ScreenShot
| Created | 2021.11.04 14:52 | Machine | s1_win7_x6401 |
| Filename | 6497_1635879131_9463.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 38 detected (AIDetect, malware1, malicious, high confidence, Jaik, Unsafe, Save, Hacktool, ZexaF, ru0@aueukDnI, Kryptik, Eldorado, HNEE, MalwareX, Lockbit, R + Troj, Krypt, Static AI, Malicious PE, Score, ClipBanker, GenericRXAA, ai score=83, ET#92%, RDMK, cmRtazrtb6bQBhl1rTt48fAsmP, susgen, HNDZ, GdSda, confidence, 100%) | ||
| md5 | d549bdaa241387d09550d79742bc5c66 | ||
| sha256 | 936fec4f4692c9198d5e16e5dfb8800e02235cf053a3580fa4dfd5e6907cbae1 | ||
| ssdeep | 6144:IRHSnBjU6YQ7lTHPlQj33uncG5U9nITFy:zhU6F7BNo32u6I | ||
| imphash | 2d072324798956717a479868e71b5c9d | ||
| impfuzzy | 24:vhWu9ESebIwD0ORvkhzzLONt5cpluiRv9jI/J3In19GSA6jMzVTn:Ra5i6Nt5cpsS9avS4VT | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 38 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x43a000 LoadResource
0x43a004 HeapAlloc
0x43a008 SetMailslotInfo
0x43a00c SetEnvironmentVariableW
0x43a010 GetEnvironmentStringsW
0x43a014 SetEvent
0x43a018 FlushConsoleInputBuffer
0x43a01c GetTickCount
0x43a020 TlsSetValue
0x43a024 GlobalAlloc
0x43a028 SetConsoleCursorPosition
0x43a02c WriteConsoleW
0x43a030 GetModuleFileNameW
0x43a034 GetProcAddress
0x43a038 VirtualAlloc
0x43a03c BeginUpdateResourceW
0x43a040 PrepareTape
0x43a044 GetAtomNameA
0x43a048 LoadLibraryA
0x43a04c WriteConsoleA
0x43a050 FindFirstChangeNotificationA
0x43a054 GetProcessAffinityMask
0x43a058 AddConsoleAliasA
0x43a05c FindNextVolumeA
0x43a060 CreateFileW
0x43a064 GetProcessHeap
0x43a068 DecodePointer
0x43a06c EncodePointer
0x43a070 GetModuleHandleW
0x43a074 ExitProcess
0x43a078 GetCommandLineW
0x43a07c HeapSetInformation
0x43a080 GetStartupInfoW
0x43a084 IsProcessorFeaturePresent
0x43a088 UnhandledExceptionFilter
0x43a08c SetUnhandledExceptionFilter
0x43a090 IsDebuggerPresent
0x43a094 TerminateProcess
0x43a098 GetCurrentProcess
0x43a09c EnterCriticalSection
0x43a0a0 LeaveCriticalSection
0x43a0a4 InitializeCriticalSectionAndSpinCount
0x43a0a8 RtlUnwind
0x43a0ac SetHandleCount
0x43a0b0 GetStdHandle
0x43a0b4 GetFileType
0x43a0b8 DeleteCriticalSection
0x43a0bc GetLastError
0x43a0c0 SetFilePointer
0x43a0c4 TlsAlloc
0x43a0c8 TlsGetValue
0x43a0cc TlsFree
0x43a0d0 InterlockedIncrement
0x43a0d4 SetLastError
0x43a0d8 GetCurrentThreadId
0x43a0dc InterlockedDecrement
0x43a0e0 HeapFree
0x43a0e4 CloseHandle
0x43a0e8 LoadLibraryW
0x43a0ec WriteFile
0x43a0f0 FreeEnvironmentStringsW
0x43a0f4 HeapCreate
0x43a0f8 QueryPerformanceCounter
0x43a0fc GetCurrentProcessId
0x43a100 GetSystemTimeAsFileTime
0x43a104 ReadFile
0x43a108 Sleep
0x43a10c GetCPInfo
0x43a110 GetACP
0x43a114 GetOEMCP
0x43a118 IsValidCodePage
0x43a11c WideCharToMultiByte
0x43a120 CreateFileA
0x43a124 SetStdHandle
0x43a128 GetConsoleCP
0x43a12c GetConsoleMode
0x43a130 FlushFileBuffers
0x43a134 HeapSize
0x43a138 RaiseException
0x43a13c MultiByteToWideChar
0x43a140 HeapReAlloc
0x43a144 LCMapStringW
0x43a148 GetStringTypeW
0x43a14c SetEndOfFile
USER32.dll
0x43a154 SetCursorPos
EAT(Export Address Table) is none
KERNEL32.dll
0x43a000 LoadResource
0x43a004 HeapAlloc
0x43a008 SetMailslotInfo
0x43a00c SetEnvironmentVariableW
0x43a010 GetEnvironmentStringsW
0x43a014 SetEvent
0x43a018 FlushConsoleInputBuffer
0x43a01c GetTickCount
0x43a020 TlsSetValue
0x43a024 GlobalAlloc
0x43a028 SetConsoleCursorPosition
0x43a02c WriteConsoleW
0x43a030 GetModuleFileNameW
0x43a034 GetProcAddress
0x43a038 VirtualAlloc
0x43a03c BeginUpdateResourceW
0x43a040 PrepareTape
0x43a044 GetAtomNameA
0x43a048 LoadLibraryA
0x43a04c WriteConsoleA
0x43a050 FindFirstChangeNotificationA
0x43a054 GetProcessAffinityMask
0x43a058 AddConsoleAliasA
0x43a05c FindNextVolumeA
0x43a060 CreateFileW
0x43a064 GetProcessHeap
0x43a068 DecodePointer
0x43a06c EncodePointer
0x43a070 GetModuleHandleW
0x43a074 ExitProcess
0x43a078 GetCommandLineW
0x43a07c HeapSetInformation
0x43a080 GetStartupInfoW
0x43a084 IsProcessorFeaturePresent
0x43a088 UnhandledExceptionFilter
0x43a08c SetUnhandledExceptionFilter
0x43a090 IsDebuggerPresent
0x43a094 TerminateProcess
0x43a098 GetCurrentProcess
0x43a09c EnterCriticalSection
0x43a0a0 LeaveCriticalSection
0x43a0a4 InitializeCriticalSectionAndSpinCount
0x43a0a8 RtlUnwind
0x43a0ac SetHandleCount
0x43a0b0 GetStdHandle
0x43a0b4 GetFileType
0x43a0b8 DeleteCriticalSection
0x43a0bc GetLastError
0x43a0c0 SetFilePointer
0x43a0c4 TlsAlloc
0x43a0c8 TlsGetValue
0x43a0cc TlsFree
0x43a0d0 InterlockedIncrement
0x43a0d4 SetLastError
0x43a0d8 GetCurrentThreadId
0x43a0dc InterlockedDecrement
0x43a0e0 HeapFree
0x43a0e4 CloseHandle
0x43a0e8 LoadLibraryW
0x43a0ec WriteFile
0x43a0f0 FreeEnvironmentStringsW
0x43a0f4 HeapCreate
0x43a0f8 QueryPerformanceCounter
0x43a0fc GetCurrentProcessId
0x43a100 GetSystemTimeAsFileTime
0x43a104 ReadFile
0x43a108 Sleep
0x43a10c GetCPInfo
0x43a110 GetACP
0x43a114 GetOEMCP
0x43a118 IsValidCodePage
0x43a11c WideCharToMultiByte
0x43a120 CreateFileA
0x43a124 SetStdHandle
0x43a128 GetConsoleCP
0x43a12c GetConsoleMode
0x43a130 FlushFileBuffers
0x43a134 HeapSize
0x43a138 RaiseException
0x43a13c MultiByteToWideChar
0x43a140 HeapReAlloc
0x43a144 LCMapStringW
0x43a148 GetStringTypeW
0x43a14c SetEndOfFile
USER32.dll
0x43a154 SetCursorPos
EAT(Export Address Table) is none