ScreenShot
| Created | 2021.09.19 11:17 | Machine | s1_win7_x6401 |
| Filename | xxxx1_2021-09-14_09-27.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 47 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Starter, ali2000005, Kryptik, HMLX, Cutwail, jbesoa, DropperX, Tool, Static AI, Malicious PE, kcloud, StopCrypt, XGXYJ9, score, Ransomware, R441558, Convagent, 0NA103II21, CLASSIC, GenericKDZ, ZexaF, suW@aeGkMRdO, GdSda, confidence, 100%, susgen) | ||
| md5 | f343214355c07ba17b3726491847787a | ||
| sha256 | 02fe1e05ca2f07215863e2a1fb3b5a00964ed07ffa2ddee45cf6ee8af10aff90 | ||
| ssdeep | 6144:9sKillpNgJIzn99svrlpjg4eBJdDrgKWMlj:zCngJIzn8vrlpk4eC4j | ||
| imphash | aed329e4dacd07dcd744859ead4f9693 | ||
| impfuzzy | 48:CuO9fKwX1btdP5CeI6I3Sc0aEaftgOc+2m40IPEi:u9fNX1jPQeI6gSc9EaftgOc+t40IR | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 47 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x401f000 GetCommandLineW
0x401f004 FileTimeToDosDateTime
0x401f008 GetNativeSystemInfo
0x401f00c TlsGetValue
0x401f010 GetStringTypeA
0x401f014 HeapAlloc
0x401f018 InterlockedIncrement
0x401f01c GetCommState
0x401f020 ReadConsoleA
0x401f024 GlobalSize
0x401f028 GetSystemWindowsDirectoryW
0x401f02c GlobalLock
0x401f030 SetHandleInformation
0x401f034 CancelWaitableTimer
0x401f038 GetModuleHandleW
0x401f03c EnumResourceTypesA
0x401f040 ActivateActCtx
0x401f044 LoadLibraryW
0x401f048 TerminateThread
0x401f04c GetConsoleAliasExesLengthW
0x401f050 EnumResourceLanguagesA
0x401f054 GetCompressedFileSizeA
0x401f058 GetSystemDirectoryA
0x401f05c CompareStringW
0x401f060 lstrlenW
0x401f064 SetThreadPriority
0x401f068 WritePrivateProfileStringW
0x401f06c DeactivateActCtx
0x401f070 GetNamedPipeHandleStateW
0x401f074 GetPrivateProfileIntW
0x401f078 VerifyVersionInfoW
0x401f07c CreateDirectoryA
0x401f080 InterlockedExchange
0x401f084 SetCurrentDirectoryA
0x401f088 GetStartupInfoA
0x401f08c GetCPInfoExW
0x401f090 GetLastError
0x401f094 GetThreadLocale
0x401f098 GetProcAddress
0x401f09c GetProcessHeaps
0x401f0a0 SetStdHandle
0x401f0a4 EnterCriticalSection
0x401f0a8 DisableThreadLibraryCalls
0x401f0ac GetPrivateProfileStringA
0x401f0b0 LoadLibraryA
0x401f0b4 LocalAlloc
0x401f0b8 SetSystemTime
0x401f0bc SetEnvironmentVariableA
0x401f0c0 GetOEMCP
0x401f0c4 Process32NextW
0x401f0c8 FindNextFileA
0x401f0cc WriteProfileStringA
0x401f0d0 FindFirstChangeNotificationA
0x401f0d4 QueryMemoryResourceNotification
0x401f0d8 FreeEnvironmentStringsW
0x401f0dc WriteProfileStringW
0x401f0e0 GetCurrentDirectoryA
0x401f0e4 GetCurrentThreadId
0x401f0e8 FindAtomW
0x401f0ec UnregisterWaitEx
0x401f0f0 GetSystemTime
0x401f0f4 GetProfileSectionW
0x401f0f8 LCMapStringW
0x401f0fc CopyFileExA
0x401f100 GetVolumeInformationW
0x401f104 CreateFileA
0x401f108 GetConsoleOutputCP
0x401f10c MultiByteToWideChar
0x401f110 GetStartupInfoW
0x401f114 HeapValidate
0x401f118 IsBadReadPtr
0x401f11c RaiseException
0x401f120 LeaveCriticalSection
0x401f124 TerminateProcess
0x401f128 GetCurrentProcess
0x401f12c UnhandledExceptionFilter
0x401f130 SetUnhandledExceptionFilter
0x401f134 IsDebuggerPresent
0x401f138 GetModuleFileNameW
0x401f13c DeleteCriticalSection
0x401f140 InterlockedDecrement
0x401f144 GetACP
0x401f148 GetCPInfo
0x401f14c IsValidCodePage
0x401f150 TlsAlloc
0x401f154 TlsSetValue
0x401f158 TlsFree
0x401f15c SetLastError
0x401f160 QueryPerformanceCounter
0x401f164 GetTickCount
0x401f168 GetCurrentProcessId
0x401f16c GetSystemTimeAsFileTime
0x401f170 Sleep
0x401f174 ExitProcess
0x401f178 GetEnvironmentStringsW
0x401f17c SetHandleCount
0x401f180 GetStdHandle
0x401f184 GetFileType
0x401f188 HeapDestroy
0x401f18c HeapCreate
0x401f190 HeapFree
0x401f194 VirtualFree
0x401f198 GetModuleFileNameA
0x401f19c WriteFile
0x401f1a0 HeapSize
0x401f1a4 HeapReAlloc
0x401f1a8 VirtualAlloc
0x401f1ac RtlUnwind
0x401f1b0 WideCharToMultiByte
0x401f1b4 DebugBreak
0x401f1b8 OutputDebugStringA
0x401f1bc WriteConsoleW
0x401f1c0 OutputDebugStringW
0x401f1c4 InitializeCriticalSectionAndSpinCount
0x401f1c8 LCMapStringA
0x401f1cc GetStringTypeW
0x401f1d0 GetLocaleInfoA
0x401f1d4 FlushFileBuffers
0x401f1d8 GetConsoleCP
0x401f1dc GetConsoleMode
0x401f1e0 SetFilePointer
0x401f1e4 CloseHandle
0x401f1e8 WriteConsoleA
USER32.dll
0x401f1f0 GetMenuItemID
WINHTTP.dll
0x401f1f8 WinHttpWriteData
EAT(Export Address Table) is none
KERNEL32.dll
0x401f000 GetCommandLineW
0x401f004 FileTimeToDosDateTime
0x401f008 GetNativeSystemInfo
0x401f00c TlsGetValue
0x401f010 GetStringTypeA
0x401f014 HeapAlloc
0x401f018 InterlockedIncrement
0x401f01c GetCommState
0x401f020 ReadConsoleA
0x401f024 GlobalSize
0x401f028 GetSystemWindowsDirectoryW
0x401f02c GlobalLock
0x401f030 SetHandleInformation
0x401f034 CancelWaitableTimer
0x401f038 GetModuleHandleW
0x401f03c EnumResourceTypesA
0x401f040 ActivateActCtx
0x401f044 LoadLibraryW
0x401f048 TerminateThread
0x401f04c GetConsoleAliasExesLengthW
0x401f050 EnumResourceLanguagesA
0x401f054 GetCompressedFileSizeA
0x401f058 GetSystemDirectoryA
0x401f05c CompareStringW
0x401f060 lstrlenW
0x401f064 SetThreadPriority
0x401f068 WritePrivateProfileStringW
0x401f06c DeactivateActCtx
0x401f070 GetNamedPipeHandleStateW
0x401f074 GetPrivateProfileIntW
0x401f078 VerifyVersionInfoW
0x401f07c CreateDirectoryA
0x401f080 InterlockedExchange
0x401f084 SetCurrentDirectoryA
0x401f088 GetStartupInfoA
0x401f08c GetCPInfoExW
0x401f090 GetLastError
0x401f094 GetThreadLocale
0x401f098 GetProcAddress
0x401f09c GetProcessHeaps
0x401f0a0 SetStdHandle
0x401f0a4 EnterCriticalSection
0x401f0a8 DisableThreadLibraryCalls
0x401f0ac GetPrivateProfileStringA
0x401f0b0 LoadLibraryA
0x401f0b4 LocalAlloc
0x401f0b8 SetSystemTime
0x401f0bc SetEnvironmentVariableA
0x401f0c0 GetOEMCP
0x401f0c4 Process32NextW
0x401f0c8 FindNextFileA
0x401f0cc WriteProfileStringA
0x401f0d0 FindFirstChangeNotificationA
0x401f0d4 QueryMemoryResourceNotification
0x401f0d8 FreeEnvironmentStringsW
0x401f0dc WriteProfileStringW
0x401f0e0 GetCurrentDirectoryA
0x401f0e4 GetCurrentThreadId
0x401f0e8 FindAtomW
0x401f0ec UnregisterWaitEx
0x401f0f0 GetSystemTime
0x401f0f4 GetProfileSectionW
0x401f0f8 LCMapStringW
0x401f0fc CopyFileExA
0x401f100 GetVolumeInformationW
0x401f104 CreateFileA
0x401f108 GetConsoleOutputCP
0x401f10c MultiByteToWideChar
0x401f110 GetStartupInfoW
0x401f114 HeapValidate
0x401f118 IsBadReadPtr
0x401f11c RaiseException
0x401f120 LeaveCriticalSection
0x401f124 TerminateProcess
0x401f128 GetCurrentProcess
0x401f12c UnhandledExceptionFilter
0x401f130 SetUnhandledExceptionFilter
0x401f134 IsDebuggerPresent
0x401f138 GetModuleFileNameW
0x401f13c DeleteCriticalSection
0x401f140 InterlockedDecrement
0x401f144 GetACP
0x401f148 GetCPInfo
0x401f14c IsValidCodePage
0x401f150 TlsAlloc
0x401f154 TlsSetValue
0x401f158 TlsFree
0x401f15c SetLastError
0x401f160 QueryPerformanceCounter
0x401f164 GetTickCount
0x401f168 GetCurrentProcessId
0x401f16c GetSystemTimeAsFileTime
0x401f170 Sleep
0x401f174 ExitProcess
0x401f178 GetEnvironmentStringsW
0x401f17c SetHandleCount
0x401f180 GetStdHandle
0x401f184 GetFileType
0x401f188 HeapDestroy
0x401f18c HeapCreate
0x401f190 HeapFree
0x401f194 VirtualFree
0x401f198 GetModuleFileNameA
0x401f19c WriteFile
0x401f1a0 HeapSize
0x401f1a4 HeapReAlloc
0x401f1a8 VirtualAlloc
0x401f1ac RtlUnwind
0x401f1b0 WideCharToMultiByte
0x401f1b4 DebugBreak
0x401f1b8 OutputDebugStringA
0x401f1bc WriteConsoleW
0x401f1c0 OutputDebugStringW
0x401f1c4 InitializeCriticalSectionAndSpinCount
0x401f1c8 LCMapStringA
0x401f1cc GetStringTypeW
0x401f1d0 GetLocaleInfoA
0x401f1d4 FlushFileBuffers
0x401f1d8 GetConsoleCP
0x401f1dc GetConsoleMode
0x401f1e0 SetFilePointer
0x401f1e4 CloseHandle
0x401f1e8 WriteConsoleA
USER32.dll
0x401f1f0 GetMenuItemID
WINHTTP.dll
0x401f1f8 WinHttpWriteData
EAT(Export Address Table) is none