ScreenShot
| Created | 2021.09.29 10:18 | Machine | s1_win7_x6402 |
| Filename | ds.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 27 detected (Convagent, malicious, high confidence, Unsafe, Save, confidence, ZexaF, hq0@ae@PnUdO, Kryptik, Eldorado, Attribute, HighConfidence, HMQC, FileRepMalware, Emotet, Static AI, Malicious PE, Racealer, MachineLearning, Anomalous, R002H0CIR21, CLASSIC, Score, HMPX) | ||
| md5 | 1d29d6cd39010976adcb9fcba517f3bc | ||
| sha256 | c27741b9e50da0c369b848179c9a4f9b0362b6d5e384055c6c72fc9667a270ec | ||
| ssdeep | 1536:KWNxxYnM24WxbpPxwGOFJBszdNoyNA2kjh3uJp+Q7Jgz70xWAcfz:KqYsWY2zduyNA2kxqfPxjcfz | ||
| imphash | 26b2a22c1afb78875d9384441bc03abe | ||
| impfuzzy | 24:MiiIxOovrVpEdv/DozkUEbQCqlvfdYA+yvgOtyFQ8J3IjT4zluZwjMF9z3n:UQVMlUJpvfNH7tMMczsVz3 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40f000 HeapReAlloc
0x40f004 GetLocaleInfoA
0x40f008 LoadResource
0x40f00c InterlockedIncrement
0x40f010 GetEnvironmentStringsW
0x40f014 AddConsoleAliasW
0x40f018 SetEvent
0x40f01c GetSystemTimeAsFileTime
0x40f020 GetCommandLineA
0x40f024 WriteFileGather
0x40f028 CreateActCtxW
0x40f02c EnumResourceTypesA
0x40f030 LeaveCriticalSection
0x40f034 GetFileAttributesA
0x40f038 ReadFile
0x40f03c GetDevicePowerState
0x40f040 GetProcAddress
0x40f044 VerLanguageNameA
0x40f048 FreeUserPhysicalPages
0x40f04c WriteConsoleA
0x40f050 GetProcessId
0x40f054 LocalAlloc
0x40f058 RemoveDirectoryW
0x40f05c GlobalGetAtomNameW
0x40f060 WaitForMultipleObjects
0x40f064 GetModuleFileNameA
0x40f068 GetModuleHandleA
0x40f06c UpdateResourceW
0x40f070 EraseTape
0x40f074 GetStringTypeW
0x40f078 OpenSemaphoreW
0x40f07c ReleaseMutex
0x40f080 EndUpdateResourceA
0x40f084 LocalSize
0x40f088 FindFirstVolumeW
0x40f08c FindNextVolumeA
0x40f090 lstrcpyW
0x40f094 HeapAlloc
0x40f098 GetStartupInfoA
0x40f09c DeleteCriticalSection
0x40f0a0 EnterCriticalSection
0x40f0a4 HeapFree
0x40f0a8 VirtualFree
0x40f0ac VirtualAlloc
0x40f0b0 HeapCreate
0x40f0b4 GetModuleHandleW
0x40f0b8 Sleep
0x40f0bc ExitProcess
0x40f0c0 WriteFile
0x40f0c4 GetStdHandle
0x40f0c8 SetHandleCount
0x40f0cc GetFileType
0x40f0d0 GetLastError
0x40f0d4 SetFilePointer
0x40f0d8 TerminateProcess
0x40f0dc GetCurrentProcess
0x40f0e0 UnhandledExceptionFilter
0x40f0e4 SetUnhandledExceptionFilter
0x40f0e8 IsDebuggerPresent
0x40f0ec FreeEnvironmentStringsA
0x40f0f0 GetEnvironmentStrings
0x40f0f4 FreeEnvironmentStringsW
0x40f0f8 WideCharToMultiByte
0x40f0fc TlsGetValue
0x40f100 TlsAlloc
0x40f104 TlsSetValue
0x40f108 TlsFree
0x40f10c SetLastError
0x40f110 GetCurrentThreadId
0x40f114 InterlockedDecrement
0x40f118 QueryPerformanceCounter
0x40f11c GetTickCount
0x40f120 GetCurrentProcessId
0x40f124 InitializeCriticalSectionAndSpinCount
0x40f128 RtlUnwind
0x40f12c LoadLibraryA
0x40f130 SetStdHandle
0x40f134 GetConsoleCP
0x40f138 GetConsoleMode
0x40f13c FlushFileBuffers
0x40f140 GetCPInfo
0x40f144 GetACP
0x40f148 GetOEMCP
0x40f14c IsValidCodePage
0x40f150 HeapSize
0x40f154 GetConsoleOutputCP
0x40f158 WriteConsoleW
0x40f15c MultiByteToWideChar
0x40f160 LCMapStringA
0x40f164 LCMapStringW
0x40f168 GetStringTypeA
0x40f16c CloseHandle
0x40f170 CreateFileA
USER32.dll
0x40f178 GetCursorPos
EAT(Export Address Table) Library
0x401000 @SetViceVariants@12
KERNEL32.dll
0x40f000 HeapReAlloc
0x40f004 GetLocaleInfoA
0x40f008 LoadResource
0x40f00c InterlockedIncrement
0x40f010 GetEnvironmentStringsW
0x40f014 AddConsoleAliasW
0x40f018 SetEvent
0x40f01c GetSystemTimeAsFileTime
0x40f020 GetCommandLineA
0x40f024 WriteFileGather
0x40f028 CreateActCtxW
0x40f02c EnumResourceTypesA
0x40f030 LeaveCriticalSection
0x40f034 GetFileAttributesA
0x40f038 ReadFile
0x40f03c GetDevicePowerState
0x40f040 GetProcAddress
0x40f044 VerLanguageNameA
0x40f048 FreeUserPhysicalPages
0x40f04c WriteConsoleA
0x40f050 GetProcessId
0x40f054 LocalAlloc
0x40f058 RemoveDirectoryW
0x40f05c GlobalGetAtomNameW
0x40f060 WaitForMultipleObjects
0x40f064 GetModuleFileNameA
0x40f068 GetModuleHandleA
0x40f06c UpdateResourceW
0x40f070 EraseTape
0x40f074 GetStringTypeW
0x40f078 OpenSemaphoreW
0x40f07c ReleaseMutex
0x40f080 EndUpdateResourceA
0x40f084 LocalSize
0x40f088 FindFirstVolumeW
0x40f08c FindNextVolumeA
0x40f090 lstrcpyW
0x40f094 HeapAlloc
0x40f098 GetStartupInfoA
0x40f09c DeleteCriticalSection
0x40f0a0 EnterCriticalSection
0x40f0a4 HeapFree
0x40f0a8 VirtualFree
0x40f0ac VirtualAlloc
0x40f0b0 HeapCreate
0x40f0b4 GetModuleHandleW
0x40f0b8 Sleep
0x40f0bc ExitProcess
0x40f0c0 WriteFile
0x40f0c4 GetStdHandle
0x40f0c8 SetHandleCount
0x40f0cc GetFileType
0x40f0d0 GetLastError
0x40f0d4 SetFilePointer
0x40f0d8 TerminateProcess
0x40f0dc GetCurrentProcess
0x40f0e0 UnhandledExceptionFilter
0x40f0e4 SetUnhandledExceptionFilter
0x40f0e8 IsDebuggerPresent
0x40f0ec FreeEnvironmentStringsA
0x40f0f0 GetEnvironmentStrings
0x40f0f4 FreeEnvironmentStringsW
0x40f0f8 WideCharToMultiByte
0x40f0fc TlsGetValue
0x40f100 TlsAlloc
0x40f104 TlsSetValue
0x40f108 TlsFree
0x40f10c SetLastError
0x40f110 GetCurrentThreadId
0x40f114 InterlockedDecrement
0x40f118 QueryPerformanceCounter
0x40f11c GetTickCount
0x40f120 GetCurrentProcessId
0x40f124 InitializeCriticalSectionAndSpinCount
0x40f128 RtlUnwind
0x40f12c LoadLibraryA
0x40f130 SetStdHandle
0x40f134 GetConsoleCP
0x40f138 GetConsoleMode
0x40f13c FlushFileBuffers
0x40f140 GetCPInfo
0x40f144 GetACP
0x40f148 GetOEMCP
0x40f14c IsValidCodePage
0x40f150 HeapSize
0x40f154 GetConsoleOutputCP
0x40f158 WriteConsoleW
0x40f15c MultiByteToWideChar
0x40f160 LCMapStringA
0x40f164 LCMapStringW
0x40f168 GetStringTypeA
0x40f16c CloseHandle
0x40f170 CreateFileA
USER32.dll
0x40f178 GetCursorPos
EAT(Export Address Table) Library
0x401000 @SetViceVariants@12