ScreenShot
| Created | 2021.09.22 22:07 | Machine | s1_win7_x6401 |
| Filename | 1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 52 detected (malicious, high confidence, Stopcrypt, Unsafe, Kryptik, Save, Eldorado, Attribute, HighConfidence, HMLU, Zenpak, CrypterX, CLASSIC, Malware@#3shdjoh1rpakv, MulDrop18, Emotet, R + Troj, Krypt, ZPACK, tsvlf, ASMalwS, kcloud, YLNGMP, score, Ransomware, R441478, ai score=87, R002C0WIG21, Static AI, Malicious PE, susgen, GenKryptik, FKPI, ZexaF, mq0@aCzGxhnG, Genetic, confidence, 100%) | ||
| md5 | 884d66f9b2674168bdcb7363bb335e8b | ||
| sha256 | 09a0d1d21b35a15cac1bdf2a7a5f1705046f48e0b64b3882b12bea1bf53f2495 | ||
| ssdeep | 3072:L1WLLLZXjrUgNWyN8eqaYjd5nwyOQsWvBdM4K9Kr9ZT3OqOS:QLLlPUuWyjYcM3M4brDO | ||
| imphash | 416df6c419e4b5b7e3749608d7e85fa6 | ||
| impfuzzy | 24:00ZZZWEJIVdEDYeOTbKqGYb+OltgdYE7/J3JKjiyv4OT43jMFl9PuvjoS:pZZZWIQdhRVJltgrV4bpckzuj | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 52 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x418014 GetCurrentProcess
0x418018 GetEnvironmentStringsW
0x41801c GetUserDefaultLCID
0x418020 GetSystemDefaultLCID
0x418024 ReadConsoleW
0x418028 FindActCtxSectionStringA
0x41802c GetSystemWindowsDirectoryA
0x418030 LeaveCriticalSection
0x418034 VerifyVersionInfoA
0x418038 WriteConsoleW
0x41803c GetConsoleOutputCP
0x418040 InterlockedExchange
0x418044 GetProcAddress
0x418048 EnterCriticalSection
0x41804c PrepareTape
0x418050 LocalAlloc
0x418054 WaitForMultipleObjects
0x418058 GetModuleFileNameA
0x41805c SetConsoleTitleW
0x418060 GetModuleHandleA
0x418064 AddConsoleAliasA
0x418068 FindNextVolumeA
0x41806c GetSystemTime
0x418070 GetProfileSectionW
0x418074 GetLocaleInfoA
0x418078 FindActCtxSectionGuid
0x41807c PulseEvent
0x418080 GetModuleFileNameW
0x418084 GetCommandLineW
0x418088 HeapAlloc
0x41808c GetStartupInfoW
0x418090 TerminateProcess
0x418094 UnhandledExceptionFilter
0x418098 SetUnhandledExceptionFilter
0x41809c IsDebuggerPresent
0x4180a0 DeleteCriticalSection
0x4180a4 HeapFree
0x4180a8 VirtualFree
0x4180ac VirtualAlloc
0x4180b0 HeapReAlloc
0x4180b4 HeapCreate
0x4180b8 GetModuleHandleW
0x4180bc Sleep
0x4180c0 ExitProcess
0x4180c4 WriteFile
0x4180c8 GetStdHandle
0x4180cc TlsGetValue
0x4180d0 TlsAlloc
0x4180d4 TlsSetValue
0x4180d8 TlsFree
0x4180dc InterlockedIncrement
0x4180e0 SetLastError
0x4180e4 GetCurrentThreadId
0x4180e8 GetLastError
0x4180ec InterlockedDecrement
0x4180f0 HeapSize
0x4180f4 RtlUnwind
0x4180f8 SetHandleCount
0x4180fc GetFileType
0x418100 GetStartupInfoA
0x418104 SetFilePointer
0x418108 CloseHandle
0x41810c FreeEnvironmentStringsW
0x418110 QueryPerformanceCounter
0x418114 GetTickCount
0x418118 GetCurrentProcessId
0x41811c GetSystemTimeAsFileTime
0x418120 WideCharToMultiByte
0x418124 GetConsoleCP
0x418128 GetConsoleMode
0x41812c GetCPInfo
0x418130 GetACP
0x418134 GetOEMCP
0x418138 IsValidCodePage
0x41813c InitializeCriticalSectionAndSpinCount
0x418140 LoadLibraryA
0x418144 CreateFileA
0x418148 RaiseException
0x41814c SetStdHandle
0x418150 FlushFileBuffers
0x418154 WriteConsoleA
0x418158 MultiByteToWideChar
0x41815c LCMapStringA
0x418160 LCMapStringW
0x418164 GetStringTypeA
0x418168 GetStringTypeW
0x41816c SetEndOfFile
0x418170 GetProcessHeap
0x418174 ReadFile
GDI32.dll
0x41800c GetCharWidthFloatW
ADVAPI32.dll
0x418000 BackupEventLogA
0x418004 BackupEventLogW
EAT(Export Address Table) Library
0x401000 @SetViceVariants@12
KERNEL32.dll
0x418014 GetCurrentProcess
0x418018 GetEnvironmentStringsW
0x41801c GetUserDefaultLCID
0x418020 GetSystemDefaultLCID
0x418024 ReadConsoleW
0x418028 FindActCtxSectionStringA
0x41802c GetSystemWindowsDirectoryA
0x418030 LeaveCriticalSection
0x418034 VerifyVersionInfoA
0x418038 WriteConsoleW
0x41803c GetConsoleOutputCP
0x418040 InterlockedExchange
0x418044 GetProcAddress
0x418048 EnterCriticalSection
0x41804c PrepareTape
0x418050 LocalAlloc
0x418054 WaitForMultipleObjects
0x418058 GetModuleFileNameA
0x41805c SetConsoleTitleW
0x418060 GetModuleHandleA
0x418064 AddConsoleAliasA
0x418068 FindNextVolumeA
0x41806c GetSystemTime
0x418070 GetProfileSectionW
0x418074 GetLocaleInfoA
0x418078 FindActCtxSectionGuid
0x41807c PulseEvent
0x418080 GetModuleFileNameW
0x418084 GetCommandLineW
0x418088 HeapAlloc
0x41808c GetStartupInfoW
0x418090 TerminateProcess
0x418094 UnhandledExceptionFilter
0x418098 SetUnhandledExceptionFilter
0x41809c IsDebuggerPresent
0x4180a0 DeleteCriticalSection
0x4180a4 HeapFree
0x4180a8 VirtualFree
0x4180ac VirtualAlloc
0x4180b0 HeapReAlloc
0x4180b4 HeapCreate
0x4180b8 GetModuleHandleW
0x4180bc Sleep
0x4180c0 ExitProcess
0x4180c4 WriteFile
0x4180c8 GetStdHandle
0x4180cc TlsGetValue
0x4180d0 TlsAlloc
0x4180d4 TlsSetValue
0x4180d8 TlsFree
0x4180dc InterlockedIncrement
0x4180e0 SetLastError
0x4180e4 GetCurrentThreadId
0x4180e8 GetLastError
0x4180ec InterlockedDecrement
0x4180f0 HeapSize
0x4180f4 RtlUnwind
0x4180f8 SetHandleCount
0x4180fc GetFileType
0x418100 GetStartupInfoA
0x418104 SetFilePointer
0x418108 CloseHandle
0x41810c FreeEnvironmentStringsW
0x418110 QueryPerformanceCounter
0x418114 GetTickCount
0x418118 GetCurrentProcessId
0x41811c GetSystemTimeAsFileTime
0x418120 WideCharToMultiByte
0x418124 GetConsoleCP
0x418128 GetConsoleMode
0x41812c GetCPInfo
0x418130 GetACP
0x418134 GetOEMCP
0x418138 IsValidCodePage
0x41813c InitializeCriticalSectionAndSpinCount
0x418140 LoadLibraryA
0x418144 CreateFileA
0x418148 RaiseException
0x41814c SetStdHandle
0x418150 FlushFileBuffers
0x418154 WriteConsoleA
0x418158 MultiByteToWideChar
0x41815c LCMapStringA
0x418160 LCMapStringW
0x418164 GetStringTypeA
0x418168 GetStringTypeW
0x41816c SetEndOfFile
0x418170 GetProcessHeap
0x418174 ReadFile
GDI32.dll
0x41800c GetCharWidthFloatW
ADVAPI32.dll
0x418000 BackupEventLogA
0x418004 BackupEventLogW
EAT(Export Address Table) Library
0x401000 @SetViceVariants@12