ScreenShot
| Created | 2021.11.03 16:52 | Machine | s1_win7_x6401 |
| Filename | 5332_1635879205_5518.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 35 detected (AIDetect, malware1, malicious, high confidence, Jaik, Unsafe, Save, Hacktool, Kryptik, Eldorado, HNEE, Injuke, TrojanX, Lockbit, A + Troj, Krypt, Static AI, Malicious PE, RedLine, score, ai score=80, ET#90%, RDMK, cmRtazpb8RJbG4OX, 03p6eeMjZXu, susgen, ZexaF, uu0@a8RtIyfI, Genetic, confidence, 100%) | ||
| md5 | 4fb120e5975e3a7b4c59a1cf7b8ebc75 | ||
| sha256 | 2d1fb307892909f07593797b2fdf7474ece2ca8d27fb5b54dfb4439c880e8143 | ||
| ssdeep | 6144:yMYlQUYFPySR/4bHfg9FDsiP4nld5ncKq7su/kRWBw+Tpi3OV37hGPVpD6q9Eua:MuUIBYYHDs5ld5crYewgrhGPVpD6q9 | ||
| imphash | 2d072324798956717a479868e71b5c9d | ||
| impfuzzy | 24:vhWu9ESebIwD0ORvkhzzLONt5cpluiRv9jI/J3In19GSA6jMzVTn:Ra5i6Nt5cpsS9avS4VT | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 35 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x446000 LoadResource
0x446004 HeapAlloc
0x446008 SetMailslotInfo
0x44600c SetEnvironmentVariableW
0x446010 GetEnvironmentStringsW
0x446014 SetEvent
0x446018 FlushConsoleInputBuffer
0x44601c GetTickCount
0x446020 TlsSetValue
0x446024 GlobalAlloc
0x446028 SetConsoleCursorPosition
0x44602c WriteConsoleW
0x446030 GetModuleFileNameW
0x446034 GetProcAddress
0x446038 VirtualAlloc
0x44603c BeginUpdateResourceW
0x446040 PrepareTape
0x446044 GetAtomNameA
0x446048 LoadLibraryA
0x44604c WriteConsoleA
0x446050 FindFirstChangeNotificationA
0x446054 GetProcessAffinityMask
0x446058 AddConsoleAliasA
0x44605c FindNextVolumeA
0x446060 CreateFileW
0x446064 GetProcessHeap
0x446068 DecodePointer
0x44606c EncodePointer
0x446070 GetModuleHandleW
0x446074 ExitProcess
0x446078 GetCommandLineW
0x44607c HeapSetInformation
0x446080 GetStartupInfoW
0x446084 IsProcessorFeaturePresent
0x446088 UnhandledExceptionFilter
0x44608c SetUnhandledExceptionFilter
0x446090 IsDebuggerPresent
0x446094 TerminateProcess
0x446098 GetCurrentProcess
0x44609c EnterCriticalSection
0x4460a0 LeaveCriticalSection
0x4460a4 InitializeCriticalSectionAndSpinCount
0x4460a8 RtlUnwind
0x4460ac SetHandleCount
0x4460b0 GetStdHandle
0x4460b4 GetFileType
0x4460b8 DeleteCriticalSection
0x4460bc GetLastError
0x4460c0 SetFilePointer
0x4460c4 TlsAlloc
0x4460c8 TlsGetValue
0x4460cc TlsFree
0x4460d0 InterlockedIncrement
0x4460d4 SetLastError
0x4460d8 GetCurrentThreadId
0x4460dc InterlockedDecrement
0x4460e0 HeapFree
0x4460e4 CloseHandle
0x4460e8 LoadLibraryW
0x4460ec WriteFile
0x4460f0 FreeEnvironmentStringsW
0x4460f4 HeapCreate
0x4460f8 QueryPerformanceCounter
0x4460fc GetCurrentProcessId
0x446100 GetSystemTimeAsFileTime
0x446104 ReadFile
0x446108 Sleep
0x44610c GetCPInfo
0x446110 GetACP
0x446114 GetOEMCP
0x446118 IsValidCodePage
0x44611c WideCharToMultiByte
0x446120 CreateFileA
0x446124 SetStdHandle
0x446128 GetConsoleCP
0x44612c GetConsoleMode
0x446130 FlushFileBuffers
0x446134 HeapSize
0x446138 RaiseException
0x44613c MultiByteToWideChar
0x446140 HeapReAlloc
0x446144 LCMapStringW
0x446148 GetStringTypeW
0x44614c SetEndOfFile
USER32.dll
0x446154 SetCursorPos
EAT(Export Address Table) is none
KERNEL32.dll
0x446000 LoadResource
0x446004 HeapAlloc
0x446008 SetMailslotInfo
0x44600c SetEnvironmentVariableW
0x446010 GetEnvironmentStringsW
0x446014 SetEvent
0x446018 FlushConsoleInputBuffer
0x44601c GetTickCount
0x446020 TlsSetValue
0x446024 GlobalAlloc
0x446028 SetConsoleCursorPosition
0x44602c WriteConsoleW
0x446030 GetModuleFileNameW
0x446034 GetProcAddress
0x446038 VirtualAlloc
0x44603c BeginUpdateResourceW
0x446040 PrepareTape
0x446044 GetAtomNameA
0x446048 LoadLibraryA
0x44604c WriteConsoleA
0x446050 FindFirstChangeNotificationA
0x446054 GetProcessAffinityMask
0x446058 AddConsoleAliasA
0x44605c FindNextVolumeA
0x446060 CreateFileW
0x446064 GetProcessHeap
0x446068 DecodePointer
0x44606c EncodePointer
0x446070 GetModuleHandleW
0x446074 ExitProcess
0x446078 GetCommandLineW
0x44607c HeapSetInformation
0x446080 GetStartupInfoW
0x446084 IsProcessorFeaturePresent
0x446088 UnhandledExceptionFilter
0x44608c SetUnhandledExceptionFilter
0x446090 IsDebuggerPresent
0x446094 TerminateProcess
0x446098 GetCurrentProcess
0x44609c EnterCriticalSection
0x4460a0 LeaveCriticalSection
0x4460a4 InitializeCriticalSectionAndSpinCount
0x4460a8 RtlUnwind
0x4460ac SetHandleCount
0x4460b0 GetStdHandle
0x4460b4 GetFileType
0x4460b8 DeleteCriticalSection
0x4460bc GetLastError
0x4460c0 SetFilePointer
0x4460c4 TlsAlloc
0x4460c8 TlsGetValue
0x4460cc TlsFree
0x4460d0 InterlockedIncrement
0x4460d4 SetLastError
0x4460d8 GetCurrentThreadId
0x4460dc InterlockedDecrement
0x4460e0 HeapFree
0x4460e4 CloseHandle
0x4460e8 LoadLibraryW
0x4460ec WriteFile
0x4460f0 FreeEnvironmentStringsW
0x4460f4 HeapCreate
0x4460f8 QueryPerformanceCounter
0x4460fc GetCurrentProcessId
0x446100 GetSystemTimeAsFileTime
0x446104 ReadFile
0x446108 Sleep
0x44610c GetCPInfo
0x446110 GetACP
0x446114 GetOEMCP
0x446118 IsValidCodePage
0x44611c WideCharToMultiByte
0x446120 CreateFileA
0x446124 SetStdHandle
0x446128 GetConsoleCP
0x44612c GetConsoleMode
0x446130 FlushFileBuffers
0x446134 HeapSize
0x446138 RaiseException
0x44613c MultiByteToWideChar
0x446140 HeapReAlloc
0x446144 LCMapStringW
0x446148 GetStringTypeW
0x44614c SetEndOfFile
USER32.dll
0x446154 SetCursorPos
EAT(Export Address Table) is none