ScreenShot
| Created | 2021.09.03 17:12 | Machine | s1_win7_x6402 |
| Filename | raccon.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | f3e45f00b14b27a28c0ac04b5475a4a3 | ||
| sha256 | 2457694ff7a2d4ec5881b14863764a2aea6f16e41daec0998ca45c53f435d8b3 | ||
| ssdeep | 6144:WVCLRdtlV/6gpDylvxV9Oscokw70Ab/tqwkTw7t31/+010b40k3GZ5dWOmtMGd7B:WVCbd/6227vPcor7dMTuiG5lCxa7T | ||
| imphash | ecda7b3fe7f3df133ca77cddd8e4064d | ||
| impfuzzy | 24:seOu9E0Z9aTcru865DSql/0bG24oeOStslDJ3NryvDrHlRT4CplCqbjMU/8:9ZRrp5C8Sts7NYDbc2MqLE | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x45a008 SetLocalTime
0x45a00c InterlockedIncrement
0x45a010 ReadConsoleA
0x45a014 InterlockedDecrement
0x45a018 GetCurrentProcess
0x45a01c GetSystemWindowsDirectoryW
0x45a020 SetEnvironmentVariableW
0x45a024 GetEnvironmentStringsW
0x45a028 GetUserDefaultLCID
0x45a02c AddConsoleAliasW
0x45a030 SetVolumeMountPointW
0x45a034 EnumCalendarInfoExW
0x45a038 WriteFile
0x45a03c GetUserDefaultLangID
0x45a040 GetEnvironmentStrings
0x45a044 WriteConsoleOutputA
0x45a048 LeaveCriticalSection
0x45a04c lstrcpynW
0x45a050 FindNextVolumeW
0x45a054 VerifyVersionInfoA
0x45a058 GetModuleFileNameW
0x45a05c GetACP
0x45a060 GetConsoleOutputCP
0x45a064 GetProcAddress
0x45a068 PeekConsoleInputW
0x45a06c GetComputerNameExW
0x45a070 VerLanguageNameA
0x45a074 CreateTimerQueueTimer
0x45a078 HeapUnlock
0x45a07c LocalAlloc
0x45a080 GetDefaultCommConfigA
0x45a084 GetModuleHandleA
0x45a088 QueueUserWorkItem
0x45a08c HeapSetInformation
0x45a090 GetConsoleTitleW
0x45a094 ReadConsoleInputW
0x45a098 GlobalReAlloc
0x45a09c LCMapStringW
0x45a0a0 PulseEvent
0x45a0a4 GetCommandLineW
0x45a0a8 UnhandledExceptionFilter
0x45a0ac SetUnhandledExceptionFilter
0x45a0b0 GetStartupInfoW
0x45a0b4 GetModuleHandleW
0x45a0b8 Sleep
0x45a0bc ExitProcess
0x45a0c0 GetLastError
0x45a0c4 GetStdHandle
0x45a0c8 GetModuleFileNameA
0x45a0cc TlsGetValue
0x45a0d0 TlsAlloc
0x45a0d4 TlsSetValue
0x45a0d8 TlsFree
0x45a0dc SetLastError
0x45a0e0 GetCurrentThreadId
0x45a0e4 EnterCriticalSection
0x45a0e8 TerminateProcess
0x45a0ec IsDebuggerPresent
0x45a0f0 HeapSize
0x45a0f4 SetHandleCount
0x45a0f8 GetFileType
0x45a0fc GetStartupInfoA
0x45a100 DeleteCriticalSection
0x45a104 SetFilePointer
0x45a108 FreeEnvironmentStringsW
0x45a10c HeapCreate
0x45a110 VirtualFree
0x45a114 HeapFree
0x45a118 QueryPerformanceCounter
0x45a11c GetTickCount
0x45a120 GetCurrentProcessId
0x45a124 GetSystemTimeAsFileTime
0x45a128 LoadLibraryA
0x45a12c InitializeCriticalSectionAndSpinCount
0x45a130 GetCPInfo
0x45a134 GetOEMCP
0x45a138 IsValidCodePage
0x45a13c MultiByteToWideChar
0x45a140 RtlUnwind
0x45a144 HeapAlloc
0x45a148 HeapReAlloc
0x45a14c VirtualAlloc
0x45a150 WideCharToMultiByte
0x45a154 SetStdHandle
0x45a158 GetLocaleInfoA
0x45a15c GetStringTypeA
0x45a160 GetStringTypeW
0x45a164 LCMapStringA
0x45a168 GetConsoleCP
0x45a16c GetConsoleMode
0x45a170 FlushFileBuffers
0x45a174 CloseHandle
0x45a178 WriteConsoleA
0x45a17c WriteConsoleW
0x45a180 CreateFileA
USER32.dll
0x45a188 RealGetWindowClassW
GDI32.dll
0x45a000 GetCharWidthFloatA
EAT(Export Address Table) is none
KERNEL32.dll
0x45a008 SetLocalTime
0x45a00c InterlockedIncrement
0x45a010 ReadConsoleA
0x45a014 InterlockedDecrement
0x45a018 GetCurrentProcess
0x45a01c GetSystemWindowsDirectoryW
0x45a020 SetEnvironmentVariableW
0x45a024 GetEnvironmentStringsW
0x45a028 GetUserDefaultLCID
0x45a02c AddConsoleAliasW
0x45a030 SetVolumeMountPointW
0x45a034 EnumCalendarInfoExW
0x45a038 WriteFile
0x45a03c GetUserDefaultLangID
0x45a040 GetEnvironmentStrings
0x45a044 WriteConsoleOutputA
0x45a048 LeaveCriticalSection
0x45a04c lstrcpynW
0x45a050 FindNextVolumeW
0x45a054 VerifyVersionInfoA
0x45a058 GetModuleFileNameW
0x45a05c GetACP
0x45a060 GetConsoleOutputCP
0x45a064 GetProcAddress
0x45a068 PeekConsoleInputW
0x45a06c GetComputerNameExW
0x45a070 VerLanguageNameA
0x45a074 CreateTimerQueueTimer
0x45a078 HeapUnlock
0x45a07c LocalAlloc
0x45a080 GetDefaultCommConfigA
0x45a084 GetModuleHandleA
0x45a088 QueueUserWorkItem
0x45a08c HeapSetInformation
0x45a090 GetConsoleTitleW
0x45a094 ReadConsoleInputW
0x45a098 GlobalReAlloc
0x45a09c LCMapStringW
0x45a0a0 PulseEvent
0x45a0a4 GetCommandLineW
0x45a0a8 UnhandledExceptionFilter
0x45a0ac SetUnhandledExceptionFilter
0x45a0b0 GetStartupInfoW
0x45a0b4 GetModuleHandleW
0x45a0b8 Sleep
0x45a0bc ExitProcess
0x45a0c0 GetLastError
0x45a0c4 GetStdHandle
0x45a0c8 GetModuleFileNameA
0x45a0cc TlsGetValue
0x45a0d0 TlsAlloc
0x45a0d4 TlsSetValue
0x45a0d8 TlsFree
0x45a0dc SetLastError
0x45a0e0 GetCurrentThreadId
0x45a0e4 EnterCriticalSection
0x45a0e8 TerminateProcess
0x45a0ec IsDebuggerPresent
0x45a0f0 HeapSize
0x45a0f4 SetHandleCount
0x45a0f8 GetFileType
0x45a0fc GetStartupInfoA
0x45a100 DeleteCriticalSection
0x45a104 SetFilePointer
0x45a108 FreeEnvironmentStringsW
0x45a10c HeapCreate
0x45a110 VirtualFree
0x45a114 HeapFree
0x45a118 QueryPerformanceCounter
0x45a11c GetTickCount
0x45a120 GetCurrentProcessId
0x45a124 GetSystemTimeAsFileTime
0x45a128 LoadLibraryA
0x45a12c InitializeCriticalSectionAndSpinCount
0x45a130 GetCPInfo
0x45a134 GetOEMCP
0x45a138 IsValidCodePage
0x45a13c MultiByteToWideChar
0x45a140 RtlUnwind
0x45a144 HeapAlloc
0x45a148 HeapReAlloc
0x45a14c VirtualAlloc
0x45a150 WideCharToMultiByte
0x45a154 SetStdHandle
0x45a158 GetLocaleInfoA
0x45a15c GetStringTypeA
0x45a160 GetStringTypeW
0x45a164 LCMapStringA
0x45a168 GetConsoleCP
0x45a16c GetConsoleMode
0x45a170 FlushFileBuffers
0x45a174 CloseHandle
0x45a178 WriteConsoleA
0x45a17c WriteConsoleW
0x45a180 CreateFileA
USER32.dll
0x45a188 RealGetWindowClassW
GDI32.dll
0x45a000 GetCharWidthFloatA
EAT(Export Address Table) is none