ScreenShot
| Created | 2021.09.09 09:50 | Machine | s1_win7_x6401 |
| Filename | sefile2.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 23 detected (malicious, high confidence, Unsafe, Save, confidence, 100%, Kryptik, Eldorado, Attribute, HighConfidence, Reline, DropperX, Sabsik, score, Generic@ML, RDML, O3Tw55TUGfwxY+s6NKGLPA, Static AI, Malicious PE, ZexaF, pq0@aCuNMBG, susgen) | ||
| md5 | 3c933afc5af70a1c6330452b6f3f1f46 | ||
| sha256 | 3e671134f9d2765d96900933bb851853250e1c26b75ee92a18200690a5c7bb3e | ||
| ssdeep | 6144:tZ/9fZu/NjhvpWesfX1dONngUvUIWoJYQ:3FQ/xhYtInWA | ||
| imphash | a64eb66b7a412a3ebf76d0c2b5dc309f | ||
| impfuzzy | 24:JAec0ZZOovimJW1uDSIpUZ9Mt/J3J8X5vQyv9kRTAjM0ipluL9N:JTZcESIWZGthK/9gQWsxN | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x432000 SetLocalTime
0x432004 DebugActiveProcessStop
0x432008 lstrcpynA
0x43200c InterlockedIncrement
0x432010 ReadConsoleA
0x432014 InterlockedDecrement
0x432018 GetCurrentProcess
0x43201c GetEnvironmentStringsW
0x432020 GetUserDefaultLCID
0x432024 SetEvent
0x432028 GetCommandLineA
0x43202c GetEnvironmentStrings
0x432030 GetSystemWindowsDirectoryA
0x432034 LeaveCriticalSection
0x432038 GetLocaleInfoA
0x43203c SetConsoleTitleA
0x432040 GetProcAddress
0x432044 PeekConsoleInputW
0x432048 EnterCriticalSection
0x43204c GetAtomNameA
0x432050 WriteConsoleA
0x432054 LocalAlloc
0x432058 SetConsoleOutputCP
0x43205c GetModuleFileNameA
0x432060 GetOEMCP
0x432064 GetModuleHandleA
0x432068 GetFileAttributesExW
0x43206c GetCPInfoExA
0x432070 Module32Next
0x432074 GetCurrentProcessId
0x432078 AddConsoleAliasA
0x43207c VerifyVersionInfoA
0x432080 GetStartupInfoA
0x432084 TerminateProcess
0x432088 UnhandledExceptionFilter
0x43208c SetUnhandledExceptionFilter
0x432090 IsDebuggerPresent
0x432094 GetModuleHandleW
0x432098 TlsGetValue
0x43209c TlsAlloc
0x4320a0 TlsSetValue
0x4320a4 TlsFree
0x4320a8 SetLastError
0x4320ac GetCurrentThreadId
0x4320b0 GetLastError
0x4320b4 Sleep
0x4320b8 HeapSize
0x4320bc ExitProcess
0x4320c0 HeapFree
0x4320c4 SetFilePointer
0x4320c8 WriteFile
0x4320cc GetStdHandle
0x4320d0 FreeEnvironmentStringsA
0x4320d4 FreeEnvironmentStringsW
0x4320d8 WideCharToMultiByte
0x4320dc SetHandleCount
0x4320e0 GetFileType
0x4320e4 DeleteCriticalSection
0x4320e8 HeapCreate
0x4320ec VirtualFree
0x4320f0 QueryPerformanceCounter
0x4320f4 GetTickCount
0x4320f8 GetSystemTimeAsFileTime
0x4320fc GetConsoleCP
0x432100 GetConsoleMode
0x432104 GetCPInfo
0x432108 GetACP
0x43210c IsValidCodePage
0x432110 RaiseException
0x432114 HeapAlloc
0x432118 HeapReAlloc
0x43211c VirtualAlloc
0x432120 LoadLibraryA
0x432124 InitializeCriticalSectionAndSpinCount
0x432128 RtlUnwind
0x43212c SetStdHandle
0x432130 FlushFileBuffers
0x432134 GetConsoleOutputCP
0x432138 WriteConsoleW
0x43213c MultiByteToWideChar
0x432140 LCMapStringA
0x432144 LCMapStringW
0x432148 GetStringTypeA
0x43214c GetStringTypeW
0x432150 CreateFileA
0x432154 CloseHandle
EAT(Export Address Table) is none
KERNEL32.dll
0x432000 SetLocalTime
0x432004 DebugActiveProcessStop
0x432008 lstrcpynA
0x43200c InterlockedIncrement
0x432010 ReadConsoleA
0x432014 InterlockedDecrement
0x432018 GetCurrentProcess
0x43201c GetEnvironmentStringsW
0x432020 GetUserDefaultLCID
0x432024 SetEvent
0x432028 GetCommandLineA
0x43202c GetEnvironmentStrings
0x432030 GetSystemWindowsDirectoryA
0x432034 LeaveCriticalSection
0x432038 GetLocaleInfoA
0x43203c SetConsoleTitleA
0x432040 GetProcAddress
0x432044 PeekConsoleInputW
0x432048 EnterCriticalSection
0x43204c GetAtomNameA
0x432050 WriteConsoleA
0x432054 LocalAlloc
0x432058 SetConsoleOutputCP
0x43205c GetModuleFileNameA
0x432060 GetOEMCP
0x432064 GetModuleHandleA
0x432068 GetFileAttributesExW
0x43206c GetCPInfoExA
0x432070 Module32Next
0x432074 GetCurrentProcessId
0x432078 AddConsoleAliasA
0x43207c VerifyVersionInfoA
0x432080 GetStartupInfoA
0x432084 TerminateProcess
0x432088 UnhandledExceptionFilter
0x43208c SetUnhandledExceptionFilter
0x432090 IsDebuggerPresent
0x432094 GetModuleHandleW
0x432098 TlsGetValue
0x43209c TlsAlloc
0x4320a0 TlsSetValue
0x4320a4 TlsFree
0x4320a8 SetLastError
0x4320ac GetCurrentThreadId
0x4320b0 GetLastError
0x4320b4 Sleep
0x4320b8 HeapSize
0x4320bc ExitProcess
0x4320c0 HeapFree
0x4320c4 SetFilePointer
0x4320c8 WriteFile
0x4320cc GetStdHandle
0x4320d0 FreeEnvironmentStringsA
0x4320d4 FreeEnvironmentStringsW
0x4320d8 WideCharToMultiByte
0x4320dc SetHandleCount
0x4320e0 GetFileType
0x4320e4 DeleteCriticalSection
0x4320e8 HeapCreate
0x4320ec VirtualFree
0x4320f0 QueryPerformanceCounter
0x4320f4 GetTickCount
0x4320f8 GetSystemTimeAsFileTime
0x4320fc GetConsoleCP
0x432100 GetConsoleMode
0x432104 GetCPInfo
0x432108 GetACP
0x43210c IsValidCodePage
0x432110 RaiseException
0x432114 HeapAlloc
0x432118 HeapReAlloc
0x43211c VirtualAlloc
0x432120 LoadLibraryA
0x432124 InitializeCriticalSectionAndSpinCount
0x432128 RtlUnwind
0x43212c SetStdHandle
0x432130 FlushFileBuffers
0x432134 GetConsoleOutputCP
0x432138 WriteConsoleW
0x43213c MultiByteToWideChar
0x432140 LCMapStringA
0x432144 LCMapStringW
0x432148 GetStringTypeA
0x43214c GetStringTypeW
0x432150 CreateFileA
0x432154 CloseHandle
EAT(Export Address Table) is none