ScreenShot
| Created | 2021.10.21 18:06 | Machine | s1_win7_x6403 |
| Filename | status.png | ||
| Type | MS-DOS executable, MZ for MS-DOS | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 30 detected (Androm, Gozi, malicious, confidence, 100%, GenKryptik, FMIM, uulr, GenericKD, FileRepMetagen, Artemis, Outbreak, Ursnif, HK9QW5, ai score=89, kcloud, Woreflint, Unsafe, VSNW14J21, PossibleThreat) | ||
| md5 | fcb53acd5fd1637a2ac1bc69f396e92c | ||
| sha256 | cc7045d9fe77c4aa4cb646d01fb4700008a34f58f49358d0b0b0997d21016aab | ||
| ssdeep | 3072:eb/VDsMK5SdPlKCXbkB9Kv1y5Gun6XKwRDcXEX55d2wNQ+XnwEf4bvuQ5OjrDGZt:WCoMRt6XKUSRACdOj57jY5jM9H8eGN | ||
| imphash | 91478fc94f6cfd55f2f79a8b82441b87 | ||
| impfuzzy | 48:QJJH2eyPmlO6OmqdmFSqPNqU505Ro0UgHRtduGLtoLKhSYZ57JMFZA9D0Wkln6gK:QJJH2eyPmM6OrdmF/FJ5GfUvTnnVnG | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kbdal.dll
0x100049b8 KbdLayerDescriptor
kernel32.dll
0x100049c0 QueryPerformanceFrequency
0x100049c4 GetCurrentThreadId
0x100049c8 VirtualProtect
0x100049cc WaitForSingleObjectEx
0x100049d0 QueryPerformanceCounter
0x100049d4 EnterCriticalSection
0x100049d8 CreateDirectoryW
0x100049dc GlobalFree
0x100049e0 GetStartupInfoW
0x100049e4 AttachConsole
0x100049e8 SetCurrentDirectoryW
0x100049ec WaitForSingleObject
0x100049f0 GlobalLock
0x100049f4 LocalAlloc
0x100049f8 GetTempPathW
0x100049fc GetCurrentProcess
0x10004a00 GetTickCount
0x10004a04 GetLastError
0x10004a08 GetModuleHandleW
0x10004a0c AllocConsole
0x10004a10 FindNextFileW
0x10004a14 SetEvent
0x10004a18 LocalFree
0x10004a1c ResetEvent
0x10004a20 ReadConsoleW
0x10004a24 GlobalUnlock
0x10004a28 IsProcessorFeaturePresent
0x10004a2c Sleep
0x10004a30 IsDebuggerPresent
0x10004a34 InitializeCriticalSectionAndSpinCount
0x10004a38 FindClose
0x10004a3c GetSystemDefaultUILanguage
0x10004a40 GetStdHandle
0x10004a44 InitializeSListHead
0x10004a48 OpenProcess
0x10004a4c CloseHandle
0x10004a50 CreateWaitableTimerW
0x10004a54 CreateEventW
0x10004a58 GetModuleHandleA
0x10004a5c TerminateProcess
0x10004a60 GetUserDefaultUILanguage
0x10004a64 LeaveCriticalSection
0x10004a68 SetConsoleTitleW
0x10004a6c SetWaitableTimer
0x10004a70 WriteConsoleW
0x10004a74 DeleteCriticalSection
0x10004a78 FindFirstFileW
0x10004a7c GetCurrentProcessId
0x10004a80 GetCommandLineW
0x10004a84 SetUnhandledExceptionFilter
0x10004a88 SetConsoleTextAttribute
0x10004a8c UnhandledExceptionFilter
0x10004a90 GlobalSize
0x10004a94 GetProcAddress
ole32.dll
0x10004a9c PropVariantClear
0x10004aa0 StringFromGUID2
0x10004aa4 CoUninitialize
0x10004aa8 RegisterDragDrop
0x10004aac CreateItemMoniker
0x10004ab0 CreateStreamOnHGlobal
0x10004ab4 GetRunningObjectTable
0x10004ab8 OleInitialize
0x10004abc CoCreateInstance
0x10004ac0 OleUninitialize
0x10004ac4 RevokeDragDrop
0x10004ac8 CoCreateGuid
0x10004acc CoTaskMemFree
0x10004ad0 CoInitializeEx
shell32.dll
0x10004ad8 SHChangeNotify
0x10004adc CommandLineToArgvW
0x10004ae0 ShellExecuteW
shlwapi.dll
0x10004ae8 PathCompactPathExW
0x10004aec PathFindExtensionW
0x10004af0 PathBuildRootW
0x10004af4 PathGetDriveNumberW
0x10004af8 PathStripPathW
0x10004afc PathRemoveExtensionW
0x10004b00 PathIsNetworkPathW
user32.dll
0x10004b08 GetClientRect
0x10004b0c RegisterClipboardFormatW
0x10004b10 IsWindow
0x10004b14 SetKeyboardState
0x10004b18 SetCapture
0x10004b1c GetKeyboardState
0x10004b20 ReleaseCapture
0x10004b24 TranslateMessage
0x10004b28 GetWindowRect
0x10004b2c GetWindowInfo
0x10004b30 SetWindowLongW
0x10004b34 IsWindowVisible
0x10004b38 ShowWindow
0x10004b3c GetParent
0x10004b40 LoadIconW
0x10004b44 ClientToScreen
0x10004b48 ScreenToClient
0x10004b4c TrackPopupMenu
0x10004b50 MsgWaitForMultipleObjectsEx
0x10004b54 DestroyMenu
0x10004b58 GetSystemMetrics
0x10004b5c IsIconic
0x10004b60 GetKeyState
0x10004b64 GetCursorPos
0x10004b68 RegisterClassW
0x10004b6c GetWindowLongW
0x10004b70 SetWindowPos
0x10004b74 PostMessageW
0x10004b78 IsClipboardFormatAvailable
0x10004b7c DispatchMessageW
0x10004b80 MessageBoxW
0x10004b84 SetCursorPos
0x10004b88 AppendMenuW
0x10004b8c CreatePopupMenu
0x10004b90 SetCursor
0x10004b94 CreateWindowExW
0x10004b98 DefWindowProcW
wmpshell.dll
0x10004ba0 DllUnregisterServer
EAT(Export Address Table) Library
0x10006e4f DllUnregisterServer
0x1000dfa9 DllRegisterServer
0x10013662 DllGetClassObject
0x1001658e DllCanUnloadNow
kbdal.dll
0x100049b8 KbdLayerDescriptor
kernel32.dll
0x100049c0 QueryPerformanceFrequency
0x100049c4 GetCurrentThreadId
0x100049c8 VirtualProtect
0x100049cc WaitForSingleObjectEx
0x100049d0 QueryPerformanceCounter
0x100049d4 EnterCriticalSection
0x100049d8 CreateDirectoryW
0x100049dc GlobalFree
0x100049e0 GetStartupInfoW
0x100049e4 AttachConsole
0x100049e8 SetCurrentDirectoryW
0x100049ec WaitForSingleObject
0x100049f0 GlobalLock
0x100049f4 LocalAlloc
0x100049f8 GetTempPathW
0x100049fc GetCurrentProcess
0x10004a00 GetTickCount
0x10004a04 GetLastError
0x10004a08 GetModuleHandleW
0x10004a0c AllocConsole
0x10004a10 FindNextFileW
0x10004a14 SetEvent
0x10004a18 LocalFree
0x10004a1c ResetEvent
0x10004a20 ReadConsoleW
0x10004a24 GlobalUnlock
0x10004a28 IsProcessorFeaturePresent
0x10004a2c Sleep
0x10004a30 IsDebuggerPresent
0x10004a34 InitializeCriticalSectionAndSpinCount
0x10004a38 FindClose
0x10004a3c GetSystemDefaultUILanguage
0x10004a40 GetStdHandle
0x10004a44 InitializeSListHead
0x10004a48 OpenProcess
0x10004a4c CloseHandle
0x10004a50 CreateWaitableTimerW
0x10004a54 CreateEventW
0x10004a58 GetModuleHandleA
0x10004a5c TerminateProcess
0x10004a60 GetUserDefaultUILanguage
0x10004a64 LeaveCriticalSection
0x10004a68 SetConsoleTitleW
0x10004a6c SetWaitableTimer
0x10004a70 WriteConsoleW
0x10004a74 DeleteCriticalSection
0x10004a78 FindFirstFileW
0x10004a7c GetCurrentProcessId
0x10004a80 GetCommandLineW
0x10004a84 SetUnhandledExceptionFilter
0x10004a88 SetConsoleTextAttribute
0x10004a8c UnhandledExceptionFilter
0x10004a90 GlobalSize
0x10004a94 GetProcAddress
ole32.dll
0x10004a9c PropVariantClear
0x10004aa0 StringFromGUID2
0x10004aa4 CoUninitialize
0x10004aa8 RegisterDragDrop
0x10004aac CreateItemMoniker
0x10004ab0 CreateStreamOnHGlobal
0x10004ab4 GetRunningObjectTable
0x10004ab8 OleInitialize
0x10004abc CoCreateInstance
0x10004ac0 OleUninitialize
0x10004ac4 RevokeDragDrop
0x10004ac8 CoCreateGuid
0x10004acc CoTaskMemFree
0x10004ad0 CoInitializeEx
shell32.dll
0x10004ad8 SHChangeNotify
0x10004adc CommandLineToArgvW
0x10004ae0 ShellExecuteW
shlwapi.dll
0x10004ae8 PathCompactPathExW
0x10004aec PathFindExtensionW
0x10004af0 PathBuildRootW
0x10004af4 PathGetDriveNumberW
0x10004af8 PathStripPathW
0x10004afc PathRemoveExtensionW
0x10004b00 PathIsNetworkPathW
user32.dll
0x10004b08 GetClientRect
0x10004b0c RegisterClipboardFormatW
0x10004b10 IsWindow
0x10004b14 SetKeyboardState
0x10004b18 SetCapture
0x10004b1c GetKeyboardState
0x10004b20 ReleaseCapture
0x10004b24 TranslateMessage
0x10004b28 GetWindowRect
0x10004b2c GetWindowInfo
0x10004b30 SetWindowLongW
0x10004b34 IsWindowVisible
0x10004b38 ShowWindow
0x10004b3c GetParent
0x10004b40 LoadIconW
0x10004b44 ClientToScreen
0x10004b48 ScreenToClient
0x10004b4c TrackPopupMenu
0x10004b50 MsgWaitForMultipleObjectsEx
0x10004b54 DestroyMenu
0x10004b58 GetSystemMetrics
0x10004b5c IsIconic
0x10004b60 GetKeyState
0x10004b64 GetCursorPos
0x10004b68 RegisterClassW
0x10004b6c GetWindowLongW
0x10004b70 SetWindowPos
0x10004b74 PostMessageW
0x10004b78 IsClipboardFormatAvailable
0x10004b7c DispatchMessageW
0x10004b80 MessageBoxW
0x10004b84 SetCursorPos
0x10004b88 AppendMenuW
0x10004b8c CreatePopupMenu
0x10004b90 SetCursor
0x10004b94 CreateWindowExW
0x10004b98 DefWindowProcW
wmpshell.dll
0x10004ba0 DllUnregisterServer
EAT(Export Address Table) Library
0x10006e4f DllUnregisterServer
0x1000dfa9 DllRegisterServer
0x10013662 DllGetClassObject
0x1001658e DllCanUnloadNow