ScreenShot
| Created | 2021.09.22 22:07 | Machine | s1_win7_x6402 |
| Filename | file.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 22 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, Hacktool, confidence, 100%, Kryptik, Eldorado, Attribute, HighConfidence, score, Zenpak, Static AI, Malicious PE, Sabsik, CLASSIC, ZexaF, Eq0@aWKr6KeO, susgen) | ||
| md5 | 01b2e0187b466e2193285ee7a0abc6ce | ||
| sha256 | 70bf8bc8a753be3d29bb34133716be783f39224a57a54ac40b4941b9116eab51 | ||
| ssdeep | 12288:HPHjYNRIPKpKilMtAxjRVVNo2pvyeDiAnIAr8d5Bai:fjYweFjRVXo2pvye+mtr8d5h | ||
| imphash | b4a5f131bf57e0871ab3cda52113b279 | ||
| impfuzzy | 24:Qd4Brjp9bOovgJbe5DYRTPvmJrAKG1tD2wA+yvEFQh/J3vT42l9wjMynNp1G:lZqVLhPOJr3G1tSPH5vc2enhG | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x45f008 GetLocaleInfoA
0x45f00c LoadResource
0x45f010 EndUpdateResourceW
0x45f014 InterlockedDecrement
0x45f018 GlobalSize
0x45f01c GetEnvironmentStringsW
0x45f020 WaitForSingleObject
0x45f024 AddConsoleAliasW
0x45f028 SetEvent
0x45f02c ReadConsoleW
0x45f030 FindActCtxSectionStringA
0x45f034 GetCommandLineA
0x45f038 GlobalAlloc
0x45f03c GetSystemWindowsDirectoryA
0x45f040 LeaveCriticalSection
0x45f044 GetModuleFileNameW
0x45f048 ReleaseSemaphore
0x45f04c GetConsoleOutputCP
0x45f050 GetProcAddress
0x45f054 EnterCriticalSection
0x45f058 VerLanguageNameW
0x45f05c WriteConsoleA
0x45f060 GetProcessId
0x45f064 ProcessIdToSessionId
0x45f068 LockResource
0x45f06c BeginUpdateResourceA
0x45f070 GlobalGetAtomNameW
0x45f074 SetSystemTime
0x45f078 EnumResourceTypesW
0x45f07c GetModuleFileNameA
0x45f080 GetModuleHandleA
0x45f084 EraseTape
0x45f088 FindFirstVolumeW
0x45f08c GetSystemDefaultLangID
0x45f090 HeapAlloc
0x45f094 GetLastError
0x45f098 HeapReAlloc
0x45f09c GetStartupInfoA
0x45f0a0 RaiseException
0x45f0a4 RtlUnwind
0x45f0a8 TerminateProcess
0x45f0ac GetCurrentProcess
0x45f0b0 UnhandledExceptionFilter
0x45f0b4 SetUnhandledExceptionFilter
0x45f0b8 IsDebuggerPresent
0x45f0bc HeapFree
0x45f0c0 DeleteCriticalSection
0x45f0c4 VirtualFree
0x45f0c8 VirtualAlloc
0x45f0cc HeapCreate
0x45f0d0 GetModuleHandleW
0x45f0d4 Sleep
0x45f0d8 ExitProcess
0x45f0dc WriteFile
0x45f0e0 GetStdHandle
0x45f0e4 SetHandleCount
0x45f0e8 GetFileType
0x45f0ec SetFilePointer
0x45f0f0 FreeEnvironmentStringsA
0x45f0f4 GetEnvironmentStrings
0x45f0f8 FreeEnvironmentStringsW
0x45f0fc WideCharToMultiByte
0x45f100 TlsGetValue
0x45f104 TlsAlloc
0x45f108 TlsSetValue
0x45f10c TlsFree
0x45f110 InterlockedIncrement
0x45f114 SetLastError
0x45f118 GetCurrentThreadId
0x45f11c QueryPerformanceCounter
0x45f120 GetTickCount
0x45f124 GetCurrentProcessId
0x45f128 GetSystemTimeAsFileTime
0x45f12c InitializeCriticalSectionAndSpinCount
0x45f130 LoadLibraryA
0x45f134 SetStdHandle
0x45f138 GetConsoleCP
0x45f13c GetConsoleMode
0x45f140 FlushFileBuffers
0x45f144 HeapSize
0x45f148 GetCPInfo
0x45f14c GetACP
0x45f150 GetOEMCP
0x45f154 IsValidCodePage
0x45f158 WriteConsoleW
0x45f15c MultiByteToWideChar
0x45f160 LCMapStringA
0x45f164 LCMapStringW
0x45f168 GetStringTypeA
0x45f16c GetStringTypeW
0x45f170 CloseHandle
0x45f174 CreateFileA
USER32.dll
0x45f17c RealChildWindowFromPoint
GDI32.dll
0x45f000 GetCharWidth32A
EAT(Export Address Table) is none
KERNEL32.dll
0x45f008 GetLocaleInfoA
0x45f00c LoadResource
0x45f010 EndUpdateResourceW
0x45f014 InterlockedDecrement
0x45f018 GlobalSize
0x45f01c GetEnvironmentStringsW
0x45f020 WaitForSingleObject
0x45f024 AddConsoleAliasW
0x45f028 SetEvent
0x45f02c ReadConsoleW
0x45f030 FindActCtxSectionStringA
0x45f034 GetCommandLineA
0x45f038 GlobalAlloc
0x45f03c GetSystemWindowsDirectoryA
0x45f040 LeaveCriticalSection
0x45f044 GetModuleFileNameW
0x45f048 ReleaseSemaphore
0x45f04c GetConsoleOutputCP
0x45f050 GetProcAddress
0x45f054 EnterCriticalSection
0x45f058 VerLanguageNameW
0x45f05c WriteConsoleA
0x45f060 GetProcessId
0x45f064 ProcessIdToSessionId
0x45f068 LockResource
0x45f06c BeginUpdateResourceA
0x45f070 GlobalGetAtomNameW
0x45f074 SetSystemTime
0x45f078 EnumResourceTypesW
0x45f07c GetModuleFileNameA
0x45f080 GetModuleHandleA
0x45f084 EraseTape
0x45f088 FindFirstVolumeW
0x45f08c GetSystemDefaultLangID
0x45f090 HeapAlloc
0x45f094 GetLastError
0x45f098 HeapReAlloc
0x45f09c GetStartupInfoA
0x45f0a0 RaiseException
0x45f0a4 RtlUnwind
0x45f0a8 TerminateProcess
0x45f0ac GetCurrentProcess
0x45f0b0 UnhandledExceptionFilter
0x45f0b4 SetUnhandledExceptionFilter
0x45f0b8 IsDebuggerPresent
0x45f0bc HeapFree
0x45f0c0 DeleteCriticalSection
0x45f0c4 VirtualFree
0x45f0c8 VirtualAlloc
0x45f0cc HeapCreate
0x45f0d0 GetModuleHandleW
0x45f0d4 Sleep
0x45f0d8 ExitProcess
0x45f0dc WriteFile
0x45f0e0 GetStdHandle
0x45f0e4 SetHandleCount
0x45f0e8 GetFileType
0x45f0ec SetFilePointer
0x45f0f0 FreeEnvironmentStringsA
0x45f0f4 GetEnvironmentStrings
0x45f0f8 FreeEnvironmentStringsW
0x45f0fc WideCharToMultiByte
0x45f100 TlsGetValue
0x45f104 TlsAlloc
0x45f108 TlsSetValue
0x45f10c TlsFree
0x45f110 InterlockedIncrement
0x45f114 SetLastError
0x45f118 GetCurrentThreadId
0x45f11c QueryPerformanceCounter
0x45f120 GetTickCount
0x45f124 GetCurrentProcessId
0x45f128 GetSystemTimeAsFileTime
0x45f12c InitializeCriticalSectionAndSpinCount
0x45f130 LoadLibraryA
0x45f134 SetStdHandle
0x45f138 GetConsoleCP
0x45f13c GetConsoleMode
0x45f140 FlushFileBuffers
0x45f144 HeapSize
0x45f148 GetCPInfo
0x45f14c GetACP
0x45f150 GetOEMCP
0x45f154 IsValidCodePage
0x45f158 WriteConsoleW
0x45f15c MultiByteToWideChar
0x45f160 LCMapStringA
0x45f164 LCMapStringW
0x45f168 GetStringTypeA
0x45f16c GetStringTypeW
0x45f170 CloseHandle
0x45f174 CreateFileA
USER32.dll
0x45f17c RealChildWindowFromPoint
GDI32.dll
0x45f000 GetCharWidth32A
EAT(Export Address Table) is none