ScreenShot
| Created | 2021.09.03 08:53 | Machine | s1_win7_x6402 |
| Filename | Install_Rental_LL12_2018_4.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 15 detected (Artemis, Fugrafa, Skoba, Prikormka, ai score=83, ASMalwS, kcloud, BScope) | ||
| md5 | 2a4bcd31051a5656d118ca1617da35d6 | ||
| sha256 | e2672839a0439ff00d5e97781bb024c4dfc275092b1a4b53faa5d77b83cfea93 | ||
| ssdeep | 393216:X6SnbdU8E+QATHQogSEOzVmOOc1HTJ47O2bK:X6S5UiQATG7OzRJn | ||
| imphash | d827402c5405ea3585205395d6e778fa | ||
| impfuzzy | 48:B9xOU2acp61vQDKmGLdwkt33oSL/0XiNIyn6gSvJzRAkEkEUj6Uy1bb4rz/glkod:B/D2acp61vQWmGLvt32MCTSKFC | ||
Network IP location
Signature (17cnts)
| Level | Description |
|---|---|
| warning | Drops 416 unknown file mime types indicative of ransomware writing encrypted files back to disk |
| watch | Checks for the presence of known windows from debuggers and forensic tools |
| watch | Deletes a large number of files from the system indicative of ransomware |
| watch | File has been identified by 15 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates (office) documents on the filesystem |
| notice | Creates a shortcut to an executable file |
| notice | Creates executable files on the filesystem |
| notice | Creates hidden or system file |
| notice | Drops an executable to the user AppData folder |
| notice | Queries for potentially installed applications |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| info | Checks amount of memory in system |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | Tries to locate where the browsers are installed |
Rules (24cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (download) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | PDF_Suspicious_Link_Z | PDF Suspicious Link | binaries (download) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (download) |
| watch | ASPack_Zero | ASPack packed file | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | Win32_Trojan_PWS_Net_1_Zero | Win32 Trojan PWS .NET Azorult | binaries (download) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (download) |
| notice | PDF_Format_Z | PDF Format | binaries (download) |
| info | Is_DotNET_EXE | (no description) | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | Microsoft_Office_File_Zero | Microsoft Office File | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | PNG_Format_Zero | PNG Format | binaries (download) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (download) |
| info | Win_Backdoor_AsyncRAT_Zero | Win Backdoor AsyncRAT | binaries (download) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x42e018 GetLastError
0x42e01c ResetEvent
0x42e020 CreateEventW
0x42e024 CloseHandle
0x42e028 MultiByteToWideChar
0x42e02c WideCharToMultiByte
0x42e030 GetModuleFileNameW
0x42e034 FormatMessageW
0x42e038 LocalFree
0x42e03c GetWindowsDirectoryW
0x42e040 CreateFileW
0x42e044 SetFileTime
0x42e048 SetFileAttributesW
0x42e04c RemoveDirectoryW
0x42e050 CreateDirectoryW
0x42e054 GetFileInformationByHandle
0x42e058 DeleteFileW
0x42e05c GetShortPathNameW
0x42e060 GetFullPathNameW
0x42e064 lstrlenW
0x42e068 GetCurrentDirectoryW
0x42e06c GetTempFileNameW
0x42e070 FindClose
0x42e074 FindFirstFileW
0x42e078 FindNextFileW
0x42e07c GetFileSize
0x42e080 SetFilePointer
0x42e084 ReadFile
0x42e088 WriteFile
0x42e08c SetEndOfFile
0x42e090 DeleteCriticalSection
0x42e094 GetStdHandle
0x42e098 EnterCriticalSection
0x42e09c LeaveCriticalSection
0x42e0a0 InitializeCriticalSection
0x42e0a4 GetCurrentProcessId
0x42e0a8 GetCurrentThreadId
0x42e0ac QueryPerformanceCounter
0x42e0b0 GetTickCount
0x42e0b4 Sleep
0x42e0b8 LocalAlloc
0x42e0bc SetCurrentDirectoryW
0x42e0c0 GetVersion
0x42e0c4 GetCommandLineW
0x42e0c8 CreateProcessW
0x42e0cc GetExitCodeProcess
0x42e0d0 FlushFileBuffers
0x42e0d4 CreateFileA
0x42e0d8 WriteConsoleW
0x42e0dc GetConsoleOutputCP
0x42e0e0 WriteConsoleA
0x42e0e4 SetStdHandle
0x42e0e8 LCMapStringW
0x42e0ec LCMapStringA
0x42e0f0 GetStringTypeW
0x42e0f4 GetStringTypeA
0x42e0f8 GetConsoleMode
0x42e0fc GetConsoleCP
0x42e100 GetLocaleInfoA
0x42e104 IsValidCodePage
0x42e108 GetOEMCP
0x42e10c GetACP
0x42e110 GetCPInfo
0x42e114 LoadLibraryA
0x42e118 RaiseException
0x42e11c RtlUnwind
0x42e120 InitializeCriticalSectionAndSpinCount
0x42e124 GetSystemTimeAsFileTime
0x42e128 WaitForSingleObject
0x42e12c SetEvent
0x42e130 GetVersionExW
0x42e134 VirtualAlloc
0x42e138 WaitForMultipleObjects
0x42e13c VirtualFree
0x42e140 GetFileType
0x42e144 SetHandleCount
0x42e148 GetEnvironmentStringsW
0x42e14c FreeEnvironmentStringsW
0x42e150 GetEnvironmentStrings
0x42e154 FreeEnvironmentStringsA
0x42e158 HeapSize
0x42e15c InterlockedDecrement
0x42e160 SetLastError
0x42e164 InterlockedIncrement
0x42e168 TlsFree
0x42e16c TlsSetValue
0x42e170 TlsAlloc
0x42e174 HeapFree
0x42e178 HeapAlloc
0x42e17c ExitThread
0x42e180 CreateThread
0x42e184 HeapReAlloc
0x42e188 GetCommandLineA
0x42e18c GetStartupInfoA
0x42e190 TerminateProcess
0x42e194 GetCurrentProcess
0x42e198 UnhandledExceptionFilter
0x42e19c SetUnhandledExceptionFilter
0x42e1a0 IsDebuggerPresent
0x42e1a4 HeapCreate
0x42e1a8 GetModuleHandleW
0x42e1ac GetProcAddress
0x42e1b0 ExitProcess
0x42e1b4 GetModuleFileNameA
0x42e1b8 TlsGetValue
USER32.dll
0x42e1e0 SetForegroundWindow
0x42e1e4 CharUpperW
0x42e1e8 GetWindowRect
0x42e1ec DestroyWindow
0x42e1f0 RegisterWindowMessageW
0x42e1f4 AdjustWindowRect
0x42e1f8 LoadImageW
0x42e1fc KillTimer
0x42e200 SetTimer
0x42e204 PostMessageW
0x42e208 EndDialog
0x42e20c IsDlgButtonChecked
0x42e210 SetDlgItemTextW
0x42e214 GetDlgItem
0x42e218 SetWindowTextW
0x42e21c GetWindowTextW
0x42e220 GetWindowTextLengthW
0x42e224 LoadStringW
0x42e228 DialogBoxParamW
0x42e22c CreateDialogParamW
0x42e230 SystemParametersInfoW
0x42e234 PeekMessageW
0x42e238 GetDesktopWindow
0x42e23c MessageBoxW
0x42e240 SendMessageW
0x42e244 GetWindowLongW
0x42e248 SetWindowLongW
0x42e24c ShowWindow
0x42e250 MoveWindow
0x42e254 LoadIconW
GDI32.dll
0x42e010 GetObjectW
ADVAPI32.dll
0x42e000 RegSetValueExW
0x42e004 RegCreateKeyExW
0x42e008 RegCloseKey
SHELL32.dll
0x42e1d4 SHGetFolderPathW
0x42e1d8 ShellExecuteExW
ole32.dll
0x42e25c CoInitializeEx
0x42e260 CoInitialize
0x42e264 CoCreateInstance
OLEAUT32.dll
0x42e1c0 SysAllocStringLen
0x42e1c4 SysFreeString
0x42e1c8 VariantClear
0x42e1cc SysAllocString
EAT(Export Address Table) is none
KERNEL32.dll
0x42e018 GetLastError
0x42e01c ResetEvent
0x42e020 CreateEventW
0x42e024 CloseHandle
0x42e028 MultiByteToWideChar
0x42e02c WideCharToMultiByte
0x42e030 GetModuleFileNameW
0x42e034 FormatMessageW
0x42e038 LocalFree
0x42e03c GetWindowsDirectoryW
0x42e040 CreateFileW
0x42e044 SetFileTime
0x42e048 SetFileAttributesW
0x42e04c RemoveDirectoryW
0x42e050 CreateDirectoryW
0x42e054 GetFileInformationByHandle
0x42e058 DeleteFileW
0x42e05c GetShortPathNameW
0x42e060 GetFullPathNameW
0x42e064 lstrlenW
0x42e068 GetCurrentDirectoryW
0x42e06c GetTempFileNameW
0x42e070 FindClose
0x42e074 FindFirstFileW
0x42e078 FindNextFileW
0x42e07c GetFileSize
0x42e080 SetFilePointer
0x42e084 ReadFile
0x42e088 WriteFile
0x42e08c SetEndOfFile
0x42e090 DeleteCriticalSection
0x42e094 GetStdHandle
0x42e098 EnterCriticalSection
0x42e09c LeaveCriticalSection
0x42e0a0 InitializeCriticalSection
0x42e0a4 GetCurrentProcessId
0x42e0a8 GetCurrentThreadId
0x42e0ac QueryPerformanceCounter
0x42e0b0 GetTickCount
0x42e0b4 Sleep
0x42e0b8 LocalAlloc
0x42e0bc SetCurrentDirectoryW
0x42e0c0 GetVersion
0x42e0c4 GetCommandLineW
0x42e0c8 CreateProcessW
0x42e0cc GetExitCodeProcess
0x42e0d0 FlushFileBuffers
0x42e0d4 CreateFileA
0x42e0d8 WriteConsoleW
0x42e0dc GetConsoleOutputCP
0x42e0e0 WriteConsoleA
0x42e0e4 SetStdHandle
0x42e0e8 LCMapStringW
0x42e0ec LCMapStringA
0x42e0f0 GetStringTypeW
0x42e0f4 GetStringTypeA
0x42e0f8 GetConsoleMode
0x42e0fc GetConsoleCP
0x42e100 GetLocaleInfoA
0x42e104 IsValidCodePage
0x42e108 GetOEMCP
0x42e10c GetACP
0x42e110 GetCPInfo
0x42e114 LoadLibraryA
0x42e118 RaiseException
0x42e11c RtlUnwind
0x42e120 InitializeCriticalSectionAndSpinCount
0x42e124 GetSystemTimeAsFileTime
0x42e128 WaitForSingleObject
0x42e12c SetEvent
0x42e130 GetVersionExW
0x42e134 VirtualAlloc
0x42e138 WaitForMultipleObjects
0x42e13c VirtualFree
0x42e140 GetFileType
0x42e144 SetHandleCount
0x42e148 GetEnvironmentStringsW
0x42e14c FreeEnvironmentStringsW
0x42e150 GetEnvironmentStrings
0x42e154 FreeEnvironmentStringsA
0x42e158 HeapSize
0x42e15c InterlockedDecrement
0x42e160 SetLastError
0x42e164 InterlockedIncrement
0x42e168 TlsFree
0x42e16c TlsSetValue
0x42e170 TlsAlloc
0x42e174 HeapFree
0x42e178 HeapAlloc
0x42e17c ExitThread
0x42e180 CreateThread
0x42e184 HeapReAlloc
0x42e188 GetCommandLineA
0x42e18c GetStartupInfoA
0x42e190 TerminateProcess
0x42e194 GetCurrentProcess
0x42e198 UnhandledExceptionFilter
0x42e19c SetUnhandledExceptionFilter
0x42e1a0 IsDebuggerPresent
0x42e1a4 HeapCreate
0x42e1a8 GetModuleHandleW
0x42e1ac GetProcAddress
0x42e1b0 ExitProcess
0x42e1b4 GetModuleFileNameA
0x42e1b8 TlsGetValue
USER32.dll
0x42e1e0 SetForegroundWindow
0x42e1e4 CharUpperW
0x42e1e8 GetWindowRect
0x42e1ec DestroyWindow
0x42e1f0 RegisterWindowMessageW
0x42e1f4 AdjustWindowRect
0x42e1f8 LoadImageW
0x42e1fc KillTimer
0x42e200 SetTimer
0x42e204 PostMessageW
0x42e208 EndDialog
0x42e20c IsDlgButtonChecked
0x42e210 SetDlgItemTextW
0x42e214 GetDlgItem
0x42e218 SetWindowTextW
0x42e21c GetWindowTextW
0x42e220 GetWindowTextLengthW
0x42e224 LoadStringW
0x42e228 DialogBoxParamW
0x42e22c CreateDialogParamW
0x42e230 SystemParametersInfoW
0x42e234 PeekMessageW
0x42e238 GetDesktopWindow
0x42e23c MessageBoxW
0x42e240 SendMessageW
0x42e244 GetWindowLongW
0x42e248 SetWindowLongW
0x42e24c ShowWindow
0x42e250 MoveWindow
0x42e254 LoadIconW
GDI32.dll
0x42e010 GetObjectW
ADVAPI32.dll
0x42e000 RegSetValueExW
0x42e004 RegCreateKeyExW
0x42e008 RegCloseKey
SHELL32.dll
0x42e1d4 SHGetFolderPathW
0x42e1d8 ShellExecuteExW
ole32.dll
0x42e25c CoInitializeEx
0x42e260 CoInitialize
0x42e264 CoCreateInstance
OLEAUT32.dll
0x42e1c0 SysAllocStringLen
0x42e1c4 SysFreeString
0x42e1c8 VariantClear
0x42e1cc SysAllocString
EAT(Export Address Table) is none