ScreenShot
| Created | 2021.09.10 17:20 | Machine | s1_win7_x6401 |
| Filename | tgrewads.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 12 detected (malicious, high confidence, Zusy, Eldorado, Attribute, HighConfidence, Bingoml, DLDER, Static AI, Malicious PE, score, BScope, NanoBot, Genetic) | ||
| md5 | 268d55d7e322a47435b83d71d3610f81 | ||
| sha256 | 091c1a3a39bf25321024f33458c5e82b1c10a19eba3d310e3ba4791e9436ab02 | ||
| ssdeep | 192:hOSLgq6Dxf5TjX0/Rz7Etb/cyWnNQWnKujOD7W8o0LgWl5x7E5hzYEJpfMhF:QSEq6Dk/F7IrTaNMujQ7xoSlf7zCM | ||
| imphash | 082553c4a913339885750d5fce60ae61 | ||
| impfuzzy | 24:zBSaUyWPWyWNwUJLOiLTwcUKMPySPDMQSLaBJCbjyocAJLD29/hZhAihTK4Tg9zU:NSVCNdX+9PVwQSLg/+O5ShyBSHSOmt1 | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 12 AntiVirus engines on VirusTotal as malicious |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
SHELL32.dll
0x40303c ShellExecuteA
MSVCP140.dll
0x403034 ?_Xlength_error@std@@YAXPBD@Z
urlmon.dll
0x403104 URLDownloadToFileA
VCRUNTIME140.dll
0x403044 memset
0x403048 __current_exception_context
0x40304c __current_exception
0x403050 __std_exception_copy
0x403054 __std_exception_destroy
0x403058 __CxxFrameHandler3
0x40305c memcpy
0x403060 _CxxThrowException
0x403064 _except_handler4_common
0x403068 memmove
api-ms-win-crt-stdio-l1-1-0.dll
0x4030f0 __stdio_common_vfprintf
0x4030f4 __acrt_iob_func
0x4030f8 _set_fmode
0x4030fc __p__commode
api-ms-win-crt-runtime-l1-1-0.dll
0x40309c exit
0x4030a0 _register_onexit_function
0x4030a4 _crt_atexit
0x4030a8 _controlfp_s
0x4030ac terminate
0x4030b0 _c_exit
0x4030b4 _register_thread_local_exe_atexit_callback
0x4030b8 _cexit
0x4030bc __p___argv
0x4030c0 _invalid_parameter_noinfo_noreturn
0x4030c4 __p___argc
0x4030c8 _initialize_onexit_table
0x4030cc _initterm_e
0x4030d0 _initterm
0x4030d4 _get_initial_narrow_environment
0x4030d8 _initialize_narrow_environment
0x4030dc _configure_narrow_argv
0x4030e0 _exit
0x4030e4 _set_app_type
0x4030e8 _seh_filter_exe
api-ms-win-crt-environment-l1-1-0.dll
0x403070 getenv
api-ms-win-crt-math-l1-1-0.dll
0x403094 __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll
0x40308c _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x403078 malloc
0x40307c free
0x403080 _callnewh
0x403084 _set_new_mode
KERNEL32.dll
0x403000 QueryPerformanceCounter
0x403004 GetCurrentProcessId
0x403008 GetCurrentProcess
0x40300c GetModuleHandleW
0x403010 GetCurrentThreadId
0x403014 IsProcessorFeaturePresent
0x403018 GetSystemTimeAsFileTime
0x40301c InitializeSListHead
0x403020 IsDebuggerPresent
0x403024 UnhandledExceptionFilter
0x403028 SetUnhandledExceptionFilter
0x40302c TerminateProcess
EAT(Export Address Table) is none
SHELL32.dll
0x40303c ShellExecuteA
MSVCP140.dll
0x403034 ?_Xlength_error@std@@YAXPBD@Z
urlmon.dll
0x403104 URLDownloadToFileA
VCRUNTIME140.dll
0x403044 memset
0x403048 __current_exception_context
0x40304c __current_exception
0x403050 __std_exception_copy
0x403054 __std_exception_destroy
0x403058 __CxxFrameHandler3
0x40305c memcpy
0x403060 _CxxThrowException
0x403064 _except_handler4_common
0x403068 memmove
api-ms-win-crt-stdio-l1-1-0.dll
0x4030f0 __stdio_common_vfprintf
0x4030f4 __acrt_iob_func
0x4030f8 _set_fmode
0x4030fc __p__commode
api-ms-win-crt-runtime-l1-1-0.dll
0x40309c exit
0x4030a0 _register_onexit_function
0x4030a4 _crt_atexit
0x4030a8 _controlfp_s
0x4030ac terminate
0x4030b0 _c_exit
0x4030b4 _register_thread_local_exe_atexit_callback
0x4030b8 _cexit
0x4030bc __p___argv
0x4030c0 _invalid_parameter_noinfo_noreturn
0x4030c4 __p___argc
0x4030c8 _initialize_onexit_table
0x4030cc _initterm_e
0x4030d0 _initterm
0x4030d4 _get_initial_narrow_environment
0x4030d8 _initialize_narrow_environment
0x4030dc _configure_narrow_argv
0x4030e0 _exit
0x4030e4 _set_app_type
0x4030e8 _seh_filter_exe
api-ms-win-crt-environment-l1-1-0.dll
0x403070 getenv
api-ms-win-crt-math-l1-1-0.dll
0x403094 __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll
0x40308c _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x403078 malloc
0x40307c free
0x403080 _callnewh
0x403084 _set_new_mode
KERNEL32.dll
0x403000 QueryPerformanceCounter
0x403004 GetCurrentProcessId
0x403008 GetCurrentProcess
0x40300c GetModuleHandleW
0x403010 GetCurrentThreadId
0x403014 IsProcessorFeaturePresent
0x403018 GetSystemTimeAsFileTime
0x40301c InitializeSListHead
0x403020 IsDebuggerPresent
0x403024 UnhandledExceptionFilter
0x403028 SetUnhandledExceptionFilter
0x40302c TerminateProcess
EAT(Export Address Table) is none