ScreenShot
| Created | 2021.09.10 09:21 | Machine | s1_win7_x6401 |
| Filename | Saturn.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 57 detected (AIDetect, malware2, Brook, malicious, high confidence, DownLoader41, GenericKD, Stop, Unsafe, Save, confidence, 100%, ZexaF, GqW@aaJuPgaG, Kryptik, Eldorado, HMFQ, izhyjy, DropperX, Obscure, CLASSIC, Malware@#4jam18kgiplp, RACEALER, SMTH, Lockbit, Tepfer, Score, StellarStealer, luses, ai score=87, ASMalwS, GenericMC, StopCrypt, SmokeLoader, R438882, R06CH0CHP21, 3laO6ho, Static AI, Malicious PE, HMGB, GdSda) | ||
| md5 | 87eea516f33319ad808777e8906fc41e | ||
| sha256 | 222278faa2847a1f9e3b9c4ad5a04731a57a4c29e194124f92d828db76579076 | ||
| ssdeep | 12288:w7g2gzjzIgOaxBRGnlOsMM3Vq/zIFyNmlGm7y+0:KgzjBOllM6POBm7y | ||
| imphash | 535d66f0a9f5169be6dcc4e55997b651 | ||
| impfuzzy | 48:Cknz/OOLcjArLvmdGpxxX4O9tSaEHyfcYSzbsXfOJ:RbhZDmmxxX4Ot/EHyfcYSnsXWJ | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 57 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x425000 GetCommandLineW
0x425004 GetThreadContext
0x425008 FileTimeToDosDateTime
0x42500c EnumResourceNamesW
0x425010 GetNativeSystemInfo
0x425014 lstrlenA
0x425018 GetConsoleAliasesLengthW
0x42501c CopyFileExW
0x425020 TlsGetValue
0x425024 GetDriveTypeW
0x425028 SetEndOfFile
0x42502c InterlockedIncrement
0x425030 GetCommState
0x425034 InterlockedDecrement
0x425038 GetSystemWindowsDirectoryW
0x42503c GetNamedPipeHandleStateA
0x425040 WaitForSingleObject
0x425044 SetEvent
0x425048 FreeEnvironmentStringsA
0x42504c GetModuleHandleW
0x425050 GetTickCount
0x425054 GetSystemTimeAsFileTime
0x425058 GetPrivateProfileStringW
0x42505c WriteFile
0x425060 GetPriorityClass
0x425064 GetPrivateProfileIntA
0x425068 LoadLibraryW
0x42506c GetConsoleMode
0x425070 CopyFileW
0x425074 GetVersionExW
0x425078 SetConsoleMode
0x42507c SetConsoleCursorPosition
0x425080 IsDBCSLeadByte
0x425084 GetOverlappedResult
0x425088 GetStartupInfoW
0x42508c GlobalUnlock
0x425090 LCMapStringA
0x425094 GetFileSizeEx
0x425098 GetCPInfoExW
0x42509c GetLastError
0x4250a0 SetLastError
0x4250a4 GetProcAddress
0x4250a8 VirtualAlloc
0x4250ac OpenMutexA
0x4250b0 LocalAlloc
0x4250b4 IsSystemResumeAutomatic
0x4250b8 SetCurrentDirectoryW
0x4250bc WriteProfileSectionW
0x4250c0 HeapWalk
0x4250c4 FindAtomA
0x4250c8 Process32NextW
0x4250cc CreateIoCompletionPort
0x4250d0 FindFirstChangeNotificationA
0x4250d4 FreeEnvironmentStringsW
0x4250d8 CompareStringA
0x4250dc FatalAppExitA
0x4250e0 GetCurrentThreadId
0x4250e4 SetThreadAffinityMask
0x4250e8 OpenSemaphoreW
0x4250ec DeleteFileW
0x4250f0 ReadConsoleOutputCharacterW
0x4250f4 GetSystemTime
0x4250f8 FlushFileBuffers
0x4250fc UnhandledExceptionFilter
0x425100 SetUnhandledExceptionFilter
0x425104 MultiByteToWideChar
0x425108 HeapValidate
0x42510c IsBadReadPtr
0x425110 RaiseException
0x425114 Sleep
0x425118 ExitProcess
0x42511c GetModuleFileNameA
0x425120 GetStdHandle
0x425124 TlsAlloc
0x425128 TlsSetValue
0x42512c TlsFree
0x425130 TerminateProcess
0x425134 GetCurrentProcess
0x425138 IsDebuggerPresent
0x42513c GetModuleFileNameW
0x425140 DeleteCriticalSection
0x425144 EnterCriticalSection
0x425148 LeaveCriticalSection
0x42514c GetACP
0x425150 GetOEMCP
0x425154 GetCPInfo
0x425158 IsValidCodePage
0x42515c QueryPerformanceCounter
0x425160 GetCurrentProcessId
0x425164 GetEnvironmentStringsW
0x425168 SetHandleCount
0x42516c GetFileType
0x425170 GetStartupInfoA
0x425174 HeapDestroy
0x425178 HeapCreate
0x42517c HeapFree
0x425180 VirtualFree
0x425184 HeapAlloc
0x425188 HeapSize
0x42518c HeapReAlloc
0x425190 LoadLibraryA
0x425194 InitializeCriticalSectionAndSpinCount
0x425198 RtlUnwind
0x42519c SetFilePointer
0x4251a0 WideCharToMultiByte
0x4251a4 GetConsoleCP
0x4251a8 DebugBreak
0x4251ac OutputDebugStringA
0x4251b0 WriteConsoleW
0x4251b4 OutputDebugStringW
0x4251b8 LCMapStringW
0x4251bc GetStringTypeA
0x4251c0 GetStringTypeW
0x4251c4 GetLocaleInfoA
0x4251c8 SetStdHandle
0x4251cc WriteConsoleA
0x4251d0 GetConsoleOutputCP
0x4251d4 CreateFileA
0x4251d8 CloseHandle
0x4251dc GetModuleHandleA
USER32.dll
0x4251e4 GetTitleBarInfo
WINHTTP.dll
0x4251ec WinHttpReadData
EAT(Export Address Table) is none
KERNEL32.dll
0x425000 GetCommandLineW
0x425004 GetThreadContext
0x425008 FileTimeToDosDateTime
0x42500c EnumResourceNamesW
0x425010 GetNativeSystemInfo
0x425014 lstrlenA
0x425018 GetConsoleAliasesLengthW
0x42501c CopyFileExW
0x425020 TlsGetValue
0x425024 GetDriveTypeW
0x425028 SetEndOfFile
0x42502c InterlockedIncrement
0x425030 GetCommState
0x425034 InterlockedDecrement
0x425038 GetSystemWindowsDirectoryW
0x42503c GetNamedPipeHandleStateA
0x425040 WaitForSingleObject
0x425044 SetEvent
0x425048 FreeEnvironmentStringsA
0x42504c GetModuleHandleW
0x425050 GetTickCount
0x425054 GetSystemTimeAsFileTime
0x425058 GetPrivateProfileStringW
0x42505c WriteFile
0x425060 GetPriorityClass
0x425064 GetPrivateProfileIntA
0x425068 LoadLibraryW
0x42506c GetConsoleMode
0x425070 CopyFileW
0x425074 GetVersionExW
0x425078 SetConsoleMode
0x42507c SetConsoleCursorPosition
0x425080 IsDBCSLeadByte
0x425084 GetOverlappedResult
0x425088 GetStartupInfoW
0x42508c GlobalUnlock
0x425090 LCMapStringA
0x425094 GetFileSizeEx
0x425098 GetCPInfoExW
0x42509c GetLastError
0x4250a0 SetLastError
0x4250a4 GetProcAddress
0x4250a8 VirtualAlloc
0x4250ac OpenMutexA
0x4250b0 LocalAlloc
0x4250b4 IsSystemResumeAutomatic
0x4250b8 SetCurrentDirectoryW
0x4250bc WriteProfileSectionW
0x4250c0 HeapWalk
0x4250c4 FindAtomA
0x4250c8 Process32NextW
0x4250cc CreateIoCompletionPort
0x4250d0 FindFirstChangeNotificationA
0x4250d4 FreeEnvironmentStringsW
0x4250d8 CompareStringA
0x4250dc FatalAppExitA
0x4250e0 GetCurrentThreadId
0x4250e4 SetThreadAffinityMask
0x4250e8 OpenSemaphoreW
0x4250ec DeleteFileW
0x4250f0 ReadConsoleOutputCharacterW
0x4250f4 GetSystemTime
0x4250f8 FlushFileBuffers
0x4250fc UnhandledExceptionFilter
0x425100 SetUnhandledExceptionFilter
0x425104 MultiByteToWideChar
0x425108 HeapValidate
0x42510c IsBadReadPtr
0x425110 RaiseException
0x425114 Sleep
0x425118 ExitProcess
0x42511c GetModuleFileNameA
0x425120 GetStdHandle
0x425124 TlsAlloc
0x425128 TlsSetValue
0x42512c TlsFree
0x425130 TerminateProcess
0x425134 GetCurrentProcess
0x425138 IsDebuggerPresent
0x42513c GetModuleFileNameW
0x425140 DeleteCriticalSection
0x425144 EnterCriticalSection
0x425148 LeaveCriticalSection
0x42514c GetACP
0x425150 GetOEMCP
0x425154 GetCPInfo
0x425158 IsValidCodePage
0x42515c QueryPerformanceCounter
0x425160 GetCurrentProcessId
0x425164 GetEnvironmentStringsW
0x425168 SetHandleCount
0x42516c GetFileType
0x425170 GetStartupInfoA
0x425174 HeapDestroy
0x425178 HeapCreate
0x42517c HeapFree
0x425180 VirtualFree
0x425184 HeapAlloc
0x425188 HeapSize
0x42518c HeapReAlloc
0x425190 LoadLibraryA
0x425194 InitializeCriticalSectionAndSpinCount
0x425198 RtlUnwind
0x42519c SetFilePointer
0x4251a0 WideCharToMultiByte
0x4251a4 GetConsoleCP
0x4251a8 DebugBreak
0x4251ac OutputDebugStringA
0x4251b0 WriteConsoleW
0x4251b4 OutputDebugStringW
0x4251b8 LCMapStringW
0x4251bc GetStringTypeA
0x4251c0 GetStringTypeW
0x4251c4 GetLocaleInfoA
0x4251c8 SetStdHandle
0x4251cc WriteConsoleA
0x4251d0 GetConsoleOutputCP
0x4251d4 CreateFileA
0x4251d8 CloseHandle
0x4251dc GetModuleHandleA
USER32.dll
0x4251e4 GetTitleBarInfo
WINHTTP.dll
0x4251ec WinHttpReadData
EAT(Export Address Table) is none