0x41106c WriteConsoleW
0x411070 HeapReAlloc
0x411074 SetFilePointerEx
0x411078 LCMapStringW
0x41107c GetStringTypeW
0x411080 FreeEnvironmentStringsW
0x411084 GetEnvironmentStringsW
0x411088 GetSystemTimeAsFileTime
0x41108c GetModuleHandleA
0x411090 QueryPerformanceCounter
0x411094 CloseHandle
0x411098 CreateFileW
0x41109c LoadLibraryExW
0x4110a0 GetProcessHeap
0x4110a4 GetModuleHandleW
0x4110a8 TlsFree
0x4110ac TlsSetValue
0x4110b0 TlsGetValue
0x4110b4 TlsAlloc
0x4110b8 TerminateProcess
0x4110bc GetCurrentProcess
0x4110c0 InitializeCriticalSectionAndSpinCount
0x4110c4 SetUnhandledExceptionFilter
0x4110c8 UnhandledExceptionFilter
0x4110cc GetStartupInfoW
0x4110d0 LoadLibraryA
0x4110d4 GetStdHandle
0x4110d8 LocalFree
0x4110dc LocalAlloc
0x4110e0 GetProcAddress
0x4110e4 GetModuleFileNameW
0x4110e8 GetModuleFileNameA
0x4110ec GetFileType
0x4110f0 GetLastError
0x4110f4 Sleep
0x4110f8 GetCurrentProcessId
0x4110fc GlobalUnlock
0x411100 GlobalLock
0x411104 GlobalAlloc
0x411108 GetConsoleCP
0x41110c WriteFile
0x411110 FlushFileBuffers
0x411114 DeleteCriticalSection
0x411118 IsProcessorFeaturePresent
0x41111c HeapSize
0x411120 IsDebuggerPresent
0x411124 EnterCriticalSection
0x411128 LeaveCriticalSection
0x41112c SetStdHandle
0x411130 HeapAlloc
0x411134 EncodePointer
0x411138 DecodePointer
0x41113c ExitProcess
0x411140 GetModuleHandleExW
0x411144 MultiByteToWideChar
0x411148 WideCharToMultiByte
0x41114c HeapFree
0x411150 GetConsoleMode
0x411154 ReadConsoleInputA
0x411158 SetConsoleMode
0x41115c GetCommandLineA
0x411160 IsValidCodePage
0x411164 GetACP
0x411168 GetOEMCP
0x41116c GetCPInfo
0x411170 SetLastError
0x411174 GetCurrentThreadId
USER32.dll
0x411184 TranslateAcceleratorA
0x411188 GetMessageA
0x41118c TranslateMessage
0x411190 DispatchMessageA
0x411194 SendMessageA
0x411198 WaitForInputIdle
0x41119c InflateRect
0x4111a0 GetSysColorBrush
0x4111a4 SetCursor
0x4111a8 SetWindowTextA
0x4111ac EndDialog
0x4111b0 DialogBoxIndirectParamA
0x4111b4 LoadIconA
0x4111b8 LoadCursorA
0x4111bc FindWindowExA
0x4111c0 FindWindowA
0x4111c4 MessageBoxA
0x4111c8 GetClientRect
0x4111cc SetForegroundWindow
0x4111d0 DefWindowProcA
0x4111d4 UpdateWindow
0x4111d8 LoadAcceleratorsA
0x4111dc EnableWindow
0x4111e0 SetFocus
0x4111e4 EmptyClipboard
0x4111e8 SetClipboardData
0x4111ec CloseClipboard
0x4111f0 OpenClipboard
0x4111f4 GetDlgItem
0x4111f8 EndDeferWindowPos
0x4111fc DeferWindowPos
0x411200 BeginDeferWindowPos
0x411204 MoveWindow
0x411208 ShowWindow
0x41120c CreateWindowExA
0x411210 RegisterClassExA
0x411214 PostQuitMessage
GDI32.dll
0x411038 StartPage
0x41103c EndDoc
0x411040 StartDocA
0x411044 SetMapMode
0x411048 GetStockObject
0x41104c GetDeviceCaps
0x411050 DeleteDC
0x411054 CreateDCA
0x411058 EndPage
COMDLG32.dll
0x411030 PrintDlgA
ADVAPI32.dll
0x411000 RegQueryValueExA
0x411004 RegEnumKeyA
0x411008 RegOpenKeyExA
0x41100c RegSetValueExA
0x411010 RegQueryValueExW
0x411014 RegOpenKeyA
0x411018 RegCreateKeyA
0x41101c RegCloseKey
SHELL32.dll
0x41117c ShellExecuteExA
EAT(Export Address Table) is none
COMCTL32.dll
0x411024 None
0x411028 None
KERNEL32.dll
0x411060 GetCommandLineW
0x411064 OutputDebugStringW
0x411068 RtlUnwind
0x41106c WriteConsoleW
0x411070 HeapReAlloc
0x411074 SetFilePointerEx
0x411078 LCMapStringW
0x41107c GetStringTypeW
0x411080 FreeEnvironmentStringsW
0x411084 GetEnvironmentStringsW
0x411088 GetSystemTimeAsFileTime
0x41108c GetModuleHandleA
0x411090 QueryPerformanceCounter
0x411094 CloseHandle
0x411098 CreateFileW
0x41109c LoadLibraryExW
0x4110a0 GetProcessHeap
0x4110a4 GetModuleHandleW
0x4110a8 TlsFree
0x4110ac TlsSetValue
0x4110b0 TlsGetValue
0x4110b4 TlsAlloc
0x4110b8 TerminateProcess
0x4110bc GetCurrentProcess
0x4110c0 InitializeCriticalSectionAndSpinCount
0x4110c4 SetUnhandledExceptionFilter
0x4110c8 UnhandledExceptionFilter
0x4110cc GetStartupInfoW
0x4110d0 LoadLibraryA
0x4110d4 GetStdHandle
0x4110d8 LocalFree
0x4110dc LocalAlloc
0x4110e0 GetProcAddress
0x4110e4 GetModuleFileNameW
0x4110e8 GetModuleFileNameA
0x4110ec GetFileType
0x4110f0 GetLastError
0x4110f4 Sleep
0x4110f8 GetCurrentProcessId
0x4110fc GlobalUnlock
0x411100 GlobalLock
0x411104 GlobalAlloc
0x411108 GetConsoleCP
0x41110c WriteFile
0x411110 FlushFileBuffers
0x411114 DeleteCriticalSection
0x411118 IsProcessorFeaturePresent
0x41111c HeapSize
0x411120 IsDebuggerPresent
0x411124 EnterCriticalSection
0x411128 LeaveCriticalSection
0x41112c SetStdHandle
0x411130 HeapAlloc
0x411134 EncodePointer
0x411138 DecodePointer
0x41113c ExitProcess
0x411140 GetModuleHandleExW
0x411144 MultiByteToWideChar
0x411148 WideCharToMultiByte
0x41114c HeapFree
0x411150 GetConsoleMode
0x411154 ReadConsoleInputA
0x411158 SetConsoleMode
0x41115c GetCommandLineA
0x411160 IsValidCodePage
0x411164 GetACP
0x411168 GetOEMCP
0x41116c GetCPInfo
0x411170 SetLastError
0x411174 GetCurrentThreadId
USER32.dll
0x411184 TranslateAcceleratorA
0x411188 GetMessageA
0x41118c TranslateMessage
0x411190 DispatchMessageA
0x411194 SendMessageA
0x411198 WaitForInputIdle
0x41119c InflateRect
0x4111a0 GetSysColorBrush
0x4111a4 SetCursor
0x4111a8 SetWindowTextA
0x4111ac EndDialog
0x4111b0 DialogBoxIndirectParamA
0x4111b4 LoadIconA
0x4111b8 LoadCursorA
0x4111bc FindWindowExA
0x4111c0 FindWindowA
0x4111c4 MessageBoxA
0x4111c8 GetClientRect
0x4111cc SetForegroundWindow
0x4111d0 DefWindowProcA
0x4111d4 UpdateWindow
0x4111d8 LoadAcceleratorsA
0x4111dc EnableWindow
0x4111e0 SetFocus
0x4111e4 EmptyClipboard
0x4111e8 SetClipboardData
0x4111ec CloseClipboard
0x4111f0 OpenClipboard
0x4111f4 GetDlgItem
0x4111f8 EndDeferWindowPos
0x4111fc DeferWindowPos
0x411200 BeginDeferWindowPos
0x411204 MoveWindow
0x411208 ShowWindow
0x41120c CreateWindowExA
0x411210 RegisterClassExA
0x411214 PostQuitMessage
GDI32.dll
0x411038 StartPage
0x41103c EndDoc
0x411040 StartDocA
0x411044 SetMapMode
0x411048 GetStockObject
0x41104c GetDeviceCaps
0x411050 DeleteDC
0x411054 CreateDCA
0x411058 EndPage
COMDLG32.dll
0x411030 PrintDlgA
ADVAPI32.dll
0x411000 RegQueryValueExA
0x411004 RegEnumKeyA
0x411008 RegOpenKeyExA
0x41100c RegSetValueExA
0x411010 RegQueryValueExW
0x411014 RegOpenKeyA
0x411018 RegCreateKeyA
0x41101c RegCloseKey
SHELL32.dll
0x41117c ShellExecuteExA
EAT(Export Address Table) is none