ScreenShot
Created | 2021.09.05 16:44 | Machine | s1_win7_x6402 |
Filename | 82550150ac3397ed391e34aa99d35be4.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 11 detected (malicious, high confidence, Save, ZexaF, @t1@aGwL, Kryptik, Eldorado, Androm, UrSnif, score, Generic@ML, RDML, XZ+w3ofCsHPli7k86ESunQ, Static AI, Suspicious PE) | ||
md5 | 6c0c5757834168ac9537cd2a85a9ffad | ||
sha256 | 0898070f71015de41ab42ba5edc1d67214d3fe8ce10dfaf2f3d6c2ea4f108642 | ||
ssdeep | 98304:Kv5ymCkjWLCQ27ksJHJJybs5eVvRYqa72use3wFCNu3:Kvb8LF6Hiieb/a7n/XNu3 | ||
imphash | f530acf7acd4a5c8880ba2a4704d4cbb | ||
impfuzzy | 24:qbG2SU8u9E0ZF9ZPGlUJxPoQdEDSYZPU2Dn9YO8tM/J3J8ZQRvDiHlRTTjMciMLX:91+ZHZOamQdrudnt8tCKZUD8Ppb |
Network IP location
Signature (5cnts)
Level | Description |
---|---|
watch | File has been identified by 11 AntiVirus engines on VirusTotal as malicious |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
info | The file contains an unknown PE resource name possibly indicative of a packer |
info | This executable has a PDB path |
Rules (5cnts)
Level | Name | Description | Collection |
---|---|---|---|
warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x84b008 lstrcpynA
0x84b00c GetDefaultCommConfigW
0x84b010 ReadConsoleA
0x84b014 InterlockedDecrement
0x84b018 SetEnvironmentVariableW
0x84b01c GetEnvironmentStringsW
0x84b020 GetUserDefaultLCID
0x84b024 SetVolumeMountPointW
0x84b028 GetSystemDefaultLCID
0x84b02c EnumCalendarInfoExW
0x84b030 InitializeCriticalSectionAndSpinCount
0x84b034 GetSystemWindowsDirectoryA
0x84b038 LeaveCriticalSection
0x84b03c GetComputerNameExA
0x84b040 ReadFile
0x84b044 GetModuleFileNameW
0x84b048 GetACP
0x84b04c LCMapStringA
0x84b050 VerifyVersionInfoW
0x84b054 InterlockedExchange
0x84b058 GetProcAddress
0x84b05c PeekConsoleInputW
0x84b060 VerLanguageNameA
0x84b064 CopyFileA
0x84b068 GetLocalTime
0x84b06c WriteConsoleA
0x84b070 LocalAlloc
0x84b074 SetConsoleOutputCP
0x84b078 Module32FirstW
0x84b07c GetModuleFileNameA
0x84b080 GetModuleHandleA
0x84b084 QueueUserWorkItem
0x84b088 GetConsoleTitleW
0x84b08c PeekConsoleInputA
0x84b090 ReadConsoleInputW
0x84b094 GetCurrentProcessId
0x84b098 AddConsoleAliasA
0x84b09c FindNextVolumeA
0x84b0a0 PulseEvent
0x84b0a4 GetCommandLineW
0x84b0a8 GetStartupInfoW
0x84b0ac TerminateProcess
0x84b0b0 GetCurrentProcess
0x84b0b4 UnhandledExceptionFilter
0x84b0b8 SetUnhandledExceptionFilter
0x84b0bc IsDebuggerPresent
0x84b0c0 GetModuleHandleW
0x84b0c4 TlsGetValue
0x84b0c8 TlsAlloc
0x84b0cc TlsSetValue
0x84b0d0 TlsFree
0x84b0d4 InterlockedIncrement
0x84b0d8 SetLastError
0x84b0dc GetCurrentThreadId
0x84b0e0 GetLastError
0x84b0e4 Sleep
0x84b0e8 HeapSize
0x84b0ec ExitProcess
0x84b0f0 EnterCriticalSection
0x84b0f4 SetHandleCount
0x84b0f8 GetStdHandle
0x84b0fc GetFileType
0x84b100 GetStartupInfoA
0x84b104 DeleteCriticalSection
0x84b108 SetFilePointer
0x84b10c WriteFile
0x84b110 FreeEnvironmentStringsW
0x84b114 HeapCreate
0x84b118 VirtualFree
0x84b11c HeapFree
0x84b120 QueryPerformanceCounter
0x84b124 GetTickCount
0x84b128 GetSystemTimeAsFileTime
0x84b12c WideCharToMultiByte
0x84b130 GetConsoleCP
0x84b134 GetConsoleMode
0x84b138 GetCPInfo
0x84b13c GetOEMCP
0x84b140 IsValidCodePage
0x84b144 RaiseException
0x84b148 HeapAlloc
0x84b14c HeapReAlloc
0x84b150 VirtualAlloc
0x84b154 LoadLibraryA
0x84b158 RtlUnwind
0x84b15c SetStdHandle
0x84b160 FlushFileBuffers
0x84b164 GetConsoleOutputCP
0x84b168 WriteConsoleW
0x84b16c MultiByteToWideChar
0x84b170 LCMapStringW
0x84b174 GetStringTypeA
0x84b178 GetStringTypeW
0x84b17c GetLocaleInfoA
0x84b180 CreateFileA
0x84b184 CloseHandle
GDI32.dll
0x84b000 GetCharWidthFloatW
EAT(Export Address Table) is none
KERNEL32.dll
0x84b008 lstrcpynA
0x84b00c GetDefaultCommConfigW
0x84b010 ReadConsoleA
0x84b014 InterlockedDecrement
0x84b018 SetEnvironmentVariableW
0x84b01c GetEnvironmentStringsW
0x84b020 GetUserDefaultLCID
0x84b024 SetVolumeMountPointW
0x84b028 GetSystemDefaultLCID
0x84b02c EnumCalendarInfoExW
0x84b030 InitializeCriticalSectionAndSpinCount
0x84b034 GetSystemWindowsDirectoryA
0x84b038 LeaveCriticalSection
0x84b03c GetComputerNameExA
0x84b040 ReadFile
0x84b044 GetModuleFileNameW
0x84b048 GetACP
0x84b04c LCMapStringA
0x84b050 VerifyVersionInfoW
0x84b054 InterlockedExchange
0x84b058 GetProcAddress
0x84b05c PeekConsoleInputW
0x84b060 VerLanguageNameA
0x84b064 CopyFileA
0x84b068 GetLocalTime
0x84b06c WriteConsoleA
0x84b070 LocalAlloc
0x84b074 SetConsoleOutputCP
0x84b078 Module32FirstW
0x84b07c GetModuleFileNameA
0x84b080 GetModuleHandleA
0x84b084 QueueUserWorkItem
0x84b088 GetConsoleTitleW
0x84b08c PeekConsoleInputA
0x84b090 ReadConsoleInputW
0x84b094 GetCurrentProcessId
0x84b098 AddConsoleAliasA
0x84b09c FindNextVolumeA
0x84b0a0 PulseEvent
0x84b0a4 GetCommandLineW
0x84b0a8 GetStartupInfoW
0x84b0ac TerminateProcess
0x84b0b0 GetCurrentProcess
0x84b0b4 UnhandledExceptionFilter
0x84b0b8 SetUnhandledExceptionFilter
0x84b0bc IsDebuggerPresent
0x84b0c0 GetModuleHandleW
0x84b0c4 TlsGetValue
0x84b0c8 TlsAlloc
0x84b0cc TlsSetValue
0x84b0d0 TlsFree
0x84b0d4 InterlockedIncrement
0x84b0d8 SetLastError
0x84b0dc GetCurrentThreadId
0x84b0e0 GetLastError
0x84b0e4 Sleep
0x84b0e8 HeapSize
0x84b0ec ExitProcess
0x84b0f0 EnterCriticalSection
0x84b0f4 SetHandleCount
0x84b0f8 GetStdHandle
0x84b0fc GetFileType
0x84b100 GetStartupInfoA
0x84b104 DeleteCriticalSection
0x84b108 SetFilePointer
0x84b10c WriteFile
0x84b110 FreeEnvironmentStringsW
0x84b114 HeapCreate
0x84b118 VirtualFree
0x84b11c HeapFree
0x84b120 QueryPerformanceCounter
0x84b124 GetTickCount
0x84b128 GetSystemTimeAsFileTime
0x84b12c WideCharToMultiByte
0x84b130 GetConsoleCP
0x84b134 GetConsoleMode
0x84b138 GetCPInfo
0x84b13c GetOEMCP
0x84b140 IsValidCodePage
0x84b144 RaiseException
0x84b148 HeapAlloc
0x84b14c HeapReAlloc
0x84b150 VirtualAlloc
0x84b154 LoadLibraryA
0x84b158 RtlUnwind
0x84b15c SetStdHandle
0x84b160 FlushFileBuffers
0x84b164 GetConsoleOutputCP
0x84b168 WriteConsoleW
0x84b16c MultiByteToWideChar
0x84b170 LCMapStringW
0x84b174 GetStringTypeA
0x84b178 GetStringTypeW
0x84b17c GetLocaleInfoA
0x84b180 CreateFileA
0x84b184 CloseHandle
GDI32.dll
0x84b000 GetCharWidthFloatW
EAT(Export Address Table) is none