ScreenShot
| Created | 2021.10.25 09:43 | Machine | s1_win7_x6403 |
| Filename | socks12110.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 51 detected (AIDetect, malware1, malicious, high confidence, DownLoader43, Unsafe, Save, confidence, 100%, Racealer, ZexaF, nu0@aaz4NQdG, Kryptik, Eldorado, Attribute, HighConfidence, HNAD, Zenpak, CLASSIC, R002C0PJL21, R + Troj, Krypt, Static AI, Malicious PE, kcloud, score, Ransomware, STOP, R446694, BScope, NanoBot, GenericKD, ai score=100, susgen, GenKryptik, FMJB, GdSda) | ||
| md5 | fa1bbe98e6ecfc6ac3e8e9c881a7532a | ||
| sha256 | 38373950a7348876d1a81cd11f1d6e4737e4da3361b667c0582ae29f809ee284 | ||
| ssdeep | 3072:CWh1e6j5yA5WsWKrm606qIVxQe1763M/+w+CNf4/AWaSkSJu98vd:7e6j5yAfNF5Vt17vWaIADG8el | ||
| imphash | e42bd2eea2c5b7013388ffede97cef98 | ||
| impfuzzy | 24:Uu9EfFXAeJcDpP62d4lQ1V8LO4tjhJK0dcd/Ilyv9Z9OT43jMeMdAgKQ:yFXiXC564ttXcqK9GcLMdAw | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x414008 SetEnvironmentVariableW
0x41400c GetEnvironmentStringsW
0x414010 SetEvent
0x414014 FlushViewOfFile
0x414018 ReadConsoleW
0x41401c FindActCtxSectionStringA
0x414020 CreateActCtxW
0x414024 GlobalAlloc
0x414028 Sleep
0x41402c InitAtomTable
0x414030 HeapCreate
0x414034 WriteConsoleW
0x414038 GetAtomNameW
0x41403c GetModuleFileNameW
0x414040 SetProcessAffinityMask
0x414044 SetTapePosition
0x414048 SetLastError
0x41404c GetProcAddress
0x414050 VirtualAlloc
0x414054 BeginUpdateResourceW
0x414058 LoadLibraryA
0x41405c GetModuleFileNameA
0x414060 CreateIoCompletionPort
0x414064 GetCPInfoExA
0x414068 SetProcessShutdownParameters
0x41406c Module32Next
0x414070 ReleaseMutex
0x414074 EndUpdateResourceA
0x414078 GetVersionExA
0x41407c FindNextVolumeA
0x414080 lstrcpyW
0x414084 LCMapStringW
0x414088 SetConsoleTitleA
0x41408c HeapReAlloc
0x414090 HeapSize
0x414094 GetStringTypeW
0x414098 EncodePointer
0x41409c DecodePointer
0x4140a0 GetModuleHandleW
0x4140a4 ExitProcess
0x4140a8 GetCommandLineW
0x4140ac HeapSetInformation
0x4140b0 GetStartupInfoW
0x4140b4 UnhandledExceptionFilter
0x4140b8 SetUnhandledExceptionFilter
0x4140bc IsDebuggerPresent
0x4140c0 TerminateProcess
0x4140c4 GetCurrentProcess
0x4140c8 TlsAlloc
0x4140cc TlsGetValue
0x4140d0 TlsSetValue
0x4140d4 TlsFree
0x4140d8 InterlockedIncrement
0x4140dc GetCurrentThreadId
0x4140e0 GetLastError
0x4140e4 InterlockedDecrement
0x4140e8 HeapAlloc
0x4140ec ReadFile
0x4140f0 EnterCriticalSection
0x4140f4 LeaveCriticalSection
0x4140f8 HeapFree
0x4140fc IsProcessorFeaturePresent
0x414100 SetHandleCount
0x414104 GetStdHandle
0x414108 InitializeCriticalSectionAndSpinCount
0x41410c GetFileType
0x414110 DeleteCriticalSection
0x414114 SetFilePointer
0x414118 GetCPInfo
0x41411c GetACP
0x414120 GetOEMCP
0x414124 IsValidCodePage
0x414128 CloseHandle
0x41412c LoadLibraryW
0x414130 WriteFile
0x414134 FreeEnvironmentStringsW
0x414138 QueryPerformanceCounter
0x41413c GetTickCount
0x414140 GetCurrentProcessId
0x414144 GetSystemTimeAsFileTime
0x414148 WideCharToMultiByte
0x41414c GetConsoleCP
0x414150 GetConsoleMode
0x414154 MultiByteToWideChar
0x414158 RtlUnwind
0x41415c RaiseException
0x414160 SetStdHandle
0x414164 FlushFileBuffers
0x414168 CreateFileW
USER32.dll
0x414170 ClientToScreen
GDI32.dll
0x414000 GetBitmapBits
WINHTTP.dll
0x414178 WinHttpQueryOption
EAT(Export Address Table) is none
KERNEL32.dll
0x414008 SetEnvironmentVariableW
0x41400c GetEnvironmentStringsW
0x414010 SetEvent
0x414014 FlushViewOfFile
0x414018 ReadConsoleW
0x41401c FindActCtxSectionStringA
0x414020 CreateActCtxW
0x414024 GlobalAlloc
0x414028 Sleep
0x41402c InitAtomTable
0x414030 HeapCreate
0x414034 WriteConsoleW
0x414038 GetAtomNameW
0x41403c GetModuleFileNameW
0x414040 SetProcessAffinityMask
0x414044 SetTapePosition
0x414048 SetLastError
0x41404c GetProcAddress
0x414050 VirtualAlloc
0x414054 BeginUpdateResourceW
0x414058 LoadLibraryA
0x41405c GetModuleFileNameA
0x414060 CreateIoCompletionPort
0x414064 GetCPInfoExA
0x414068 SetProcessShutdownParameters
0x41406c Module32Next
0x414070 ReleaseMutex
0x414074 EndUpdateResourceA
0x414078 GetVersionExA
0x41407c FindNextVolumeA
0x414080 lstrcpyW
0x414084 LCMapStringW
0x414088 SetConsoleTitleA
0x41408c HeapReAlloc
0x414090 HeapSize
0x414094 GetStringTypeW
0x414098 EncodePointer
0x41409c DecodePointer
0x4140a0 GetModuleHandleW
0x4140a4 ExitProcess
0x4140a8 GetCommandLineW
0x4140ac HeapSetInformation
0x4140b0 GetStartupInfoW
0x4140b4 UnhandledExceptionFilter
0x4140b8 SetUnhandledExceptionFilter
0x4140bc IsDebuggerPresent
0x4140c0 TerminateProcess
0x4140c4 GetCurrentProcess
0x4140c8 TlsAlloc
0x4140cc TlsGetValue
0x4140d0 TlsSetValue
0x4140d4 TlsFree
0x4140d8 InterlockedIncrement
0x4140dc GetCurrentThreadId
0x4140e0 GetLastError
0x4140e4 InterlockedDecrement
0x4140e8 HeapAlloc
0x4140ec ReadFile
0x4140f0 EnterCriticalSection
0x4140f4 LeaveCriticalSection
0x4140f8 HeapFree
0x4140fc IsProcessorFeaturePresent
0x414100 SetHandleCount
0x414104 GetStdHandle
0x414108 InitializeCriticalSectionAndSpinCount
0x41410c GetFileType
0x414110 DeleteCriticalSection
0x414114 SetFilePointer
0x414118 GetCPInfo
0x41411c GetACP
0x414120 GetOEMCP
0x414124 IsValidCodePage
0x414128 CloseHandle
0x41412c LoadLibraryW
0x414130 WriteFile
0x414134 FreeEnvironmentStringsW
0x414138 QueryPerformanceCounter
0x41413c GetTickCount
0x414140 GetCurrentProcessId
0x414144 GetSystemTimeAsFileTime
0x414148 WideCharToMultiByte
0x41414c GetConsoleCP
0x414150 GetConsoleMode
0x414154 MultiByteToWideChar
0x414158 RtlUnwind
0x41415c RaiseException
0x414160 SetStdHandle
0x414164 FlushFileBuffers
0x414168 CreateFileW
USER32.dll
0x414170 ClientToScreen
GDI32.dll
0x414000 GetBitmapBits
WINHTTP.dll
0x414178 WinHttpQueryOption
EAT(Export Address Table) is none