ScreenShot
| Created | 2021.09.04 14:07 | Machine | s1_win7_x6401 |
| Filename | pcpedemo.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 16 detected (MulDrop6, GenericKD, Malicious, eyzxwn, FileRepMalware, Gael, StartPage, ASMalwS, Artemis, Generic@ML, RDML, d3pNRJ5EMfbcg+aGO2pzYg, GenAsa, 0kueZvHlrWs, susgen) | ||
| md5 | 250e548c641a259913efe572efa37914 | ||
| sha256 | d59cc2a48ae66096aadcf1ea1b7ae46fb0f56fe19ac5d82320a7ff68bc982d49 | ||
| ssdeep | 12288:QWxI5X0kR9LqnuATDxM2PDeejWr8ivlNvhA01rWzHpN3plMCb:ZI0kRR+uaDLdjWgISHp/6C | ||
| imphash | 3d612c553445d229cba686dbcaab8a7a | ||
| impfuzzy | 48:BOsODep1bbcurVg9DeCiZhqN5/ES5lSv/1n6GppNy6U0V40vrzLkyl53GTRXun9y:BOsL1bbcumpeCizA2xNjtHQ | ||
Network IP location
Signature (11cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 16 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Creates executable files on the filesystem |
| notice | Drops a binary and executes it |
| notice | Drops an executable to the user AppData folder |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | The executable uses a known packer |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | NSIS_Installer | Null Soft Installer | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x427000 SetCurrentDirectoryA
0x427004 GetCurrentDirectoryA
0x427008 GetTickCount
0x42700c GetTempPathA
0x427010 GetTempFileNameA
0x427014 DeleteFileA
0x427018 SetEnvironmentVariableA
0x42701c CompareStringW
0x427020 CompareStringA
0x427024 SetEndOfFile
0x427028 SetStdHandle
0x42702c LoadLibraryA
0x427030 GetOEMCP
0x427034 GetACP
0x427038 GetCPInfo
0x42703c IsBadCodePtr
0x427040 SetUnhandledExceptionFilter
0x427044 LCMapStringW
0x427048 LCMapStringA
0x42704c GetProcAddress
0x427050 GetStringTypeW
0x427054 GetStringTypeA
0x427058 FlushFileBuffers
0x42705c IsBadWritePtr
0x427060 VirtualAlloc
0x427064 RaiseException
0x427068 VirtualFree
0x42706c HeapCreate
0x427070 HeapDestroy
0x427074 GetFileType
0x427078 GetStdHandle
0x42707c SetHandleCount
0x427080 GetEnvironmentStringsW
0x427084 GetEnvironmentStrings
0x427088 FreeEnvironmentStringsW
0x42708c CloseHandle
0x427090 CreateFileA
0x427094 MoveFileA
0x427098 SystemTimeToFileTime
0x42709c GetLocalTime
0x4270a0 FileTimeToDosDateTime
0x4270a4 DosDateTimeToFileTime
0x4270a8 GetFileAttributesA
0x4270ac CompareFileTime
0x4270b0 SetFileAttributesA
0x4270b4 SetFileTime
0x4270b8 LocalFileTimeToFileTime
0x4270bc WriteFile
0x4270c0 WideCharToMultiByte
0x4270c4 MultiByteToWideChar
0x4270c8 ReadFile
0x4270cc GetFileSize
0x4270d0 GetLastError
0x4270d4 LocalFree
0x4270d8 FormatMessageA
0x4270dc GetFileTime
0x4270e0 GetCurrentThreadId
0x4270e4 IsBadReadPtr
0x4270e8 MapViewOfFile
0x4270ec CreateFileMappingA
0x4270f0 GetModuleFileNameA
0x4270f4 SetFilePointer
0x4270f8 UnmapViewOfFile
0x4270fc CreateDirectoryA
0x427100 GetSystemTime
0x427104 RtlUnwind
0x427108 GetModuleHandleA
0x42710c GetStartupInfoA
0x427110 GetCommandLineA
0x427114 GetVersion
0x427118 ExitProcess
0x42711c GetTimeZoneInformation
0x427120 HeapAlloc
0x427124 HeapFree
0x427128 HeapReAlloc
0x42712c TerminateProcess
0x427130 GetCurrentProcess
0x427134 HeapSize
0x427138 UnhandledExceptionFilter
0x42713c FreeEnvironmentStringsA
USER32.dll
0x427160 DestroyWindow
0x427164 BeginPaint
0x427168 EndPaint
0x42716c CreateWindowExA
0x427170 EndDialog
0x427174 DefWindowProcA
0x427178 PostMessageA
0x42717c SetDlgItemTextA
0x427180 SendDlgItemMessageA
0x427184 SetTimer
0x427188 DialogBoxParamA
0x42718c GetDlgItemTextA
0x427190 LoadCursorA
0x427194 RegisterClassExA
0x427198 GetDesktopWindow
0x42719c GetWindowRect
0x4271a0 CopyRect
0x4271a4 OffsetRect
0x4271a8 SetWindowPos
0x4271ac LoadStringA
0x4271b0 GetMessageA
0x4271b4 TranslateMessage
0x4271b8 DispatchMessageA
0x4271bc GetDlgItem
0x4271c0 SendMessageA
0x4271c4 MessageBoxA
0x4271c8 PostQuitMessage
SHELL32.dll
0x42714c SHGetPathFromIDListA
0x427150 SHGetMalloc
0x427154 ShellExecuteA
0x427158 SHBrowseForFolderA
OLEAUT32.dll
0x427144 VariantClear
EAT(Export Address Table) is none
KERNEL32.dll
0x427000 SetCurrentDirectoryA
0x427004 GetCurrentDirectoryA
0x427008 GetTickCount
0x42700c GetTempPathA
0x427010 GetTempFileNameA
0x427014 DeleteFileA
0x427018 SetEnvironmentVariableA
0x42701c CompareStringW
0x427020 CompareStringA
0x427024 SetEndOfFile
0x427028 SetStdHandle
0x42702c LoadLibraryA
0x427030 GetOEMCP
0x427034 GetACP
0x427038 GetCPInfo
0x42703c IsBadCodePtr
0x427040 SetUnhandledExceptionFilter
0x427044 LCMapStringW
0x427048 LCMapStringA
0x42704c GetProcAddress
0x427050 GetStringTypeW
0x427054 GetStringTypeA
0x427058 FlushFileBuffers
0x42705c IsBadWritePtr
0x427060 VirtualAlloc
0x427064 RaiseException
0x427068 VirtualFree
0x42706c HeapCreate
0x427070 HeapDestroy
0x427074 GetFileType
0x427078 GetStdHandle
0x42707c SetHandleCount
0x427080 GetEnvironmentStringsW
0x427084 GetEnvironmentStrings
0x427088 FreeEnvironmentStringsW
0x42708c CloseHandle
0x427090 CreateFileA
0x427094 MoveFileA
0x427098 SystemTimeToFileTime
0x42709c GetLocalTime
0x4270a0 FileTimeToDosDateTime
0x4270a4 DosDateTimeToFileTime
0x4270a8 GetFileAttributesA
0x4270ac CompareFileTime
0x4270b0 SetFileAttributesA
0x4270b4 SetFileTime
0x4270b8 LocalFileTimeToFileTime
0x4270bc WriteFile
0x4270c0 WideCharToMultiByte
0x4270c4 MultiByteToWideChar
0x4270c8 ReadFile
0x4270cc GetFileSize
0x4270d0 GetLastError
0x4270d4 LocalFree
0x4270d8 FormatMessageA
0x4270dc GetFileTime
0x4270e0 GetCurrentThreadId
0x4270e4 IsBadReadPtr
0x4270e8 MapViewOfFile
0x4270ec CreateFileMappingA
0x4270f0 GetModuleFileNameA
0x4270f4 SetFilePointer
0x4270f8 UnmapViewOfFile
0x4270fc CreateDirectoryA
0x427100 GetSystemTime
0x427104 RtlUnwind
0x427108 GetModuleHandleA
0x42710c GetStartupInfoA
0x427110 GetCommandLineA
0x427114 GetVersion
0x427118 ExitProcess
0x42711c GetTimeZoneInformation
0x427120 HeapAlloc
0x427124 HeapFree
0x427128 HeapReAlloc
0x42712c TerminateProcess
0x427130 GetCurrentProcess
0x427134 HeapSize
0x427138 UnhandledExceptionFilter
0x42713c FreeEnvironmentStringsA
USER32.dll
0x427160 DestroyWindow
0x427164 BeginPaint
0x427168 EndPaint
0x42716c CreateWindowExA
0x427170 EndDialog
0x427174 DefWindowProcA
0x427178 PostMessageA
0x42717c SetDlgItemTextA
0x427180 SendDlgItemMessageA
0x427184 SetTimer
0x427188 DialogBoxParamA
0x42718c GetDlgItemTextA
0x427190 LoadCursorA
0x427194 RegisterClassExA
0x427198 GetDesktopWindow
0x42719c GetWindowRect
0x4271a0 CopyRect
0x4271a4 OffsetRect
0x4271a8 SetWindowPos
0x4271ac LoadStringA
0x4271b0 GetMessageA
0x4271b4 TranslateMessage
0x4271b8 DispatchMessageA
0x4271bc GetDlgItem
0x4271c0 SendMessageA
0x4271c4 MessageBoxA
0x4271c8 PostQuitMessage
SHELL32.dll
0x42714c SHGetPathFromIDListA
0x427150 SHGetMalloc
0x427154 ShellExecuteA
0x427158 SHBrowseForFolderA
OLEAUT32.dll
0x427144 VariantClear
EAT(Export Address Table) is none