ScreenShot
| Created | 2021.09.09 16:33 | Machine | s1_win7_x6402 |
| Filename | ChairSyllabuses_2021-09-04_05-53.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 42 detected (AIDetect, malware2, malicious, high confidence, Fragtor, Unsafe, Save, Kryptik, Eldorado, Attribute, HighConfidence, HMIT, Raccoon, Stop, CrypterX, DownLoader42, Azorult, dnao, ai score=84, ASMalwS, Sabsik, 1W914KA, score, CoinMiner, Glupteba, R440163, BScope, Chapak, Static AI, Malicious PE, GenKryptik, FKAM, ZexaF, vqW@aqA3EfmO, Genetic, confidence, 100%) | ||
| md5 | 56bf0659c6d08974d34baa2a8206524e | ||
| sha256 | 7bcac3d96ae069bc795f7173619fa1bcaccb59ebcc2c3bc3622657ffc93ff4dd | ||
| ssdeep | 6144:aE17Fdr0XLPRLrgR87AIEV2hhtMuz2GcGsEN5+Gzu:nzr0XLPpgRWAIWI2/GsENlzu | ||
| imphash | 193b8a18b82d2d8f5b36c7239901d2c7 | ||
| impfuzzy | 48:7oODvX13BrX581YK8XIbO5+fcYtHaEGKUcvGp4LM:7TDX1RrX5898XIb0+fcYt6EGKUcvO4w | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 42 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x425000 EnumResourceNamesW
0x425004 GetNativeSystemInfo
0x425008 lstrlenA
0x42500c CopyFileExW
0x425010 GetStringTypeA
0x425014 InterlockedIncrement
0x425018 ReadConsoleA
0x42501c InterlockedDecrement
0x425020 GlobalLock
0x425024 FreeEnvironmentStringsA
0x425028 GetModuleHandleW
0x42502c GetPrivateProfileStringW
0x425030 WriteFile
0x425034 SetCommState
0x425038 GetCommandLineA
0x42503c GlobalAlloc
0x425040 GetPrivateProfileIntA
0x425044 LoadLibraryW
0x425048 GetSystemWindowsDirectoryA
0x42504c GetConsoleAliasExesLengthW
0x425050 GlobalFlags
0x425054 GetExitCodeProcess
0x425058 IsDBCSLeadByte
0x42505c ReadFile
0x425060 SetThreadPriority
0x425064 GetNamedPipeHandleStateW
0x425068 LCMapStringA
0x42506c GetPrivateProfileIntW
0x425070 GetStartupInfoA
0x425074 SetThreadLocale
0x425078 GetLastError
0x42507c GetProcAddress
0x425080 CopyFileA
0x425084 GetPrivateProfileStringA
0x425088 OpenWaitableTimerA
0x42508c LoadLibraryA
0x425090 GetFileType
0x425094 SetCurrentDirectoryW
0x425098 SetThreadIdealProcessor
0x42509c HeapWalk
0x4250a0 FindAtomA
0x4250a4 Process32NextW
0x4250a8 CreateIoCompletionPort
0x4250ac QueryMemoryResourceNotification
0x4250b0 EnumResourceNamesA
0x4250b4 GetCPInfoExA
0x4250b8 TlsAlloc
0x4250bc ReadConsoleOutputCharacterW
0x4250c0 GetSystemTime
0x4250c4 DeleteFileA
0x4250c8 Sleep
0x4250cc InitializeCriticalSection
0x4250d0 DeleteCriticalSection
0x4250d4 EnterCriticalSection
0x4250d8 LeaveCriticalSection
0x4250dc MultiByteToWideChar
0x4250e0 GetStartupInfoW
0x4250e4 UnhandledExceptionFilter
0x4250e8 SetUnhandledExceptionFilter
0x4250ec GetModuleFileNameW
0x4250f0 HeapValidate
0x4250f4 IsBadReadPtr
0x4250f8 RaiseException
0x4250fc RtlUnwind
0x425100 TerminateProcess
0x425104 GetCurrentProcess
0x425108 IsDebuggerPresent
0x42510c GetACP
0x425110 GetOEMCP
0x425114 GetCPInfo
0x425118 IsValidCodePage
0x42511c TlsGetValue
0x425120 TlsSetValue
0x425124 GetCurrentThreadId
0x425128 TlsFree
0x42512c SetLastError
0x425130 QueryPerformanceCounter
0x425134 GetTickCount
0x425138 GetCurrentProcessId
0x42513c GetSystemTimeAsFileTime
0x425140 ExitProcess
0x425144 FreeEnvironmentStringsW
0x425148 GetEnvironmentStringsW
0x42514c GetCommandLineW
0x425150 SetHandleCount
0x425154 GetStdHandle
0x425158 HeapDestroy
0x42515c HeapCreate
0x425160 HeapFree
0x425164 VirtualFree
0x425168 GetModuleFileNameA
0x42516c FlushFileBuffers
0x425170 WideCharToMultiByte
0x425174 GetConsoleCP
0x425178 GetConsoleMode
0x42517c DebugBreak
0x425180 OutputDebugStringA
0x425184 WriteConsoleW
0x425188 OutputDebugStringW
0x42518c HeapAlloc
0x425190 HeapSize
0x425194 HeapReAlloc
0x425198 VirtualAlloc
0x42519c InitializeCriticalSectionAndSpinCount
0x4251a0 LCMapStringW
0x4251a4 GetStringTypeW
0x4251a8 GetLocaleInfoA
0x4251ac SetStdHandle
0x4251b0 WriteConsoleA
0x4251b4 GetConsoleOutputCP
0x4251b8 SetFilePointer
0x4251bc CloseHandle
0x4251c0 CreateFileA
0x4251c4 GetModuleHandleA
USER32.dll
0x4251d4 GetComboBoxInfo
MSIMG32.dll
0x4251cc TransparentBlt
EAT(Export Address Table) is none
KERNEL32.dll
0x425000 EnumResourceNamesW
0x425004 GetNativeSystemInfo
0x425008 lstrlenA
0x42500c CopyFileExW
0x425010 GetStringTypeA
0x425014 InterlockedIncrement
0x425018 ReadConsoleA
0x42501c InterlockedDecrement
0x425020 GlobalLock
0x425024 FreeEnvironmentStringsA
0x425028 GetModuleHandleW
0x42502c GetPrivateProfileStringW
0x425030 WriteFile
0x425034 SetCommState
0x425038 GetCommandLineA
0x42503c GlobalAlloc
0x425040 GetPrivateProfileIntA
0x425044 LoadLibraryW
0x425048 GetSystemWindowsDirectoryA
0x42504c GetConsoleAliasExesLengthW
0x425050 GlobalFlags
0x425054 GetExitCodeProcess
0x425058 IsDBCSLeadByte
0x42505c ReadFile
0x425060 SetThreadPriority
0x425064 GetNamedPipeHandleStateW
0x425068 LCMapStringA
0x42506c GetPrivateProfileIntW
0x425070 GetStartupInfoA
0x425074 SetThreadLocale
0x425078 GetLastError
0x42507c GetProcAddress
0x425080 CopyFileA
0x425084 GetPrivateProfileStringA
0x425088 OpenWaitableTimerA
0x42508c LoadLibraryA
0x425090 GetFileType
0x425094 SetCurrentDirectoryW
0x425098 SetThreadIdealProcessor
0x42509c HeapWalk
0x4250a0 FindAtomA
0x4250a4 Process32NextW
0x4250a8 CreateIoCompletionPort
0x4250ac QueryMemoryResourceNotification
0x4250b0 EnumResourceNamesA
0x4250b4 GetCPInfoExA
0x4250b8 TlsAlloc
0x4250bc ReadConsoleOutputCharacterW
0x4250c0 GetSystemTime
0x4250c4 DeleteFileA
0x4250c8 Sleep
0x4250cc InitializeCriticalSection
0x4250d0 DeleteCriticalSection
0x4250d4 EnterCriticalSection
0x4250d8 LeaveCriticalSection
0x4250dc MultiByteToWideChar
0x4250e0 GetStartupInfoW
0x4250e4 UnhandledExceptionFilter
0x4250e8 SetUnhandledExceptionFilter
0x4250ec GetModuleFileNameW
0x4250f0 HeapValidate
0x4250f4 IsBadReadPtr
0x4250f8 RaiseException
0x4250fc RtlUnwind
0x425100 TerminateProcess
0x425104 GetCurrentProcess
0x425108 IsDebuggerPresent
0x42510c GetACP
0x425110 GetOEMCP
0x425114 GetCPInfo
0x425118 IsValidCodePage
0x42511c TlsGetValue
0x425120 TlsSetValue
0x425124 GetCurrentThreadId
0x425128 TlsFree
0x42512c SetLastError
0x425130 QueryPerformanceCounter
0x425134 GetTickCount
0x425138 GetCurrentProcessId
0x42513c GetSystemTimeAsFileTime
0x425140 ExitProcess
0x425144 FreeEnvironmentStringsW
0x425148 GetEnvironmentStringsW
0x42514c GetCommandLineW
0x425150 SetHandleCount
0x425154 GetStdHandle
0x425158 HeapDestroy
0x42515c HeapCreate
0x425160 HeapFree
0x425164 VirtualFree
0x425168 GetModuleFileNameA
0x42516c FlushFileBuffers
0x425170 WideCharToMultiByte
0x425174 GetConsoleCP
0x425178 GetConsoleMode
0x42517c DebugBreak
0x425180 OutputDebugStringA
0x425184 WriteConsoleW
0x425188 OutputDebugStringW
0x42518c HeapAlloc
0x425190 HeapSize
0x425194 HeapReAlloc
0x425198 VirtualAlloc
0x42519c InitializeCriticalSectionAndSpinCount
0x4251a0 LCMapStringW
0x4251a4 GetStringTypeW
0x4251a8 GetLocaleInfoA
0x4251ac SetStdHandle
0x4251b0 WriteConsoleA
0x4251b4 GetConsoleOutputCP
0x4251b8 SetFilePointer
0x4251bc CloseHandle
0x4251c0 CreateFileA
0x4251c4 GetModuleHandleA
USER32.dll
0x4251d4 GetComboBoxInfo
MSIMG32.dll
0x4251cc TransparentBlt
EAT(Export Address Table) is none