ScreenShot
| Created | 2021.10.01 18:20 | Machine | s1_win7_x6401 |
| Filename | RepinersBouillons_1kEU.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 20 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, confidence, ZexaF, oq0@ayRNa8gO, Kryptik, Eldorado, Attribute, HighConfidence, Emotet, Sabsik, score, Static AI, Malicious PE) | ||
| md5 | 9922c2a3df88961fe463013f74e5d999 | ||
| sha256 | 89a016492d5da9187c15a992754c9f89c4d541fd62fb1cc19653e18a48618d0c | ||
| ssdeep | 3072:W/+P0dHsmKgeeNU1sjnWU8La4nleMz/ACma9ALcGXhjrj+65zrcPI1ZemXsz:W/sI9KgdO1Inp8LaKBA9X3cPI1Nu | ||
| imphash | 2966ac92acef7bd43000e50be4b3a82c | ||
| impfuzzy | 24:Qec0ZajpoOovixKudv/DoFdkqO+ICllfdYE+yvg6tyvh/J3vT42luZwjMiM/g3n:BZAWYV1+NlfrHFtcvc2s1I3 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 20 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x42b000 GetLocaleInfoA
0x42b004 LoadResource
0x42b008 HeapAlloc
0x42b00c EndUpdateResourceW
0x42b010 InterlockedDecrement
0x42b014 GetCurrentProcess
0x42b018 GetEnvironmentStringsW
0x42b01c GetUserDefaultLCID
0x42b020 WaitForSingleObject
0x42b024 AddConsoleAliasW
0x42b028 SetEvent
0x42b02c GetCommandLineA
0x42b030 GetEnvironmentStrings
0x42b034 GlobalAlloc
0x42b038 ReadFileScatter
0x42b03c LeaveCriticalSection
0x42b040 FindNextVolumeW
0x42b044 GetFileAttributesW
0x42b048 WriteConsoleW
0x42b04c CreateActCtxA
0x42b050 GetDevicePowerState
0x42b054 GetProcAddress
0x42b058 VerLanguageNameA
0x42b05c RemoveDirectoryA
0x42b060 FreeUserPhysicalPages
0x42b064 PrepareTape
0x42b068 GetProcessId
0x42b06c EnumResourceTypesW
0x42b070 GetModuleFileNameA
0x42b074 GetModuleHandleA
0x42b078 ReleaseMutex
0x42b07c LocalSize
0x42b080 FindFirstVolumeW
0x42b084 lstrcpyW
0x42b088 CreateFileA
0x42b08c GetStartupInfoA
0x42b090 DeleteCriticalSection
0x42b094 EnterCriticalSection
0x42b098 HeapFree
0x42b09c VirtualFree
0x42b0a0 VirtualAlloc
0x42b0a4 HeapReAlloc
0x42b0a8 HeapCreate
0x42b0ac GetModuleHandleW
0x42b0b0 Sleep
0x42b0b4 ExitProcess
0x42b0b8 WriteFile
0x42b0bc GetStdHandle
0x42b0c0 SetHandleCount
0x42b0c4 GetFileType
0x42b0c8 GetLastError
0x42b0cc SetFilePointer
0x42b0d0 TerminateProcess
0x42b0d4 UnhandledExceptionFilter
0x42b0d8 SetUnhandledExceptionFilter
0x42b0dc IsDebuggerPresent
0x42b0e0 FreeEnvironmentStringsA
0x42b0e4 FreeEnvironmentStringsW
0x42b0e8 WideCharToMultiByte
0x42b0ec TlsGetValue
0x42b0f0 TlsAlloc
0x42b0f4 TlsSetValue
0x42b0f8 TlsFree
0x42b0fc InterlockedIncrement
0x42b100 SetLastError
0x42b104 GetCurrentThreadId
0x42b108 QueryPerformanceCounter
0x42b10c GetTickCount
0x42b110 GetCurrentProcessId
0x42b114 GetSystemTimeAsFileTime
0x42b118 InitializeCriticalSectionAndSpinCount
0x42b11c RtlUnwind
0x42b120 LoadLibraryA
0x42b124 SetStdHandle
0x42b128 GetConsoleCP
0x42b12c GetConsoleMode
0x42b130 FlushFileBuffers
0x42b134 GetCPInfo
0x42b138 GetACP
0x42b13c GetOEMCP
0x42b140 IsValidCodePage
0x42b144 HeapSize
0x42b148 WriteConsoleA
0x42b14c GetConsoleOutputCP
0x42b150 MultiByteToWideChar
0x42b154 LCMapStringA
0x42b158 LCMapStringW
0x42b15c GetStringTypeA
0x42b160 GetStringTypeW
0x42b164 CloseHandle
USER32.dll
0x42b16c GetCursorPos
EAT(Export Address Table) Library
0x401000 @SetViceVariants@12
KERNEL32.dll
0x42b000 GetLocaleInfoA
0x42b004 LoadResource
0x42b008 HeapAlloc
0x42b00c EndUpdateResourceW
0x42b010 InterlockedDecrement
0x42b014 GetCurrentProcess
0x42b018 GetEnvironmentStringsW
0x42b01c GetUserDefaultLCID
0x42b020 WaitForSingleObject
0x42b024 AddConsoleAliasW
0x42b028 SetEvent
0x42b02c GetCommandLineA
0x42b030 GetEnvironmentStrings
0x42b034 GlobalAlloc
0x42b038 ReadFileScatter
0x42b03c LeaveCriticalSection
0x42b040 FindNextVolumeW
0x42b044 GetFileAttributesW
0x42b048 WriteConsoleW
0x42b04c CreateActCtxA
0x42b050 GetDevicePowerState
0x42b054 GetProcAddress
0x42b058 VerLanguageNameA
0x42b05c RemoveDirectoryA
0x42b060 FreeUserPhysicalPages
0x42b064 PrepareTape
0x42b068 GetProcessId
0x42b06c EnumResourceTypesW
0x42b070 GetModuleFileNameA
0x42b074 GetModuleHandleA
0x42b078 ReleaseMutex
0x42b07c LocalSize
0x42b080 FindFirstVolumeW
0x42b084 lstrcpyW
0x42b088 CreateFileA
0x42b08c GetStartupInfoA
0x42b090 DeleteCriticalSection
0x42b094 EnterCriticalSection
0x42b098 HeapFree
0x42b09c VirtualFree
0x42b0a0 VirtualAlloc
0x42b0a4 HeapReAlloc
0x42b0a8 HeapCreate
0x42b0ac GetModuleHandleW
0x42b0b0 Sleep
0x42b0b4 ExitProcess
0x42b0b8 WriteFile
0x42b0bc GetStdHandle
0x42b0c0 SetHandleCount
0x42b0c4 GetFileType
0x42b0c8 GetLastError
0x42b0cc SetFilePointer
0x42b0d0 TerminateProcess
0x42b0d4 UnhandledExceptionFilter
0x42b0d8 SetUnhandledExceptionFilter
0x42b0dc IsDebuggerPresent
0x42b0e0 FreeEnvironmentStringsA
0x42b0e4 FreeEnvironmentStringsW
0x42b0e8 WideCharToMultiByte
0x42b0ec TlsGetValue
0x42b0f0 TlsAlloc
0x42b0f4 TlsSetValue
0x42b0f8 TlsFree
0x42b0fc InterlockedIncrement
0x42b100 SetLastError
0x42b104 GetCurrentThreadId
0x42b108 QueryPerformanceCounter
0x42b10c GetTickCount
0x42b110 GetCurrentProcessId
0x42b114 GetSystemTimeAsFileTime
0x42b118 InitializeCriticalSectionAndSpinCount
0x42b11c RtlUnwind
0x42b120 LoadLibraryA
0x42b124 SetStdHandle
0x42b128 GetConsoleCP
0x42b12c GetConsoleMode
0x42b130 FlushFileBuffers
0x42b134 GetCPInfo
0x42b138 GetACP
0x42b13c GetOEMCP
0x42b140 IsValidCodePage
0x42b144 HeapSize
0x42b148 WriteConsoleA
0x42b14c GetConsoleOutputCP
0x42b150 MultiByteToWideChar
0x42b154 LCMapStringA
0x42b158 LCMapStringW
0x42b15c GetStringTypeA
0x42b160 GetStringTypeW
0x42b164 CloseHandle
USER32.dll
0x42b16c GetCursorPos
EAT(Export Address Table) Library
0x401000 @SetViceVariants@12