ScreenShot
| Created | 2021.10.01 18:18 | Machine | s1_win7_x6402 |
| Filename | file.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 38 detected (AIDetect, malware1, malicious, high confidence, score, Stop, Unsafe, Save, confidence, 100%, Eldorado, Attribute, HighConfidence, Kryptik, HMRV, Fragtor, PWSX, DownLoader42, Outbreak, kcloud, Sabsik, ZexaF, uuW@aO7N@8bO, ai score=87, CLASSIC, Static AI, Malicious PE) | ||
| md5 | 5861a5c311151e853ce704c5268981d6 | ||
| sha256 | 4f3ba9f2d7e8979ac9fe1be297c90314a2ee9065bfcf0073c2b1815c425b16db | ||
| ssdeep | 6144:KeqYFeYWRTDsLsIuihb12aQhKVYZdq6TaB2RVbGaHk2fgJXHaE:Kt+/WRTi/QhJdqjy9P1 | ||
| imphash | d31cc935cd1c6935cd48a10ef09a7414 | ||
| impfuzzy | 48:Cks1aOSFJxLXtd700OyxtfQAcxK9La5cxmr:m7QxLXtN009xtfQAcxQO5cxmr | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 38 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41a000 GetCommandLineW
0x41a004 GetThreadContext
0x41a008 SearchPathW
0x41a00c lstrlenA
0x41a010 FindResourceExW
0x41a014 CallNamedPipeA
0x41a018 InterlockedIncrement
0x41a01c GetQueuedCompletionStatus
0x41a020 GetCommState
0x41a024 GetProfileStringW
0x41a028 FreeEnvironmentStringsA
0x41a02c GetNumberFormatA
0x41a030 CreateActCtxW
0x41a034 GlobalAlloc
0x41a038 GetPrivateProfileIntA
0x41a03c GetSystemDirectoryW
0x41a040 SetFileShortNameW
0x41a044 GetVolumeInformationA
0x41a048 LoadLibraryW
0x41a04c GetSystemWow64DirectoryW
0x41a050 GetSystemWindowsDirectoryA
0x41a054 HeapDestroy
0x41a058 GetBinaryTypeA
0x41a05c GetCompressedFileSizeA
0x41a060 QueryInformationJobObject
0x41a064 GetStartupInfoW
0x41a068 LCMapStringA
0x41a06c GetPrivateProfileIntW
0x41a070 SetThreadLocale
0x41a074 FreeLibraryAndExitThread
0x41a078 GetLastError
0x41a07c SetLastError
0x41a080 GetProcAddress
0x41a084 CreateNamedPipeA
0x41a088 SetStdHandle
0x41a08c LoadLibraryA
0x41a090 CreateSemaphoreW
0x41a094 FindAtomA
0x41a098 GetModuleFileNameA
0x41a09c FindNextFileA
0x41a0a0 CreateIoCompletionPort
0x41a0a4 FindFirstChangeNotificationA
0x41a0a8 HeapSetInformation
0x41a0ac GetCurrentDirectoryA
0x41a0b0 GetCPInfoExA
0x41a0b4 FindAtomW
0x41a0b8 UnregisterWaitEx
0x41a0bc GetSystemTime
0x41a0c0 CopyFileExA
0x41a0c4 DeleteFileA
0x41a0c8 InterlockedDecrement
0x41a0cc DecodePointer
0x41a0d0 GetModuleHandleW
0x41a0d4 ExitProcess
0x41a0d8 TerminateProcess
0x41a0dc GetCurrentProcess
0x41a0e0 UnhandledExceptionFilter
0x41a0e4 SetUnhandledExceptionFilter
0x41a0e8 IsDebuggerPresent
0x41a0ec EncodePointer
0x41a0f0 GetModuleFileNameW
0x41a0f4 WriteFile
0x41a0f8 GetStdHandle
0x41a0fc RtlUnwind
0x41a100 GetACP
0x41a104 GetOEMCP
0x41a108 GetCPInfo
0x41a10c IsValidCodePage
0x41a110 TlsAlloc
0x41a114 TlsGetValue
0x41a118 TlsSetValue
0x41a11c GetCurrentThreadId
0x41a120 TlsFree
0x41a124 QueryPerformanceCounter
0x41a128 GetTickCount
0x41a12c GetCurrentProcessId
0x41a130 GetSystemTimeAsFileTime
0x41a134 FreeEnvironmentStringsW
0x41a138 GetEnvironmentStringsW
0x41a13c SetHandleCount
0x41a140 InitializeCriticalSectionAndSpinCount
0x41a144 GetFileType
0x41a148 DeleteCriticalSection
0x41a14c HeapValidate
0x41a150 IsBadReadPtr
0x41a154 HeapCreate
0x41a158 EnterCriticalSection
0x41a15c LeaveCriticalSection
0x41a160 SetFilePointer
0x41a164 WideCharToMultiByte
0x41a168 GetConsoleCP
0x41a16c GetConsoleMode
0x41a170 OutputDebugStringA
0x41a174 WriteConsoleW
0x41a178 OutputDebugStringW
0x41a17c GetStringTypeW
0x41a180 MultiByteToWideChar
0x41a184 LCMapStringW
0x41a188 HeapAlloc
0x41a18c HeapReAlloc
0x41a190 HeapSize
0x41a194 HeapQueryInformation
0x41a198 HeapFree
0x41a19c IsProcessorFeaturePresent
0x41a1a0 RaiseException
0x41a1a4 CreateFileW
0x41a1a8 CloseHandle
0x41a1ac FlushFileBuffers
EAT(Export Address Table) is none
KERNEL32.dll
0x41a000 GetCommandLineW
0x41a004 GetThreadContext
0x41a008 SearchPathW
0x41a00c lstrlenA
0x41a010 FindResourceExW
0x41a014 CallNamedPipeA
0x41a018 InterlockedIncrement
0x41a01c GetQueuedCompletionStatus
0x41a020 GetCommState
0x41a024 GetProfileStringW
0x41a028 FreeEnvironmentStringsA
0x41a02c GetNumberFormatA
0x41a030 CreateActCtxW
0x41a034 GlobalAlloc
0x41a038 GetPrivateProfileIntA
0x41a03c GetSystemDirectoryW
0x41a040 SetFileShortNameW
0x41a044 GetVolumeInformationA
0x41a048 LoadLibraryW
0x41a04c GetSystemWow64DirectoryW
0x41a050 GetSystemWindowsDirectoryA
0x41a054 HeapDestroy
0x41a058 GetBinaryTypeA
0x41a05c GetCompressedFileSizeA
0x41a060 QueryInformationJobObject
0x41a064 GetStartupInfoW
0x41a068 LCMapStringA
0x41a06c GetPrivateProfileIntW
0x41a070 SetThreadLocale
0x41a074 FreeLibraryAndExitThread
0x41a078 GetLastError
0x41a07c SetLastError
0x41a080 GetProcAddress
0x41a084 CreateNamedPipeA
0x41a088 SetStdHandle
0x41a08c LoadLibraryA
0x41a090 CreateSemaphoreW
0x41a094 FindAtomA
0x41a098 GetModuleFileNameA
0x41a09c FindNextFileA
0x41a0a0 CreateIoCompletionPort
0x41a0a4 FindFirstChangeNotificationA
0x41a0a8 HeapSetInformation
0x41a0ac GetCurrentDirectoryA
0x41a0b0 GetCPInfoExA
0x41a0b4 FindAtomW
0x41a0b8 UnregisterWaitEx
0x41a0bc GetSystemTime
0x41a0c0 CopyFileExA
0x41a0c4 DeleteFileA
0x41a0c8 InterlockedDecrement
0x41a0cc DecodePointer
0x41a0d0 GetModuleHandleW
0x41a0d4 ExitProcess
0x41a0d8 TerminateProcess
0x41a0dc GetCurrentProcess
0x41a0e0 UnhandledExceptionFilter
0x41a0e4 SetUnhandledExceptionFilter
0x41a0e8 IsDebuggerPresent
0x41a0ec EncodePointer
0x41a0f0 GetModuleFileNameW
0x41a0f4 WriteFile
0x41a0f8 GetStdHandle
0x41a0fc RtlUnwind
0x41a100 GetACP
0x41a104 GetOEMCP
0x41a108 GetCPInfo
0x41a10c IsValidCodePage
0x41a110 TlsAlloc
0x41a114 TlsGetValue
0x41a118 TlsSetValue
0x41a11c GetCurrentThreadId
0x41a120 TlsFree
0x41a124 QueryPerformanceCounter
0x41a128 GetTickCount
0x41a12c GetCurrentProcessId
0x41a130 GetSystemTimeAsFileTime
0x41a134 FreeEnvironmentStringsW
0x41a138 GetEnvironmentStringsW
0x41a13c SetHandleCount
0x41a140 InitializeCriticalSectionAndSpinCount
0x41a144 GetFileType
0x41a148 DeleteCriticalSection
0x41a14c HeapValidate
0x41a150 IsBadReadPtr
0x41a154 HeapCreate
0x41a158 EnterCriticalSection
0x41a15c LeaveCriticalSection
0x41a160 SetFilePointer
0x41a164 WideCharToMultiByte
0x41a168 GetConsoleCP
0x41a16c GetConsoleMode
0x41a170 OutputDebugStringA
0x41a174 WriteConsoleW
0x41a178 OutputDebugStringW
0x41a17c GetStringTypeW
0x41a180 MultiByteToWideChar
0x41a184 LCMapStringW
0x41a188 HeapAlloc
0x41a18c HeapReAlloc
0x41a190 HeapSize
0x41a194 HeapQueryInformation
0x41a198 HeapFree
0x41a19c IsProcessorFeaturePresent
0x41a1a0 RaiseException
0x41a1a4 CreateFileW
0x41a1a8 CloseHandle
0x41a1ac FlushFileBuffers
EAT(Export Address Table) is none