ScreenShot
| Created | 2021.09.04 14:18 | Machine | s1_win7_x6402 |
| Filename | chrome.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 51 detected (AIDetect, malware2, Chapak, malicious, high confidence, DownLoader41, GenericKD, Unsafe, Save, confidence, Kryptik, ZexaF, VqX@aumi, Eldorado, HMHH, Raccoon, goydfx, MalwareX, Ljag, S + Troj, Krypt, Emotet, Azorult, Score, AGEN, GenericMC, Racoon, MalPE, R439609, ai score=83, Sabsik, Obscure, CLASSIC, D9gaZS6zew4, Static AI, Malicious PE, susgen, GenKryptik, FJXI, GdSda) | ||
| md5 | 30b21677cf7a267da2ef6daff813d054 | ||
| sha256 | 98b5264d43dd36905b4383d8851a97d54fd985713885f6a17edf0b10b6737172 | ||
| ssdeep | 12288:Ekeom883TT3WgpDtz8LIqh8Zs94Ch3POefjfH5dDhj0uxh+Ao/xYm2F5Vk2T:zeom82Ltz8Qs94Ch3POeTHFguxhCxYmi | ||
| imphash | f536c766660697a0f33f0299d3f205dd | ||
| impfuzzy | 24:QgkN/rnSjV4WHsOcOovaV4rMckHh6dPv5UbDmTfHgWM6O0hOmgafPvPjM1KfJbtq:Qgo+EODV6dPBeghOmgafnAYthS7xOdU | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x425000 EnumResourceNamesW
0x425004 GetFileSize
0x425008 GetNativeSystemInfo
0x42500c lstrlenA
0x425010 GetStringTypeA
0x425014 SetLocalTime
0x425018 FindResourceExW
0x42501c GetQueuedCompletionStatus
0x425020 InterlockedDecrement
0x425024 GetNamedPipeHandleStateA
0x425028 GlobalLock
0x42502c FreeEnvironmentStringsA
0x425030 GetModuleHandleW
0x425034 GetTickCount
0x425038 IsBadReadPtr
0x42503c GetSystemTimeAsFileTime
0x425040 GetPrivateProfileStringW
0x425044 ReadConsoleW
0x425048 WriteFile
0x42504c SetCommState
0x425050 GetCommandLineA
0x425054 GlobalAlloc
0x425058 GetPrivateProfileIntA
0x42505c LoadLibraryW
0x425060 GetSystemWindowsDirectoryA
0x425064 GetConsoleAliasExesLengthW
0x425068 IsDBCSLeadByte
0x42506c ReadFile
0x425070 GetStartupInfoW
0x425074 GlobalUnlock
0x425078 LCMapStringA
0x42507c InterlockedExchange
0x425080 SetCurrentDirectoryA
0x425084 GetStartupInfoA
0x425088 GetCPInfoExW
0x42508c GetLastError
0x425090 ReadConsoleOutputCharacterA
0x425094 GetProcAddress
0x425098 VirtualAlloc
0x42509c WriteProfileSectionA
0x4250a0 CopyFileA
0x4250a4 LoadLibraryA
0x4250a8 CreateSemaphoreW
0x4250ac HeapWalk
0x4250b0 FindAtomA
0x4250b4 Process32NextW
0x4250b8 CreateIoCompletionPort
0x4250bc FreeEnvironmentStringsW
0x4250c0 EnumResourceNamesA
0x4250c4 GetCurrentThreadId
0x4250c8 TlsAlloc
0x4250cc DeleteFileW
0x4250d0 CopyFileExA
0x4250d4 MultiByteToWideChar
0x4250d8 HeapValidate
0x4250dc RaiseException
0x4250e0 LeaveCriticalSection
0x4250e4 EnterCriticalSection
0x4250e8 SetStdHandle
0x4250ec GetFileType
0x4250f0 WideCharToMultiByte
0x4250f4 GetConsoleCP
0x4250f8 GetConsoleMode
0x4250fc DeleteCriticalSection
0x425100 GetModuleFileNameW
0x425104 InterlockedIncrement
0x425108 GetACP
0x42510c GetOEMCP
0x425110 GetCPInfo
0x425114 IsValidCodePage
0x425118 TlsGetValue
0x42511c TlsSetValue
0x425120 TlsFree
0x425124 SetLastError
0x425128 UnhandledExceptionFilter
0x42512c SetUnhandledExceptionFilter
0x425130 QueryPerformanceCounter
0x425134 GetCurrentProcessId
0x425138 Sleep
0x42513c ExitProcess
0x425140 GetModuleFileNameA
0x425144 GetEnvironmentStrings
0x425148 GetEnvironmentStringsW
0x42514c SetHandleCount
0x425150 GetStdHandle
0x425154 HeapDestroy
0x425158 HeapCreate
0x42515c HeapFree
0x425160 VirtualFree
0x425164 HeapAlloc
0x425168 TerminateProcess
0x42516c GetCurrentProcess
0x425170 IsDebuggerPresent
0x425174 HeapSize
0x425178 HeapReAlloc
0x42517c InitializeCriticalSectionAndSpinCount
0x425180 WriteConsoleA
0x425184 GetConsoleOutputCP
0x425188 WriteConsoleW
0x42518c SetFilePointer
0x425190 RtlUnwind
0x425194 DebugBreak
0x425198 OutputDebugStringA
0x42519c OutputDebugStringW
0x4251a0 LCMapStringW
0x4251a4 GetStringTypeW
0x4251a8 GetLocaleInfoA
0x4251ac CreateFileA
0x4251b0 CloseHandle
0x4251b4 FlushFileBuffers
0x4251b8 GetModuleHandleA
EAT(Export Address Table) is none
KERNEL32.dll
0x425000 EnumResourceNamesW
0x425004 GetFileSize
0x425008 GetNativeSystemInfo
0x42500c lstrlenA
0x425010 GetStringTypeA
0x425014 SetLocalTime
0x425018 FindResourceExW
0x42501c GetQueuedCompletionStatus
0x425020 InterlockedDecrement
0x425024 GetNamedPipeHandleStateA
0x425028 GlobalLock
0x42502c FreeEnvironmentStringsA
0x425030 GetModuleHandleW
0x425034 GetTickCount
0x425038 IsBadReadPtr
0x42503c GetSystemTimeAsFileTime
0x425040 GetPrivateProfileStringW
0x425044 ReadConsoleW
0x425048 WriteFile
0x42504c SetCommState
0x425050 GetCommandLineA
0x425054 GlobalAlloc
0x425058 GetPrivateProfileIntA
0x42505c LoadLibraryW
0x425060 GetSystemWindowsDirectoryA
0x425064 GetConsoleAliasExesLengthW
0x425068 IsDBCSLeadByte
0x42506c ReadFile
0x425070 GetStartupInfoW
0x425074 GlobalUnlock
0x425078 LCMapStringA
0x42507c InterlockedExchange
0x425080 SetCurrentDirectoryA
0x425084 GetStartupInfoA
0x425088 GetCPInfoExW
0x42508c GetLastError
0x425090 ReadConsoleOutputCharacterA
0x425094 GetProcAddress
0x425098 VirtualAlloc
0x42509c WriteProfileSectionA
0x4250a0 CopyFileA
0x4250a4 LoadLibraryA
0x4250a8 CreateSemaphoreW
0x4250ac HeapWalk
0x4250b0 FindAtomA
0x4250b4 Process32NextW
0x4250b8 CreateIoCompletionPort
0x4250bc FreeEnvironmentStringsW
0x4250c0 EnumResourceNamesA
0x4250c4 GetCurrentThreadId
0x4250c8 TlsAlloc
0x4250cc DeleteFileW
0x4250d0 CopyFileExA
0x4250d4 MultiByteToWideChar
0x4250d8 HeapValidate
0x4250dc RaiseException
0x4250e0 LeaveCriticalSection
0x4250e4 EnterCriticalSection
0x4250e8 SetStdHandle
0x4250ec GetFileType
0x4250f0 WideCharToMultiByte
0x4250f4 GetConsoleCP
0x4250f8 GetConsoleMode
0x4250fc DeleteCriticalSection
0x425100 GetModuleFileNameW
0x425104 InterlockedIncrement
0x425108 GetACP
0x42510c GetOEMCP
0x425110 GetCPInfo
0x425114 IsValidCodePage
0x425118 TlsGetValue
0x42511c TlsSetValue
0x425120 TlsFree
0x425124 SetLastError
0x425128 UnhandledExceptionFilter
0x42512c SetUnhandledExceptionFilter
0x425130 QueryPerformanceCounter
0x425134 GetCurrentProcessId
0x425138 Sleep
0x42513c ExitProcess
0x425140 GetModuleFileNameA
0x425144 GetEnvironmentStrings
0x425148 GetEnvironmentStringsW
0x42514c SetHandleCount
0x425150 GetStdHandle
0x425154 HeapDestroy
0x425158 HeapCreate
0x42515c HeapFree
0x425160 VirtualFree
0x425164 HeapAlloc
0x425168 TerminateProcess
0x42516c GetCurrentProcess
0x425170 IsDebuggerPresent
0x425174 HeapSize
0x425178 HeapReAlloc
0x42517c InitializeCriticalSectionAndSpinCount
0x425180 WriteConsoleA
0x425184 GetConsoleOutputCP
0x425188 WriteConsoleW
0x42518c SetFilePointer
0x425190 RtlUnwind
0x425194 DebugBreak
0x425198 OutputDebugStringA
0x42519c OutputDebugStringW
0x4251a0 LCMapStringW
0x4251a4 GetStringTypeW
0x4251a8 GetLocaleInfoA
0x4251ac CreateFileA
0x4251b0 CloseHandle
0x4251b4 FlushFileBuffers
0x4251b8 GetModuleHandleA
EAT(Export Address Table) is none