ScreenShot
| Created | 2021.09.23 17:22 | Machine | s1_win7_x6402 |
| Filename | file.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 42 detected (AIDetect, malware1, Convagent, malicious, high confidence, GenericKD, Stop, Unsafe, Save, Kryptik, Eldorado, Attribute, HighConfidence, HMOO, FileRepMalware, Static AI, Malicious PE, Azorultpp, pjgxe, kcloud, Azorult, score, MalPE, R442437, VSNW16I21, ZexaF, wu0@aiMwFalO, confidence, susgen) | ||
| md5 | fb38ecfc9a0b6f8d92beee0528483d9e | ||
| sha256 | 0f342c0f781368f35e15cb470962b7eda145f6861417b1f687d6eb03878401fe | ||
| ssdeep | 6144:lvE3I5QZbo3Ak+QBqgncix+8CNYpqKwTscCr7:lvE3I5QZblkeDa+pupUP | ||
| imphash | 1f3d09de0e7da5c165527f71e6a1c9ea | ||
| impfuzzy | 48:tXG0iO2Pd2loqQvFXYwOenEa/ztfV8DK9g7IRcz:tXTtU2jQvFXYwd/ztfV8DQg7IRi | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 42 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41a008 SetThreadContext
0x41a00c FindFirstChangeNotificationW
0x41a010 SetLocalTime
0x41a014 GetConsoleAliasExesLengthA
0x41a018 CallNamedPipeA
0x41a01c InterlockedIncrement
0x41a020 GetQueuedCompletionStatus
0x41a024 CancelWaitableTimer
0x41a028 UnlockFile
0x41a02c SetEvent
0x41a030 FreeEnvironmentStringsA
0x41a034 GetModuleHandleW
0x41a038 CreateNamedPipeW
0x41a03c SetCommState
0x41a040 GetPrivateProfileIntA
0x41a044 GetSystemDirectoryW
0x41a048 HeapDestroy
0x41a04c CreateSemaphoreA
0x41a050 TerminateProcess
0x41a054 FileTimeToSystemTime
0x41a058 GetModuleFileNameW
0x41a05c lstrlenW
0x41a060 InterlockedExchange
0x41a064 GetStartupInfoA
0x41a068 FreeLibraryAndExitThread
0x41a06c OpenMutexW
0x41a070 GetFileSize
0x41a074 GetCurrentDirectoryW
0x41a078 GetThreadLocale
0x41a07c GetProcAddress
0x41a080 SetStdHandle
0x41a084 EnterCriticalSection
0x41a088 LoadLibraryA
0x41a08c LocalAlloc
0x41a090 WritePrivateProfileStringA
0x41a094 GetNumberFormatW
0x41a098 GetProfileStringA
0x41a09c SetThreadIdealProcessor
0x41a0a0 HeapWalk
0x41a0a4 FindAtomA
0x41a0a8 GlobalWire
0x41a0ac FreeEnvironmentStringsW
0x41a0b0 FindNextFileW
0x41a0b4 WriteProfileStringW
0x41a0b8 GetCPInfoExA
0x41a0bc SetFileShortNameA
0x41a0c0 TlsAlloc
0x41a0c4 EnumResourceLanguagesW
0x41a0c8 GetSystemTime
0x41a0cc LCMapStringW
0x41a0d0 CopyFileExA
0x41a0d4 DeleteFileA
0x41a0d8 GetVolumeInformationW
0x41a0dc GetLastError
0x41a0e0 GetCommandLineW
0x41a0e4 MoveFileA
0x41a0e8 EncodePointer
0x41a0ec DecodePointer
0x41a0f0 GetCommandLineA
0x41a0f4 HeapSetInformation
0x41a0f8 GetStartupInfoW
0x41a0fc HeapValidate
0x41a100 IsBadReadPtr
0x41a104 InterlockedDecrement
0x41a108 ExitProcess
0x41a10c GetCurrentProcess
0x41a110 UnhandledExceptionFilter
0x41a114 SetUnhandledExceptionFilter
0x41a118 IsDebuggerPresent
0x41a11c QueryPerformanceCounter
0x41a120 GetTickCount
0x41a124 GetCurrentThreadId
0x41a128 GetCurrentProcessId
0x41a12c GetSystemTimeAsFileTime
0x41a130 GetModuleFileNameA
0x41a134 WideCharToMultiByte
0x41a138 GetEnvironmentStringsW
0x41a13c SetHandleCount
0x41a140 GetStdHandle
0x41a144 InitializeCriticalSectionAndSpinCount
0x41a148 GetFileType
0x41a14c DeleteCriticalSection
0x41a150 TlsGetValue
0x41a154 TlsSetValue
0x41a158 TlsFree
0x41a15c SetLastError
0x41a160 HeapCreate
0x41a164 WriteFile
0x41a168 LeaveCriticalSection
0x41a16c HeapAlloc
0x41a170 HeapReAlloc
0x41a174 HeapSize
0x41a178 HeapQueryInformation
0x41a17c HeapFree
0x41a180 GetACP
0x41a184 GetOEMCP
0x41a188 GetCPInfo
0x41a18c IsValidCodePage
0x41a190 LoadLibraryW
0x41a194 RtlUnwind
0x41a198 SetFilePointer
0x41a19c GetConsoleCP
0x41a1a0 GetConsoleMode
0x41a1a4 OutputDebugStringA
0x41a1a8 WriteConsoleW
0x41a1ac OutputDebugStringW
0x41a1b0 MultiByteToWideChar
0x41a1b4 IsProcessorFeaturePresent
0x41a1b8 GetStringTypeW
0x41a1bc CreateFileW
0x41a1c0 CloseHandle
0x41a1c4 FlushFileBuffers
0x41a1c8 RaiseException
ADVAPI32.dll
0x41a000 InitiateSystemShutdownA
EAT(Export Address Table) is none
KERNEL32.dll
0x41a008 SetThreadContext
0x41a00c FindFirstChangeNotificationW
0x41a010 SetLocalTime
0x41a014 GetConsoleAliasExesLengthA
0x41a018 CallNamedPipeA
0x41a01c InterlockedIncrement
0x41a020 GetQueuedCompletionStatus
0x41a024 CancelWaitableTimer
0x41a028 UnlockFile
0x41a02c SetEvent
0x41a030 FreeEnvironmentStringsA
0x41a034 GetModuleHandleW
0x41a038 CreateNamedPipeW
0x41a03c SetCommState
0x41a040 GetPrivateProfileIntA
0x41a044 GetSystemDirectoryW
0x41a048 HeapDestroy
0x41a04c CreateSemaphoreA
0x41a050 TerminateProcess
0x41a054 FileTimeToSystemTime
0x41a058 GetModuleFileNameW
0x41a05c lstrlenW
0x41a060 InterlockedExchange
0x41a064 GetStartupInfoA
0x41a068 FreeLibraryAndExitThread
0x41a06c OpenMutexW
0x41a070 GetFileSize
0x41a074 GetCurrentDirectoryW
0x41a078 GetThreadLocale
0x41a07c GetProcAddress
0x41a080 SetStdHandle
0x41a084 EnterCriticalSection
0x41a088 LoadLibraryA
0x41a08c LocalAlloc
0x41a090 WritePrivateProfileStringA
0x41a094 GetNumberFormatW
0x41a098 GetProfileStringA
0x41a09c SetThreadIdealProcessor
0x41a0a0 HeapWalk
0x41a0a4 FindAtomA
0x41a0a8 GlobalWire
0x41a0ac FreeEnvironmentStringsW
0x41a0b0 FindNextFileW
0x41a0b4 WriteProfileStringW
0x41a0b8 GetCPInfoExA
0x41a0bc SetFileShortNameA
0x41a0c0 TlsAlloc
0x41a0c4 EnumResourceLanguagesW
0x41a0c8 GetSystemTime
0x41a0cc LCMapStringW
0x41a0d0 CopyFileExA
0x41a0d4 DeleteFileA
0x41a0d8 GetVolumeInformationW
0x41a0dc GetLastError
0x41a0e0 GetCommandLineW
0x41a0e4 MoveFileA
0x41a0e8 EncodePointer
0x41a0ec DecodePointer
0x41a0f0 GetCommandLineA
0x41a0f4 HeapSetInformation
0x41a0f8 GetStartupInfoW
0x41a0fc HeapValidate
0x41a100 IsBadReadPtr
0x41a104 InterlockedDecrement
0x41a108 ExitProcess
0x41a10c GetCurrentProcess
0x41a110 UnhandledExceptionFilter
0x41a114 SetUnhandledExceptionFilter
0x41a118 IsDebuggerPresent
0x41a11c QueryPerformanceCounter
0x41a120 GetTickCount
0x41a124 GetCurrentThreadId
0x41a128 GetCurrentProcessId
0x41a12c GetSystemTimeAsFileTime
0x41a130 GetModuleFileNameA
0x41a134 WideCharToMultiByte
0x41a138 GetEnvironmentStringsW
0x41a13c SetHandleCount
0x41a140 GetStdHandle
0x41a144 InitializeCriticalSectionAndSpinCount
0x41a148 GetFileType
0x41a14c DeleteCriticalSection
0x41a150 TlsGetValue
0x41a154 TlsSetValue
0x41a158 TlsFree
0x41a15c SetLastError
0x41a160 HeapCreate
0x41a164 WriteFile
0x41a168 LeaveCriticalSection
0x41a16c HeapAlloc
0x41a170 HeapReAlloc
0x41a174 HeapSize
0x41a178 HeapQueryInformation
0x41a17c HeapFree
0x41a180 GetACP
0x41a184 GetOEMCP
0x41a188 GetCPInfo
0x41a18c IsValidCodePage
0x41a190 LoadLibraryW
0x41a194 RtlUnwind
0x41a198 SetFilePointer
0x41a19c GetConsoleCP
0x41a1a0 GetConsoleMode
0x41a1a4 OutputDebugStringA
0x41a1a8 WriteConsoleW
0x41a1ac OutputDebugStringW
0x41a1b0 MultiByteToWideChar
0x41a1b4 IsProcessorFeaturePresent
0x41a1b8 GetStringTypeW
0x41a1bc CreateFileW
0x41a1c0 CloseHandle
0x41a1c4 FlushFileBuffers
0x41a1c8 RaiseException
ADVAPI32.dll
0x41a000 InitiateSystemShutdownA
EAT(Export Address Table) is none