ScreenShot
| Created | 2021.10.27 10:05 | Machine | s1_win7_x6403 |
| Filename | file.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 34 detected (AIDetect, malware1, malicious, high confidence, Fragtor, Unsafe, Save, ZexaF, su0@aOFQyaoG, Kryptik, Eldorado, FileRepMalware, A + Troj, Krypt, Lockbit, Static AI, Malicious PE, Score, ai score=81, Krypter, Artemis, MachineLearning, Anomalous, ET#96%, RDMK, cmRtazrPezQGh80gsSzuoo5roIDE, susgen, confidence, 100%) | ||
| md5 | 0c9545e5c6c941d4288d1089b5a34e39 | ||
| sha256 | aaf777072d11c88295f53032709abb1d29111fd1d9583a72b50ef17bad308b0e | ||
| ssdeep | 3072:zJCmj6rp53vNqE8IKDElpPSqM9iSoZtSUDgaveqdkDpb3Upg4lM6KbL0uVMO6P2Q:1ljQp53v8fkVmCvemeeJlM3v0ynVP | ||
| imphash | cd0ee045c019beaae2c4a3886ae46f94 | ||
| impfuzzy | 24:VtLFiFQmncDR+uJY3TAlWiOovA1tCWgJ3IbdcQIlyv9zTNSUjMxUf:HEFdV86t1t+ScHK9zpSd6 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 34 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x42f008 LoadLibraryExW
0x42f00c GetEnvironmentStringsW
0x42f010 SetEvent
0x42f014 OpenSemaphoreA
0x42f018 GetTickCount
0x42f01c ReadConsoleW
0x42f020 FindActCtxSectionStringA
0x42f024 CreateActCtxW
0x42f028 Sleep
0x42f02c FindNextVolumeW
0x42f030 GetMailslotInfo
0x42f034 GetModuleFileNameW
0x42f038 Module32First
0x42f03c GetLastError
0x42f040 GetProcAddress
0x42f044 VirtualAlloc
0x42f048 GetAtomNameA
0x42f04c LoadLibraryA
0x42f050 WriteConsoleA
0x42f054 LocalAlloc
0x42f058 BeginUpdateResourceA
0x42f05c SetEnvironmentVariableA
0x42f060 SetConsoleTitleW
0x42f064 EraseTape
0x42f068 GetProcessAffinityMask
0x42f06c SetProcessShutdownParameters
0x42f070 ReleaseMutex
0x42f074 EndUpdateResourceA
0x42f078 GetVersionExA
0x42f07c DeleteAtom
0x42f080 FindNextVolumeA
0x42f084 lstrcpyW
0x42f088 LCMapStringW
0x42f08c GetCPInfoExW
0x42f090 HeapReAlloc
0x42f094 EncodePointer
0x42f098 DecodePointer
0x42f09c GetCommandLineA
0x42f0a0 HeapSetInformation
0x42f0a4 GetStartupInfoW
0x42f0a8 RaiseException
0x42f0ac UnhandledExceptionFilter
0x42f0b0 SetUnhandledExceptionFilter
0x42f0b4 IsDebuggerPresent
0x42f0b8 TerminateProcess
0x42f0bc GetCurrentProcess
0x42f0c0 HeapAlloc
0x42f0c4 HeapFree
0x42f0c8 IsProcessorFeaturePresent
0x42f0cc TlsAlloc
0x42f0d0 TlsGetValue
0x42f0d4 TlsSetValue
0x42f0d8 TlsFree
0x42f0dc InterlockedIncrement
0x42f0e0 GetModuleHandleW
0x42f0e4 SetLastError
0x42f0e8 GetCurrentThreadId
0x42f0ec InterlockedDecrement
0x42f0f0 ReadFile
0x42f0f4 EnterCriticalSection
0x42f0f8 LeaveCriticalSection
0x42f0fc SetHandleCount
0x42f100 GetStdHandle
0x42f104 InitializeCriticalSectionAndSpinCount
0x42f108 GetFileType
0x42f10c DeleteCriticalSection
0x42f110 SetFilePointer
0x42f114 CloseHandle
0x42f118 ExitProcess
0x42f11c WriteFile
0x42f120 GetModuleFileNameA
0x42f124 FreeEnvironmentStringsW
0x42f128 WideCharToMultiByte
0x42f12c HeapCreate
0x42f130 QueryPerformanceCounter
0x42f134 GetCurrentProcessId
0x42f138 GetSystemTimeAsFileTime
0x42f13c GetConsoleCP
0x42f140 GetConsoleMode
0x42f144 GetCPInfo
0x42f148 GetACP
0x42f14c GetOEMCP
0x42f150 IsValidCodePage
0x42f154 MultiByteToWideChar
0x42f158 RtlUnwind
0x42f15c SetStdHandle
0x42f160 FlushFileBuffers
0x42f164 HeapSize
0x42f168 LoadLibraryW
0x42f16c WriteConsoleW
0x42f170 GetStringTypeW
0x42f174 CreateFileW
GDI32.dll
0x42f000 GetBitmapBits
EAT(Export Address Table) is none
KERNEL32.dll
0x42f008 LoadLibraryExW
0x42f00c GetEnvironmentStringsW
0x42f010 SetEvent
0x42f014 OpenSemaphoreA
0x42f018 GetTickCount
0x42f01c ReadConsoleW
0x42f020 FindActCtxSectionStringA
0x42f024 CreateActCtxW
0x42f028 Sleep
0x42f02c FindNextVolumeW
0x42f030 GetMailslotInfo
0x42f034 GetModuleFileNameW
0x42f038 Module32First
0x42f03c GetLastError
0x42f040 GetProcAddress
0x42f044 VirtualAlloc
0x42f048 GetAtomNameA
0x42f04c LoadLibraryA
0x42f050 WriteConsoleA
0x42f054 LocalAlloc
0x42f058 BeginUpdateResourceA
0x42f05c SetEnvironmentVariableA
0x42f060 SetConsoleTitleW
0x42f064 EraseTape
0x42f068 GetProcessAffinityMask
0x42f06c SetProcessShutdownParameters
0x42f070 ReleaseMutex
0x42f074 EndUpdateResourceA
0x42f078 GetVersionExA
0x42f07c DeleteAtom
0x42f080 FindNextVolumeA
0x42f084 lstrcpyW
0x42f088 LCMapStringW
0x42f08c GetCPInfoExW
0x42f090 HeapReAlloc
0x42f094 EncodePointer
0x42f098 DecodePointer
0x42f09c GetCommandLineA
0x42f0a0 HeapSetInformation
0x42f0a4 GetStartupInfoW
0x42f0a8 RaiseException
0x42f0ac UnhandledExceptionFilter
0x42f0b0 SetUnhandledExceptionFilter
0x42f0b4 IsDebuggerPresent
0x42f0b8 TerminateProcess
0x42f0bc GetCurrentProcess
0x42f0c0 HeapAlloc
0x42f0c4 HeapFree
0x42f0c8 IsProcessorFeaturePresent
0x42f0cc TlsAlloc
0x42f0d0 TlsGetValue
0x42f0d4 TlsSetValue
0x42f0d8 TlsFree
0x42f0dc InterlockedIncrement
0x42f0e0 GetModuleHandleW
0x42f0e4 SetLastError
0x42f0e8 GetCurrentThreadId
0x42f0ec InterlockedDecrement
0x42f0f0 ReadFile
0x42f0f4 EnterCriticalSection
0x42f0f8 LeaveCriticalSection
0x42f0fc SetHandleCount
0x42f100 GetStdHandle
0x42f104 InitializeCriticalSectionAndSpinCount
0x42f108 GetFileType
0x42f10c DeleteCriticalSection
0x42f110 SetFilePointer
0x42f114 CloseHandle
0x42f118 ExitProcess
0x42f11c WriteFile
0x42f120 GetModuleFileNameA
0x42f124 FreeEnvironmentStringsW
0x42f128 WideCharToMultiByte
0x42f12c HeapCreate
0x42f130 QueryPerformanceCounter
0x42f134 GetCurrentProcessId
0x42f138 GetSystemTimeAsFileTime
0x42f13c GetConsoleCP
0x42f140 GetConsoleMode
0x42f144 GetCPInfo
0x42f148 GetACP
0x42f14c GetOEMCP
0x42f150 IsValidCodePage
0x42f154 MultiByteToWideChar
0x42f158 RtlUnwind
0x42f15c SetStdHandle
0x42f160 FlushFileBuffers
0x42f164 HeapSize
0x42f168 LoadLibraryW
0x42f16c WriteConsoleW
0x42f170 GetStringTypeW
0x42f174 CreateFileW
GDI32.dll
0x42f000 GetBitmapBits
EAT(Export Address Table) is none