ScreenShot
| Created | 2021.09.10 09:28 | Machine | s1_win7_x6401 |
| Filename | file.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 28 detected (AIDetect, malware1, malicious, high confidence, Stop, Unsafe, Save, ZexaF, yuW@a4xwVtfO, FileRepMalware, Kryptik, CLASSIC, Azorult, Score, PSWTroj, kcloud, Sabsik, BScope, Static AI, Malicious PE, susgen, confidence, 100%) | ||
| md5 | e74e8f9adb0df482c191aa372d520587 | ||
| sha256 | 9e1d4eeff067d03371c7464e2fe9879deed0633968fc745ec88458ebb198f3f0 | ||
| ssdeep | 6144:iV+ikfIr0kBURxKr4I9CPM2RhgNhuBLGey40LzABHvsA1:dnfIr0kQx6TglquBCey40/ARvs | ||
| imphash | a07e2478ced6ea4bff168cbb215d0722 | ||
| impfuzzy | 48:0OD0weX13BUdPwYgtZFzxp0aE8fcTYhS+tSbLXtX:3MX1REP/gtjzL9E8fcTYhS+kbLXp | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Trojan_DarkSide_Ransomware_1_Zero | Darkside Ransomware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41d000 DosDateTimeToFileTime
0x41d004 FindFirstChangeNotificationW
0x41d008 CopyFileExW
0x41d00c SetLocalTime
0x41d010 GetCPInfo
0x41d014 GetConsoleAliasExesLengthA
0x41d018 HeapAlloc
0x41d01c InterlockedIncrement
0x41d020 ReadConsoleA
0x41d024 InterlockedDecrement
0x41d028 GetSystemWindowsDirectoryW
0x41d02c CreateDirectoryW
0x41d030 FreeEnvironmentStringsA
0x41d034 GetModuleHandleW
0x41d038 GetTickCount
0x41d03c GetCurrentThread
0x41d040 GetPrivateProfileStringW
0x41d044 SetCommState
0x41d048 GetCommandLineA
0x41d04c SetProcessPriorityBoost
0x41d050 TlsSetValue
0x41d054 ActivateActCtx
0x41d058 GlobalAlloc
0x41d05c GetVolumeInformationA
0x41d060 LoadLibraryW
0x41d064 IsProcessorFeaturePresent
0x41d068 TerminateProcess
0x41d06c GetCompressedFileSizeA
0x41d070 lstrlenW
0x41d074 SetThreadPriority
0x41d078 GetNamedPipeHandleStateW
0x41d07c LCMapStringA
0x41d080 GetPrivateProfileIntW
0x41d084 InterlockedExchange
0x41d088 SetCurrentDirectoryA
0x41d08c GetStartupInfoA
0x41d090 GetStdHandle
0x41d094 GetCPInfoExW
0x41d098 GetLastError
0x41d09c GetThreadLocale
0x41d0a0 ReadConsoleOutputCharacterA
0x41d0a4 GetProcAddress
0x41d0a8 DisableThreadLibraryCalls
0x41d0ac Process32FirstW
0x41d0b0 WritePrivateProfileStringA
0x41d0b4 FindAtomA
0x41d0b8 SetEnvironmentVariableA
0x41d0bc FindNextFileA
0x41d0c0 WriteProfileStringA
0x41d0c4 GetThreadPriority
0x41d0c8 CreateIoCompletionPort
0x41d0cc QueryMemoryResourceNotification
0x41d0d0 HeapSetInformation
0x41d0d4 EnumResourceNamesA
0x41d0d8 GetStringTypeW
0x41d0dc WriteProfileStringW
0x41d0e0 CompareStringA
0x41d0e4 GetCPInfoExA
0x41d0e8 GetVersionExA
0x41d0ec GetProfileSectionW
0x41d0f0 CopyFileExA
0x41d0f4 FlushFileBuffers
0x41d0f8 CloseHandle
0x41d0fc MultiByteToWideChar
0x41d100 HeapValidate
0x41d104 IsBadReadPtr
0x41d108 RaiseException
0x41d10c DeleteCriticalSection
0x41d110 EnterCriticalSection
0x41d114 LeaveCriticalSection
0x41d118 GetModuleFileNameW
0x41d11c GetACP
0x41d120 GetOEMCP
0x41d124 IsValidCodePage
0x41d128 TlsGetValue
0x41d12c TlsAlloc
0x41d130 GetCurrentThreadId
0x41d134 TlsFree
0x41d138 SetLastError
0x41d13c SetUnhandledExceptionFilter
0x41d140 QueryPerformanceCounter
0x41d144 GetCurrentProcessId
0x41d148 GetSystemTimeAsFileTime
0x41d14c Sleep
0x41d150 ExitProcess
0x41d154 GetModuleFileNameA
0x41d158 GetEnvironmentStrings
0x41d15c FreeEnvironmentStringsW
0x41d160 WideCharToMultiByte
0x41d164 GetEnvironmentStringsW
0x41d168 SetHandleCount
0x41d16c GetFileType
0x41d170 HeapDestroy
0x41d174 HeapCreate
0x41d178 HeapFree
0x41d17c VirtualFree
0x41d180 WriteFile
0x41d184 GetCurrentProcess
0x41d188 UnhandledExceptionFilter
0x41d18c IsDebuggerPresent
0x41d190 HeapSize
0x41d194 HeapReAlloc
0x41d198 VirtualAlloc
0x41d19c RtlUnwind
0x41d1a0 InitializeCriticalSectionAndSpinCount
0x41d1a4 DebugBreak
0x41d1a8 OutputDebugStringA
0x41d1ac WriteConsoleW
0x41d1b0 OutputDebugStringW
0x41d1b4 LCMapStringW
0x41d1b8 GetStringTypeA
0x41d1bc GetLocaleInfoA
0x41d1c0 LoadLibraryA
0x41d1c4 SetFilePointer
0x41d1c8 GetConsoleCP
0x41d1cc GetConsoleMode
0x41d1d0 SetStdHandle
0x41d1d4 WriteConsoleA
0x41d1d8 GetConsoleOutputCP
0x41d1dc CreateFileA
USER32.dll
0x41d1e4 GetMessageTime
WINHTTP.dll
0x41d1ec WinHttpOpen
EAT(Export Address Table) is none
KERNEL32.dll
0x41d000 DosDateTimeToFileTime
0x41d004 FindFirstChangeNotificationW
0x41d008 CopyFileExW
0x41d00c SetLocalTime
0x41d010 GetCPInfo
0x41d014 GetConsoleAliasExesLengthA
0x41d018 HeapAlloc
0x41d01c InterlockedIncrement
0x41d020 ReadConsoleA
0x41d024 InterlockedDecrement
0x41d028 GetSystemWindowsDirectoryW
0x41d02c CreateDirectoryW
0x41d030 FreeEnvironmentStringsA
0x41d034 GetModuleHandleW
0x41d038 GetTickCount
0x41d03c GetCurrentThread
0x41d040 GetPrivateProfileStringW
0x41d044 SetCommState
0x41d048 GetCommandLineA
0x41d04c SetProcessPriorityBoost
0x41d050 TlsSetValue
0x41d054 ActivateActCtx
0x41d058 GlobalAlloc
0x41d05c GetVolumeInformationA
0x41d060 LoadLibraryW
0x41d064 IsProcessorFeaturePresent
0x41d068 TerminateProcess
0x41d06c GetCompressedFileSizeA
0x41d070 lstrlenW
0x41d074 SetThreadPriority
0x41d078 GetNamedPipeHandleStateW
0x41d07c LCMapStringA
0x41d080 GetPrivateProfileIntW
0x41d084 InterlockedExchange
0x41d088 SetCurrentDirectoryA
0x41d08c GetStartupInfoA
0x41d090 GetStdHandle
0x41d094 GetCPInfoExW
0x41d098 GetLastError
0x41d09c GetThreadLocale
0x41d0a0 ReadConsoleOutputCharacterA
0x41d0a4 GetProcAddress
0x41d0a8 DisableThreadLibraryCalls
0x41d0ac Process32FirstW
0x41d0b0 WritePrivateProfileStringA
0x41d0b4 FindAtomA
0x41d0b8 SetEnvironmentVariableA
0x41d0bc FindNextFileA
0x41d0c0 WriteProfileStringA
0x41d0c4 GetThreadPriority
0x41d0c8 CreateIoCompletionPort
0x41d0cc QueryMemoryResourceNotification
0x41d0d0 HeapSetInformation
0x41d0d4 EnumResourceNamesA
0x41d0d8 GetStringTypeW
0x41d0dc WriteProfileStringW
0x41d0e0 CompareStringA
0x41d0e4 GetCPInfoExA
0x41d0e8 GetVersionExA
0x41d0ec GetProfileSectionW
0x41d0f0 CopyFileExA
0x41d0f4 FlushFileBuffers
0x41d0f8 CloseHandle
0x41d0fc MultiByteToWideChar
0x41d100 HeapValidate
0x41d104 IsBadReadPtr
0x41d108 RaiseException
0x41d10c DeleteCriticalSection
0x41d110 EnterCriticalSection
0x41d114 LeaveCriticalSection
0x41d118 GetModuleFileNameW
0x41d11c GetACP
0x41d120 GetOEMCP
0x41d124 IsValidCodePage
0x41d128 TlsGetValue
0x41d12c TlsAlloc
0x41d130 GetCurrentThreadId
0x41d134 TlsFree
0x41d138 SetLastError
0x41d13c SetUnhandledExceptionFilter
0x41d140 QueryPerformanceCounter
0x41d144 GetCurrentProcessId
0x41d148 GetSystemTimeAsFileTime
0x41d14c Sleep
0x41d150 ExitProcess
0x41d154 GetModuleFileNameA
0x41d158 GetEnvironmentStrings
0x41d15c FreeEnvironmentStringsW
0x41d160 WideCharToMultiByte
0x41d164 GetEnvironmentStringsW
0x41d168 SetHandleCount
0x41d16c GetFileType
0x41d170 HeapDestroy
0x41d174 HeapCreate
0x41d178 HeapFree
0x41d17c VirtualFree
0x41d180 WriteFile
0x41d184 GetCurrentProcess
0x41d188 UnhandledExceptionFilter
0x41d18c IsDebuggerPresent
0x41d190 HeapSize
0x41d194 HeapReAlloc
0x41d198 VirtualAlloc
0x41d19c RtlUnwind
0x41d1a0 InitializeCriticalSectionAndSpinCount
0x41d1a4 DebugBreak
0x41d1a8 OutputDebugStringA
0x41d1ac WriteConsoleW
0x41d1b0 OutputDebugStringW
0x41d1b4 LCMapStringW
0x41d1b8 GetStringTypeA
0x41d1bc GetLocaleInfoA
0x41d1c0 LoadLibraryA
0x41d1c4 SetFilePointer
0x41d1c8 GetConsoleCP
0x41d1cc GetConsoleMode
0x41d1d0 SetStdHandle
0x41d1d4 WriteConsoleA
0x41d1d8 GetConsoleOutputCP
0x41d1dc CreateFileA
USER32.dll
0x41d1e4 GetMessageTime
WINHTTP.dll
0x41d1ec WinHttpOpen
EAT(Export Address Table) is none