ScreenShot
| Created | 2021.09.08 09:59 | Machine | s1_win7_x6401 |
| Filename | apines.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 33 detected (AIDetect, malware1, malicious, high confidence, Fragtor, Jaik, Unsafe, Save, ZexaF, pq0@a4d328lc, Kryptik, Eldorado, TrojanX, susgen, StopCrypt, score, Artemis, ai score=80, Generic@ML, RDML, c19SzFPWF6Z, 9YIKMklIHg, Static AI, Malicious PE, confidence, 100%) | ||
| md5 | 5dc89acaae4edda1b0519ff9657b763a | ||
| sha256 | 9d29d5a2fa3e1b5213d8e73bfbc32cc9f716a7d8a261289decd409a806a4220d | ||
| ssdeep | 3072:r7ZfniI3338yqpr/pxTmi50Q51uWWc6gn1/QBRvTfdcDKvWD5oX/Gq5F9fq:rZVPohxTfiQn5jQBRvjdfPX+qhy | ||
| imphash | 1809fec2059dccb23891231e67cccfd1 | ||
| impfuzzy | 24:/k80Z9YZ3Oovi78rlD9YnHyM56VJt/J3J8uRv9KvklRTAjMniplu2c5:CZaZ+B3nx56VJthK29Z7Ws2U | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 33 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x431000 GetLocaleInfoA
0x431004 SetLocalTime
0x431008 lstrcpynA
0x43100c InterlockedIncrement
0x431010 InterlockedDecrement
0x431014 GetCurrentProcess
0x431018 GetSystemWindowsDirectoryW
0x43101c GetEnvironmentStringsW
0x431020 GetUserDefaultLCID
0x431024 AddConsoleAliasW
0x431028 SetEvent
0x43102c GetSystemDefaultLCID
0x431030 GetFileAttributesExA
0x431034 ReadConsoleW
0x431038 WriteFile
0x43103c GetCommandLineA
0x431040 GetEnvironmentStrings
0x431044 GlobalAlloc
0x431048 ReadConsoleInputA
0x43104c CopyFileW
0x431050 DeleteVolumeMountPointW
0x431054 GetComputerNameExA
0x431058 VerifyVersionInfoA
0x43105c WriteConsoleW
0x431060 GetAtomNameW
0x431064 GetCPInfoExW
0x431068 GetProcAddress
0x43106c GetLongPathNameA
0x431070 VerLanguageNameA
0x431074 EnterCriticalSection
0x431078 CreateTapePartition
0x43107c SetConsoleOutputCP
0x431080 GetModuleFileNameA
0x431084 GetOEMCP
0x431088 SetConsoleTitleW
0x43108c GetModuleHandleA
0x431090 PeekConsoleInputA
0x431094 Module32NextW
0x431098 GetCurrentProcessId
0x43109c FindNextVolumeA
0x4310a0 LeaveCriticalSection
0x4310a4 GetStartupInfoA
0x4310a8 TerminateProcess
0x4310ac UnhandledExceptionFilter
0x4310b0 SetUnhandledExceptionFilter
0x4310b4 IsDebuggerPresent
0x4310b8 GetModuleHandleW
0x4310bc TlsGetValue
0x4310c0 TlsAlloc
0x4310c4 TlsSetValue
0x4310c8 TlsFree
0x4310cc SetLastError
0x4310d0 GetCurrentThreadId
0x4310d4 GetLastError
0x4310d8 Sleep
0x4310dc HeapSize
0x4310e0 ExitProcess
0x4310e4 SetHandleCount
0x4310e8 GetStdHandle
0x4310ec GetFileType
0x4310f0 DeleteCriticalSection
0x4310f4 SetFilePointer
0x4310f8 GetCPInfo
0x4310fc GetACP
0x431100 IsValidCodePage
0x431104 FreeEnvironmentStringsA
0x431108 FreeEnvironmentStringsW
0x43110c WideCharToMultiByte
0x431110 HeapCreate
0x431114 VirtualFree
0x431118 HeapFree
0x43111c QueryPerformanceCounter
0x431120 GetTickCount
0x431124 GetSystemTimeAsFileTime
0x431128 GetConsoleCP
0x43112c GetConsoleMode
0x431130 RaiseException
0x431134 HeapAlloc
0x431138 HeapReAlloc
0x43113c VirtualAlloc
0x431140 LoadLibraryA
0x431144 InitializeCriticalSectionAndSpinCount
0x431148 RtlUnwind
0x43114c SetStdHandle
0x431150 FlushFileBuffers
0x431154 LCMapStringA
0x431158 MultiByteToWideChar
0x43115c LCMapStringW
0x431160 GetStringTypeA
0x431164 GetStringTypeW
0x431168 WriteConsoleA
0x43116c GetConsoleOutputCP
0x431170 CreateFileA
0x431174 CloseHandle
EAT(Export Address Table) is none
KERNEL32.dll
0x431000 GetLocaleInfoA
0x431004 SetLocalTime
0x431008 lstrcpynA
0x43100c InterlockedIncrement
0x431010 InterlockedDecrement
0x431014 GetCurrentProcess
0x431018 GetSystemWindowsDirectoryW
0x43101c GetEnvironmentStringsW
0x431020 GetUserDefaultLCID
0x431024 AddConsoleAliasW
0x431028 SetEvent
0x43102c GetSystemDefaultLCID
0x431030 GetFileAttributesExA
0x431034 ReadConsoleW
0x431038 WriteFile
0x43103c GetCommandLineA
0x431040 GetEnvironmentStrings
0x431044 GlobalAlloc
0x431048 ReadConsoleInputA
0x43104c CopyFileW
0x431050 DeleteVolumeMountPointW
0x431054 GetComputerNameExA
0x431058 VerifyVersionInfoA
0x43105c WriteConsoleW
0x431060 GetAtomNameW
0x431064 GetCPInfoExW
0x431068 GetProcAddress
0x43106c GetLongPathNameA
0x431070 VerLanguageNameA
0x431074 EnterCriticalSection
0x431078 CreateTapePartition
0x43107c SetConsoleOutputCP
0x431080 GetModuleFileNameA
0x431084 GetOEMCP
0x431088 SetConsoleTitleW
0x43108c GetModuleHandleA
0x431090 PeekConsoleInputA
0x431094 Module32NextW
0x431098 GetCurrentProcessId
0x43109c FindNextVolumeA
0x4310a0 LeaveCriticalSection
0x4310a4 GetStartupInfoA
0x4310a8 TerminateProcess
0x4310ac UnhandledExceptionFilter
0x4310b0 SetUnhandledExceptionFilter
0x4310b4 IsDebuggerPresent
0x4310b8 GetModuleHandleW
0x4310bc TlsGetValue
0x4310c0 TlsAlloc
0x4310c4 TlsSetValue
0x4310c8 TlsFree
0x4310cc SetLastError
0x4310d0 GetCurrentThreadId
0x4310d4 GetLastError
0x4310d8 Sleep
0x4310dc HeapSize
0x4310e0 ExitProcess
0x4310e4 SetHandleCount
0x4310e8 GetStdHandle
0x4310ec GetFileType
0x4310f0 DeleteCriticalSection
0x4310f4 SetFilePointer
0x4310f8 GetCPInfo
0x4310fc GetACP
0x431100 IsValidCodePage
0x431104 FreeEnvironmentStringsA
0x431108 FreeEnvironmentStringsW
0x43110c WideCharToMultiByte
0x431110 HeapCreate
0x431114 VirtualFree
0x431118 HeapFree
0x43111c QueryPerformanceCounter
0x431120 GetTickCount
0x431124 GetSystemTimeAsFileTime
0x431128 GetConsoleCP
0x43112c GetConsoleMode
0x431130 RaiseException
0x431134 HeapAlloc
0x431138 HeapReAlloc
0x43113c VirtualAlloc
0x431140 LoadLibraryA
0x431144 InitializeCriticalSectionAndSpinCount
0x431148 RtlUnwind
0x43114c SetStdHandle
0x431150 FlushFileBuffers
0x431154 LCMapStringA
0x431158 MultiByteToWideChar
0x43115c LCMapStringW
0x431160 GetStringTypeA
0x431164 GetStringTypeW
0x431168 WriteConsoleA
0x43116c GetConsoleOutputCP
0x431170 CreateFileA
0x431174 CloseHandle
EAT(Export Address Table) is none