ScreenShot
| Created | 2021.09.25 11:04 | Machine | s1_win7_x6401 |
| Filename | UnpackChrome2009.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 51 detected (malicious, high confidence, Tofsee, GenericKD, Generic PWS, Unsafe, Save, StopCrypt, ZexaF, Ru1@aaYW, Kryptik, Eldorado, Attribute, HighConfidence, HMNW, Fragtor, jbxocj, MultiPlug, R + Troj, Krypt, Static AI, Malicious PE, dnxg, Score, knsmc, kcloud, 54LWUV, Racealer, R442258, Azorult, ai score=89, GdSda, R002C0DIO21, CLASSIC, Glupteba, susgen, PWSX, confidence, 100%) | ||
| md5 | 9b1764b1cca5f1eb5946e182100681e4 | ||
| sha256 | 5aa958dc21c0a3d83b4a10f8e709f0d1ae3f63fb66074d97c7224e5c5cb16ada | ||
| ssdeep | 12288:9ZxnhgINwTujDlmcKkUnSqEKXpmyQc2BYkwCRGslkAITxc+2iNhPFd9dP4gXIrDX:9znhg8IGUPFcY2BYNCQslkVKiNhPFflE | ||
| imphash | 99e1335f3817517f11962dc50cb29aa7 | ||
| impfuzzy | 48:ZOGOP+0YDSdgXAqQYYcOwyaEBqHtgtq/Jc+rcQz:wZwugXAJYjLEBetgtq/Jc+rcm | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41d008 CallNamedPipeA
0x41d00c SetWaitableTimer
0x41d010 InterlockedIncrement
0x41d014 GetCommState
0x41d018 InterlockedDecrement
0x41d01c GetProfileStringW
0x41d020 SetEvent
0x41d024 OpenSemaphoreA
0x41d028 FreeEnvironmentStringsA
0x41d02c CreateNamedPipeW
0x41d030 GetNumberFormatA
0x41d034 ReadConsoleOutputA
0x41d038 GetCommandLineA
0x41d03c SetProcessPriorityBoost
0x41d040 GetSystemTimes
0x41d044 GetPrivateProfileIntA
0x41d048 GetSystemDirectoryW
0x41d04c GetVolumeInformationA
0x41d050 GetConsoleAliasExesLengthW
0x41d054 LeaveCriticalSection
0x41d058 HeapCreate
0x41d05c TerminateProcess
0x41d060 FileTimeToSystemTime
0x41d064 GetModuleFileNameW
0x41d068 GetCompressedFileSizeA
0x41d06c lstrlenW
0x41d070 GetPrivateProfileIntW
0x41d074 InterlockedExchange
0x41d078 CopyFileExW
0x41d07c SetThreadLocale
0x41d080 GetCPInfoExW
0x41d084 FreeLibraryAndExitThread
0x41d088 GetLastError
0x41d08c GetCurrentDirectoryW
0x41d090 GetProcAddress
0x41d094 SetStdHandle
0x41d098 LoadLibraryA
0x41d09c OpenMutexA
0x41d0a0 CreateSemaphoreW
0x41d0a4 LocalAlloc
0x41d0a8 WritePrivateProfileStringA
0x41d0ac FindAtomA
0x41d0b0 CreateIoCompletionPort
0x41d0b4 GetModuleHandleA
0x41d0b8 FindFirstChangeNotificationA
0x41d0bc HeapSetInformation
0x41d0c0 FindNextFileW
0x41d0c4 WriteProfileStringW
0x41d0c8 TlsAlloc
0x41d0cc LocalSize
0x41d0d0 FindAtomW
0x41d0d4 EnumResourceLanguagesW
0x41d0d8 SetFileValidData
0x41d0dc GetSystemTime
0x41d0e0 LCMapStringW
0x41d0e4 CopyFileExA
0x41d0e8 DeleteFileA
0x41d0ec GetStartupInfoA
0x41d0f0 GetThreadContext
0x41d0f4 HeapValidate
0x41d0f8 IsBadReadPtr
0x41d0fc RaiseException
0x41d100 EnterCriticalSection
0x41d104 GetFileType
0x41d108 WriteFile
0x41d10c WideCharToMultiByte
0x41d110 GetConsoleCP
0x41d114 GetConsoleMode
0x41d118 GetModuleHandleW
0x41d11c Sleep
0x41d120 ExitProcess
0x41d124 TlsGetValue
0x41d128 TlsSetValue
0x41d12c GetCurrentThreadId
0x41d130 TlsFree
0x41d134 SetLastError
0x41d138 GetCurrentProcess
0x41d13c UnhandledExceptionFilter
0x41d140 SetUnhandledExceptionFilter
0x41d144 IsDebuggerPresent
0x41d148 RtlUnwind
0x41d14c GetACP
0x41d150 GetOEMCP
0x41d154 GetCPInfo
0x41d158 IsValidCodePage
0x41d15c DeleteCriticalSection
0x41d160 QueryPerformanceCounter
0x41d164 GetTickCount
0x41d168 GetCurrentProcessId
0x41d16c GetSystemTimeAsFileTime
0x41d170 GetModuleFileNameA
0x41d174 GetEnvironmentStrings
0x41d178 FreeEnvironmentStringsW
0x41d17c GetEnvironmentStringsW
0x41d180 SetHandleCount
0x41d184 GetStdHandle
0x41d188 HeapDestroy
0x41d18c HeapFree
0x41d190 VirtualFree
0x41d194 HeapAlloc
0x41d198 HeapSize
0x41d19c HeapReAlloc
0x41d1a0 VirtualAlloc
0x41d1a4 InitializeCriticalSectionAndSpinCount
0x41d1a8 WriteConsoleA
0x41d1ac GetConsoleOutputCP
0x41d1b0 WriteConsoleW
0x41d1b4 MultiByteToWideChar
0x41d1b8 SetFilePointer
0x41d1bc GetStringTypeA
0x41d1c0 GetStringTypeW
0x41d1c4 GetLocaleInfoA
0x41d1c8 DebugBreak
0x41d1cc OutputDebugStringA
0x41d1d0 OutputDebugStringW
0x41d1d4 LoadLibraryW
0x41d1d8 LCMapStringA
0x41d1dc CreateFileA
0x41d1e0 CloseHandle
0x41d1e4 FlushFileBuffers
ADVAPI32.dll
0x41d000 InitiateSystemShutdownA
EAT(Export Address Table) is none
KERNEL32.dll
0x41d008 CallNamedPipeA
0x41d00c SetWaitableTimer
0x41d010 InterlockedIncrement
0x41d014 GetCommState
0x41d018 InterlockedDecrement
0x41d01c GetProfileStringW
0x41d020 SetEvent
0x41d024 OpenSemaphoreA
0x41d028 FreeEnvironmentStringsA
0x41d02c CreateNamedPipeW
0x41d030 GetNumberFormatA
0x41d034 ReadConsoleOutputA
0x41d038 GetCommandLineA
0x41d03c SetProcessPriorityBoost
0x41d040 GetSystemTimes
0x41d044 GetPrivateProfileIntA
0x41d048 GetSystemDirectoryW
0x41d04c GetVolumeInformationA
0x41d050 GetConsoleAliasExesLengthW
0x41d054 LeaveCriticalSection
0x41d058 HeapCreate
0x41d05c TerminateProcess
0x41d060 FileTimeToSystemTime
0x41d064 GetModuleFileNameW
0x41d068 GetCompressedFileSizeA
0x41d06c lstrlenW
0x41d070 GetPrivateProfileIntW
0x41d074 InterlockedExchange
0x41d078 CopyFileExW
0x41d07c SetThreadLocale
0x41d080 GetCPInfoExW
0x41d084 FreeLibraryAndExitThread
0x41d088 GetLastError
0x41d08c GetCurrentDirectoryW
0x41d090 GetProcAddress
0x41d094 SetStdHandle
0x41d098 LoadLibraryA
0x41d09c OpenMutexA
0x41d0a0 CreateSemaphoreW
0x41d0a4 LocalAlloc
0x41d0a8 WritePrivateProfileStringA
0x41d0ac FindAtomA
0x41d0b0 CreateIoCompletionPort
0x41d0b4 GetModuleHandleA
0x41d0b8 FindFirstChangeNotificationA
0x41d0bc HeapSetInformation
0x41d0c0 FindNextFileW
0x41d0c4 WriteProfileStringW
0x41d0c8 TlsAlloc
0x41d0cc LocalSize
0x41d0d0 FindAtomW
0x41d0d4 EnumResourceLanguagesW
0x41d0d8 SetFileValidData
0x41d0dc GetSystemTime
0x41d0e0 LCMapStringW
0x41d0e4 CopyFileExA
0x41d0e8 DeleteFileA
0x41d0ec GetStartupInfoA
0x41d0f0 GetThreadContext
0x41d0f4 HeapValidate
0x41d0f8 IsBadReadPtr
0x41d0fc RaiseException
0x41d100 EnterCriticalSection
0x41d104 GetFileType
0x41d108 WriteFile
0x41d10c WideCharToMultiByte
0x41d110 GetConsoleCP
0x41d114 GetConsoleMode
0x41d118 GetModuleHandleW
0x41d11c Sleep
0x41d120 ExitProcess
0x41d124 TlsGetValue
0x41d128 TlsSetValue
0x41d12c GetCurrentThreadId
0x41d130 TlsFree
0x41d134 SetLastError
0x41d138 GetCurrentProcess
0x41d13c UnhandledExceptionFilter
0x41d140 SetUnhandledExceptionFilter
0x41d144 IsDebuggerPresent
0x41d148 RtlUnwind
0x41d14c GetACP
0x41d150 GetOEMCP
0x41d154 GetCPInfo
0x41d158 IsValidCodePage
0x41d15c DeleteCriticalSection
0x41d160 QueryPerformanceCounter
0x41d164 GetTickCount
0x41d168 GetCurrentProcessId
0x41d16c GetSystemTimeAsFileTime
0x41d170 GetModuleFileNameA
0x41d174 GetEnvironmentStrings
0x41d178 FreeEnvironmentStringsW
0x41d17c GetEnvironmentStringsW
0x41d180 SetHandleCount
0x41d184 GetStdHandle
0x41d188 HeapDestroy
0x41d18c HeapFree
0x41d190 VirtualFree
0x41d194 HeapAlloc
0x41d198 HeapSize
0x41d19c HeapReAlloc
0x41d1a0 VirtualAlloc
0x41d1a4 InitializeCriticalSectionAndSpinCount
0x41d1a8 WriteConsoleA
0x41d1ac GetConsoleOutputCP
0x41d1b0 WriteConsoleW
0x41d1b4 MultiByteToWideChar
0x41d1b8 SetFilePointer
0x41d1bc GetStringTypeA
0x41d1c0 GetStringTypeW
0x41d1c4 GetLocaleInfoA
0x41d1c8 DebugBreak
0x41d1cc OutputDebugStringA
0x41d1d0 OutputDebugStringW
0x41d1d4 LoadLibraryW
0x41d1d8 LCMapStringA
0x41d1dc CreateFileA
0x41d1e0 CloseHandle
0x41d1e4 FlushFileBuffers
ADVAPI32.dll
0x41d000 InitiateSystemShutdownA
EAT(Export Address Table) is none