ScreenShot
| Created | 2021.11.01 11:38 | Machine | s1_win7_x6403 |
| Filename | CariamasSuggester1500us.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 45 detected (AIDetect, malware1, malicious, high confidence, Fragtor, Unsafe, Save, Kryptik, confidence, ZexaF, su0@au0JjdcG, Eldorado, HNDA, MalwareX, R + Troj, Krypt, R002C0RJT21, GenSHCode, nwhjv, Sabsik, Raccoon, score, ai score=81, CLASSIC, Static AI, Malicious PE, Genetic, susgen) | ||
| md5 | f78d81bb835b8d3b05812661d0fb40fc | ||
| sha256 | a1e5c981244fbcb65915a0c7da4e59693c6505d36f9ced985ef381e4bd115375 | ||
| ssdeep | 6144:hNg66Inz4KyiE6TemNW/OScr737Ov0DUIkLbCuzbgwuA7ITsq:A66Inz4KhE6FNLScifRXCunnF7 | ||
| imphash | 18875662b19ade4ddd6bba43f9abb4a3 | ||
| impfuzzy | 24:7lEq+fBFVIDREuJdV3VCTiOovA1tUWgJ3IbdczQQnlyv9NSUjMxU7:25nUFgt1tQSczbK9NSdo | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x433000 EndUpdateResourceW
0x433004 SetMailslotInfo
0x433008 HeapFree
0x43300c GetEnvironmentStringsW
0x433010 SetConsoleScreenBufferSize
0x433014 SetEvent
0x433018 OpenSemaphoreA
0x43301c GetTickCount
0x433020 CreateActCtxW
0x433024 Sleep
0x433028 GetVersionExW
0x43302c GetModuleFileNameW
0x433030 GetCPInfoExW
0x433034 GetProcAddress
0x433038 VirtualAlloc
0x43303c GetAtomNameA
0x433040 LoadLibraryA
0x433044 WriteConsoleA
0x433048 LocalAlloc
0x43304c TransmitCommChar
0x433050 BeginUpdateResourceA
0x433054 SetEnvironmentVariableA
0x433058 SetConsoleTitleW
0x43305c LoadLibraryExA
0x433060 EraseTape
0x433064 GetProcessAffinityMask
0x433068 GetCPInfoExA
0x43306c Module32Next
0x433070 DeleteAtom
0x433074 FindActCtxSectionStringW
0x433078 FindNextVolumeA
0x43307c LCMapStringW
0x433080 lstrcpyA
0x433084 EncodePointer
0x433088 DecodePointer
0x43308c GetCommandLineA
0x433090 HeapSetInformation
0x433094 GetStartupInfoW
0x433098 RaiseException
0x43309c UnhandledExceptionFilter
0x4330a0 SetUnhandledExceptionFilter
0x4330a4 IsDebuggerPresent
0x4330a8 TerminateProcess
0x4330ac GetCurrentProcess
0x4330b0 HeapAlloc
0x4330b4 GetLastError
0x4330b8 IsProcessorFeaturePresent
0x4330bc TlsAlloc
0x4330c0 TlsGetValue
0x4330c4 TlsSetValue
0x4330c8 TlsFree
0x4330cc InterlockedIncrement
0x4330d0 GetModuleHandleW
0x4330d4 SetLastError
0x4330d8 GetCurrentThreadId
0x4330dc InterlockedDecrement
0x4330e0 ReadFile
0x4330e4 EnterCriticalSection
0x4330e8 LeaveCriticalSection
0x4330ec SetFilePointer
0x4330f0 CloseHandle
0x4330f4 ExitProcess
0x4330f8 WriteFile
0x4330fc GetStdHandle
0x433100 GetModuleFileNameA
0x433104 FreeEnvironmentStringsW
0x433108 WideCharToMultiByte
0x43310c SetHandleCount
0x433110 InitializeCriticalSectionAndSpinCount
0x433114 GetFileType
0x433118 DeleteCriticalSection
0x43311c HeapCreate
0x433120 QueryPerformanceCounter
0x433124 GetCurrentProcessId
0x433128 GetSystemTimeAsFileTime
0x43312c GetConsoleCP
0x433130 GetConsoleMode
0x433134 GetCPInfo
0x433138 GetACP
0x43313c GetOEMCP
0x433140 IsValidCodePage
0x433144 MultiByteToWideChar
0x433148 RtlUnwind
0x43314c SetStdHandle
0x433150 FlushFileBuffers
0x433154 HeapSize
0x433158 LoadLibraryW
0x43315c WriteConsoleW
0x433160 GetStringTypeW
0x433164 HeapReAlloc
0x433168 CreateFileW
EAT(Export Address Table) is none
KERNEL32.dll
0x433000 EndUpdateResourceW
0x433004 SetMailslotInfo
0x433008 HeapFree
0x43300c GetEnvironmentStringsW
0x433010 SetConsoleScreenBufferSize
0x433014 SetEvent
0x433018 OpenSemaphoreA
0x43301c GetTickCount
0x433020 CreateActCtxW
0x433024 Sleep
0x433028 GetVersionExW
0x43302c GetModuleFileNameW
0x433030 GetCPInfoExW
0x433034 GetProcAddress
0x433038 VirtualAlloc
0x43303c GetAtomNameA
0x433040 LoadLibraryA
0x433044 WriteConsoleA
0x433048 LocalAlloc
0x43304c TransmitCommChar
0x433050 BeginUpdateResourceA
0x433054 SetEnvironmentVariableA
0x433058 SetConsoleTitleW
0x43305c LoadLibraryExA
0x433060 EraseTape
0x433064 GetProcessAffinityMask
0x433068 GetCPInfoExA
0x43306c Module32Next
0x433070 DeleteAtom
0x433074 FindActCtxSectionStringW
0x433078 FindNextVolumeA
0x43307c LCMapStringW
0x433080 lstrcpyA
0x433084 EncodePointer
0x433088 DecodePointer
0x43308c GetCommandLineA
0x433090 HeapSetInformation
0x433094 GetStartupInfoW
0x433098 RaiseException
0x43309c UnhandledExceptionFilter
0x4330a0 SetUnhandledExceptionFilter
0x4330a4 IsDebuggerPresent
0x4330a8 TerminateProcess
0x4330ac GetCurrentProcess
0x4330b0 HeapAlloc
0x4330b4 GetLastError
0x4330b8 IsProcessorFeaturePresent
0x4330bc TlsAlloc
0x4330c0 TlsGetValue
0x4330c4 TlsSetValue
0x4330c8 TlsFree
0x4330cc InterlockedIncrement
0x4330d0 GetModuleHandleW
0x4330d4 SetLastError
0x4330d8 GetCurrentThreadId
0x4330dc InterlockedDecrement
0x4330e0 ReadFile
0x4330e4 EnterCriticalSection
0x4330e8 LeaveCriticalSection
0x4330ec SetFilePointer
0x4330f0 CloseHandle
0x4330f4 ExitProcess
0x4330f8 WriteFile
0x4330fc GetStdHandle
0x433100 GetModuleFileNameA
0x433104 FreeEnvironmentStringsW
0x433108 WideCharToMultiByte
0x43310c SetHandleCount
0x433110 InitializeCriticalSectionAndSpinCount
0x433114 GetFileType
0x433118 DeleteCriticalSection
0x43311c HeapCreate
0x433120 QueryPerformanceCounter
0x433124 GetCurrentProcessId
0x433128 GetSystemTimeAsFileTime
0x43312c GetConsoleCP
0x433130 GetConsoleMode
0x433134 GetCPInfo
0x433138 GetACP
0x43313c GetOEMCP
0x433140 IsValidCodePage
0x433144 MultiByteToWideChar
0x433148 RtlUnwind
0x43314c SetStdHandle
0x433150 FlushFileBuffers
0x433154 HeapSize
0x433158 LoadLibraryW
0x43315c WriteConsoleW
0x433160 GetStringTypeW
0x433164 HeapReAlloc
0x433168 CreateFileW
EAT(Export Address Table) is none