ScreenShot
| Created | 2021.09.08 17:31 | Machine | s1_win7_x6401 |
| Filename | raccon.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 864a871c403534258270290a4a930466 | ||
| sha256 | 51ebd9975343c1c01b6accd11507d17b1bb4d6d6f6333c600e0957b2cc997171 | ||
| ssdeep | 12288:W9vyIjjH82Wpo1Bm3IGl3tDFBTOw0+7PB:uZjWCg/3tDFBTyWJ | ||
| imphash | 5aa0a5cf696bba3ecf1fd89efe73c676 | ||
| impfuzzy | 24:qk80Z9YZ3Oovi78slDxYYnHyl6VJt/J3J8XYvQyv9kRTAjM0ipluoMN:TZaZ+BFxn26VJthKq9gQWsJN | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x45f000 SetLocalTime
0x45f004 lstrcpynA
0x45f008 InterlockedIncrement
0x45f00c InterlockedDecrement
0x45f010 GetCurrentProcess
0x45f014 GetSystemWindowsDirectoryW
0x45f018 GetEnvironmentStringsW
0x45f01c GetUserDefaultLCID
0x45f020 AddConsoleAliasW
0x45f024 SetEvent
0x45f028 GetSystemDefaultLCID
0x45f02c GetFileAttributesExA
0x45f030 ReadConsoleW
0x45f034 WriteFile
0x45f038 GetCommandLineA
0x45f03c GetEnvironmentStrings
0x45f040 GlobalAlloc
0x45f044 ReadConsoleInputA
0x45f048 CopyFileW
0x45f04c DeleteVolumeMountPointW
0x45f050 GetLocaleInfoA
0x45f054 GetComputerNameExA
0x45f058 VerifyVersionInfoA
0x45f05c WriteConsoleW
0x45f060 GetAtomNameW
0x45f064 GetCPInfoExW
0x45f068 GetProcAddress
0x45f06c GetLongPathNameA
0x45f070 PeekConsoleInputW
0x45f074 VerLanguageNameA
0x45f078 EnterCriticalSection
0x45f07c CreateTapePartition
0x45f080 SetConsoleOutputCP
0x45f084 GetModuleFileNameA
0x45f088 GetOEMCP
0x45f08c SetConsoleTitleW
0x45f090 GetModuleHandleA
0x45f094 Module32NextW
0x45f098 GetCurrentProcessId
0x45f09c FindNextVolumeA
0x45f0a0 LeaveCriticalSection
0x45f0a4 GetStartupInfoA
0x45f0a8 TerminateProcess
0x45f0ac UnhandledExceptionFilter
0x45f0b0 SetUnhandledExceptionFilter
0x45f0b4 IsDebuggerPresent
0x45f0b8 GetModuleHandleW
0x45f0bc TlsGetValue
0x45f0c0 TlsAlloc
0x45f0c4 TlsSetValue
0x45f0c8 TlsFree
0x45f0cc SetLastError
0x45f0d0 GetCurrentThreadId
0x45f0d4 GetLastError
0x45f0d8 Sleep
0x45f0dc HeapSize
0x45f0e0 ExitProcess
0x45f0e4 HeapFree
0x45f0e8 SetFilePointer
0x45f0ec GetStdHandle
0x45f0f0 FreeEnvironmentStringsA
0x45f0f4 FreeEnvironmentStringsW
0x45f0f8 WideCharToMultiByte
0x45f0fc SetHandleCount
0x45f100 GetFileType
0x45f104 DeleteCriticalSection
0x45f108 HeapCreate
0x45f10c VirtualFree
0x45f110 QueryPerformanceCounter
0x45f114 GetTickCount
0x45f118 GetSystemTimeAsFileTime
0x45f11c GetConsoleCP
0x45f120 GetConsoleMode
0x45f124 GetCPInfo
0x45f128 GetACP
0x45f12c IsValidCodePage
0x45f130 RaiseException
0x45f134 HeapAlloc
0x45f138 HeapReAlloc
0x45f13c VirtualAlloc
0x45f140 LoadLibraryA
0x45f144 InitializeCriticalSectionAndSpinCount
0x45f148 RtlUnwind
0x45f14c SetStdHandle
0x45f150 FlushFileBuffers
0x45f154 WriteConsoleA
0x45f158 GetConsoleOutputCP
0x45f15c MultiByteToWideChar
0x45f160 LCMapStringA
0x45f164 LCMapStringW
0x45f168 GetStringTypeA
0x45f16c GetStringTypeW
0x45f170 CreateFileA
0x45f174 CloseHandle
EAT(Export Address Table) is none
KERNEL32.dll
0x45f000 SetLocalTime
0x45f004 lstrcpynA
0x45f008 InterlockedIncrement
0x45f00c InterlockedDecrement
0x45f010 GetCurrentProcess
0x45f014 GetSystemWindowsDirectoryW
0x45f018 GetEnvironmentStringsW
0x45f01c GetUserDefaultLCID
0x45f020 AddConsoleAliasW
0x45f024 SetEvent
0x45f028 GetSystemDefaultLCID
0x45f02c GetFileAttributesExA
0x45f030 ReadConsoleW
0x45f034 WriteFile
0x45f038 GetCommandLineA
0x45f03c GetEnvironmentStrings
0x45f040 GlobalAlloc
0x45f044 ReadConsoleInputA
0x45f048 CopyFileW
0x45f04c DeleteVolumeMountPointW
0x45f050 GetLocaleInfoA
0x45f054 GetComputerNameExA
0x45f058 VerifyVersionInfoA
0x45f05c WriteConsoleW
0x45f060 GetAtomNameW
0x45f064 GetCPInfoExW
0x45f068 GetProcAddress
0x45f06c GetLongPathNameA
0x45f070 PeekConsoleInputW
0x45f074 VerLanguageNameA
0x45f078 EnterCriticalSection
0x45f07c CreateTapePartition
0x45f080 SetConsoleOutputCP
0x45f084 GetModuleFileNameA
0x45f088 GetOEMCP
0x45f08c SetConsoleTitleW
0x45f090 GetModuleHandleA
0x45f094 Module32NextW
0x45f098 GetCurrentProcessId
0x45f09c FindNextVolumeA
0x45f0a0 LeaveCriticalSection
0x45f0a4 GetStartupInfoA
0x45f0a8 TerminateProcess
0x45f0ac UnhandledExceptionFilter
0x45f0b0 SetUnhandledExceptionFilter
0x45f0b4 IsDebuggerPresent
0x45f0b8 GetModuleHandleW
0x45f0bc TlsGetValue
0x45f0c0 TlsAlloc
0x45f0c4 TlsSetValue
0x45f0c8 TlsFree
0x45f0cc SetLastError
0x45f0d0 GetCurrentThreadId
0x45f0d4 GetLastError
0x45f0d8 Sleep
0x45f0dc HeapSize
0x45f0e0 ExitProcess
0x45f0e4 HeapFree
0x45f0e8 SetFilePointer
0x45f0ec GetStdHandle
0x45f0f0 FreeEnvironmentStringsA
0x45f0f4 FreeEnvironmentStringsW
0x45f0f8 WideCharToMultiByte
0x45f0fc SetHandleCount
0x45f100 GetFileType
0x45f104 DeleteCriticalSection
0x45f108 HeapCreate
0x45f10c VirtualFree
0x45f110 QueryPerformanceCounter
0x45f114 GetTickCount
0x45f118 GetSystemTimeAsFileTime
0x45f11c GetConsoleCP
0x45f120 GetConsoleMode
0x45f124 GetCPInfo
0x45f128 GetACP
0x45f12c IsValidCodePage
0x45f130 RaiseException
0x45f134 HeapAlloc
0x45f138 HeapReAlloc
0x45f13c VirtualAlloc
0x45f140 LoadLibraryA
0x45f144 InitializeCriticalSectionAndSpinCount
0x45f148 RtlUnwind
0x45f14c SetStdHandle
0x45f150 FlushFileBuffers
0x45f154 WriteConsoleA
0x45f158 GetConsoleOutputCP
0x45f15c MultiByteToWideChar
0x45f160 LCMapStringA
0x45f164 LCMapStringW
0x45f168 GetStringTypeA
0x45f16c GetStringTypeW
0x45f170 CreateFileA
0x45f174 CloseHandle
EAT(Export Address Table) is none