ScreenShot
| Created | 2021.09.10 09:28 | Machine | s1_win7_x6402 |
| Filename | Alfanewfile2.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 23 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, ZexaF, Lq0@aaCN9oH, Kryptik, Eldorado, Chapak, CLASSIC, StopCrypt, score, MachineLearning, Anomalous, Static AI, Malicious PE, confidence, 100%) | ||
| md5 | 9292d5a461d54bde94066b1854ce0bc4 | ||
| sha256 | 8f3b2d0ca7889d1147151747affc018cbe7c2e4f400809b1822b546992b5f71e | ||
| ssdeep | 12288:SRzCG6Fjbq4kgt4eXQsd/EXWWV3KwAEvlh59P4O1Y6967XKTnCI/h:SRzCjxbZko4yQsG5V6kvwOzt+I | ||
| imphash | fbea55ea67e34b8ef644a189793ea323 | ||
| impfuzzy | 24:4Ae80ZBt1uDSIp7Z94OGOovLt/J3JdOb5FQQyv9kRTAjM0TplQ9v9:4vZBpIlZZB0thPO09gQtUV | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x48c000 GetLocaleInfoA
0x48c004 SetLocalTime
0x48c008 DebugActiveProcessStop
0x48c00c lstrcpynA
0x48c010 InterlockedIncrement
0x48c014 ReadConsoleA
0x48c018 InterlockedDecrement
0x48c01c GetCurrentProcess
0x48c020 GetSystemWindowsDirectoryW
0x48c024 GetEnvironmentStringsW
0x48c028 GetUserDefaultLCID
0x48c02c SetEvent
0x48c030 GetLocaleInfoW
0x48c034 LeaveCriticalSection
0x48c038 VerifyVersionInfoA
0x48c03c SetConsoleTitleA
0x48c040 GetProcAddress
0x48c044 PeekConsoleInputW
0x48c048 EnterCriticalSection
0x48c04c GetAtomNameA
0x48c050 WriteConsoleA
0x48c054 LocalAlloc
0x48c058 SetConsoleOutputCP
0x48c05c GetModuleFileNameA
0x48c060 GetOEMCP
0x48c064 GetModuleHandleA
0x48c068 GetCPInfoExA
0x48c06c Module32Next
0x48c070 GetCurrentProcessId
0x48c074 AddConsoleAliasA
0x48c078 GetCommandLineW
0x48c07c GetCommandLineA
0x48c080 GetStartupInfoA
0x48c084 TerminateProcess
0x48c088 UnhandledExceptionFilter
0x48c08c SetUnhandledExceptionFilter
0x48c090 IsDebuggerPresent
0x48c094 GetModuleHandleW
0x48c098 TlsGetValue
0x48c09c TlsAlloc
0x48c0a0 TlsSetValue
0x48c0a4 TlsFree
0x48c0a8 SetLastError
0x48c0ac GetCurrentThreadId
0x48c0b0 GetLastError
0x48c0b4 HeapAlloc
0x48c0b8 Sleep
0x48c0bc HeapSize
0x48c0c0 ExitProcess
0x48c0c4 RtlUnwind
0x48c0c8 HeapFree
0x48c0cc SetFilePointer
0x48c0d0 WriteFile
0x48c0d4 GetStdHandle
0x48c0d8 FreeEnvironmentStringsA
0x48c0dc GetEnvironmentStrings
0x48c0e0 FreeEnvironmentStringsW
0x48c0e4 WideCharToMultiByte
0x48c0e8 SetHandleCount
0x48c0ec GetFileType
0x48c0f0 DeleteCriticalSection
0x48c0f4 HeapCreate
0x48c0f8 VirtualFree
0x48c0fc QueryPerformanceCounter
0x48c100 GetTickCount
0x48c104 GetSystemTimeAsFileTime
0x48c108 GetConsoleCP
0x48c10c GetConsoleMode
0x48c110 GetCPInfo
0x48c114 GetACP
0x48c118 IsValidCodePage
0x48c11c RaiseException
0x48c120 VirtualAlloc
0x48c124 HeapReAlloc
0x48c128 LoadLibraryA
0x48c12c InitializeCriticalSectionAndSpinCount
0x48c130 CloseHandle
0x48c134 CreateFileA
0x48c138 SetStdHandle
0x48c13c FlushFileBuffers
0x48c140 GetConsoleOutputCP
0x48c144 WriteConsoleW
0x48c148 MultiByteToWideChar
0x48c14c LCMapStringA
0x48c150 LCMapStringW
0x48c154 GetStringTypeA
0x48c158 GetStringTypeW
0x48c15c SetEndOfFile
0x48c160 GetProcessHeap
0x48c164 ReadFile
EAT(Export Address Table) Library
0x401046 @GetAnotherVice@12
KERNEL32.dll
0x48c000 GetLocaleInfoA
0x48c004 SetLocalTime
0x48c008 DebugActiveProcessStop
0x48c00c lstrcpynA
0x48c010 InterlockedIncrement
0x48c014 ReadConsoleA
0x48c018 InterlockedDecrement
0x48c01c GetCurrentProcess
0x48c020 GetSystemWindowsDirectoryW
0x48c024 GetEnvironmentStringsW
0x48c028 GetUserDefaultLCID
0x48c02c SetEvent
0x48c030 GetLocaleInfoW
0x48c034 LeaveCriticalSection
0x48c038 VerifyVersionInfoA
0x48c03c SetConsoleTitleA
0x48c040 GetProcAddress
0x48c044 PeekConsoleInputW
0x48c048 EnterCriticalSection
0x48c04c GetAtomNameA
0x48c050 WriteConsoleA
0x48c054 LocalAlloc
0x48c058 SetConsoleOutputCP
0x48c05c GetModuleFileNameA
0x48c060 GetOEMCP
0x48c064 GetModuleHandleA
0x48c068 GetCPInfoExA
0x48c06c Module32Next
0x48c070 GetCurrentProcessId
0x48c074 AddConsoleAliasA
0x48c078 GetCommandLineW
0x48c07c GetCommandLineA
0x48c080 GetStartupInfoA
0x48c084 TerminateProcess
0x48c088 UnhandledExceptionFilter
0x48c08c SetUnhandledExceptionFilter
0x48c090 IsDebuggerPresent
0x48c094 GetModuleHandleW
0x48c098 TlsGetValue
0x48c09c TlsAlloc
0x48c0a0 TlsSetValue
0x48c0a4 TlsFree
0x48c0a8 SetLastError
0x48c0ac GetCurrentThreadId
0x48c0b0 GetLastError
0x48c0b4 HeapAlloc
0x48c0b8 Sleep
0x48c0bc HeapSize
0x48c0c0 ExitProcess
0x48c0c4 RtlUnwind
0x48c0c8 HeapFree
0x48c0cc SetFilePointer
0x48c0d0 WriteFile
0x48c0d4 GetStdHandle
0x48c0d8 FreeEnvironmentStringsA
0x48c0dc GetEnvironmentStrings
0x48c0e0 FreeEnvironmentStringsW
0x48c0e4 WideCharToMultiByte
0x48c0e8 SetHandleCount
0x48c0ec GetFileType
0x48c0f0 DeleteCriticalSection
0x48c0f4 HeapCreate
0x48c0f8 VirtualFree
0x48c0fc QueryPerformanceCounter
0x48c100 GetTickCount
0x48c104 GetSystemTimeAsFileTime
0x48c108 GetConsoleCP
0x48c10c GetConsoleMode
0x48c110 GetCPInfo
0x48c114 GetACP
0x48c118 IsValidCodePage
0x48c11c RaiseException
0x48c120 VirtualAlloc
0x48c124 HeapReAlloc
0x48c128 LoadLibraryA
0x48c12c InitializeCriticalSectionAndSpinCount
0x48c130 CloseHandle
0x48c134 CreateFileA
0x48c138 SetStdHandle
0x48c13c FlushFileBuffers
0x48c140 GetConsoleOutputCP
0x48c144 WriteConsoleW
0x48c148 MultiByteToWideChar
0x48c14c LCMapStringA
0x48c150 LCMapStringW
0x48c154 GetStringTypeA
0x48c158 GetStringTypeW
0x48c15c SetEndOfFile
0x48c160 GetProcessHeap
0x48c164 ReadFile
EAT(Export Address Table) Library
0x401046 @GetAnotherVice@12