ScreenShot
| Created | 2021.09.15 07:53 | Machine | s1_win7_x6402 |
| Filename | rxoes.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 23 detected (malicious, high confidence, Unsafe, Save, confidence, 100%, Kryptik, Eldorado, CLASSIC, Static AI, Malicious PE, susgen, Tnega, score, ZexaF, Fq0@aWcGoApG, MachineLearning, Anomalous) | ||
| md5 | 4bebe52555714d9eddd2203ba86e685e | ||
| sha256 | 84cb1084ca0ef1fe91c17b9f81878e670eb8883f37cd9cc32bb48ad93ab8cff5 | ||
| ssdeep | 12288:etbvbElfHyFDhUw0BhjUafFt94g+dWegQfv2oqh:e2lKFDKBrjU2heEUfv2t | ||
| imphash | e29fdb264def7dda465a7a289be86662 | ||
| impfuzzy | 24:00ZZZ0J6bhVdEDYeO8q7XOltgdYE7/J3JKjiyv4OT43jMbl9PuvjE:pZZZYa7dhRsltgrV4bpcOzuA | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x461010 GetCurrentProcess
0x461014 GetEnvironmentStringsW
0x461018 GetUserDefaultLCID
0x46101c GetSystemDefaultLCID
0x461020 ReadConsoleW
0x461024 GetSystemWindowsDirectoryA
0x461028 LeaveCriticalSection
0x46102c VerifyVersionInfoA
0x461030 WriteConsoleW
0x461034 FindActCtxSectionGuid
0x461038 GetACP
0x46103c GetConsoleOutputCP
0x461040 InterlockedExchange
0x461044 GetProcAddress
0x461048 EnterCriticalSection
0x46104c PrepareTape
0x461050 LocalAlloc
0x461054 GetModuleFileNameA
0x461058 SetConsoleTitleW
0x46105c GetModuleHandleA
0x461060 AddConsoleAliasA
0x461064 FindActCtxSectionStringW
0x461068 FindNextVolumeA
0x46106c GetSystemTime
0x461070 GetProfileSectionW
0x461074 GetLocaleInfoA
0x461078 PulseEvent
0x46107c GetModuleFileNameW
0x461080 GetCommandLineW
0x461084 HeapAlloc
0x461088 GetStartupInfoW
0x46108c TerminateProcess
0x461090 UnhandledExceptionFilter
0x461094 SetUnhandledExceptionFilter
0x461098 IsDebuggerPresent
0x46109c DeleteCriticalSection
0x4610a0 HeapFree
0x4610a4 VirtualFree
0x4610a8 VirtualAlloc
0x4610ac HeapReAlloc
0x4610b0 HeapCreate
0x4610b4 GetModuleHandleW
0x4610b8 Sleep
0x4610bc ExitProcess
0x4610c0 WriteFile
0x4610c4 GetStdHandle
0x4610c8 TlsGetValue
0x4610cc TlsAlloc
0x4610d0 TlsSetValue
0x4610d4 TlsFree
0x4610d8 InterlockedIncrement
0x4610dc SetLastError
0x4610e0 GetCurrentThreadId
0x4610e4 GetLastError
0x4610e8 InterlockedDecrement
0x4610ec HeapSize
0x4610f0 RtlUnwind
0x4610f4 SetHandleCount
0x4610f8 GetFileType
0x4610fc GetStartupInfoA
0x461100 SetFilePointer
0x461104 CloseHandle
0x461108 FreeEnvironmentStringsW
0x46110c QueryPerformanceCounter
0x461110 GetTickCount
0x461114 GetCurrentProcessId
0x461118 GetSystemTimeAsFileTime
0x46111c WideCharToMultiByte
0x461120 GetConsoleCP
0x461124 GetConsoleMode
0x461128 GetCPInfo
0x46112c GetOEMCP
0x461130 IsValidCodePage
0x461134 InitializeCriticalSectionAndSpinCount
0x461138 LoadLibraryA
0x46113c CreateFileA
0x461140 RaiseException
0x461144 SetStdHandle
0x461148 FlushFileBuffers
0x46114c WriteConsoleA
0x461150 MultiByteToWideChar
0x461154 LCMapStringA
0x461158 LCMapStringW
0x46115c GetStringTypeA
0x461160 GetStringTypeW
0x461164 SetEndOfFile
0x461168 GetProcessHeap
0x46116c ReadFile
GDI32.dll
0x461008 GetCharWidthFloatW
ADVAPI32.dll
0x461000 BackupEventLogA
EAT(Export Address Table) Library
0x401000 @GetAnotherVice@12
KERNEL32.dll
0x461010 GetCurrentProcess
0x461014 GetEnvironmentStringsW
0x461018 GetUserDefaultLCID
0x46101c GetSystemDefaultLCID
0x461020 ReadConsoleW
0x461024 GetSystemWindowsDirectoryA
0x461028 LeaveCriticalSection
0x46102c VerifyVersionInfoA
0x461030 WriteConsoleW
0x461034 FindActCtxSectionGuid
0x461038 GetACP
0x46103c GetConsoleOutputCP
0x461040 InterlockedExchange
0x461044 GetProcAddress
0x461048 EnterCriticalSection
0x46104c PrepareTape
0x461050 LocalAlloc
0x461054 GetModuleFileNameA
0x461058 SetConsoleTitleW
0x46105c GetModuleHandleA
0x461060 AddConsoleAliasA
0x461064 FindActCtxSectionStringW
0x461068 FindNextVolumeA
0x46106c GetSystemTime
0x461070 GetProfileSectionW
0x461074 GetLocaleInfoA
0x461078 PulseEvent
0x46107c GetModuleFileNameW
0x461080 GetCommandLineW
0x461084 HeapAlloc
0x461088 GetStartupInfoW
0x46108c TerminateProcess
0x461090 UnhandledExceptionFilter
0x461094 SetUnhandledExceptionFilter
0x461098 IsDebuggerPresent
0x46109c DeleteCriticalSection
0x4610a0 HeapFree
0x4610a4 VirtualFree
0x4610a8 VirtualAlloc
0x4610ac HeapReAlloc
0x4610b0 HeapCreate
0x4610b4 GetModuleHandleW
0x4610b8 Sleep
0x4610bc ExitProcess
0x4610c0 WriteFile
0x4610c4 GetStdHandle
0x4610c8 TlsGetValue
0x4610cc TlsAlloc
0x4610d0 TlsSetValue
0x4610d4 TlsFree
0x4610d8 InterlockedIncrement
0x4610dc SetLastError
0x4610e0 GetCurrentThreadId
0x4610e4 GetLastError
0x4610e8 InterlockedDecrement
0x4610ec HeapSize
0x4610f0 RtlUnwind
0x4610f4 SetHandleCount
0x4610f8 GetFileType
0x4610fc GetStartupInfoA
0x461100 SetFilePointer
0x461104 CloseHandle
0x461108 FreeEnvironmentStringsW
0x46110c QueryPerformanceCounter
0x461110 GetTickCount
0x461114 GetCurrentProcessId
0x461118 GetSystemTimeAsFileTime
0x46111c WideCharToMultiByte
0x461120 GetConsoleCP
0x461124 GetConsoleMode
0x461128 GetCPInfo
0x46112c GetOEMCP
0x461130 IsValidCodePage
0x461134 InitializeCriticalSectionAndSpinCount
0x461138 LoadLibraryA
0x46113c CreateFileA
0x461140 RaiseException
0x461144 SetStdHandle
0x461148 FlushFileBuffers
0x46114c WriteConsoleA
0x461150 MultiByteToWideChar
0x461154 LCMapStringA
0x461158 LCMapStringW
0x46115c GetStringTypeA
0x461160 GetStringTypeW
0x461164 SetEndOfFile
0x461168 GetProcessHeap
0x46116c ReadFile
GDI32.dll
0x461008 GetCharWidthFloatW
ADVAPI32.dll
0x461000 BackupEventLogA
EAT(Export Address Table) Library
0x401000 @GetAnotherVice@12