ScreenShot
| Created | 2021.09.23 17:14 | Machine | s1_win7_x6401 |
| Filename | root.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 24 detected (AIDetect, malware2, malicious, high confidence, Stop, Unsafe, Save, Hacktool, Kryptik, Eldorado, Attribute, HighConfidence, Static AI, Malicious PE, Mokes, Score, Sabsik, ZexaF, cr0@aq2GqmmO, BScope, MachineLearning, Anomalous, 100%, confidence) | ||
| md5 | 57b36fc1682e874793dd47a47abf3ccb | ||
| sha256 | 4b735599ef5aac480c58627f4b72af26cfe4b66c9a62ffd93998314ce27e9586 | ||
| ssdeep | 12288:mTJY37WkTqsqTdj7TP5hmVDLRsEPGsQNhUInk0BSEdZiv54fvtDxvkq5WiMvvoiX:m4bTPy/ThcRIL9IEPiCfFiq5WiCi | ||
| imphash | 35a9ffa8a278dd991d1bdc58cc30f2d2 | ||
| impfuzzy | 24:s4BrjrZa26dv86gDoYYvmUrjOG3rANOovEG1tD2wA+yvEFQh/J3vT42l9wjMynNC:DdZa2UMYO3arZVG1tSPH5vc2enhts | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 24 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4fd014 InterlockedDecrement
0x4fd018 GlobalSize
0x4fd01c GetEnvironmentStringsW
0x4fd020 WaitForSingleObject
0x4fd024 SetEvent
0x4fd028 GetSystemDefaultLCID
0x4fd02c FindActCtxSectionStringA
0x4fd030 GlobalAlloc
0x4fd034 LeaveCriticalSection
0x4fd038 GetModuleFileNameW
0x4fd03c GetDevicePowerState
0x4fd040 ReleaseSemaphore
0x4fd044 LoadResource
0x4fd048 GetProcAddress
0x4fd04c VerLanguageNameA
0x4fd050 EnterCriticalSection
0x4fd054 WriteConsoleA
0x4fd058 GetProcessId
0x4fd05c LockResource
0x4fd060 BeginUpdateResourceA
0x4fd064 GlobalGetAtomNameW
0x4fd068 SetSystemTime
0x4fd06c EnumResourceTypesW
0x4fd070 GetModuleFileNameA
0x4fd074 GetModuleHandleA
0x4fd078 EraseTape
0x4fd07c EndUpdateResourceA
0x4fd080 GetWindowsDirectoryW
0x4fd084 FindFirstVolumeW
0x4fd088 AddConsoleAliasA
0x4fd08c lstrcpyA
0x4fd090 GetLocaleInfoA
0x4fd094 GetCommandLineW
0x4fd098 GetConsoleOutputCP
0x4fd09c GetSystemDefaultLangID
0x4fd0a0 HeapAlloc
0x4fd0a4 GetLastError
0x4fd0a8 HeapReAlloc
0x4fd0ac GetCommandLineA
0x4fd0b0 GetStartupInfoA
0x4fd0b4 RaiseException
0x4fd0b8 RtlUnwind
0x4fd0bc TerminateProcess
0x4fd0c0 GetCurrentProcess
0x4fd0c4 UnhandledExceptionFilter
0x4fd0c8 SetUnhandledExceptionFilter
0x4fd0cc IsDebuggerPresent
0x4fd0d0 HeapFree
0x4fd0d4 DeleteCriticalSection
0x4fd0d8 VirtualFree
0x4fd0dc VirtualAlloc
0x4fd0e0 HeapCreate
0x4fd0e4 GetModuleHandleW
0x4fd0e8 Sleep
0x4fd0ec ExitProcess
0x4fd0f0 WriteFile
0x4fd0f4 GetStdHandle
0x4fd0f8 SetHandleCount
0x4fd0fc GetFileType
0x4fd100 SetFilePointer
0x4fd104 FreeEnvironmentStringsA
0x4fd108 GetEnvironmentStrings
0x4fd10c FreeEnvironmentStringsW
0x4fd110 WideCharToMultiByte
0x4fd114 TlsGetValue
0x4fd118 TlsAlloc
0x4fd11c TlsSetValue
0x4fd120 TlsFree
0x4fd124 InterlockedIncrement
0x4fd128 SetLastError
0x4fd12c GetCurrentThreadId
0x4fd130 QueryPerformanceCounter
0x4fd134 GetTickCount
0x4fd138 GetCurrentProcessId
0x4fd13c GetSystemTimeAsFileTime
0x4fd140 InitializeCriticalSectionAndSpinCount
0x4fd144 LoadLibraryA
0x4fd148 SetStdHandle
0x4fd14c GetConsoleCP
0x4fd150 GetConsoleMode
0x4fd154 FlushFileBuffers
0x4fd158 HeapSize
0x4fd15c GetCPInfo
0x4fd160 GetACP
0x4fd164 GetOEMCP
0x4fd168 IsValidCodePage
0x4fd16c WriteConsoleW
0x4fd170 MultiByteToWideChar
0x4fd174 LCMapStringA
0x4fd178 LCMapStringW
0x4fd17c GetStringTypeA
0x4fd180 GetStringTypeW
0x4fd184 CloseHandle
0x4fd188 CreateFileA
USER32.dll
0x4fd190 RealChildWindowFromPoint
GDI32.dll
0x4fd00c GetCharWidthFloatW
ADVAPI32.dll
0x4fd000 DeregisterEventSource
0x4fd004 CloseEventLog
EAT(Export Address Table) is none
KERNEL32.dll
0x4fd014 InterlockedDecrement
0x4fd018 GlobalSize
0x4fd01c GetEnvironmentStringsW
0x4fd020 WaitForSingleObject
0x4fd024 SetEvent
0x4fd028 GetSystemDefaultLCID
0x4fd02c FindActCtxSectionStringA
0x4fd030 GlobalAlloc
0x4fd034 LeaveCriticalSection
0x4fd038 GetModuleFileNameW
0x4fd03c GetDevicePowerState
0x4fd040 ReleaseSemaphore
0x4fd044 LoadResource
0x4fd048 GetProcAddress
0x4fd04c VerLanguageNameA
0x4fd050 EnterCriticalSection
0x4fd054 WriteConsoleA
0x4fd058 GetProcessId
0x4fd05c LockResource
0x4fd060 BeginUpdateResourceA
0x4fd064 GlobalGetAtomNameW
0x4fd068 SetSystemTime
0x4fd06c EnumResourceTypesW
0x4fd070 GetModuleFileNameA
0x4fd074 GetModuleHandleA
0x4fd078 EraseTape
0x4fd07c EndUpdateResourceA
0x4fd080 GetWindowsDirectoryW
0x4fd084 FindFirstVolumeW
0x4fd088 AddConsoleAliasA
0x4fd08c lstrcpyA
0x4fd090 GetLocaleInfoA
0x4fd094 GetCommandLineW
0x4fd098 GetConsoleOutputCP
0x4fd09c GetSystemDefaultLangID
0x4fd0a0 HeapAlloc
0x4fd0a4 GetLastError
0x4fd0a8 HeapReAlloc
0x4fd0ac GetCommandLineA
0x4fd0b0 GetStartupInfoA
0x4fd0b4 RaiseException
0x4fd0b8 RtlUnwind
0x4fd0bc TerminateProcess
0x4fd0c0 GetCurrentProcess
0x4fd0c4 UnhandledExceptionFilter
0x4fd0c8 SetUnhandledExceptionFilter
0x4fd0cc IsDebuggerPresent
0x4fd0d0 HeapFree
0x4fd0d4 DeleteCriticalSection
0x4fd0d8 VirtualFree
0x4fd0dc VirtualAlloc
0x4fd0e0 HeapCreate
0x4fd0e4 GetModuleHandleW
0x4fd0e8 Sleep
0x4fd0ec ExitProcess
0x4fd0f0 WriteFile
0x4fd0f4 GetStdHandle
0x4fd0f8 SetHandleCount
0x4fd0fc GetFileType
0x4fd100 SetFilePointer
0x4fd104 FreeEnvironmentStringsA
0x4fd108 GetEnvironmentStrings
0x4fd10c FreeEnvironmentStringsW
0x4fd110 WideCharToMultiByte
0x4fd114 TlsGetValue
0x4fd118 TlsAlloc
0x4fd11c TlsSetValue
0x4fd120 TlsFree
0x4fd124 InterlockedIncrement
0x4fd128 SetLastError
0x4fd12c GetCurrentThreadId
0x4fd130 QueryPerformanceCounter
0x4fd134 GetTickCount
0x4fd138 GetCurrentProcessId
0x4fd13c GetSystemTimeAsFileTime
0x4fd140 InitializeCriticalSectionAndSpinCount
0x4fd144 LoadLibraryA
0x4fd148 SetStdHandle
0x4fd14c GetConsoleCP
0x4fd150 GetConsoleMode
0x4fd154 FlushFileBuffers
0x4fd158 HeapSize
0x4fd15c GetCPInfo
0x4fd160 GetACP
0x4fd164 GetOEMCP
0x4fd168 IsValidCodePage
0x4fd16c WriteConsoleW
0x4fd170 MultiByteToWideChar
0x4fd174 LCMapStringA
0x4fd178 LCMapStringW
0x4fd17c GetStringTypeA
0x4fd180 GetStringTypeW
0x4fd184 CloseHandle
0x4fd188 CreateFileA
USER32.dll
0x4fd190 RealChildWindowFromPoint
GDI32.dll
0x4fd00c GetCharWidthFloatW
ADVAPI32.dll
0x4fd000 DeregisterEventSource
0x4fd004 CloseEventLog
EAT(Export Address Table) is none