ScreenShot
| Created | 2021.10.15 10:22 | Machine | s1_win7_x6401 |
| Filename | 1562391525.exe | ||
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 30 detected (Fragtor, Unsafe, ZexaF, KK0@aOFGL, Rozena, Malicious, NanoBot, rbxcs, kcloud, score, ai score=89, R002C0WJE21, Wlfn, Static AI, Suspicious PE, susgen) | ||
| md5 | 604b759172262363118ab37833ca63bb | ||
| sha256 | 709aff2453909486058b4b46d2e53dc9bb970aaa2966bae1986e9de0c4b1836d | ||
| ssdeep | 12288:Kr6F05RMuue1IEDuOcvZHrTDdwPcN8IT37gTZX2xmUzHxn6AGoa:UQuvIlxZS0YemUzHxHG1 | ||
| imphash | 5d0d43282eff6279781d6c7c809bf649 | ||
| impfuzzy | 96:zKN2Sm6fCCOc5Xl3Oqz2e0b11txPB3OxfUv6N:zJCp3Vz2e411txPB3OxfUv6N | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Command line console output was observed |
| info | Queries for the computername |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.DLL
0x4753b0 AllocateAndInitializeSid
0x4753b4 CopySid
0x4753b8 EqualSid
0x4753bc GetLengthSid
0x4753c0 GetUserNameA
0x4753c4 InitializeSecurityDescriptor
0x4753c8 RegCloseKey
0x4753cc RegCreateKeyA
0x4753d0 RegCreateKeyExA
0x4753d4 RegDeleteKeyA
0x4753d8 RegDeleteValueA
0x4753dc RegEnumKeyA
0x4753e0 RegOpenKeyA
0x4753e4 RegQueryValueExA
0x4753e8 RegSetValueExA
0x4753ec SetSecurityDescriptorDacl
0x4753f0 SetSecurityDescriptorOwner
GDI32.dll
0x4753f8 CreateFontIndirectW
0x4753fc DeleteObject
0x475400 GetObjectW
0x475404 GetStockObject
0x475408 SelectObject
0x47540c SetBkMode
0x475410 SetTextColor
KERNEL32.dll
0x475418 CreateThread
0x47541c DeleteCriticalSection
0x475420 EnterCriticalSection
0x475424 ExitProcess
0x475428 FindClose
0x47542c FindFirstFileA
0x475430 FindNextFileA
0x475434 FreeLibrary
0x475438 GetCommandLineA
0x47543c GetLastError
0x475440 GetModuleHandleA
0x475444 GetProcAddress
0x475448 InitializeCriticalSection
0x47544c LeaveCriticalSection
0x475450 LoadLibraryA
0x475454 SetUnhandledExceptionFilter
0x475458 TlsGetValue
0x47545c VirtualAlloc
0x475460 VirtualProtect
0x475464 VirtualQuery
0x475468 WaitForSingleObject
msvcrt.dll
0x475470 _strdup
0x475474 _stricoll
msvcrt.dll
0x47547c __getmainargs
0x475480 __mb_cur_max
0x475484 __p__environ
0x475488 __p__fmode
0x47548c __set_app_type
0x475490 _cexit
0x475494 _errno
0x475498 _fpreset
0x47549c _fullpath
0x4754a0 _iob
0x4754a4 _isctype
0x4754a8 _onexit
0x4754ac _pctype
0x4754b0 _setmode
0x4754b4 abort
0x4754b8 atexit
0x4754bc calloc
0x4754c0 free
0x4754c4 fwrite
0x4754c8 malloc
0x4754cc mbstowcs
0x4754d0 memcpy
0x4754d4 memset
0x4754d8 realloc
0x4754dc setlocale
0x4754e0 signal
0x4754e4 strcoll
0x4754e8 strcpy
0x4754ec strlen
0x4754f0 tolower
0x4754f4 vfprintf
0x4754f8 wcstombs
USER32.dll
0x475500 AppendMenuA
0x475504 BeginPaint
0x475508 CheckDlgButton
0x47550c CheckMenuItem
0x475510 CheckRadioButton
0x475514 CloseClipboard
0x475518 CreateCaret
0x47551c CreateDialogParamA
0x475520 CreateMenu
0x475524 CreatePopupMenu
0x475528 CreateWindowExA
0x47552c CreateWindowExW
0x475530 DefDlgProcA
0x475534 DefWindowProcA
0x475538 DefWindowProcW
0x47553c DeleteMenu
0x475540 DestroyCaret
0x475544 DestroyIcon
0x475548 DestroyWindow
0x47554c DialogBoxParamA
0x475550 DispatchMessageA
0x475554 DispatchMessageW
0x475558 DrawEdge
0x47555c DrawIconEx
0x475560 EmptyClipboard
0x475564 EnableMenuItem
0x475568 EnableWindow
0x47556c EndDialog
0x475570 EndPaint
0x475574 FindWindowA
0x475578 FlashWindow
0x47557c GetCapture
0x475580 GetCaretBlinkTime
0x475584 GetClientRect
0x475588 GetClipboardData
0x47558c GetClipboardOwner
0x475590 GetCursorPos
0x475594 GetDC
0x475598 GetDesktopWindow
0x47559c GetDlgItem
0x4755a0 GetDlgItemTextA
0x4755a4 GetDoubleClickTime
0x4755a8 GetForegroundWindow
0x4755ac GetKeyboardLayout
0x4755b0 GetKeyboardState
0x4755b4 GetMessageA
0x4755b8 GetMessageTime
0x4755bc GetParent
0x4755c0 GetQueueStatus
0x4755c4 GetScrollInfo
0x4755c8 GetSysColor
0x4755cc GetSysColorBrush
0x4755d0 GetSystemMenu
0x4755d4 GetSystemMetrics
0x4755d8 GetWindowLongA
0x4755dc GetWindowPlacement
0x4755e0 GetWindowRect
0x4755e4 GetWindowTextA
0x4755e8 GetWindowTextLengthA
0x4755ec HideCaret
0x4755f0 InsertMenuA
0x4755f4 InvalidateRect
0x4755f8 IsDialogMessageA
0x4755fc IsDlgButtonChecked
0x475600 IsIconic
0x475604 IsWindow
0x475608 IsZoomed
0x47560c KillTimer
0x475610 LoadCursorA
0x475614 LoadIconA
0x475618 LoadImageA
0x47561c MapDialogRect
0x475620 MessageBeep
0x475624 MessageBoxA
0x475628 MessageBoxIndirectA
0x47562c MoveWindow
0x475630 MsgWaitForMultipleObjects
0x475634 OffsetRect
0x475638 OpenClipboard
0x47563c PeekMessageA
0x475640 PeekMessageW
0x475644 PostMessageA
0x475648 PostQuitMessage
0x47564c RegisterClassA
0x475650 RegisterClassW
0x475654 RegisterClipboardFormatA
0x475658 RegisterWindowMessageA
0x47565c ReleaseCapture
0x475660 ReleaseDC
0x475664 ScreenToClient
0x475668 SendDlgItemMessageA
0x47566c SendMessageA
0x475670 SetActiveWindow
0x475674 SetCapture
0x475678 SetCaretPos
0x47567c SetClassLongA
0x475680 SetClipboardData
0x475684 SetCursor
0x475688 SetDlgItemTextA
0x47568c SetFocus
0x475690 SetForegroundWindow
0x475694 SetKeyboardState
0x475698 SetScrollInfo
0x47569c SetTimer
0x4756a0 SetWindowLongA
0x4756a4 SetWindowPlacement
0x4756a8 SetWindowPos
0x4756ac SetWindowTextA
0x4756b0 ShowCaret
0x4756b4 ShowCursor
0x4756b8 ShowWindow
0x4756bc SystemParametersInfoA
0x4756c0 ToAsciiEx
0x4756c4 TrackPopupMenu
0x4756c8 TranslateMessage
0x4756cc UpdateWindow
EAT(Export Address Table) is none
ADVAPI32.DLL
0x4753b0 AllocateAndInitializeSid
0x4753b4 CopySid
0x4753b8 EqualSid
0x4753bc GetLengthSid
0x4753c0 GetUserNameA
0x4753c4 InitializeSecurityDescriptor
0x4753c8 RegCloseKey
0x4753cc RegCreateKeyA
0x4753d0 RegCreateKeyExA
0x4753d4 RegDeleteKeyA
0x4753d8 RegDeleteValueA
0x4753dc RegEnumKeyA
0x4753e0 RegOpenKeyA
0x4753e4 RegQueryValueExA
0x4753e8 RegSetValueExA
0x4753ec SetSecurityDescriptorDacl
0x4753f0 SetSecurityDescriptorOwner
GDI32.dll
0x4753f8 CreateFontIndirectW
0x4753fc DeleteObject
0x475400 GetObjectW
0x475404 GetStockObject
0x475408 SelectObject
0x47540c SetBkMode
0x475410 SetTextColor
KERNEL32.dll
0x475418 CreateThread
0x47541c DeleteCriticalSection
0x475420 EnterCriticalSection
0x475424 ExitProcess
0x475428 FindClose
0x47542c FindFirstFileA
0x475430 FindNextFileA
0x475434 FreeLibrary
0x475438 GetCommandLineA
0x47543c GetLastError
0x475440 GetModuleHandleA
0x475444 GetProcAddress
0x475448 InitializeCriticalSection
0x47544c LeaveCriticalSection
0x475450 LoadLibraryA
0x475454 SetUnhandledExceptionFilter
0x475458 TlsGetValue
0x47545c VirtualAlloc
0x475460 VirtualProtect
0x475464 VirtualQuery
0x475468 WaitForSingleObject
msvcrt.dll
0x475470 _strdup
0x475474 _stricoll
msvcrt.dll
0x47547c __getmainargs
0x475480 __mb_cur_max
0x475484 __p__environ
0x475488 __p__fmode
0x47548c __set_app_type
0x475490 _cexit
0x475494 _errno
0x475498 _fpreset
0x47549c _fullpath
0x4754a0 _iob
0x4754a4 _isctype
0x4754a8 _onexit
0x4754ac _pctype
0x4754b0 _setmode
0x4754b4 abort
0x4754b8 atexit
0x4754bc calloc
0x4754c0 free
0x4754c4 fwrite
0x4754c8 malloc
0x4754cc mbstowcs
0x4754d0 memcpy
0x4754d4 memset
0x4754d8 realloc
0x4754dc setlocale
0x4754e0 signal
0x4754e4 strcoll
0x4754e8 strcpy
0x4754ec strlen
0x4754f0 tolower
0x4754f4 vfprintf
0x4754f8 wcstombs
USER32.dll
0x475500 AppendMenuA
0x475504 BeginPaint
0x475508 CheckDlgButton
0x47550c CheckMenuItem
0x475510 CheckRadioButton
0x475514 CloseClipboard
0x475518 CreateCaret
0x47551c CreateDialogParamA
0x475520 CreateMenu
0x475524 CreatePopupMenu
0x475528 CreateWindowExA
0x47552c CreateWindowExW
0x475530 DefDlgProcA
0x475534 DefWindowProcA
0x475538 DefWindowProcW
0x47553c DeleteMenu
0x475540 DestroyCaret
0x475544 DestroyIcon
0x475548 DestroyWindow
0x47554c DialogBoxParamA
0x475550 DispatchMessageA
0x475554 DispatchMessageW
0x475558 DrawEdge
0x47555c DrawIconEx
0x475560 EmptyClipboard
0x475564 EnableMenuItem
0x475568 EnableWindow
0x47556c EndDialog
0x475570 EndPaint
0x475574 FindWindowA
0x475578 FlashWindow
0x47557c GetCapture
0x475580 GetCaretBlinkTime
0x475584 GetClientRect
0x475588 GetClipboardData
0x47558c GetClipboardOwner
0x475590 GetCursorPos
0x475594 GetDC
0x475598 GetDesktopWindow
0x47559c GetDlgItem
0x4755a0 GetDlgItemTextA
0x4755a4 GetDoubleClickTime
0x4755a8 GetForegroundWindow
0x4755ac GetKeyboardLayout
0x4755b0 GetKeyboardState
0x4755b4 GetMessageA
0x4755b8 GetMessageTime
0x4755bc GetParent
0x4755c0 GetQueueStatus
0x4755c4 GetScrollInfo
0x4755c8 GetSysColor
0x4755cc GetSysColorBrush
0x4755d0 GetSystemMenu
0x4755d4 GetSystemMetrics
0x4755d8 GetWindowLongA
0x4755dc GetWindowPlacement
0x4755e0 GetWindowRect
0x4755e4 GetWindowTextA
0x4755e8 GetWindowTextLengthA
0x4755ec HideCaret
0x4755f0 InsertMenuA
0x4755f4 InvalidateRect
0x4755f8 IsDialogMessageA
0x4755fc IsDlgButtonChecked
0x475600 IsIconic
0x475604 IsWindow
0x475608 IsZoomed
0x47560c KillTimer
0x475610 LoadCursorA
0x475614 LoadIconA
0x475618 LoadImageA
0x47561c MapDialogRect
0x475620 MessageBeep
0x475624 MessageBoxA
0x475628 MessageBoxIndirectA
0x47562c MoveWindow
0x475630 MsgWaitForMultipleObjects
0x475634 OffsetRect
0x475638 OpenClipboard
0x47563c PeekMessageA
0x475640 PeekMessageW
0x475644 PostMessageA
0x475648 PostQuitMessage
0x47564c RegisterClassA
0x475650 RegisterClassW
0x475654 RegisterClipboardFormatA
0x475658 RegisterWindowMessageA
0x47565c ReleaseCapture
0x475660 ReleaseDC
0x475664 ScreenToClient
0x475668 SendDlgItemMessageA
0x47566c SendMessageA
0x475670 SetActiveWindow
0x475674 SetCapture
0x475678 SetCaretPos
0x47567c SetClassLongA
0x475680 SetClipboardData
0x475684 SetCursor
0x475688 SetDlgItemTextA
0x47568c SetFocus
0x475690 SetForegroundWindow
0x475694 SetKeyboardState
0x475698 SetScrollInfo
0x47569c SetTimer
0x4756a0 SetWindowLongA
0x4756a4 SetWindowPlacement
0x4756a8 SetWindowPos
0x4756ac SetWindowTextA
0x4756b0 ShowCaret
0x4756b4 ShowCursor
0x4756b8 ShowWindow
0x4756bc SystemParametersInfoA
0x4756c0 ToAsciiEx
0x4756c4 TrackPopupMenu
0x4756c8 TranslateMessage
0x4756cc UpdateWindow
EAT(Export Address Table) is none