ScreenShot
| Created | 2021.10.27 08:03 | Machine | s1_win7_x6403 |
| Filename | solex.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 37 detected (AIDetect, malware1, malicious, high confidence, Fragtor, Artemis, Unsafe, Save, ZexaF, Du0@aKoj1UoG, Kryptik, Eldorado, HNBY, MalwareX, ET#93%, RDMK, cmRtazoPsF0Uz3rMOVN0I4D1eP8w, R + Troj, Krypt, Lockbit, Static AI, Malicious PE, ai score=81, StopCrypt, score, HNBT, confidence, 100%) | ||
| md5 | 9e37ecd7b3a3cc19e3fb569a8f79f2c0 | ||
| sha256 | 290cb899ef25b56068497a4af04f625cc1e38f5a3b53ba335af3670f6bcad377 | ||
| ssdeep | 6144:fTWvGdEw/Jj9ZSBdhIxDMFmSRlBHrTvDU6Wdmv5ZfPb8HP8dOtHAaJ9OE5ynVP:uUEQ5OKxQFmSZLiwv5ZfPykAxh9R5S | ||
| imphash | 0f5ea2bfadfc0cb42c0db57501b4ae1c | ||
| impfuzzy | 24:VtAiFQmMcDR+uJY3TAl1iO31tCWgJ3IbdcQIlyv9zVGS3jMxUf:HFdc8T31t+ScHK9zkSo6 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 37 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x459008 LoadLibraryExW
0x45900c GetEnvironmentStringsW
0x459010 SetEvent
0x459014 GetTickCount
0x459018 ReadConsoleW
0x45901c FindActCtxSectionStringA
0x459020 CreateActCtxW
0x459024 Sleep
0x459028 FindNextVolumeW
0x45902c GetMailslotInfo
0x459030 GetModuleFileNameW
0x459034 Module32First
0x459038 GetCPInfoExW
0x45903c GetLastError
0x459040 GetProcAddress
0x459044 VirtualAlloc
0x459048 GetAtomNameA
0x45904c LoadLibraryA
0x459050 WriteConsoleA
0x459054 LocalAlloc
0x459058 BeginUpdateResourceA
0x45905c SetEnvironmentVariableA
0x459060 SetConsoleTitleW
0x459064 EraseTape
0x459068 GetProcessAffinityMask
0x45906c SetProcessShutdownParameters
0x459070 ReleaseMutex
0x459074 EndUpdateResourceA
0x459078 GetVersionExA
0x45907c DeleteAtom
0x459080 FindNextVolumeA
0x459084 lstrcpyW
0x459088 LCMapStringW
0x45908c HeapReAlloc
0x459090 EncodePointer
0x459094 DecodePointer
0x459098 GetCommandLineW
0x45909c HeapSetInformation
0x4590a0 GetStartupInfoW
0x4590a4 RaiseException
0x4590a8 UnhandledExceptionFilter
0x4590ac SetUnhandledExceptionFilter
0x4590b0 IsDebuggerPresent
0x4590b4 TerminateProcess
0x4590b8 GetCurrentProcess
0x4590bc HeapAlloc
0x4590c0 HeapFree
0x4590c4 IsProcessorFeaturePresent
0x4590c8 TlsAlloc
0x4590cc TlsGetValue
0x4590d0 TlsSetValue
0x4590d4 TlsFree
0x4590d8 InterlockedIncrement
0x4590dc GetModuleHandleW
0x4590e0 SetLastError
0x4590e4 GetCurrentThreadId
0x4590e8 InterlockedDecrement
0x4590ec ReadFile
0x4590f0 EnterCriticalSection
0x4590f4 LeaveCriticalSection
0x4590f8 SetHandleCount
0x4590fc GetStdHandle
0x459100 InitializeCriticalSectionAndSpinCount
0x459104 GetFileType
0x459108 DeleteCriticalSection
0x45910c SetFilePointer
0x459110 CloseHandle
0x459114 ExitProcess
0x459118 WriteFile
0x45911c FreeEnvironmentStringsW
0x459120 HeapCreate
0x459124 QueryPerformanceCounter
0x459128 GetCurrentProcessId
0x45912c GetSystemTimeAsFileTime
0x459130 WideCharToMultiByte
0x459134 GetConsoleCP
0x459138 GetConsoleMode
0x45913c GetCPInfo
0x459140 GetACP
0x459144 GetOEMCP
0x459148 IsValidCodePage
0x45914c MultiByteToWideChar
0x459150 RtlUnwind
0x459154 SetStdHandle
0x459158 FlushFileBuffers
0x45915c HeapSize
0x459160 LoadLibraryW
0x459164 WriteConsoleW
0x459168 GetStringTypeW
0x45916c CreateFileW
GDI32.dll
0x459000 GetBitmapBits
EAT(Export Address Table) is none
KERNEL32.dll
0x459008 LoadLibraryExW
0x45900c GetEnvironmentStringsW
0x459010 SetEvent
0x459014 GetTickCount
0x459018 ReadConsoleW
0x45901c FindActCtxSectionStringA
0x459020 CreateActCtxW
0x459024 Sleep
0x459028 FindNextVolumeW
0x45902c GetMailslotInfo
0x459030 GetModuleFileNameW
0x459034 Module32First
0x459038 GetCPInfoExW
0x45903c GetLastError
0x459040 GetProcAddress
0x459044 VirtualAlloc
0x459048 GetAtomNameA
0x45904c LoadLibraryA
0x459050 WriteConsoleA
0x459054 LocalAlloc
0x459058 BeginUpdateResourceA
0x45905c SetEnvironmentVariableA
0x459060 SetConsoleTitleW
0x459064 EraseTape
0x459068 GetProcessAffinityMask
0x45906c SetProcessShutdownParameters
0x459070 ReleaseMutex
0x459074 EndUpdateResourceA
0x459078 GetVersionExA
0x45907c DeleteAtom
0x459080 FindNextVolumeA
0x459084 lstrcpyW
0x459088 LCMapStringW
0x45908c HeapReAlloc
0x459090 EncodePointer
0x459094 DecodePointer
0x459098 GetCommandLineW
0x45909c HeapSetInformation
0x4590a0 GetStartupInfoW
0x4590a4 RaiseException
0x4590a8 UnhandledExceptionFilter
0x4590ac SetUnhandledExceptionFilter
0x4590b0 IsDebuggerPresent
0x4590b4 TerminateProcess
0x4590b8 GetCurrentProcess
0x4590bc HeapAlloc
0x4590c0 HeapFree
0x4590c4 IsProcessorFeaturePresent
0x4590c8 TlsAlloc
0x4590cc TlsGetValue
0x4590d0 TlsSetValue
0x4590d4 TlsFree
0x4590d8 InterlockedIncrement
0x4590dc GetModuleHandleW
0x4590e0 SetLastError
0x4590e4 GetCurrentThreadId
0x4590e8 InterlockedDecrement
0x4590ec ReadFile
0x4590f0 EnterCriticalSection
0x4590f4 LeaveCriticalSection
0x4590f8 SetHandleCount
0x4590fc GetStdHandle
0x459100 InitializeCriticalSectionAndSpinCount
0x459104 GetFileType
0x459108 DeleteCriticalSection
0x45910c SetFilePointer
0x459110 CloseHandle
0x459114 ExitProcess
0x459118 WriteFile
0x45911c FreeEnvironmentStringsW
0x459120 HeapCreate
0x459124 QueryPerformanceCounter
0x459128 GetCurrentProcessId
0x45912c GetSystemTimeAsFileTime
0x459130 WideCharToMultiByte
0x459134 GetConsoleCP
0x459138 GetConsoleMode
0x45913c GetCPInfo
0x459140 GetACP
0x459144 GetOEMCP
0x459148 IsValidCodePage
0x45914c MultiByteToWideChar
0x459150 RtlUnwind
0x459154 SetStdHandle
0x459158 FlushFileBuffers
0x45915c HeapSize
0x459160 LoadLibraryW
0x459164 WriteConsoleW
0x459168 GetStringTypeW
0x45916c CreateFileW
GDI32.dll
0x459000 GetBitmapBits
EAT(Export Address Table) is none