ScreenShot
| Created | 2021.09.27 08:17 | Machine | s1_win7_x6402 |
| Filename | 27.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 43 detected (Malicious, high confidence, score, Artemis, Save, confidence, 100%, TrojanPSW, Racealer, Kryptik, HMPI, GenericKD, PWSX, qqpass, Qqrob, Wozu, EncPk, StellarStealer, ozgjl, ai score=82, PSWTroj, kcloud, Phonzy, Unsafe, Probably Heur, ExeHeaderH, USMANIQ21, Generic@ML, RDML, D6xdNjvSCM6dWFKj45HVjw, m6ziQ7epDjk, Static AI, Malicious PE, HMLF, ZexaF, bLW@aiu8syii, susgen) | ||
| md5 | 6a46023492d437f7a9ef76a8a9b38684 | ||
| sha256 | 5692034f83380042a7ff741622d94271dc540d2d4b0a46f5aafc05498225f5a6 | ||
| ssdeep | 12288:Vv0OyFHg9rfrZ89rOYrOOo119uYd4J9A3i/OVFrPf2VQpz6TWXPL4ZavQAOy9A+9:hXyFHKrfl89qXC4YODrXzzCWXz4Y5A+ | ||
| imphash | 852551719e3ff5d6f84ac5d0cab1e5e4 | ||
| impfuzzy | 6:HGDYBJAEtwyRlbVUA18lvdiwBQLHKJAdLMKJA7Q9bQoEJ3a8qSNTXWOBgv1:mDoAPqTKxAwuXd+7QJQoi3a8ptXW801 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 43 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks amount of memory in system |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
kernel32.dll
0x4dec00 GetProcAddress
0x4dec04 LoadLibraryA
0x4dec08 VirtualAlloc
0x4dec0c VirtualProtect
0x4dec10 GetCurrentThread
ole32.dll
0x4dec18 CoGetContextToken
0x4dec1c CoCreateGuid
0x4dec20 OleUninitialize
0x4dec24 OleInitialize
0x4dec28 CoGetCurrentLogicalThreadId
0x4dec2c CoFreeUnusedLibraries
0x4dec30 CoFileTimeNow
0x4dec34 CoGetCurrentProcess
winspool.drv
0x4dec44 DeletePrinterKeyA
EAT(Export Address Table) Library
0x4555f6 GetFilePath
kernel32.dll
0x4dec00 GetProcAddress
0x4dec04 LoadLibraryA
0x4dec08 VirtualAlloc
0x4dec0c VirtualProtect
0x4dec10 GetCurrentThread
ole32.dll
0x4dec18 CoGetContextToken
0x4dec1c CoCreateGuid
0x4dec20 OleUninitialize
0x4dec24 OleInitialize
0x4dec28 CoGetCurrentLogicalThreadId
0x4dec2c CoFreeUnusedLibraries
0x4dec30 CoFileTimeNow
0x4dec34 CoGetCurrentProcess
winspool.drv
0x4dec44 DeletePrinterKeyA
EAT(Export Address Table) Library
0x4555f6 GetFilePath