ScreenShot
| Created | 2021.11.03 09:45 | Machine | s1_win7_x6403 |
| Filename | 186.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 36 detected (AIDetect, malware1, malicious, high confidence, Fragtor, Artemis, Unsafe, Save, ZexaF, ju0@amljTtkG, Cutwail, FileRepMalware, ET#90%, RDMK, cmRtazojXs, cX1vJUSd9OI1yal2N, R + Troj, Krypt, susgen, kcloud, score, ai score=88, Static AI, Malicious PE, GenKryptik, FMYB, confidence, 100%) | ||
| md5 | 357d55e0c7821d2c4bbd26e92ee6a71b | ||
| sha256 | 5b3a8ff94b27ba20933e4850821591f20b6c1bf2d9141bb3870d81b8a457ed83 | ||
| ssdeep | 3072:PJZSej9g7vNe7XZwyfS5zSKSwBwaXFZMRX:x4yg7vaVS5zF7I9 | ||
| imphash | 5ab65f2363f526ecd7d1ca8b33f4bca1 | ||
| impfuzzy | 24:vhEq+fIeWS+IIFD0OR/uAkhWzLO7Zt5cpluiRv9jI/J3IntGSmjMzO3n:GAy+NRj6Ft5cpsS9aNS5O3 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 36 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4019000 LoadResource
0x4019004 HeapAlloc
0x4019008 SetMailslotInfo
0x401900c GetEnvironmentStringsW
0x4019010 SetConsoleScreenBufferSize
0x4019014 SetEvent
0x4019018 FlushConsoleInputBuffer
0x401901c GetTickCount
0x4019020 TlsSetValue
0x4019024 FindResourceExA
0x4019028 GlobalAlloc
0x401902c LoadLibraryW
0x4019030 InitAtomTable
0x4019034 FindNextVolumeW
0x4019038 WriteConsoleW
0x401903c CreateActCtxA
0x4019040 BindIoCompletionCallback
0x4019044 GetProcAddress
0x4019048 VirtualAlloc
0x401904c BeginUpdateResourceW
0x4019050 PrepareTape
0x4019054 GetAtomNameA
0x4019058 LoadLibraryA
0x401905c WriteConsoleA
0x4019060 SetEnvironmentVariableA
0x4019064 GetModuleFileNameA
0x4019068 FindFirstChangeNotificationA
0x401906c GetProcessAffinityMask
0x4019070 AddConsoleAliasA
0x4019074 CreateFileW
0x4019078 GetProcessHeap
0x401907c DecodePointer
0x4019080 EncodePointer
0x4019084 GetModuleHandleW
0x4019088 ExitProcess
0x401908c GetCommandLineW
0x4019090 HeapSetInformation
0x4019094 GetStartupInfoW
0x4019098 IsProcessorFeaturePresent
0x401909c ReadFile
0x40190a0 UnhandledExceptionFilter
0x40190a4 SetUnhandledExceptionFilter
0x40190a8 IsDebuggerPresent
0x40190ac TerminateProcess
0x40190b0 GetCurrentProcess
0x40190b4 EnterCriticalSection
0x40190b8 LeaveCriticalSection
0x40190bc InitializeCriticalSectionAndSpinCount
0x40190c0 RtlUnwind
0x40190c4 SetHandleCount
0x40190c8 GetStdHandle
0x40190cc GetFileType
0x40190d0 DeleteCriticalSection
0x40190d4 GetLastError
0x40190d8 SetFilePointer
0x40190dc TlsAlloc
0x40190e0 TlsGetValue
0x40190e4 TlsFree
0x40190e8 InterlockedIncrement
0x40190ec SetLastError
0x40190f0 GetCurrentThreadId
0x40190f4 InterlockedDecrement
0x40190f8 HeapFree
0x40190fc CloseHandle
0x4019100 WriteFile
0x4019104 GetModuleFileNameW
0x4019108 FreeEnvironmentStringsW
0x401910c HeapCreate
0x4019110 QueryPerformanceCounter
0x4019114 GetCurrentProcessId
0x4019118 GetSystemTimeAsFileTime
0x401911c MultiByteToWideChar
0x4019120 Sleep
0x4019124 GetCPInfo
0x4019128 GetACP
0x401912c GetOEMCP
0x4019130 IsValidCodePage
0x4019134 WideCharToMultiByte
0x4019138 CreateFileA
0x401913c SetStdHandle
0x4019140 GetConsoleCP
0x4019144 GetConsoleMode
0x4019148 FlushFileBuffers
0x401914c HeapSize
0x4019150 RaiseException
0x4019154 HeapReAlloc
0x4019158 LCMapStringW
0x401915c GetStringTypeW
0x4019160 SetEndOfFile
USER32.dll
0x4019168 GetCursorPos
EAT(Export Address Table) is none
KERNEL32.dll
0x4019000 LoadResource
0x4019004 HeapAlloc
0x4019008 SetMailslotInfo
0x401900c GetEnvironmentStringsW
0x4019010 SetConsoleScreenBufferSize
0x4019014 SetEvent
0x4019018 FlushConsoleInputBuffer
0x401901c GetTickCount
0x4019020 TlsSetValue
0x4019024 FindResourceExA
0x4019028 GlobalAlloc
0x401902c LoadLibraryW
0x4019030 InitAtomTable
0x4019034 FindNextVolumeW
0x4019038 WriteConsoleW
0x401903c CreateActCtxA
0x4019040 BindIoCompletionCallback
0x4019044 GetProcAddress
0x4019048 VirtualAlloc
0x401904c BeginUpdateResourceW
0x4019050 PrepareTape
0x4019054 GetAtomNameA
0x4019058 LoadLibraryA
0x401905c WriteConsoleA
0x4019060 SetEnvironmentVariableA
0x4019064 GetModuleFileNameA
0x4019068 FindFirstChangeNotificationA
0x401906c GetProcessAffinityMask
0x4019070 AddConsoleAliasA
0x4019074 CreateFileW
0x4019078 GetProcessHeap
0x401907c DecodePointer
0x4019080 EncodePointer
0x4019084 GetModuleHandleW
0x4019088 ExitProcess
0x401908c GetCommandLineW
0x4019090 HeapSetInformation
0x4019094 GetStartupInfoW
0x4019098 IsProcessorFeaturePresent
0x401909c ReadFile
0x40190a0 UnhandledExceptionFilter
0x40190a4 SetUnhandledExceptionFilter
0x40190a8 IsDebuggerPresent
0x40190ac TerminateProcess
0x40190b0 GetCurrentProcess
0x40190b4 EnterCriticalSection
0x40190b8 LeaveCriticalSection
0x40190bc InitializeCriticalSectionAndSpinCount
0x40190c0 RtlUnwind
0x40190c4 SetHandleCount
0x40190c8 GetStdHandle
0x40190cc GetFileType
0x40190d0 DeleteCriticalSection
0x40190d4 GetLastError
0x40190d8 SetFilePointer
0x40190dc TlsAlloc
0x40190e0 TlsGetValue
0x40190e4 TlsFree
0x40190e8 InterlockedIncrement
0x40190ec SetLastError
0x40190f0 GetCurrentThreadId
0x40190f4 InterlockedDecrement
0x40190f8 HeapFree
0x40190fc CloseHandle
0x4019100 WriteFile
0x4019104 GetModuleFileNameW
0x4019108 FreeEnvironmentStringsW
0x401910c HeapCreate
0x4019110 QueryPerformanceCounter
0x4019114 GetCurrentProcessId
0x4019118 GetSystemTimeAsFileTime
0x401911c MultiByteToWideChar
0x4019120 Sleep
0x4019124 GetCPInfo
0x4019128 GetACP
0x401912c GetOEMCP
0x4019130 IsValidCodePage
0x4019134 WideCharToMultiByte
0x4019138 CreateFileA
0x401913c SetStdHandle
0x4019140 GetConsoleCP
0x4019144 GetConsoleMode
0x4019148 FlushFileBuffers
0x401914c HeapSize
0x4019150 RaiseException
0x4019154 HeapReAlloc
0x4019158 LCMapStringW
0x401915c GetStringTypeW
0x4019160 SetEndOfFile
USER32.dll
0x4019168 GetCursorPos
EAT(Export Address Table) is none