ScreenShot
| Created | 2021.09.11 15:07 | Machine | s1_win7_x6401 |
| Filename | Spoofer-full.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 15 detected (GenericKD, malicious, confidence, Artemis, susgen, ai score=89, score) | ||
| md5 | d8a7c6cb35fc41a9e28ba712edec1fa1 | ||
| sha256 | 1ea7a8c68947969e91ff2974b6f71c81a21152c7892845016c3412eb8db87212 | ||
| ssdeep | 384:4JakANDywAbq/Gp4M/J/R97zOPfUgdnlo14eMYeuZvFBRG1QEVMlmzQf5B3RS4Zd:XkYDnzilJ/68IuZ/RHES4zQhGicDG | ||
| imphash | 40c2acd8a8a0ca9408aab7b3d840b5c3 | ||
| impfuzzy | 96:8tQS1+jhsDWwE8Y5E2Etf9Nge69pXRoAV:7tpXRoAV | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 15 AntiVirus engines on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140005000 GetStdHandle
0x140005008 Sleep
0x140005010 GetCurrentProcess
0x140005018 GetLastError
0x140005020 SetConsoleCursorInfo
0x140005028 SetConsoleTitleA
0x140005030 SetConsoleCursorPosition
0x140005038 RtlLookupFunctionEntry
0x140005040 RtlVirtualUnwind
0x140005048 UnhandledExceptionFilter
0x140005050 SetUnhandledExceptionFilter
0x140005058 TerminateProcess
0x140005060 IsProcessorFeaturePresent
0x140005068 SetConsoleTextAttribute
0x140005070 GetConsoleScreenBufferInfo
0x140005078 IsDebuggerPresent
0x140005080 GetModuleHandleW
0x140005088 QueryPerformanceCounter
0x140005090 GetCurrentProcessId
0x140005098 GetCurrentThreadId
0x1400050a0 GetSystemTimeAsFileTime
0x1400050a8 InitializeSListHead
0x1400050b0 RtlCaptureContext
USER32.dll
0x140005140 FindWindowA
MSVCP140.dll
0x1400050c0 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x1400050c8 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x1400050d0 ?iword@ios_base@std@@QEAAAEAJH@Z
0x1400050d8 ?xalloc@ios_base@std@@SAHXZ
0x1400050e0 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x1400050e8 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
0x1400050f0 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1400050f8 ?clog@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x140005100 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x140005108 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x140005110 ?_Xlength_error@std@@YAXPEBD@Z
0x140005118 ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x140005120 ?uncaught_exception@std@@YA_NXZ
0x140005128 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x140005130 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
WININET.dll
0x1400051b8 HttpOpenRequestW
0x1400051c0 InternetOpenW
0x1400051c8 DeleteUrlCacheEntry
0x1400051d0 InternetReadFile
0x1400051d8 InternetConnectW
0x1400051e0 HttpSendRequestW
urlmon.dll
0x140005358 URLDownloadToFileA
VCRUNTIME140_1.dll
0x1400051a8 __CxxFrameHandler4
VCRUNTIME140.dll
0x140005150 __C_specific_handler
0x140005158 __std_exception_copy
0x140005160 __current_exception
0x140005168 __current_exception_context
0x140005170 memset
0x140005178 __std_exception_destroy
0x140005180 __std_terminate
0x140005188 _CxxThrowException
0x140005190 memcpy
0x140005198 memmove
api-ms-win-crt-runtime-l1-1-0.dll
0x140005258 _configure_narrow_argv
0x140005260 _initterm_e
0x140005268 __p___argv
0x140005270 _get_initial_narrow_environment
0x140005278 _register_thread_local_exe_atexit_callback
0x140005280 __p___argc
0x140005288 _exit
0x140005290 _set_app_type
0x140005298 terminate
0x1400052a0 _seh_filter_exe
0x1400052a8 _cexit
0x1400052b0 _invalid_parameter_noinfo_noreturn
0x1400052b8 _crt_atexit
0x1400052c0 system
0x1400052c8 _register_onexit_function
0x1400052d0 _initialize_narrow_environment
0x1400052d8 _c_exit
0x1400052e0 _initialize_onexit_table
0x1400052e8 exit
0x1400052f0 _initterm
api-ms-win-crt-utility-l1-1-0.dll
0x140005340 srand
0x140005348 rand
api-ms-win-crt-stdio-l1-1-0.dll
0x140005300 _fileno
0x140005308 _set_fmode
0x140005310 __acrt_iob_func
0x140005318 _isatty
0x140005320 __p__commode
api-ms-win-crt-filesystem-l1-1-0.dll
0x140005200 remove
api-ms-win-crt-conio-l1-1-0.dll
0x1400051f0 _getch
api-ms-win-crt-time-l1-1-0.dll
0x140005330 _time64
api-ms-win-crt-heap-l1-1-0.dll
0x140005210 _set_new_mode
0x140005218 _callnewh
0x140005220 malloc
0x140005228 free
api-ms-win-crt-math-l1-1-0.dll
0x140005248 __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll
0x140005238 _configthreadlocale
EAT(Export Address Table) is none
KERNEL32.dll
0x140005000 GetStdHandle
0x140005008 Sleep
0x140005010 GetCurrentProcess
0x140005018 GetLastError
0x140005020 SetConsoleCursorInfo
0x140005028 SetConsoleTitleA
0x140005030 SetConsoleCursorPosition
0x140005038 RtlLookupFunctionEntry
0x140005040 RtlVirtualUnwind
0x140005048 UnhandledExceptionFilter
0x140005050 SetUnhandledExceptionFilter
0x140005058 TerminateProcess
0x140005060 IsProcessorFeaturePresent
0x140005068 SetConsoleTextAttribute
0x140005070 GetConsoleScreenBufferInfo
0x140005078 IsDebuggerPresent
0x140005080 GetModuleHandleW
0x140005088 QueryPerformanceCounter
0x140005090 GetCurrentProcessId
0x140005098 GetCurrentThreadId
0x1400050a0 GetSystemTimeAsFileTime
0x1400050a8 InitializeSListHead
0x1400050b0 RtlCaptureContext
USER32.dll
0x140005140 FindWindowA
MSVCP140.dll
0x1400050c0 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x1400050c8 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x1400050d0 ?iword@ios_base@std@@QEAAAEAJH@Z
0x1400050d8 ?xalloc@ios_base@std@@SAHXZ
0x1400050e0 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x1400050e8 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
0x1400050f0 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1400050f8 ?clog@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x140005100 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x140005108 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x140005110 ?_Xlength_error@std@@YAXPEBD@Z
0x140005118 ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x140005120 ?uncaught_exception@std@@YA_NXZ
0x140005128 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x140005130 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
WININET.dll
0x1400051b8 HttpOpenRequestW
0x1400051c0 InternetOpenW
0x1400051c8 DeleteUrlCacheEntry
0x1400051d0 InternetReadFile
0x1400051d8 InternetConnectW
0x1400051e0 HttpSendRequestW
urlmon.dll
0x140005358 URLDownloadToFileA
VCRUNTIME140_1.dll
0x1400051a8 __CxxFrameHandler4
VCRUNTIME140.dll
0x140005150 __C_specific_handler
0x140005158 __std_exception_copy
0x140005160 __current_exception
0x140005168 __current_exception_context
0x140005170 memset
0x140005178 __std_exception_destroy
0x140005180 __std_terminate
0x140005188 _CxxThrowException
0x140005190 memcpy
0x140005198 memmove
api-ms-win-crt-runtime-l1-1-0.dll
0x140005258 _configure_narrow_argv
0x140005260 _initterm_e
0x140005268 __p___argv
0x140005270 _get_initial_narrow_environment
0x140005278 _register_thread_local_exe_atexit_callback
0x140005280 __p___argc
0x140005288 _exit
0x140005290 _set_app_type
0x140005298 terminate
0x1400052a0 _seh_filter_exe
0x1400052a8 _cexit
0x1400052b0 _invalid_parameter_noinfo_noreturn
0x1400052b8 _crt_atexit
0x1400052c0 system
0x1400052c8 _register_onexit_function
0x1400052d0 _initialize_narrow_environment
0x1400052d8 _c_exit
0x1400052e0 _initialize_onexit_table
0x1400052e8 exit
0x1400052f0 _initterm
api-ms-win-crt-utility-l1-1-0.dll
0x140005340 srand
0x140005348 rand
api-ms-win-crt-stdio-l1-1-0.dll
0x140005300 _fileno
0x140005308 _set_fmode
0x140005310 __acrt_iob_func
0x140005318 _isatty
0x140005320 __p__commode
api-ms-win-crt-filesystem-l1-1-0.dll
0x140005200 remove
api-ms-win-crt-conio-l1-1-0.dll
0x1400051f0 _getch
api-ms-win-crt-time-l1-1-0.dll
0x140005330 _time64
api-ms-win-crt-heap-l1-1-0.dll
0x140005210 _set_new_mode
0x140005218 _callnewh
0x140005220 malloc
0x140005228 free
api-ms-win-crt-math-l1-1-0.dll
0x140005248 __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll
0x140005238 _configthreadlocale
EAT(Export Address Table) is none