ScreenShot
| Created | 2021.09.11 15:27 | Machine | s1_win7_x6401 |
| Filename | lipster.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 28 detected (malicious, high confidence, score, Save, Kryptik, Eldorado, HMKQ, CrypterX, HPGen, Emotet, Static AI, Malicious PE, Sabsik, ZexaF, qq0@aKehgUH, CLASSIC, HMKO, confidence, susgen) | ||
| md5 | 66a35e61e92a2c57a4c872f7d178df50 | ||
| sha256 | c692d6e7a7335237c6bd0687f8bdce29baaad5dd85cfeceff2bb32aecfd8fbb3 | ||
| ssdeep | 3072:g5Y8ocm0ifla2Eyc8rHTtiRacMA0L2FH9HmnZYqolK2+ZXvuzariTWS7A5nAoSSD:GY/flmhaztiR+AHUnBzlCariTWbVnD | ||
| imphash | af15f8c81f40203c694f921fcf93798f | ||
| impfuzzy | 24:sVZZZyVoFXDYeOhlZ901bQOGOovLt/J3JdObPv8Ryv9kRTAjMcTplJvjoS:WZZZchRjZIfB0thPOx9gAtzj | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x434014 InterlockedDecrement
0x434018 GetCurrentProcess
0x43401c GetSystemWindowsDirectoryW
0x434020 GetUserDefaultLCID
0x434024 GetSystemDefaultLCID
0x434028 ReadConsoleW
0x43402c GetEnvironmentStrings
0x434030 GlobalAlloc
0x434034 GetLocaleInfoW
0x434038 LeaveCriticalSection
0x43403c lstrcpynW
0x434040 FindNextVolumeW
0x434044 WriteConsoleW
0x434048 GetModuleFileNameW
0x43404c InterlockedIncrement
0x434050 GetACP
0x434054 GetConsoleOutputCP
0x434058 VerifyVersionInfoW
0x43405c GetProcAddress
0x434060 EnterCriticalSection
0x434064 PrepareTape
0x434068 ResetEvent
0x43406c GetAtomNameA
0x434070 DebugSetProcessKillOnExit
0x434074 SetConsoleTitleW
0x434078 GetModuleHandleA
0x43407c Module32Next
0x434080 GetCurrentProcessId
0x434084 AddConsoleAliasA
0x434088 FindActCtxSectionStringW
0x43408c GetSystemTime
0x434090 GetProfileSectionW
0x434094 FindActCtxSectionGuid
0x434098 GetLocaleInfoA
0x43409c GetCommandLineW
0x4340a0 GetCommandLineA
0x4340a4 GetStartupInfoA
0x4340a8 TerminateProcess
0x4340ac UnhandledExceptionFilter
0x4340b0 SetUnhandledExceptionFilter
0x4340b4 IsDebuggerPresent
0x4340b8 GetModuleHandleW
0x4340bc TlsGetValue
0x4340c0 TlsAlloc
0x4340c4 TlsSetValue
0x4340c8 TlsFree
0x4340cc SetLastError
0x4340d0 GetCurrentThreadId
0x4340d4 GetLastError
0x4340d8 HeapAlloc
0x4340dc Sleep
0x4340e0 HeapSize
0x4340e4 ExitProcess
0x4340e8 RtlUnwind
0x4340ec HeapFree
0x4340f0 SetFilePointer
0x4340f4 WriteFile
0x4340f8 GetStdHandle
0x4340fc GetModuleFileNameA
0x434100 FreeEnvironmentStringsA
0x434104 FreeEnvironmentStringsW
0x434108 WideCharToMultiByte
0x43410c GetEnvironmentStringsW
0x434110 SetHandleCount
0x434114 GetFileType
0x434118 DeleteCriticalSection
0x43411c HeapCreate
0x434120 VirtualFree
0x434124 QueryPerformanceCounter
0x434128 GetTickCount
0x43412c GetSystemTimeAsFileTime
0x434130 GetConsoleCP
0x434134 GetConsoleMode
0x434138 GetCPInfo
0x43413c GetOEMCP
0x434140 IsValidCodePage
0x434144 RaiseException
0x434148 VirtualAlloc
0x43414c HeapReAlloc
0x434150 LoadLibraryA
0x434154 InitializeCriticalSectionAndSpinCount
0x434158 CloseHandle
0x43415c CreateFileA
0x434160 SetStdHandle
0x434164 FlushFileBuffers
0x434168 WriteConsoleA
0x43416c MultiByteToWideChar
0x434170 LCMapStringA
0x434174 LCMapStringW
0x434178 GetStringTypeA
0x43417c GetStringTypeW
0x434180 SetEndOfFile
0x434184 GetProcessHeap
0x434188 ReadFile
GDI32.dll
0x43400c GetCharWidthFloatW
ADVAPI32.dll
0x434000 BackupEventLogA
0x434004 BackupEventLogW
EAT(Export Address Table) Library
0x401046 @GetAnotherVice@12
KERNEL32.dll
0x434014 InterlockedDecrement
0x434018 GetCurrentProcess
0x43401c GetSystemWindowsDirectoryW
0x434020 GetUserDefaultLCID
0x434024 GetSystemDefaultLCID
0x434028 ReadConsoleW
0x43402c GetEnvironmentStrings
0x434030 GlobalAlloc
0x434034 GetLocaleInfoW
0x434038 LeaveCriticalSection
0x43403c lstrcpynW
0x434040 FindNextVolumeW
0x434044 WriteConsoleW
0x434048 GetModuleFileNameW
0x43404c InterlockedIncrement
0x434050 GetACP
0x434054 GetConsoleOutputCP
0x434058 VerifyVersionInfoW
0x43405c GetProcAddress
0x434060 EnterCriticalSection
0x434064 PrepareTape
0x434068 ResetEvent
0x43406c GetAtomNameA
0x434070 DebugSetProcessKillOnExit
0x434074 SetConsoleTitleW
0x434078 GetModuleHandleA
0x43407c Module32Next
0x434080 GetCurrentProcessId
0x434084 AddConsoleAliasA
0x434088 FindActCtxSectionStringW
0x43408c GetSystemTime
0x434090 GetProfileSectionW
0x434094 FindActCtxSectionGuid
0x434098 GetLocaleInfoA
0x43409c GetCommandLineW
0x4340a0 GetCommandLineA
0x4340a4 GetStartupInfoA
0x4340a8 TerminateProcess
0x4340ac UnhandledExceptionFilter
0x4340b0 SetUnhandledExceptionFilter
0x4340b4 IsDebuggerPresent
0x4340b8 GetModuleHandleW
0x4340bc TlsGetValue
0x4340c0 TlsAlloc
0x4340c4 TlsSetValue
0x4340c8 TlsFree
0x4340cc SetLastError
0x4340d0 GetCurrentThreadId
0x4340d4 GetLastError
0x4340d8 HeapAlloc
0x4340dc Sleep
0x4340e0 HeapSize
0x4340e4 ExitProcess
0x4340e8 RtlUnwind
0x4340ec HeapFree
0x4340f0 SetFilePointer
0x4340f4 WriteFile
0x4340f8 GetStdHandle
0x4340fc GetModuleFileNameA
0x434100 FreeEnvironmentStringsA
0x434104 FreeEnvironmentStringsW
0x434108 WideCharToMultiByte
0x43410c GetEnvironmentStringsW
0x434110 SetHandleCount
0x434114 GetFileType
0x434118 DeleteCriticalSection
0x43411c HeapCreate
0x434120 VirtualFree
0x434124 QueryPerformanceCounter
0x434128 GetTickCount
0x43412c GetSystemTimeAsFileTime
0x434130 GetConsoleCP
0x434134 GetConsoleMode
0x434138 GetCPInfo
0x43413c GetOEMCP
0x434140 IsValidCodePage
0x434144 RaiseException
0x434148 VirtualAlloc
0x43414c HeapReAlloc
0x434150 LoadLibraryA
0x434154 InitializeCriticalSectionAndSpinCount
0x434158 CloseHandle
0x43415c CreateFileA
0x434160 SetStdHandle
0x434164 FlushFileBuffers
0x434168 WriteConsoleA
0x43416c MultiByteToWideChar
0x434170 LCMapStringA
0x434174 LCMapStringW
0x434178 GetStringTypeA
0x43417c GetStringTypeW
0x434180 SetEndOfFile
0x434184 GetProcessHeap
0x434188 ReadFile
GDI32.dll
0x43400c GetCharWidthFloatW
ADVAPI32.dll
0x434000 BackupEventLogA
0x434004 BackupEventLogW
EAT(Export Address Table) Library
0x401046 @GetAnotherVice@12