ScreenShot
| Created | 2021.11.03 09:50 | Machine | s1_win7_x6403 |
| Filename | 9313_1635861230_7991.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 37 detected (AIDetect, malware1, malicious, high confidence, Jaik, Artemis, Unsafe, Save, Hacktool, ZexaF, Mu0@aWA6TFiI, Kryptik, Eldorado, HNEC, Chapak, TrojanX, ET#98%, RDMK, cmRtazqAsyg6+Eesyu+638mtAZJI, Drixed, R + Troj, Krypt, Static AI, Malicious PE, susgen, ai score=85, Racealer, PSWSteal, UDJOUL, score, PossibleThreat, PALLASNET, Genetic, confidence, 100%) | ||
| md5 | faa81ed90ab9f9d0858effd276647670 | ||
| sha256 | e0a0dc0d665a7157c326b6c4ffd71e996055b577a305ffacfebbdf8ca9afd10d | ||
| ssdeep | 12288:XaBf46rBL6Zf0W36Jggs0KGXOKLPU60DfcgAlvqJDhwh95JcJD:qV46rBL6D6p1bAvtcSq95Jcx | ||
| imphash | 6ddd2d9f36cd353ba9a4fd8b55b9d3cc | ||
| impfuzzy | 24:vhWu9ESeDIWIIFD0ORvkhWzLONt5cpluiRv9jI/J3In19GSA6jMzVTn:RGN5j6Nt5cpsS9avS4VT | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 37 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x48b000 LoadResource
0x48b004 HeapAlloc
0x48b008 SetMailslotInfo
0x48b00c SetEnvironmentVariableW
0x48b010 GetEnvironmentStringsW
0x48b014 SetEvent
0x48b018 FlushConsoleInputBuffer
0x48b01c GetTickCount
0x48b020 TlsSetValue
0x48b024 FindResourceExA
0x48b028 GlobalAlloc
0x48b02c FindNextVolumeW
0x48b030 SetConsoleCursorPosition
0x48b034 WriteConsoleW
0x48b038 GetModuleFileNameW
0x48b03c CreateActCtxA
0x48b040 BindIoCompletionCallback
0x48b044 GetProcAddress
0x48b048 VirtualAlloc
0x48b04c BeginUpdateResourceW
0x48b050 PrepareTape
0x48b054 GetAtomNameA
0x48b058 LoadLibraryA
0x48b05c WriteConsoleA
0x48b060 FindFirstChangeNotificationA
0x48b064 GetProcessAffinityMask
0x48b068 AddConsoleAliasA
0x48b06c CreateFileW
0x48b070 GetProcessHeap
0x48b074 DecodePointer
0x48b078 EncodePointer
0x48b07c GetModuleHandleW
0x48b080 ExitProcess
0x48b084 GetCommandLineW
0x48b088 HeapSetInformation
0x48b08c GetStartupInfoW
0x48b090 IsProcessorFeaturePresent
0x48b094 UnhandledExceptionFilter
0x48b098 SetUnhandledExceptionFilter
0x48b09c IsDebuggerPresent
0x48b0a0 TerminateProcess
0x48b0a4 GetCurrentProcess
0x48b0a8 EnterCriticalSection
0x48b0ac LeaveCriticalSection
0x48b0b0 InitializeCriticalSectionAndSpinCount
0x48b0b4 RtlUnwind
0x48b0b8 SetHandleCount
0x48b0bc GetStdHandle
0x48b0c0 GetFileType
0x48b0c4 DeleteCriticalSection
0x48b0c8 GetLastError
0x48b0cc SetFilePointer
0x48b0d0 TlsAlloc
0x48b0d4 TlsGetValue
0x48b0d8 TlsFree
0x48b0dc InterlockedIncrement
0x48b0e0 SetLastError
0x48b0e4 GetCurrentThreadId
0x48b0e8 InterlockedDecrement
0x48b0ec HeapFree
0x48b0f0 CloseHandle
0x48b0f4 LoadLibraryW
0x48b0f8 WriteFile
0x48b0fc FreeEnvironmentStringsW
0x48b100 HeapCreate
0x48b104 QueryPerformanceCounter
0x48b108 GetCurrentProcessId
0x48b10c GetSystemTimeAsFileTime
0x48b110 ReadFile
0x48b114 Sleep
0x48b118 GetCPInfo
0x48b11c GetACP
0x48b120 GetOEMCP
0x48b124 IsValidCodePage
0x48b128 WideCharToMultiByte
0x48b12c CreateFileA
0x48b130 SetStdHandle
0x48b134 GetConsoleCP
0x48b138 GetConsoleMode
0x48b13c FlushFileBuffers
0x48b140 HeapSize
0x48b144 RaiseException
0x48b148 MultiByteToWideChar
0x48b14c HeapReAlloc
0x48b150 LCMapStringW
0x48b154 GetStringTypeW
0x48b158 SetEndOfFile
USER32.dll
0x48b160 SetCursorPos
EAT(Export Address Table) is none
KERNEL32.dll
0x48b000 LoadResource
0x48b004 HeapAlloc
0x48b008 SetMailslotInfo
0x48b00c SetEnvironmentVariableW
0x48b010 GetEnvironmentStringsW
0x48b014 SetEvent
0x48b018 FlushConsoleInputBuffer
0x48b01c GetTickCount
0x48b020 TlsSetValue
0x48b024 FindResourceExA
0x48b028 GlobalAlloc
0x48b02c FindNextVolumeW
0x48b030 SetConsoleCursorPosition
0x48b034 WriteConsoleW
0x48b038 GetModuleFileNameW
0x48b03c CreateActCtxA
0x48b040 BindIoCompletionCallback
0x48b044 GetProcAddress
0x48b048 VirtualAlloc
0x48b04c BeginUpdateResourceW
0x48b050 PrepareTape
0x48b054 GetAtomNameA
0x48b058 LoadLibraryA
0x48b05c WriteConsoleA
0x48b060 FindFirstChangeNotificationA
0x48b064 GetProcessAffinityMask
0x48b068 AddConsoleAliasA
0x48b06c CreateFileW
0x48b070 GetProcessHeap
0x48b074 DecodePointer
0x48b078 EncodePointer
0x48b07c GetModuleHandleW
0x48b080 ExitProcess
0x48b084 GetCommandLineW
0x48b088 HeapSetInformation
0x48b08c GetStartupInfoW
0x48b090 IsProcessorFeaturePresent
0x48b094 UnhandledExceptionFilter
0x48b098 SetUnhandledExceptionFilter
0x48b09c IsDebuggerPresent
0x48b0a0 TerminateProcess
0x48b0a4 GetCurrentProcess
0x48b0a8 EnterCriticalSection
0x48b0ac LeaveCriticalSection
0x48b0b0 InitializeCriticalSectionAndSpinCount
0x48b0b4 RtlUnwind
0x48b0b8 SetHandleCount
0x48b0bc GetStdHandle
0x48b0c0 GetFileType
0x48b0c4 DeleteCriticalSection
0x48b0c8 GetLastError
0x48b0cc SetFilePointer
0x48b0d0 TlsAlloc
0x48b0d4 TlsGetValue
0x48b0d8 TlsFree
0x48b0dc InterlockedIncrement
0x48b0e0 SetLastError
0x48b0e4 GetCurrentThreadId
0x48b0e8 InterlockedDecrement
0x48b0ec HeapFree
0x48b0f0 CloseHandle
0x48b0f4 LoadLibraryW
0x48b0f8 WriteFile
0x48b0fc FreeEnvironmentStringsW
0x48b100 HeapCreate
0x48b104 QueryPerformanceCounter
0x48b108 GetCurrentProcessId
0x48b10c GetSystemTimeAsFileTime
0x48b110 ReadFile
0x48b114 Sleep
0x48b118 GetCPInfo
0x48b11c GetACP
0x48b120 GetOEMCP
0x48b124 IsValidCodePage
0x48b128 WideCharToMultiByte
0x48b12c CreateFileA
0x48b130 SetStdHandle
0x48b134 GetConsoleCP
0x48b138 GetConsoleMode
0x48b13c FlushFileBuffers
0x48b140 HeapSize
0x48b144 RaiseException
0x48b148 MultiByteToWideChar
0x48b14c HeapReAlloc
0x48b150 LCMapStringW
0x48b154 GetStringTypeW
0x48b158 SetEndOfFile
USER32.dll
0x48b160 SetCursorPos
EAT(Export Address Table) is none