ScreenShot
| Created | 2021.11.02 11:14 | Machine | s1_win7_x6401 |
| Filename | sefile.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 28 detected (AIDetect, malware1, malicious, high confidence, score, Artemis, Unsafe, Save, Hacktool, confidence, 100%, ZexaF, qu0@aenvH2eG, Kryptik, Eldorado, Jaik, Lockbit, susgen, Sabsik, ai score=84, ET#98%, RDMK, cmRtazpRw3Y5qyaXZBf3Fwj89FEi, Static AI, Malicious PE) | ||
| md5 | 64ffcd32bd5f7bbb7e456971e828b828 | ||
| sha256 | 40e227fc577c3eab6c78797c7b790457abe1886b8a6bb08d0219c1450c9c5d5f | ||
| ssdeep | 6144:J7mMuORhFMoGUSaeMusTgMqZja9qMF9Q/0:JqMvSPUSaeMMJlaoMF94 | ||
| imphash | 51877faeb7f9e92bd6de75ecea40ae83 | ||
| impfuzzy | 24:WESi2ZS+IIFD0OR/ucMrW1OovurIlyv9fcjtuigJ3In4FGSUjMeElTn:25E+NyYK9fcjtuJZ0SyKT | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x431000 HeapReAlloc
0x431004 FindVolumeClose
0x431008 FindFirstChangeNotificationW
0x43100c FindResourceExW
0x431010 HeapAlloc
0x431014 SetMailslotInfo
0x431018 GetEnvironmentStringsW
0x43101c SetEvent
0x431020 FlushConsoleInputBuffer
0x431024 SleepEx
0x431028 GetTickCount
0x43102c FindActCtxSectionStringA
0x431030 TlsSetValue
0x431034 GlobalAlloc
0x431038 LoadLibraryW
0x43103c InitAtomTable
0x431040 FindNextVolumeW
0x431044 WriteConsoleW
0x431048 CreateActCtxA
0x43104c BindIoCompletionCallback
0x431050 GetProcAddress
0x431054 VirtualAlloc
0x431058 BeginUpdateResourceW
0x43105c PrepareTape
0x431060 GetAtomNameA
0x431064 LoadLibraryA
0x431068 WriteConsoleA
0x43106c SetEnvironmentVariableA
0x431070 GetModuleFileNameA
0x431074 GetProcessAffinityMask
0x431078 EndUpdateResourceA
0x43107c AddConsoleAliasA
0x431080 lstrcpyA
0x431084 CreateFileW
0x431088 HeapSize
0x43108c DecodePointer
0x431090 EncodePointer
0x431094 GetCommandLineA
0x431098 HeapSetInformation
0x43109c GetStartupInfoW
0x4310a0 IsProcessorFeaturePresent
0x4310a4 GetLastError
0x4310a8 WideCharToMultiByte
0x4310ac SetHandleCount
0x4310b0 GetStdHandle
0x4310b4 InitializeCriticalSectionAndSpinCount
0x4310b8 GetFileType
0x4310bc DeleteCriticalSection
0x4310c0 EnterCriticalSection
0x4310c4 LeaveCriticalSection
0x4310c8 UnhandledExceptionFilter
0x4310cc SetUnhandledExceptionFilter
0x4310d0 IsDebuggerPresent
0x4310d4 TerminateProcess
0x4310d8 GetCurrentProcess
0x4310dc RtlUnwind
0x4310e0 SetFilePointer
0x4310e4 TlsAlloc
0x4310e8 TlsGetValue
0x4310ec TlsFree
0x4310f0 InterlockedIncrement
0x4310f4 GetModuleHandleW
0x4310f8 SetLastError
0x4310fc GetCurrentThreadId
0x431100 InterlockedDecrement
0x431104 HeapFree
0x431108 CloseHandle
0x43110c ExitProcess
0x431110 WriteFile
0x431114 GetModuleFileNameW
0x431118 FreeEnvironmentStringsW
0x43111c HeapCreate
0x431120 QueryPerformanceCounter
0x431124 GetCurrentProcessId
0x431128 GetSystemTimeAsFileTime
0x43112c GetConsoleCP
0x431130 GetConsoleMode
0x431134 GetCPInfo
0x431138 GetACP
0x43113c GetOEMCP
0x431140 IsValidCodePage
0x431144 Sleep
0x431148 CreateFileA
0x43114c SetStdHandle
0x431150 FlushFileBuffers
0x431154 RaiseException
0x431158 MultiByteToWideChar
0x43115c LCMapStringW
0x431160 GetStringTypeW
0x431164 SetEndOfFile
0x431168 GetProcessHeap
0x43116c ReadFile
USER32.dll
0x431174 SetCursorPos
EAT(Export Address Table) is none
KERNEL32.dll
0x431000 HeapReAlloc
0x431004 FindVolumeClose
0x431008 FindFirstChangeNotificationW
0x43100c FindResourceExW
0x431010 HeapAlloc
0x431014 SetMailslotInfo
0x431018 GetEnvironmentStringsW
0x43101c SetEvent
0x431020 FlushConsoleInputBuffer
0x431024 SleepEx
0x431028 GetTickCount
0x43102c FindActCtxSectionStringA
0x431030 TlsSetValue
0x431034 GlobalAlloc
0x431038 LoadLibraryW
0x43103c InitAtomTable
0x431040 FindNextVolumeW
0x431044 WriteConsoleW
0x431048 CreateActCtxA
0x43104c BindIoCompletionCallback
0x431050 GetProcAddress
0x431054 VirtualAlloc
0x431058 BeginUpdateResourceW
0x43105c PrepareTape
0x431060 GetAtomNameA
0x431064 LoadLibraryA
0x431068 WriteConsoleA
0x43106c SetEnvironmentVariableA
0x431070 GetModuleFileNameA
0x431074 GetProcessAffinityMask
0x431078 EndUpdateResourceA
0x43107c AddConsoleAliasA
0x431080 lstrcpyA
0x431084 CreateFileW
0x431088 HeapSize
0x43108c DecodePointer
0x431090 EncodePointer
0x431094 GetCommandLineA
0x431098 HeapSetInformation
0x43109c GetStartupInfoW
0x4310a0 IsProcessorFeaturePresent
0x4310a4 GetLastError
0x4310a8 WideCharToMultiByte
0x4310ac SetHandleCount
0x4310b0 GetStdHandle
0x4310b4 InitializeCriticalSectionAndSpinCount
0x4310b8 GetFileType
0x4310bc DeleteCriticalSection
0x4310c0 EnterCriticalSection
0x4310c4 LeaveCriticalSection
0x4310c8 UnhandledExceptionFilter
0x4310cc SetUnhandledExceptionFilter
0x4310d0 IsDebuggerPresent
0x4310d4 TerminateProcess
0x4310d8 GetCurrentProcess
0x4310dc RtlUnwind
0x4310e0 SetFilePointer
0x4310e4 TlsAlloc
0x4310e8 TlsGetValue
0x4310ec TlsFree
0x4310f0 InterlockedIncrement
0x4310f4 GetModuleHandleW
0x4310f8 SetLastError
0x4310fc GetCurrentThreadId
0x431100 InterlockedDecrement
0x431104 HeapFree
0x431108 CloseHandle
0x43110c ExitProcess
0x431110 WriteFile
0x431114 GetModuleFileNameW
0x431118 FreeEnvironmentStringsW
0x43111c HeapCreate
0x431120 QueryPerformanceCounter
0x431124 GetCurrentProcessId
0x431128 GetSystemTimeAsFileTime
0x43112c GetConsoleCP
0x431130 GetConsoleMode
0x431134 GetCPInfo
0x431138 GetACP
0x43113c GetOEMCP
0x431140 IsValidCodePage
0x431144 Sleep
0x431148 CreateFileA
0x43114c SetStdHandle
0x431150 FlushFileBuffers
0x431154 RaiseException
0x431158 MultiByteToWideChar
0x43115c LCMapStringW
0x431160 GetStringTypeW
0x431164 SetEndOfFile
0x431168 GetProcessHeap
0x43116c ReadFile
USER32.dll
0x431174 SetCursorPos
EAT(Export Address Table) is none