ScreenShot
| Created | 2021.11.04 15:27 | Machine | s1_win7_x6403 |
| Filename | pub33.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 26 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, Hacktool, ZexaF, iu0@ai06uNoI, Kryptik, Eldorado, Injuke, Lockbit, Sabsik, score, suspected of Malware, Trac, ET#95%, RDMK, cmRtazqWzNHx1cG04B2gGEOR, Static AI, Malicious PE, confidence, 100%, susgen) | ||
| md5 | cafd9451b6821b63e44bcc315c4f2456 | ||
| sha256 | d54a46a80973bc0542ace1732fe9275d9f77a79ad895d575e6e540935d72b95e | ||
| ssdeep | 3072:r3gHX3vp3qRTbfpOKR9zayKHBTp2kgFtWfJXlAnO:run1qRTrpO2Wy+BTptrA | ||
| imphash | 1e9673fd053a72437930c0bf72ec70cb | ||
| impfuzzy | 24:vek9u9EI0eHIA/JcDSa078U8LO4tIhJKJcQIlyv9Mo1NGSBjMRcTyn:3g4v64tiGcHK9MhSKcO | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x417010 LoadResource
0x417014 HeapAlloc
0x417018 GetConsoleAliasA
0x41701c SetEnvironmentVariableW
0x417020 GetEnvironmentStringsW
0x417024 AddConsoleAliasW
0x417028 FlushConsoleInputBuffer
0x41702c GetTickCount
0x417030 SetConsoleCursorPosition
0x417034 WriteConsoleW
0x417038 LCMapStringA
0x41703c SetLastError
0x417040 GetProcAddress
0x417044 VirtualAlloc
0x417048 BeginUpdateResourceW
0x41704c GetAtomNameA
0x417050 LoadLibraryA
0x417054 LocalAlloc
0x417058 GetModuleFileNameA
0x41705c EraseTape
0x417060 FindNextVolumeA
0x417064 lstrcpyA
0x417068 SetProcessAffinityMask
0x41706c CreateFileW
0x417070 ReadFile
0x417074 EncodePointer
0x417078 DecodePointer
0x41707c GetModuleHandleW
0x417080 ExitProcess
0x417084 GetCommandLineW
0x417088 HeapSetInformation
0x41708c GetStartupInfoW
0x417090 UnhandledExceptionFilter
0x417094 SetUnhandledExceptionFilter
0x417098 IsDebuggerPresent
0x41709c TerminateProcess
0x4170a0 GetCurrentProcess
0x4170a4 IsProcessorFeaturePresent
0x4170a8 TlsAlloc
0x4170ac TlsGetValue
0x4170b0 TlsSetValue
0x4170b4 TlsFree
0x4170b8 InterlockedIncrement
0x4170bc GetCurrentThreadId
0x4170c0 GetLastError
0x4170c4 InterlockedDecrement
0x4170c8 EnterCriticalSection
0x4170cc LeaveCriticalSection
0x4170d0 SetHandleCount
0x4170d4 GetStdHandle
0x4170d8 InitializeCriticalSectionAndSpinCount
0x4170dc GetFileType
0x4170e0 DeleteCriticalSection
0x4170e4 RtlUnwind
0x4170e8 SetFilePointer
0x4170ec HeapFree
0x4170f0 CloseHandle
0x4170f4 LoadLibraryW
0x4170f8 WriteFile
0x4170fc GetModuleFileNameW
0x417100 FreeEnvironmentStringsW
0x417104 HeapCreate
0x417108 QueryPerformanceCounter
0x41710c GetCurrentProcessId
0x417110 GetSystemTimeAsFileTime
0x417114 GetCPInfo
0x417118 GetACP
0x41711c GetOEMCP
0x417120 IsValidCodePage
0x417124 Sleep
0x417128 WideCharToMultiByte
0x41712c GetConsoleCP
0x417130 GetConsoleMode
0x417134 CreateFileA
0x417138 SetStdHandle
0x41713c FlushFileBuffers
0x417140 HeapSize
0x417144 RaiseException
0x417148 LCMapStringW
0x41714c MultiByteToWideChar
0x417150 GetStringTypeW
0x417154 HeapReAlloc
0x417158 SetEndOfFile
0x41715c GetProcessHeap
USER32.dll
0x417164 SetCursorPos
GDI32.dll
0x417008 GetCharWidth32A
ADVAPI32.dll
0x417000 CloseEventLog
EAT(Export Address Table) is none
KERNEL32.dll
0x417010 LoadResource
0x417014 HeapAlloc
0x417018 GetConsoleAliasA
0x41701c SetEnvironmentVariableW
0x417020 GetEnvironmentStringsW
0x417024 AddConsoleAliasW
0x417028 FlushConsoleInputBuffer
0x41702c GetTickCount
0x417030 SetConsoleCursorPosition
0x417034 WriteConsoleW
0x417038 LCMapStringA
0x41703c SetLastError
0x417040 GetProcAddress
0x417044 VirtualAlloc
0x417048 BeginUpdateResourceW
0x41704c GetAtomNameA
0x417050 LoadLibraryA
0x417054 LocalAlloc
0x417058 GetModuleFileNameA
0x41705c EraseTape
0x417060 FindNextVolumeA
0x417064 lstrcpyA
0x417068 SetProcessAffinityMask
0x41706c CreateFileW
0x417070 ReadFile
0x417074 EncodePointer
0x417078 DecodePointer
0x41707c GetModuleHandleW
0x417080 ExitProcess
0x417084 GetCommandLineW
0x417088 HeapSetInformation
0x41708c GetStartupInfoW
0x417090 UnhandledExceptionFilter
0x417094 SetUnhandledExceptionFilter
0x417098 IsDebuggerPresent
0x41709c TerminateProcess
0x4170a0 GetCurrentProcess
0x4170a4 IsProcessorFeaturePresent
0x4170a8 TlsAlloc
0x4170ac TlsGetValue
0x4170b0 TlsSetValue
0x4170b4 TlsFree
0x4170b8 InterlockedIncrement
0x4170bc GetCurrentThreadId
0x4170c0 GetLastError
0x4170c4 InterlockedDecrement
0x4170c8 EnterCriticalSection
0x4170cc LeaveCriticalSection
0x4170d0 SetHandleCount
0x4170d4 GetStdHandle
0x4170d8 InitializeCriticalSectionAndSpinCount
0x4170dc GetFileType
0x4170e0 DeleteCriticalSection
0x4170e4 RtlUnwind
0x4170e8 SetFilePointer
0x4170ec HeapFree
0x4170f0 CloseHandle
0x4170f4 LoadLibraryW
0x4170f8 WriteFile
0x4170fc GetModuleFileNameW
0x417100 FreeEnvironmentStringsW
0x417104 HeapCreate
0x417108 QueryPerformanceCounter
0x41710c GetCurrentProcessId
0x417110 GetSystemTimeAsFileTime
0x417114 GetCPInfo
0x417118 GetACP
0x41711c GetOEMCP
0x417120 IsValidCodePage
0x417124 Sleep
0x417128 WideCharToMultiByte
0x41712c GetConsoleCP
0x417130 GetConsoleMode
0x417134 CreateFileA
0x417138 SetStdHandle
0x41713c FlushFileBuffers
0x417140 HeapSize
0x417144 RaiseException
0x417148 LCMapStringW
0x41714c MultiByteToWideChar
0x417150 GetStringTypeW
0x417154 HeapReAlloc
0x417158 SetEndOfFile
0x41715c GetProcessHeap
USER32.dll
0x417164 SetCursorPos
GDI32.dll
0x417008 GetCharWidth32A
ADVAPI32.dll
0x417000 CloseEventLog
EAT(Export Address Table) is none