ScreenShot
| Created | 2021.09.20 09:50 | Machine | s1_win7_x6402 |
| Filename | 14.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 37 detected (AIDetect, malware2, malicious, high confidence, Fragtor, GenericRXAA, Unsafe, Save, ZexaF, tuW@aufdDVkO, Attribute, HighConfidence, Kryptik, HMNK, Injuke, PWSX, Static AI, Malicious PE, susgen, RedLine, score, MalPE, R442032, Azorult, ai score=88, CLASSIC, Glupteba, HMNI, GdSda, confidence, 100%) | ||
| md5 | 25b544886f92efc35d16afae0ccbe885 | ||
| sha256 | cd517a0b8edbf878a10147ece991468cd24a8e8dc17ad7afa098c82894a7ee63 | ||
| ssdeep | 6144:nJZQqHG9EOclBo6k3uoCfr2afGK5mAYK6Q3zLgjVIYSZ09:JZ3OclBoaoCfrHfG5DqMOX | ||
| imphash | 1bd6d269463cc591268b8d14694f5ae5 | ||
| impfuzzy | 48:CkcsOGOYQjg6dLXaB6FzqSzaEBqHKtq/Jc2rE:2dZHg2LXaBUzqS2EBeKtq/Jc2rE | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 37 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41d000 GetCommandLineW
0x41d004 GetThreadContext
0x41d008 UnregisterWait
0x41d00c DosDateTimeToFileTime
0x41d010 FindFirstChangeNotificationW
0x41d014 CopyFileExW
0x41d018 CallNamedPipeA
0x41d01c HeapAlloc
0x41d020 SetWaitableTimer
0x41d024 InterlockedIncrement
0x41d028 InterlockedDecrement
0x41d02c GlobalLock
0x41d030 GetProfileStringW
0x41d034 FreeEnvironmentStringsA
0x41d038 CreateNamedPipeW
0x41d03c LocalFlags
0x41d040 SetCommState
0x41d044 SetProcessPriorityBoost
0x41d048 GetSystemTimes
0x41d04c ActivateActCtx
0x41d050 GlobalAlloc
0x41d054 GetPrivateProfileIntA
0x41d058 GetSystemDirectoryW
0x41d05c GetVolumeInformationA
0x41d060 LoadLibraryW
0x41d064 TerminateThread
0x41d068 LeaveCriticalSection
0x41d06c VerifyVersionInfoA
0x41d070 IsDBCSLeadByte
0x41d074 GetCompressedFileSizeA
0x41d078 lstrlenW
0x41d07c LCMapStringA
0x41d080 InterlockedExchange
0x41d084 GetStartupInfoA
0x41d088 SetThreadLocale
0x41d08c GetCPInfoExW
0x41d090 GetLastError
0x41d094 SetLastError
0x41d098 GetProcAddress
0x41d09c SetStdHandle
0x41d0a0 DisableThreadLibraryCalls
0x41d0a4 LoadLibraryA
0x41d0a8 WritePrivateProfileStringA
0x41d0ac FindAtomA
0x41d0b0 GetModuleFileNameA
0x41d0b4 GetThreadPriority
0x41d0b8 CreateIoCompletionPort
0x41d0bc GetModuleHandleA
0x41d0c0 QueryMemoryResourceNotification
0x41d0c4 HeapSetInformation
0x41d0c8 FreeEnvironmentStringsW
0x41d0cc FindNextFileW
0x41d0d0 WriteProfileStringW
0x41d0d4 GetCurrentDirectoryA
0x41d0d8 GetCurrentThreadId
0x41d0dc TlsAlloc
0x41d0e0 LocalSize
0x41d0e4 EnumResourceLanguagesW
0x41d0e8 GetSystemTime
0x41d0ec GetProfileSectionW
0x41d0f0 GetStartupInfoW
0x41d0f4 HeapValidate
0x41d0f8 IsBadReadPtr
0x41d0fc RaiseException
0x41d100 EnterCriticalSection
0x41d104 GetFileType
0x41d108 WriteFile
0x41d10c WideCharToMultiByte
0x41d110 GetConsoleCP
0x41d114 GetConsoleMode
0x41d118 GetModuleHandleW
0x41d11c Sleep
0x41d120 ExitProcess
0x41d124 TlsGetValue
0x41d128 TlsSetValue
0x41d12c TlsFree
0x41d130 TerminateProcess
0x41d134 GetCurrentProcess
0x41d138 UnhandledExceptionFilter
0x41d13c SetUnhandledExceptionFilter
0x41d140 IsDebuggerPresent
0x41d144 GetModuleFileNameW
0x41d148 RtlUnwind
0x41d14c GetACP
0x41d150 GetOEMCP
0x41d154 GetCPInfo
0x41d158 IsValidCodePage
0x41d15c DeleteCriticalSection
0x41d160 QueryPerformanceCounter
0x41d164 GetTickCount
0x41d168 GetCurrentProcessId
0x41d16c GetSystemTimeAsFileTime
0x41d170 GetEnvironmentStringsW
0x41d174 SetHandleCount
0x41d178 GetStdHandle
0x41d17c HeapDestroy
0x41d180 HeapCreate
0x41d184 HeapFree
0x41d188 VirtualFree
0x41d18c HeapSize
0x41d190 HeapReAlloc
0x41d194 VirtualAlloc
0x41d198 InitializeCriticalSectionAndSpinCount
0x41d19c WriteConsoleA
0x41d1a0 GetConsoleOutputCP
0x41d1a4 WriteConsoleW
0x41d1a8 MultiByteToWideChar
0x41d1ac SetFilePointer
0x41d1b0 GetStringTypeA
0x41d1b4 GetStringTypeW
0x41d1b8 GetLocaleInfoA
0x41d1bc DebugBreak
0x41d1c0 OutputDebugStringA
0x41d1c4 OutputDebugStringW
0x41d1c8 LCMapStringW
0x41d1cc CreateFileA
0x41d1d0 CloseHandle
0x41d1d4 FlushFileBuffers
EAT(Export Address Table) is none
KERNEL32.dll
0x41d000 GetCommandLineW
0x41d004 GetThreadContext
0x41d008 UnregisterWait
0x41d00c DosDateTimeToFileTime
0x41d010 FindFirstChangeNotificationW
0x41d014 CopyFileExW
0x41d018 CallNamedPipeA
0x41d01c HeapAlloc
0x41d020 SetWaitableTimer
0x41d024 InterlockedIncrement
0x41d028 InterlockedDecrement
0x41d02c GlobalLock
0x41d030 GetProfileStringW
0x41d034 FreeEnvironmentStringsA
0x41d038 CreateNamedPipeW
0x41d03c LocalFlags
0x41d040 SetCommState
0x41d044 SetProcessPriorityBoost
0x41d048 GetSystemTimes
0x41d04c ActivateActCtx
0x41d050 GlobalAlloc
0x41d054 GetPrivateProfileIntA
0x41d058 GetSystemDirectoryW
0x41d05c GetVolumeInformationA
0x41d060 LoadLibraryW
0x41d064 TerminateThread
0x41d068 LeaveCriticalSection
0x41d06c VerifyVersionInfoA
0x41d070 IsDBCSLeadByte
0x41d074 GetCompressedFileSizeA
0x41d078 lstrlenW
0x41d07c LCMapStringA
0x41d080 InterlockedExchange
0x41d084 GetStartupInfoA
0x41d088 SetThreadLocale
0x41d08c GetCPInfoExW
0x41d090 GetLastError
0x41d094 SetLastError
0x41d098 GetProcAddress
0x41d09c SetStdHandle
0x41d0a0 DisableThreadLibraryCalls
0x41d0a4 LoadLibraryA
0x41d0a8 WritePrivateProfileStringA
0x41d0ac FindAtomA
0x41d0b0 GetModuleFileNameA
0x41d0b4 GetThreadPriority
0x41d0b8 CreateIoCompletionPort
0x41d0bc GetModuleHandleA
0x41d0c0 QueryMemoryResourceNotification
0x41d0c4 HeapSetInformation
0x41d0c8 FreeEnvironmentStringsW
0x41d0cc FindNextFileW
0x41d0d0 WriteProfileStringW
0x41d0d4 GetCurrentDirectoryA
0x41d0d8 GetCurrentThreadId
0x41d0dc TlsAlloc
0x41d0e0 LocalSize
0x41d0e4 EnumResourceLanguagesW
0x41d0e8 GetSystemTime
0x41d0ec GetProfileSectionW
0x41d0f0 GetStartupInfoW
0x41d0f4 HeapValidate
0x41d0f8 IsBadReadPtr
0x41d0fc RaiseException
0x41d100 EnterCriticalSection
0x41d104 GetFileType
0x41d108 WriteFile
0x41d10c WideCharToMultiByte
0x41d110 GetConsoleCP
0x41d114 GetConsoleMode
0x41d118 GetModuleHandleW
0x41d11c Sleep
0x41d120 ExitProcess
0x41d124 TlsGetValue
0x41d128 TlsSetValue
0x41d12c TlsFree
0x41d130 TerminateProcess
0x41d134 GetCurrentProcess
0x41d138 UnhandledExceptionFilter
0x41d13c SetUnhandledExceptionFilter
0x41d140 IsDebuggerPresent
0x41d144 GetModuleFileNameW
0x41d148 RtlUnwind
0x41d14c GetACP
0x41d150 GetOEMCP
0x41d154 GetCPInfo
0x41d158 IsValidCodePage
0x41d15c DeleteCriticalSection
0x41d160 QueryPerformanceCounter
0x41d164 GetTickCount
0x41d168 GetCurrentProcessId
0x41d16c GetSystemTimeAsFileTime
0x41d170 GetEnvironmentStringsW
0x41d174 SetHandleCount
0x41d178 GetStdHandle
0x41d17c HeapDestroy
0x41d180 HeapCreate
0x41d184 HeapFree
0x41d188 VirtualFree
0x41d18c HeapSize
0x41d190 HeapReAlloc
0x41d194 VirtualAlloc
0x41d198 InitializeCriticalSectionAndSpinCount
0x41d19c WriteConsoleA
0x41d1a0 GetConsoleOutputCP
0x41d1a4 WriteConsoleW
0x41d1a8 MultiByteToWideChar
0x41d1ac SetFilePointer
0x41d1b0 GetStringTypeA
0x41d1b4 GetStringTypeW
0x41d1b8 GetLocaleInfoA
0x41d1bc DebugBreak
0x41d1c0 OutputDebugStringA
0x41d1c4 OutputDebugStringW
0x41d1c8 LCMapStringW
0x41d1cc CreateFileA
0x41d1d0 CloseHandle
0x41d1d4 FlushFileBuffers
EAT(Export Address Table) is none