ScreenShot
| Created | 2021.10.20 09:14 | Machine | s1_win7_x6401 |
| Filename | sefile3.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 38 detected (AIDetect, malware1, malicious, high confidence, GenericKD, Unsafe, Save, ZexaF, yy0@aquPifaG, Kryptik, HMZA, FileRepMalware, CLASSIC, Score, ai score=85, StopCrypt, Redline, BHPEWE, R002C0PJJ21, Static AI, Malicious PE, susgen, HMYZ, confidence, 100%) | ||
| md5 | b45cf051beecc52e8b6ed4b09174d8cc | ||
| sha256 | 0526a434f116716b293f93183466497902e6188e4b83a9cab14c3aad2b4c7aa8 | ||
| ssdeep | 12288:tUOcBX9BThgEmeXOslW31V8ZD/kwZGEX8cA0/M:x8TKEmQhlW31U7xsEv | ||
| imphash | 0f7b69b762e9586196f1df5c0f15d6fa | ||
| impfuzzy | 24:dWVX3hJcD5uiNlI1L8LO4txhJKbDYIlyv9Kcs9GT43jMgI5AgKK/:YVni7x64tDyK9KcrcvI5Aq/ | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 38 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x437008 HeapAlloc
0x43700c GetCurrentProcess
0x437010 GetEnvironmentStringsW
0x437014 SetEvent
0x437018 FlushViewOfFile
0x43701c SleepEx
0x437020 ReadConsoleW
0x437024 CreateActCtxW
0x437028 FreeConsole
0x43702c HeapDestroy
0x437030 FindNextVolumeW
0x437034 WriteConsoleW
0x437038 GetModuleFileNameW
0x43703c GetOverlappedResult
0x437040 ReleaseSemaphore
0x437044 Module32First
0x437048 SetLastError
0x43704c GetProcAddress
0x437050 BeginUpdateResourceW
0x437054 GetAtomNameA
0x437058 LocalAlloc
0x43705c SetEnvironmentVariableA
0x437060 GetOEMCP
0x437064 GetModuleHandleA
0x437068 GetProcessShutdownParameters
0x43706c EraseTape
0x437070 VirtualProtect
0x437074 GetCPInfoExA
0x437078 EndUpdateResourceA
0x43707c GetVersionExA
0x437080 DeleteAtom
0x437084 FindNextVolumeA
0x437088 lstrcpyW
0x43708c LCMapStringW
0x437090 DeactivateActCtx
0x437094 SetProcessAffinityMask
0x437098 IsProcessorFeaturePresent
0x43709c HeapReAlloc
0x4370a0 EncodePointer
0x4370a4 DecodePointer
0x4370a8 GetModuleHandleW
0x4370ac ExitProcess
0x4370b0 GetCommandLineW
0x4370b4 HeapSetInformation
0x4370b8 GetStartupInfoW
0x4370bc UnhandledExceptionFilter
0x4370c0 SetUnhandledExceptionFilter
0x4370c4 IsDebuggerPresent
0x4370c8 TerminateProcess
0x4370cc TlsAlloc
0x4370d0 TlsGetValue
0x4370d4 TlsSetValue
0x4370d8 TlsFree
0x4370dc InterlockedIncrement
0x4370e0 GetCurrentThreadId
0x4370e4 GetLastError
0x4370e8 InterlockedDecrement
0x4370ec ReadFile
0x4370f0 HeapFree
0x4370f4 SetHandleCount
0x4370f8 GetStdHandle
0x4370fc InitializeCriticalSectionAndSpinCount
0x437100 GetFileType
0x437104 DeleteCriticalSection
0x437108 SetFilePointer
0x43710c EnterCriticalSection
0x437110 LeaveCriticalSection
0x437114 GetCPInfo
0x437118 GetACP
0x43711c IsValidCodePage
0x437120 CloseHandle
0x437124 LoadLibraryW
0x437128 WriteFile
0x43712c FreeEnvironmentStringsW
0x437130 HeapCreate
0x437134 QueryPerformanceCounter
0x437138 GetTickCount
0x43713c GetCurrentProcessId
0x437140 GetSystemTimeAsFileTime
0x437144 WideCharToMultiByte
0x437148 GetConsoleCP
0x43714c GetConsoleMode
0x437150 Sleep
0x437154 MultiByteToWideChar
0x437158 SetStdHandle
0x43715c RtlUnwind
0x437160 FlushFileBuffers
0x437164 GetStringTypeW
0x437168 HeapSize
0x43716c RaiseException
0x437170 CreateFileW
USER32.dll
0x437178 ClientToScreen
GDI32.dll
0x437000 GetBitmapBits
WINHTTP.dll
0x437180 WinHttpSetOption
EAT(Export Address Table) is none
KERNEL32.dll
0x437008 HeapAlloc
0x43700c GetCurrentProcess
0x437010 GetEnvironmentStringsW
0x437014 SetEvent
0x437018 FlushViewOfFile
0x43701c SleepEx
0x437020 ReadConsoleW
0x437024 CreateActCtxW
0x437028 FreeConsole
0x43702c HeapDestroy
0x437030 FindNextVolumeW
0x437034 WriteConsoleW
0x437038 GetModuleFileNameW
0x43703c GetOverlappedResult
0x437040 ReleaseSemaphore
0x437044 Module32First
0x437048 SetLastError
0x43704c GetProcAddress
0x437050 BeginUpdateResourceW
0x437054 GetAtomNameA
0x437058 LocalAlloc
0x43705c SetEnvironmentVariableA
0x437060 GetOEMCP
0x437064 GetModuleHandleA
0x437068 GetProcessShutdownParameters
0x43706c EraseTape
0x437070 VirtualProtect
0x437074 GetCPInfoExA
0x437078 EndUpdateResourceA
0x43707c GetVersionExA
0x437080 DeleteAtom
0x437084 FindNextVolumeA
0x437088 lstrcpyW
0x43708c LCMapStringW
0x437090 DeactivateActCtx
0x437094 SetProcessAffinityMask
0x437098 IsProcessorFeaturePresent
0x43709c HeapReAlloc
0x4370a0 EncodePointer
0x4370a4 DecodePointer
0x4370a8 GetModuleHandleW
0x4370ac ExitProcess
0x4370b0 GetCommandLineW
0x4370b4 HeapSetInformation
0x4370b8 GetStartupInfoW
0x4370bc UnhandledExceptionFilter
0x4370c0 SetUnhandledExceptionFilter
0x4370c4 IsDebuggerPresent
0x4370c8 TerminateProcess
0x4370cc TlsAlloc
0x4370d0 TlsGetValue
0x4370d4 TlsSetValue
0x4370d8 TlsFree
0x4370dc InterlockedIncrement
0x4370e0 GetCurrentThreadId
0x4370e4 GetLastError
0x4370e8 InterlockedDecrement
0x4370ec ReadFile
0x4370f0 HeapFree
0x4370f4 SetHandleCount
0x4370f8 GetStdHandle
0x4370fc InitializeCriticalSectionAndSpinCount
0x437100 GetFileType
0x437104 DeleteCriticalSection
0x437108 SetFilePointer
0x43710c EnterCriticalSection
0x437110 LeaveCriticalSection
0x437114 GetCPInfo
0x437118 GetACP
0x43711c IsValidCodePage
0x437120 CloseHandle
0x437124 LoadLibraryW
0x437128 WriteFile
0x43712c FreeEnvironmentStringsW
0x437130 HeapCreate
0x437134 QueryPerformanceCounter
0x437138 GetTickCount
0x43713c GetCurrentProcessId
0x437140 GetSystemTimeAsFileTime
0x437144 WideCharToMultiByte
0x437148 GetConsoleCP
0x43714c GetConsoleMode
0x437150 Sleep
0x437154 MultiByteToWideChar
0x437158 SetStdHandle
0x43715c RtlUnwind
0x437160 FlushFileBuffers
0x437164 GetStringTypeW
0x437168 HeapSize
0x43716c RaiseException
0x437170 CreateFileW
USER32.dll
0x437178 ClientToScreen
GDI32.dll
0x437000 GetBitmapBits
WINHTTP.dll
0x437180 WinHttpSetOption
EAT(Export Address Table) is none