ScreenShot
| Created | 2021.09.22 22:41 | Machine | s1_win7_x6401 |
| Filename | softedont.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 52 detected (AIDetect, malware2, Racealer, malicious, high confidence, DownLoader42, Fragtor, Save, confidence, 100%, ZexaF, Fq0@aae19mjO, Kryptik, Eldorado, Attribute, HighConfidence, DZIC, Zenpak, MalwareX, Malware@#17jt8azqpmk9z, Static AI, Malicious PE, wqywb, kcloud, score, CoinMiner, Glupteba, R441747, ai score=81, BScope, Unsafe, R002C0PII21, CLASSIC, IdcZ9A0RaK0, susgen, GdSda) | ||
| md5 | 271dd1b7b71a59842bac41e1be96b697 | ||
| sha256 | 8e73f95c7c02b3ca287a62abc5e71fd374395777d83b3cb025e837a2b17d44a9 | ||
| ssdeep | 12288:d0QTV9hg2uqG4Uwr8E16Stt/XCRyp0VPP:XV9hiA1I3 | ||
| imphash | 474c7fded3c08ff2a423f2b3da510d57 | ||
| impfuzzy | 24:QpirjpCZyRJtzNDnCOZPfZeOeNOovEG1tD2wA+yvYJ3IIvJT42l94jMUM+NpHDJu:8ZS9ZCIPfn7VG1tSPHQBc2T+D4 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 52 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x461008 GetLocaleInfoA
0x46100c LoadResource
0x461010 EndUpdateResourceW
0x461014 InterlockedIncrement
0x461018 GetEnvironmentStringsW
0x46101c WaitForSingleObject
0x461020 AddConsoleAliasW
0x461024 GetSystemDefaultLCID
0x461028 ReadConsoleW
0x46102c GetEnvironmentStrings
0x461030 FindResourceExA
0x461034 GetSystemWindowsDirectoryA
0x461038 LeaveCriticalSection
0x46103c GetModuleFileNameW
0x461040 GetConsoleOutputCP
0x461044 VerifyVersionInfoW
0x461048 OpenMutexW
0x46104c GetProcAddress
0x461050 BeginUpdateResourceW
0x461054 EnterCriticalSection
0x461058 GlobalGetAtomNameA
0x46105c DisableThreadLibraryCalls
0x461060 ResetEvent
0x461064 WriteConsoleA
0x461068 GetProcessId
0x46106c ProcessIdToSessionId
0x461070 LocalAlloc
0x461074 SetSystemTime
0x461078 GetModuleFileNameA
0x46107c GetModuleHandleA
0x461080 EraseTape
0x461084 FindFirstVolumeW
0x461088 FindActCtxSectionStringW
0x46108c ReleaseSemaphore
0x461090 GetCommandLineW
0x461094 WriteConsoleW
0x461098 HeapAlloc
0x46109c GetLastError
0x4610a0 HeapReAlloc
0x4610a4 GetCommandLineA
0x4610a8 GetStartupInfoA
0x4610ac RaiseException
0x4610b0 RtlUnwind
0x4610b4 TerminateProcess
0x4610b8 GetCurrentProcess
0x4610bc UnhandledExceptionFilter
0x4610c0 SetUnhandledExceptionFilter
0x4610c4 IsDebuggerPresent
0x4610c8 HeapFree
0x4610cc DeleteCriticalSection
0x4610d0 VirtualFree
0x4610d4 VirtualAlloc
0x4610d8 HeapCreate
0x4610dc GetModuleHandleW
0x4610e0 Sleep
0x4610e4 ExitProcess
0x4610e8 WriteFile
0x4610ec GetStdHandle
0x4610f0 SetHandleCount
0x4610f4 GetFileType
0x4610f8 SetFilePointer
0x4610fc TlsGetValue
0x461100 TlsAlloc
0x461104 TlsSetValue
0x461108 TlsFree
0x46110c SetLastError
0x461110 GetCurrentThreadId
0x461114 InterlockedDecrement
0x461118 CloseHandle
0x46111c FreeEnvironmentStringsA
0x461120 FreeEnvironmentStringsW
0x461124 WideCharToMultiByte
0x461128 QueryPerformanceCounter
0x46112c GetTickCount
0x461130 GetCurrentProcessId
0x461134 GetSystemTimeAsFileTime
0x461138 InitializeCriticalSectionAndSpinCount
0x46113c LoadLibraryA
0x461140 CreateFileA
0x461144 SetStdHandle
0x461148 GetCPInfo
0x46114c GetACP
0x461150 GetOEMCP
0x461154 IsValidCodePage
0x461158 GetConsoleCP
0x46115c GetConsoleMode
0x461160 FlushFileBuffers
0x461164 HeapSize
0x461168 SetEndOfFile
0x46116c GetProcessHeap
0x461170 MultiByteToWideChar
0x461174 ReadFile
0x461178 GetStringTypeA
0x46117c GetStringTypeW
0x461180 LCMapStringA
0x461184 LCMapStringW
USER32.dll
0x46118c RealChildWindowFromPoint
ADVAPI32.dll
0x461000 CloseEventLog
WINHTTP.dll
0x461194 WinHttpQueryOption
EAT(Export Address Table) is none
KERNEL32.dll
0x461008 GetLocaleInfoA
0x46100c LoadResource
0x461010 EndUpdateResourceW
0x461014 InterlockedIncrement
0x461018 GetEnvironmentStringsW
0x46101c WaitForSingleObject
0x461020 AddConsoleAliasW
0x461024 GetSystemDefaultLCID
0x461028 ReadConsoleW
0x46102c GetEnvironmentStrings
0x461030 FindResourceExA
0x461034 GetSystemWindowsDirectoryA
0x461038 LeaveCriticalSection
0x46103c GetModuleFileNameW
0x461040 GetConsoleOutputCP
0x461044 VerifyVersionInfoW
0x461048 OpenMutexW
0x46104c GetProcAddress
0x461050 BeginUpdateResourceW
0x461054 EnterCriticalSection
0x461058 GlobalGetAtomNameA
0x46105c DisableThreadLibraryCalls
0x461060 ResetEvent
0x461064 WriteConsoleA
0x461068 GetProcessId
0x46106c ProcessIdToSessionId
0x461070 LocalAlloc
0x461074 SetSystemTime
0x461078 GetModuleFileNameA
0x46107c GetModuleHandleA
0x461080 EraseTape
0x461084 FindFirstVolumeW
0x461088 FindActCtxSectionStringW
0x46108c ReleaseSemaphore
0x461090 GetCommandLineW
0x461094 WriteConsoleW
0x461098 HeapAlloc
0x46109c GetLastError
0x4610a0 HeapReAlloc
0x4610a4 GetCommandLineA
0x4610a8 GetStartupInfoA
0x4610ac RaiseException
0x4610b0 RtlUnwind
0x4610b4 TerminateProcess
0x4610b8 GetCurrentProcess
0x4610bc UnhandledExceptionFilter
0x4610c0 SetUnhandledExceptionFilter
0x4610c4 IsDebuggerPresent
0x4610c8 HeapFree
0x4610cc DeleteCriticalSection
0x4610d0 VirtualFree
0x4610d4 VirtualAlloc
0x4610d8 HeapCreate
0x4610dc GetModuleHandleW
0x4610e0 Sleep
0x4610e4 ExitProcess
0x4610e8 WriteFile
0x4610ec GetStdHandle
0x4610f0 SetHandleCount
0x4610f4 GetFileType
0x4610f8 SetFilePointer
0x4610fc TlsGetValue
0x461100 TlsAlloc
0x461104 TlsSetValue
0x461108 TlsFree
0x46110c SetLastError
0x461110 GetCurrentThreadId
0x461114 InterlockedDecrement
0x461118 CloseHandle
0x46111c FreeEnvironmentStringsA
0x461120 FreeEnvironmentStringsW
0x461124 WideCharToMultiByte
0x461128 QueryPerformanceCounter
0x46112c GetTickCount
0x461130 GetCurrentProcessId
0x461134 GetSystemTimeAsFileTime
0x461138 InitializeCriticalSectionAndSpinCount
0x46113c LoadLibraryA
0x461140 CreateFileA
0x461144 SetStdHandle
0x461148 GetCPInfo
0x46114c GetACP
0x461150 GetOEMCP
0x461154 IsValidCodePage
0x461158 GetConsoleCP
0x46115c GetConsoleMode
0x461160 FlushFileBuffers
0x461164 HeapSize
0x461168 SetEndOfFile
0x46116c GetProcessHeap
0x461170 MultiByteToWideChar
0x461174 ReadFile
0x461178 GetStringTypeA
0x46117c GetStringTypeW
0x461180 LCMapStringA
0x461184 LCMapStringW
USER32.dll
0x46118c RealChildWindowFromPoint
ADVAPI32.dll
0x461000 CloseEventLog
WINHTTP.dll
0x461194 WinHttpQueryOption
EAT(Export Address Table) is none