ScreenShot
| Created | 2021.10.06 13:35 | Machine | s1_win7_x6401 |
| Filename | 1371356488.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 51 detected (malicious, high confidence, GenericKDZ, Unsafe, Save, Glupteba, ZexaF, wu0@a0hgfJjO, Kryptik, Eldorado, Attribute, HighConfidence, HMOS, RansomX, Tafs, Siggen15, Score, RedLineSteal, wwqid, ai score=81, kcloud, StopCrypt, 1HKIOEM, MalPE, R442437, Azorult, R002C0DIO21, CLASSIC, Static AI, Malicious PE, HMOO, GdSda, confidence, 100%) | ||
| md5 | 5bec43789401e42ce38a1125f88c7b69 | ||
| sha256 | 51d53ea96cef125f782633f97ae3e7bfaa19c50aeed07186ce85f0b09e7f4446 | ||
| ssdeep | 6144:n6gO5PkQbQcsTbeShgVzHSPoPvn9kdgItv160TGKX5e:n6gO5PkQbCbUV+PYvn9qjjp | ||
| imphash | 077da89a12148c6ee034067c75e2bb0f | ||
| impfuzzy | 48:tXEDjODyh6dW03QvFXYGTOQa/ztfV8hK9g7IrX:tXZi2x3QvFXYCa/ztfV8hQg7IrX | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41a000 SetThreadContext
0x41a004 SetLocalTime
0x41a008 GetConsoleAliasExesLengthA
0x41a00c DeleteVolumeMountPointA
0x41a010 InterlockedIncrement
0x41a014 GetQueuedCompletionStatus
0x41a018 UnlockFile
0x41a01c SetEvent
0x41a020 CallNamedPipeW
0x41a024 FreeEnvironmentStringsA
0x41a028 GetModuleHandleW
0x41a02c CreateNamedPipeW
0x41a030 GetConsoleAliasesLengthA
0x41a034 SetCommState
0x41a038 GetCommandLineA
0x41a03c GetPrivateProfileIntA
0x41a040 GetSystemDirectoryW
0x41a044 HeapDestroy
0x41a048 CreateSemaphoreA
0x41a04c TerminateProcess
0x41a050 FileTimeToSystemTime
0x41a054 lstrlenW
0x41a058 GetStartupInfoW
0x41a05c LCMapStringA
0x41a060 InterlockedExchange
0x41a064 FreeLibraryAndExitThread
0x41a068 OpenMutexW
0x41a06c GetLastError
0x41a070 GetCurrentDirectoryW
0x41a074 GetProcAddress
0x41a078 SetStdHandle
0x41a07c EnterCriticalSection
0x41a080 LoadLibraryA
0x41a084 LocalAlloc
0x41a088 WritePrivateProfileStringA
0x41a08c GetNumberFormatW
0x41a090 GetProfileStringA
0x41a094 SetThreadIdealProcessor
0x41a098 HeapWalk
0x41a09c FindAtomA
0x41a0a0 GlobalWire
0x41a0a4 GetModuleFileNameA
0x41a0a8 FindFirstChangeNotificationA
0x41a0ac FreeEnvironmentStringsW
0x41a0b0 FindNextFileW
0x41a0b4 WriteProfileStringW
0x41a0b8 GetCPInfoExA
0x41a0bc SetFileShortNameA
0x41a0c0 TlsAlloc
0x41a0c4 EnumResourceLanguagesW
0x41a0c8 GetSystemTime
0x41a0cc CopyFileExA
0x41a0d0 DeleteFileA
0x41a0d4 GetVolumeInformationW
0x41a0d8 FlushFileBuffers
0x41a0dc CloseHandle
0x41a0e0 MoveFileA
0x41a0e4 EncodePointer
0x41a0e8 DecodePointer
0x41a0ec HeapSetInformation
0x41a0f0 HeapValidate
0x41a0f4 IsBadReadPtr
0x41a0f8 InterlockedDecrement
0x41a0fc ExitProcess
0x41a100 GetCurrentProcess
0x41a104 UnhandledExceptionFilter
0x41a108 SetUnhandledExceptionFilter
0x41a10c IsDebuggerPresent
0x41a110 GetModuleFileNameW
0x41a114 QueryPerformanceCounter
0x41a118 GetTickCount
0x41a11c GetCurrentThreadId
0x41a120 GetCurrentProcessId
0x41a124 GetSystemTimeAsFileTime
0x41a128 WideCharToMultiByte
0x41a12c GetEnvironmentStringsW
0x41a130 SetHandleCount
0x41a134 GetStdHandle
0x41a138 InitializeCriticalSectionAndSpinCount
0x41a13c GetFileType
0x41a140 DeleteCriticalSection
0x41a144 TlsGetValue
0x41a148 TlsSetValue
0x41a14c TlsFree
0x41a150 SetLastError
0x41a154 HeapCreate
0x41a158 WriteFile
0x41a15c LeaveCriticalSection
0x41a160 HeapAlloc
0x41a164 HeapReAlloc
0x41a168 HeapSize
0x41a16c HeapQueryInformation
0x41a170 HeapFree
0x41a174 GetACP
0x41a178 GetOEMCP
0x41a17c GetCPInfo
0x41a180 IsValidCodePage
0x41a184 LoadLibraryW
0x41a188 RtlUnwind
0x41a18c SetFilePointer
0x41a190 GetConsoleCP
0x41a194 GetConsoleMode
0x41a198 OutputDebugStringA
0x41a19c WriteConsoleW
0x41a1a0 OutputDebugStringW
0x41a1a4 MultiByteToWideChar
0x41a1a8 IsProcessorFeaturePresent
0x41a1ac LCMapStringW
0x41a1b0 GetStringTypeW
0x41a1b4 CreateFileW
0x41a1b8 RaiseException
WINHTTP.dll
0x41a1c0 WinHttpOpen
EAT(Export Address Table) is none
KERNEL32.dll
0x41a000 SetThreadContext
0x41a004 SetLocalTime
0x41a008 GetConsoleAliasExesLengthA
0x41a00c DeleteVolumeMountPointA
0x41a010 InterlockedIncrement
0x41a014 GetQueuedCompletionStatus
0x41a018 UnlockFile
0x41a01c SetEvent
0x41a020 CallNamedPipeW
0x41a024 FreeEnvironmentStringsA
0x41a028 GetModuleHandleW
0x41a02c CreateNamedPipeW
0x41a030 GetConsoleAliasesLengthA
0x41a034 SetCommState
0x41a038 GetCommandLineA
0x41a03c GetPrivateProfileIntA
0x41a040 GetSystemDirectoryW
0x41a044 HeapDestroy
0x41a048 CreateSemaphoreA
0x41a04c TerminateProcess
0x41a050 FileTimeToSystemTime
0x41a054 lstrlenW
0x41a058 GetStartupInfoW
0x41a05c LCMapStringA
0x41a060 InterlockedExchange
0x41a064 FreeLibraryAndExitThread
0x41a068 OpenMutexW
0x41a06c GetLastError
0x41a070 GetCurrentDirectoryW
0x41a074 GetProcAddress
0x41a078 SetStdHandle
0x41a07c EnterCriticalSection
0x41a080 LoadLibraryA
0x41a084 LocalAlloc
0x41a088 WritePrivateProfileStringA
0x41a08c GetNumberFormatW
0x41a090 GetProfileStringA
0x41a094 SetThreadIdealProcessor
0x41a098 HeapWalk
0x41a09c FindAtomA
0x41a0a0 GlobalWire
0x41a0a4 GetModuleFileNameA
0x41a0a8 FindFirstChangeNotificationA
0x41a0ac FreeEnvironmentStringsW
0x41a0b0 FindNextFileW
0x41a0b4 WriteProfileStringW
0x41a0b8 GetCPInfoExA
0x41a0bc SetFileShortNameA
0x41a0c0 TlsAlloc
0x41a0c4 EnumResourceLanguagesW
0x41a0c8 GetSystemTime
0x41a0cc CopyFileExA
0x41a0d0 DeleteFileA
0x41a0d4 GetVolumeInformationW
0x41a0d8 FlushFileBuffers
0x41a0dc CloseHandle
0x41a0e0 MoveFileA
0x41a0e4 EncodePointer
0x41a0e8 DecodePointer
0x41a0ec HeapSetInformation
0x41a0f0 HeapValidate
0x41a0f4 IsBadReadPtr
0x41a0f8 InterlockedDecrement
0x41a0fc ExitProcess
0x41a100 GetCurrentProcess
0x41a104 UnhandledExceptionFilter
0x41a108 SetUnhandledExceptionFilter
0x41a10c IsDebuggerPresent
0x41a110 GetModuleFileNameW
0x41a114 QueryPerformanceCounter
0x41a118 GetTickCount
0x41a11c GetCurrentThreadId
0x41a120 GetCurrentProcessId
0x41a124 GetSystemTimeAsFileTime
0x41a128 WideCharToMultiByte
0x41a12c GetEnvironmentStringsW
0x41a130 SetHandleCount
0x41a134 GetStdHandle
0x41a138 InitializeCriticalSectionAndSpinCount
0x41a13c GetFileType
0x41a140 DeleteCriticalSection
0x41a144 TlsGetValue
0x41a148 TlsSetValue
0x41a14c TlsFree
0x41a150 SetLastError
0x41a154 HeapCreate
0x41a158 WriteFile
0x41a15c LeaveCriticalSection
0x41a160 HeapAlloc
0x41a164 HeapReAlloc
0x41a168 HeapSize
0x41a16c HeapQueryInformation
0x41a170 HeapFree
0x41a174 GetACP
0x41a178 GetOEMCP
0x41a17c GetCPInfo
0x41a180 IsValidCodePage
0x41a184 LoadLibraryW
0x41a188 RtlUnwind
0x41a18c SetFilePointer
0x41a190 GetConsoleCP
0x41a194 GetConsoleMode
0x41a198 OutputDebugStringA
0x41a19c WriteConsoleW
0x41a1a0 OutputDebugStringW
0x41a1a4 MultiByteToWideChar
0x41a1a8 IsProcessorFeaturePresent
0x41a1ac LCMapStringW
0x41a1b0 GetStringTypeW
0x41a1b4 CreateFileW
0x41a1b8 RaiseException
WINHTTP.dll
0x41a1c0 WinHttpOpen
EAT(Export Address Table) is none