ScreenShot
| Created | 2021.09.24 17:08 | Machine | s1_win7_x6402 |
| Filename | esmallruby.png | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 33e5dbee2d872b34c54665cf0404520e | ||
| sha256 | 61f48a0d44c11db876c230021d7faa465313003d208b943d0295e08bfcd8c321 | ||
| ssdeep | 6144:z+/ffgNhxs1mITR8fBbnUYAc1UsQmmDTsQXU5P:iXge1wbxusQDTsQ | ||
| imphash | 4d85858bad44ef6cace325b0f2f52ab8 | ||
| impfuzzy | 96:gPJDg7JMqonqFNXOHnu4g+WPlWAErMlcncwMw:L1rqnu4gTPlWAEr+cncg | ||
Network IP location
Signature (16cnts)
| Level | Description |
|---|---|
| warning | Generates some ICMP traffic |
| watch | Communicates with host for which no DNS query was performed |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a suspicious process |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Terminates another process |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Collects information to fingerprint the system (MachineGuid |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable uses a known packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (4cnts) ?
Suricata ids
ET CNC Feodo Tracker Reported CnC Server group 10
ET POLICY Signed TLS Certificate with md5WithRSAEncryption
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY Signed TLS Certificate with md5WithRSAEncryption
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x413098 RaiseException
0x41309c HeapReAlloc
0x4130a0 HeapSize
0x4130a4 GetACP
0x4130a8 HeapDestroy
0x4130ac HeapCreate
0x4130b0 VirtualFree
0x4130b4 VirtualAlloc
0x4130b8 IsBadWritePtr
0x4130bc UnhandledExceptionFilter
0x4130c0 FreeEnvironmentStringsA
0x4130c4 FreeEnvironmentStringsW
0x4130c8 GetEnvironmentStrings
0x4130cc GetEnvironmentStringsW
0x4130d0 SetHandleCount
0x4130d4 GetFileType
0x4130d8 SetUnhandledExceptionFilter
0x4130dc LCMapStringA
0x4130e0 LCMapStringW
0x4130e4 GetStringTypeA
0x4130e8 GetStringTypeW
0x4130ec IsBadReadPtr
0x4130f0 IsBadCodePtr
0x4130f4 SetStdHandle
0x4130f8 HeapFree
0x4130fc TerminateProcess
0x413100 GetCommandLineA
0x413104 GetStartupInfoA
0x413108 HeapAlloc
0x41310c RtlUnwind
0x413110 FlushFileBuffers
0x413114 SetFilePointer
0x413118 WriteFile
0x41311c GetCurrentProcess
0x413120 SetErrorMode
0x413124 GetOEMCP
0x413128 GetCPInfo
0x41312c GetProcessVersion
0x413130 GetLastError
0x413134 WritePrivateProfileStringA
0x413138 GlobalFlags
0x41313c TlsGetValue
0x413140 LocalReAlloc
0x413144 TlsSetValue
0x413148 EnterCriticalSection
0x41314c GlobalReAlloc
0x413150 LeaveCriticalSection
0x413154 TlsFree
0x413158 GlobalHandle
0x41315c DeleteCriticalSection
0x413160 TlsAlloc
0x413164 InitializeCriticalSection
0x413168 LocalAlloc
0x41316c lstrcpynA
0x413170 LocalFree
0x413174 MulDiv
0x413178 SetLastError
0x41317c MultiByteToWideChar
0x413180 WideCharToMultiByte
0x413184 lstrlenA
0x413188 InterlockedIncrement
0x41318c InterlockedDecrement
0x413190 LoadLibraryA
0x413194 FreeLibrary
0x413198 GetVersion
0x41319c lstrcatA
0x4131a0 GlobalGetAtomNameA
0x4131a4 GlobalAddAtomA
0x4131a8 GlobalFindAtomA
0x4131ac lstrcpyA
0x4131b0 GetModuleHandleA
0x4131b4 GetProcAddress
0x4131b8 GlobalUnlock
0x4131bc GlobalFree
0x4131c0 LockResource
0x4131c4 FindResourceA
0x4131c8 LoadResource
0x4131cc CloseHandle
0x4131d0 GetModuleFileNameA
0x4131d4 GlobalLock
0x4131d8 GlobalAlloc
0x4131dc GlobalDeleteAtom
0x4131e0 lstrcmpA
0x4131e4 lstrcmpiA
0x4131e8 GetCurrentThread
0x4131ec GetCurrentThreadId
0x4131f0 LoadLibraryW
0x4131f4 GetStdHandle
0x4131f8 ExitProcess
USER32.dll
0x413200 IsDialogMessageA
0x413204 SetWindowTextA
0x413208 ShowWindow
0x41320c ClientToScreen
0x413210 GetDC
0x413214 ReleaseDC
0x413218 BeginPaint
0x41321c EndPaint
0x413220 TabbedTextOutA
0x413224 DrawTextA
0x413228 GrayStringA
0x41322c LoadCursorA
0x413230 GetClassNameA
0x413234 GetSysColorBrush
0x413238 LoadStringA
0x41323c DestroyMenu
0x413240 UpdateWindow
0x413244 SendDlgItemMessageA
0x413248 MapWindowPoints
0x41324c GetSysColor
0x413250 SetFocus
0x413254 AdjustWindowRectEx
0x413258 CopyRect
0x41325c GetTopWindow
0x413260 GetCapture
0x413264 WinHelpA
0x413268 wsprintfA
0x41326c GetClassInfoA
0x413270 RegisterClassA
0x413274 GetMenu
0x413278 GetMenuItemCount
0x41327c GetSubMenu
0x413280 GetMenuItemID
0x413284 GetWindowTextLengthA
0x413288 GetWindowTextA
0x41328c GetDlgCtrlID
0x413290 DefWindowProcA
0x413294 CreateWindowExA
0x413298 GetClassLongA
0x41329c SetPropA
0x4132a0 UnhookWindowsHookEx
0x4132a4 GetPropA
0x4132a8 CallWindowProcA
0x4132ac GetMessageTime
0x4132b0 GetMessagePos
0x4132b4 GetForegroundWindow
0x4132b8 SetForegroundWindow
0x4132bc GetWindow
0x4132c0 SetWindowLongA
0x4132c4 SetWindowPos
0x4132c8 RegisterWindowMessageA
0x4132cc SystemParametersInfoA
0x4132d0 GetWindowPlacement
0x4132d4 GetWindowRect
0x4132d8 EndDialog
0x4132dc SetActiveWindow
0x4132e0 IsWindow
0x4132e4 CreateDialogIndirectParamA
0x4132e8 DestroyWindow
0x4132ec GetDlgItem
0x4132f0 GetMenuCheckMarkDimensions
0x4132f4 LoadBitmapA
0x4132f8 GetMenuState
0x4132fc ModifyMenuA
0x413300 SetMenuItemBitmaps
0x413304 CheckMenuItem
0x413308 EnableMenuItem
0x41330c GetFocus
0x413310 GetNextDlgTabItem
0x413314 GetMessageA
0x413318 TranslateMessage
0x41331c DispatchMessageA
0x413320 GetActiveWindow
0x413324 GetKeyState
0x413328 CallNextHookEx
0x41332c ValidateRect
0x413330 IsWindowVisible
0x413334 PeekMessageA
0x413338 GetCursorPos
0x41333c SetWindowsHookExA
0x413340 GetParent
0x413344 GetLastActivePopup
0x413348 IsWindowEnabled
0x41334c GetWindowLongA
0x413350 MessageBoxA
0x413354 SetCursor
0x413358 PostQuitMessage
0x41335c RedrawWindow
0x413360 PtInRect
0x413364 ShowCaret
0x413368 HideCaret
0x41336c PostMessageA
0x413370 GetClientRect
0x413374 IsIconic
0x413378 DrawIcon
0x41337c GetSystemMetrics
0x413380 SendMessageA
0x413384 LoadIconA
0x413388 EnableWindow
0x41338c RemovePropA
0x413390 UnregisterClassA
GDI32.dll
0x41301c SetWindowExtEx
0x413020 ScaleWindowExtEx
0x413024 SelectClipRgn
0x413028 SetTextAlign
0x41302c DeleteObject
0x413030 GetClipBox
0x413034 PtVisible
0x413038 RectVisible
0x41303c TextOutA
0x413040 Escape
0x413044 CreateFontIndirectA
0x413048 DPtoLP
0x41304c ScaleViewportExtEx
0x413050 SetViewportExtEx
0x413054 OffsetViewportOrgEx
0x413058 SetViewportOrgEx
0x41305c SetMapMode
0x413060 CreateBitmap
0x413064 ExtTextOutA
0x413068 GetStockObject
0x41306c SelectObject
0x413070 RestoreDC
0x413074 SaveDC
0x413078 DeleteDC
0x41307c GetObjectA
0x413080 SetBkColor
0x413084 GetDeviceCaps
0x413088 CreateRectRgnIndirect
0x41308c GetTextExtentPoint32A
0x413090 SetTextColor
WINSPOOL.DRV
0x413398 OpenPrinterA
0x41339c DocumentPropertiesA
0x4133a0 ClosePrinter
ADVAPI32.dll
0x413000 RegSetValueExA
0x413004 RegOpenKeyExA
0x413008 RegCreateKeyExA
0x41300c RegCloseKey
COMCTL32.dll
0x413014 None
EAT(Export Address Table) is none
KERNEL32.dll
0x413098 RaiseException
0x41309c HeapReAlloc
0x4130a0 HeapSize
0x4130a4 GetACP
0x4130a8 HeapDestroy
0x4130ac HeapCreate
0x4130b0 VirtualFree
0x4130b4 VirtualAlloc
0x4130b8 IsBadWritePtr
0x4130bc UnhandledExceptionFilter
0x4130c0 FreeEnvironmentStringsA
0x4130c4 FreeEnvironmentStringsW
0x4130c8 GetEnvironmentStrings
0x4130cc GetEnvironmentStringsW
0x4130d0 SetHandleCount
0x4130d4 GetFileType
0x4130d8 SetUnhandledExceptionFilter
0x4130dc LCMapStringA
0x4130e0 LCMapStringW
0x4130e4 GetStringTypeA
0x4130e8 GetStringTypeW
0x4130ec IsBadReadPtr
0x4130f0 IsBadCodePtr
0x4130f4 SetStdHandle
0x4130f8 HeapFree
0x4130fc TerminateProcess
0x413100 GetCommandLineA
0x413104 GetStartupInfoA
0x413108 HeapAlloc
0x41310c RtlUnwind
0x413110 FlushFileBuffers
0x413114 SetFilePointer
0x413118 WriteFile
0x41311c GetCurrentProcess
0x413120 SetErrorMode
0x413124 GetOEMCP
0x413128 GetCPInfo
0x41312c GetProcessVersion
0x413130 GetLastError
0x413134 WritePrivateProfileStringA
0x413138 GlobalFlags
0x41313c TlsGetValue
0x413140 LocalReAlloc
0x413144 TlsSetValue
0x413148 EnterCriticalSection
0x41314c GlobalReAlloc
0x413150 LeaveCriticalSection
0x413154 TlsFree
0x413158 GlobalHandle
0x41315c DeleteCriticalSection
0x413160 TlsAlloc
0x413164 InitializeCriticalSection
0x413168 LocalAlloc
0x41316c lstrcpynA
0x413170 LocalFree
0x413174 MulDiv
0x413178 SetLastError
0x41317c MultiByteToWideChar
0x413180 WideCharToMultiByte
0x413184 lstrlenA
0x413188 InterlockedIncrement
0x41318c InterlockedDecrement
0x413190 LoadLibraryA
0x413194 FreeLibrary
0x413198 GetVersion
0x41319c lstrcatA
0x4131a0 GlobalGetAtomNameA
0x4131a4 GlobalAddAtomA
0x4131a8 GlobalFindAtomA
0x4131ac lstrcpyA
0x4131b0 GetModuleHandleA
0x4131b4 GetProcAddress
0x4131b8 GlobalUnlock
0x4131bc GlobalFree
0x4131c0 LockResource
0x4131c4 FindResourceA
0x4131c8 LoadResource
0x4131cc CloseHandle
0x4131d0 GetModuleFileNameA
0x4131d4 GlobalLock
0x4131d8 GlobalAlloc
0x4131dc GlobalDeleteAtom
0x4131e0 lstrcmpA
0x4131e4 lstrcmpiA
0x4131e8 GetCurrentThread
0x4131ec GetCurrentThreadId
0x4131f0 LoadLibraryW
0x4131f4 GetStdHandle
0x4131f8 ExitProcess
USER32.dll
0x413200 IsDialogMessageA
0x413204 SetWindowTextA
0x413208 ShowWindow
0x41320c ClientToScreen
0x413210 GetDC
0x413214 ReleaseDC
0x413218 BeginPaint
0x41321c EndPaint
0x413220 TabbedTextOutA
0x413224 DrawTextA
0x413228 GrayStringA
0x41322c LoadCursorA
0x413230 GetClassNameA
0x413234 GetSysColorBrush
0x413238 LoadStringA
0x41323c DestroyMenu
0x413240 UpdateWindow
0x413244 SendDlgItemMessageA
0x413248 MapWindowPoints
0x41324c GetSysColor
0x413250 SetFocus
0x413254 AdjustWindowRectEx
0x413258 CopyRect
0x41325c GetTopWindow
0x413260 GetCapture
0x413264 WinHelpA
0x413268 wsprintfA
0x41326c GetClassInfoA
0x413270 RegisterClassA
0x413274 GetMenu
0x413278 GetMenuItemCount
0x41327c GetSubMenu
0x413280 GetMenuItemID
0x413284 GetWindowTextLengthA
0x413288 GetWindowTextA
0x41328c GetDlgCtrlID
0x413290 DefWindowProcA
0x413294 CreateWindowExA
0x413298 GetClassLongA
0x41329c SetPropA
0x4132a0 UnhookWindowsHookEx
0x4132a4 GetPropA
0x4132a8 CallWindowProcA
0x4132ac GetMessageTime
0x4132b0 GetMessagePos
0x4132b4 GetForegroundWindow
0x4132b8 SetForegroundWindow
0x4132bc GetWindow
0x4132c0 SetWindowLongA
0x4132c4 SetWindowPos
0x4132c8 RegisterWindowMessageA
0x4132cc SystemParametersInfoA
0x4132d0 GetWindowPlacement
0x4132d4 GetWindowRect
0x4132d8 EndDialog
0x4132dc SetActiveWindow
0x4132e0 IsWindow
0x4132e4 CreateDialogIndirectParamA
0x4132e8 DestroyWindow
0x4132ec GetDlgItem
0x4132f0 GetMenuCheckMarkDimensions
0x4132f4 LoadBitmapA
0x4132f8 GetMenuState
0x4132fc ModifyMenuA
0x413300 SetMenuItemBitmaps
0x413304 CheckMenuItem
0x413308 EnableMenuItem
0x41330c GetFocus
0x413310 GetNextDlgTabItem
0x413314 GetMessageA
0x413318 TranslateMessage
0x41331c DispatchMessageA
0x413320 GetActiveWindow
0x413324 GetKeyState
0x413328 CallNextHookEx
0x41332c ValidateRect
0x413330 IsWindowVisible
0x413334 PeekMessageA
0x413338 GetCursorPos
0x41333c SetWindowsHookExA
0x413340 GetParent
0x413344 GetLastActivePopup
0x413348 IsWindowEnabled
0x41334c GetWindowLongA
0x413350 MessageBoxA
0x413354 SetCursor
0x413358 PostQuitMessage
0x41335c RedrawWindow
0x413360 PtInRect
0x413364 ShowCaret
0x413368 HideCaret
0x41336c PostMessageA
0x413370 GetClientRect
0x413374 IsIconic
0x413378 DrawIcon
0x41337c GetSystemMetrics
0x413380 SendMessageA
0x413384 LoadIconA
0x413388 EnableWindow
0x41338c RemovePropA
0x413390 UnregisterClassA
GDI32.dll
0x41301c SetWindowExtEx
0x413020 ScaleWindowExtEx
0x413024 SelectClipRgn
0x413028 SetTextAlign
0x41302c DeleteObject
0x413030 GetClipBox
0x413034 PtVisible
0x413038 RectVisible
0x41303c TextOutA
0x413040 Escape
0x413044 CreateFontIndirectA
0x413048 DPtoLP
0x41304c ScaleViewportExtEx
0x413050 SetViewportExtEx
0x413054 OffsetViewportOrgEx
0x413058 SetViewportOrgEx
0x41305c SetMapMode
0x413060 CreateBitmap
0x413064 ExtTextOutA
0x413068 GetStockObject
0x41306c SelectObject
0x413070 RestoreDC
0x413074 SaveDC
0x413078 DeleteDC
0x41307c GetObjectA
0x413080 SetBkColor
0x413084 GetDeviceCaps
0x413088 CreateRectRgnIndirect
0x41308c GetTextExtentPoint32A
0x413090 SetTextColor
WINSPOOL.DRV
0x413398 OpenPrinterA
0x41339c DocumentPropertiesA
0x4133a0 ClosePrinter
ADVAPI32.dll
0x413000 RegSetValueExA
0x413004 RegOpenKeyExA
0x413008 RegCreateKeyExA
0x41300c RegCloseKey
COMCTL32.dll
0x413014 None
EAT(Export Address Table) is none