ScreenShot
| Created | 2021.09.22 10:07 | Machine | s1_win7_x6402 |
| Filename | apines.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 26 detected (AIDetect, malware2, malicious, high confidence, Fragtor, Unsafe, Save, Hacktool, confidence, 100%, Kryptik, Eldorado, Attribute, HighConfidence, RedLine, score, ai score=86, CLASSIC, Static AI, Malicious PE, ZexaF, tq0@a0m4U8pO) | ||
| md5 | 331ad3f4c9d14f480bad2dc82ae4f835 | ||
| sha256 | ce6ebaabe86af1f46e1b41caa619bceff86cb6adb25970f2be869b059aa0ab2f | ||
| ssdeep | 6144:3qR8nLUIvjkA42/uAulJ/uvH9G9viO26yg/vOpGSBwjt4:6R8n4MwA4uulJWG9vh29GSBay | ||
| imphash | b423274974f58a1d1a63a5242c6dcf99 | ||
| impfuzzy | 24:Qd4BrjrZWbOov26dv8e5DoYYvmur5rAKG1tD2wA+yvEFQh/J3vT42l9wjMynNp1G:ldZWqfUDYOIr3G1tSPH5vc2enhG | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x432008 GetLocaleInfoA
0x43200c LoadResource
0x432010 EndUpdateResourceW
0x432014 InterlockedDecrement
0x432018 GlobalSize
0x43201c GetEnvironmentStringsW
0x432020 WaitForSingleObject
0x432024 SetEvent
0x432028 GetSystemDefaultLCID
0x43202c ReadConsoleW
0x432030 FindActCtxSectionStringA
0x432034 GetCommandLineA
0x432038 GlobalAlloc
0x43203c LeaveCriticalSection
0x432040 GetModuleFileNameW
0x432044 GetDevicePowerState
0x432048 ReleaseSemaphore
0x43204c GetConsoleOutputCP
0x432050 GetProcAddress
0x432054 VerLanguageNameA
0x432058 EnterCriticalSection
0x43205c WriteConsoleA
0x432060 GetProcessId
0x432064 LockResource
0x432068 BeginUpdateResourceA
0x43206c GlobalGetAtomNameW
0x432070 SetSystemTime
0x432074 EnumResourceTypesW
0x432078 GetModuleFileNameA
0x43207c GetModuleHandleA
0x432080 EraseTape
0x432084 FindFirstVolumeW
0x432088 AddConsoleAliasA
0x43208c lstrcpyA
0x432090 GetSystemDefaultLangID
0x432094 HeapAlloc
0x432098 GetLastError
0x43209c HeapReAlloc
0x4320a0 GetStartupInfoA
0x4320a4 RaiseException
0x4320a8 RtlUnwind
0x4320ac TerminateProcess
0x4320b0 GetCurrentProcess
0x4320b4 UnhandledExceptionFilter
0x4320b8 SetUnhandledExceptionFilter
0x4320bc IsDebuggerPresent
0x4320c0 HeapFree
0x4320c4 DeleteCriticalSection
0x4320c8 VirtualFree
0x4320cc VirtualAlloc
0x4320d0 HeapCreate
0x4320d4 GetModuleHandleW
0x4320d8 Sleep
0x4320dc ExitProcess
0x4320e0 WriteFile
0x4320e4 GetStdHandle
0x4320e8 SetHandleCount
0x4320ec GetFileType
0x4320f0 SetFilePointer
0x4320f4 FreeEnvironmentStringsA
0x4320f8 GetEnvironmentStrings
0x4320fc FreeEnvironmentStringsW
0x432100 WideCharToMultiByte
0x432104 TlsGetValue
0x432108 TlsAlloc
0x43210c TlsSetValue
0x432110 TlsFree
0x432114 InterlockedIncrement
0x432118 SetLastError
0x43211c GetCurrentThreadId
0x432120 QueryPerformanceCounter
0x432124 GetTickCount
0x432128 GetCurrentProcessId
0x43212c GetSystemTimeAsFileTime
0x432130 InitializeCriticalSectionAndSpinCount
0x432134 LoadLibraryA
0x432138 SetStdHandle
0x43213c GetConsoleCP
0x432140 GetConsoleMode
0x432144 FlushFileBuffers
0x432148 HeapSize
0x43214c GetCPInfo
0x432150 GetACP
0x432154 GetOEMCP
0x432158 IsValidCodePage
0x43215c WriteConsoleW
0x432160 MultiByteToWideChar
0x432164 LCMapStringA
0x432168 LCMapStringW
0x43216c GetStringTypeA
0x432170 GetStringTypeW
0x432174 CloseHandle
0x432178 CreateFileA
USER32.dll
0x432180 RealChildWindowFromPoint
GDI32.dll
0x432000 GetCharWidth32A
EAT(Export Address Table) is none
KERNEL32.dll
0x432008 GetLocaleInfoA
0x43200c LoadResource
0x432010 EndUpdateResourceW
0x432014 InterlockedDecrement
0x432018 GlobalSize
0x43201c GetEnvironmentStringsW
0x432020 WaitForSingleObject
0x432024 SetEvent
0x432028 GetSystemDefaultLCID
0x43202c ReadConsoleW
0x432030 FindActCtxSectionStringA
0x432034 GetCommandLineA
0x432038 GlobalAlloc
0x43203c LeaveCriticalSection
0x432040 GetModuleFileNameW
0x432044 GetDevicePowerState
0x432048 ReleaseSemaphore
0x43204c GetConsoleOutputCP
0x432050 GetProcAddress
0x432054 VerLanguageNameA
0x432058 EnterCriticalSection
0x43205c WriteConsoleA
0x432060 GetProcessId
0x432064 LockResource
0x432068 BeginUpdateResourceA
0x43206c GlobalGetAtomNameW
0x432070 SetSystemTime
0x432074 EnumResourceTypesW
0x432078 GetModuleFileNameA
0x43207c GetModuleHandleA
0x432080 EraseTape
0x432084 FindFirstVolumeW
0x432088 AddConsoleAliasA
0x43208c lstrcpyA
0x432090 GetSystemDefaultLangID
0x432094 HeapAlloc
0x432098 GetLastError
0x43209c HeapReAlloc
0x4320a0 GetStartupInfoA
0x4320a4 RaiseException
0x4320a8 RtlUnwind
0x4320ac TerminateProcess
0x4320b0 GetCurrentProcess
0x4320b4 UnhandledExceptionFilter
0x4320b8 SetUnhandledExceptionFilter
0x4320bc IsDebuggerPresent
0x4320c0 HeapFree
0x4320c4 DeleteCriticalSection
0x4320c8 VirtualFree
0x4320cc VirtualAlloc
0x4320d0 HeapCreate
0x4320d4 GetModuleHandleW
0x4320d8 Sleep
0x4320dc ExitProcess
0x4320e0 WriteFile
0x4320e4 GetStdHandle
0x4320e8 SetHandleCount
0x4320ec GetFileType
0x4320f0 SetFilePointer
0x4320f4 FreeEnvironmentStringsA
0x4320f8 GetEnvironmentStrings
0x4320fc FreeEnvironmentStringsW
0x432100 WideCharToMultiByte
0x432104 TlsGetValue
0x432108 TlsAlloc
0x43210c TlsSetValue
0x432110 TlsFree
0x432114 InterlockedIncrement
0x432118 SetLastError
0x43211c GetCurrentThreadId
0x432120 QueryPerformanceCounter
0x432124 GetTickCount
0x432128 GetCurrentProcessId
0x43212c GetSystemTimeAsFileTime
0x432130 InitializeCriticalSectionAndSpinCount
0x432134 LoadLibraryA
0x432138 SetStdHandle
0x43213c GetConsoleCP
0x432140 GetConsoleMode
0x432144 FlushFileBuffers
0x432148 HeapSize
0x43214c GetCPInfo
0x432150 GetACP
0x432154 GetOEMCP
0x432158 IsValidCodePage
0x43215c WriteConsoleW
0x432160 MultiByteToWideChar
0x432164 LCMapStringA
0x432168 LCMapStringW
0x43216c GetStringTypeA
0x432170 GetStringTypeW
0x432174 CloseHandle
0x432178 CreateFileA
USER32.dll
0x432180 RealChildWindowFromPoint
GDI32.dll
0x432000 GetCharWidth32A
EAT(Export Address Table) is none