ScreenShot
| Created | 2021.09.27 15:02 | Machine | s1_win7_x6402 |
| Filename | 34.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 49 detected (AIDetect, malware2, malicious, high confidence, GenericKD, Unsafe, Save, TrojanPSW, Racealer, confidence, 100%, Kryptik, Eldorado, Attribute, HighConfidence, HMOV, Fragtor, CLASSIC, Emotet, Mokes, StellarStealer, oiyed, PSWTroj, kcloud, Glupteba, score, CoinMiner, R442508, ai score=83, BScope, R06CH0CIN21, Static AI, Malicious PE, ZexaF, Bq0@aCz@YraO, GdSda) | ||
| md5 | 34b0ea9b7c806ff84cdbec1148f2fdb1 | ||
| sha256 | b0e738dda49e215046d6cc7e1afaff47390ab6b596cf6985f5d43ddc5d1d89ac | ||
| ssdeep | 12288:gceMo6rWv/in2luo54WrNTBOi7QkZBoYCqM:SMooWv/i2so54W5kkg | ||
| imphash | e7d6aacdbba2eaeadcddfcf1af169f5c | ||
| impfuzzy | 24:sirjrZu+VEdvccFaKOrb2fjO5DzrANOovEG1tD2wA+yvEvh/J3vT42l9wjMynNpk:BZfUiVrPprZVG1tSPHevc2enhts | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 49 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x45f014 InterlockedDecrement
0x45f018 GetEnvironmentStringsW
0x45f01c WaitForSingleObject
0x45f020 SetEvent
0x45f024 GetSystemDefaultLCID
0x45f028 GetEnvironmentStrings
0x45f02c GlobalAlloc
0x45f030 SizeofResource
0x45f034 LeaveCriticalSection
0x45f038 ReadFile
0x45f03c GetModuleFileNameW
0x45f040 GetDevicePowerState
0x45f044 GetConsoleOutputCP
0x45f048 VerLanguageNameA
0x45f04c RemoveDirectoryA
0x45f050 EnterCriticalSection
0x45f054 GlobalGetAtomNameA
0x45f058 PrepareTape
0x45f05c WriteConsoleA
0x45f060 GetProcessId
0x45f064 BeginUpdateResourceA
0x45f068 SetSystemTime
0x45f06c EnumResourceTypesW
0x45f070 GetModuleFileNameA
0x45f074 GetModuleHandleA
0x45f078 FindFirstVolumeA
0x45f07c ReleaseMutex
0x45f080 EndUpdateResourceA
0x45f084 LocalSize
0x45f088 GetWindowsDirectoryW
0x45f08c AddConsoleAliasA
0x45f090 FindActCtxSectionStringW
0x45f094 FindNextVolumeA
0x45f098 lstrcpyA
0x45f09c GetLocaleInfoA
0x45f0a0 GetCommandLineW
0x45f0a4 GetProcAddress
0x45f0a8 GetSystemDefaultLangID
0x45f0ac HeapAlloc
0x45f0b0 GetLastError
0x45f0b4 HeapReAlloc
0x45f0b8 GetCommandLineA
0x45f0bc GetStartupInfoA
0x45f0c0 RaiseException
0x45f0c4 RtlUnwind
0x45f0c8 TerminateProcess
0x45f0cc GetCurrentProcess
0x45f0d0 UnhandledExceptionFilter
0x45f0d4 SetUnhandledExceptionFilter
0x45f0d8 IsDebuggerPresent
0x45f0dc HeapFree
0x45f0e0 DeleteCriticalSection
0x45f0e4 VirtualFree
0x45f0e8 VirtualAlloc
0x45f0ec HeapCreate
0x45f0f0 GetModuleHandleW
0x45f0f4 Sleep
0x45f0f8 ExitProcess
0x45f0fc WriteFile
0x45f100 GetStdHandle
0x45f104 SetHandleCount
0x45f108 GetFileType
0x45f10c SetFilePointer
0x45f110 FreeEnvironmentStringsA
0x45f114 FreeEnvironmentStringsW
0x45f118 WideCharToMultiByte
0x45f11c TlsGetValue
0x45f120 TlsAlloc
0x45f124 TlsSetValue
0x45f128 TlsFree
0x45f12c InterlockedIncrement
0x45f130 SetLastError
0x45f134 GetCurrentThreadId
0x45f138 QueryPerformanceCounter
0x45f13c GetTickCount
0x45f140 GetCurrentProcessId
0x45f144 GetSystemTimeAsFileTime
0x45f148 InitializeCriticalSectionAndSpinCount
0x45f14c LoadLibraryA
0x45f150 SetStdHandle
0x45f154 GetConsoleCP
0x45f158 GetConsoleMode
0x45f15c FlushFileBuffers
0x45f160 HeapSize
0x45f164 GetCPInfo
0x45f168 GetACP
0x45f16c GetOEMCP
0x45f170 IsValidCodePage
0x45f174 WriteConsoleW
0x45f178 MultiByteToWideChar
0x45f17c LCMapStringA
0x45f180 LCMapStringW
0x45f184 GetStringTypeA
0x45f188 GetStringTypeW
0x45f18c CloseHandle
0x45f190 CreateFileA
USER32.dll
0x45f198 RealChildWindowFromPoint
GDI32.dll
0x45f00c GetCharWidthFloatW
ADVAPI32.dll
0x45f000 DeregisterEventSource
0x45f004 CloseEventLog
EAT(Export Address Table) is none
KERNEL32.dll
0x45f014 InterlockedDecrement
0x45f018 GetEnvironmentStringsW
0x45f01c WaitForSingleObject
0x45f020 SetEvent
0x45f024 GetSystemDefaultLCID
0x45f028 GetEnvironmentStrings
0x45f02c GlobalAlloc
0x45f030 SizeofResource
0x45f034 LeaveCriticalSection
0x45f038 ReadFile
0x45f03c GetModuleFileNameW
0x45f040 GetDevicePowerState
0x45f044 GetConsoleOutputCP
0x45f048 VerLanguageNameA
0x45f04c RemoveDirectoryA
0x45f050 EnterCriticalSection
0x45f054 GlobalGetAtomNameA
0x45f058 PrepareTape
0x45f05c WriteConsoleA
0x45f060 GetProcessId
0x45f064 BeginUpdateResourceA
0x45f068 SetSystemTime
0x45f06c EnumResourceTypesW
0x45f070 GetModuleFileNameA
0x45f074 GetModuleHandleA
0x45f078 FindFirstVolumeA
0x45f07c ReleaseMutex
0x45f080 EndUpdateResourceA
0x45f084 LocalSize
0x45f088 GetWindowsDirectoryW
0x45f08c AddConsoleAliasA
0x45f090 FindActCtxSectionStringW
0x45f094 FindNextVolumeA
0x45f098 lstrcpyA
0x45f09c GetLocaleInfoA
0x45f0a0 GetCommandLineW
0x45f0a4 GetProcAddress
0x45f0a8 GetSystemDefaultLangID
0x45f0ac HeapAlloc
0x45f0b0 GetLastError
0x45f0b4 HeapReAlloc
0x45f0b8 GetCommandLineA
0x45f0bc GetStartupInfoA
0x45f0c0 RaiseException
0x45f0c4 RtlUnwind
0x45f0c8 TerminateProcess
0x45f0cc GetCurrentProcess
0x45f0d0 UnhandledExceptionFilter
0x45f0d4 SetUnhandledExceptionFilter
0x45f0d8 IsDebuggerPresent
0x45f0dc HeapFree
0x45f0e0 DeleteCriticalSection
0x45f0e4 VirtualFree
0x45f0e8 VirtualAlloc
0x45f0ec HeapCreate
0x45f0f0 GetModuleHandleW
0x45f0f4 Sleep
0x45f0f8 ExitProcess
0x45f0fc WriteFile
0x45f100 GetStdHandle
0x45f104 SetHandleCount
0x45f108 GetFileType
0x45f10c SetFilePointer
0x45f110 FreeEnvironmentStringsA
0x45f114 FreeEnvironmentStringsW
0x45f118 WideCharToMultiByte
0x45f11c TlsGetValue
0x45f120 TlsAlloc
0x45f124 TlsSetValue
0x45f128 TlsFree
0x45f12c InterlockedIncrement
0x45f130 SetLastError
0x45f134 GetCurrentThreadId
0x45f138 QueryPerformanceCounter
0x45f13c GetTickCount
0x45f140 GetCurrentProcessId
0x45f144 GetSystemTimeAsFileTime
0x45f148 InitializeCriticalSectionAndSpinCount
0x45f14c LoadLibraryA
0x45f150 SetStdHandle
0x45f154 GetConsoleCP
0x45f158 GetConsoleMode
0x45f15c FlushFileBuffers
0x45f160 HeapSize
0x45f164 GetCPInfo
0x45f168 GetACP
0x45f16c GetOEMCP
0x45f170 IsValidCodePage
0x45f174 WriteConsoleW
0x45f178 MultiByteToWideChar
0x45f17c LCMapStringA
0x45f180 LCMapStringW
0x45f184 GetStringTypeA
0x45f188 GetStringTypeW
0x45f18c CloseHandle
0x45f190 CreateFileA
USER32.dll
0x45f198 RealChildWindowFromPoint
GDI32.dll
0x45f00c GetCharWidthFloatW
ADVAPI32.dll
0x45f000 DeregisterEventSource
0x45f004 CloseEventLog
EAT(Export Address Table) is none