ScreenShot
| Created | 2021.09.04 14:03 | Machine | s1_win7_x6401 |
| Filename | Soft-win.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 34 detected (malicious, high confidence, Fragtor, Unsafe, Save, ZexaF, Qq0@a4GlrAnG, Kryptik, Eldorado, HMII, RansomX, CLASSIC, Emotet, ai score=82, Azorult, score, CoinMiner, Glupteba, R440044, BScope, Mokes, Static AI, Malicious PE, HMIM, confidence, 100%, susgen) | ||
| md5 | 4e120e201ef1e0c75a923215aa66e07b | ||
| sha256 | 9068226836b564e7d81a13c015a217bc2870dcfab4bd643c87a4551b6f9d2c97 | ||
| ssdeep | 12288:qwXJkb4f2LnqOjfkvHcgd3rXWDFbiAEM5lLVXbRWRPM5pBfdIyt/W7THlS:pKnLkv8gB0GAEM5lLVrclkvlH/qJS | ||
| imphash | c4966332d8b4d65c8c07803cb5fb54a5 | ||
| impfuzzy | 24:+Ou9E0Z9a9ZPGO6VdEDSql/0bG24oOOStslI/J3NryvDrHlRT4CplCqbjMU/8:kZaZ3mdrCmStsANYDbc2MqLE | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 34 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x486008 SetLocalTime
0x48600c ReadConsoleA
0x486010 InterlockedDecrement
0x486014 GetCurrentProcess
0x486018 GetSystemWindowsDirectoryW
0x48601c SetEnvironmentVariableW
0x486020 GetEnvironmentStringsW
0x486024 GetUserDefaultLCID
0x486028 AddConsoleAliasW
0x48602c SetVolumeMountPointW
0x486030 GetSystemDefaultLCID
0x486034 EnumCalendarInfoExW
0x486038 WriteFile
0x48603c GetEnvironmentStrings
0x486040 ReadConsoleInputA
0x486044 LeaveCriticalSection
0x486048 lstrcpynW
0x48604c FindNextVolumeW
0x486050 VerifyVersionInfoA
0x486054 GetModuleFileNameW
0x486058 GetACP
0x48605c GetConsoleOutputCP
0x486060 InterlockedExchange
0x486064 GetProcAddress
0x486068 PeekConsoleInputW
0x48606c GetComputerNameExW
0x486070 VerLanguageNameA
0x486074 CreateTimerQueueTimer
0x486078 HeapUnlock
0x48607c LocalAlloc
0x486080 GetDefaultCommConfigA
0x486084 GetModuleHandleA
0x486088 QueueUserWorkItem
0x48608c HeapSetInformation
0x486090 GetConsoleTitleW
0x486094 GlobalReAlloc
0x486098 LCMapStringW
0x48609c PulseEvent
0x4860a0 GetCommandLineW
0x4860a4 UnhandledExceptionFilter
0x4860a8 SetUnhandledExceptionFilter
0x4860ac GetStartupInfoW
0x4860b0 GetModuleHandleW
0x4860b4 Sleep
0x4860b8 ExitProcess
0x4860bc GetLastError
0x4860c0 GetStdHandle
0x4860c4 GetModuleFileNameA
0x4860c8 TlsGetValue
0x4860cc TlsAlloc
0x4860d0 TlsSetValue
0x4860d4 TlsFree
0x4860d8 InterlockedIncrement
0x4860dc SetLastError
0x4860e0 GetCurrentThreadId
0x4860e4 EnterCriticalSection
0x4860e8 TerminateProcess
0x4860ec IsDebuggerPresent
0x4860f0 HeapSize
0x4860f4 SetHandleCount
0x4860f8 GetFileType
0x4860fc GetStartupInfoA
0x486100 DeleteCriticalSection
0x486104 SetFilePointer
0x486108 FreeEnvironmentStringsW
0x48610c HeapCreate
0x486110 VirtualFree
0x486114 HeapFree
0x486118 QueryPerformanceCounter
0x48611c GetTickCount
0x486120 GetCurrentProcessId
0x486124 GetSystemTimeAsFileTime
0x486128 LoadLibraryA
0x48612c InitializeCriticalSectionAndSpinCount
0x486130 GetCPInfo
0x486134 GetOEMCP
0x486138 IsValidCodePage
0x48613c MultiByteToWideChar
0x486140 RtlUnwind
0x486144 HeapAlloc
0x486148 HeapReAlloc
0x48614c VirtualAlloc
0x486150 WideCharToMultiByte
0x486154 SetStdHandle
0x486158 GetLocaleInfoA
0x48615c GetStringTypeA
0x486160 GetStringTypeW
0x486164 LCMapStringA
0x486168 GetConsoleCP
0x48616c GetConsoleMode
0x486170 FlushFileBuffers
0x486174 CloseHandle
0x486178 WriteConsoleA
0x48617c WriteConsoleW
0x486180 CreateFileA
USER32.dll
0x486188 RealGetWindowClassW
GDI32.dll
0x486000 GetCharWidthFloatA
EAT(Export Address Table) is none
KERNEL32.dll
0x486008 SetLocalTime
0x48600c ReadConsoleA
0x486010 InterlockedDecrement
0x486014 GetCurrentProcess
0x486018 GetSystemWindowsDirectoryW
0x48601c SetEnvironmentVariableW
0x486020 GetEnvironmentStringsW
0x486024 GetUserDefaultLCID
0x486028 AddConsoleAliasW
0x48602c SetVolumeMountPointW
0x486030 GetSystemDefaultLCID
0x486034 EnumCalendarInfoExW
0x486038 WriteFile
0x48603c GetEnvironmentStrings
0x486040 ReadConsoleInputA
0x486044 LeaveCriticalSection
0x486048 lstrcpynW
0x48604c FindNextVolumeW
0x486050 VerifyVersionInfoA
0x486054 GetModuleFileNameW
0x486058 GetACP
0x48605c GetConsoleOutputCP
0x486060 InterlockedExchange
0x486064 GetProcAddress
0x486068 PeekConsoleInputW
0x48606c GetComputerNameExW
0x486070 VerLanguageNameA
0x486074 CreateTimerQueueTimer
0x486078 HeapUnlock
0x48607c LocalAlloc
0x486080 GetDefaultCommConfigA
0x486084 GetModuleHandleA
0x486088 QueueUserWorkItem
0x48608c HeapSetInformation
0x486090 GetConsoleTitleW
0x486094 GlobalReAlloc
0x486098 LCMapStringW
0x48609c PulseEvent
0x4860a0 GetCommandLineW
0x4860a4 UnhandledExceptionFilter
0x4860a8 SetUnhandledExceptionFilter
0x4860ac GetStartupInfoW
0x4860b0 GetModuleHandleW
0x4860b4 Sleep
0x4860b8 ExitProcess
0x4860bc GetLastError
0x4860c0 GetStdHandle
0x4860c4 GetModuleFileNameA
0x4860c8 TlsGetValue
0x4860cc TlsAlloc
0x4860d0 TlsSetValue
0x4860d4 TlsFree
0x4860d8 InterlockedIncrement
0x4860dc SetLastError
0x4860e0 GetCurrentThreadId
0x4860e4 EnterCriticalSection
0x4860e8 TerminateProcess
0x4860ec IsDebuggerPresent
0x4860f0 HeapSize
0x4860f4 SetHandleCount
0x4860f8 GetFileType
0x4860fc GetStartupInfoA
0x486100 DeleteCriticalSection
0x486104 SetFilePointer
0x486108 FreeEnvironmentStringsW
0x48610c HeapCreate
0x486110 VirtualFree
0x486114 HeapFree
0x486118 QueryPerformanceCounter
0x48611c GetTickCount
0x486120 GetCurrentProcessId
0x486124 GetSystemTimeAsFileTime
0x486128 LoadLibraryA
0x48612c InitializeCriticalSectionAndSpinCount
0x486130 GetCPInfo
0x486134 GetOEMCP
0x486138 IsValidCodePage
0x48613c MultiByteToWideChar
0x486140 RtlUnwind
0x486144 HeapAlloc
0x486148 HeapReAlloc
0x48614c VirtualAlloc
0x486150 WideCharToMultiByte
0x486154 SetStdHandle
0x486158 GetLocaleInfoA
0x48615c GetStringTypeA
0x486160 GetStringTypeW
0x486164 LCMapStringA
0x486168 GetConsoleCP
0x48616c GetConsoleMode
0x486170 FlushFileBuffers
0x486174 CloseHandle
0x486178 WriteConsoleA
0x48617c WriteConsoleW
0x486180 CreateFileA
USER32.dll
0x486188 RealGetWindowClassW
GDI32.dll
0x486000 GetCharWidthFloatA
EAT(Export Address Table) is none