ScreenShot
| Created | 2021.08.30 21:14 | Machine | s1_win7_x6401 |
| Filename | sefile2.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 26 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, Kryptik, Eldorado, Attribute, HighConfidence, CLASSIC, HPGen, Emotet, Sabsik, score, Artemis, Static AI, Malicious PE, ZexaF, tq0@auuWn2gG, confidence, susgen) | ||
| md5 | ad89701003aac4cb9faf20e58471cd37 | ||
| sha256 | 694c2240b27d908d83ee9b8c066d586a04a4fdea897ef123dae5da599cf43348 | ||
| ssdeep | 6144:5lLS8u2ergugl6CPi1wyxUGPTg+Z/hyUFXe1+VXfVRSP7EsI5/:5lujr5C6CKpqGLT0cv1Hc9c | ||
| imphash | 2fb51ab3c5f5a75e2a51c3be9bfc585e | ||
| impfuzzy | 24:puu9EukrkRr1Fruqo8oDSql/6kbbyHOb1bG2O24fbOS6dx+cjtrlHIeWJ3zlORyJ:SWrCcObsdq1dx+cjtFIVzRucaZU | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x42c000 GetCPInfo
0x42c004 HeapAlloc
0x42c008 EndUpdateResourceW
0x42c00c InterlockedIncrement
0x42c010 GetCurrentProcess
0x42c014 SetEnvironmentVariableW
0x42c018 GetEnvironmentStringsW
0x42c01c GetConsoleAliasesLengthA
0x42c020 GetConsoleTitleA
0x42c024 WriteFile
0x42c028 GetUserDefaultLangID
0x42c02c GetEnvironmentStrings
0x42c030 GlobalAlloc
0x42c034 SetVolumeMountPointA
0x42c038 GetSystemWindowsDirectoryA
0x42c03c WriteConsoleOutputA
0x42c040 lstrcpynW
0x42c044 HeapQueryInformation
0x42c048 GetModuleFileNameW
0x42c04c lstrlenA
0x42c050 VerifyVersionInfoW
0x42c054 GetCPInfoExW
0x42c058 ChangeTimerQueueTimer
0x42c05c GetProcAddress
0x42c060 PeekConsoleInputW
0x42c064 GetComputerNameExW
0x42c068 VerLanguageNameA
0x42c06c CreateTimerQueueTimer
0x42c070 FreeUserPhysicalPages
0x42c074 EnterCriticalSection
0x42c078 GetLocalTime
0x42c07c LoadLibraryA
0x42c080 GetCurrentConsoleFont
0x42c084 WaitForMultipleObjects
0x42c088 GetDefaultCommConfigA
0x42c08c VirtualProtect
0x42c090 FindFirstVolumeA
0x42c094 GetVersionExA
0x42c098 ReadConsoleInputW
0x42c09c GetVersion
0x42c0a0 AddConsoleAliasA
0x42c0a4 EnumCalendarInfoExA
0x42c0a8 CreateThread
0x42c0ac CreateFileA
0x42c0b0 LCMapStringA
0x42c0b4 GetCommandLineW
0x42c0b8 SetStdHandle
0x42c0bc WriteConsoleW
0x42c0c0 WideCharToMultiByte
0x42c0c4 InterlockedDecrement
0x42c0c8 InterlockedExchange
0x42c0cc MultiByteToWideChar
0x42c0d0 Sleep
0x42c0d4 InitializeCriticalSection
0x42c0d8 DeleteCriticalSection
0x42c0dc LeaveCriticalSection
0x42c0e0 UnhandledExceptionFilter
0x42c0e4 SetUnhandledExceptionFilter
0x42c0e8 GetLastError
0x42c0ec HeapFree
0x42c0f0 TerminateProcess
0x42c0f4 IsDebuggerPresent
0x42c0f8 GetModuleHandleW
0x42c0fc ExitProcess
0x42c100 GetStartupInfoW
0x42c104 RtlUnwind
0x42c108 LCMapStringW
0x42c10c GetStringTypeW
0x42c110 GetStdHandle
0x42c114 GetModuleFileNameA
0x42c118 HeapCreate
0x42c11c VirtualFree
0x42c120 VirtualAlloc
0x42c124 HeapReAlloc
0x42c128 TlsGetValue
0x42c12c TlsAlloc
0x42c130 TlsSetValue
0x42c134 TlsFree
0x42c138 SetLastError
0x42c13c GetCurrentThreadId
0x42c140 InitializeCriticalSectionAndSpinCount
0x42c144 FreeEnvironmentStringsW
0x42c148 SetHandleCount
0x42c14c GetFileType
0x42c150 GetStartupInfoA
0x42c154 QueryPerformanceCounter
0x42c158 GetTickCount
0x42c15c GetCurrentProcessId
0x42c160 GetSystemTimeAsFileTime
0x42c164 GetStringTypeA
0x42c168 HeapSize
0x42c16c GetACP
0x42c170 GetOEMCP
0x42c174 IsValidCodePage
0x42c178 GetLocaleInfoA
0x42c17c GetConsoleCP
0x42c180 GetConsoleMode
0x42c184 FlushFileBuffers
0x42c188 SetFilePointer
0x42c18c CloseHandle
0x42c190 WriteConsoleA
0x42c194 GetConsoleOutputCP
USER32.dll
0x42c19c ClientToScreen
0x42c1a0 RealGetWindowClassA
EAT(Export Address Table) is none
KERNEL32.dll
0x42c000 GetCPInfo
0x42c004 HeapAlloc
0x42c008 EndUpdateResourceW
0x42c00c InterlockedIncrement
0x42c010 GetCurrentProcess
0x42c014 SetEnvironmentVariableW
0x42c018 GetEnvironmentStringsW
0x42c01c GetConsoleAliasesLengthA
0x42c020 GetConsoleTitleA
0x42c024 WriteFile
0x42c028 GetUserDefaultLangID
0x42c02c GetEnvironmentStrings
0x42c030 GlobalAlloc
0x42c034 SetVolumeMountPointA
0x42c038 GetSystemWindowsDirectoryA
0x42c03c WriteConsoleOutputA
0x42c040 lstrcpynW
0x42c044 HeapQueryInformation
0x42c048 GetModuleFileNameW
0x42c04c lstrlenA
0x42c050 VerifyVersionInfoW
0x42c054 GetCPInfoExW
0x42c058 ChangeTimerQueueTimer
0x42c05c GetProcAddress
0x42c060 PeekConsoleInputW
0x42c064 GetComputerNameExW
0x42c068 VerLanguageNameA
0x42c06c CreateTimerQueueTimer
0x42c070 FreeUserPhysicalPages
0x42c074 EnterCriticalSection
0x42c078 GetLocalTime
0x42c07c LoadLibraryA
0x42c080 GetCurrentConsoleFont
0x42c084 WaitForMultipleObjects
0x42c088 GetDefaultCommConfigA
0x42c08c VirtualProtect
0x42c090 FindFirstVolumeA
0x42c094 GetVersionExA
0x42c098 ReadConsoleInputW
0x42c09c GetVersion
0x42c0a0 AddConsoleAliasA
0x42c0a4 EnumCalendarInfoExA
0x42c0a8 CreateThread
0x42c0ac CreateFileA
0x42c0b0 LCMapStringA
0x42c0b4 GetCommandLineW
0x42c0b8 SetStdHandle
0x42c0bc WriteConsoleW
0x42c0c0 WideCharToMultiByte
0x42c0c4 InterlockedDecrement
0x42c0c8 InterlockedExchange
0x42c0cc MultiByteToWideChar
0x42c0d0 Sleep
0x42c0d4 InitializeCriticalSection
0x42c0d8 DeleteCriticalSection
0x42c0dc LeaveCriticalSection
0x42c0e0 UnhandledExceptionFilter
0x42c0e4 SetUnhandledExceptionFilter
0x42c0e8 GetLastError
0x42c0ec HeapFree
0x42c0f0 TerminateProcess
0x42c0f4 IsDebuggerPresent
0x42c0f8 GetModuleHandleW
0x42c0fc ExitProcess
0x42c100 GetStartupInfoW
0x42c104 RtlUnwind
0x42c108 LCMapStringW
0x42c10c GetStringTypeW
0x42c110 GetStdHandle
0x42c114 GetModuleFileNameA
0x42c118 HeapCreate
0x42c11c VirtualFree
0x42c120 VirtualAlloc
0x42c124 HeapReAlloc
0x42c128 TlsGetValue
0x42c12c TlsAlloc
0x42c130 TlsSetValue
0x42c134 TlsFree
0x42c138 SetLastError
0x42c13c GetCurrentThreadId
0x42c140 InitializeCriticalSectionAndSpinCount
0x42c144 FreeEnvironmentStringsW
0x42c148 SetHandleCount
0x42c14c GetFileType
0x42c150 GetStartupInfoA
0x42c154 QueryPerformanceCounter
0x42c158 GetTickCount
0x42c15c GetCurrentProcessId
0x42c160 GetSystemTimeAsFileTime
0x42c164 GetStringTypeA
0x42c168 HeapSize
0x42c16c GetACP
0x42c170 GetOEMCP
0x42c174 IsValidCodePage
0x42c178 GetLocaleInfoA
0x42c17c GetConsoleCP
0x42c180 GetConsoleMode
0x42c184 FlushFileBuffers
0x42c188 SetFilePointer
0x42c18c CloseHandle
0x42c190 WriteConsoleA
0x42c194 GetConsoleOutputCP
USER32.dll
0x42c19c ClientToScreen
0x42c1a0 RealGetWindowClassA
EAT(Export Address Table) is none