ScreenShot
| Created | 2021.08.30 19:00 | Machine | s1_win7_x6402 |
| Filename | nbfile.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 31 detected (AIDetect, malware1, malicious, high confidence, score, Unsafe, Save, confidence, Johnnie, Kryptik, Eldorado, Attribute, HighConfidence, Emotet, Static AI, Malicious PE, ai score=86, Sabsik, CLASSIC, susgen, ZexaF, Eq0@auGByeiG) | ||
| md5 | 4028f8bc868998d649445bd063fa108b | ||
| sha256 | d3a5b777c6bf05953b2aecb511a605e268a5de26659d1b044fc03cc5700e2e09 | ||
| ssdeep | 12288:QSX9HsbebKS79md1hFdwMpgmvfs7avbtv1Hc9c:XHRbKS7AhPzgm7jtvZ | ||
| imphash | 2fb51ab3c5f5a75e2a51c3be9bfc585e | ||
| impfuzzy | 24:puu9EukrkRr1Fruqo8oDSql/6kbbyHOb1bG2O24fbOS6dx+cjtrlHIeWJ3zlORyJ:SWrCcObsdq1dx+cjtFIVzRucaZU | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 31 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x459000 GetCPInfo
0x459004 HeapAlloc
0x459008 EndUpdateResourceW
0x45900c InterlockedIncrement
0x459010 GetCurrentProcess
0x459014 SetEnvironmentVariableW
0x459018 GetEnvironmentStringsW
0x45901c GetConsoleAliasesLengthA
0x459020 GetConsoleTitleA
0x459024 WriteFile
0x459028 GetUserDefaultLangID
0x45902c GetEnvironmentStrings
0x459030 GlobalAlloc
0x459034 SetVolumeMountPointA
0x459038 GetSystemWindowsDirectoryA
0x45903c WriteConsoleOutputA
0x459040 lstrcpynW
0x459044 HeapQueryInformation
0x459048 GetModuleFileNameW
0x45904c lstrlenA
0x459050 VerifyVersionInfoW
0x459054 GetCPInfoExW
0x459058 ChangeTimerQueueTimer
0x45905c GetProcAddress
0x459060 PeekConsoleInputW
0x459064 GetComputerNameExW
0x459068 VerLanguageNameA
0x45906c CreateTimerQueueTimer
0x459070 FreeUserPhysicalPages
0x459074 EnterCriticalSection
0x459078 GetLocalTime
0x45907c LoadLibraryA
0x459080 GetCurrentConsoleFont
0x459084 WaitForMultipleObjects
0x459088 GetDefaultCommConfigA
0x45908c VirtualProtect
0x459090 FindFirstVolumeA
0x459094 GetVersionExA
0x459098 ReadConsoleInputW
0x45909c GetVersion
0x4590a0 AddConsoleAliasA
0x4590a4 EnumCalendarInfoExA
0x4590a8 CreateThread
0x4590ac CreateFileA
0x4590b0 LCMapStringA
0x4590b4 GetCommandLineW
0x4590b8 SetStdHandle
0x4590bc WriteConsoleW
0x4590c0 WideCharToMultiByte
0x4590c4 InterlockedDecrement
0x4590c8 InterlockedExchange
0x4590cc MultiByteToWideChar
0x4590d0 Sleep
0x4590d4 InitializeCriticalSection
0x4590d8 DeleteCriticalSection
0x4590dc LeaveCriticalSection
0x4590e0 UnhandledExceptionFilter
0x4590e4 SetUnhandledExceptionFilter
0x4590e8 GetLastError
0x4590ec HeapFree
0x4590f0 TerminateProcess
0x4590f4 IsDebuggerPresent
0x4590f8 GetModuleHandleW
0x4590fc ExitProcess
0x459100 GetStartupInfoW
0x459104 RtlUnwind
0x459108 LCMapStringW
0x45910c GetStringTypeW
0x459110 GetStdHandle
0x459114 GetModuleFileNameA
0x459118 HeapCreate
0x45911c VirtualFree
0x459120 VirtualAlloc
0x459124 HeapReAlloc
0x459128 TlsGetValue
0x45912c TlsAlloc
0x459130 TlsSetValue
0x459134 TlsFree
0x459138 SetLastError
0x45913c GetCurrentThreadId
0x459140 InitializeCriticalSectionAndSpinCount
0x459144 FreeEnvironmentStringsW
0x459148 SetHandleCount
0x45914c GetFileType
0x459150 GetStartupInfoA
0x459154 QueryPerformanceCounter
0x459158 GetTickCount
0x45915c GetCurrentProcessId
0x459160 GetSystemTimeAsFileTime
0x459164 GetStringTypeA
0x459168 HeapSize
0x45916c GetACP
0x459170 GetOEMCP
0x459174 IsValidCodePage
0x459178 GetLocaleInfoA
0x45917c GetConsoleCP
0x459180 GetConsoleMode
0x459184 FlushFileBuffers
0x459188 SetFilePointer
0x45918c CloseHandle
0x459190 WriteConsoleA
0x459194 GetConsoleOutputCP
USER32.dll
0x45919c ClientToScreen
0x4591a0 RealGetWindowClassA
EAT(Export Address Table) is none
KERNEL32.dll
0x459000 GetCPInfo
0x459004 HeapAlloc
0x459008 EndUpdateResourceW
0x45900c InterlockedIncrement
0x459010 GetCurrentProcess
0x459014 SetEnvironmentVariableW
0x459018 GetEnvironmentStringsW
0x45901c GetConsoleAliasesLengthA
0x459020 GetConsoleTitleA
0x459024 WriteFile
0x459028 GetUserDefaultLangID
0x45902c GetEnvironmentStrings
0x459030 GlobalAlloc
0x459034 SetVolumeMountPointA
0x459038 GetSystemWindowsDirectoryA
0x45903c WriteConsoleOutputA
0x459040 lstrcpynW
0x459044 HeapQueryInformation
0x459048 GetModuleFileNameW
0x45904c lstrlenA
0x459050 VerifyVersionInfoW
0x459054 GetCPInfoExW
0x459058 ChangeTimerQueueTimer
0x45905c GetProcAddress
0x459060 PeekConsoleInputW
0x459064 GetComputerNameExW
0x459068 VerLanguageNameA
0x45906c CreateTimerQueueTimer
0x459070 FreeUserPhysicalPages
0x459074 EnterCriticalSection
0x459078 GetLocalTime
0x45907c LoadLibraryA
0x459080 GetCurrentConsoleFont
0x459084 WaitForMultipleObjects
0x459088 GetDefaultCommConfigA
0x45908c VirtualProtect
0x459090 FindFirstVolumeA
0x459094 GetVersionExA
0x459098 ReadConsoleInputW
0x45909c GetVersion
0x4590a0 AddConsoleAliasA
0x4590a4 EnumCalendarInfoExA
0x4590a8 CreateThread
0x4590ac CreateFileA
0x4590b0 LCMapStringA
0x4590b4 GetCommandLineW
0x4590b8 SetStdHandle
0x4590bc WriteConsoleW
0x4590c0 WideCharToMultiByte
0x4590c4 InterlockedDecrement
0x4590c8 InterlockedExchange
0x4590cc MultiByteToWideChar
0x4590d0 Sleep
0x4590d4 InitializeCriticalSection
0x4590d8 DeleteCriticalSection
0x4590dc LeaveCriticalSection
0x4590e0 UnhandledExceptionFilter
0x4590e4 SetUnhandledExceptionFilter
0x4590e8 GetLastError
0x4590ec HeapFree
0x4590f0 TerminateProcess
0x4590f4 IsDebuggerPresent
0x4590f8 GetModuleHandleW
0x4590fc ExitProcess
0x459100 GetStartupInfoW
0x459104 RtlUnwind
0x459108 LCMapStringW
0x45910c GetStringTypeW
0x459110 GetStdHandle
0x459114 GetModuleFileNameA
0x459118 HeapCreate
0x45911c VirtualFree
0x459120 VirtualAlloc
0x459124 HeapReAlloc
0x459128 TlsGetValue
0x45912c TlsAlloc
0x459130 TlsSetValue
0x459134 TlsFree
0x459138 SetLastError
0x45913c GetCurrentThreadId
0x459140 InitializeCriticalSectionAndSpinCount
0x459144 FreeEnvironmentStringsW
0x459148 SetHandleCount
0x45914c GetFileType
0x459150 GetStartupInfoA
0x459154 QueryPerformanceCounter
0x459158 GetTickCount
0x45915c GetCurrentProcessId
0x459160 GetSystemTimeAsFileTime
0x459164 GetStringTypeA
0x459168 HeapSize
0x45916c GetACP
0x459170 GetOEMCP
0x459174 IsValidCodePage
0x459178 GetLocaleInfoA
0x45917c GetConsoleCP
0x459180 GetConsoleMode
0x459184 FlushFileBuffers
0x459188 SetFilePointer
0x45918c CloseHandle
0x459190 WriteConsoleA
0x459194 GetConsoleOutputCP
USER32.dll
0x45919c ClientToScreen
0x4591a0 RealGetWindowClassA
EAT(Export Address Table) is none