ScreenShot
| Created | 2021.11.04 15:09 | Machine | s1_win7_x6401 |
| Filename | 15673391590007385026.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 25 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, Hacktool, ZexaF, ou0@aCQPQhjI, Kryptik, Eldorado, Lockbit, Sabsik, score, suspected of Malware, Trac, ET#96%, RDMK, cmRtazp5Qyyo6zjxgWq94qvZ2YQC, Static AI, Malicious PE, confidence, 100%) | ||
| md5 | d57f5d014ef57dc1703d49f89d94856a | ||
| sha256 | df633dbc5563b26ce94cc1e7fb39747e9c3f6012d6399e33105368d73a01698f | ||
| ssdeep | 6144:eycVlgnnBvkgKwX2Nf/b2dO6zujrGinVQJ:wVW1HX2NXbQOrHGC0 | ||
| imphash | 1e9673fd053a72437930c0bf72ec70cb | ||
| impfuzzy | 24:vek9u9EI0eHIA/JcDSa078U8LO4tIhJKJcQIlyv9Mo1NGSBjMRcTyn:3g4v64tiGcHK9MhSKcO | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 25 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x430010 LoadResource
0x430014 HeapAlloc
0x430018 GetConsoleAliasA
0x43001c SetEnvironmentVariableW
0x430020 GetEnvironmentStringsW
0x430024 AddConsoleAliasW
0x430028 FlushConsoleInputBuffer
0x43002c GetTickCount
0x430030 SetConsoleCursorPosition
0x430034 WriteConsoleW
0x430038 LCMapStringA
0x43003c SetLastError
0x430040 GetProcAddress
0x430044 VirtualAlloc
0x430048 BeginUpdateResourceW
0x43004c GetAtomNameA
0x430050 LoadLibraryA
0x430054 LocalAlloc
0x430058 GetModuleFileNameA
0x43005c EraseTape
0x430060 FindNextVolumeA
0x430064 lstrcpyA
0x430068 SetProcessAffinityMask
0x43006c CreateFileW
0x430070 ReadFile
0x430074 EncodePointer
0x430078 DecodePointer
0x43007c GetModuleHandleW
0x430080 ExitProcess
0x430084 GetCommandLineW
0x430088 HeapSetInformation
0x43008c GetStartupInfoW
0x430090 UnhandledExceptionFilter
0x430094 SetUnhandledExceptionFilter
0x430098 IsDebuggerPresent
0x43009c TerminateProcess
0x4300a0 GetCurrentProcess
0x4300a4 IsProcessorFeaturePresent
0x4300a8 TlsAlloc
0x4300ac TlsGetValue
0x4300b0 TlsSetValue
0x4300b4 TlsFree
0x4300b8 InterlockedIncrement
0x4300bc GetCurrentThreadId
0x4300c0 GetLastError
0x4300c4 InterlockedDecrement
0x4300c8 EnterCriticalSection
0x4300cc LeaveCriticalSection
0x4300d0 SetHandleCount
0x4300d4 GetStdHandle
0x4300d8 InitializeCriticalSectionAndSpinCount
0x4300dc GetFileType
0x4300e0 DeleteCriticalSection
0x4300e4 RtlUnwind
0x4300e8 SetFilePointer
0x4300ec HeapFree
0x4300f0 CloseHandle
0x4300f4 LoadLibraryW
0x4300f8 WriteFile
0x4300fc GetModuleFileNameW
0x430100 FreeEnvironmentStringsW
0x430104 HeapCreate
0x430108 QueryPerformanceCounter
0x43010c GetCurrentProcessId
0x430110 GetSystemTimeAsFileTime
0x430114 GetCPInfo
0x430118 GetACP
0x43011c GetOEMCP
0x430120 IsValidCodePage
0x430124 Sleep
0x430128 WideCharToMultiByte
0x43012c GetConsoleCP
0x430130 GetConsoleMode
0x430134 CreateFileA
0x430138 SetStdHandle
0x43013c FlushFileBuffers
0x430140 HeapSize
0x430144 RaiseException
0x430148 LCMapStringW
0x43014c MultiByteToWideChar
0x430150 GetStringTypeW
0x430154 HeapReAlloc
0x430158 SetEndOfFile
0x43015c GetProcessHeap
USER32.dll
0x430164 SetCursorPos
GDI32.dll
0x430008 GetCharWidth32A
ADVAPI32.dll
0x430000 CloseEventLog
EAT(Export Address Table) is none
KERNEL32.dll
0x430010 LoadResource
0x430014 HeapAlloc
0x430018 GetConsoleAliasA
0x43001c SetEnvironmentVariableW
0x430020 GetEnvironmentStringsW
0x430024 AddConsoleAliasW
0x430028 FlushConsoleInputBuffer
0x43002c GetTickCount
0x430030 SetConsoleCursorPosition
0x430034 WriteConsoleW
0x430038 LCMapStringA
0x43003c SetLastError
0x430040 GetProcAddress
0x430044 VirtualAlloc
0x430048 BeginUpdateResourceW
0x43004c GetAtomNameA
0x430050 LoadLibraryA
0x430054 LocalAlloc
0x430058 GetModuleFileNameA
0x43005c EraseTape
0x430060 FindNextVolumeA
0x430064 lstrcpyA
0x430068 SetProcessAffinityMask
0x43006c CreateFileW
0x430070 ReadFile
0x430074 EncodePointer
0x430078 DecodePointer
0x43007c GetModuleHandleW
0x430080 ExitProcess
0x430084 GetCommandLineW
0x430088 HeapSetInformation
0x43008c GetStartupInfoW
0x430090 UnhandledExceptionFilter
0x430094 SetUnhandledExceptionFilter
0x430098 IsDebuggerPresent
0x43009c TerminateProcess
0x4300a0 GetCurrentProcess
0x4300a4 IsProcessorFeaturePresent
0x4300a8 TlsAlloc
0x4300ac TlsGetValue
0x4300b0 TlsSetValue
0x4300b4 TlsFree
0x4300b8 InterlockedIncrement
0x4300bc GetCurrentThreadId
0x4300c0 GetLastError
0x4300c4 InterlockedDecrement
0x4300c8 EnterCriticalSection
0x4300cc LeaveCriticalSection
0x4300d0 SetHandleCount
0x4300d4 GetStdHandle
0x4300d8 InitializeCriticalSectionAndSpinCount
0x4300dc GetFileType
0x4300e0 DeleteCriticalSection
0x4300e4 RtlUnwind
0x4300e8 SetFilePointer
0x4300ec HeapFree
0x4300f0 CloseHandle
0x4300f4 LoadLibraryW
0x4300f8 WriteFile
0x4300fc GetModuleFileNameW
0x430100 FreeEnvironmentStringsW
0x430104 HeapCreate
0x430108 QueryPerformanceCounter
0x43010c GetCurrentProcessId
0x430110 GetSystemTimeAsFileTime
0x430114 GetCPInfo
0x430118 GetACP
0x43011c GetOEMCP
0x430120 IsValidCodePage
0x430124 Sleep
0x430128 WideCharToMultiByte
0x43012c GetConsoleCP
0x430130 GetConsoleMode
0x430134 CreateFileA
0x430138 SetStdHandle
0x43013c FlushFileBuffers
0x430140 HeapSize
0x430144 RaiseException
0x430148 LCMapStringW
0x43014c MultiByteToWideChar
0x430150 GetStringTypeW
0x430154 HeapReAlloc
0x430158 SetEndOfFile
0x43015c GetProcessHeap
USER32.dll
0x430164 SetCursorPos
GDI32.dll
0x430008 GetCharWidth32A
ADVAPI32.dll
0x430000 CloseEventLog
EAT(Export Address Table) is none