ScreenShot
| Created | 2021.10.08 17:00 | Machine | s1_win7_x6402 |
| Filename | boopa.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 22 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, confidence, 100%, ZexaF, fz0@aSVeLciO, Attribute, HighConfidence, Danabot, Ranumbot, Score, Sabsik, Generic@ML, RDML, 8G2Tb, XVGADiddgOiz+tKQ, Static AI, Malicious PE) | ||
| md5 | 1c38c0b56969a81e7adf89eac12e0d0e | ||
| sha256 | 7bf358e7bffe42b707987d1e14465a5fd91fb4468b8bb5cc2bda2fd95ef801d1 | ||
| ssdeep | 24576:jiwbzIFNHEG4k69HYz9Dft4yiRLSOJPUTYfeJuvpWDME7Ks:jiwbUBF1sRJJMTzvF | ||
| imphash | 0dd592f35b48076810a8314d458b6b4b | ||
| impfuzzy | 24:bhkg1u/8UrFdEDGOWz5rbRk1bkfcjlpOqGXldtaFHRyvpJ3vT0ZrtjMnR:bhG/v5dsmZfcaqGXDtaErvAZo | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x501000 HeapReAlloc
0x501004 lstrlenA
0x501008 GetLocaleInfoA
0x50100c EndUpdateResourceW
0x501010 GetQueuedCompletionStatus
0x501014 GetCurrentProcess
0x501018 SetEvent
0x50101c BackupSeek
0x501020 GetConsoleTitleA
0x501024 ReadConsoleW
0x501028 WriteFile
0x50102c CreateActCtxW
0x501030 InitializeCriticalSection
0x501034 GetEnvironmentStrings
0x501038 InitAtomTable
0x50103c HeapDestroy
0x501040 FindNextVolumeW
0x501044 IsProcessorFeaturePresent
0x501048 GetFileAttributesW
0x50104c GetModuleFileNameW
0x501050 DeactivateActCtx
0x501054 InterlockedExchange
0x501058 GetProcAddress
0x50105c BeginUpdateResourceW
0x501060 PrepareTape
0x501064 GetProcessVersion
0x501068 WriteConsoleA
0x50106c LocalAlloc
0x501070 RemoveDirectoryW
0x501074 SetConsoleWindowInfo
0x501078 GetModuleHandleA
0x50107c VirtualProtect
0x501080 SetProcessShutdownParameters
0x501084 ReleaseMutex
0x501088 GetCurrentProcessId
0x50108c FindNextVolumeA
0x501090 lstrcpyA
0x501094 WriteConsoleW
0x501098 ReadFile
0x50109c WideCharToMultiByte
0x5010a0 InterlockedIncrement
0x5010a4 InterlockedDecrement
0x5010a8 InterlockedCompareExchange
0x5010ac MultiByteToWideChar
0x5010b0 GetStringTypeW
0x5010b4 EncodePointer
0x5010b8 DecodePointer
0x5010bc Sleep
0x5010c0 DeleteCriticalSection
0x5010c4 EnterCriticalSection
0x5010c8 LeaveCriticalSection
0x5010cc GetLastError
0x5010d0 HeapFree
0x5010d4 GetCommandLineW
0x5010d8 HeapSetInformation
0x5010dc GetStartupInfoW
0x5010e0 GetCPInfo
0x5010e4 RaiseException
0x5010e8 RtlUnwind
0x5010ec HeapAlloc
0x5010f0 LCMapStringW
0x5010f4 HeapCreate
0x5010f8 InitializeCriticalSectionAndSpinCount
0x5010fc UnhandledExceptionFilter
0x501100 SetUnhandledExceptionFilter
0x501104 IsDebuggerPresent
0x501108 TerminateProcess
0x50110c SetFilePointer
0x501110 GetModuleHandleW
0x501114 ExitProcess
0x501118 GetStdHandle
0x50111c FreeEnvironmentStringsW
0x501120 GetEnvironmentStringsW
0x501124 SetHandleCount
0x501128 GetFileType
0x50112c TlsAlloc
0x501130 TlsGetValue
0x501134 TlsSetValue
0x501138 TlsFree
0x50113c SetLastError
0x501140 GetCurrentThreadId
0x501144 QueryPerformanceCounter
0x501148 GetTickCount
0x50114c GetSystemTimeAsFileTime
0x501150 GetLocaleInfoW
0x501154 HeapSize
0x501158 GetACP
0x50115c GetOEMCP
0x501160 IsValidCodePage
0x501164 GetUserDefaultLCID
0x501168 EnumSystemLocalesA
0x50116c IsValidLocale
0x501170 CloseHandle
0x501174 CreateFileA
0x501178 SetStdHandle
0x50117c GetConsoleCP
0x501180 GetConsoleMode
0x501184 FlushFileBuffers
0x501188 LoadLibraryW
0x50118c SetEndOfFile
0x501190 GetProcessHeap
0x501194 CreateFileW
EAT(Export Address Table) Library
0x4015fa @GetFirstVice@8
0x401603 @SetViceVariants@12
KERNEL32.dll
0x501000 HeapReAlloc
0x501004 lstrlenA
0x501008 GetLocaleInfoA
0x50100c EndUpdateResourceW
0x501010 GetQueuedCompletionStatus
0x501014 GetCurrentProcess
0x501018 SetEvent
0x50101c BackupSeek
0x501020 GetConsoleTitleA
0x501024 ReadConsoleW
0x501028 WriteFile
0x50102c CreateActCtxW
0x501030 InitializeCriticalSection
0x501034 GetEnvironmentStrings
0x501038 InitAtomTable
0x50103c HeapDestroy
0x501040 FindNextVolumeW
0x501044 IsProcessorFeaturePresent
0x501048 GetFileAttributesW
0x50104c GetModuleFileNameW
0x501050 DeactivateActCtx
0x501054 InterlockedExchange
0x501058 GetProcAddress
0x50105c BeginUpdateResourceW
0x501060 PrepareTape
0x501064 GetProcessVersion
0x501068 WriteConsoleA
0x50106c LocalAlloc
0x501070 RemoveDirectoryW
0x501074 SetConsoleWindowInfo
0x501078 GetModuleHandleA
0x50107c VirtualProtect
0x501080 SetProcessShutdownParameters
0x501084 ReleaseMutex
0x501088 GetCurrentProcessId
0x50108c FindNextVolumeA
0x501090 lstrcpyA
0x501094 WriteConsoleW
0x501098 ReadFile
0x50109c WideCharToMultiByte
0x5010a0 InterlockedIncrement
0x5010a4 InterlockedDecrement
0x5010a8 InterlockedCompareExchange
0x5010ac MultiByteToWideChar
0x5010b0 GetStringTypeW
0x5010b4 EncodePointer
0x5010b8 DecodePointer
0x5010bc Sleep
0x5010c0 DeleteCriticalSection
0x5010c4 EnterCriticalSection
0x5010c8 LeaveCriticalSection
0x5010cc GetLastError
0x5010d0 HeapFree
0x5010d4 GetCommandLineW
0x5010d8 HeapSetInformation
0x5010dc GetStartupInfoW
0x5010e0 GetCPInfo
0x5010e4 RaiseException
0x5010e8 RtlUnwind
0x5010ec HeapAlloc
0x5010f0 LCMapStringW
0x5010f4 HeapCreate
0x5010f8 InitializeCriticalSectionAndSpinCount
0x5010fc UnhandledExceptionFilter
0x501100 SetUnhandledExceptionFilter
0x501104 IsDebuggerPresent
0x501108 TerminateProcess
0x50110c SetFilePointer
0x501110 GetModuleHandleW
0x501114 ExitProcess
0x501118 GetStdHandle
0x50111c FreeEnvironmentStringsW
0x501120 GetEnvironmentStringsW
0x501124 SetHandleCount
0x501128 GetFileType
0x50112c TlsAlloc
0x501130 TlsGetValue
0x501134 TlsSetValue
0x501138 TlsFree
0x50113c SetLastError
0x501140 GetCurrentThreadId
0x501144 QueryPerformanceCounter
0x501148 GetTickCount
0x50114c GetSystemTimeAsFileTime
0x501150 GetLocaleInfoW
0x501154 HeapSize
0x501158 GetACP
0x50115c GetOEMCP
0x501160 IsValidCodePage
0x501164 GetUserDefaultLCID
0x501168 EnumSystemLocalesA
0x50116c IsValidLocale
0x501170 CloseHandle
0x501174 CreateFileA
0x501178 SetStdHandle
0x50117c GetConsoleCP
0x501180 GetConsoleMode
0x501184 FlushFileBuffers
0x501188 LoadLibraryW
0x50118c SetEndOfFile
0x501190 GetProcessHeap
0x501194 CreateFileW
EAT(Export Address Table) Library
0x4015fa @GetFirstVice@8
0x401603 @SetViceVariants@12