ScreenShot
| Created | 2021.10.06 13:28 | Machine | s1_win7_x6401 |
| Filename | 946792219.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 47 detected (Stop, malicious, high confidence, GenericKDZ, Unsafe, Save, Tnega, ZexaF, ruW@aeX, VYpO, Eldorado, Attribute, HighConfidence, Kryptik, HMRR, PWSX, Static AI, Malicious PE, Amadey, rzjqn, ai score=83, kcloud, score, MalPe, R443566, BScope, CLASSIC, HMRM, GdSda, confidence, 100%) | ||
| md5 | 61f9521aba6003796e3e2544dfdb2596 | ||
| sha256 | ba9fb85fdf253d76f2e1b1ae1e96b45ffb31ac9f8b7d7b4375e1616a0f4f2137 | ||
| ssdeep | 3072:+M2fuoyOUQmS5v/nt6KjuJaKEbxPTQZOs3rU0vyboxILrA8Jzk6ZJsxLsDx2hhKt:+MMuF3Q75HgIINaky/ZALgyUjZVL | ||
| imphash | 69d02296fd41d5fbc6c18775cf2c5cb0 | ||
| impfuzzy | 48:CksbdaOqIJdLXpdbhF0OtxtOQAcPK9La5cx7M:mbzJdLXpZhF0extOQAcPQO5cx7M | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 47 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41a000 GetCommandLineW
0x41a004 GetThreadContext
0x41a008 SearchPathW
0x41a00c lstrlenA
0x41a010 FreeLibrary
0x41a014 InterlockedIncrement
0x41a018 GetQueuedCompletionStatus
0x41a01c GetCommState
0x41a020 GetProfileStringW
0x41a024 CallNamedPipeW
0x41a028 FreeEnvironmentStringsA
0x41a02c GetNumberFormatA
0x41a030 CreateActCtxW
0x41a034 FindResourceExA
0x41a038 GlobalAlloc
0x41a03c GetPrivateProfileIntA
0x41a040 GetSystemDirectoryW
0x41a044 SetFileShortNameW
0x41a048 GetVolumeInformationA
0x41a04c LoadLibraryW
0x41a050 GetSystemWow64DirectoryW
0x41a054 GetSystemWindowsDirectoryA
0x41a058 HeapDestroy
0x41a05c GetBinaryTypeA
0x41a060 GetCompressedFileSizeA
0x41a064 GetStartupInfoW
0x41a068 LCMapStringA
0x41a06c GetPrivateProfileIntW
0x41a070 SetThreadLocale
0x41a074 GetStdHandle
0x41a078 GetLastError
0x41a07c SetLastError
0x41a080 GetProcAddress
0x41a084 CreateNamedPipeA
0x41a088 LoadLibraryA
0x41a08c CreateSemaphoreW
0x41a090 FindAtomA
0x41a094 GetModuleFileNameA
0x41a098 FindNextFileA
0x41a09c CreateIoCompletionPort
0x41a0a0 FindFirstChangeNotificationA
0x41a0a4 HeapSetInformation
0x41a0a8 FreeEnvironmentStringsW
0x41a0ac GetCurrentDirectoryA
0x41a0b0 GetCPInfoExA
0x41a0b4 TerminateJobObject
0x41a0b8 FindAtomW
0x41a0bc UnregisterWaitEx
0x41a0c0 GetSystemTime
0x41a0c4 CopyFileExA
0x41a0c8 DeleteFileA
0x41a0cc CloseHandle
0x41a0d0 CreateFileW
0x41a0d4 InterlockedDecrement
0x41a0d8 DecodePointer
0x41a0dc GetModuleHandleW
0x41a0e0 ExitProcess
0x41a0e4 TerminateProcess
0x41a0e8 GetCurrentProcess
0x41a0ec UnhandledExceptionFilter
0x41a0f0 SetUnhandledExceptionFilter
0x41a0f4 IsDebuggerPresent
0x41a0f8 EncodePointer
0x41a0fc GetModuleFileNameW
0x41a100 WriteFile
0x41a104 RtlUnwind
0x41a108 GetACP
0x41a10c GetOEMCP
0x41a110 GetCPInfo
0x41a114 IsValidCodePage
0x41a118 TlsAlloc
0x41a11c TlsGetValue
0x41a120 TlsSetValue
0x41a124 GetCurrentThreadId
0x41a128 TlsFree
0x41a12c QueryPerformanceCounter
0x41a130 GetTickCount
0x41a134 GetCurrentProcessId
0x41a138 GetSystemTimeAsFileTime
0x41a13c GetEnvironmentStringsW
0x41a140 SetHandleCount
0x41a144 InitializeCriticalSectionAndSpinCount
0x41a148 GetFileType
0x41a14c DeleteCriticalSection
0x41a150 HeapValidate
0x41a154 IsBadReadPtr
0x41a158 HeapCreate
0x41a15c EnterCriticalSection
0x41a160 LeaveCriticalSection
0x41a164 SetFilePointer
0x41a168 WideCharToMultiByte
0x41a16c GetConsoleCP
0x41a170 GetConsoleMode
0x41a174 OutputDebugStringA
0x41a178 WriteConsoleW
0x41a17c OutputDebugStringW
0x41a180 GetStringTypeW
0x41a184 MultiByteToWideChar
0x41a188 LCMapStringW
0x41a18c HeapAlloc
0x41a190 HeapReAlloc
0x41a194 HeapSize
0x41a198 HeapQueryInformation
0x41a19c HeapFree
0x41a1a0 IsProcessorFeaturePresent
0x41a1a4 SetStdHandle
0x41a1a8 RaiseException
0x41a1ac FlushFileBuffers
WINHTTP.dll
0x41a1b4 WinHttpOpen
EAT(Export Address Table) is none
KERNEL32.dll
0x41a000 GetCommandLineW
0x41a004 GetThreadContext
0x41a008 SearchPathW
0x41a00c lstrlenA
0x41a010 FreeLibrary
0x41a014 InterlockedIncrement
0x41a018 GetQueuedCompletionStatus
0x41a01c GetCommState
0x41a020 GetProfileStringW
0x41a024 CallNamedPipeW
0x41a028 FreeEnvironmentStringsA
0x41a02c GetNumberFormatA
0x41a030 CreateActCtxW
0x41a034 FindResourceExA
0x41a038 GlobalAlloc
0x41a03c GetPrivateProfileIntA
0x41a040 GetSystemDirectoryW
0x41a044 SetFileShortNameW
0x41a048 GetVolumeInformationA
0x41a04c LoadLibraryW
0x41a050 GetSystemWow64DirectoryW
0x41a054 GetSystemWindowsDirectoryA
0x41a058 HeapDestroy
0x41a05c GetBinaryTypeA
0x41a060 GetCompressedFileSizeA
0x41a064 GetStartupInfoW
0x41a068 LCMapStringA
0x41a06c GetPrivateProfileIntW
0x41a070 SetThreadLocale
0x41a074 GetStdHandle
0x41a078 GetLastError
0x41a07c SetLastError
0x41a080 GetProcAddress
0x41a084 CreateNamedPipeA
0x41a088 LoadLibraryA
0x41a08c CreateSemaphoreW
0x41a090 FindAtomA
0x41a094 GetModuleFileNameA
0x41a098 FindNextFileA
0x41a09c CreateIoCompletionPort
0x41a0a0 FindFirstChangeNotificationA
0x41a0a4 HeapSetInformation
0x41a0a8 FreeEnvironmentStringsW
0x41a0ac GetCurrentDirectoryA
0x41a0b0 GetCPInfoExA
0x41a0b4 TerminateJobObject
0x41a0b8 FindAtomW
0x41a0bc UnregisterWaitEx
0x41a0c0 GetSystemTime
0x41a0c4 CopyFileExA
0x41a0c8 DeleteFileA
0x41a0cc CloseHandle
0x41a0d0 CreateFileW
0x41a0d4 InterlockedDecrement
0x41a0d8 DecodePointer
0x41a0dc GetModuleHandleW
0x41a0e0 ExitProcess
0x41a0e4 TerminateProcess
0x41a0e8 GetCurrentProcess
0x41a0ec UnhandledExceptionFilter
0x41a0f0 SetUnhandledExceptionFilter
0x41a0f4 IsDebuggerPresent
0x41a0f8 EncodePointer
0x41a0fc GetModuleFileNameW
0x41a100 WriteFile
0x41a104 RtlUnwind
0x41a108 GetACP
0x41a10c GetOEMCP
0x41a110 GetCPInfo
0x41a114 IsValidCodePage
0x41a118 TlsAlloc
0x41a11c TlsGetValue
0x41a120 TlsSetValue
0x41a124 GetCurrentThreadId
0x41a128 TlsFree
0x41a12c QueryPerformanceCounter
0x41a130 GetTickCount
0x41a134 GetCurrentProcessId
0x41a138 GetSystemTimeAsFileTime
0x41a13c GetEnvironmentStringsW
0x41a140 SetHandleCount
0x41a144 InitializeCriticalSectionAndSpinCount
0x41a148 GetFileType
0x41a14c DeleteCriticalSection
0x41a150 HeapValidate
0x41a154 IsBadReadPtr
0x41a158 HeapCreate
0x41a15c EnterCriticalSection
0x41a160 LeaveCriticalSection
0x41a164 SetFilePointer
0x41a168 WideCharToMultiByte
0x41a16c GetConsoleCP
0x41a170 GetConsoleMode
0x41a174 OutputDebugStringA
0x41a178 WriteConsoleW
0x41a17c OutputDebugStringW
0x41a180 GetStringTypeW
0x41a184 MultiByteToWideChar
0x41a188 LCMapStringW
0x41a18c HeapAlloc
0x41a190 HeapReAlloc
0x41a194 HeapSize
0x41a198 HeapQueryInformation
0x41a19c HeapFree
0x41a1a0 IsProcessorFeaturePresent
0x41a1a4 SetStdHandle
0x41a1a8 RaiseException
0x41a1ac FlushFileBuffers
WINHTTP.dll
0x41a1b4 WinHttpOpen
EAT(Export Address Table) is none