ScreenShot
| Created | 2021.09.30 18:09 | Machine | s1_win7_x6402 |
| Filename | runvd.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 24 detected (AIDetect, malware1, malicious, high confidence, score, Stop, Unsafe, Save, confidence, 100%, Eldorado, Attribute, HighConfidence, Generic@ML, RDML, mSsdUz, S280bZ7FhrXee0A, Emotet, Sabsik, BScope, Static AI, Malicious PE, ZexaF, PuW@amNo1knO) | ||
| md5 | 92a1673a000e107b4375959e5d366e3f | ||
| sha256 | 70bd6dc642f4acd5af3e5ef1d49d703d803322d1c3cb120a948988de1c8c408e | ||
| ssdeep | 12288:KYVJZszH74PEPbqzBie/yiSzjcp+L25o4AgQ39a6A1s9FzCDMF9YZlU9n4:K/zJPWF2KrAgQ3fA1s3zMMPF4 | ||
| imphash | 5836b0745b42c6bdea4bd6e4cf5c6b7d | ||
| impfuzzy | 48:jXOiHixXgLUd64FvOuctxtTV8PK9LaTcCa3YJ:jekixXgAY4FvextTV8PQOTcCa34 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 24 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41900c CopyFileExW
0x419010 FreeLibrary
0x419014 InterlockedIncrement
0x419018 GetCommState
0x41901c GetProfileStringW
0x419020 CallNamedPipeW
0x419024 GetNumberFormatA
0x419028 FindResourceExA
0x41902c GlobalAlloc
0x419030 GetPrivateProfileIntA
0x419034 GetVolumeInformationA
0x419038 GetSystemWow64DirectoryW
0x41903c GetSystemWindowsDirectoryA
0x419040 HeapDestroy
0x419044 GetCompressedFileSizeA
0x419048 GetSystemDirectoryA
0x41904c CreateActCtxA
0x419050 GetBinaryTypeW
0x419054 LCMapStringA
0x419058 GetStartupInfoA
0x41905c SetThreadLocale
0x419060 GetStdHandle
0x419064 lstrlenA
0x419068 OpenMutexW
0x41906c GetLastError
0x419070 SetLastError
0x419074 GetProcAddress
0x419078 CreateNamedPipeA
0x41907c SearchPathA
0x419080 LoadLibraryA
0x419084 CreateSemaphoreW
0x419088 FindAtomA
0x41908c SetSystemTime
0x419090 GetModuleFileNameA
0x419094 CreateIoCompletionPort
0x419098 FindFirstChangeNotificationA
0x41909c HeapSetInformation
0x4190a0 FreeEnvironmentStringsW
0x4190a4 FindNextFileW
0x4190a8 GetCurrentDirectoryA
0x4190ac SetFileShortNameA
0x4190b0 TerminateJobObject
0x4190b4 FindAtomW
0x4190b8 UnregisterWaitEx
0x4190bc DeleteFileA
0x4190c0 GetThreadContext
0x4190c4 GetCPInfoExW
0x4190c8 GetCommandLineW
0x4190cc CloseHandle
0x4190d0 CreateFileW
0x4190d4 GetStartupInfoW
0x4190d8 InterlockedDecrement
0x4190dc DecodePointer
0x4190e0 GetModuleHandleW
0x4190e4 ExitProcess
0x4190e8 TerminateProcess
0x4190ec GetCurrentProcess
0x4190f0 UnhandledExceptionFilter
0x4190f4 SetUnhandledExceptionFilter
0x4190f8 IsDebuggerPresent
0x4190fc EncodePointer
0x419100 GetModuleFileNameW
0x419104 WriteFile
0x419108 QueryPerformanceCounter
0x41910c GetTickCount
0x419110 GetCurrentThreadId
0x419114 GetCurrentProcessId
0x419118 GetSystemTimeAsFileTime
0x41911c GetEnvironmentStringsW
0x419120 SetHandleCount
0x419124 InitializeCriticalSectionAndSpinCount
0x419128 GetFileType
0x41912c DeleteCriticalSection
0x419130 HeapValidate
0x419134 IsBadReadPtr
0x419138 TlsAlloc
0x41913c TlsGetValue
0x419140 TlsSetValue
0x419144 TlsFree
0x419148 HeapCreate
0x41914c GetACP
0x419150 GetOEMCP
0x419154 GetCPInfo
0x419158 IsValidCodePage
0x41915c EnterCriticalSection
0x419160 LeaveCriticalSection
0x419164 LoadLibraryW
0x419168 HeapAlloc
0x41916c HeapReAlloc
0x419170 HeapSize
0x419174 HeapQueryInformation
0x419178 HeapFree
0x41917c RtlUnwind
0x419180 WideCharToMultiByte
0x419184 LCMapStringW
0x419188 MultiByteToWideChar
0x41918c GetStringTypeW
0x419190 OutputDebugStringA
0x419194 WriteConsoleW
0x419198 OutputDebugStringW
0x41919c IsProcessorFeaturePresent
0x4191a0 SetFilePointer
0x4191a4 GetConsoleCP
0x4191a8 GetConsoleMode
0x4191ac RaiseException
0x4191b0 SetStdHandle
0x4191b4 FlushFileBuffers
ADVAPI32.dll
0x419000 InitiateSystemShutdownA
0x419004 AbortSystemShutdownA
WINHTTP.dll
0x4191bc WinHttpOpen
EAT(Export Address Table) is none
KERNEL32.dll
0x41900c CopyFileExW
0x419010 FreeLibrary
0x419014 InterlockedIncrement
0x419018 GetCommState
0x41901c GetProfileStringW
0x419020 CallNamedPipeW
0x419024 GetNumberFormatA
0x419028 FindResourceExA
0x41902c GlobalAlloc
0x419030 GetPrivateProfileIntA
0x419034 GetVolumeInformationA
0x419038 GetSystemWow64DirectoryW
0x41903c GetSystemWindowsDirectoryA
0x419040 HeapDestroy
0x419044 GetCompressedFileSizeA
0x419048 GetSystemDirectoryA
0x41904c CreateActCtxA
0x419050 GetBinaryTypeW
0x419054 LCMapStringA
0x419058 GetStartupInfoA
0x41905c SetThreadLocale
0x419060 GetStdHandle
0x419064 lstrlenA
0x419068 OpenMutexW
0x41906c GetLastError
0x419070 SetLastError
0x419074 GetProcAddress
0x419078 CreateNamedPipeA
0x41907c SearchPathA
0x419080 LoadLibraryA
0x419084 CreateSemaphoreW
0x419088 FindAtomA
0x41908c SetSystemTime
0x419090 GetModuleFileNameA
0x419094 CreateIoCompletionPort
0x419098 FindFirstChangeNotificationA
0x41909c HeapSetInformation
0x4190a0 FreeEnvironmentStringsW
0x4190a4 FindNextFileW
0x4190a8 GetCurrentDirectoryA
0x4190ac SetFileShortNameA
0x4190b0 TerminateJobObject
0x4190b4 FindAtomW
0x4190b8 UnregisterWaitEx
0x4190bc DeleteFileA
0x4190c0 GetThreadContext
0x4190c4 GetCPInfoExW
0x4190c8 GetCommandLineW
0x4190cc CloseHandle
0x4190d0 CreateFileW
0x4190d4 GetStartupInfoW
0x4190d8 InterlockedDecrement
0x4190dc DecodePointer
0x4190e0 GetModuleHandleW
0x4190e4 ExitProcess
0x4190e8 TerminateProcess
0x4190ec GetCurrentProcess
0x4190f0 UnhandledExceptionFilter
0x4190f4 SetUnhandledExceptionFilter
0x4190f8 IsDebuggerPresent
0x4190fc EncodePointer
0x419100 GetModuleFileNameW
0x419104 WriteFile
0x419108 QueryPerformanceCounter
0x41910c GetTickCount
0x419110 GetCurrentThreadId
0x419114 GetCurrentProcessId
0x419118 GetSystemTimeAsFileTime
0x41911c GetEnvironmentStringsW
0x419120 SetHandleCount
0x419124 InitializeCriticalSectionAndSpinCount
0x419128 GetFileType
0x41912c DeleteCriticalSection
0x419130 HeapValidate
0x419134 IsBadReadPtr
0x419138 TlsAlloc
0x41913c TlsGetValue
0x419140 TlsSetValue
0x419144 TlsFree
0x419148 HeapCreate
0x41914c GetACP
0x419150 GetOEMCP
0x419154 GetCPInfo
0x419158 IsValidCodePage
0x41915c EnterCriticalSection
0x419160 LeaveCriticalSection
0x419164 LoadLibraryW
0x419168 HeapAlloc
0x41916c HeapReAlloc
0x419170 HeapSize
0x419174 HeapQueryInformation
0x419178 HeapFree
0x41917c RtlUnwind
0x419180 WideCharToMultiByte
0x419184 LCMapStringW
0x419188 MultiByteToWideChar
0x41918c GetStringTypeW
0x419190 OutputDebugStringA
0x419194 WriteConsoleW
0x419198 OutputDebugStringW
0x41919c IsProcessorFeaturePresent
0x4191a0 SetFilePointer
0x4191a4 GetConsoleCP
0x4191a8 GetConsoleMode
0x4191ac RaiseException
0x4191b0 SetStdHandle
0x4191b4 FlushFileBuffers
ADVAPI32.dll
0x419000 InitiateSystemShutdownA
0x419004 AbortSystemShutdownA
WINHTTP.dll
0x4191bc WinHttpOpen
EAT(Export Address Table) is none