ScreenShot
| Created | 2021.09.04 13:58 | Machine | s1_win7_x6402 |
| Filename | build_2021-09-03_19-07.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 36 detected (AIDetect, malware1, malicious, high confidence, score, Artemis, Unsafe, Save, confidence, 100%, Kryptik, Eldorado, Fragtor, FileRepMalware, Emotet, Static AI, Malicious PE, Azorult, BScope, Mokes, ai score=82, CLASSIC, PossibleThreat, ZexaF, Pq0@aOIelmdG, susgen) | ||
| md5 | 34d8bda29d961c5757f3a8a0ef971205 | ||
| sha256 | 2409a78ac9ab93406bc5d9a812061af68e263f7ebeccadb95b1603b1ff128034 | ||
| ssdeep | 12288:xmjRpnqeNQY5yaIMRMdARLIFGdpXEaToAJi2C+v4t8GcvhC4vMP7THlSZ:Ya2QY54eJIUdp55DvcCvg4vMjJS | ||
| imphash | db8792b8bee3a608cb91125b46190a07 | ||
| impfuzzy | 24:qbG2SKuu9E0ZZZPk13UJxZvdEDSYCo51MOn/J3JnJtOmRyvDklRT47GplrjMFi/8:91gZZZLzdrghhJtOrD+c7CEiE | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 36 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x486008 lstrcpynA
0x48600c GetDefaultCommConfigW
0x486010 InterlockedDecrement
0x486014 GetCurrentProcess
0x486018 SetEnvironmentVariableW
0x48601c GetEnvironmentStringsW
0x486020 GetUserDefaultLCID
0x486024 GetSystemDefaultLCID
0x486028 EnumCalendarInfoExW
0x48602c GetConsoleTitleA
0x486030 ReadConsoleW
0x486034 WriteFile
0x486038 GetEnvironmentStrings
0x48603c ReadConsoleInputA
0x486040 SetVolumeMountPointA
0x486044 GetSystemWindowsDirectoryA
0x486048 LeaveCriticalSection
0x48604c GetComputerNameExA
0x486050 GetModuleFileNameW
0x486054 GetACP
0x486058 GetConsoleOutputCP
0x48605c VerifyVersionInfoW
0x486060 InterlockedExchange
0x486064 GetProcAddress
0x486068 PeekConsoleInputW
0x48606c VerLanguageNameA
0x486070 HeapUnlock
0x486074 GetLocalTime
0x486078 LocalAlloc
0x48607c GetModuleFileNameA
0x486080 GetModuleHandleA
0x486084 QueueUserWorkItem
0x486088 HeapSetInformation
0x48608c GetConsoleTitleW
0x486090 AddConsoleAliasA
0x486094 FindNextVolumeA
0x486098 GlobalReAlloc
0x48609c LCMapStringW
0x4860a0 PulseEvent
0x4860a4 CreateTimerQueue
0x4860a8 GetCommandLineW
0x4860ac GetStartupInfoW
0x4860b0 GetModuleHandleW
0x4860b4 TlsGetValue
0x4860b8 TlsAlloc
0x4860bc TlsSetValue
0x4860c0 TlsFree
0x4860c4 InterlockedIncrement
0x4860c8 SetLastError
0x4860cc GetCurrentThreadId
0x4860d0 GetLastError
0x4860d4 EnterCriticalSection
0x4860d8 TerminateProcess
0x4860dc UnhandledExceptionFilter
0x4860e0 SetUnhandledExceptionFilter
0x4860e4 IsDebuggerPresent
0x4860e8 Sleep
0x4860ec HeapSize
0x4860f0 ExitProcess
0x4860f4 SetFilePointer
0x4860f8 GetStdHandle
0x4860fc FreeEnvironmentStringsW
0x486100 SetHandleCount
0x486104 GetFileType
0x486108 GetStartupInfoA
0x48610c DeleteCriticalSection
0x486110 HeapCreate
0x486114 VirtualFree
0x486118 HeapFree
0x48611c QueryPerformanceCounter
0x486120 GetTickCount
0x486124 GetCurrentProcessId
0x486128 GetSystemTimeAsFileTime
0x48612c GetCPInfo
0x486130 GetOEMCP
0x486134 IsValidCodePage
0x486138 MultiByteToWideChar
0x48613c RtlUnwind
0x486140 HeapAlloc
0x486144 HeapReAlloc
0x486148 VirtualAlloc
0x48614c LoadLibraryA
0x486150 InitializeCriticalSectionAndSpinCount
0x486154 WideCharToMultiByte
0x486158 SetStdHandle
0x48615c GetConsoleCP
0x486160 GetConsoleMode
0x486164 FlushFileBuffers
0x486168 GetLocaleInfoA
0x48616c GetStringTypeA
0x486170 GetStringTypeW
0x486174 LCMapStringA
0x486178 WriteConsoleA
0x48617c WriteConsoleW
0x486180 CloseHandle
0x486184 CreateFileA
USER32.dll
0x48618c RealGetWindowClassW
GDI32.dll
0x486000 GetCharWidthFloatA
EAT(Export Address Table) is none
KERNEL32.dll
0x486008 lstrcpynA
0x48600c GetDefaultCommConfigW
0x486010 InterlockedDecrement
0x486014 GetCurrentProcess
0x486018 SetEnvironmentVariableW
0x48601c GetEnvironmentStringsW
0x486020 GetUserDefaultLCID
0x486024 GetSystemDefaultLCID
0x486028 EnumCalendarInfoExW
0x48602c GetConsoleTitleA
0x486030 ReadConsoleW
0x486034 WriteFile
0x486038 GetEnvironmentStrings
0x48603c ReadConsoleInputA
0x486040 SetVolumeMountPointA
0x486044 GetSystemWindowsDirectoryA
0x486048 LeaveCriticalSection
0x48604c GetComputerNameExA
0x486050 GetModuleFileNameW
0x486054 GetACP
0x486058 GetConsoleOutputCP
0x48605c VerifyVersionInfoW
0x486060 InterlockedExchange
0x486064 GetProcAddress
0x486068 PeekConsoleInputW
0x48606c VerLanguageNameA
0x486070 HeapUnlock
0x486074 GetLocalTime
0x486078 LocalAlloc
0x48607c GetModuleFileNameA
0x486080 GetModuleHandleA
0x486084 QueueUserWorkItem
0x486088 HeapSetInformation
0x48608c GetConsoleTitleW
0x486090 AddConsoleAliasA
0x486094 FindNextVolumeA
0x486098 GlobalReAlloc
0x48609c LCMapStringW
0x4860a0 PulseEvent
0x4860a4 CreateTimerQueue
0x4860a8 GetCommandLineW
0x4860ac GetStartupInfoW
0x4860b0 GetModuleHandleW
0x4860b4 TlsGetValue
0x4860b8 TlsAlloc
0x4860bc TlsSetValue
0x4860c0 TlsFree
0x4860c4 InterlockedIncrement
0x4860c8 SetLastError
0x4860cc GetCurrentThreadId
0x4860d0 GetLastError
0x4860d4 EnterCriticalSection
0x4860d8 TerminateProcess
0x4860dc UnhandledExceptionFilter
0x4860e0 SetUnhandledExceptionFilter
0x4860e4 IsDebuggerPresent
0x4860e8 Sleep
0x4860ec HeapSize
0x4860f0 ExitProcess
0x4860f4 SetFilePointer
0x4860f8 GetStdHandle
0x4860fc FreeEnvironmentStringsW
0x486100 SetHandleCount
0x486104 GetFileType
0x486108 GetStartupInfoA
0x48610c DeleteCriticalSection
0x486110 HeapCreate
0x486114 VirtualFree
0x486118 HeapFree
0x48611c QueryPerformanceCounter
0x486120 GetTickCount
0x486124 GetCurrentProcessId
0x486128 GetSystemTimeAsFileTime
0x48612c GetCPInfo
0x486130 GetOEMCP
0x486134 IsValidCodePage
0x486138 MultiByteToWideChar
0x48613c RtlUnwind
0x486140 HeapAlloc
0x486144 HeapReAlloc
0x486148 VirtualAlloc
0x48614c LoadLibraryA
0x486150 InitializeCriticalSectionAndSpinCount
0x486154 WideCharToMultiByte
0x486158 SetStdHandle
0x48615c GetConsoleCP
0x486160 GetConsoleMode
0x486164 FlushFileBuffers
0x486168 GetLocaleInfoA
0x48616c GetStringTypeA
0x486170 GetStringTypeW
0x486174 LCMapStringA
0x486178 WriteConsoleA
0x48617c WriteConsoleW
0x486180 CloseHandle
0x486184 CreateFileA
USER32.dll
0x48618c RealGetWindowClassW
GDI32.dll
0x486000 GetCharWidthFloatA
EAT(Export Address Table) is none