ScreenShot
| Created | 2021.09.25 11:02 | Machine | s1_win7_x6401 |
| Filename | a435gfhs109.cms | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 22 detected (malicious, high confidence, GenericKD, GenKryptik, FLCI, Cridex, Artemis, Krypt, Ursnif, 5L9XB9, kcloud, Vigorf, ai score=85, Static AI, Malicious PE, ZedlaF, vq4@aCiNvJh) | ||
| md5 | e7ac180e8217a97505fee5b06709d331 | ||
| sha256 | d5fe3f6846ca1f5e09e94d66a816c3fc00634013ca7bf9e35361bd185a27c395 | ||
| ssdeep | 6144:8ufHKG+wtMydWttXtUxIhYD+BHi1RN5CA9fc0C5Na5uMt/bL22P:JqG+aMydWXX6Jqi1RJVcfN4pRLhP | ||
| imphash | aab827ba47455fa1cd60991a1f7c1641 | ||
| impfuzzy | 48:or5BGtMS1cG5c+pNXBAZBZII/D2mDVK0pfL:ZtMS1cG5c+pNXKZIMKmDVK0VL | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| watch | Looks for the Windows Idle Time to determine the uptime |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Collects information to fingerprint the system (MachineGuid |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1002e070 WriteFile
0x1002e074 GetConsoleCP
0x1002e078 GetConsoleMode
0x1002e07c SetFilePointerEx
0x1002e080 CloseHandle
0x1002e084 WriteConsoleW
0x1002e088 DecodePointer
0x1002e08c FlushFileBuffers
0x1002e090 OpenMutexW
0x1002e094 GetConsoleWindow
0x1002e098 LocalFree
0x1002e09c VirtualProtectEx
0x1002e0a0 TlsAlloc
0x1002e0a4 GetSystemDirectoryW
0x1002e0a8 LocalAlloc
0x1002e0ac GetEnvironmentVariableW
0x1002e0b0 GetModuleFileNameW
0x1002e0b4 RemoveDirectoryW
0x1002e0b8 SetStdHandle
0x1002e0bc HeapReAlloc
0x1002e0c0 HeapSize
0x1002e0c4 GetStringTypeW
0x1002e0c8 GetFileType
0x1002e0cc GetStdHandle
0x1002e0d0 GetProcessHeap
0x1002e0d4 FreeEnvironmentStringsW
0x1002e0d8 GetEnvironmentStringsW
0x1002e0dc GetCommandLineW
0x1002e0e0 GetCommandLineA
0x1002e0e4 GetCPInfo
0x1002e0e8 GetOEMCP
0x1002e0ec GetACP
0x1002e0f0 IsValidCodePage
0x1002e0f4 FindNextFileA
0x1002e0f8 UnhandledExceptionFilter
0x1002e0fc SetUnhandledExceptionFilter
0x1002e100 GetCurrentProcess
0x1002e104 TerminateProcess
0x1002e108 IsProcessorFeaturePresent
0x1002e10c QueryPerformanceCounter
0x1002e110 GetCurrentProcessId
0x1002e114 GetCurrentThreadId
0x1002e118 GetSystemTimeAsFileTime
0x1002e11c InitializeSListHead
0x1002e120 IsDebuggerPresent
0x1002e124 GetStartupInfoW
0x1002e128 GetModuleHandleW
0x1002e12c InterlockedFlushSList
0x1002e130 RaiseException
0x1002e134 RtlUnwind
0x1002e138 GetLastError
0x1002e13c SetLastError
0x1002e140 EnterCriticalSection
0x1002e144 LeaveCriticalSection
0x1002e148 DeleteCriticalSection
0x1002e14c InitializeCriticalSectionAndSpinCount
0x1002e150 TlsGetValue
0x1002e154 TlsSetValue
0x1002e158 TlsFree
0x1002e15c FreeLibrary
0x1002e160 GetProcAddress
0x1002e164 LoadLibraryExW
0x1002e168 ExitProcess
0x1002e16c GetModuleHandleExW
0x1002e170 GetModuleFileNameA
0x1002e174 MultiByteToWideChar
0x1002e178 WideCharToMultiByte
0x1002e17c HeapAlloc
0x1002e180 LCMapStringW
0x1002e184 HeapFree
0x1002e188 FindClose
0x1002e18c FindFirstFileExA
0x1002e190 CreateFileW
USER32.dll
0x1002e198 ShowWindow
ole32.dll
0x1002e1f0 CoUninitialize
0x1002e1f4 OleSetContainedObject
0x1002e1f8 CoInitialize
0x1002e1fc OleUninitialize
0x1002e200 OleInitialize
0x1002e204 CoRegisterSurrogate
0x1002e208 CoRegisterClassObject
ADVAPI32.dll
0x1002e000 OpenServiceW
0x1002e004 StartServiceCtrlDispatcherW
0x1002e008 OpenThreadToken
0x1002e00c RegQueryValueExW
0x1002e010 GetTokenInformation
0x1002e014 InitializeSecurityDescriptor
0x1002e018 LookupPrivilegeValueW
0x1002e01c SetSecurityDescriptorDacl
0x1002e020 CreateServiceW
0x1002e024 RegCloseKey
0x1002e028 RegEnumKeyW
0x1002e02c QueryServiceStatus
0x1002e030 OpenSCManagerW
0x1002e034 AllocateAndInitializeSid
0x1002e038 SetServiceStatus
0x1002e03c SetEntriesInAclW
0x1002e040 DeleteService
0x1002e044 RegisterServiceCtrlHandlerW
0x1002e048 RegSetValueExW
0x1002e04c OpenProcessToken
0x1002e050 FreeSid
0x1002e054 RegOpenKeyExW
COMCTL32.dll
0x1002e05c CreateStatusWindowW
0x1002e060 ImageList_Draw
0x1002e064 PropertySheetW
0x1002e068 CreatePropertySheetPageW
hlink.dll
0x1002e1a0 None
0x1002e1a4 None
0x1002e1a8 None
0x1002e1ac None
0x1002e1b0 None
0x1002e1b4 None
0x1002e1b8 None
0x1002e1bc None
0x1002e1c0 None
0x1002e1c4 None
0x1002e1c8 None
0x1002e1cc None
0x1002e1d0 None
0x1002e1d4 None
0x1002e1d8 None
0x1002e1dc None
0x1002e1e0 None
0x1002e1e4 None
0x1002e1e8 None
EAT(Export Address Table) Library
0x10023050 WICConvertBitmapSource
KERNEL32.dll
0x1002e070 WriteFile
0x1002e074 GetConsoleCP
0x1002e078 GetConsoleMode
0x1002e07c SetFilePointerEx
0x1002e080 CloseHandle
0x1002e084 WriteConsoleW
0x1002e088 DecodePointer
0x1002e08c FlushFileBuffers
0x1002e090 OpenMutexW
0x1002e094 GetConsoleWindow
0x1002e098 LocalFree
0x1002e09c VirtualProtectEx
0x1002e0a0 TlsAlloc
0x1002e0a4 GetSystemDirectoryW
0x1002e0a8 LocalAlloc
0x1002e0ac GetEnvironmentVariableW
0x1002e0b0 GetModuleFileNameW
0x1002e0b4 RemoveDirectoryW
0x1002e0b8 SetStdHandle
0x1002e0bc HeapReAlloc
0x1002e0c0 HeapSize
0x1002e0c4 GetStringTypeW
0x1002e0c8 GetFileType
0x1002e0cc GetStdHandle
0x1002e0d0 GetProcessHeap
0x1002e0d4 FreeEnvironmentStringsW
0x1002e0d8 GetEnvironmentStringsW
0x1002e0dc GetCommandLineW
0x1002e0e0 GetCommandLineA
0x1002e0e4 GetCPInfo
0x1002e0e8 GetOEMCP
0x1002e0ec GetACP
0x1002e0f0 IsValidCodePage
0x1002e0f4 FindNextFileA
0x1002e0f8 UnhandledExceptionFilter
0x1002e0fc SetUnhandledExceptionFilter
0x1002e100 GetCurrentProcess
0x1002e104 TerminateProcess
0x1002e108 IsProcessorFeaturePresent
0x1002e10c QueryPerformanceCounter
0x1002e110 GetCurrentProcessId
0x1002e114 GetCurrentThreadId
0x1002e118 GetSystemTimeAsFileTime
0x1002e11c InitializeSListHead
0x1002e120 IsDebuggerPresent
0x1002e124 GetStartupInfoW
0x1002e128 GetModuleHandleW
0x1002e12c InterlockedFlushSList
0x1002e130 RaiseException
0x1002e134 RtlUnwind
0x1002e138 GetLastError
0x1002e13c SetLastError
0x1002e140 EnterCriticalSection
0x1002e144 LeaveCriticalSection
0x1002e148 DeleteCriticalSection
0x1002e14c InitializeCriticalSectionAndSpinCount
0x1002e150 TlsGetValue
0x1002e154 TlsSetValue
0x1002e158 TlsFree
0x1002e15c FreeLibrary
0x1002e160 GetProcAddress
0x1002e164 LoadLibraryExW
0x1002e168 ExitProcess
0x1002e16c GetModuleHandleExW
0x1002e170 GetModuleFileNameA
0x1002e174 MultiByteToWideChar
0x1002e178 WideCharToMultiByte
0x1002e17c HeapAlloc
0x1002e180 LCMapStringW
0x1002e184 HeapFree
0x1002e188 FindClose
0x1002e18c FindFirstFileExA
0x1002e190 CreateFileW
USER32.dll
0x1002e198 ShowWindow
ole32.dll
0x1002e1f0 CoUninitialize
0x1002e1f4 OleSetContainedObject
0x1002e1f8 CoInitialize
0x1002e1fc OleUninitialize
0x1002e200 OleInitialize
0x1002e204 CoRegisterSurrogate
0x1002e208 CoRegisterClassObject
ADVAPI32.dll
0x1002e000 OpenServiceW
0x1002e004 StartServiceCtrlDispatcherW
0x1002e008 OpenThreadToken
0x1002e00c RegQueryValueExW
0x1002e010 GetTokenInformation
0x1002e014 InitializeSecurityDescriptor
0x1002e018 LookupPrivilegeValueW
0x1002e01c SetSecurityDescriptorDacl
0x1002e020 CreateServiceW
0x1002e024 RegCloseKey
0x1002e028 RegEnumKeyW
0x1002e02c QueryServiceStatus
0x1002e030 OpenSCManagerW
0x1002e034 AllocateAndInitializeSid
0x1002e038 SetServiceStatus
0x1002e03c SetEntriesInAclW
0x1002e040 DeleteService
0x1002e044 RegisterServiceCtrlHandlerW
0x1002e048 RegSetValueExW
0x1002e04c OpenProcessToken
0x1002e050 FreeSid
0x1002e054 RegOpenKeyExW
COMCTL32.dll
0x1002e05c CreateStatusWindowW
0x1002e060 ImageList_Draw
0x1002e064 PropertySheetW
0x1002e068 CreatePropertySheetPageW
hlink.dll
0x1002e1a0 None
0x1002e1a4 None
0x1002e1a8 None
0x1002e1ac None
0x1002e1b0 None
0x1002e1b4 None
0x1002e1b8 None
0x1002e1bc None
0x1002e1c0 None
0x1002e1c4 None
0x1002e1c8 None
0x1002e1cc None
0x1002e1d0 None
0x1002e1d4 None
0x1002e1d8 None
0x1002e1dc None
0x1002e1e0 None
0x1002e1e4 None
0x1002e1e8 None
EAT(Export Address Table) Library
0x10023050 WICConvertBitmapSource