ScreenShot
| Created | 2021.10.01 22:22 | Machine | s1_win7_x6401 |
| Filename | ferrarr.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 151150f1623ec344306be5c20627f3e9 | ||
| sha256 | 80650dabfd063ebec610836ad8a675a6bccd7b14f14552e132729b523420ff8a | ||
| ssdeep | 6144:+JKfpLuUEssvdgRD7KKXe6qoPl/u4j1bHigxemF43SB+tqJL6GOOhxxdeTr/ekI:UcpCJvduaWqoPl/v12mW3SxL6kzxd6L | ||
| imphash | 0c041fb9d9286e241f4f51f0ab8f3f03 | ||
| impfuzzy | 24:jOMrZ98xKyDo6b5rn2+fjlktcM+u1qJ36yvuHOTwBjM2l9Hz9:CyZ74NC+fCtcM+aKjPeF | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x436000 GetCommandLineW
0x436004 HeapReAlloc
0x436008 GlobalDeleteAtom
0x43600c GetLocaleInfoA
0x436010 EndUpdateResourceW
0x436014 InterlockedIncrement
0x436018 GetUserDefaultLCID
0x43601c AddConsoleAliasW
0x436020 SetEvent
0x436024 GetSystemTimeAsFileTime
0x436028 GetEnvironmentStrings
0x43602c GlobalAlloc
0x436030 ReadFileScatter
0x436034 LeaveCriticalSection
0x436038 GetFileAttributesA
0x43603c WriteConsoleW
0x436040 CreateActCtxA
0x436044 FlushFileBuffers
0x436048 GetProcAddress
0x43604c VerLanguageNameW
0x436050 RemoveDirectoryW
0x436054 EnumResourceTypesW
0x436058 GetModuleFileNameA
0x43605c DebugSetProcessKillOnExit
0x436060 GetModuleHandleA
0x436064 EraseTape
0x436068 FindFirstVolumeA
0x43606c ReleaseMutex
0x436070 GetCurrentProcessId
0x436074 FindNextVolumeA
0x436078 lstrcpyA
0x43607c InterlockedDecrement
0x436080 Sleep
0x436084 InitializeCriticalSection
0x436088 DeleteCriticalSection
0x43608c EnterCriticalSection
0x436090 GetLastError
0x436094 HeapFree
0x436098 HeapAlloc
0x43609c TerminateProcess
0x4360a0 GetCurrentProcess
0x4360a4 UnhandledExceptionFilter
0x4360a8 SetUnhandledExceptionFilter
0x4360ac IsDebuggerPresent
0x4360b0 GetStartupInfoW
0x4360b4 RtlUnwind
0x4360b8 RaiseException
0x4360bc LCMapStringA
0x4360c0 WideCharToMultiByte
0x4360c4 MultiByteToWideChar
0x4360c8 LCMapStringW
0x4360cc GetCPInfo
0x4360d0 HeapCreate
0x4360d4 VirtualFree
0x4360d8 VirtualAlloc
0x4360dc GetModuleHandleW
0x4360e0 ExitProcess
0x4360e4 WriteFile
0x4360e8 GetStdHandle
0x4360ec TlsGetValue
0x4360f0 TlsAlloc
0x4360f4 TlsSetValue
0x4360f8 TlsFree
0x4360fc SetLastError
0x436100 GetCurrentThreadId
0x436104 SetHandleCount
0x436108 GetFileType
0x43610c GetStartupInfoA
0x436110 SetFilePointer
0x436114 GetModuleFileNameW
0x436118 FreeEnvironmentStringsW
0x43611c GetEnvironmentStringsW
0x436120 QueryPerformanceCounter
0x436124 GetTickCount
0x436128 HeapSize
0x43612c GetACP
0x436130 GetOEMCP
0x436134 IsValidCodePage
0x436138 EnumSystemLocalesA
0x43613c IsValidLocale
0x436140 GetStringTypeA
0x436144 GetStringTypeW
0x436148 GetConsoleCP
0x43614c GetConsoleMode
0x436150 InitializeCriticalSectionAndSpinCount
0x436154 LoadLibraryA
0x436158 CloseHandle
0x43615c CreateFileA
0x436160 SetStdHandle
0x436164 GetLocaleInfoW
0x436168 WriteConsoleA
0x43616c GetConsoleOutputCP
0x436170 SetEndOfFile
0x436174 GetProcessHeap
0x436178 ReadFile
EAT(Export Address Table) Library
0x401645 @SetFirstVice@8
KERNEL32.dll
0x436000 GetCommandLineW
0x436004 HeapReAlloc
0x436008 GlobalDeleteAtom
0x43600c GetLocaleInfoA
0x436010 EndUpdateResourceW
0x436014 InterlockedIncrement
0x436018 GetUserDefaultLCID
0x43601c AddConsoleAliasW
0x436020 SetEvent
0x436024 GetSystemTimeAsFileTime
0x436028 GetEnvironmentStrings
0x43602c GlobalAlloc
0x436030 ReadFileScatter
0x436034 LeaveCriticalSection
0x436038 GetFileAttributesA
0x43603c WriteConsoleW
0x436040 CreateActCtxA
0x436044 FlushFileBuffers
0x436048 GetProcAddress
0x43604c VerLanguageNameW
0x436050 RemoveDirectoryW
0x436054 EnumResourceTypesW
0x436058 GetModuleFileNameA
0x43605c DebugSetProcessKillOnExit
0x436060 GetModuleHandleA
0x436064 EraseTape
0x436068 FindFirstVolumeA
0x43606c ReleaseMutex
0x436070 GetCurrentProcessId
0x436074 FindNextVolumeA
0x436078 lstrcpyA
0x43607c InterlockedDecrement
0x436080 Sleep
0x436084 InitializeCriticalSection
0x436088 DeleteCriticalSection
0x43608c EnterCriticalSection
0x436090 GetLastError
0x436094 HeapFree
0x436098 HeapAlloc
0x43609c TerminateProcess
0x4360a0 GetCurrentProcess
0x4360a4 UnhandledExceptionFilter
0x4360a8 SetUnhandledExceptionFilter
0x4360ac IsDebuggerPresent
0x4360b0 GetStartupInfoW
0x4360b4 RtlUnwind
0x4360b8 RaiseException
0x4360bc LCMapStringA
0x4360c0 WideCharToMultiByte
0x4360c4 MultiByteToWideChar
0x4360c8 LCMapStringW
0x4360cc GetCPInfo
0x4360d0 HeapCreate
0x4360d4 VirtualFree
0x4360d8 VirtualAlloc
0x4360dc GetModuleHandleW
0x4360e0 ExitProcess
0x4360e4 WriteFile
0x4360e8 GetStdHandle
0x4360ec TlsGetValue
0x4360f0 TlsAlloc
0x4360f4 TlsSetValue
0x4360f8 TlsFree
0x4360fc SetLastError
0x436100 GetCurrentThreadId
0x436104 SetHandleCount
0x436108 GetFileType
0x43610c GetStartupInfoA
0x436110 SetFilePointer
0x436114 GetModuleFileNameW
0x436118 FreeEnvironmentStringsW
0x43611c GetEnvironmentStringsW
0x436120 QueryPerformanceCounter
0x436124 GetTickCount
0x436128 HeapSize
0x43612c GetACP
0x436130 GetOEMCP
0x436134 IsValidCodePage
0x436138 EnumSystemLocalesA
0x43613c IsValidLocale
0x436140 GetStringTypeA
0x436144 GetStringTypeW
0x436148 GetConsoleCP
0x43614c GetConsoleMode
0x436150 InitializeCriticalSectionAndSpinCount
0x436154 LoadLibraryA
0x436158 CloseHandle
0x43615c CreateFileA
0x436160 SetStdHandle
0x436164 GetLocaleInfoW
0x436168 WriteConsoleA
0x43616c GetConsoleOutputCP
0x436170 SetEndOfFile
0x436174 GetProcessHeap
0x436178 ReadFile
EAT(Export Address Table) Library
0x401645 @SetFirstVice@8