ScreenShot
| Created | 2021.09.22 09:46 | Machine | s1_win7_x6401 |
| Filename | sefile.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 27 detected (malicious, high confidence, Fragtor, Unsafe, Save, ZexaE, vu0@aOSsK6lO, Kryptik, Eldorado, Attribute, HighConfidence, Static AI, Malicious PE, susgen, ai score=80, StopCrypt, score, Azorult, confidence, 100%) | ||
| md5 | 98c9d17d06b52192e9946fc7f4cba934 | ||
| sha256 | d6e874d199b4b0dfbd26b186212e02e83d64870dba2c033f952004b47137fbe9 | ||
| ssdeep | 6144:2x+leqyWXy4LSe1gCnYTJhZhzLmIRbKmg7+xlC27UxOP/:ZjyWXy4LbvnmTZhmIlKmg7Wpl | ||
| imphash | 6abb333342201a93de1795b4b0940b40 | ||
| impfuzzy | 48:6aO6NMd+XOqiAFXnBgKOAaEntdcjtcEcPTsdijz:a6O+X97FXnKKAEntdcjtJcLsdiP | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41d008 CopyFileExW
0x41d00c GetConsoleAliasExesLengthA
0x41d010 CallNamedPipeA
0x41d014 GetQueuedCompletionStatus
0x41d018 GetCommState
0x41d01c InterlockedDecrement
0x41d020 CancelWaitableTimer
0x41d024 UnlockFile
0x41d028 SetEvent
0x41d02c FreeEnvironmentStringsA
0x41d030 CreateNamedPipeW
0x41d034 GetNumberFormatA
0x41d038 ReadConsoleOutputA
0x41d03c GetCommandLineA
0x41d040 GetPrivateProfileIntA
0x41d044 GetSystemDirectoryW
0x41d048 HeapCreate
0x41d04c TerminateProcess
0x41d050 FileTimeToSystemTime
0x41d054 GetModuleFileNameW
0x41d058 lstrlenW
0x41d05c WritePrivateProfileStringW
0x41d060 GetPrivateProfileIntW
0x41d064 InterlockedExchange
0x41d068 GetStartupInfoA
0x41d06c GetCPInfoExW
0x41d070 FreeLibraryAndExitThread
0x41d074 SetThreadContext
0x41d078 GetThreadLocale
0x41d07c GetProcAddress
0x41d080 SetStdHandle
0x41d084 EnterCriticalSection
0x41d088 LoadLibraryA
0x41d08c OpenMutexA
0x41d090 CreateSemaphoreW
0x41d094 LocalAlloc
0x41d098 GetProfileStringA
0x41d09c SetThreadIdealProcessor
0x41d0a0 HeapWalk
0x41d0a4 GlobalWire
0x41d0a8 GetModuleHandleA
0x41d0ac FindFirstChangeNotificationA
0x41d0b0 FreeEnvironmentStringsW
0x41d0b4 FindNextFileW
0x41d0b8 WriteProfileStringW
0x41d0bc GetCurrentDirectoryA
0x41d0c0 SetFileShortNameA
0x41d0c4 TlsAlloc
0x41d0c8 FindAtomW
0x41d0cc EnumResourceLanguagesW
0x41d0d0 DeleteFileW
0x41d0d4 GetSystemTime
0x41d0d8 LCMapStringW
0x41d0dc CopyFileExA
0x41d0e0 GetVolumeInformationW
0x41d0e4 GetLastError
0x41d0e8 GetFileSize
0x41d0ec MoveFileA
0x41d0f0 GetStartupInfoW
0x41d0f4 HeapValidate
0x41d0f8 IsBadReadPtr
0x41d0fc RaiseException
0x41d100 GetModuleHandleW
0x41d104 Sleep
0x41d108 InterlockedIncrement
0x41d10c ExitProcess
0x41d110 TlsGetValue
0x41d114 TlsSetValue
0x41d118 GetCurrentThreadId
0x41d11c TlsFree
0x41d120 SetLastError
0x41d124 DeleteCriticalSection
0x41d128 LeaveCriticalSection
0x41d12c UnhandledExceptionFilter
0x41d130 SetUnhandledExceptionFilter
0x41d134 SetHandleCount
0x41d138 GetStdHandle
0x41d13c GetFileType
0x41d140 GetCurrentProcess
0x41d144 IsDebuggerPresent
0x41d148 QueryPerformanceCounter
0x41d14c GetTickCount
0x41d150 GetCurrentProcessId
0x41d154 GetSystemTimeAsFileTime
0x41d158 GetEnvironmentStringsW
0x41d15c GetCommandLineW
0x41d160 HeapDestroy
0x41d164 HeapFree
0x41d168 VirtualFree
0x41d16c GetModuleFileNameA
0x41d170 WriteFile
0x41d174 HeapAlloc
0x41d178 HeapSize
0x41d17c HeapReAlloc
0x41d180 VirtualAlloc
0x41d184 GetACP
0x41d188 GetOEMCP
0x41d18c GetCPInfo
0x41d190 IsValidCodePage
0x41d194 InitializeCriticalSectionAndSpinCount
0x41d198 RtlUnwind
0x41d19c DebugBreak
0x41d1a0 OutputDebugStringA
0x41d1a4 WriteConsoleW
0x41d1a8 OutputDebugStringW
0x41d1ac LoadLibraryW
0x41d1b0 SetFilePointer
0x41d1b4 WideCharToMultiByte
0x41d1b8 GetConsoleCP
0x41d1bc GetConsoleMode
0x41d1c0 MultiByteToWideChar
0x41d1c4 LCMapStringA
0x41d1c8 GetStringTypeA
0x41d1cc GetStringTypeW
0x41d1d0 GetLocaleInfoA
0x41d1d4 FlushFileBuffers
0x41d1d8 WriteConsoleA
0x41d1dc GetConsoleOutputCP
0x41d1e0 CloseHandle
0x41d1e4 CreateFileA
ADVAPI32.dll
0x41d000 InitiateSystemShutdownA
EAT(Export Address Table) is none
KERNEL32.dll
0x41d008 CopyFileExW
0x41d00c GetConsoleAliasExesLengthA
0x41d010 CallNamedPipeA
0x41d014 GetQueuedCompletionStatus
0x41d018 GetCommState
0x41d01c InterlockedDecrement
0x41d020 CancelWaitableTimer
0x41d024 UnlockFile
0x41d028 SetEvent
0x41d02c FreeEnvironmentStringsA
0x41d030 CreateNamedPipeW
0x41d034 GetNumberFormatA
0x41d038 ReadConsoleOutputA
0x41d03c GetCommandLineA
0x41d040 GetPrivateProfileIntA
0x41d044 GetSystemDirectoryW
0x41d048 HeapCreate
0x41d04c TerminateProcess
0x41d050 FileTimeToSystemTime
0x41d054 GetModuleFileNameW
0x41d058 lstrlenW
0x41d05c WritePrivateProfileStringW
0x41d060 GetPrivateProfileIntW
0x41d064 InterlockedExchange
0x41d068 GetStartupInfoA
0x41d06c GetCPInfoExW
0x41d070 FreeLibraryAndExitThread
0x41d074 SetThreadContext
0x41d078 GetThreadLocale
0x41d07c GetProcAddress
0x41d080 SetStdHandle
0x41d084 EnterCriticalSection
0x41d088 LoadLibraryA
0x41d08c OpenMutexA
0x41d090 CreateSemaphoreW
0x41d094 LocalAlloc
0x41d098 GetProfileStringA
0x41d09c SetThreadIdealProcessor
0x41d0a0 HeapWalk
0x41d0a4 GlobalWire
0x41d0a8 GetModuleHandleA
0x41d0ac FindFirstChangeNotificationA
0x41d0b0 FreeEnvironmentStringsW
0x41d0b4 FindNextFileW
0x41d0b8 WriteProfileStringW
0x41d0bc GetCurrentDirectoryA
0x41d0c0 SetFileShortNameA
0x41d0c4 TlsAlloc
0x41d0c8 FindAtomW
0x41d0cc EnumResourceLanguagesW
0x41d0d0 DeleteFileW
0x41d0d4 GetSystemTime
0x41d0d8 LCMapStringW
0x41d0dc CopyFileExA
0x41d0e0 GetVolumeInformationW
0x41d0e4 GetLastError
0x41d0e8 GetFileSize
0x41d0ec MoveFileA
0x41d0f0 GetStartupInfoW
0x41d0f4 HeapValidate
0x41d0f8 IsBadReadPtr
0x41d0fc RaiseException
0x41d100 GetModuleHandleW
0x41d104 Sleep
0x41d108 InterlockedIncrement
0x41d10c ExitProcess
0x41d110 TlsGetValue
0x41d114 TlsSetValue
0x41d118 GetCurrentThreadId
0x41d11c TlsFree
0x41d120 SetLastError
0x41d124 DeleteCriticalSection
0x41d128 LeaveCriticalSection
0x41d12c UnhandledExceptionFilter
0x41d130 SetUnhandledExceptionFilter
0x41d134 SetHandleCount
0x41d138 GetStdHandle
0x41d13c GetFileType
0x41d140 GetCurrentProcess
0x41d144 IsDebuggerPresent
0x41d148 QueryPerformanceCounter
0x41d14c GetTickCount
0x41d150 GetCurrentProcessId
0x41d154 GetSystemTimeAsFileTime
0x41d158 GetEnvironmentStringsW
0x41d15c GetCommandLineW
0x41d160 HeapDestroy
0x41d164 HeapFree
0x41d168 VirtualFree
0x41d16c GetModuleFileNameA
0x41d170 WriteFile
0x41d174 HeapAlloc
0x41d178 HeapSize
0x41d17c HeapReAlloc
0x41d180 VirtualAlloc
0x41d184 GetACP
0x41d188 GetOEMCP
0x41d18c GetCPInfo
0x41d190 IsValidCodePage
0x41d194 InitializeCriticalSectionAndSpinCount
0x41d198 RtlUnwind
0x41d19c DebugBreak
0x41d1a0 OutputDebugStringA
0x41d1a4 WriteConsoleW
0x41d1a8 OutputDebugStringW
0x41d1ac LoadLibraryW
0x41d1b0 SetFilePointer
0x41d1b4 WideCharToMultiByte
0x41d1b8 GetConsoleCP
0x41d1bc GetConsoleMode
0x41d1c0 MultiByteToWideChar
0x41d1c4 LCMapStringA
0x41d1c8 GetStringTypeA
0x41d1cc GetStringTypeW
0x41d1d0 GetLocaleInfoA
0x41d1d4 FlushFileBuffers
0x41d1d8 WriteConsoleA
0x41d1dc GetConsoleOutputCP
0x41d1e0 CloseHandle
0x41d1e4 CreateFileA
ADVAPI32.dll
0x41d000 InitiateSystemShutdownA
EAT(Export Address Table) is none