ScreenShot
| Created | 2021.09.05 09:05 | Machine | s1_win7_x6401 |
| Filename | santa.clo | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 28 detected (malicious, high confidence, Fragtor, Unsafe, Save, confidence, 100%, Kryptik, Eldorado, Convagent, Emotet, Azorult, Sabsik, score, ai score=87, CLASSIC, Static AI, Malicious PE, ZexaF, uq0@aWaVW8aG, susgen) | ||
| md5 | 316b8cc927e4a9ad4258fc367873d988 | ||
| sha256 | 09e90f1b1169b4725f8f7f5daabde617449a1a6817f12eaacc945451e001c62f | ||
| ssdeep | 6144:H9h1HLyKYAm1P9PbzvOwrL5kcNTazVpMGt7Tm5R67mq:dhp2n7VPbz/rL5kCan7Tm5ct | ||
| imphash | 06fbc87344400a3722a88a2791d1fe43 | ||
| impfuzzy | 24:qbG2SU8u9E0ZZZPk1LBlAJxAQdEDSYZPUen9YOn/J3JnftOmRyvDklRTfGNjM70S:91+ZZZyaeQdruNnthhftOrD+bWS | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x433008 lstrcpynA
0x43300c GetDefaultCommConfigW
0x433010 ReadConsoleA
0x433014 InterlockedDecrement
0x433018 SetEnvironmentVariableW
0x43301c GetEnvironmentStringsW
0x433020 GetUserDefaultLCID
0x433024 GetSystemDefaultLCID
0x433028 EnumCalendarInfoExW
0x43302c GetConsoleTitleA
0x433030 WriteFile
0x433034 GetEnvironmentStrings
0x433038 InitializeCriticalSectionAndSpinCount
0x43303c SetVolumeMountPointA
0x433040 GetSystemWindowsDirectoryA
0x433044 LeaveCriticalSection
0x433048 GetComputerNameExA
0x43304c GetModuleFileNameW
0x433050 GetACP
0x433054 LCMapStringA
0x433058 VerifyVersionInfoW
0x43305c InterlockedExchange
0x433060 GetProcAddress
0x433064 PeekConsoleInputW
0x433068 VerLanguageNameA
0x43306c CopyFileA
0x433070 GetLocalTime
0x433074 WriteConsoleA
0x433078 LocalAlloc
0x43307c SetConsoleOutputCP
0x433080 Module32FirstW
0x433084 GetModuleFileNameA
0x433088 GetModuleHandleA
0x43308c QueueUserWorkItem
0x433090 PeekConsoleInputA
0x433094 ReadConsoleInputW
0x433098 GetCurrentProcessId
0x43309c AddConsoleAliasA
0x4330a0 FindNextVolumeA
0x4330a4 PulseEvent
0x4330a8 GetCommandLineW
0x4330ac GetStartupInfoW
0x4330b0 GetModuleHandleW
0x4330b4 TlsGetValue
0x4330b8 TlsAlloc
0x4330bc TlsSetValue
0x4330c0 TlsFree
0x4330c4 InterlockedIncrement
0x4330c8 SetLastError
0x4330cc GetCurrentThreadId
0x4330d0 GetLastError
0x4330d4 EnterCriticalSection
0x4330d8 TerminateProcess
0x4330dc GetCurrentProcess
0x4330e0 UnhandledExceptionFilter
0x4330e4 SetUnhandledExceptionFilter
0x4330e8 IsDebuggerPresent
0x4330ec Sleep
0x4330f0 HeapSize
0x4330f4 ExitProcess
0x4330f8 SetFilePointer
0x4330fc GetStdHandle
0x433100 FreeEnvironmentStringsW
0x433104 SetHandleCount
0x433108 GetFileType
0x43310c GetStartupInfoA
0x433110 DeleteCriticalSection
0x433114 HeapCreate
0x433118 VirtualFree
0x43311c HeapFree
0x433120 QueryPerformanceCounter
0x433124 GetTickCount
0x433128 GetSystemTimeAsFileTime
0x43312c GetCPInfo
0x433130 GetOEMCP
0x433134 IsValidCodePage
0x433138 MultiByteToWideChar
0x43313c RtlUnwind
0x433140 HeapAlloc
0x433144 HeapReAlloc
0x433148 VirtualAlloc
0x43314c LoadLibraryA
0x433150 WideCharToMultiByte
0x433154 SetStdHandle
0x433158 GetConsoleCP
0x43315c GetConsoleMode
0x433160 FlushFileBuffers
0x433164 GetLocaleInfoA
0x433168 GetStringTypeA
0x43316c GetStringTypeW
0x433170 LCMapStringW
0x433174 GetConsoleOutputCP
0x433178 WriteConsoleW
0x43317c CloseHandle
0x433180 CreateFileA
USER32.dll
0x433188 RealGetWindowClassW
GDI32.dll
0x433000 GetCharWidthFloatW
EAT(Export Address Table) is none
KERNEL32.dll
0x433008 lstrcpynA
0x43300c GetDefaultCommConfigW
0x433010 ReadConsoleA
0x433014 InterlockedDecrement
0x433018 SetEnvironmentVariableW
0x43301c GetEnvironmentStringsW
0x433020 GetUserDefaultLCID
0x433024 GetSystemDefaultLCID
0x433028 EnumCalendarInfoExW
0x43302c GetConsoleTitleA
0x433030 WriteFile
0x433034 GetEnvironmentStrings
0x433038 InitializeCriticalSectionAndSpinCount
0x43303c SetVolumeMountPointA
0x433040 GetSystemWindowsDirectoryA
0x433044 LeaveCriticalSection
0x433048 GetComputerNameExA
0x43304c GetModuleFileNameW
0x433050 GetACP
0x433054 LCMapStringA
0x433058 VerifyVersionInfoW
0x43305c InterlockedExchange
0x433060 GetProcAddress
0x433064 PeekConsoleInputW
0x433068 VerLanguageNameA
0x43306c CopyFileA
0x433070 GetLocalTime
0x433074 WriteConsoleA
0x433078 LocalAlloc
0x43307c SetConsoleOutputCP
0x433080 Module32FirstW
0x433084 GetModuleFileNameA
0x433088 GetModuleHandleA
0x43308c QueueUserWorkItem
0x433090 PeekConsoleInputA
0x433094 ReadConsoleInputW
0x433098 GetCurrentProcessId
0x43309c AddConsoleAliasA
0x4330a0 FindNextVolumeA
0x4330a4 PulseEvent
0x4330a8 GetCommandLineW
0x4330ac GetStartupInfoW
0x4330b0 GetModuleHandleW
0x4330b4 TlsGetValue
0x4330b8 TlsAlloc
0x4330bc TlsSetValue
0x4330c0 TlsFree
0x4330c4 InterlockedIncrement
0x4330c8 SetLastError
0x4330cc GetCurrentThreadId
0x4330d0 GetLastError
0x4330d4 EnterCriticalSection
0x4330d8 TerminateProcess
0x4330dc GetCurrentProcess
0x4330e0 UnhandledExceptionFilter
0x4330e4 SetUnhandledExceptionFilter
0x4330e8 IsDebuggerPresent
0x4330ec Sleep
0x4330f0 HeapSize
0x4330f4 ExitProcess
0x4330f8 SetFilePointer
0x4330fc GetStdHandle
0x433100 FreeEnvironmentStringsW
0x433104 SetHandleCount
0x433108 GetFileType
0x43310c GetStartupInfoA
0x433110 DeleteCriticalSection
0x433114 HeapCreate
0x433118 VirtualFree
0x43311c HeapFree
0x433120 QueryPerformanceCounter
0x433124 GetTickCount
0x433128 GetSystemTimeAsFileTime
0x43312c GetCPInfo
0x433130 GetOEMCP
0x433134 IsValidCodePage
0x433138 MultiByteToWideChar
0x43313c RtlUnwind
0x433140 HeapAlloc
0x433144 HeapReAlloc
0x433148 VirtualAlloc
0x43314c LoadLibraryA
0x433150 WideCharToMultiByte
0x433154 SetStdHandle
0x433158 GetConsoleCP
0x43315c GetConsoleMode
0x433160 FlushFileBuffers
0x433164 GetLocaleInfoA
0x433168 GetStringTypeA
0x43316c GetStringTypeW
0x433170 LCMapStringW
0x433174 GetConsoleOutputCP
0x433178 WriteConsoleW
0x43317c CloseHandle
0x433180 CreateFileA
USER32.dll
0x433188 RealGetWindowClassW
GDI32.dll
0x433000 GetCharWidthFloatW
EAT(Export Address Table) is none