ScreenShot
| Created | 2021.09.25 11:10 | Machine | s1_win7_x6401 |
| Filename | a58df1031.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 22 detected (malicious, high confidence, MachineLearning, Anomalous, 100%, Save, Hacktool, ZexaF, zq0@aaCzcybO, Kryptik, Eldorado, Attribute, HighConfidence, score, Convagent, Static AI, Malicious PE, Glupteba, Unsafe, Obscure, CLASSIC, susgen, confidence) | ||
| md5 | 436a9d01e4384a9be90339fa4c0c92ec | ||
| sha256 | 9a1d08d8158e5278734fc0a434e73ca6279e7586b0c1dfc3f7d71c6c76a9de0d | ||
| ssdeep | 12288:Ho9d56sMjfsYEL7gqcC1yxuqD844uAD8Fj+BLU:Hs51qrM7gnClG84w/R | ||
| imphash | cff62fa5d60c26268b201fcb5b9dc813 | ||
| impfuzzy | 24:/irjxMeaf6DzkbRxOBtlbOFNOovQdYA+yvztyFQ8J3IjT42luZwjMiMnNp1tsn:fznbmtqCnNHztMMc2s1nhts | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x459014 EndUpdateResourceW
0x459018 InterlockedIncrement
0x45901c GetEnvironmentStringsW
0x459020 WaitForSingleObject
0x459024 SetEvent
0x459028 CancelDeviceWakeupRequest
0x45902c FindActCtxSectionStringA
0x459030 WriteFileGather
0x459034 EnumResourceTypesA
0x459038 GlobalAlloc
0x45903c SizeofResource
0x459040 SetConsoleCP
0x459044 LeaveCriticalSection
0x459048 GetFileAttributesW
0x45904c ReadFile
0x459050 GetProcAddress
0x459054 FreeUserPhysicalPages
0x459058 EnterCriticalSection
0x45905c VerLanguageNameW
0x459060 PrepareTape
0x459064 RemoveDirectoryW
0x459068 GetModuleFileNameA
0x45906c GetModuleHandleA
0x459070 FindFirstVolumeA
0x459074 LocalSize
0x459078 AddConsoleAliasA
0x45907c FindNextVolumeA
0x459080 GetSystemTime
0x459084 lstrcpyW
0x459088 GetLocaleInfoA
0x45908c WriteConsoleW
0x459090 GetCommandLineW
0x459094 HeapAlloc
0x459098 GetLastError
0x45909c HeapReAlloc
0x4590a0 GetCommandLineA
0x4590a4 GetStartupInfoA
0x4590a8 DeleteCriticalSection
0x4590ac HeapFree
0x4590b0 VirtualFree
0x4590b4 VirtualAlloc
0x4590b8 HeapCreate
0x4590bc GetModuleHandleW
0x4590c0 Sleep
0x4590c4 ExitProcess
0x4590c8 WriteFile
0x4590cc GetStdHandle
0x4590d0 SetHandleCount
0x4590d4 GetFileType
0x4590d8 SetFilePointer
0x4590dc TerminateProcess
0x4590e0 GetCurrentProcess
0x4590e4 UnhandledExceptionFilter
0x4590e8 SetUnhandledExceptionFilter
0x4590ec IsDebuggerPresent
0x4590f0 FreeEnvironmentStringsA
0x4590f4 GetEnvironmentStrings
0x4590f8 FreeEnvironmentStringsW
0x4590fc WideCharToMultiByte
0x459100 TlsGetValue
0x459104 TlsAlloc
0x459108 TlsSetValue
0x45910c TlsFree
0x459110 SetLastError
0x459114 GetCurrentThreadId
0x459118 InterlockedDecrement
0x45911c QueryPerformanceCounter
0x459120 GetTickCount
0x459124 GetCurrentProcessId
0x459128 GetSystemTimeAsFileTime
0x45912c InitializeCriticalSectionAndSpinCount
0x459130 RtlUnwind
0x459134 LoadLibraryA
0x459138 SetStdHandle
0x45913c GetConsoleCP
0x459140 GetConsoleMode
0x459144 FlushFileBuffers
0x459148 GetCPInfo
0x45914c GetACP
0x459150 GetOEMCP
0x459154 IsValidCodePage
0x459158 HeapSize
0x45915c WriteConsoleA
0x459160 GetConsoleOutputCP
0x459164 MultiByteToWideChar
0x459168 LCMapStringA
0x45916c LCMapStringW
0x459170 GetStringTypeA
0x459174 GetStringTypeW
0x459178 CloseHandle
0x45917c CreateFileA
USER32.dll
0x459184 RealChildWindowFromPoint
GDI32.dll
0x45900c GetCharWidthFloatW
ADVAPI32.dll
0x459000 DeregisterEventSource
0x459004 CloseEventLog
EAT(Export Address Table) is none
KERNEL32.dll
0x459014 EndUpdateResourceW
0x459018 InterlockedIncrement
0x45901c GetEnvironmentStringsW
0x459020 WaitForSingleObject
0x459024 SetEvent
0x459028 CancelDeviceWakeupRequest
0x45902c FindActCtxSectionStringA
0x459030 WriteFileGather
0x459034 EnumResourceTypesA
0x459038 GlobalAlloc
0x45903c SizeofResource
0x459040 SetConsoleCP
0x459044 LeaveCriticalSection
0x459048 GetFileAttributesW
0x45904c ReadFile
0x459050 GetProcAddress
0x459054 FreeUserPhysicalPages
0x459058 EnterCriticalSection
0x45905c VerLanguageNameW
0x459060 PrepareTape
0x459064 RemoveDirectoryW
0x459068 GetModuleFileNameA
0x45906c GetModuleHandleA
0x459070 FindFirstVolumeA
0x459074 LocalSize
0x459078 AddConsoleAliasA
0x45907c FindNextVolumeA
0x459080 GetSystemTime
0x459084 lstrcpyW
0x459088 GetLocaleInfoA
0x45908c WriteConsoleW
0x459090 GetCommandLineW
0x459094 HeapAlloc
0x459098 GetLastError
0x45909c HeapReAlloc
0x4590a0 GetCommandLineA
0x4590a4 GetStartupInfoA
0x4590a8 DeleteCriticalSection
0x4590ac HeapFree
0x4590b0 VirtualFree
0x4590b4 VirtualAlloc
0x4590b8 HeapCreate
0x4590bc GetModuleHandleW
0x4590c0 Sleep
0x4590c4 ExitProcess
0x4590c8 WriteFile
0x4590cc GetStdHandle
0x4590d0 SetHandleCount
0x4590d4 GetFileType
0x4590d8 SetFilePointer
0x4590dc TerminateProcess
0x4590e0 GetCurrentProcess
0x4590e4 UnhandledExceptionFilter
0x4590e8 SetUnhandledExceptionFilter
0x4590ec IsDebuggerPresent
0x4590f0 FreeEnvironmentStringsA
0x4590f4 GetEnvironmentStrings
0x4590f8 FreeEnvironmentStringsW
0x4590fc WideCharToMultiByte
0x459100 TlsGetValue
0x459104 TlsAlloc
0x459108 TlsSetValue
0x45910c TlsFree
0x459110 SetLastError
0x459114 GetCurrentThreadId
0x459118 InterlockedDecrement
0x45911c QueryPerformanceCounter
0x459120 GetTickCount
0x459124 GetCurrentProcessId
0x459128 GetSystemTimeAsFileTime
0x45912c InitializeCriticalSectionAndSpinCount
0x459130 RtlUnwind
0x459134 LoadLibraryA
0x459138 SetStdHandle
0x45913c GetConsoleCP
0x459140 GetConsoleMode
0x459144 FlushFileBuffers
0x459148 GetCPInfo
0x45914c GetACP
0x459150 GetOEMCP
0x459154 IsValidCodePage
0x459158 HeapSize
0x45915c WriteConsoleA
0x459160 GetConsoleOutputCP
0x459164 MultiByteToWideChar
0x459168 LCMapStringA
0x45916c LCMapStringW
0x459170 GetStringTypeA
0x459174 GetStringTypeW
0x459178 CloseHandle
0x45917c CreateFileA
USER32.dll
0x459184 RealChildWindowFromPoint
GDI32.dll
0x45900c GetCharWidthFloatW
ADVAPI32.dll
0x459000 DeregisterEventSource
0x459004 CloseEventLog
EAT(Export Address Table) is none