ScreenShot
| Created | 2021.10.01 22:31 | Machine | s1_win7_x6401 |
| Filename | file.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 22 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, ZexaF, yq0@aas5FgnO, Kryptik, Eldorado, Zenpak, Emotet, UrSnif, kcloud, Sabsik, score, Artemis, Generic@ML, RDML, xRBFtvwffwxs2x1E5Vahfg, Static AI, Malicious PE, confidence, 100%) | ||
| md5 | 69dce54e4a4ae2dd643fb18d2fe99341 | ||
| sha256 | 90145ecdcdb80f34c3246bc485a714535af298d7bd195e79bd2174fda5a714ec | ||
| ssdeep | 6144:wgoe+sL5xvVZwm0yZPqk2d5tUL4YIE3Q4J3nGjQlNyULfTY/9qJL6cOOhxxdeTri:WslFwSNG5g4YI+GjQlMOL6azxd6L | ||
| imphash | 21506be3202517bb1e8cd3e1062868ad | ||
| impfuzzy | 24:jO0i0Z9JKqaDokTArv2+fjlntcM+uJqJ36yvuOTwBjM2l9Hz9:CmZulTAy+fRtcM+wKj/eF | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x439000 GetCommandLineW
0x439004 GlobalDeleteAtom
0x439008 GetLocaleInfoA
0x43900c HeapAlloc
0x439010 InterlockedDecrement
0x439014 GetEnvironmentStringsW
0x439018 GetUserDefaultLCID
0x43901c AddConsoleAliasW
0x439020 SetEvent
0x439024 GetSystemTimeAsFileTime
0x439028 GlobalAlloc
0x43902c ReadFileScatter
0x439030 LeaveCriticalSection
0x439034 GetFileAttributesA
0x439038 WriteConsoleW
0x43903c CreateActCtxA
0x439040 ReleaseSemaphore
0x439044 FlushFileBuffers
0x439048 GetProcAddress
0x43904c VerLanguageNameA
0x439050 GetProcessId
0x439054 RemoveDirectoryW
0x439058 EnumResourceTypesW
0x43905c GetModuleFileNameA
0x439060 DebugSetProcessKillOnExit
0x439064 GetModuleHandleA
0x439068 EraseTape
0x43906c FindFirstVolumeA
0x439070 EndUpdateResourceA
0x439074 GetCurrentProcessId
0x439078 FindNextVolumeA
0x43907c lstrcpyA
0x439080 InterlockedIncrement
0x439084 Sleep
0x439088 InitializeCriticalSection
0x43908c DeleteCriticalSection
0x439090 EnterCriticalSection
0x439094 GetLastError
0x439098 HeapFree
0x43909c TerminateProcess
0x4390a0 GetCurrentProcess
0x4390a4 UnhandledExceptionFilter
0x4390a8 SetUnhandledExceptionFilter
0x4390ac IsDebuggerPresent
0x4390b0 GetStartupInfoW
0x4390b4 RtlUnwind
0x4390b8 RaiseException
0x4390bc LCMapStringA
0x4390c0 WideCharToMultiByte
0x4390c4 MultiByteToWideChar
0x4390c8 LCMapStringW
0x4390cc GetCPInfo
0x4390d0 HeapCreate
0x4390d4 VirtualFree
0x4390d8 VirtualAlloc
0x4390dc HeapReAlloc
0x4390e0 GetModuleHandleW
0x4390e4 ExitProcess
0x4390e8 WriteFile
0x4390ec GetStdHandle
0x4390f0 TlsGetValue
0x4390f4 TlsAlloc
0x4390f8 TlsSetValue
0x4390fc TlsFree
0x439100 SetLastError
0x439104 GetCurrentThreadId
0x439108 SetHandleCount
0x43910c GetFileType
0x439110 GetStartupInfoA
0x439114 SetFilePointer
0x439118 GetModuleFileNameW
0x43911c FreeEnvironmentStringsW
0x439120 QueryPerformanceCounter
0x439124 GetTickCount
0x439128 HeapSize
0x43912c GetACP
0x439130 GetOEMCP
0x439134 IsValidCodePage
0x439138 EnumSystemLocalesA
0x43913c IsValidLocale
0x439140 GetStringTypeA
0x439144 GetStringTypeW
0x439148 GetConsoleCP
0x43914c GetConsoleMode
0x439150 InitializeCriticalSectionAndSpinCount
0x439154 LoadLibraryA
0x439158 CloseHandle
0x43915c CreateFileA
0x439160 SetStdHandle
0x439164 GetLocaleInfoW
0x439168 WriteConsoleA
0x43916c GetConsoleOutputCP
0x439170 SetEndOfFile
0x439174 GetProcessHeap
0x439178 ReadFile
EAT(Export Address Table) Library
0x401645 @SetFirstVice@8
KERNEL32.dll
0x439000 GetCommandLineW
0x439004 GlobalDeleteAtom
0x439008 GetLocaleInfoA
0x43900c HeapAlloc
0x439010 InterlockedDecrement
0x439014 GetEnvironmentStringsW
0x439018 GetUserDefaultLCID
0x43901c AddConsoleAliasW
0x439020 SetEvent
0x439024 GetSystemTimeAsFileTime
0x439028 GlobalAlloc
0x43902c ReadFileScatter
0x439030 LeaveCriticalSection
0x439034 GetFileAttributesA
0x439038 WriteConsoleW
0x43903c CreateActCtxA
0x439040 ReleaseSemaphore
0x439044 FlushFileBuffers
0x439048 GetProcAddress
0x43904c VerLanguageNameA
0x439050 GetProcessId
0x439054 RemoveDirectoryW
0x439058 EnumResourceTypesW
0x43905c GetModuleFileNameA
0x439060 DebugSetProcessKillOnExit
0x439064 GetModuleHandleA
0x439068 EraseTape
0x43906c FindFirstVolumeA
0x439070 EndUpdateResourceA
0x439074 GetCurrentProcessId
0x439078 FindNextVolumeA
0x43907c lstrcpyA
0x439080 InterlockedIncrement
0x439084 Sleep
0x439088 InitializeCriticalSection
0x43908c DeleteCriticalSection
0x439090 EnterCriticalSection
0x439094 GetLastError
0x439098 HeapFree
0x43909c TerminateProcess
0x4390a0 GetCurrentProcess
0x4390a4 UnhandledExceptionFilter
0x4390a8 SetUnhandledExceptionFilter
0x4390ac IsDebuggerPresent
0x4390b0 GetStartupInfoW
0x4390b4 RtlUnwind
0x4390b8 RaiseException
0x4390bc LCMapStringA
0x4390c0 WideCharToMultiByte
0x4390c4 MultiByteToWideChar
0x4390c8 LCMapStringW
0x4390cc GetCPInfo
0x4390d0 HeapCreate
0x4390d4 VirtualFree
0x4390d8 VirtualAlloc
0x4390dc HeapReAlloc
0x4390e0 GetModuleHandleW
0x4390e4 ExitProcess
0x4390e8 WriteFile
0x4390ec GetStdHandle
0x4390f0 TlsGetValue
0x4390f4 TlsAlloc
0x4390f8 TlsSetValue
0x4390fc TlsFree
0x439100 SetLastError
0x439104 GetCurrentThreadId
0x439108 SetHandleCount
0x43910c GetFileType
0x439110 GetStartupInfoA
0x439114 SetFilePointer
0x439118 GetModuleFileNameW
0x43911c FreeEnvironmentStringsW
0x439120 QueryPerformanceCounter
0x439124 GetTickCount
0x439128 HeapSize
0x43912c GetACP
0x439130 GetOEMCP
0x439134 IsValidCodePage
0x439138 EnumSystemLocalesA
0x43913c IsValidLocale
0x439140 GetStringTypeA
0x439144 GetStringTypeW
0x439148 GetConsoleCP
0x43914c GetConsoleMode
0x439150 InitializeCriticalSectionAndSpinCount
0x439154 LoadLibraryA
0x439158 CloseHandle
0x43915c CreateFileA
0x439160 SetStdHandle
0x439164 GetLocaleInfoW
0x439168 WriteConsoleA
0x43916c GetConsoleOutputCP
0x439170 SetEndOfFile
0x439174 GetProcessHeap
0x439178 ReadFile
EAT(Export Address Table) Library
0x401645 @SetFirstVice@8