ScreenShot
| Created | 2021.10.28 11:10 | Machine | s1_win7_x6403 |
| Filename | game.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 32 detected (AIDetect, malware1, malicious, high confidence, Fragtor, Unsafe, Save, ZexaF, Du0@aGMPZHlG, Kryptik, Eldorado, ET#95%, RDMK, cmRtazqTcZvs6Ds1oLH06xn8GkpI, Lockbit, A + Troj, Krypt, kcloud, Sabsik, score, BScope, ai score=82, MachineLearning, Anomalous, 100%, Static AI, Malicious PE, confidence) | ||
| md5 | 8a9095bb671979a0664b6736770d6847 | ||
| sha256 | 5ea720a54deacf6acfe1d1bda3d9956d70af6a95ec933f794c7d354ef5f575be | ||
| ssdeep | 12288:uuDDZoHsIs53uvxwynB8lejvtjT7MOHlunnn7:uSoH70uvxwm+iFVG | ||
| imphash | c2a1052396d8d35dd7ffdeb3af100bc8 | ||
| impfuzzy | 24:VgErj+F2FZF1wSJcDq+ui3rlXiOovA1tUWMIbdczQQnlyv9NSUjMxUl:ekFKHRlt1tkSczbK9NSdu | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 32 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x459008 LoadLibraryExW
0x45900c ReadConsoleA
0x459010 HeapFree
0x459014 GetEnvironmentStringsW
0x459018 WaitForSingleObject
0x45901c SetEvent
0x459020 OpenSemaphoreA
0x459024 GetTickCount
0x459028 FindActCtxSectionStringA
0x45902c CreateActCtxW
0x459030 Sleep
0x459034 GetVersionExW
0x459038 FindNextVolumeW
0x45903c GetAtomNameW
0x459040 GetMailslotInfo
0x459044 SetConsoleTitleA
0x459048 Module32First
0x45904c GetCPInfoExW
0x459050 SetLastError
0x459054 GetProcAddress
0x459058 VirtualAlloc
0x45905c LoadLibraryA
0x459060 WriteConsoleA
0x459064 LocalAlloc
0x459068 BeginUpdateResourceA
0x45906c SetEnvironmentVariableA
0x459070 EraseTape
0x459074 GetProcessAffinityMask
0x459078 SetProcessShutdownParameters
0x45907c EndUpdateResourceA
0x459080 DeleteAtom
0x459084 lstrcpyW
0x459088 LCMapStringW
0x45908c GetModuleFileNameW
0x459090 EncodePointer
0x459094 DecodePointer
0x459098 GetCommandLineA
0x45909c HeapSetInformation
0x4590a0 GetStartupInfoW
0x4590a4 RaiseException
0x4590a8 UnhandledExceptionFilter
0x4590ac SetUnhandledExceptionFilter
0x4590b0 IsDebuggerPresent
0x4590b4 TerminateProcess
0x4590b8 GetCurrentProcess
0x4590bc HeapAlloc
0x4590c0 GetLastError
0x4590c4 IsProcessorFeaturePresent
0x4590c8 TlsAlloc
0x4590cc TlsGetValue
0x4590d0 TlsSetValue
0x4590d4 TlsFree
0x4590d8 InterlockedIncrement
0x4590dc GetModuleHandleW
0x4590e0 GetCurrentThreadId
0x4590e4 InterlockedDecrement
0x4590e8 ReadFile
0x4590ec EnterCriticalSection
0x4590f0 LeaveCriticalSection
0x4590f4 SetFilePointer
0x4590f8 CloseHandle
0x4590fc ExitProcess
0x459100 WriteFile
0x459104 GetStdHandle
0x459108 GetModuleFileNameA
0x45910c FreeEnvironmentStringsW
0x459110 WideCharToMultiByte
0x459114 SetHandleCount
0x459118 InitializeCriticalSectionAndSpinCount
0x45911c GetFileType
0x459120 DeleteCriticalSection
0x459124 HeapCreate
0x459128 QueryPerformanceCounter
0x45912c GetCurrentProcessId
0x459130 GetSystemTimeAsFileTime
0x459134 GetConsoleCP
0x459138 GetConsoleMode
0x45913c GetCPInfo
0x459140 GetACP
0x459144 GetOEMCP
0x459148 IsValidCodePage
0x45914c MultiByteToWideChar
0x459150 RtlUnwind
0x459154 SetStdHandle
0x459158 FlushFileBuffers
0x45915c HeapSize
0x459160 LoadLibraryW
0x459164 WriteConsoleW
0x459168 GetStringTypeW
0x45916c HeapReAlloc
0x459170 CreateFileW
GDI32.dll
0x459000 GetBitmapBits
EAT(Export Address Table) is none
KERNEL32.dll
0x459008 LoadLibraryExW
0x45900c ReadConsoleA
0x459010 HeapFree
0x459014 GetEnvironmentStringsW
0x459018 WaitForSingleObject
0x45901c SetEvent
0x459020 OpenSemaphoreA
0x459024 GetTickCount
0x459028 FindActCtxSectionStringA
0x45902c CreateActCtxW
0x459030 Sleep
0x459034 GetVersionExW
0x459038 FindNextVolumeW
0x45903c GetAtomNameW
0x459040 GetMailslotInfo
0x459044 SetConsoleTitleA
0x459048 Module32First
0x45904c GetCPInfoExW
0x459050 SetLastError
0x459054 GetProcAddress
0x459058 VirtualAlloc
0x45905c LoadLibraryA
0x459060 WriteConsoleA
0x459064 LocalAlloc
0x459068 BeginUpdateResourceA
0x45906c SetEnvironmentVariableA
0x459070 EraseTape
0x459074 GetProcessAffinityMask
0x459078 SetProcessShutdownParameters
0x45907c EndUpdateResourceA
0x459080 DeleteAtom
0x459084 lstrcpyW
0x459088 LCMapStringW
0x45908c GetModuleFileNameW
0x459090 EncodePointer
0x459094 DecodePointer
0x459098 GetCommandLineA
0x45909c HeapSetInformation
0x4590a0 GetStartupInfoW
0x4590a4 RaiseException
0x4590a8 UnhandledExceptionFilter
0x4590ac SetUnhandledExceptionFilter
0x4590b0 IsDebuggerPresent
0x4590b4 TerminateProcess
0x4590b8 GetCurrentProcess
0x4590bc HeapAlloc
0x4590c0 GetLastError
0x4590c4 IsProcessorFeaturePresent
0x4590c8 TlsAlloc
0x4590cc TlsGetValue
0x4590d0 TlsSetValue
0x4590d4 TlsFree
0x4590d8 InterlockedIncrement
0x4590dc GetModuleHandleW
0x4590e0 GetCurrentThreadId
0x4590e4 InterlockedDecrement
0x4590e8 ReadFile
0x4590ec EnterCriticalSection
0x4590f0 LeaveCriticalSection
0x4590f4 SetFilePointer
0x4590f8 CloseHandle
0x4590fc ExitProcess
0x459100 WriteFile
0x459104 GetStdHandle
0x459108 GetModuleFileNameA
0x45910c FreeEnvironmentStringsW
0x459110 WideCharToMultiByte
0x459114 SetHandleCount
0x459118 InitializeCriticalSectionAndSpinCount
0x45911c GetFileType
0x459120 DeleteCriticalSection
0x459124 HeapCreate
0x459128 QueryPerformanceCounter
0x45912c GetCurrentProcessId
0x459130 GetSystemTimeAsFileTime
0x459134 GetConsoleCP
0x459138 GetConsoleMode
0x45913c GetCPInfo
0x459140 GetACP
0x459144 GetOEMCP
0x459148 IsValidCodePage
0x45914c MultiByteToWideChar
0x459150 RtlUnwind
0x459154 SetStdHandle
0x459158 FlushFileBuffers
0x45915c HeapSize
0x459160 LoadLibraryW
0x459164 WriteConsoleW
0x459168 GetStringTypeW
0x45916c HeapReAlloc
0x459170 CreateFileW
GDI32.dll
0x459000 GetBitmapBits
EAT(Export Address Table) is none