ScreenShot
| Created | 2021.11.01 11:43 | Machine | s1_win7_x6401 |
| Filename | 176.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 35 detected (AIDetect, malware1, malicious, high confidence, Fragtor, Unsafe, Save, Hacktool, ZexaF, ru0@aCl0R2jG, Kryptik, Eldorado, GenKryptik, FMWF, R + Troj, Krypt, Score, GenSHCode, ruywd, StopCrypt, Artemis, ai score=82, ET#95%, RDMK, cmRtazqzk12GesCtb, hQO2, aG0Bl, Static AI, Malicious PE, susgen, Behavior, GdSda, confidence, 100%) | ||
| md5 | 887fcd9c9405d9942f65c58e11601ead | ||
| sha256 | b26de00581fad51925754ed2837f74019544f170660eb37df414e73f65b910ee | ||
| ssdeep | 6144:NNqqYiB1nU6bmjD6jZghFvV41FuEkjkdBoRWPXNuzbgwu:OqYiB1nUNceZV4eEgU/Vunn | ||
| imphash | d3a97c61fc26bbf128da129c9758c519 | ||
| impfuzzy | 24:Tu9lEq+fm4X7al3IIFDqYo1TiOovA1tFXgJ3IRIlyv9fcVq1VGSUjMku:3v7aKTt1tmRK9fcM1kSZ | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 35 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x433000 FindVolumeClose
0x433004 HeapAlloc
0x433008 EndUpdateResourceW
0x43300c SetEnvironmentVariableW
0x433010 HeapFree
0x433014 GetEnvironmentStringsW
0x433018 SetConsoleScreenBufferSize
0x43301c AddConsoleAliasW
0x433020 SetEvent
0x433024 GetTickCount
0x433028 GetProcessHeap
0x43302c FindActCtxSectionStringA
0x433030 Sleep
0x433034 InitAtomTable
0x433038 GetTapePosition
0x43303c GetAtomNameW
0x433040 GetMailslotInfo
0x433044 GetModuleFileNameW
0x433048 CreateActCtxA
0x43304c GetConsoleOutputCP
0x433050 BindIoCompletionCallback
0x433054 GetProcAddress
0x433058 VirtualAlloc
0x43305c LoadLibraryA
0x433060 WriteConsoleA
0x433064 LocalAlloc
0x433068 BeginUpdateResourceA
0x43306c GetModuleFileNameA
0x433070 GetProcessAffinityMask
0x433074 Module32Next
0x433078 FindNextVolumeA
0x43307c TlsFree
0x433080 lstrcpyA
0x433084 EncodePointer
0x433088 DecodePointer
0x43308c GetCommandLineA
0x433090 HeapSetInformation
0x433094 GetStartupInfoW
0x433098 RaiseException
0x43309c UnhandledExceptionFilter
0x4330a0 SetUnhandledExceptionFilter
0x4330a4 IsDebuggerPresent
0x4330a8 TerminateProcess
0x4330ac GetCurrentProcess
0x4330b0 GetLastError
0x4330b4 IsProcessorFeaturePresent
0x4330b8 TlsAlloc
0x4330bc TlsGetValue
0x4330c0 TlsSetValue
0x4330c4 InterlockedIncrement
0x4330c8 GetModuleHandleW
0x4330cc SetLastError
0x4330d0 GetCurrentThreadId
0x4330d4 InterlockedDecrement
0x4330d8 WideCharToMultiByte
0x4330dc SetHandleCount
0x4330e0 GetStdHandle
0x4330e4 InitializeCriticalSectionAndSpinCount
0x4330e8 GetFileType
0x4330ec DeleteCriticalSection
0x4330f0 EnterCriticalSection
0x4330f4 LeaveCriticalSection
0x4330f8 ReadFile
0x4330fc RtlUnwind
0x433100 SetFilePointer
0x433104 CloseHandle
0x433108 ExitProcess
0x43310c WriteFile
0x433110 FreeEnvironmentStringsW
0x433114 HeapCreate
0x433118 QueryPerformanceCounter
0x43311c GetCurrentProcessId
0x433120 GetSystemTimeAsFileTime
0x433124 GetConsoleCP
0x433128 GetConsoleMode
0x43312c GetCPInfo
0x433130 GetACP
0x433134 GetOEMCP
0x433138 IsValidCodePage
0x43313c MultiByteToWideChar
0x433140 CreateFileA
0x433144 SetStdHandle
0x433148 FlushFileBuffers
0x43314c HeapSize
0x433150 LoadLibraryW
0x433154 WriteConsoleW
0x433158 LCMapStringW
0x43315c GetStringTypeW
0x433160 HeapReAlloc
0x433164 SetEndOfFile
0x433168 CreateFileW
EAT(Export Address Table) is none
KERNEL32.dll
0x433000 FindVolumeClose
0x433004 HeapAlloc
0x433008 EndUpdateResourceW
0x43300c SetEnvironmentVariableW
0x433010 HeapFree
0x433014 GetEnvironmentStringsW
0x433018 SetConsoleScreenBufferSize
0x43301c AddConsoleAliasW
0x433020 SetEvent
0x433024 GetTickCount
0x433028 GetProcessHeap
0x43302c FindActCtxSectionStringA
0x433030 Sleep
0x433034 InitAtomTable
0x433038 GetTapePosition
0x43303c GetAtomNameW
0x433040 GetMailslotInfo
0x433044 GetModuleFileNameW
0x433048 CreateActCtxA
0x43304c GetConsoleOutputCP
0x433050 BindIoCompletionCallback
0x433054 GetProcAddress
0x433058 VirtualAlloc
0x43305c LoadLibraryA
0x433060 WriteConsoleA
0x433064 LocalAlloc
0x433068 BeginUpdateResourceA
0x43306c GetModuleFileNameA
0x433070 GetProcessAffinityMask
0x433074 Module32Next
0x433078 FindNextVolumeA
0x43307c TlsFree
0x433080 lstrcpyA
0x433084 EncodePointer
0x433088 DecodePointer
0x43308c GetCommandLineA
0x433090 HeapSetInformation
0x433094 GetStartupInfoW
0x433098 RaiseException
0x43309c UnhandledExceptionFilter
0x4330a0 SetUnhandledExceptionFilter
0x4330a4 IsDebuggerPresent
0x4330a8 TerminateProcess
0x4330ac GetCurrentProcess
0x4330b0 GetLastError
0x4330b4 IsProcessorFeaturePresent
0x4330b8 TlsAlloc
0x4330bc TlsGetValue
0x4330c0 TlsSetValue
0x4330c4 InterlockedIncrement
0x4330c8 GetModuleHandleW
0x4330cc SetLastError
0x4330d0 GetCurrentThreadId
0x4330d4 InterlockedDecrement
0x4330d8 WideCharToMultiByte
0x4330dc SetHandleCount
0x4330e0 GetStdHandle
0x4330e4 InitializeCriticalSectionAndSpinCount
0x4330e8 GetFileType
0x4330ec DeleteCriticalSection
0x4330f0 EnterCriticalSection
0x4330f4 LeaveCriticalSection
0x4330f8 ReadFile
0x4330fc RtlUnwind
0x433100 SetFilePointer
0x433104 CloseHandle
0x433108 ExitProcess
0x43310c WriteFile
0x433110 FreeEnvironmentStringsW
0x433114 HeapCreate
0x433118 QueryPerformanceCounter
0x43311c GetCurrentProcessId
0x433120 GetSystemTimeAsFileTime
0x433124 GetConsoleCP
0x433128 GetConsoleMode
0x43312c GetCPInfo
0x433130 GetACP
0x433134 GetOEMCP
0x433138 IsValidCodePage
0x43313c MultiByteToWideChar
0x433140 CreateFileA
0x433144 SetStdHandle
0x433148 FlushFileBuffers
0x43314c HeapSize
0x433150 LoadLibraryW
0x433154 WriteConsoleW
0x433158 LCMapStringW
0x43315c GetStringTypeW
0x433160 HeapReAlloc
0x433164 SetEndOfFile
0x433168 CreateFileW
EAT(Export Address Table) is none