ScreenShot
| Created | 2021.09.10 09:16 | Machine | s1_win7_x6401 |
| Filename | Pluton.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 52 detected (Hacktool, malicious, high confidence, GenericKD, Unsafe, Save, StopCrypt, confidence, 100%, ZexaF, IqW@aWWy9ylG, Kryptik, Eldorado, Attribute, HighConfidence, HMGF, TrojanX, Minerva, kxlup, DownLoader41, RACEALER, SMTH, Krypt, score, SmokeLoader, R439080, Injuke, ai score=87, HPGANDCRAB, SMONT2, Obscure, CLASSIC, Static AI, Malicious PE, susgen, HMGB, GdSda) | ||
| md5 | b147f58ffee25ee8ef9cdae4198fed71 | ||
| sha256 | f38d282d627b764fe174e33d3ee4082797ab39c393e9fc9f2317c8b1e8326a29 | ||
| ssdeep | 12288:AS0ZZbnGSA3DYl2NabxUDzGuD4EpyE1J9A38uuLMvM2y:irnGSuDqUDKuD40JS | ||
| imphash | 60cc0daaa74806110a4d23b786f367f8 | ||
| impfuzzy | 48:BJS4jODt/Zd1g4TqGXGOfaE7ycftq9YSzLX/f:D0p7TqGXGfE7ycftwYSzLX/f | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 52 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x426000 GetThreadContext
0x426004 EnumResourceNamesW
0x426008 CreateMutexW
0x42600c SetPriorityClass
0x426010 GetNativeSystemInfo
0x426014 FindFirstChangeNotificationW
0x426018 lstrlenA
0x42601c SetEndOfFile
0x426020 GetSystemWindowsDirectoryW
0x426024 GetNamedPipeHandleStateA
0x426028 SetEvent
0x42602c FreeEnvironmentStringsA
0x426030 GetModuleHandleW
0x426034 GetTickCount
0x426038 GetConsoleAliasesLengthA
0x42603c GetSystemTimeAsFileTime
0x426040 GetPrivateProfileStringW
0x426044 WriteFile
0x426048 SetCommState
0x42604c GetCommandLineA
0x426050 FindResourceExA
0x426054 GetPrivateProfileIntA
0x426058 LoadLibraryW
0x42605c CopyFileW
0x426060 GetConsoleAliasExesLengthW
0x426064 SetConsoleMode
0x426068 SetConsoleCursorPosition
0x42606c IsDBCSLeadByte
0x426070 GetOverlappedResult
0x426074 GetStartupInfoW
0x426078 GlobalUnlock
0x42607c InterlockedExchange
0x426080 GetFileSizeEx
0x426084 GetLastError
0x426088 ReadConsoleOutputCharacterA
0x42608c GetProcAddress
0x426090 VirtualAlloc
0x426094 WriteProfileSectionA
0x426098 LoadLibraryA
0x42609c OpenMutexA
0x4260a0 CreateSemaphoreW
0x4260a4 LocalAlloc
0x4260a8 IsSystemResumeAutomatic
0x4260ac SetCurrentDirectoryW
0x4260b0 HeapWalk
0x4260b4 Process32NextW
0x4260b8 CreateIoCompletionPort
0x4260bc FreeEnvironmentStringsW
0x4260c0 FatalAppExitA
0x4260c4 GetCurrentThreadId
0x4260c8 GetCPInfoExA
0x4260cc SetThreadAffinityMask
0x4260d0 TlsAlloc
0x4260d4 FindAtomW
0x4260d8 DeleteFileW
0x4260dc GetSystemTime
0x4260e0 LCMapStringW
0x4260e4 CopyFileExA
0x4260e8 MultiByteToWideChar
0x4260ec GetStartupInfoA
0x4260f0 HeapValidate
0x4260f4 IsBadReadPtr
0x4260f8 RaiseException
0x4260fc Sleep
0x426100 InterlockedIncrement
0x426104 InterlockedDecrement
0x426108 ExitProcess
0x42610c TlsGetValue
0x426110 TlsSetValue
0x426114 TlsFree
0x426118 SetLastError
0x42611c EnterCriticalSection
0x426120 LeaveCriticalSection
0x426124 TerminateProcess
0x426128 GetCurrentProcess
0x42612c UnhandledExceptionFilter
0x426130 SetUnhandledExceptionFilter
0x426134 IsDebuggerPresent
0x426138 GetModuleFileNameW
0x42613c SetHandleCount
0x426140 GetStdHandle
0x426144 GetFileType
0x426148 DeleteCriticalSection
0x42614c GetACP
0x426150 GetOEMCP
0x426154 GetCPInfo
0x426158 IsValidCodePage
0x42615c QueryPerformanceCounter
0x426160 GetCurrentProcessId
0x426164 GetModuleFileNameA
0x426168 GetEnvironmentStrings
0x42616c WideCharToMultiByte
0x426170 GetEnvironmentStringsW
0x426174 HeapDestroy
0x426178 HeapCreate
0x42617c HeapFree
0x426180 VirtualFree
0x426184 HeapAlloc
0x426188 HeapSize
0x42618c HeapReAlloc
0x426190 RtlUnwind
0x426194 InitializeCriticalSectionAndSpinCount
0x426198 DebugBreak
0x42619c OutputDebugStringA
0x4261a0 WriteConsoleW
0x4261a4 OutputDebugStringW
0x4261a8 LCMapStringA
0x4261ac GetStringTypeA
0x4261b0 GetStringTypeW
0x4261b4 GetLocaleInfoA
0x4261b8 SetFilePointer
0x4261bc GetConsoleCP
0x4261c0 GetConsoleMode
0x4261c4 FlushFileBuffers
0x4261c8 SetStdHandle
0x4261cc WriteConsoleA
0x4261d0 GetConsoleOutputCP
0x4261d4 CloseHandle
0x4261d8 CreateFileA
0x4261dc GetModuleHandleA
EAT(Export Address Table) is none
KERNEL32.dll
0x426000 GetThreadContext
0x426004 EnumResourceNamesW
0x426008 CreateMutexW
0x42600c SetPriorityClass
0x426010 GetNativeSystemInfo
0x426014 FindFirstChangeNotificationW
0x426018 lstrlenA
0x42601c SetEndOfFile
0x426020 GetSystemWindowsDirectoryW
0x426024 GetNamedPipeHandleStateA
0x426028 SetEvent
0x42602c FreeEnvironmentStringsA
0x426030 GetModuleHandleW
0x426034 GetTickCount
0x426038 GetConsoleAliasesLengthA
0x42603c GetSystemTimeAsFileTime
0x426040 GetPrivateProfileStringW
0x426044 WriteFile
0x426048 SetCommState
0x42604c GetCommandLineA
0x426050 FindResourceExA
0x426054 GetPrivateProfileIntA
0x426058 LoadLibraryW
0x42605c CopyFileW
0x426060 GetConsoleAliasExesLengthW
0x426064 SetConsoleMode
0x426068 SetConsoleCursorPosition
0x42606c IsDBCSLeadByte
0x426070 GetOverlappedResult
0x426074 GetStartupInfoW
0x426078 GlobalUnlock
0x42607c InterlockedExchange
0x426080 GetFileSizeEx
0x426084 GetLastError
0x426088 ReadConsoleOutputCharacterA
0x42608c GetProcAddress
0x426090 VirtualAlloc
0x426094 WriteProfileSectionA
0x426098 LoadLibraryA
0x42609c OpenMutexA
0x4260a0 CreateSemaphoreW
0x4260a4 LocalAlloc
0x4260a8 IsSystemResumeAutomatic
0x4260ac SetCurrentDirectoryW
0x4260b0 HeapWalk
0x4260b4 Process32NextW
0x4260b8 CreateIoCompletionPort
0x4260bc FreeEnvironmentStringsW
0x4260c0 FatalAppExitA
0x4260c4 GetCurrentThreadId
0x4260c8 GetCPInfoExA
0x4260cc SetThreadAffinityMask
0x4260d0 TlsAlloc
0x4260d4 FindAtomW
0x4260d8 DeleteFileW
0x4260dc GetSystemTime
0x4260e0 LCMapStringW
0x4260e4 CopyFileExA
0x4260e8 MultiByteToWideChar
0x4260ec GetStartupInfoA
0x4260f0 HeapValidate
0x4260f4 IsBadReadPtr
0x4260f8 RaiseException
0x4260fc Sleep
0x426100 InterlockedIncrement
0x426104 InterlockedDecrement
0x426108 ExitProcess
0x42610c TlsGetValue
0x426110 TlsSetValue
0x426114 TlsFree
0x426118 SetLastError
0x42611c EnterCriticalSection
0x426120 LeaveCriticalSection
0x426124 TerminateProcess
0x426128 GetCurrentProcess
0x42612c UnhandledExceptionFilter
0x426130 SetUnhandledExceptionFilter
0x426134 IsDebuggerPresent
0x426138 GetModuleFileNameW
0x42613c SetHandleCount
0x426140 GetStdHandle
0x426144 GetFileType
0x426148 DeleteCriticalSection
0x42614c GetACP
0x426150 GetOEMCP
0x426154 GetCPInfo
0x426158 IsValidCodePage
0x42615c QueryPerformanceCounter
0x426160 GetCurrentProcessId
0x426164 GetModuleFileNameA
0x426168 GetEnvironmentStrings
0x42616c WideCharToMultiByte
0x426170 GetEnvironmentStringsW
0x426174 HeapDestroy
0x426178 HeapCreate
0x42617c HeapFree
0x426180 VirtualFree
0x426184 HeapAlloc
0x426188 HeapSize
0x42618c HeapReAlloc
0x426190 RtlUnwind
0x426194 InitializeCriticalSectionAndSpinCount
0x426198 DebugBreak
0x42619c OutputDebugStringA
0x4261a0 WriteConsoleW
0x4261a4 OutputDebugStringW
0x4261a8 LCMapStringA
0x4261ac GetStringTypeA
0x4261b0 GetStringTypeW
0x4261b4 GetLocaleInfoA
0x4261b8 SetFilePointer
0x4261bc GetConsoleCP
0x4261c0 GetConsoleMode
0x4261c4 FlushFileBuffers
0x4261c8 SetStdHandle
0x4261cc WriteConsoleA
0x4261d0 GetConsoleOutputCP
0x4261d4 CloseHandle
0x4261d8 CreateFileA
0x4261dc GetModuleHandleA
EAT(Export Address Table) is none