ScreenShot
| Created | 2021.09.21 18:10 | Machine | s1_win7_x6401 |
| Filename | 428558fcf4133715cf08d2fdf904b35f3c5e47dadbb5128b43785648688abfa1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 59 detected (AIDetect, malware1, Mansabo, trFy, malicious, high confidence, score, Trickster, TrickBot, Save, confidence, 100%, Kryptik, FYCJ, iaoyyg, Generic@ML, RDML, 8gDeLmCy13QY0g5lKAkzAA, Malware@#wgnmfhr65pvr, AGEN, Trick, TSPY, GOLROTED, GenericRXCZ, R + Troj, Trikbot, ASMalwS, kcloud, Skeeyah, ai score=100, BScope, Unsafe, Pciz, GenAsa, 0CEqU9iCyHA, Static AI, Malicious PE, GenKryptik, BCDU, ZexaF, FqW@aiPr4pmG, GdSda, susgen) | ||
| md5 | 4849ab316b3dcde68a2a23c22dee2d98 | ||
| sha256 | 428558fcf4133715cf08d2fdf904b35f3c5e47dadbb5128b43785648688abfa1 | ||
| ssdeep | 6144:GmWhfxau8aL2lDSqF6TbuxbpWHVZTfv3bexsVQs2tZfG/NecanqvkP7j:0hfx7InEr/zTAsrfNeq6X | ||
| imphash | 15a92363039fb41362406845afb153a0 | ||
| impfuzzy | 48:0+JF09inB6Uy/KA/Svlj3XKC4LQZXmCrzZD5AGlECOB8tkn++Aw4e:Y86ekJ++L4e | ||
Network IP location
Signature (10cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 59 AntiVirus engines on VirusTotal as malicious |
| watch | Detects Avast Antivirus through the presence of a library |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Creates a suspicious process |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable uses a known packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x4460ac TranslateMessage
0x4460b0 LoadCursorW
0x4460b4 DispatchMessageW
0x4460b8 GetMessageW
0x4460bc RegisterClassExW
0x4460c0 MoveWindow
0x4460c4 PostQuitMessage
0x4460c8 DialogBoxParamW
0x4460cc DefWindowProcW
0x4460d0 DestroyWindow
0x4460d4 EndDialog
0x4460d8 SendMessageW
0x4460dc LoadStringW
0x4460e0 wsprintfW
0x4460e4 CreateWindowExW
0x4460e8 ShowWindow
0x4460ec UpdateWindow
0x4460f0 LoadCursorA
0x4460f4 GetWindowRect
0x4460f8 InvalidateRect
0x4460fc RemovePropA
0x446100 SetMenu
0x446104 PtInRect
0x446108 GetDesktopWindow
0x44610c SetScrollRange
0x446110 GetActiveWindow
0x446114 ScreenToClient
0x446118 RedrawWindow
0x44611c GetDlgCtrlID
0x446120 GetScrollRange
0x446124 GetWindowTextA
0x446128 GetScrollInfo
0x44612c GetWindowLongA
0x446130 GetClassNameA
KERNEL32.dll
0x446008 VirtualAlloc
0x44600c HeapAlloc
0x446010 HeapFree
0x446014 WriteFile
0x446018 RtlUnwind
0x44601c VirtualFree
0x446020 HeapCreate
0x446024 HeapDestroy
0x446028 GetFileType
0x44602c GetStdHandle
0x446030 SetHandleCount
0x446034 GetOEMCP
0x446038 GetACP
0x44603c GetProcAddress
0x446040 WideCharToMultiByte
0x446044 GetEnvironmentStringsW
0x446048 GetEnvironmentStrings
0x44604c FreeEnvironmentStringsW
0x446050 FreeEnvironmentStringsA
0x446054 GetModuleFileNameA
0x446058 UnhandledExceptionFilter
0x44605c GetCurrentProcess
0x446060 TerminateProcess
0x446064 ExitProcess
0x446068 GetVersion
0x44606c GetCommandLineA
0x446070 GetModuleHandleA
0x446074 GetCPInfo
0x446078 CreateFileA
0x44607c GetModuleHandleW
0x446080 GetCurrentDirectoryW
0x446084 GetStartupInfoA
0x446088 CloseHandle
0x44608c GetFileSize
0x446090 CreateFileMappingA
0x446094 LoadLibraryA
0x446098 GetLastError
0x44609c CreateFileW
GDI32.dll
0x446000 CreateCompatibleDC
SHELL32.dll
0x4460a4 ExtractIconW
EAT(Export Address Table) is none
USER32.dll
0x4460ac TranslateMessage
0x4460b0 LoadCursorW
0x4460b4 DispatchMessageW
0x4460b8 GetMessageW
0x4460bc RegisterClassExW
0x4460c0 MoveWindow
0x4460c4 PostQuitMessage
0x4460c8 DialogBoxParamW
0x4460cc DefWindowProcW
0x4460d0 DestroyWindow
0x4460d4 EndDialog
0x4460d8 SendMessageW
0x4460dc LoadStringW
0x4460e0 wsprintfW
0x4460e4 CreateWindowExW
0x4460e8 ShowWindow
0x4460ec UpdateWindow
0x4460f0 LoadCursorA
0x4460f4 GetWindowRect
0x4460f8 InvalidateRect
0x4460fc RemovePropA
0x446100 SetMenu
0x446104 PtInRect
0x446108 GetDesktopWindow
0x44610c SetScrollRange
0x446110 GetActiveWindow
0x446114 ScreenToClient
0x446118 RedrawWindow
0x44611c GetDlgCtrlID
0x446120 GetScrollRange
0x446124 GetWindowTextA
0x446128 GetScrollInfo
0x44612c GetWindowLongA
0x446130 GetClassNameA
KERNEL32.dll
0x446008 VirtualAlloc
0x44600c HeapAlloc
0x446010 HeapFree
0x446014 WriteFile
0x446018 RtlUnwind
0x44601c VirtualFree
0x446020 HeapCreate
0x446024 HeapDestroy
0x446028 GetFileType
0x44602c GetStdHandle
0x446030 SetHandleCount
0x446034 GetOEMCP
0x446038 GetACP
0x44603c GetProcAddress
0x446040 WideCharToMultiByte
0x446044 GetEnvironmentStringsW
0x446048 GetEnvironmentStrings
0x44604c FreeEnvironmentStringsW
0x446050 FreeEnvironmentStringsA
0x446054 GetModuleFileNameA
0x446058 UnhandledExceptionFilter
0x44605c GetCurrentProcess
0x446060 TerminateProcess
0x446064 ExitProcess
0x446068 GetVersion
0x44606c GetCommandLineA
0x446070 GetModuleHandleA
0x446074 GetCPInfo
0x446078 CreateFileA
0x44607c GetModuleHandleW
0x446080 GetCurrentDirectoryW
0x446084 GetStartupInfoA
0x446088 CloseHandle
0x44608c GetFileSize
0x446090 CreateFileMappingA
0x446094 LoadLibraryA
0x446098 GetLastError
0x44609c CreateFileW
GDI32.dll
0x446000 CreateCompatibleDC
SHELL32.dll
0x4460a4 ExtractIconW
EAT(Export Address Table) is none