ScreenShot
| Created | 2021.09.12 15:00 | Machine | s1_win7_x6402 |
| Filename | c808d765c682f1c26f06e0891b803750.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 30 detected (AIDetect, malware1, Chapak, Unsafe, Save, malicious, confidence, 100%, ZexaF, UuW@ay4ozHgO, Kryptik, HMKW, DropperX, CLASSIC, Azorult, Score, kcloud, Sabsik, MalPE, Artemis, BScope, Wacatac, Static AI, Malicious PE, susgen, Behavior) | ||
| md5 | c808d765c682f1c26f06e0891b803750 | ||
| sha256 | 24d277d8c080aadf18227eca5e5a18b247466e4e53fcc975a7894e8af6717ae2 | ||
| ssdeep | 12288:JNsis2a0gbMqzIFO46Xj6mmqpRnZAYtIRzHlhxxTz8lvecTCUBW:nsVdbXNj6gnKUIRr19gvecmUBW | ||
| imphash | 7dedca7bc07f096eb3cce2bfad6fc32b | ||
| impfuzzy | 48:C+OulwJX13BEdPBugJ5FopSNKaE8fcTYhS+tEbLXtF:6/X1R0P0gJDqSNE8fcTYhS+qbLXz | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Trojan_DarkSide_Ransomware_1_Zero | Darkside Ransomware | binaries (upload) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41e000 GetCommandLineW
0x41e004 EnumResourceNamesW
0x41e008 DosDateTimeToFileTime
0x41e00c FindFirstChangeNotificationW
0x41e010 CopyFileExW
0x41e014 SetLocalTime
0x41e018 GetCPInfo
0x41e01c GetConsoleAliasExesLengthA
0x41e020 HeapAlloc
0x41e024 InterlockedIncrement
0x41e028 GetCommState
0x41e02c InterlockedDecrement
0x41e030 GetSystemWindowsDirectoryW
0x41e034 GlobalLock
0x41e038 GetProfileSectionA
0x41e03c FreeEnvironmentStringsA
0x41e040 GetModuleHandleW
0x41e044 GetTickCount
0x41e048 GetCurrentThread
0x41e04c GetPrivateProfileStringW
0x41e050 ReadConsoleW
0x41e054 SetProcessPriorityBoost
0x41e058 TlsSetValue
0x41e05c ActivateActCtx
0x41e060 GlobalAlloc
0x41e064 GetVolumeInformationA
0x41e068 LoadLibraryW
0x41e06c TerminateThread
0x41e070 IsProcessorFeaturePresent
0x41e074 GetCompressedFileSizeA
0x41e078 lstrlenW
0x41e07c SetThreadPriority
0x41e080 GetNamedPipeHandleStateW
0x41e084 LCMapStringA
0x41e088 GetPrivateProfileIntW
0x41e08c CreateDirectoryA
0x41e090 InterlockedExchange
0x41e094 SetCurrentDirectoryA
0x41e098 GetStartupInfoA
0x41e09c GetStdHandle
0x41e0a0 GetLastError
0x41e0a4 GetThreadLocale
0x41e0a8 ReadConsoleOutputCharacterA
0x41e0ac GetProcAddress
0x41e0b0 CreateMemoryResourceNotification
0x41e0b4 DisableThreadLibraryCalls
0x41e0b8 Process32FirstW
0x41e0bc WritePrivateProfileStringA
0x41e0c0 SetCurrentDirectoryW
0x41e0c4 HeapWalk
0x41e0c8 FindAtomA
0x41e0cc SetSystemTime
0x41e0d0 SetEnvironmentVariableA
0x41e0d4 FindNextFileA
0x41e0d8 GetThreadPriority
0x41e0dc EnumResourceNamesA
0x41e0e0 GetStringTypeW
0x41e0e4 WriteProfileStringW
0x41e0e8 CompareStringA
0x41e0ec GetCPInfoExA
0x41e0f0 GetVersionExA
0x41e0f4 UnregisterWaitEx
0x41e0f8 CopyFileExA
0x41e0fc FlushFileBuffers
0x41e100 CloseHandle
0x41e104 MultiByteToWideChar
0x41e108 GetCommandLineA
0x41e10c HeapValidate
0x41e110 IsBadReadPtr
0x41e114 RaiseException
0x41e118 DeleteCriticalSection
0x41e11c EnterCriticalSection
0x41e120 LeaveCriticalSection
0x41e124 GetModuleFileNameW
0x41e128 GetACP
0x41e12c GetOEMCP
0x41e130 IsValidCodePage
0x41e134 TlsGetValue
0x41e138 TlsAlloc
0x41e13c GetCurrentThreadId
0x41e140 TlsFree
0x41e144 SetLastError
0x41e148 SetUnhandledExceptionFilter
0x41e14c QueryPerformanceCounter
0x41e150 GetCurrentProcessId
0x41e154 GetSystemTimeAsFileTime
0x41e158 Sleep
0x41e15c ExitProcess
0x41e160 GetModuleFileNameA
0x41e164 GetEnvironmentStrings
0x41e168 FreeEnvironmentStringsW
0x41e16c WideCharToMultiByte
0x41e170 GetEnvironmentStringsW
0x41e174 SetHandleCount
0x41e178 GetFileType
0x41e17c HeapDestroy
0x41e180 HeapCreate
0x41e184 HeapFree
0x41e188 VirtualFree
0x41e18c WriteFile
0x41e190 TerminateProcess
0x41e194 GetCurrentProcess
0x41e198 UnhandledExceptionFilter
0x41e19c IsDebuggerPresent
0x41e1a0 HeapSize
0x41e1a4 HeapReAlloc
0x41e1a8 VirtualAlloc
0x41e1ac RtlUnwind
0x41e1b0 InitializeCriticalSectionAndSpinCount
0x41e1b4 DebugBreak
0x41e1b8 OutputDebugStringA
0x41e1bc WriteConsoleW
0x41e1c0 OutputDebugStringW
0x41e1c4 LCMapStringW
0x41e1c8 GetStringTypeA
0x41e1cc GetLocaleInfoA
0x41e1d0 LoadLibraryA
0x41e1d4 SetFilePointer
0x41e1d8 GetConsoleCP
0x41e1dc GetConsoleMode
0x41e1e0 SetStdHandle
0x41e1e4 WriteConsoleA
0x41e1e8 GetConsoleOutputCP
0x41e1ec CreateFileA
USER32.dll
0x41e1f4 GetCursorInfo
WINHTTP.dll
0x41e1fc WinHttpCloseHandle
EAT(Export Address Table) is none
KERNEL32.dll
0x41e000 GetCommandLineW
0x41e004 EnumResourceNamesW
0x41e008 DosDateTimeToFileTime
0x41e00c FindFirstChangeNotificationW
0x41e010 CopyFileExW
0x41e014 SetLocalTime
0x41e018 GetCPInfo
0x41e01c GetConsoleAliasExesLengthA
0x41e020 HeapAlloc
0x41e024 InterlockedIncrement
0x41e028 GetCommState
0x41e02c InterlockedDecrement
0x41e030 GetSystemWindowsDirectoryW
0x41e034 GlobalLock
0x41e038 GetProfileSectionA
0x41e03c FreeEnvironmentStringsA
0x41e040 GetModuleHandleW
0x41e044 GetTickCount
0x41e048 GetCurrentThread
0x41e04c GetPrivateProfileStringW
0x41e050 ReadConsoleW
0x41e054 SetProcessPriorityBoost
0x41e058 TlsSetValue
0x41e05c ActivateActCtx
0x41e060 GlobalAlloc
0x41e064 GetVolumeInformationA
0x41e068 LoadLibraryW
0x41e06c TerminateThread
0x41e070 IsProcessorFeaturePresent
0x41e074 GetCompressedFileSizeA
0x41e078 lstrlenW
0x41e07c SetThreadPriority
0x41e080 GetNamedPipeHandleStateW
0x41e084 LCMapStringA
0x41e088 GetPrivateProfileIntW
0x41e08c CreateDirectoryA
0x41e090 InterlockedExchange
0x41e094 SetCurrentDirectoryA
0x41e098 GetStartupInfoA
0x41e09c GetStdHandle
0x41e0a0 GetLastError
0x41e0a4 GetThreadLocale
0x41e0a8 ReadConsoleOutputCharacterA
0x41e0ac GetProcAddress
0x41e0b0 CreateMemoryResourceNotification
0x41e0b4 DisableThreadLibraryCalls
0x41e0b8 Process32FirstW
0x41e0bc WritePrivateProfileStringA
0x41e0c0 SetCurrentDirectoryW
0x41e0c4 HeapWalk
0x41e0c8 FindAtomA
0x41e0cc SetSystemTime
0x41e0d0 SetEnvironmentVariableA
0x41e0d4 FindNextFileA
0x41e0d8 GetThreadPriority
0x41e0dc EnumResourceNamesA
0x41e0e0 GetStringTypeW
0x41e0e4 WriteProfileStringW
0x41e0e8 CompareStringA
0x41e0ec GetCPInfoExA
0x41e0f0 GetVersionExA
0x41e0f4 UnregisterWaitEx
0x41e0f8 CopyFileExA
0x41e0fc FlushFileBuffers
0x41e100 CloseHandle
0x41e104 MultiByteToWideChar
0x41e108 GetCommandLineA
0x41e10c HeapValidate
0x41e110 IsBadReadPtr
0x41e114 RaiseException
0x41e118 DeleteCriticalSection
0x41e11c EnterCriticalSection
0x41e120 LeaveCriticalSection
0x41e124 GetModuleFileNameW
0x41e128 GetACP
0x41e12c GetOEMCP
0x41e130 IsValidCodePage
0x41e134 TlsGetValue
0x41e138 TlsAlloc
0x41e13c GetCurrentThreadId
0x41e140 TlsFree
0x41e144 SetLastError
0x41e148 SetUnhandledExceptionFilter
0x41e14c QueryPerformanceCounter
0x41e150 GetCurrentProcessId
0x41e154 GetSystemTimeAsFileTime
0x41e158 Sleep
0x41e15c ExitProcess
0x41e160 GetModuleFileNameA
0x41e164 GetEnvironmentStrings
0x41e168 FreeEnvironmentStringsW
0x41e16c WideCharToMultiByte
0x41e170 GetEnvironmentStringsW
0x41e174 SetHandleCount
0x41e178 GetFileType
0x41e17c HeapDestroy
0x41e180 HeapCreate
0x41e184 HeapFree
0x41e188 VirtualFree
0x41e18c WriteFile
0x41e190 TerminateProcess
0x41e194 GetCurrentProcess
0x41e198 UnhandledExceptionFilter
0x41e19c IsDebuggerPresent
0x41e1a0 HeapSize
0x41e1a4 HeapReAlloc
0x41e1a8 VirtualAlloc
0x41e1ac RtlUnwind
0x41e1b0 InitializeCriticalSectionAndSpinCount
0x41e1b4 DebugBreak
0x41e1b8 OutputDebugStringA
0x41e1bc WriteConsoleW
0x41e1c0 OutputDebugStringW
0x41e1c4 LCMapStringW
0x41e1c8 GetStringTypeA
0x41e1cc GetLocaleInfoA
0x41e1d0 LoadLibraryA
0x41e1d4 SetFilePointer
0x41e1d8 GetConsoleCP
0x41e1dc GetConsoleMode
0x41e1e0 SetStdHandle
0x41e1e4 WriteConsoleA
0x41e1e8 GetConsoleOutputCP
0x41e1ec CreateFileA
USER32.dll
0x41e1f4 GetCursorInfo
WINHTTP.dll
0x41e1fc WinHttpCloseHandle
EAT(Export Address Table) is none