ScreenShot
| Created | 2021.09.07 19:15 | Machine | s1_win7_x6402 |
| Filename | clip.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 35 detected (AIDetect, malware1, malicious, high confidence, Fragtor, Unsafe, Save, Hacktool, Jaik, Kryptik, Eldorado, Attribute, HighConfidence, GenKryptik, FKCI, Convagent, DropperX, Generic@ML, RDML, T9KeLS0fdqbKHPf9HgQn9A, Emotet, Static AI, Malicious PE, Sabsik, score, SmokeLoader, R440306, GenericRXAA, ai score=83, ZexaF, lq0@aCZ2Y7bc, Genetic, confidence, 100%, susgen) | ||
| md5 | 483715033eb4f12ab5c3d9a7e2953221 | ||
| sha256 | f0f3f39e63a0fa9d1af8b6b23f23af1f1274f5f2a5a181a0070fb397fb7225a4 | ||
| ssdeep | 3072:fk8NCwrp3GknF7Q9XnHxm7y5Rk4Q/pzT3WvTTaA421M:iknZQ93Re46pzjMaA4A | ||
| imphash | b740348189b21a2cbef41493dadcafe4 | ||
| impfuzzy | 24:yk20Z9YZ3Oovi7axyD9Yn/M564Rt+lbJ3Vyv9rvklRTeplrjM0pyN:9ZaZ+BaTn0560t+Xa9KWhpyN | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 35 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x415000 GetLocaleInfoA
0x415004 SetLocalTime
0x415008 lstrcpynA
0x41500c DeleteVolumeMountPointA
0x415010 InterlockedIncrement
0x415014 InterlockedDecrement
0x415018 GetSystemWindowsDirectoryW
0x41501c GetEnvironmentStringsW
0x415020 GetUserDefaultLCID
0x415024 AddConsoleAliasW
0x415028 SetEvent
0x41502c GetSystemDefaultLCID
0x415030 GetFileAttributesExA
0x415034 ReadConsoleW
0x415038 WriteFile
0x41503c GetCommandLineA
0x415040 GetEnvironmentStrings
0x415044 GlobalAlloc
0x415048 ReadConsoleInputA
0x41504c CopyFileW
0x415050 LeaveCriticalSection
0x415054 VerifyVersionInfoA
0x415058 WriteConsoleW
0x41505c GetAtomNameW
0x415060 GetConsoleOutputCP
0x415064 GetCPInfoExW
0x415068 GetProcAddress
0x41506c GetLongPathNameA
0x415070 VerLanguageNameA
0x415074 EnterCriticalSection
0x415078 CreateTapePartition
0x41507c GetModuleFileNameA
0x415080 GetOEMCP
0x415084 SetConsoleTitleW
0x415088 GetModuleHandleA
0x41508c PeekConsoleInputA
0x415090 Module32NextW
0x415094 GetCurrentProcessId
0x415098 FindNextVolumeA
0x41509c GetComputerNameExA
0x4150a0 UnhandledExceptionFilter
0x4150a4 SetUnhandledExceptionFilter
0x4150a8 GetStartupInfoA
0x4150ac GetModuleHandleW
0x4150b0 Sleep
0x4150b4 ExitProcess
0x4150b8 GetLastError
0x4150bc GetStdHandle
0x4150c0 TerminateProcess
0x4150c4 GetCurrentProcess
0x4150c8 IsDebuggerPresent
0x4150cc TlsGetValue
0x4150d0 TlsAlloc
0x4150d4 TlsSetValue
0x4150d8 TlsFree
0x4150dc SetLastError
0x4150e0 GetCurrentThreadId
0x4150e4 HeapSize
0x4150e8 SetHandleCount
0x4150ec GetFileType
0x4150f0 DeleteCriticalSection
0x4150f4 SetFilePointer
0x4150f8 FreeEnvironmentStringsA
0x4150fc FreeEnvironmentStringsW
0x415100 WideCharToMultiByte
0x415104 HeapCreate
0x415108 VirtualFree
0x41510c HeapFree
0x415110 QueryPerformanceCounter
0x415114 GetTickCount
0x415118 GetSystemTimeAsFileTime
0x41511c LoadLibraryA
0x415120 InitializeCriticalSectionAndSpinCount
0x415124 GetConsoleCP
0x415128 GetConsoleMode
0x41512c GetCPInfo
0x415130 GetACP
0x415134 IsValidCodePage
0x415138 RaiseException
0x41513c HeapAlloc
0x415140 HeapReAlloc
0x415144 VirtualAlloc
0x415148 RtlUnwind
0x41514c SetStdHandle
0x415150 FlushFileBuffers
0x415154 WriteConsoleA
0x415158 MultiByteToWideChar
0x41515c LCMapStringA
0x415160 LCMapStringW
0x415164 GetStringTypeA
0x415168 GetStringTypeW
0x41516c CreateFileA
0x415170 CloseHandle
EAT(Export Address Table) is none
KERNEL32.dll
0x415000 GetLocaleInfoA
0x415004 SetLocalTime
0x415008 lstrcpynA
0x41500c DeleteVolumeMountPointA
0x415010 InterlockedIncrement
0x415014 InterlockedDecrement
0x415018 GetSystemWindowsDirectoryW
0x41501c GetEnvironmentStringsW
0x415020 GetUserDefaultLCID
0x415024 AddConsoleAliasW
0x415028 SetEvent
0x41502c GetSystemDefaultLCID
0x415030 GetFileAttributesExA
0x415034 ReadConsoleW
0x415038 WriteFile
0x41503c GetCommandLineA
0x415040 GetEnvironmentStrings
0x415044 GlobalAlloc
0x415048 ReadConsoleInputA
0x41504c CopyFileW
0x415050 LeaveCriticalSection
0x415054 VerifyVersionInfoA
0x415058 WriteConsoleW
0x41505c GetAtomNameW
0x415060 GetConsoleOutputCP
0x415064 GetCPInfoExW
0x415068 GetProcAddress
0x41506c GetLongPathNameA
0x415070 VerLanguageNameA
0x415074 EnterCriticalSection
0x415078 CreateTapePartition
0x41507c GetModuleFileNameA
0x415080 GetOEMCP
0x415084 SetConsoleTitleW
0x415088 GetModuleHandleA
0x41508c PeekConsoleInputA
0x415090 Module32NextW
0x415094 GetCurrentProcessId
0x415098 FindNextVolumeA
0x41509c GetComputerNameExA
0x4150a0 UnhandledExceptionFilter
0x4150a4 SetUnhandledExceptionFilter
0x4150a8 GetStartupInfoA
0x4150ac GetModuleHandleW
0x4150b0 Sleep
0x4150b4 ExitProcess
0x4150b8 GetLastError
0x4150bc GetStdHandle
0x4150c0 TerminateProcess
0x4150c4 GetCurrentProcess
0x4150c8 IsDebuggerPresent
0x4150cc TlsGetValue
0x4150d0 TlsAlloc
0x4150d4 TlsSetValue
0x4150d8 TlsFree
0x4150dc SetLastError
0x4150e0 GetCurrentThreadId
0x4150e4 HeapSize
0x4150e8 SetHandleCount
0x4150ec GetFileType
0x4150f0 DeleteCriticalSection
0x4150f4 SetFilePointer
0x4150f8 FreeEnvironmentStringsA
0x4150fc FreeEnvironmentStringsW
0x415100 WideCharToMultiByte
0x415104 HeapCreate
0x415108 VirtualFree
0x41510c HeapFree
0x415110 QueryPerformanceCounter
0x415114 GetTickCount
0x415118 GetSystemTimeAsFileTime
0x41511c LoadLibraryA
0x415120 InitializeCriticalSectionAndSpinCount
0x415124 GetConsoleCP
0x415128 GetConsoleMode
0x41512c GetCPInfo
0x415130 GetACP
0x415134 IsValidCodePage
0x415138 RaiseException
0x41513c HeapAlloc
0x415140 HeapReAlloc
0x415144 VirtualAlloc
0x415148 RtlUnwind
0x41514c SetStdHandle
0x415150 FlushFileBuffers
0x415154 WriteConsoleA
0x415158 MultiByteToWideChar
0x41515c LCMapStringA
0x415160 LCMapStringW
0x415164 GetStringTypeA
0x415168 GetStringTypeW
0x41516c CreateFileA
0x415170 CloseHandle
EAT(Export Address Table) is none