ScreenShot
| Created | 2021.10.05 17:59 | Machine | s1_win7_x6401 |
| Filename | esmallruby.png | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 27b1967b1a15a26dbdc9863068c44799 | ||
| sha256 | 171e6945126e6f5e427c4d7c79eb9993b03725ec9b2e38afd790ad1a192eb88a | ||
| ssdeep | 12288:S1RdEJFGqNkbHfowK7pzoutmIp57vDGr:S1RdEJFGqabHQNi8F5s | ||
| imphash | e38afb91bac491f7825e4d9386ac015b | ||
| impfuzzy | 96:G3mkEKJRRNX1+d3QTurGA7Rf+9wBphg+ISVsgO7cRcLY9xKUK:4RNFoQrAOwBphgvSVsgO7cRcEK | ||
Network IP location
Signature (14cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| warning | Generates some ICMP traffic |
| watch | Communicates with host for which no DNS query was performed |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a suspicious process |
| notice | One or more potentially interesting buffers were extracted |
| notice | Terminates another process |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable uses a known packer |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (6cnts) ?
Suricata ids
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x42d08c RtlUnwind
0x42d090 HeapFree
0x42d094 HeapAlloc
0x42d098 GetStartupInfoA
0x42d09c GetCommandLineA
0x42d0a0 RaiseException
0x42d0a4 CreateThread
0x42d0a8 ExitThread
0x42d0ac TerminateProcess
0x42d0b0 GetTimeZoneInformation
0x42d0b4 GetLocalTime
0x42d0b8 GetACP
0x42d0bc HeapSize
0x42d0c0 HeapReAlloc
0x42d0c4 HeapDestroy
0x42d0c8 HeapCreate
0x42d0cc VirtualFree
0x42d0d0 VirtualAlloc
0x42d0d4 IsBadWritePtr
0x42d0d8 LCMapStringW
0x42d0dc UnhandledExceptionFilter
0x42d0e0 FreeEnvironmentStringsA
0x42d0e4 FreeEnvironmentStringsW
0x42d0e8 GetEnvironmentStrings
0x42d0ec GetEnvironmentStringsW
0x42d0f0 SetHandleCount
0x42d0f4 GetStdHandle
0x42d0f8 GetFileType
0x42d0fc SetUnhandledExceptionFilter
0x42d100 GetStringTypeA
0x42d104 GetStringTypeW
0x42d108 IsBadReadPtr
0x42d10c IsBadCodePtr
0x42d110 SetStdHandle
0x42d114 CompareStringA
0x42d118 CompareStringW
0x42d11c SetEnvironmentVariableA
0x42d120 FlushFileBuffers
0x42d124 SetFilePointer
0x42d128 WriteFile
0x42d12c GetCurrentProcess
0x42d130 SetErrorMode
0x42d134 WritePrivateProfileStringA
0x42d138 GetOEMCP
0x42d13c GetCPInfo
0x42d140 GetProcessVersion
0x42d144 GlobalFlags
0x42d148 TlsGetValue
0x42d14c LocalReAlloc
0x42d150 TlsSetValue
0x42d154 GlobalReAlloc
0x42d158 TlsFree
0x42d15c GlobalHandle
0x42d160 TlsAlloc
0x42d164 LocalAlloc
0x42d168 lstrcpynA
0x42d16c MulDiv
0x42d170 SetLastError
0x42d174 GlobalAlloc
0x42d178 GlobalLock
0x42d17c GlobalUnlock
0x42d180 GlobalFree
0x42d184 GetModuleFileNameA
0x42d188 lstrcmpA
0x42d18c CreateEventA
0x42d190 SetThreadPriority
0x42d194 SetEvent
0x42d198 WaitForSingleObject
0x42d19c MultiByteToWideChar
0x42d1a0 WideCharToMultiByte
0x42d1a4 InitializeCriticalSection
0x42d1a8 lstrlenA
0x42d1ac InterlockedDecrement
0x42d1b0 InterlockedIncrement
0x42d1b4 LoadLibraryA
0x42d1b8 FreeLibrary
0x42d1bc FindResourceA
0x42d1c0 LoadResource
0x42d1c4 LockResource
0x42d1c8 GetVersion
0x42d1cc lstrcatA
0x42d1d0 GlobalGetAtomNameA
0x42d1d4 lstrcmpiA
0x42d1d8 GlobalAddAtomA
0x42d1dc GlobalFindAtomA
0x42d1e0 GlobalDeleteAtom
0x42d1e4 GetModuleHandleA
0x42d1e8 GetProcAddress
0x42d1ec LoadLibraryW
0x42d1f0 ExitProcess
0x42d1f4 QueryPerformanceCounter
0x42d1f8 lstrcpyA
0x42d1fc GetCurrentProcessId
0x42d200 GetSystemTime
0x42d204 SystemTimeToFileTime
0x42d208 GetTickCount
0x42d20c GlobalMemoryStatus
0x42d210 GetCurrentThreadId
0x42d214 SuspendThread
0x42d218 GetCurrentThread
0x42d21c ResumeThread
0x42d220 Sleep
0x42d224 FormatMessageA
0x42d228 LocalFree
0x42d22c GetExitCodeThread
0x42d230 CloseHandle
0x42d234 PostQueuedCompletionStatus
0x42d238 GetQueuedCompletionStatus
0x42d23c GetLastError
0x42d240 CancelIo
0x42d244 CreateIoCompletionPort
0x42d248 LeaveCriticalSection
0x42d24c EnterCriticalSection
0x42d250 DeleteCriticalSection
0x42d254 LCMapStringA
USER32.dll
0x42d25c LoadBitmapA
0x42d260 GetMenuCheckMarkDimensions
0x42d264 GetCursorPos
0x42d268 ValidateRect
0x42d26c GetActiveWindow
0x42d270 TranslateMessage
0x42d274 GetMessageA
0x42d278 ReleaseDC
0x42d27c GetDC
0x42d280 CreateDialogIndirectParamA
0x42d284 EndDialog
0x42d288 wvsprintfA
0x42d28c PostQuitMessage
0x42d290 SetCursor
0x42d294 ClientToScreen
0x42d298 BeginPaint
0x42d29c EndPaint
0x42d2a0 TabbedTextOutA
0x42d2a4 DrawTextA
0x42d2a8 GrayStringA
0x42d2ac GetClassNameA
0x42d2b0 PtInRect
0x42d2b4 LoadCursorA
0x42d2b8 GetSysColorBrush
0x42d2bc DestroyMenu
0x42d2c0 LoadStringA
0x42d2c4 GetNextDlgTabItem
0x42d2c8 IsWindowEnabled
0x42d2cc ShowWindow
0x42d2d0 MoveWindow
0x42d2d4 SetWindowTextA
0x42d2d8 IsDialogMessageA
0x42d2dc UpdateWindow
0x42d2e0 SendDlgItemMessageA
0x42d2e4 MapWindowPoints
0x42d2e8 GetSysColor
0x42d2ec PeekMessageA
0x42d2f0 GetMenuState
0x42d2f4 GetFocus
0x42d2f8 SetActiveWindow
0x42d2fc IsWindow
0x42d300 SetFocus
0x42d304 AdjustWindowRectEx
0x42d308 ScreenToClient
0x42d30c CopyRect
0x42d310 IsWindowVisible
0x42d314 GetTopWindow
0x42d318 MessageBoxA
0x42d31c GetParent
0x42d320 WinHelpA
0x42d324 wsprintfA
0x42d328 GetClassInfoA
0x42d32c RegisterClassA
0x42d330 GetMenu
0x42d334 GetMenuItemCount
0x42d338 GetSubMenu
0x42d33c GetMenuItemID
0x42d340 GetDlgItem
0x42d344 GetWindowTextLengthA
0x42d348 GetWindowTextA
0x42d34c GetDlgCtrlID
0x42d350 GetKeyState
0x42d354 DefWindowProcA
0x42d358 DestroyWindow
0x42d35c CreateWindowExA
0x42d360 SetWindowsHookExA
0x42d364 CallNextHookEx
0x42d368 GetClassLongA
0x42d36c SetPropA
0x42d370 UnhookWindowsHookEx
0x42d374 GetPropA
0x42d378 CallWindowProcA
0x42d37c RemovePropA
0x42d380 GetMessageTime
0x42d384 GetMessagePos
0x42d388 GetLastActivePopup
0x42d38c GetForegroundWindow
0x42d390 SetForegroundWindow
0x42d394 GetWindow
0x42d398 GetWindowLongA
0x42d39c SetWindowLongA
0x42d3a0 SetWindowPos
0x42d3a4 RegisterWindowMessageA
0x42d3a8 SystemParametersInfoA
0x42d3ac GetWindowPlacement
0x42d3b0 PostMessageA
0x42d3b4 KillTimer
0x42d3b8 IsIconic
0x42d3bc GetSystemMetrics
0x42d3c0 DrawIcon
0x42d3c4 GetWindowRect
0x42d3c8 SetTimer
0x42d3cc LoadIconA
0x42d3d0 ModifyMenuA
0x42d3d4 SetMenuItemBitmaps
0x42d3d8 CheckMenuItem
0x42d3dc DispatchMessageA
0x42d3e0 EnableMenuItem
0x42d3e4 GetClientRect
0x42d3e8 SendMessageA
0x42d3ec EnableWindow
0x42d3f0 GetCapture
0x42d3f4 UnregisterClassA
GDI32.dll
0x42d028 SetViewportOrgEx
0x42d02c OffsetViewportOrgEx
0x42d030 SetViewportExtEx
0x42d034 ScaleViewportExtEx
0x42d038 SetWindowExtEx
0x42d03c ScaleWindowExtEx
0x42d040 DeleteObject
0x42d044 SetMapMode
0x42d048 GetDeviceCaps
0x42d04c PtVisible
0x42d050 RectVisible
0x42d054 TextOutA
0x42d058 ExtTextOutA
0x42d05c Escape
0x42d060 GetStockObject
0x42d064 SelectObject
0x42d068 RestoreDC
0x42d06c SaveDC
0x42d070 DeleteDC
0x42d074 CreateBitmap
0x42d078 GetObjectA
0x42d07c SetBkColor
0x42d080 SetTextColor
0x42d084 GetClipBox
WINSPOOL.DRV
0x42d40c ClosePrinter
0x42d410 DocumentPropertiesA
0x42d414 OpenPrinterA
ADVAPI32.dll
0x42d000 RegSetValueExA
0x42d004 RegCloseKey
0x42d008 RegOpenKeyExA
0x42d00c RegCreateKeyExA
COMCTL32.dll
0x42d014 ImageList_Destroy
0x42d018 None
0x42d01c ImageList_Create
0x42d020 ImageList_LoadImageA
WS2_32.dll
0x42d41c WSAGetLastError
0x42d420 socket
0x42d424 WSAAccept
0x42d428 WSAEnumNetworkEvents
0x42d42c WSAWaitForMultipleEvents
0x42d430 setsockopt
0x42d434 WSARecv
0x42d438 WSASend
0x42d43c closesocket
0x42d440 getpeername
0x42d444 WSACloseEvent
0x42d448 listen
0x42d44c ind
0x42d450 htons
0x42d454 WSAEventSelect
0x42d458 WSACreateEvent
0x42d45c WSASocketA
0x42d460 gethostbyname
0x42d464 WSACleanup
0x42d468 WSAStartup
0x42d46c inet_ntoa
WINMM.dll
0x42d3fc timeGetTime
0x42d400 timeBeginPeriod
0x42d404 timeEndPeriod
EAT(Export Address Table) is none
KERNEL32.dll
0x42d08c RtlUnwind
0x42d090 HeapFree
0x42d094 HeapAlloc
0x42d098 GetStartupInfoA
0x42d09c GetCommandLineA
0x42d0a0 RaiseException
0x42d0a4 CreateThread
0x42d0a8 ExitThread
0x42d0ac TerminateProcess
0x42d0b0 GetTimeZoneInformation
0x42d0b4 GetLocalTime
0x42d0b8 GetACP
0x42d0bc HeapSize
0x42d0c0 HeapReAlloc
0x42d0c4 HeapDestroy
0x42d0c8 HeapCreate
0x42d0cc VirtualFree
0x42d0d0 VirtualAlloc
0x42d0d4 IsBadWritePtr
0x42d0d8 LCMapStringW
0x42d0dc UnhandledExceptionFilter
0x42d0e0 FreeEnvironmentStringsA
0x42d0e4 FreeEnvironmentStringsW
0x42d0e8 GetEnvironmentStrings
0x42d0ec GetEnvironmentStringsW
0x42d0f0 SetHandleCount
0x42d0f4 GetStdHandle
0x42d0f8 GetFileType
0x42d0fc SetUnhandledExceptionFilter
0x42d100 GetStringTypeA
0x42d104 GetStringTypeW
0x42d108 IsBadReadPtr
0x42d10c IsBadCodePtr
0x42d110 SetStdHandle
0x42d114 CompareStringA
0x42d118 CompareStringW
0x42d11c SetEnvironmentVariableA
0x42d120 FlushFileBuffers
0x42d124 SetFilePointer
0x42d128 WriteFile
0x42d12c GetCurrentProcess
0x42d130 SetErrorMode
0x42d134 WritePrivateProfileStringA
0x42d138 GetOEMCP
0x42d13c GetCPInfo
0x42d140 GetProcessVersion
0x42d144 GlobalFlags
0x42d148 TlsGetValue
0x42d14c LocalReAlloc
0x42d150 TlsSetValue
0x42d154 GlobalReAlloc
0x42d158 TlsFree
0x42d15c GlobalHandle
0x42d160 TlsAlloc
0x42d164 LocalAlloc
0x42d168 lstrcpynA
0x42d16c MulDiv
0x42d170 SetLastError
0x42d174 GlobalAlloc
0x42d178 GlobalLock
0x42d17c GlobalUnlock
0x42d180 GlobalFree
0x42d184 GetModuleFileNameA
0x42d188 lstrcmpA
0x42d18c CreateEventA
0x42d190 SetThreadPriority
0x42d194 SetEvent
0x42d198 WaitForSingleObject
0x42d19c MultiByteToWideChar
0x42d1a0 WideCharToMultiByte
0x42d1a4 InitializeCriticalSection
0x42d1a8 lstrlenA
0x42d1ac InterlockedDecrement
0x42d1b0 InterlockedIncrement
0x42d1b4 LoadLibraryA
0x42d1b8 FreeLibrary
0x42d1bc FindResourceA
0x42d1c0 LoadResource
0x42d1c4 LockResource
0x42d1c8 GetVersion
0x42d1cc lstrcatA
0x42d1d0 GlobalGetAtomNameA
0x42d1d4 lstrcmpiA
0x42d1d8 GlobalAddAtomA
0x42d1dc GlobalFindAtomA
0x42d1e0 GlobalDeleteAtom
0x42d1e4 GetModuleHandleA
0x42d1e8 GetProcAddress
0x42d1ec LoadLibraryW
0x42d1f0 ExitProcess
0x42d1f4 QueryPerformanceCounter
0x42d1f8 lstrcpyA
0x42d1fc GetCurrentProcessId
0x42d200 GetSystemTime
0x42d204 SystemTimeToFileTime
0x42d208 GetTickCount
0x42d20c GlobalMemoryStatus
0x42d210 GetCurrentThreadId
0x42d214 SuspendThread
0x42d218 GetCurrentThread
0x42d21c ResumeThread
0x42d220 Sleep
0x42d224 FormatMessageA
0x42d228 LocalFree
0x42d22c GetExitCodeThread
0x42d230 CloseHandle
0x42d234 PostQueuedCompletionStatus
0x42d238 GetQueuedCompletionStatus
0x42d23c GetLastError
0x42d240 CancelIo
0x42d244 CreateIoCompletionPort
0x42d248 LeaveCriticalSection
0x42d24c EnterCriticalSection
0x42d250 DeleteCriticalSection
0x42d254 LCMapStringA
USER32.dll
0x42d25c LoadBitmapA
0x42d260 GetMenuCheckMarkDimensions
0x42d264 GetCursorPos
0x42d268 ValidateRect
0x42d26c GetActiveWindow
0x42d270 TranslateMessage
0x42d274 GetMessageA
0x42d278 ReleaseDC
0x42d27c GetDC
0x42d280 CreateDialogIndirectParamA
0x42d284 EndDialog
0x42d288 wvsprintfA
0x42d28c PostQuitMessage
0x42d290 SetCursor
0x42d294 ClientToScreen
0x42d298 BeginPaint
0x42d29c EndPaint
0x42d2a0 TabbedTextOutA
0x42d2a4 DrawTextA
0x42d2a8 GrayStringA
0x42d2ac GetClassNameA
0x42d2b0 PtInRect
0x42d2b4 LoadCursorA
0x42d2b8 GetSysColorBrush
0x42d2bc DestroyMenu
0x42d2c0 LoadStringA
0x42d2c4 GetNextDlgTabItem
0x42d2c8 IsWindowEnabled
0x42d2cc ShowWindow
0x42d2d0 MoveWindow
0x42d2d4 SetWindowTextA
0x42d2d8 IsDialogMessageA
0x42d2dc UpdateWindow
0x42d2e0 SendDlgItemMessageA
0x42d2e4 MapWindowPoints
0x42d2e8 GetSysColor
0x42d2ec PeekMessageA
0x42d2f0 GetMenuState
0x42d2f4 GetFocus
0x42d2f8 SetActiveWindow
0x42d2fc IsWindow
0x42d300 SetFocus
0x42d304 AdjustWindowRectEx
0x42d308 ScreenToClient
0x42d30c CopyRect
0x42d310 IsWindowVisible
0x42d314 GetTopWindow
0x42d318 MessageBoxA
0x42d31c GetParent
0x42d320 WinHelpA
0x42d324 wsprintfA
0x42d328 GetClassInfoA
0x42d32c RegisterClassA
0x42d330 GetMenu
0x42d334 GetMenuItemCount
0x42d338 GetSubMenu
0x42d33c GetMenuItemID
0x42d340 GetDlgItem
0x42d344 GetWindowTextLengthA
0x42d348 GetWindowTextA
0x42d34c GetDlgCtrlID
0x42d350 GetKeyState
0x42d354 DefWindowProcA
0x42d358 DestroyWindow
0x42d35c CreateWindowExA
0x42d360 SetWindowsHookExA
0x42d364 CallNextHookEx
0x42d368 GetClassLongA
0x42d36c SetPropA
0x42d370 UnhookWindowsHookEx
0x42d374 GetPropA
0x42d378 CallWindowProcA
0x42d37c RemovePropA
0x42d380 GetMessageTime
0x42d384 GetMessagePos
0x42d388 GetLastActivePopup
0x42d38c GetForegroundWindow
0x42d390 SetForegroundWindow
0x42d394 GetWindow
0x42d398 GetWindowLongA
0x42d39c SetWindowLongA
0x42d3a0 SetWindowPos
0x42d3a4 RegisterWindowMessageA
0x42d3a8 SystemParametersInfoA
0x42d3ac GetWindowPlacement
0x42d3b0 PostMessageA
0x42d3b4 KillTimer
0x42d3b8 IsIconic
0x42d3bc GetSystemMetrics
0x42d3c0 DrawIcon
0x42d3c4 GetWindowRect
0x42d3c8 SetTimer
0x42d3cc LoadIconA
0x42d3d0 ModifyMenuA
0x42d3d4 SetMenuItemBitmaps
0x42d3d8 CheckMenuItem
0x42d3dc DispatchMessageA
0x42d3e0 EnableMenuItem
0x42d3e4 GetClientRect
0x42d3e8 SendMessageA
0x42d3ec EnableWindow
0x42d3f0 GetCapture
0x42d3f4 UnregisterClassA
GDI32.dll
0x42d028 SetViewportOrgEx
0x42d02c OffsetViewportOrgEx
0x42d030 SetViewportExtEx
0x42d034 ScaleViewportExtEx
0x42d038 SetWindowExtEx
0x42d03c ScaleWindowExtEx
0x42d040 DeleteObject
0x42d044 SetMapMode
0x42d048 GetDeviceCaps
0x42d04c PtVisible
0x42d050 RectVisible
0x42d054 TextOutA
0x42d058 ExtTextOutA
0x42d05c Escape
0x42d060 GetStockObject
0x42d064 SelectObject
0x42d068 RestoreDC
0x42d06c SaveDC
0x42d070 DeleteDC
0x42d074 CreateBitmap
0x42d078 GetObjectA
0x42d07c SetBkColor
0x42d080 SetTextColor
0x42d084 GetClipBox
WINSPOOL.DRV
0x42d40c ClosePrinter
0x42d410 DocumentPropertiesA
0x42d414 OpenPrinterA
ADVAPI32.dll
0x42d000 RegSetValueExA
0x42d004 RegCloseKey
0x42d008 RegOpenKeyExA
0x42d00c RegCreateKeyExA
COMCTL32.dll
0x42d014 ImageList_Destroy
0x42d018 None
0x42d01c ImageList_Create
0x42d020 ImageList_LoadImageA
WS2_32.dll
0x42d41c WSAGetLastError
0x42d420 socket
0x42d424 WSAAccept
0x42d428 WSAEnumNetworkEvents
0x42d42c WSAWaitForMultipleEvents
0x42d430 setsockopt
0x42d434 WSARecv
0x42d438 WSASend
0x42d43c closesocket
0x42d440 getpeername
0x42d444 WSACloseEvent
0x42d448 listen
0x42d44c ind
0x42d450 htons
0x42d454 WSAEventSelect
0x42d458 WSACreateEvent
0x42d45c WSASocketA
0x42d460 gethostbyname
0x42d464 WSACleanup
0x42d468 WSAStartup
0x42d46c inet_ntoa
WINMM.dll
0x42d3fc timeGetTime
0x42d400 timeBeginPeriod
0x42d404 timeEndPeriod
EAT(Export Address Table) is none