ScreenShot
| Created | 2021.09.16 18:33 | Machine | s1_win7_x6402 |
| Filename | rust.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 9 detected (Unsafe, Malicious, Generic ML PUA, Static AI, Malicious PE, Wacatac, score) | ||
| md5 | bb7a55020d96e929f6c92ddd42e54c18 | ||
| sha256 | 70c64a3f46820c47b44e30d3925165340735c7ce62ad124268820335ecc808be | ||
| ssdeep | 196608:KnqgDu1Vqje+OIso69vlq1z7MRci6i/W+lQc:KnqgDiUjUIJ6w3ur7/nQc | ||
| imphash | 138edddec260c1cf391735ffcbb813ae | ||
| impfuzzy | 12:WW1mkpuFoZ5f2Q4W2HY5W3cfaNDVdgdjknwfP9qZGoQtXJxZGb9AJcDfA5kLfP9m:z4oLf5+Yscf4Tgdj5aQtXJHc9NDI5Q8 | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 9 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140716000 K32EnumDeviceDrivers
SHELL32.dll
0x140716010 ShellExecuteExA
MSVCP140.dll
0x140716020 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
WININET.dll
0x140716030 InternetCheckConnectionA
VCRUNTIME140_1.dll
0x140716040 __CxxFrameHandler4
VCRUNTIME140.dll
0x140716050 memset
api-ms-win-crt-stdio-l1-1-0.dll
0x140716060 _get_stream_buffer_pointers
api-ms-win-crt-heap-l1-1-0.dll
0x140716070 free
api-ms-win-crt-math-l1-1-0.dll
0x140716080 _ldsign
api-ms-win-crt-filesystem-l1-1-0.dll
0x140716090 remove
api-ms-win-crt-runtime-l1-1-0.dll
0x1407160a0 _configure_narrow_argv
api-ms-win-crt-locale-l1-1-0.dll
0x1407160b0 ___lc_codepage_func
WTSAPI32.dll
0x1407160c0 WTSSendMessageW
KERNEL32.dll
0x1407160d0 GetSystemTimeAsFileTime
USER32.dll
0x1407160e0 GetUserObjectInformationW
KERNEL32.dll
0x1407160f0 LocalAlloc
0x1407160f8 LocalFree
0x140716100 GetModuleFileNameW
0x140716108 GetProcessAffinityMask
0x140716110 SetProcessAffinityMask
0x140716118 SetThreadAffinityMask
0x140716120 Sleep
0x140716128 ExitProcess
0x140716130 FreeLibrary
0x140716138 LoadLibraryA
0x140716140 GetModuleHandleA
0x140716148 GetProcAddress
USER32.dll
0x140716158 GetProcessWindowStation
0x140716160 GetUserObjectInformationW
EAT(Export Address Table) Library
KERNEL32.dll
0x140716000 K32EnumDeviceDrivers
SHELL32.dll
0x140716010 ShellExecuteExA
MSVCP140.dll
0x140716020 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
WININET.dll
0x140716030 InternetCheckConnectionA
VCRUNTIME140_1.dll
0x140716040 __CxxFrameHandler4
VCRUNTIME140.dll
0x140716050 memset
api-ms-win-crt-stdio-l1-1-0.dll
0x140716060 _get_stream_buffer_pointers
api-ms-win-crt-heap-l1-1-0.dll
0x140716070 free
api-ms-win-crt-math-l1-1-0.dll
0x140716080 _ldsign
api-ms-win-crt-filesystem-l1-1-0.dll
0x140716090 remove
api-ms-win-crt-runtime-l1-1-0.dll
0x1407160a0 _configure_narrow_argv
api-ms-win-crt-locale-l1-1-0.dll
0x1407160b0 ___lc_codepage_func
WTSAPI32.dll
0x1407160c0 WTSSendMessageW
KERNEL32.dll
0x1407160d0 GetSystemTimeAsFileTime
USER32.dll
0x1407160e0 GetUserObjectInformationW
KERNEL32.dll
0x1407160f0 LocalAlloc
0x1407160f8 LocalFree
0x140716100 GetModuleFileNameW
0x140716108 GetProcessAffinityMask
0x140716110 SetProcessAffinityMask
0x140716118 SetThreadAffinityMask
0x140716120 Sleep
0x140716128 ExitProcess
0x140716130 FreeLibrary
0x140716138 LoadLibraryA
0x140716140 GetModuleHandleA
0x140716148 GetProcAddress
USER32.dll
0x140716158 GetProcessWindowStation
0x140716160 GetUserObjectInformationW
EAT(Export Address Table) Library