ScreenShot
| Created | 2021.10.22 09:17 | Machine | s1_win7_x6401 |
| Filename | file.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 25 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, confidence, 100%, ZexaF, vu0@aW5G2unG, A + Troj, Krypt, Lockbit, Static AI, Malicious PE, Sabsik, score, MachineLearning, Anomalous, Kryptik, CLASSIC, susgen) | ||
| md5 | f2abae5000fe712654372a7adb2321f4 | ||
| sha256 | bbe067edf24c7ed3076281646e84e3c3d3643205189076e3e2f023a0a7830cc5 | ||
| ssdeep | 6144:ZLNfr9ti3Q7FnY3gH+X+0qH77kliXQIxZetZvuyLEHyglIADG8el:Zhfrbi3Qt+WKBk7giXQfaXxD | ||
| imphash | 2bb7e5ee230d0f5bc1553fe65bd4be1f | ||
| impfuzzy | 24:Gu9EAivq11RhJcDRGp4lB8LO4txhJK0dcd/Ilyv9Z9OS3jMeMj:avwMm64tDXcqK9GSLMj | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 25 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x433008 GetCurrentProcess
0x43300c SetEnvironmentVariableW
0x433010 GetEnvironmentStringsW
0x433014 SetEvent
0x433018 GetTickCount
0x43301c ReadConsoleW
0x433020 FindActCtxSectionStringA
0x433024 GlobalAlloc
0x433028 Sleep
0x43302c InitAtomTable
0x433030 HeapCreate
0x433034 FindNextVolumeW
0x433038 WriteConsoleW
0x43303c GetMailslotInfo
0x433040 CreateActCtxA
0x433044 SetConsoleTitleA
0x433048 SetTapePosition
0x43304c Module32First
0x433050 SetLastError
0x433054 GetProcAddress
0x433058 VirtualAlloc
0x43305c GetAtomNameA
0x433060 LoadLibraryA
0x433064 BeginUpdateResourceA
0x433068 GetProcessShutdownParameters
0x43306c GetProcessAffinityMask
0x433070 GetCPInfoExA
0x433074 ReleaseMutex
0x433078 EndUpdateResourceA
0x43307c GetVersionExA
0x433080 FindNextVolumeA
0x433084 lstrcpyW
0x433088 LCMapStringW
0x43308c GetModuleFileNameW
0x433090 HeapReAlloc
0x433094 EncodePointer
0x433098 DecodePointer
0x43309c GetModuleHandleW
0x4330a0 ExitProcess
0x4330a4 GetCommandLineW
0x4330a8 HeapSetInformation
0x4330ac GetStartupInfoW
0x4330b0 UnhandledExceptionFilter
0x4330b4 SetUnhandledExceptionFilter
0x4330b8 IsDebuggerPresent
0x4330bc TerminateProcess
0x4330c0 TlsAlloc
0x4330c4 TlsGetValue
0x4330c8 TlsSetValue
0x4330cc TlsFree
0x4330d0 InterlockedIncrement
0x4330d4 GetCurrentThreadId
0x4330d8 GetLastError
0x4330dc InterlockedDecrement
0x4330e0 HeapAlloc
0x4330e4 ReadFile
0x4330e8 EnterCriticalSection
0x4330ec LeaveCriticalSection
0x4330f0 HeapFree
0x4330f4 IsProcessorFeaturePresent
0x4330f8 SetHandleCount
0x4330fc GetStdHandle
0x433100 InitializeCriticalSectionAndSpinCount
0x433104 GetFileType
0x433108 DeleteCriticalSection
0x43310c SetFilePointer
0x433110 GetCPInfo
0x433114 GetACP
0x433118 GetOEMCP
0x43311c IsValidCodePage
0x433120 CloseHandle
0x433124 LoadLibraryW
0x433128 WriteFile
0x43312c FreeEnvironmentStringsW
0x433130 QueryPerformanceCounter
0x433134 GetCurrentProcessId
0x433138 GetSystemTimeAsFileTime
0x43313c WideCharToMultiByte
0x433140 GetConsoleCP
0x433144 GetConsoleMode
0x433148 MultiByteToWideChar
0x43314c RtlUnwind
0x433150 RaiseException
0x433154 SetStdHandle
0x433158 FlushFileBuffers
0x43315c GetStringTypeW
0x433160 HeapSize
0x433164 CreateFileW
GDI32.dll
0x433000 GetBitmapBits
EAT(Export Address Table) is none
KERNEL32.dll
0x433008 GetCurrentProcess
0x43300c SetEnvironmentVariableW
0x433010 GetEnvironmentStringsW
0x433014 SetEvent
0x433018 GetTickCount
0x43301c ReadConsoleW
0x433020 FindActCtxSectionStringA
0x433024 GlobalAlloc
0x433028 Sleep
0x43302c InitAtomTable
0x433030 HeapCreate
0x433034 FindNextVolumeW
0x433038 WriteConsoleW
0x43303c GetMailslotInfo
0x433040 CreateActCtxA
0x433044 SetConsoleTitleA
0x433048 SetTapePosition
0x43304c Module32First
0x433050 SetLastError
0x433054 GetProcAddress
0x433058 VirtualAlloc
0x43305c GetAtomNameA
0x433060 LoadLibraryA
0x433064 BeginUpdateResourceA
0x433068 GetProcessShutdownParameters
0x43306c GetProcessAffinityMask
0x433070 GetCPInfoExA
0x433074 ReleaseMutex
0x433078 EndUpdateResourceA
0x43307c GetVersionExA
0x433080 FindNextVolumeA
0x433084 lstrcpyW
0x433088 LCMapStringW
0x43308c GetModuleFileNameW
0x433090 HeapReAlloc
0x433094 EncodePointer
0x433098 DecodePointer
0x43309c GetModuleHandleW
0x4330a0 ExitProcess
0x4330a4 GetCommandLineW
0x4330a8 HeapSetInformation
0x4330ac GetStartupInfoW
0x4330b0 UnhandledExceptionFilter
0x4330b4 SetUnhandledExceptionFilter
0x4330b8 IsDebuggerPresent
0x4330bc TerminateProcess
0x4330c0 TlsAlloc
0x4330c4 TlsGetValue
0x4330c8 TlsSetValue
0x4330cc TlsFree
0x4330d0 InterlockedIncrement
0x4330d4 GetCurrentThreadId
0x4330d8 GetLastError
0x4330dc InterlockedDecrement
0x4330e0 HeapAlloc
0x4330e4 ReadFile
0x4330e8 EnterCriticalSection
0x4330ec LeaveCriticalSection
0x4330f0 HeapFree
0x4330f4 IsProcessorFeaturePresent
0x4330f8 SetHandleCount
0x4330fc GetStdHandle
0x433100 InitializeCriticalSectionAndSpinCount
0x433104 GetFileType
0x433108 DeleteCriticalSection
0x43310c SetFilePointer
0x433110 GetCPInfo
0x433114 GetACP
0x433118 GetOEMCP
0x43311c IsValidCodePage
0x433120 CloseHandle
0x433124 LoadLibraryW
0x433128 WriteFile
0x43312c FreeEnvironmentStringsW
0x433130 QueryPerformanceCounter
0x433134 GetCurrentProcessId
0x433138 GetSystemTimeAsFileTime
0x43313c WideCharToMultiByte
0x433140 GetConsoleCP
0x433144 GetConsoleMode
0x433148 MultiByteToWideChar
0x43314c RtlUnwind
0x433150 RaiseException
0x433154 SetStdHandle
0x433158 FlushFileBuffers
0x43315c GetStringTypeW
0x433160 HeapSize
0x433164 CreateFileW
GDI32.dll
0x433000 GetBitmapBits
EAT(Export Address Table) is none