ScreenShot
| Created | 2021.11.01 10:55 | Machine | s1_win7_x6403 |
| Filename | 46.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 48 detected (AIDetect, malware1, Zbot, m6l9, malicious, high confidence, Fragtor, Save, confidence, 100%, ZexaF, nu0@am7p4faG, Kryptik, Eldorado, HNCZ, MalwareX, Malware@#2y8809lkgmbx1, R + Troj, Krypt, Tofsee, mjgwx, kcloud, GenericMC, Raccoon, score, R002H07JS21, ET#94%, RDMK, cmRtazrhDWMfcWM81Lm9Q5e17kTX, Static AI, Malicious PE, GenKryptik, FMSH, GdSda, susgen) | ||
| md5 | b09c4c58f6aa6f8e254bc2dfba806166 | ||
| sha256 | e07327f2a5d54106bd1e7e877281080c57b320daaf69594794ce59ff69ae3761 | ||
| ssdeep | 6144:EFY1gP9ieqlRjhrAVIB3uzbgwu6L7ITsq:QJP9ieWualunnn7 | ||
| imphash | 2b117a88efd5ad3db577a4f98b26ff8a | ||
| impfuzzy | 24:VHlErj+FVh1hDpdui3r7lriOovA1tUWgJ3IbdczQQnlyv9NSUjMxU7:LndbxRt1tQSczbK9NSdo | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41c000 LoadLibraryExW
0x41c004 SetMailslotInfo
0x41c008 HeapFree
0x41c00c GetEnvironmentStringsW
0x41c010 WaitForSingleObject
0x41c014 SetEvent
0x41c018 OpenSemaphoreA
0x41c01c GetTickCount
0x41c020 CreateActCtxW
0x41c024 Sleep
0x41c028 GetVersionExW
0x41c02c GetAtomNameW
0x41c030 GetModuleFileNameW
0x41c034 SetConsoleTitleA
0x41c038 GetCPInfoExW
0x41c03c GetProcAddress
0x41c040 VirtualAlloc
0x41c044 BeginUpdateResourceW
0x41c048 LoadLibraryA
0x41c04c WriteConsoleA
0x41c050 LocalAlloc
0x41c054 SetEnvironmentVariableA
0x41c058 EraseTape
0x41c05c GetProcessAffinityMask
0x41c060 SetProcessShutdownParameters
0x41c064 Module32Next
0x41c068 EndUpdateResourceA
0x41c06c DeleteAtom
0x41c070 FindActCtxSectionStringW
0x41c074 FindNextVolumeA
0x41c078 lstrcpyW
0x41c07c LCMapStringW
0x41c080 EncodePointer
0x41c084 DecodePointer
0x41c088 GetCommandLineA
0x41c08c HeapSetInformation
0x41c090 GetStartupInfoW
0x41c094 RaiseException
0x41c098 UnhandledExceptionFilter
0x41c09c SetUnhandledExceptionFilter
0x41c0a0 IsDebuggerPresent
0x41c0a4 TerminateProcess
0x41c0a8 GetCurrentProcess
0x41c0ac HeapAlloc
0x41c0b0 GetLastError
0x41c0b4 IsProcessorFeaturePresent
0x41c0b8 TlsAlloc
0x41c0bc TlsGetValue
0x41c0c0 TlsSetValue
0x41c0c4 TlsFree
0x41c0c8 InterlockedIncrement
0x41c0cc GetModuleHandleW
0x41c0d0 SetLastError
0x41c0d4 GetCurrentThreadId
0x41c0d8 InterlockedDecrement
0x41c0dc ReadFile
0x41c0e0 EnterCriticalSection
0x41c0e4 LeaveCriticalSection
0x41c0e8 SetFilePointer
0x41c0ec CloseHandle
0x41c0f0 ExitProcess
0x41c0f4 WriteFile
0x41c0f8 GetStdHandle
0x41c0fc GetModuleFileNameA
0x41c100 FreeEnvironmentStringsW
0x41c104 WideCharToMultiByte
0x41c108 SetHandleCount
0x41c10c InitializeCriticalSectionAndSpinCount
0x41c110 GetFileType
0x41c114 DeleteCriticalSection
0x41c118 HeapCreate
0x41c11c QueryPerformanceCounter
0x41c120 GetCurrentProcessId
0x41c124 GetSystemTimeAsFileTime
0x41c128 GetConsoleCP
0x41c12c GetConsoleMode
0x41c130 GetCPInfo
0x41c134 GetACP
0x41c138 GetOEMCP
0x41c13c IsValidCodePage
0x41c140 MultiByteToWideChar
0x41c144 RtlUnwind
0x41c148 SetStdHandle
0x41c14c FlushFileBuffers
0x41c150 HeapSize
0x41c154 LoadLibraryW
0x41c158 WriteConsoleW
0x41c15c GetStringTypeW
0x41c160 HeapReAlloc
0x41c164 CreateFileW
EAT(Export Address Table) is none
KERNEL32.dll
0x41c000 LoadLibraryExW
0x41c004 SetMailslotInfo
0x41c008 HeapFree
0x41c00c GetEnvironmentStringsW
0x41c010 WaitForSingleObject
0x41c014 SetEvent
0x41c018 OpenSemaphoreA
0x41c01c GetTickCount
0x41c020 CreateActCtxW
0x41c024 Sleep
0x41c028 GetVersionExW
0x41c02c GetAtomNameW
0x41c030 GetModuleFileNameW
0x41c034 SetConsoleTitleA
0x41c038 GetCPInfoExW
0x41c03c GetProcAddress
0x41c040 VirtualAlloc
0x41c044 BeginUpdateResourceW
0x41c048 LoadLibraryA
0x41c04c WriteConsoleA
0x41c050 LocalAlloc
0x41c054 SetEnvironmentVariableA
0x41c058 EraseTape
0x41c05c GetProcessAffinityMask
0x41c060 SetProcessShutdownParameters
0x41c064 Module32Next
0x41c068 EndUpdateResourceA
0x41c06c DeleteAtom
0x41c070 FindActCtxSectionStringW
0x41c074 FindNextVolumeA
0x41c078 lstrcpyW
0x41c07c LCMapStringW
0x41c080 EncodePointer
0x41c084 DecodePointer
0x41c088 GetCommandLineA
0x41c08c HeapSetInformation
0x41c090 GetStartupInfoW
0x41c094 RaiseException
0x41c098 UnhandledExceptionFilter
0x41c09c SetUnhandledExceptionFilter
0x41c0a0 IsDebuggerPresent
0x41c0a4 TerminateProcess
0x41c0a8 GetCurrentProcess
0x41c0ac HeapAlloc
0x41c0b0 GetLastError
0x41c0b4 IsProcessorFeaturePresent
0x41c0b8 TlsAlloc
0x41c0bc TlsGetValue
0x41c0c0 TlsSetValue
0x41c0c4 TlsFree
0x41c0c8 InterlockedIncrement
0x41c0cc GetModuleHandleW
0x41c0d0 SetLastError
0x41c0d4 GetCurrentThreadId
0x41c0d8 InterlockedDecrement
0x41c0dc ReadFile
0x41c0e0 EnterCriticalSection
0x41c0e4 LeaveCriticalSection
0x41c0e8 SetFilePointer
0x41c0ec CloseHandle
0x41c0f0 ExitProcess
0x41c0f4 WriteFile
0x41c0f8 GetStdHandle
0x41c0fc GetModuleFileNameA
0x41c100 FreeEnvironmentStringsW
0x41c104 WideCharToMultiByte
0x41c108 SetHandleCount
0x41c10c InitializeCriticalSectionAndSpinCount
0x41c110 GetFileType
0x41c114 DeleteCriticalSection
0x41c118 HeapCreate
0x41c11c QueryPerformanceCounter
0x41c120 GetCurrentProcessId
0x41c124 GetSystemTimeAsFileTime
0x41c128 GetConsoleCP
0x41c12c GetConsoleMode
0x41c130 GetCPInfo
0x41c134 GetACP
0x41c138 GetOEMCP
0x41c13c IsValidCodePage
0x41c140 MultiByteToWideChar
0x41c144 RtlUnwind
0x41c148 SetStdHandle
0x41c14c FlushFileBuffers
0x41c150 HeapSize
0x41c154 LoadLibraryW
0x41c158 WriteConsoleW
0x41c15c GetStringTypeW
0x41c160 HeapReAlloc
0x41c164 CreateFileW
EAT(Export Address Table) is none