ScreenShot
| Created | 2021.11.01 17:57 | Machine | s1_win7_x6403 |
| Filename | top.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 30 detected (AIDetect, malware1, malicious, high confidence, Fragtor, Save, Hacktool, Kryptik, Eldorado, HNDP, Convagent, Lockbit, A + Troj, Krypt, Static AI, Malicious PE, Sabsik, score, ai score=85, ET#97%, RDMK, cmRtazosf8HudA, Tm2a8f2EPm85n, Unsafe, ZexaF, su0@aeDVUtaG, confidence, 100%, susgen) | ||
| md5 | a065b00d113e42d89bcb0ef082862094 | ||
| sha256 | 604f5ba95fb7d7c8534437253af29690eb3f655cd34a8e0cafd410498c28f824 | ||
| ssdeep | 3072:y2jzX0IOYg9XHYd9CAVih8AIgwhBFa5mT5gX84zppmozzKf9SH5BIqZEojwVZlZt:bjwKeXHO8FaWwBFaugXFppZHmGe0z | ||
| imphash | 1d75207d76f1706c196a0ca92c22f3b0 | ||
| impfuzzy | 24:Hu9Eq+fmkX+Zl3IIFDSIocqiOovA1tFlXgJ3IRIlyv9fcVq1VGSUjMDFgTn:tF+/MHt1tkRK9fcM1kSKT | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x43c000 HeapReAlloc
0x43c004 FindVolumeClose
0x43c008 HeapAlloc
0x43c00c EndUpdateResourceW
0x43c010 SetEnvironmentVariableW
0x43c014 GetEnvironmentStringsW
0x43c018 SetConsoleScreenBufferSize
0x43c01c AddConsoleAliasW
0x43c020 SetEvent
0x43c024 SleepEx
0x43c028 GetTickCount
0x43c02c GetProcessHeap
0x43c030 FindActCtxSectionStringA
0x43c034 GlobalAlloc
0x43c038 InitAtomTable
0x43c03c FindNextVolumeW
0x43c040 GetTapePosition
0x43c044 WriteConsoleW
0x43c048 GetMailslotInfo
0x43c04c GetModuleFileNameW
0x43c050 CreateActCtxA
0x43c054 GetConsoleOutputCP
0x43c058 BindIoCompletionCallback
0x43c05c GetProcAddress
0x43c060 VirtualAlloc
0x43c064 BeginUpdateResourceW
0x43c068 GetAtomNameA
0x43c06c LoadLibraryA
0x43c070 GetModuleFileNameA
0x43c074 GetProcessAffinityMask
0x43c078 Module32Next
0x43c07c TlsFree
0x43c080 lstrcpyA
0x43c084 CreateFileW
0x43c088 SetEndOfFile
0x43c08c EncodePointer
0x43c090 DecodePointer
0x43c094 GetCommandLineA
0x43c098 HeapSetInformation
0x43c09c GetStartupInfoW
0x43c0a0 RaiseException
0x43c0a4 UnhandledExceptionFilter
0x43c0a8 SetUnhandledExceptionFilter
0x43c0ac IsDebuggerPresent
0x43c0b0 TerminateProcess
0x43c0b4 GetCurrentProcess
0x43c0b8 GetLastError
0x43c0bc HeapFree
0x43c0c0 IsProcessorFeaturePresent
0x43c0c4 TlsAlloc
0x43c0c8 TlsGetValue
0x43c0cc TlsSetValue
0x43c0d0 InterlockedIncrement
0x43c0d4 GetModuleHandleW
0x43c0d8 SetLastError
0x43c0dc GetCurrentThreadId
0x43c0e0 InterlockedDecrement
0x43c0e4 WideCharToMultiByte
0x43c0e8 SetHandleCount
0x43c0ec GetStdHandle
0x43c0f0 InitializeCriticalSectionAndSpinCount
0x43c0f4 GetFileType
0x43c0f8 DeleteCriticalSection
0x43c0fc EnterCriticalSection
0x43c100 LeaveCriticalSection
0x43c104 ReadFile
0x43c108 RtlUnwind
0x43c10c SetFilePointer
0x43c110 CloseHandle
0x43c114 ExitProcess
0x43c118 WriteFile
0x43c11c FreeEnvironmentStringsW
0x43c120 HeapCreate
0x43c124 QueryPerformanceCounter
0x43c128 GetCurrentProcessId
0x43c12c GetSystemTimeAsFileTime
0x43c130 GetConsoleCP
0x43c134 GetConsoleMode
0x43c138 GetCPInfo
0x43c13c GetACP
0x43c140 GetOEMCP
0x43c144 IsValidCodePage
0x43c148 Sleep
0x43c14c MultiByteToWideChar
0x43c150 CreateFileA
0x43c154 SetStdHandle
0x43c158 FlushFileBuffers
0x43c15c HeapSize
0x43c160 LoadLibraryW
0x43c164 LCMapStringW
0x43c168 GetStringTypeW
USER32.dll
0x43c170 SetCursorPos
EAT(Export Address Table) is none
KERNEL32.dll
0x43c000 HeapReAlloc
0x43c004 FindVolumeClose
0x43c008 HeapAlloc
0x43c00c EndUpdateResourceW
0x43c010 SetEnvironmentVariableW
0x43c014 GetEnvironmentStringsW
0x43c018 SetConsoleScreenBufferSize
0x43c01c AddConsoleAliasW
0x43c020 SetEvent
0x43c024 SleepEx
0x43c028 GetTickCount
0x43c02c GetProcessHeap
0x43c030 FindActCtxSectionStringA
0x43c034 GlobalAlloc
0x43c038 InitAtomTable
0x43c03c FindNextVolumeW
0x43c040 GetTapePosition
0x43c044 WriteConsoleW
0x43c048 GetMailslotInfo
0x43c04c GetModuleFileNameW
0x43c050 CreateActCtxA
0x43c054 GetConsoleOutputCP
0x43c058 BindIoCompletionCallback
0x43c05c GetProcAddress
0x43c060 VirtualAlloc
0x43c064 BeginUpdateResourceW
0x43c068 GetAtomNameA
0x43c06c LoadLibraryA
0x43c070 GetModuleFileNameA
0x43c074 GetProcessAffinityMask
0x43c078 Module32Next
0x43c07c TlsFree
0x43c080 lstrcpyA
0x43c084 CreateFileW
0x43c088 SetEndOfFile
0x43c08c EncodePointer
0x43c090 DecodePointer
0x43c094 GetCommandLineA
0x43c098 HeapSetInformation
0x43c09c GetStartupInfoW
0x43c0a0 RaiseException
0x43c0a4 UnhandledExceptionFilter
0x43c0a8 SetUnhandledExceptionFilter
0x43c0ac IsDebuggerPresent
0x43c0b0 TerminateProcess
0x43c0b4 GetCurrentProcess
0x43c0b8 GetLastError
0x43c0bc HeapFree
0x43c0c0 IsProcessorFeaturePresent
0x43c0c4 TlsAlloc
0x43c0c8 TlsGetValue
0x43c0cc TlsSetValue
0x43c0d0 InterlockedIncrement
0x43c0d4 GetModuleHandleW
0x43c0d8 SetLastError
0x43c0dc GetCurrentThreadId
0x43c0e0 InterlockedDecrement
0x43c0e4 WideCharToMultiByte
0x43c0e8 SetHandleCount
0x43c0ec GetStdHandle
0x43c0f0 InitializeCriticalSectionAndSpinCount
0x43c0f4 GetFileType
0x43c0f8 DeleteCriticalSection
0x43c0fc EnterCriticalSection
0x43c100 LeaveCriticalSection
0x43c104 ReadFile
0x43c108 RtlUnwind
0x43c10c SetFilePointer
0x43c110 CloseHandle
0x43c114 ExitProcess
0x43c118 WriteFile
0x43c11c FreeEnvironmentStringsW
0x43c120 HeapCreate
0x43c124 QueryPerformanceCounter
0x43c128 GetCurrentProcessId
0x43c12c GetSystemTimeAsFileTime
0x43c130 GetConsoleCP
0x43c134 GetConsoleMode
0x43c138 GetCPInfo
0x43c13c GetACP
0x43c140 GetOEMCP
0x43c144 IsValidCodePage
0x43c148 Sleep
0x43c14c MultiByteToWideChar
0x43c150 CreateFileA
0x43c154 SetStdHandle
0x43c158 FlushFileBuffers
0x43c15c HeapSize
0x43c160 LoadLibraryW
0x43c164 LCMapStringW
0x43c168 GetStringTypeW
USER32.dll
0x43c170 SetCursorPos
EAT(Export Address Table) is none