ScreenShot
| Created | 2021.11.03 09:26 | Machine | s1_win7_x6403 |
| Filename | 5276_1635853805_2882.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 32 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, Hacktool, Kryptik, Eldorado, HNDZ, MalwareX, Krypt, Racealer, score, GenericRXAA, ET#85%, RDMK, cmRtazotr3KFj5VPHBx07cwdTr3C, Static AI, Malicious PE, ZexaF, ju0@aeXQsKdI, Genetic, confidence, 100%, susgen) | ||
| md5 | def4628c708f82bcd032e16eda77114f | ||
| sha256 | 31c025df8aaf1498ecc72ce59060a97a5709681474803b6c5d2278bf193420e9 | ||
| ssdeep | 3072:XCT3xa0bDEGBQk9CnJJNkjK1aX6BdwGhwouX:XCA0EGBS7Tg6luX | ||
| imphash | 15e3257ae161a0641bdbe672f2a488ac | ||
| impfuzzy | 24:vhWu9Eq+fIeWSdIIFD0ORvkh+zLO7Zt5cpluiRv9jI/J3IndGSmjMzHTn:4AydN596Ft5cpsS9axS5HT | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 32 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x418000 LoadResource
0x418004 HeapAlloc
0x418008 SetMailslotInfo
0x41800c SetEnvironmentVariableW
0x418010 GetEnvironmentStringsW
0x418014 SetConsoleScreenBufferSize
0x418018 SetEvent
0x41801c FlushConsoleInputBuffer
0x418020 GetTickCount
0x418024 TlsSetValue
0x418028 FindResourceExA
0x41802c GlobalAlloc
0x418030 LoadLibraryW
0x418034 InitAtomTable
0x418038 FindNextVolumeW
0x41803c GetModuleFileNameW
0x418040 CreateActCtxA
0x418044 BindIoCompletionCallback
0x418048 GetProcAddress
0x41804c VirtualAlloc
0x418050 BeginUpdateResourceW
0x418054 PrepareTape
0x418058 GetAtomNameA
0x41805c LoadLibraryA
0x418060 WriteConsoleA
0x418064 FindFirstChangeNotificationA
0x418068 GetProcessAffinityMask
0x41806c AddConsoleAliasA
0x418070 CreateFileW
0x418074 WriteConsoleW
0x418078 DecodePointer
0x41807c EncodePointer
0x418080 GetModuleHandleW
0x418084 ExitProcess
0x418088 GetCommandLineW
0x41808c HeapSetInformation
0x418090 GetStartupInfoW
0x418094 IsProcessorFeaturePresent
0x418098 ReadFile
0x41809c UnhandledExceptionFilter
0x4180a0 SetUnhandledExceptionFilter
0x4180a4 IsDebuggerPresent
0x4180a8 TerminateProcess
0x4180ac GetCurrentProcess
0x4180b0 EnterCriticalSection
0x4180b4 LeaveCriticalSection
0x4180b8 InitializeCriticalSectionAndSpinCount
0x4180bc RtlUnwind
0x4180c0 SetHandleCount
0x4180c4 GetStdHandle
0x4180c8 GetFileType
0x4180cc DeleteCriticalSection
0x4180d0 GetLastError
0x4180d4 SetFilePointer
0x4180d8 TlsAlloc
0x4180dc TlsGetValue
0x4180e0 TlsFree
0x4180e4 InterlockedIncrement
0x4180e8 SetLastError
0x4180ec GetCurrentThreadId
0x4180f0 InterlockedDecrement
0x4180f4 HeapFree
0x4180f8 CloseHandle
0x4180fc WriteFile
0x418100 FreeEnvironmentStringsW
0x418104 HeapCreate
0x418108 QueryPerformanceCounter
0x41810c GetCurrentProcessId
0x418110 GetSystemTimeAsFileTime
0x418114 MultiByteToWideChar
0x418118 Sleep
0x41811c GetCPInfo
0x418120 GetACP
0x418124 GetOEMCP
0x418128 IsValidCodePage
0x41812c WideCharToMultiByte
0x418130 CreateFileA
0x418134 SetStdHandle
0x418138 GetConsoleCP
0x41813c GetConsoleMode
0x418140 FlushFileBuffers
0x418144 HeapSize
0x418148 RaiseException
0x41814c HeapReAlloc
0x418150 LCMapStringW
0x418154 GetStringTypeW
0x418158 SetEndOfFile
0x41815c GetProcessHeap
USER32.dll
0x418164 SetCursorPos
EAT(Export Address Table) is none
KERNEL32.dll
0x418000 LoadResource
0x418004 HeapAlloc
0x418008 SetMailslotInfo
0x41800c SetEnvironmentVariableW
0x418010 GetEnvironmentStringsW
0x418014 SetConsoleScreenBufferSize
0x418018 SetEvent
0x41801c FlushConsoleInputBuffer
0x418020 GetTickCount
0x418024 TlsSetValue
0x418028 FindResourceExA
0x41802c GlobalAlloc
0x418030 LoadLibraryW
0x418034 InitAtomTable
0x418038 FindNextVolumeW
0x41803c GetModuleFileNameW
0x418040 CreateActCtxA
0x418044 BindIoCompletionCallback
0x418048 GetProcAddress
0x41804c VirtualAlloc
0x418050 BeginUpdateResourceW
0x418054 PrepareTape
0x418058 GetAtomNameA
0x41805c LoadLibraryA
0x418060 WriteConsoleA
0x418064 FindFirstChangeNotificationA
0x418068 GetProcessAffinityMask
0x41806c AddConsoleAliasA
0x418070 CreateFileW
0x418074 WriteConsoleW
0x418078 DecodePointer
0x41807c EncodePointer
0x418080 GetModuleHandleW
0x418084 ExitProcess
0x418088 GetCommandLineW
0x41808c HeapSetInformation
0x418090 GetStartupInfoW
0x418094 IsProcessorFeaturePresent
0x418098 ReadFile
0x41809c UnhandledExceptionFilter
0x4180a0 SetUnhandledExceptionFilter
0x4180a4 IsDebuggerPresent
0x4180a8 TerminateProcess
0x4180ac GetCurrentProcess
0x4180b0 EnterCriticalSection
0x4180b4 LeaveCriticalSection
0x4180b8 InitializeCriticalSectionAndSpinCount
0x4180bc RtlUnwind
0x4180c0 SetHandleCount
0x4180c4 GetStdHandle
0x4180c8 GetFileType
0x4180cc DeleteCriticalSection
0x4180d0 GetLastError
0x4180d4 SetFilePointer
0x4180d8 TlsAlloc
0x4180dc TlsGetValue
0x4180e0 TlsFree
0x4180e4 InterlockedIncrement
0x4180e8 SetLastError
0x4180ec GetCurrentThreadId
0x4180f0 InterlockedDecrement
0x4180f4 HeapFree
0x4180f8 CloseHandle
0x4180fc WriteFile
0x418100 FreeEnvironmentStringsW
0x418104 HeapCreate
0x418108 QueryPerformanceCounter
0x41810c GetCurrentProcessId
0x418110 GetSystemTimeAsFileTime
0x418114 MultiByteToWideChar
0x418118 Sleep
0x41811c GetCPInfo
0x418120 GetACP
0x418124 GetOEMCP
0x418128 IsValidCodePage
0x41812c WideCharToMultiByte
0x418130 CreateFileA
0x418134 SetStdHandle
0x418138 GetConsoleCP
0x41813c GetConsoleMode
0x418140 FlushFileBuffers
0x418144 HeapSize
0x418148 RaiseException
0x41814c HeapReAlloc
0x418150 LCMapStringW
0x418154 GetStringTypeW
0x418158 SetEndOfFile
0x41815c GetProcessHeap
USER32.dll
0x418164 SetCursorPos
EAT(Export Address Table) is none