ScreenShot
| Created | 2021.09.06 18:05 | Machine | s1_win7_x6401 |
| Filename | sefile2.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 29 detected (malicious, high confidence, Babar, Unsafe, Save, confidence, 100%, ZexaF, sq0@ae3Tmfoc, Kryptik, Eldorado, Attribute, HighConfidence, Convagent, CLASSIC, Wacatac, score, ai score=81, MachineLearning, Anomalous, Static AI, Malicious PE, susgen) | ||
| md5 | 80c223af51fcaa9cd18394d64f08e20e | ||
| sha256 | 6729dd23f1da9cc4e6a51ed5660bb0f454add1c50e99d7b0f3ee9cee39e5e671 | ||
| ssdeep | 3072:7EZ7JJFDayVxrSZXcI+eONMmwYiS4cY7wpHzAXv3SCDi15wi683Tm7uaRRNx6R04:4Z7JGkxWZsIHuZXbAEDauaRv60F4W | ||
| imphash | b3c77ddf52d3747349b325f3828cda41 | ||
| impfuzzy | 24:qbG2Sj20Z/Z57axdAx/DoP1M5692hOSt5Oovol3/J3Njyv9rvklRTeplrjMcvfE:91DZ/Z1aHj+56bSt8DPNg9KW1vfE | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x42c000 lstrcpynA
0x42c004 GetDefaultCommConfigW
0x42c008 DeleteVolumeMountPointA
0x42c00c ReadConsoleA
0x42c010 InterlockedDecrement
0x42c014 GetSystemWindowsDirectoryW
0x42c018 GetEnvironmentStringsW
0x42c01c GetUserDefaultLCID
0x42c020 SetEvent
0x42c024 GetSystemDefaultLCID
0x42c028 GetFileAttributesExA
0x42c02c GetEnvironmentStrings
0x42c030 GlobalAlloc
0x42c034 ReadConsoleInputA
0x42c038 CopyFileW
0x42c03c LeaveCriticalSection
0x42c040 GetComputerNameExA
0x42c044 UnregisterWait
0x42c048 ReadFile
0x42c04c GetACP
0x42c050 GetConsoleOutputCP
0x42c054 VerifyVersionInfoW
0x42c058 GetCPInfoExW
0x42c05c GetLongPathNameW
0x42c060 GetProcAddress
0x42c064 VerLanguageNameW
0x42c068 GetLocalTime
0x42c06c WriteConsoleA
0x42c070 CreateTapePartition
0x42c074 GetModuleFileNameA
0x42c078 SetConsoleTitleW
0x42c07c GetModuleHandleA
0x42c080 PeekConsoleInputA
0x42c084 Module32NextW
0x42c088 GetCurrentProcessId
0x42c08c AddConsoleAliasA
0x42c090 EnumCalendarInfoExA
0x42c094 FindNextVolumeA
0x42c098 LCMapStringW
0x42c09c GetAtomNameW
0x42c0a0 GetCommandLineW
0x42c0a4 UnhandledExceptionFilter
0x42c0a8 SetUnhandledExceptionFilter
0x42c0ac GetCommandLineA
0x42c0b0 GetStartupInfoA
0x42c0b4 GetModuleHandleW
0x42c0b8 Sleep
0x42c0bc ExitProcess
0x42c0c0 GetLastError
0x42c0c4 WriteFile
0x42c0c8 GetStdHandle
0x42c0cc TerminateProcess
0x42c0d0 GetCurrentProcess
0x42c0d4 IsDebuggerPresent
0x42c0d8 TlsGetValue
0x42c0dc TlsAlloc
0x42c0e0 TlsSetValue
0x42c0e4 TlsFree
0x42c0e8 InterlockedIncrement
0x42c0ec SetLastError
0x42c0f0 GetCurrentThreadId
0x42c0f4 EnterCriticalSection
0x42c0f8 HeapSize
0x42c0fc SetHandleCount
0x42c100 GetFileType
0x42c104 DeleteCriticalSection
0x42c108 SetFilePointer
0x42c10c FreeEnvironmentStringsA
0x42c110 FreeEnvironmentStringsW
0x42c114 WideCharToMultiByte
0x42c118 HeapCreate
0x42c11c VirtualFree
0x42c120 HeapFree
0x42c124 QueryPerformanceCounter
0x42c128 GetTickCount
0x42c12c GetSystemTimeAsFileTime
0x42c130 LoadLibraryA
0x42c134 InitializeCriticalSectionAndSpinCount
0x42c138 GetConsoleCP
0x42c13c GetConsoleMode
0x42c140 GetCPInfo
0x42c144 GetOEMCP
0x42c148 IsValidCodePage
0x42c14c RaiseException
0x42c150 MultiByteToWideChar
0x42c154 RtlUnwind
0x42c158 HeapAlloc
0x42c15c HeapReAlloc
0x42c160 VirtualAlloc
0x42c164 SetStdHandle
0x42c168 FlushFileBuffers
0x42c16c GetLocaleInfoA
0x42c170 WriteConsoleW
0x42c174 LCMapStringA
0x42c178 GetStringTypeA
0x42c17c GetStringTypeW
0x42c180 CreateFileA
0x42c184 CloseHandle
EAT(Export Address Table) is none
KERNEL32.dll
0x42c000 lstrcpynA
0x42c004 GetDefaultCommConfigW
0x42c008 DeleteVolumeMountPointA
0x42c00c ReadConsoleA
0x42c010 InterlockedDecrement
0x42c014 GetSystemWindowsDirectoryW
0x42c018 GetEnvironmentStringsW
0x42c01c GetUserDefaultLCID
0x42c020 SetEvent
0x42c024 GetSystemDefaultLCID
0x42c028 GetFileAttributesExA
0x42c02c GetEnvironmentStrings
0x42c030 GlobalAlloc
0x42c034 ReadConsoleInputA
0x42c038 CopyFileW
0x42c03c LeaveCriticalSection
0x42c040 GetComputerNameExA
0x42c044 UnregisterWait
0x42c048 ReadFile
0x42c04c GetACP
0x42c050 GetConsoleOutputCP
0x42c054 VerifyVersionInfoW
0x42c058 GetCPInfoExW
0x42c05c GetLongPathNameW
0x42c060 GetProcAddress
0x42c064 VerLanguageNameW
0x42c068 GetLocalTime
0x42c06c WriteConsoleA
0x42c070 CreateTapePartition
0x42c074 GetModuleFileNameA
0x42c078 SetConsoleTitleW
0x42c07c GetModuleHandleA
0x42c080 PeekConsoleInputA
0x42c084 Module32NextW
0x42c088 GetCurrentProcessId
0x42c08c AddConsoleAliasA
0x42c090 EnumCalendarInfoExA
0x42c094 FindNextVolumeA
0x42c098 LCMapStringW
0x42c09c GetAtomNameW
0x42c0a0 GetCommandLineW
0x42c0a4 UnhandledExceptionFilter
0x42c0a8 SetUnhandledExceptionFilter
0x42c0ac GetCommandLineA
0x42c0b0 GetStartupInfoA
0x42c0b4 GetModuleHandleW
0x42c0b8 Sleep
0x42c0bc ExitProcess
0x42c0c0 GetLastError
0x42c0c4 WriteFile
0x42c0c8 GetStdHandle
0x42c0cc TerminateProcess
0x42c0d0 GetCurrentProcess
0x42c0d4 IsDebuggerPresent
0x42c0d8 TlsGetValue
0x42c0dc TlsAlloc
0x42c0e0 TlsSetValue
0x42c0e4 TlsFree
0x42c0e8 InterlockedIncrement
0x42c0ec SetLastError
0x42c0f0 GetCurrentThreadId
0x42c0f4 EnterCriticalSection
0x42c0f8 HeapSize
0x42c0fc SetHandleCount
0x42c100 GetFileType
0x42c104 DeleteCriticalSection
0x42c108 SetFilePointer
0x42c10c FreeEnvironmentStringsA
0x42c110 FreeEnvironmentStringsW
0x42c114 WideCharToMultiByte
0x42c118 HeapCreate
0x42c11c VirtualFree
0x42c120 HeapFree
0x42c124 QueryPerformanceCounter
0x42c128 GetTickCount
0x42c12c GetSystemTimeAsFileTime
0x42c130 LoadLibraryA
0x42c134 InitializeCriticalSectionAndSpinCount
0x42c138 GetConsoleCP
0x42c13c GetConsoleMode
0x42c140 GetCPInfo
0x42c144 GetOEMCP
0x42c148 IsValidCodePage
0x42c14c RaiseException
0x42c150 MultiByteToWideChar
0x42c154 RtlUnwind
0x42c158 HeapAlloc
0x42c15c HeapReAlloc
0x42c160 VirtualAlloc
0x42c164 SetStdHandle
0x42c168 FlushFileBuffers
0x42c16c GetLocaleInfoA
0x42c170 WriteConsoleW
0x42c174 LCMapStringA
0x42c178 GetStringTypeA
0x42c17c GetStringTypeW
0x42c180 CreateFileA
0x42c184 CloseHandle
EAT(Export Address Table) is none