ScreenShot
| Created | 2021.09.27 14:59 | Machine | s1_win7_x6402 |
| Filename | Soft_win64_ue500.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 32 detected (AIDetect, malware2, Racealer, malicious, high confidence, DownLoader42, GenericKD, Unsafe, Save, ZexaF, Aq0@a87O97lO, Kryptik, Eldorado, Attribute, HighConfidence, GenKryptik, FLEN, FileRepMalware, Generic@ML, RDML, 5lHt260cZuAqegRPvx+VfQ, kcloud, Sabsik, score, MachineLearning, Anomalous, 100%, Static AI, Malicious PE, HMPU, Genetic, confidence) | ||
| md5 | 3cb723cd64267d73d1c08867d4ea9909 | ||
| sha256 | c169596df6ecb34d460a6012d943e8014befa2f160c5dd8497bfaed4170c7cce | ||
| ssdeep | 6144:Q/lKu9zuhs9cDhUim1CpfF0zvEkjOhRDljXlL4zUrx6Iw1M8zznDKO:qKUzusKDhB0CpNYyLp54dy | ||
| imphash | d219b4c81d3038e0b353f2c453352508 | ||
| impfuzzy | 24:0OjCOovrN+sKdv/DHFJOrabiDl4FPRv9GtdklMVv8TJ3IjT4zlLHjMn09n3p+:vQ8sk+rhS9Gtd1WMczdNn5+ | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 32 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x459010 InterlockedIncrement
0x459014 WaitForSingleObject
0x459018 SetEvent
0x45901c GetSystemTimeAsFileTime
0x459020 GetCommandLineA
0x459024 WriteFileGather
0x459028 CreateActCtxW
0x45902c EnumResourceTypesA
0x459030 GetEnvironmentStrings
0x459034 GlobalAlloc
0x459038 SizeofResource
0x45903c LeaveCriticalSection
0x459040 FindNextVolumeW
0x459044 GetFileAttributesW
0x459048 MapUserPhysicalPages
0x45904c GetDevicePowerState
0x459050 GetProcAddress
0x459054 HeapSize
0x459058 VerLanguageNameA
0x45905c RemoveDirectoryA
0x459060 GlobalGetAtomNameA
0x459064 PrepareTape
0x459068 WriteConsoleA
0x45906c GetProcessId
0x459070 WaitForMultipleObjects
0x459074 GetModuleFileNameA
0x459078 GetModuleHandleA
0x45907c EndUpdateResourceA
0x459080 FindFirstVolumeW
0x459084 AddConsoleAliasA
0x459088 LocalFree
0x45908c lstrcpyW
0x459090 GetLocaleInfoA
0x459094 ReadFile
0x459098 HeapReAlloc
0x45909c GetLastError
0x4590a0 HeapAlloc
0x4590a4 GetStartupInfoA
0x4590a8 SetHandleCount
0x4590ac GetStdHandle
0x4590b0 GetFileType
0x4590b4 DeleteCriticalSection
0x4590b8 SetFilePointer
0x4590bc TerminateProcess
0x4590c0 GetCurrentProcess
0x4590c4 UnhandledExceptionFilter
0x4590c8 SetUnhandledExceptionFilter
0x4590cc IsDebuggerPresent
0x4590d0 EnterCriticalSection
0x4590d4 HeapCreate
0x4590d8 VirtualFree
0x4590dc HeapFree
0x4590e0 VirtualAlloc
0x4590e4 GetModuleHandleW
0x4590e8 Sleep
0x4590ec ExitProcess
0x4590f0 WriteFile
0x4590f4 FreeEnvironmentStringsA
0x4590f8 FreeEnvironmentStringsW
0x4590fc WideCharToMultiByte
0x459100 GetEnvironmentStringsW
0x459104 TlsGetValue
0x459108 TlsAlloc
0x45910c TlsSetValue
0x459110 TlsFree
0x459114 SetLastError
0x459118 GetCurrentThreadId
0x45911c InterlockedDecrement
0x459120 QueryPerformanceCounter
0x459124 GetTickCount
0x459128 GetCurrentProcessId
0x45912c InitializeCriticalSectionAndSpinCount
0x459130 SetStdHandle
0x459134 RtlUnwind
0x459138 GetConsoleCP
0x45913c GetConsoleMode
0x459140 FlushFileBuffers
0x459144 LoadLibraryA
0x459148 GetCPInfo
0x45914c GetACP
0x459150 GetOEMCP
0x459154 IsValidCodePage
0x459158 GetConsoleOutputCP
0x45915c WriteConsoleW
0x459160 MultiByteToWideChar
0x459164 LCMapStringA
0x459168 LCMapStringW
0x45916c GetStringTypeA
0x459170 GetStringTypeW
0x459174 CloseHandle
0x459178 CreateFileA
USER32.dll
0x459180 GetCursorPos
GDI32.dll
0x459008 GetCharWidthFloatA
ADVAPI32.dll
0x459000 DeregisterEventSource
EAT(Export Address Table) Library
0x401000 @SetFirstEverVice@8
KERNEL32.dll
0x459010 InterlockedIncrement
0x459014 WaitForSingleObject
0x459018 SetEvent
0x45901c GetSystemTimeAsFileTime
0x459020 GetCommandLineA
0x459024 WriteFileGather
0x459028 CreateActCtxW
0x45902c EnumResourceTypesA
0x459030 GetEnvironmentStrings
0x459034 GlobalAlloc
0x459038 SizeofResource
0x45903c LeaveCriticalSection
0x459040 FindNextVolumeW
0x459044 GetFileAttributesW
0x459048 MapUserPhysicalPages
0x45904c GetDevicePowerState
0x459050 GetProcAddress
0x459054 HeapSize
0x459058 VerLanguageNameA
0x45905c RemoveDirectoryA
0x459060 GlobalGetAtomNameA
0x459064 PrepareTape
0x459068 WriteConsoleA
0x45906c GetProcessId
0x459070 WaitForMultipleObjects
0x459074 GetModuleFileNameA
0x459078 GetModuleHandleA
0x45907c EndUpdateResourceA
0x459080 FindFirstVolumeW
0x459084 AddConsoleAliasA
0x459088 LocalFree
0x45908c lstrcpyW
0x459090 GetLocaleInfoA
0x459094 ReadFile
0x459098 HeapReAlloc
0x45909c GetLastError
0x4590a0 HeapAlloc
0x4590a4 GetStartupInfoA
0x4590a8 SetHandleCount
0x4590ac GetStdHandle
0x4590b0 GetFileType
0x4590b4 DeleteCriticalSection
0x4590b8 SetFilePointer
0x4590bc TerminateProcess
0x4590c0 GetCurrentProcess
0x4590c4 UnhandledExceptionFilter
0x4590c8 SetUnhandledExceptionFilter
0x4590cc IsDebuggerPresent
0x4590d0 EnterCriticalSection
0x4590d4 HeapCreate
0x4590d8 VirtualFree
0x4590dc HeapFree
0x4590e0 VirtualAlloc
0x4590e4 GetModuleHandleW
0x4590e8 Sleep
0x4590ec ExitProcess
0x4590f0 WriteFile
0x4590f4 FreeEnvironmentStringsA
0x4590f8 FreeEnvironmentStringsW
0x4590fc WideCharToMultiByte
0x459100 GetEnvironmentStringsW
0x459104 TlsGetValue
0x459108 TlsAlloc
0x45910c TlsSetValue
0x459110 TlsFree
0x459114 SetLastError
0x459118 GetCurrentThreadId
0x45911c InterlockedDecrement
0x459120 QueryPerformanceCounter
0x459124 GetTickCount
0x459128 GetCurrentProcessId
0x45912c InitializeCriticalSectionAndSpinCount
0x459130 SetStdHandle
0x459134 RtlUnwind
0x459138 GetConsoleCP
0x45913c GetConsoleMode
0x459140 FlushFileBuffers
0x459144 LoadLibraryA
0x459148 GetCPInfo
0x45914c GetACP
0x459150 GetOEMCP
0x459154 IsValidCodePage
0x459158 GetConsoleOutputCP
0x45915c WriteConsoleW
0x459160 MultiByteToWideChar
0x459164 LCMapStringA
0x459168 LCMapStringW
0x45916c GetStringTypeA
0x459170 GetStringTypeW
0x459174 CloseHandle
0x459178 CreateFileA
USER32.dll
0x459180 GetCursorPos
GDI32.dll
0x459008 GetCharWidthFloatA
ADVAPI32.dll
0x459000 DeregisterEventSource
EAT(Export Address Table) Library
0x401000 @SetFirstEverVice@8