ScreenShot
| Created | 2021.10.04 16:21 | Machine | s1_win7_x6401 |
| Filename | hofile.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 20 detected (malicious, high confidence, Unsafe, Save, confidence, 100%, Kryptik, Eldorado, Attribute, HighConfidence, score, Jaik, VirRansom, Static AI, Malicious PE, ai score=82, StopCrypt, Generic@ML, RDML, KjZMPWNEFFcuZzZPIhjHew, ZexaF, Hq0@aCxhExki) | ||
| md5 | d111824423a23721dc128900f359067a | ||
| sha256 | e1ed255245ed1a4380ffcdcf33d95873d110234601cce625305789bbf0695d84 | ||
| ssdeep | 12288:5cnmCXlQkA8Z20QQV0GyiZyU5mi428HMIc7wjr0zxp6L:56O78Z2iDXZyU5mi428HM7wf436L | ||
| imphash | ea6e9add4feec4142f4eaf80b256f47a | ||
| impfuzzy | 24:UokFQOovFPh71SFdED8SL7uJXOaV4wly1R+fjlntsMZ6LJ3NQuOZyvuTzZrnlejq:1AcPhwdJO2U+fRtsMZINsuuXZ7V | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 20 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x463000 HeapReAlloc
0x463004 GlobalDeleteAtom
0x463008 GetLocaleInfoA
0x46300c InterlockedIncrement
0x463010 GetQueuedCompletionStatus
0x463014 ReadConsoleA
0x463018 GetEnvironmentStringsW
0x46301c SetEvent
0x463020 GetCommandLineA
0x463024 CreateActCtxW
0x463028 GlobalAlloc
0x46302c CopyFileW
0x463030 FreeConsole
0x463034 LeaveCriticalSection
0x463038 HeapCreate
0x46303c FindNextVolumeW
0x463040 GetFileAttributesW
0x463044 GetModuleFileNameW
0x463048 lstrlenW
0x46304c SetConsoleTitleA
0x463050 FlushFileBuffers
0x463054 DeactivateActCtx
0x463058 InterlockedExchange
0x46305c GetProcAddress
0x463060 BeginUpdateResourceW
0x463064 RemoveDirectoryA
0x463068 VerLanguageNameW
0x46306c WriteConsoleA
0x463070 LocalAlloc
0x463074 SetConsoleWindowInfo
0x463078 GetTapeParameters
0x46307c SetEnvironmentVariableA
0x463080 SetConsoleTitleW
0x463084 GetModuleHandleA
0x463088 EraseTape
0x46308c VirtualProtect
0x463090 EndUpdateResourceA
0x463094 FindFirstVolumeW
0x463098 GetCurrentProcessId
0x46309c GetPrivateProfileSectionW
0x4630a0 FindNextVolumeA
0x4630a4 lstrcpyW
0x4630a8 CreateFileA
0x4630ac WideCharToMultiByte
0x4630b0 InterlockedDecrement
0x4630b4 InterlockedCompareExchange
0x4630b8 MultiByteToWideChar
0x4630bc Sleep
0x4630c0 InitializeCriticalSection
0x4630c4 DeleteCriticalSection
0x4630c8 EnterCriticalSection
0x4630cc GetLastError
0x4630d0 HeapFree
0x4630d4 TerminateProcess
0x4630d8 GetCurrentProcess
0x4630dc UnhandledExceptionFilter
0x4630e0 SetUnhandledExceptionFilter
0x4630e4 IsDebuggerPresent
0x4630e8 HeapAlloc
0x4630ec GetStartupInfoW
0x4630f0 GetCPInfo
0x4630f4 RtlUnwind
0x4630f8 RaiseException
0x4630fc LCMapStringW
0x463100 LCMapStringA
0x463104 GetStringTypeW
0x463108 VirtualFree
0x46310c VirtualAlloc
0x463110 GetModuleHandleW
0x463114 TlsGetValue
0x463118 TlsAlloc
0x46311c TlsSetValue
0x463120 TlsFree
0x463124 SetLastError
0x463128 GetCurrentThreadId
0x46312c SetFilePointer
0x463130 CloseHandle
0x463134 ExitProcess
0x463138 WriteFile
0x46313c GetStdHandle
0x463140 GetModuleFileNameA
0x463144 FreeEnvironmentStringsW
0x463148 GetCommandLineW
0x46314c SetHandleCount
0x463150 GetFileType
0x463154 GetStartupInfoA
0x463158 QueryPerformanceCounter
0x46315c GetTickCount
0x463160 GetSystemTimeAsFileTime
0x463164 GetStringTypeA
0x463168 HeapSize
0x46316c GetACP
0x463170 GetOEMCP
0x463174 IsValidCodePage
0x463178 GetUserDefaultLCID
0x46317c EnumSystemLocalesA
0x463180 IsValidLocale
0x463184 InitializeCriticalSectionAndSpinCount
0x463188 SetStdHandle
0x46318c GetConsoleCP
0x463190 GetConsoleMode
0x463194 LoadLibraryA
0x463198 GetLocaleInfoW
0x46319c GetConsoleOutputCP
0x4631a0 WriteConsoleW
EAT(Export Address Table) Library
0x401763 @GetFirstVice@8
KERNEL32.dll
0x463000 HeapReAlloc
0x463004 GlobalDeleteAtom
0x463008 GetLocaleInfoA
0x46300c InterlockedIncrement
0x463010 GetQueuedCompletionStatus
0x463014 ReadConsoleA
0x463018 GetEnvironmentStringsW
0x46301c SetEvent
0x463020 GetCommandLineA
0x463024 CreateActCtxW
0x463028 GlobalAlloc
0x46302c CopyFileW
0x463030 FreeConsole
0x463034 LeaveCriticalSection
0x463038 HeapCreate
0x46303c FindNextVolumeW
0x463040 GetFileAttributesW
0x463044 GetModuleFileNameW
0x463048 lstrlenW
0x46304c SetConsoleTitleA
0x463050 FlushFileBuffers
0x463054 DeactivateActCtx
0x463058 InterlockedExchange
0x46305c GetProcAddress
0x463060 BeginUpdateResourceW
0x463064 RemoveDirectoryA
0x463068 VerLanguageNameW
0x46306c WriteConsoleA
0x463070 LocalAlloc
0x463074 SetConsoleWindowInfo
0x463078 GetTapeParameters
0x46307c SetEnvironmentVariableA
0x463080 SetConsoleTitleW
0x463084 GetModuleHandleA
0x463088 EraseTape
0x46308c VirtualProtect
0x463090 EndUpdateResourceA
0x463094 FindFirstVolumeW
0x463098 GetCurrentProcessId
0x46309c GetPrivateProfileSectionW
0x4630a0 FindNextVolumeA
0x4630a4 lstrcpyW
0x4630a8 CreateFileA
0x4630ac WideCharToMultiByte
0x4630b0 InterlockedDecrement
0x4630b4 InterlockedCompareExchange
0x4630b8 MultiByteToWideChar
0x4630bc Sleep
0x4630c0 InitializeCriticalSection
0x4630c4 DeleteCriticalSection
0x4630c8 EnterCriticalSection
0x4630cc GetLastError
0x4630d0 HeapFree
0x4630d4 TerminateProcess
0x4630d8 GetCurrentProcess
0x4630dc UnhandledExceptionFilter
0x4630e0 SetUnhandledExceptionFilter
0x4630e4 IsDebuggerPresent
0x4630e8 HeapAlloc
0x4630ec GetStartupInfoW
0x4630f0 GetCPInfo
0x4630f4 RtlUnwind
0x4630f8 RaiseException
0x4630fc LCMapStringW
0x463100 LCMapStringA
0x463104 GetStringTypeW
0x463108 VirtualFree
0x46310c VirtualAlloc
0x463110 GetModuleHandleW
0x463114 TlsGetValue
0x463118 TlsAlloc
0x46311c TlsSetValue
0x463120 TlsFree
0x463124 SetLastError
0x463128 GetCurrentThreadId
0x46312c SetFilePointer
0x463130 CloseHandle
0x463134 ExitProcess
0x463138 WriteFile
0x46313c GetStdHandle
0x463140 GetModuleFileNameA
0x463144 FreeEnvironmentStringsW
0x463148 GetCommandLineW
0x46314c SetHandleCount
0x463150 GetFileType
0x463154 GetStartupInfoA
0x463158 QueryPerformanceCounter
0x46315c GetTickCount
0x463160 GetSystemTimeAsFileTime
0x463164 GetStringTypeA
0x463168 HeapSize
0x46316c GetACP
0x463170 GetOEMCP
0x463174 IsValidCodePage
0x463178 GetUserDefaultLCID
0x46317c EnumSystemLocalesA
0x463180 IsValidLocale
0x463184 InitializeCriticalSectionAndSpinCount
0x463188 SetStdHandle
0x46318c GetConsoleCP
0x463190 GetConsoleMode
0x463194 LoadLibraryA
0x463198 GetLocaleInfoW
0x46319c GetConsoleOutputCP
0x4631a0 WriteConsoleW
EAT(Export Address Table) Library
0x401763 @GetFirstVice@8