ScreenShot
| Created | 2021.09.15 09:43 | Machine | s1_win7_x6401 |
| Filename | raccon.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 28 detected (AIDetect, malware1, malicious, high confidence, Fragtor, Unsafe, Save, ZexaF, Cq0@aK, A3dcG, Kryptik, Eldorado, Sabsik, score, ai score=86, Static AI, Malicious PE, susgen, confidence, 100%) | ||
| md5 | dea12cd62b3999b22534da85f839e6c3 | ||
| sha256 | e362ff19225dee202db8f9c45d6e29059d8ab664f9bb7253df0f6359d68a9489 | ||
| ssdeep | 12288:HWLklwlxdlkkDCksY40nyRKM/TD1Q27bt:9lGV1EgyRKM1Q2V | ||
| imphash | 0a5d1e29118a384817b14a8b7f0455b3 | ||
| impfuzzy | 24:LbIc0ZWEJ55DYeOTb0AhgOltgdYE7/J3Jpiyv4OT43jMFl9PuvX:3qZWIoR5ltgrVLbpckzu/ | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x461008 FindActCtxSectionGuid
0x46100c InterlockedDecrement
0x461010 GetCurrentProcess
0x461014 GetEnvironmentStringsW
0x461018 GetUserDefaultLCID
0x46101c ReadConsoleW
0x461020 FindActCtxSectionStringA
0x461024 GetSystemWindowsDirectoryA
0x461028 LeaveCriticalSection
0x46102c GetLocaleInfoA
0x461030 WriteConsoleW
0x461034 GetModuleFileNameW
0x461038 GetConsoleOutputCP
0x46103c GetProcAddress
0x461040 EnterCriticalSection
0x461044 PrepareTape
0x461048 LocalAlloc
0x46104c WaitForMultipleObjects
0x461050 SetSystemTime
0x461054 GetModuleFileNameA
0x461058 SetConsoleTitleW
0x46105c GetModuleHandleA
0x461060 FindFirstVolumeA
0x461064 AddConsoleAliasA
0x461068 GetProfileSectionW
0x46106c PulseEvent
0x461070 VerifyVersionInfoA
0x461074 GetCommandLineW
0x461078 HeapAlloc
0x46107c GetStartupInfoW
0x461080 TerminateProcess
0x461084 UnhandledExceptionFilter
0x461088 SetUnhandledExceptionFilter
0x46108c IsDebuggerPresent
0x461090 DeleteCriticalSection
0x461094 HeapFree
0x461098 VirtualFree
0x46109c VirtualAlloc
0x4610a0 HeapReAlloc
0x4610a4 HeapCreate
0x4610a8 GetModuleHandleW
0x4610ac Sleep
0x4610b0 ExitProcess
0x4610b4 WriteFile
0x4610b8 GetStdHandle
0x4610bc TlsGetValue
0x4610c0 TlsAlloc
0x4610c4 TlsSetValue
0x4610c8 TlsFree
0x4610cc InterlockedIncrement
0x4610d0 SetLastError
0x4610d4 GetCurrentThreadId
0x4610d8 GetLastError
0x4610dc HeapSize
0x4610e0 RtlUnwind
0x4610e4 SetHandleCount
0x4610e8 GetFileType
0x4610ec GetStartupInfoA
0x4610f0 SetFilePointer
0x4610f4 CloseHandle
0x4610f8 FreeEnvironmentStringsW
0x4610fc QueryPerformanceCounter
0x461100 GetTickCount
0x461104 GetCurrentProcessId
0x461108 GetSystemTimeAsFileTime
0x46110c WideCharToMultiByte
0x461110 GetConsoleCP
0x461114 GetConsoleMode
0x461118 GetCPInfo
0x46111c GetACP
0x461120 GetOEMCP
0x461124 IsValidCodePage
0x461128 InitializeCriticalSectionAndSpinCount
0x46112c LoadLibraryA
0x461130 CreateFileA
0x461134 RaiseException
0x461138 SetStdHandle
0x46113c FlushFileBuffers
0x461140 WriteConsoleA
0x461144 MultiByteToWideChar
0x461148 LCMapStringA
0x46114c LCMapStringW
0x461150 GetStringTypeA
0x461154 GetStringTypeW
0x461158 SetEndOfFile
0x46115c GetProcessHeap
0x461160 ReadFile
GDI32.dll
0x461000 GetCharWidthFloatW
EAT(Export Address Table) Library
0x401000 @SetViceVariants@12
KERNEL32.dll
0x461008 FindActCtxSectionGuid
0x46100c InterlockedDecrement
0x461010 GetCurrentProcess
0x461014 GetEnvironmentStringsW
0x461018 GetUserDefaultLCID
0x46101c ReadConsoleW
0x461020 FindActCtxSectionStringA
0x461024 GetSystemWindowsDirectoryA
0x461028 LeaveCriticalSection
0x46102c GetLocaleInfoA
0x461030 WriteConsoleW
0x461034 GetModuleFileNameW
0x461038 GetConsoleOutputCP
0x46103c GetProcAddress
0x461040 EnterCriticalSection
0x461044 PrepareTape
0x461048 LocalAlloc
0x46104c WaitForMultipleObjects
0x461050 SetSystemTime
0x461054 GetModuleFileNameA
0x461058 SetConsoleTitleW
0x46105c GetModuleHandleA
0x461060 FindFirstVolumeA
0x461064 AddConsoleAliasA
0x461068 GetProfileSectionW
0x46106c PulseEvent
0x461070 VerifyVersionInfoA
0x461074 GetCommandLineW
0x461078 HeapAlloc
0x46107c GetStartupInfoW
0x461080 TerminateProcess
0x461084 UnhandledExceptionFilter
0x461088 SetUnhandledExceptionFilter
0x46108c IsDebuggerPresent
0x461090 DeleteCriticalSection
0x461094 HeapFree
0x461098 VirtualFree
0x46109c VirtualAlloc
0x4610a0 HeapReAlloc
0x4610a4 HeapCreate
0x4610a8 GetModuleHandleW
0x4610ac Sleep
0x4610b0 ExitProcess
0x4610b4 WriteFile
0x4610b8 GetStdHandle
0x4610bc TlsGetValue
0x4610c0 TlsAlloc
0x4610c4 TlsSetValue
0x4610c8 TlsFree
0x4610cc InterlockedIncrement
0x4610d0 SetLastError
0x4610d4 GetCurrentThreadId
0x4610d8 GetLastError
0x4610dc HeapSize
0x4610e0 RtlUnwind
0x4610e4 SetHandleCount
0x4610e8 GetFileType
0x4610ec GetStartupInfoA
0x4610f0 SetFilePointer
0x4610f4 CloseHandle
0x4610f8 FreeEnvironmentStringsW
0x4610fc QueryPerformanceCounter
0x461100 GetTickCount
0x461104 GetCurrentProcessId
0x461108 GetSystemTimeAsFileTime
0x46110c WideCharToMultiByte
0x461110 GetConsoleCP
0x461114 GetConsoleMode
0x461118 GetCPInfo
0x46111c GetACP
0x461120 GetOEMCP
0x461124 IsValidCodePage
0x461128 InitializeCriticalSectionAndSpinCount
0x46112c LoadLibraryA
0x461130 CreateFileA
0x461134 RaiseException
0x461138 SetStdHandle
0x46113c FlushFileBuffers
0x461140 WriteConsoleA
0x461144 MultiByteToWideChar
0x461148 LCMapStringA
0x46114c LCMapStringW
0x461150 GetStringTypeA
0x461154 GetStringTypeW
0x461158 SetEndOfFile
0x46115c GetProcessHeap
0x461160 ReadFile
GDI32.dll
0x461000 GetCharWidthFloatW
EAT(Export Address Table) Library
0x401000 @SetViceVariants@12