ScreenShot
| Created | 2021.10.01 22:35 | Machine | s1_win7_x6401 |
| Filename | runvd.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 21 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, ZexaF, Uq0@aGsNP6iO, Kryptik, Eldorado, Attribute, HighConfidence, Email, LovGate, Static AI, Malicious PE, Sabsik, score, MachineLearning, Anomalous, Generic@ML, RDML, yZQHcII6mRL0jGbluLal+Q, UrSnif, confidence, 100%) | ||
| md5 | d5eff41f5439c86a15b26aa5e04252c2 | ||
| sha256 | 1a72079d53840246688abae153658218375111ad2ebb2f7d9eb9198a060e0497 | ||
| ssdeep | 12288:JTCbnszb8NYqdk23KtPNdzULiOhTVUmFwInf7SIBUVL6zzxd6L:JSszwCqW9pYL5FwInf7Sa2cL6L | ||
| imphash | 21506be3202517bb1e8cd3e1062868ad | ||
| impfuzzy | 24:jO0i0Z9JKqaDokTArv2+fjlntcM+uJqJ36yvuOTwBjM2l9Hz9:CmZulTAy+fRtcM+wKj/eF | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 21 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x48e000 GetCommandLineW
0x48e004 GlobalDeleteAtom
0x48e008 GetLocaleInfoA
0x48e00c HeapAlloc
0x48e010 InterlockedDecrement
0x48e014 GetEnvironmentStringsW
0x48e018 GetUserDefaultLCID
0x48e01c AddConsoleAliasW
0x48e020 SetEvent
0x48e024 GetSystemTimeAsFileTime
0x48e028 GlobalAlloc
0x48e02c ReadFileScatter
0x48e030 LeaveCriticalSection
0x48e034 GetFileAttributesA
0x48e038 WriteConsoleW
0x48e03c CreateActCtxA
0x48e040 ReleaseSemaphore
0x48e044 FlushFileBuffers
0x48e048 GetProcAddress
0x48e04c VerLanguageNameA
0x48e050 GetProcessId
0x48e054 RemoveDirectoryW
0x48e058 EnumResourceTypesW
0x48e05c GetModuleFileNameA
0x48e060 DebugSetProcessKillOnExit
0x48e064 GetModuleHandleA
0x48e068 EraseTape
0x48e06c FindFirstVolumeA
0x48e070 EndUpdateResourceA
0x48e074 GetCurrentProcessId
0x48e078 FindNextVolumeA
0x48e07c lstrcpyA
0x48e080 InterlockedIncrement
0x48e084 Sleep
0x48e088 InitializeCriticalSection
0x48e08c DeleteCriticalSection
0x48e090 EnterCriticalSection
0x48e094 GetLastError
0x48e098 HeapFree
0x48e09c TerminateProcess
0x48e0a0 GetCurrentProcess
0x48e0a4 UnhandledExceptionFilter
0x48e0a8 SetUnhandledExceptionFilter
0x48e0ac IsDebuggerPresent
0x48e0b0 GetStartupInfoW
0x48e0b4 RtlUnwind
0x48e0b8 RaiseException
0x48e0bc LCMapStringA
0x48e0c0 WideCharToMultiByte
0x48e0c4 MultiByteToWideChar
0x48e0c8 LCMapStringW
0x48e0cc GetCPInfo
0x48e0d0 HeapCreate
0x48e0d4 VirtualFree
0x48e0d8 VirtualAlloc
0x48e0dc HeapReAlloc
0x48e0e0 GetModuleHandleW
0x48e0e4 ExitProcess
0x48e0e8 WriteFile
0x48e0ec GetStdHandle
0x48e0f0 TlsGetValue
0x48e0f4 TlsAlloc
0x48e0f8 TlsSetValue
0x48e0fc TlsFree
0x48e100 SetLastError
0x48e104 GetCurrentThreadId
0x48e108 SetHandleCount
0x48e10c GetFileType
0x48e110 GetStartupInfoA
0x48e114 SetFilePointer
0x48e118 GetModuleFileNameW
0x48e11c FreeEnvironmentStringsW
0x48e120 QueryPerformanceCounter
0x48e124 GetTickCount
0x48e128 HeapSize
0x48e12c GetACP
0x48e130 GetOEMCP
0x48e134 IsValidCodePage
0x48e138 EnumSystemLocalesA
0x48e13c IsValidLocale
0x48e140 GetStringTypeA
0x48e144 GetStringTypeW
0x48e148 GetConsoleCP
0x48e14c GetConsoleMode
0x48e150 InitializeCriticalSectionAndSpinCount
0x48e154 LoadLibraryA
0x48e158 CloseHandle
0x48e15c CreateFileA
0x48e160 SetStdHandle
0x48e164 GetLocaleInfoW
0x48e168 WriteConsoleA
0x48e16c GetConsoleOutputCP
0x48e170 SetEndOfFile
0x48e174 GetProcessHeap
0x48e178 ReadFile
EAT(Export Address Table) Library
0x401645 @SetFirstVice@8
KERNEL32.dll
0x48e000 GetCommandLineW
0x48e004 GlobalDeleteAtom
0x48e008 GetLocaleInfoA
0x48e00c HeapAlloc
0x48e010 InterlockedDecrement
0x48e014 GetEnvironmentStringsW
0x48e018 GetUserDefaultLCID
0x48e01c AddConsoleAliasW
0x48e020 SetEvent
0x48e024 GetSystemTimeAsFileTime
0x48e028 GlobalAlloc
0x48e02c ReadFileScatter
0x48e030 LeaveCriticalSection
0x48e034 GetFileAttributesA
0x48e038 WriteConsoleW
0x48e03c CreateActCtxA
0x48e040 ReleaseSemaphore
0x48e044 FlushFileBuffers
0x48e048 GetProcAddress
0x48e04c VerLanguageNameA
0x48e050 GetProcessId
0x48e054 RemoveDirectoryW
0x48e058 EnumResourceTypesW
0x48e05c GetModuleFileNameA
0x48e060 DebugSetProcessKillOnExit
0x48e064 GetModuleHandleA
0x48e068 EraseTape
0x48e06c FindFirstVolumeA
0x48e070 EndUpdateResourceA
0x48e074 GetCurrentProcessId
0x48e078 FindNextVolumeA
0x48e07c lstrcpyA
0x48e080 InterlockedIncrement
0x48e084 Sleep
0x48e088 InitializeCriticalSection
0x48e08c DeleteCriticalSection
0x48e090 EnterCriticalSection
0x48e094 GetLastError
0x48e098 HeapFree
0x48e09c TerminateProcess
0x48e0a0 GetCurrentProcess
0x48e0a4 UnhandledExceptionFilter
0x48e0a8 SetUnhandledExceptionFilter
0x48e0ac IsDebuggerPresent
0x48e0b0 GetStartupInfoW
0x48e0b4 RtlUnwind
0x48e0b8 RaiseException
0x48e0bc LCMapStringA
0x48e0c0 WideCharToMultiByte
0x48e0c4 MultiByteToWideChar
0x48e0c8 LCMapStringW
0x48e0cc GetCPInfo
0x48e0d0 HeapCreate
0x48e0d4 VirtualFree
0x48e0d8 VirtualAlloc
0x48e0dc HeapReAlloc
0x48e0e0 GetModuleHandleW
0x48e0e4 ExitProcess
0x48e0e8 WriteFile
0x48e0ec GetStdHandle
0x48e0f0 TlsGetValue
0x48e0f4 TlsAlloc
0x48e0f8 TlsSetValue
0x48e0fc TlsFree
0x48e100 SetLastError
0x48e104 GetCurrentThreadId
0x48e108 SetHandleCount
0x48e10c GetFileType
0x48e110 GetStartupInfoA
0x48e114 SetFilePointer
0x48e118 GetModuleFileNameW
0x48e11c FreeEnvironmentStringsW
0x48e120 QueryPerformanceCounter
0x48e124 GetTickCount
0x48e128 HeapSize
0x48e12c GetACP
0x48e130 GetOEMCP
0x48e134 IsValidCodePage
0x48e138 EnumSystemLocalesA
0x48e13c IsValidLocale
0x48e140 GetStringTypeA
0x48e144 GetStringTypeW
0x48e148 GetConsoleCP
0x48e14c GetConsoleMode
0x48e150 InitializeCriticalSectionAndSpinCount
0x48e154 LoadLibraryA
0x48e158 CloseHandle
0x48e15c CreateFileA
0x48e160 SetStdHandle
0x48e164 GetLocaleInfoW
0x48e168 WriteConsoleA
0x48e16c GetConsoleOutputCP
0x48e170 SetEndOfFile
0x48e174 GetProcessHeap
0x48e178 ReadFile
EAT(Export Address Table) Library
0x401645 @SetFirstVice@8