ScreenShot
| Created | 2021.10.01 09:44 | Machine | s1_win7_x6401 |
| Filename | raccon.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 19 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, confidence, 100%, ZexaF, Iq0@aSlBkqcO, Kryptik, Eldorado, Attribute, HighConfidence, Emotet, Static AI, Malicious PE, Sabsik, score, MachineLearning, Anomalous, Generic@ML, RDML, kW2UQqiG5TrT0n1RMxT5Ow) | ||
| md5 | 4d14cf426d5bba34e1da4a2cc98b0b57 | ||
| sha256 | 30c4e25684b6b1cdb17a60b03ec64575721caf265553368425c221a3de7e5e67 | ||
| ssdeep | 12288:f6byDnEjajHB6VJ1ompun/1RdzLL6lzxd6L:f6+DESB6VIeC/tzLWL6L | ||
| imphash | 7fd6de8b7ac14820eae90d7350ac48ac | ||
| impfuzzy | 24:Xi0Z9oOovbKwdv8hDok7Prv2+fjlnt2M+uJqJ36yvEFQOTl5l9wjMlH:bZZ7+q7Py+fRt2M+wKjcTV | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 19 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x460000 GlobalDeleteAtom
0x460004 GetLocaleInfoA
0x460008 HeapAlloc
0x46000c InterlockedDecrement
0x460010 GetEnvironmentStringsW
0x460014 GetUserDefaultLCID
0x460018 AddConsoleAliasW
0x46001c SetEvent
0x460020 GetCommandLineA
0x460024 ReadFileScatter
0x460028 LeaveCriticalSection
0x46002c GetFileAttributesA
0x460030 FindNextVolumeW
0x460034 WriteConsoleW
0x460038 CreateActCtxA
0x46003c GetDevicePowerState
0x460040 ReleaseSemaphore
0x460044 GetProcAddress
0x460048 VerLanguageNameA
0x46004c GetProcessId
0x460050 LocalAlloc
0x460054 CreateTapePartition
0x460058 RemoveDirectoryW
0x46005c EnumResourceTypesW
0x460060 GetModuleFileNameA
0x460064 GetModuleHandleA
0x460068 FindFirstVolumeA
0x46006c EndUpdateResourceA
0x460070 GetCurrentProcessId
0x460074 FindNextVolumeA
0x460078 lstrcpyA
0x46007c InterlockedIncrement
0x460080 Sleep
0x460084 InitializeCriticalSection
0x460088 DeleteCriticalSection
0x46008c EnterCriticalSection
0x460090 GetLastError
0x460094 HeapFree
0x460098 TerminateProcess
0x46009c GetCurrentProcess
0x4600a0 UnhandledExceptionFilter
0x4600a4 SetUnhandledExceptionFilter
0x4600a8 IsDebuggerPresent
0x4600ac GetStartupInfoA
0x4600b0 RtlUnwind
0x4600b4 RaiseException
0x4600b8 LCMapStringA
0x4600bc WideCharToMultiByte
0x4600c0 MultiByteToWideChar
0x4600c4 LCMapStringW
0x4600c8 GetCPInfo
0x4600cc HeapCreate
0x4600d0 VirtualFree
0x4600d4 VirtualAlloc
0x4600d8 HeapReAlloc
0x4600dc GetModuleHandleW
0x4600e0 ExitProcess
0x4600e4 WriteFile
0x4600e8 GetStdHandle
0x4600ec TlsGetValue
0x4600f0 TlsAlloc
0x4600f4 TlsSetValue
0x4600f8 TlsFree
0x4600fc SetLastError
0x460100 GetCurrentThreadId
0x460104 SetHandleCount
0x460108 GetFileType
0x46010c SetFilePointer
0x460110 FreeEnvironmentStringsA
0x460114 GetEnvironmentStrings
0x460118 FreeEnvironmentStringsW
0x46011c QueryPerformanceCounter
0x460120 GetTickCount
0x460124 GetSystemTimeAsFileTime
0x460128 HeapSize
0x46012c GetACP
0x460130 GetOEMCP
0x460134 IsValidCodePage
0x460138 EnumSystemLocalesA
0x46013c IsValidLocale
0x460140 GetStringTypeA
0x460144 GetStringTypeW
0x460148 InitializeCriticalSectionAndSpinCount
0x46014c LoadLibraryA
0x460150 SetStdHandle
0x460154 GetConsoleCP
0x460158 GetConsoleMode
0x46015c FlushFileBuffers
0x460160 GetLocaleInfoW
0x460164 WriteConsoleA
0x460168 GetConsoleOutputCP
0x46016c CloseHandle
0x460170 CreateFileA
EAT(Export Address Table) Library
0x401669 @SetFirstVice@8
KERNEL32.dll
0x460000 GlobalDeleteAtom
0x460004 GetLocaleInfoA
0x460008 HeapAlloc
0x46000c InterlockedDecrement
0x460010 GetEnvironmentStringsW
0x460014 GetUserDefaultLCID
0x460018 AddConsoleAliasW
0x46001c SetEvent
0x460020 GetCommandLineA
0x460024 ReadFileScatter
0x460028 LeaveCriticalSection
0x46002c GetFileAttributesA
0x460030 FindNextVolumeW
0x460034 WriteConsoleW
0x460038 CreateActCtxA
0x46003c GetDevicePowerState
0x460040 ReleaseSemaphore
0x460044 GetProcAddress
0x460048 VerLanguageNameA
0x46004c GetProcessId
0x460050 LocalAlloc
0x460054 CreateTapePartition
0x460058 RemoveDirectoryW
0x46005c EnumResourceTypesW
0x460060 GetModuleFileNameA
0x460064 GetModuleHandleA
0x460068 FindFirstVolumeA
0x46006c EndUpdateResourceA
0x460070 GetCurrentProcessId
0x460074 FindNextVolumeA
0x460078 lstrcpyA
0x46007c InterlockedIncrement
0x460080 Sleep
0x460084 InitializeCriticalSection
0x460088 DeleteCriticalSection
0x46008c EnterCriticalSection
0x460090 GetLastError
0x460094 HeapFree
0x460098 TerminateProcess
0x46009c GetCurrentProcess
0x4600a0 UnhandledExceptionFilter
0x4600a4 SetUnhandledExceptionFilter
0x4600a8 IsDebuggerPresent
0x4600ac GetStartupInfoA
0x4600b0 RtlUnwind
0x4600b4 RaiseException
0x4600b8 LCMapStringA
0x4600bc WideCharToMultiByte
0x4600c0 MultiByteToWideChar
0x4600c4 LCMapStringW
0x4600c8 GetCPInfo
0x4600cc HeapCreate
0x4600d0 VirtualFree
0x4600d4 VirtualAlloc
0x4600d8 HeapReAlloc
0x4600dc GetModuleHandleW
0x4600e0 ExitProcess
0x4600e4 WriteFile
0x4600e8 GetStdHandle
0x4600ec TlsGetValue
0x4600f0 TlsAlloc
0x4600f4 TlsSetValue
0x4600f8 TlsFree
0x4600fc SetLastError
0x460100 GetCurrentThreadId
0x460104 SetHandleCount
0x460108 GetFileType
0x46010c SetFilePointer
0x460110 FreeEnvironmentStringsA
0x460114 GetEnvironmentStrings
0x460118 FreeEnvironmentStringsW
0x46011c QueryPerformanceCounter
0x460120 GetTickCount
0x460124 GetSystemTimeAsFileTime
0x460128 HeapSize
0x46012c GetACP
0x460130 GetOEMCP
0x460134 IsValidCodePage
0x460138 EnumSystemLocalesA
0x46013c IsValidLocale
0x460140 GetStringTypeA
0x460144 GetStringTypeW
0x460148 InitializeCriticalSectionAndSpinCount
0x46014c LoadLibraryA
0x460150 SetStdHandle
0x460154 GetConsoleCP
0x460158 GetConsoleMode
0x46015c FlushFileBuffers
0x460160 GetLocaleInfoW
0x460164 WriteConsoleA
0x460168 GetConsoleOutputCP
0x46016c CloseHandle
0x460170 CreateFileA
EAT(Export Address Table) Library
0x401669 @SetFirstVice@8