ScreenShot
| Created | 2021.09.06 18:08 | Machine | s1_win7_x6402 |
| Filename | Vids.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 28 detected (AIDetect, malware1, malicious, high confidence, Babar, Unsafe, Save, confidence, 100%, Kryptik, Eldorado, Attribute, HighConfidence, Upatre, ai score=83, Wacatac, score, MachineLearning, Anomalous, CLASSIC, Static AI, Malicious PE, susgen, ZexaF, Qq0@aSj, zBac) | ||
| md5 | 07d8a630c42701bd47b10d5a15059720 | ||
| sha256 | 295d3a815f7917fd944d28e08e46d1a45c7ac9a5ffcb9fd2a697cc4d84352d56 | ||
| ssdeep | 12288:KO0L7aRIZOHeUnxKB+wDEcwWibM+KhYi+uXaHISCqDAiA1uy16KDLW:70faRR++kvibEEuoUaA1VwKHW | ||
| imphash | b3c77ddf52d3747349b325f3828cda41 | ||
| impfuzzy | 24:qbG2Sj20Z/Z57axdAx/DoP1M5692hOSt5Oovol3/J3Njyv9rvklRTeplrjMcvfE:91DZ/Z1aHj+56bSt8DPNg9KW1vfE | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x48b000 lstrcpynA
0x48b004 GetDefaultCommConfigW
0x48b008 DeleteVolumeMountPointA
0x48b00c ReadConsoleA
0x48b010 InterlockedDecrement
0x48b014 GetSystemWindowsDirectoryW
0x48b018 GetEnvironmentStringsW
0x48b01c GetUserDefaultLCID
0x48b020 SetEvent
0x48b024 GetSystemDefaultLCID
0x48b028 GetFileAttributesExA
0x48b02c GetEnvironmentStrings
0x48b030 GlobalAlloc
0x48b034 ReadConsoleInputA
0x48b038 CopyFileW
0x48b03c LeaveCriticalSection
0x48b040 GetComputerNameExA
0x48b044 UnregisterWait
0x48b048 ReadFile
0x48b04c GetACP
0x48b050 GetConsoleOutputCP
0x48b054 VerifyVersionInfoW
0x48b058 GetCPInfoExW
0x48b05c GetLongPathNameW
0x48b060 GetProcAddress
0x48b064 VerLanguageNameW
0x48b068 GetLocalTime
0x48b06c WriteConsoleA
0x48b070 CreateTapePartition
0x48b074 GetModuleFileNameA
0x48b078 SetConsoleTitleW
0x48b07c GetModuleHandleA
0x48b080 PeekConsoleInputA
0x48b084 Module32NextW
0x48b088 GetCurrentProcessId
0x48b08c AddConsoleAliasA
0x48b090 EnumCalendarInfoExA
0x48b094 FindNextVolumeA
0x48b098 LCMapStringW
0x48b09c GetAtomNameW
0x48b0a0 GetCommandLineW
0x48b0a4 UnhandledExceptionFilter
0x48b0a8 SetUnhandledExceptionFilter
0x48b0ac GetCommandLineA
0x48b0b0 GetStartupInfoA
0x48b0b4 GetModuleHandleW
0x48b0b8 Sleep
0x48b0bc ExitProcess
0x48b0c0 GetLastError
0x48b0c4 WriteFile
0x48b0c8 GetStdHandle
0x48b0cc TerminateProcess
0x48b0d0 GetCurrentProcess
0x48b0d4 IsDebuggerPresent
0x48b0d8 TlsGetValue
0x48b0dc TlsAlloc
0x48b0e0 TlsSetValue
0x48b0e4 TlsFree
0x48b0e8 InterlockedIncrement
0x48b0ec SetLastError
0x48b0f0 GetCurrentThreadId
0x48b0f4 EnterCriticalSection
0x48b0f8 HeapSize
0x48b0fc SetHandleCount
0x48b100 GetFileType
0x48b104 DeleteCriticalSection
0x48b108 SetFilePointer
0x48b10c FreeEnvironmentStringsA
0x48b110 FreeEnvironmentStringsW
0x48b114 WideCharToMultiByte
0x48b118 HeapCreate
0x48b11c VirtualFree
0x48b120 HeapFree
0x48b124 QueryPerformanceCounter
0x48b128 GetTickCount
0x48b12c GetSystemTimeAsFileTime
0x48b130 LoadLibraryA
0x48b134 InitializeCriticalSectionAndSpinCount
0x48b138 GetConsoleCP
0x48b13c GetConsoleMode
0x48b140 GetCPInfo
0x48b144 GetOEMCP
0x48b148 IsValidCodePage
0x48b14c RaiseException
0x48b150 MultiByteToWideChar
0x48b154 RtlUnwind
0x48b158 HeapAlloc
0x48b15c HeapReAlloc
0x48b160 VirtualAlloc
0x48b164 SetStdHandle
0x48b168 FlushFileBuffers
0x48b16c GetLocaleInfoA
0x48b170 WriteConsoleW
0x48b174 LCMapStringA
0x48b178 GetStringTypeA
0x48b17c GetStringTypeW
0x48b180 CreateFileA
0x48b184 CloseHandle
EAT(Export Address Table) is none
KERNEL32.dll
0x48b000 lstrcpynA
0x48b004 GetDefaultCommConfigW
0x48b008 DeleteVolumeMountPointA
0x48b00c ReadConsoleA
0x48b010 InterlockedDecrement
0x48b014 GetSystemWindowsDirectoryW
0x48b018 GetEnvironmentStringsW
0x48b01c GetUserDefaultLCID
0x48b020 SetEvent
0x48b024 GetSystemDefaultLCID
0x48b028 GetFileAttributesExA
0x48b02c GetEnvironmentStrings
0x48b030 GlobalAlloc
0x48b034 ReadConsoleInputA
0x48b038 CopyFileW
0x48b03c LeaveCriticalSection
0x48b040 GetComputerNameExA
0x48b044 UnregisterWait
0x48b048 ReadFile
0x48b04c GetACP
0x48b050 GetConsoleOutputCP
0x48b054 VerifyVersionInfoW
0x48b058 GetCPInfoExW
0x48b05c GetLongPathNameW
0x48b060 GetProcAddress
0x48b064 VerLanguageNameW
0x48b068 GetLocalTime
0x48b06c WriteConsoleA
0x48b070 CreateTapePartition
0x48b074 GetModuleFileNameA
0x48b078 SetConsoleTitleW
0x48b07c GetModuleHandleA
0x48b080 PeekConsoleInputA
0x48b084 Module32NextW
0x48b088 GetCurrentProcessId
0x48b08c AddConsoleAliasA
0x48b090 EnumCalendarInfoExA
0x48b094 FindNextVolumeA
0x48b098 LCMapStringW
0x48b09c GetAtomNameW
0x48b0a0 GetCommandLineW
0x48b0a4 UnhandledExceptionFilter
0x48b0a8 SetUnhandledExceptionFilter
0x48b0ac GetCommandLineA
0x48b0b0 GetStartupInfoA
0x48b0b4 GetModuleHandleW
0x48b0b8 Sleep
0x48b0bc ExitProcess
0x48b0c0 GetLastError
0x48b0c4 WriteFile
0x48b0c8 GetStdHandle
0x48b0cc TerminateProcess
0x48b0d0 GetCurrentProcess
0x48b0d4 IsDebuggerPresent
0x48b0d8 TlsGetValue
0x48b0dc TlsAlloc
0x48b0e0 TlsSetValue
0x48b0e4 TlsFree
0x48b0e8 InterlockedIncrement
0x48b0ec SetLastError
0x48b0f0 GetCurrentThreadId
0x48b0f4 EnterCriticalSection
0x48b0f8 HeapSize
0x48b0fc SetHandleCount
0x48b100 GetFileType
0x48b104 DeleteCriticalSection
0x48b108 SetFilePointer
0x48b10c FreeEnvironmentStringsA
0x48b110 FreeEnvironmentStringsW
0x48b114 WideCharToMultiByte
0x48b118 HeapCreate
0x48b11c VirtualFree
0x48b120 HeapFree
0x48b124 QueryPerformanceCounter
0x48b128 GetTickCount
0x48b12c GetSystemTimeAsFileTime
0x48b130 LoadLibraryA
0x48b134 InitializeCriticalSectionAndSpinCount
0x48b138 GetConsoleCP
0x48b13c GetConsoleMode
0x48b140 GetCPInfo
0x48b144 GetOEMCP
0x48b148 IsValidCodePage
0x48b14c RaiseException
0x48b150 MultiByteToWideChar
0x48b154 RtlUnwind
0x48b158 HeapAlloc
0x48b15c HeapReAlloc
0x48b160 VirtualAlloc
0x48b164 SetStdHandle
0x48b168 FlushFileBuffers
0x48b16c GetLocaleInfoA
0x48b170 WriteConsoleW
0x48b174 LCMapStringA
0x48b178 GetStringTypeA
0x48b17c GetStringTypeW
0x48b180 CreateFileA
0x48b184 CloseHandle
EAT(Export Address Table) is none