ScreenShot
| Created | 2021.10.01 18:18 | Machine | s1_win7_x6401 |
| Filename | 58.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 27 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, confidence, 100%, Kryptik, Eldorado, Attribute, HighConfidence, HMQH, Zenpak, Emotet, Static AI, Malicious PE, StopCrypt, score, SmokeLoader, R443048, BScope, Mokes, MachineLearning, Anomalous, CLASSIC, ZexaF, lq0@aScgYveO, Genetic) | ||
| md5 | e2940574458fd1cc3235a22b30f48fdd | ||
| sha256 | e6816ec0fdc24c0d4af9ba973f1764af7bc1f32592090318dfeb6be036bcac03 | ||
| ssdeep | 3072:3gSguEtnGk+xIpEzfgJBBe4ChxY+2q/NfQoqTQyl6zZsqfPIAXz:3WuEtGk+ipEcWxJhqoqTQ0qfPD | ||
| imphash | f98cc9327e2d65cc6189a693f26e1c1d | ||
| impfuzzy | 24:MiiIjwOovrakpEdv/DzklTEbrRqlvfdYA+yvgOtyv8J3IjT4zluZwjMF9z3n:z/Q/MUdk4vfNH7t/MczsVz3 | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x421000 HeapReAlloc
0x421004 GetLocaleInfoA
0x421008 LoadResource
0x42100c InterlockedIncrement
0x421010 GetEnvironmentStringsW
0x421014 AddConsoleAliasW
0x421018 SetEvent
0x42101c OpenSemaphoreA
0x421020 GetSystemTimeAsFileTime
0x421024 GetCommandLineA
0x421028 WriteFileGather
0x42102c CreateActCtxW
0x421030 GetEnvironmentStrings
0x421034 LeaveCriticalSection
0x421038 GetFileAttributesA
0x42103c ReadFile
0x421040 GetDevicePowerState
0x421044 GetProcAddress
0x421048 FreeUserPhysicalPages
0x42104c VerLanguageNameW
0x421050 WriteConsoleA
0x421054 GetProcessId
0x421058 LocalAlloc
0x42105c RemoveDirectoryW
0x421060 GlobalGetAtomNameW
0x421064 WaitForMultipleObjects
0x421068 EnumResourceTypesW
0x42106c GetModuleFileNameA
0x421070 GetModuleHandleA
0x421074 EraseTape
0x421078 GetStringTypeW
0x42107c ReleaseMutex
0x421080 EndUpdateResourceA
0x421084 LocalSize
0x421088 FindFirstVolumeW
0x42108c FindNextVolumeA
0x421090 lstrcpyW
0x421094 HeapAlloc
0x421098 GetStartupInfoA
0x42109c DeleteCriticalSection
0x4210a0 EnterCriticalSection
0x4210a4 HeapFree
0x4210a8 VirtualFree
0x4210ac VirtualAlloc
0x4210b0 HeapCreate
0x4210b4 GetModuleHandleW
0x4210b8 Sleep
0x4210bc ExitProcess
0x4210c0 WriteFile
0x4210c4 GetStdHandle
0x4210c8 SetHandleCount
0x4210cc GetFileType
0x4210d0 GetLastError
0x4210d4 SetFilePointer
0x4210d8 TerminateProcess
0x4210dc GetCurrentProcess
0x4210e0 UnhandledExceptionFilter
0x4210e4 SetUnhandledExceptionFilter
0x4210e8 IsDebuggerPresent
0x4210ec FreeEnvironmentStringsA
0x4210f0 FreeEnvironmentStringsW
0x4210f4 WideCharToMultiByte
0x4210f8 TlsGetValue
0x4210fc TlsAlloc
0x421100 TlsSetValue
0x421104 TlsFree
0x421108 SetLastError
0x42110c GetCurrentThreadId
0x421110 InterlockedDecrement
0x421114 QueryPerformanceCounter
0x421118 GetTickCount
0x42111c GetCurrentProcessId
0x421120 InitializeCriticalSectionAndSpinCount
0x421124 RtlUnwind
0x421128 LoadLibraryA
0x42112c SetStdHandle
0x421130 GetConsoleCP
0x421134 GetConsoleMode
0x421138 FlushFileBuffers
0x42113c GetCPInfo
0x421140 GetACP
0x421144 GetOEMCP
0x421148 IsValidCodePage
0x42114c HeapSize
0x421150 GetConsoleOutputCP
0x421154 WriteConsoleW
0x421158 MultiByteToWideChar
0x42115c LCMapStringA
0x421160 LCMapStringW
0x421164 GetStringTypeA
0x421168 CloseHandle
0x42116c CreateFileA
USER32.dll
0x421174 GetCursorPos
EAT(Export Address Table) Library
0x401000 @SetViceVariants@12
KERNEL32.dll
0x421000 HeapReAlloc
0x421004 GetLocaleInfoA
0x421008 LoadResource
0x42100c InterlockedIncrement
0x421010 GetEnvironmentStringsW
0x421014 AddConsoleAliasW
0x421018 SetEvent
0x42101c OpenSemaphoreA
0x421020 GetSystemTimeAsFileTime
0x421024 GetCommandLineA
0x421028 WriteFileGather
0x42102c CreateActCtxW
0x421030 GetEnvironmentStrings
0x421034 LeaveCriticalSection
0x421038 GetFileAttributesA
0x42103c ReadFile
0x421040 GetDevicePowerState
0x421044 GetProcAddress
0x421048 FreeUserPhysicalPages
0x42104c VerLanguageNameW
0x421050 WriteConsoleA
0x421054 GetProcessId
0x421058 LocalAlloc
0x42105c RemoveDirectoryW
0x421060 GlobalGetAtomNameW
0x421064 WaitForMultipleObjects
0x421068 EnumResourceTypesW
0x42106c GetModuleFileNameA
0x421070 GetModuleHandleA
0x421074 EraseTape
0x421078 GetStringTypeW
0x42107c ReleaseMutex
0x421080 EndUpdateResourceA
0x421084 LocalSize
0x421088 FindFirstVolumeW
0x42108c FindNextVolumeA
0x421090 lstrcpyW
0x421094 HeapAlloc
0x421098 GetStartupInfoA
0x42109c DeleteCriticalSection
0x4210a0 EnterCriticalSection
0x4210a4 HeapFree
0x4210a8 VirtualFree
0x4210ac VirtualAlloc
0x4210b0 HeapCreate
0x4210b4 GetModuleHandleW
0x4210b8 Sleep
0x4210bc ExitProcess
0x4210c0 WriteFile
0x4210c4 GetStdHandle
0x4210c8 SetHandleCount
0x4210cc GetFileType
0x4210d0 GetLastError
0x4210d4 SetFilePointer
0x4210d8 TerminateProcess
0x4210dc GetCurrentProcess
0x4210e0 UnhandledExceptionFilter
0x4210e4 SetUnhandledExceptionFilter
0x4210e8 IsDebuggerPresent
0x4210ec FreeEnvironmentStringsA
0x4210f0 FreeEnvironmentStringsW
0x4210f4 WideCharToMultiByte
0x4210f8 TlsGetValue
0x4210fc TlsAlloc
0x421100 TlsSetValue
0x421104 TlsFree
0x421108 SetLastError
0x42110c GetCurrentThreadId
0x421110 InterlockedDecrement
0x421114 QueryPerformanceCounter
0x421118 GetTickCount
0x42111c GetCurrentProcessId
0x421120 InitializeCriticalSectionAndSpinCount
0x421124 RtlUnwind
0x421128 LoadLibraryA
0x42112c SetStdHandle
0x421130 GetConsoleCP
0x421134 GetConsoleMode
0x421138 FlushFileBuffers
0x42113c GetCPInfo
0x421140 GetACP
0x421144 GetOEMCP
0x421148 IsValidCodePage
0x42114c HeapSize
0x421150 GetConsoleOutputCP
0x421154 WriteConsoleW
0x421158 MultiByteToWideChar
0x42115c LCMapStringA
0x421160 LCMapStringW
0x421164 GetStringTypeA
0x421168 CloseHandle
0x42116c CreateFileA
USER32.dll
0x421174 GetCursorPos
EAT(Export Address Table) Library
0x401000 @SetViceVariants@12