ScreenShot
| Created | 2021.09.14 10:02 | Machine | s1_win7_x6401 |
| Filename | LithiumFloodmark_.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 45 detected (AIDetect, malware1, malicious, high confidence, GenericKDZ, Jaik, Unsafe, Save, Androm, confidence, 100%, Kryptik, HMKX, BotX, MulDrop18, Emotet, Static AI, Malicious PE, Minerva, gshwq, Sabsik, score, CoinMiner, Glupteba, R441148, ai score=86, BScope, Wacatac, CLASSIC, Azorult, ZexaF, yuW@a4rne1gO, GdSda, susgen) | ||
| md5 | 47e27edcb9be738259f5c3d81423c613 | ||
| sha256 | 2a103ceb37522c1bb5f9b6336e52c3c8341b15276bbc44149ac65d26375b4c1d | ||
| ssdeep | 6144:6/TlilfRCWtmrIe+71ZJhJRTXZbNI/hKqLmwhUlpiuh4CFTu:8lGR5tm5+7fJ7RTJhIZ5mwui0o | ||
| imphash | 5d749c2a8493b5c3c97119ce99ab202c | ||
| impfuzzy | 48:C+O4PQwJX1EBEdPBugJUF7phuYaE8fcehS+XibLXKF:64jX1s0P0gJCNhuxE8fcehS+SbLXC | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41d000 GetCommandLineW
0x41d004 EnumResourceNamesW
0x41d008 DosDateTimeToFileTime
0x41d00c FindFirstChangeNotificationW
0x41d010 CopyFileExW
0x41d014 SetLocalTime
0x41d018 GetCPInfo
0x41d01c GetConsoleAliasExesLengthA
0x41d020 HeapAlloc
0x41d024 InterlockedIncrement
0x41d028 GetCommState
0x41d02c InterlockedDecrement
0x41d030 GlobalSize
0x41d034 GetSystemWindowsDirectoryW
0x41d038 GlobalLock
0x41d03c GetProfileSectionA
0x41d040 GetModuleHandleW
0x41d044 GetTickCount
0x41d048 GetPrivateProfileStringW
0x41d04c ReadConsoleW
0x41d050 SetProcessPriorityBoost
0x41d054 TlsSetValue
0x41d058 ActivateActCtx
0x41d05c GlobalAlloc
0x41d060 GetVolumeInformationA
0x41d064 LoadLibraryW
0x41d068 TerminateThread
0x41d06c IsProcessorFeaturePresent
0x41d070 GetCompressedFileSizeA
0x41d074 lstrlenW
0x41d078 SetThreadPriority
0x41d07c DeactivateActCtx
0x41d080 GetNamedPipeHandleStateW
0x41d084 LCMapStringA
0x41d088 GetPrivateProfileIntW
0x41d08c CreateDirectoryA
0x41d090 InterlockedExchange
0x41d094 SetCurrentDirectoryA
0x41d098 GetStartupInfoA
0x41d09c GetStdHandle
0x41d0a0 GetLastError
0x41d0a4 GetThreadLocale
0x41d0a8 ReadConsoleOutputCharacterA
0x41d0ac GetProcAddress
0x41d0b0 CreateMemoryResourceNotification
0x41d0b4 DisableThreadLibraryCalls
0x41d0b8 Process32FirstW
0x41d0bc WritePrivateProfileStringA
0x41d0c0 SetCurrentDirectoryW
0x41d0c4 HeapWalk
0x41d0c8 FindAtomA
0x41d0cc SetSystemTime
0x41d0d0 SetEnvironmentVariableA
0x41d0d4 GetThreadPriority
0x41d0d8 FreeEnvironmentStringsW
0x41d0dc EnumResourceNamesA
0x41d0e0 FindNextFileW
0x41d0e4 GetStringTypeW
0x41d0e8 WriteProfileStringW
0x41d0ec CompareStringA
0x41d0f0 GetCurrentThreadId
0x41d0f4 GetCPInfoExA
0x41d0f8 GetVersionExA
0x41d0fc UnregisterWaitEx
0x41d100 CopyFileExA
0x41d104 FlushFileBuffers
0x41d108 CloseHandle
0x41d10c MultiByteToWideChar
0x41d110 GetStartupInfoW
0x41d114 HeapValidate
0x41d118 IsBadReadPtr
0x41d11c RaiseException
0x41d120 DeleteCriticalSection
0x41d124 EnterCriticalSection
0x41d128 LeaveCriticalSection
0x41d12c GetModuleFileNameW
0x41d130 GetACP
0x41d134 GetOEMCP
0x41d138 IsValidCodePage
0x41d13c TlsGetValue
0x41d140 TlsAlloc
0x41d144 TlsFree
0x41d148 SetLastError
0x41d14c SetUnhandledExceptionFilter
0x41d150 QueryPerformanceCounter
0x41d154 GetCurrentProcessId
0x41d158 GetSystemTimeAsFileTime
0x41d15c Sleep
0x41d160 ExitProcess
0x41d164 GetEnvironmentStringsW
0x41d168 SetHandleCount
0x41d16c GetFileType
0x41d170 HeapDestroy
0x41d174 HeapCreate
0x41d178 HeapFree
0x41d17c VirtualFree
0x41d180 GetModuleFileNameA
0x41d184 WriteFile
0x41d188 TerminateProcess
0x41d18c GetCurrentProcess
0x41d190 UnhandledExceptionFilter
0x41d194 IsDebuggerPresent
0x41d198 HeapSize
0x41d19c HeapReAlloc
0x41d1a0 VirtualAlloc
0x41d1a4 RtlUnwind
0x41d1a8 InitializeCriticalSectionAndSpinCount
0x41d1ac DebugBreak
0x41d1b0 OutputDebugStringA
0x41d1b4 WriteConsoleW
0x41d1b8 OutputDebugStringW
0x41d1bc WideCharToMultiByte
0x41d1c0 LCMapStringW
0x41d1c4 GetStringTypeA
0x41d1c8 GetLocaleInfoA
0x41d1cc LoadLibraryA
0x41d1d0 SetFilePointer
0x41d1d4 GetConsoleCP
0x41d1d8 GetConsoleMode
0x41d1dc SetStdHandle
0x41d1e0 WriteConsoleA
0x41d1e4 GetConsoleOutputCP
0x41d1e8 CreateFileA
USER32.dll
0x41d1f0 GetCursorInfo
WINHTTP.dll
0x41d1f8 WinHttpCloseHandle
EAT(Export Address Table) is none
KERNEL32.dll
0x41d000 GetCommandLineW
0x41d004 EnumResourceNamesW
0x41d008 DosDateTimeToFileTime
0x41d00c FindFirstChangeNotificationW
0x41d010 CopyFileExW
0x41d014 SetLocalTime
0x41d018 GetCPInfo
0x41d01c GetConsoleAliasExesLengthA
0x41d020 HeapAlloc
0x41d024 InterlockedIncrement
0x41d028 GetCommState
0x41d02c InterlockedDecrement
0x41d030 GlobalSize
0x41d034 GetSystemWindowsDirectoryW
0x41d038 GlobalLock
0x41d03c GetProfileSectionA
0x41d040 GetModuleHandleW
0x41d044 GetTickCount
0x41d048 GetPrivateProfileStringW
0x41d04c ReadConsoleW
0x41d050 SetProcessPriorityBoost
0x41d054 TlsSetValue
0x41d058 ActivateActCtx
0x41d05c GlobalAlloc
0x41d060 GetVolumeInformationA
0x41d064 LoadLibraryW
0x41d068 TerminateThread
0x41d06c IsProcessorFeaturePresent
0x41d070 GetCompressedFileSizeA
0x41d074 lstrlenW
0x41d078 SetThreadPriority
0x41d07c DeactivateActCtx
0x41d080 GetNamedPipeHandleStateW
0x41d084 LCMapStringA
0x41d088 GetPrivateProfileIntW
0x41d08c CreateDirectoryA
0x41d090 InterlockedExchange
0x41d094 SetCurrentDirectoryA
0x41d098 GetStartupInfoA
0x41d09c GetStdHandle
0x41d0a0 GetLastError
0x41d0a4 GetThreadLocale
0x41d0a8 ReadConsoleOutputCharacterA
0x41d0ac GetProcAddress
0x41d0b0 CreateMemoryResourceNotification
0x41d0b4 DisableThreadLibraryCalls
0x41d0b8 Process32FirstW
0x41d0bc WritePrivateProfileStringA
0x41d0c0 SetCurrentDirectoryW
0x41d0c4 HeapWalk
0x41d0c8 FindAtomA
0x41d0cc SetSystemTime
0x41d0d0 SetEnvironmentVariableA
0x41d0d4 GetThreadPriority
0x41d0d8 FreeEnvironmentStringsW
0x41d0dc EnumResourceNamesA
0x41d0e0 FindNextFileW
0x41d0e4 GetStringTypeW
0x41d0e8 WriteProfileStringW
0x41d0ec CompareStringA
0x41d0f0 GetCurrentThreadId
0x41d0f4 GetCPInfoExA
0x41d0f8 GetVersionExA
0x41d0fc UnregisterWaitEx
0x41d100 CopyFileExA
0x41d104 FlushFileBuffers
0x41d108 CloseHandle
0x41d10c MultiByteToWideChar
0x41d110 GetStartupInfoW
0x41d114 HeapValidate
0x41d118 IsBadReadPtr
0x41d11c RaiseException
0x41d120 DeleteCriticalSection
0x41d124 EnterCriticalSection
0x41d128 LeaveCriticalSection
0x41d12c GetModuleFileNameW
0x41d130 GetACP
0x41d134 GetOEMCP
0x41d138 IsValidCodePage
0x41d13c TlsGetValue
0x41d140 TlsAlloc
0x41d144 TlsFree
0x41d148 SetLastError
0x41d14c SetUnhandledExceptionFilter
0x41d150 QueryPerformanceCounter
0x41d154 GetCurrentProcessId
0x41d158 GetSystemTimeAsFileTime
0x41d15c Sleep
0x41d160 ExitProcess
0x41d164 GetEnvironmentStringsW
0x41d168 SetHandleCount
0x41d16c GetFileType
0x41d170 HeapDestroy
0x41d174 HeapCreate
0x41d178 HeapFree
0x41d17c VirtualFree
0x41d180 GetModuleFileNameA
0x41d184 WriteFile
0x41d188 TerminateProcess
0x41d18c GetCurrentProcess
0x41d190 UnhandledExceptionFilter
0x41d194 IsDebuggerPresent
0x41d198 HeapSize
0x41d19c HeapReAlloc
0x41d1a0 VirtualAlloc
0x41d1a4 RtlUnwind
0x41d1a8 InitializeCriticalSectionAndSpinCount
0x41d1ac DebugBreak
0x41d1b0 OutputDebugStringA
0x41d1b4 WriteConsoleW
0x41d1b8 OutputDebugStringW
0x41d1bc WideCharToMultiByte
0x41d1c0 LCMapStringW
0x41d1c4 GetStringTypeA
0x41d1c8 GetLocaleInfoA
0x41d1cc LoadLibraryA
0x41d1d0 SetFilePointer
0x41d1d4 GetConsoleCP
0x41d1d8 GetConsoleMode
0x41d1dc SetStdHandle
0x41d1e0 WriteConsoleA
0x41d1e4 GetConsoleOutputCP
0x41d1e8 CreateFileA
USER32.dll
0x41d1f0 GetCursorInfo
WINHTTP.dll
0x41d1f8 WinHttpCloseHandle
EAT(Export Address Table) is none