ScreenShot
| Created | 2021.11.05 09:31 | Machine | s1_win7_x6403 |
| Filename | sefile2.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 23 detected (AIDetect, malware1, malicious, high confidence, Hacktool, ZexaF, rC0@aejg7dbI, Kryptik, Eldorado, Attribute, HighConfidence, Lockbit, Sabsik, score, Unsafe, ET#98%, RDMK, cmRtazqSw7luqWaquu9AfDqAihzx, Static AI, Malicious PE, confidence, 100%) | ||
| md5 | 38055b609cbc5df14fd86be301eb6397 | ||
| sha256 | 5de9df8a26ffb55fc833553efa212832ee0cceaac94c8e1d39d35a339a94dc81 | ||
| ssdeep | 6144:qikZPjnZT+w2p9b23dDA//YDTHaFYjxtU:NkZPLUr21A/JIxO | ||
| imphash | fbe4cce31825940f582af9763f8c6fb6 | ||
| impfuzzy | 24:AbG2SqkNq+fhIhJcDku94seylmY8UiOovVt4cQIlyv9HThOG5hIjT4njjMCI3yn:j1J7rmS2t4cHK9HTfMcnyC | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x43a010 GetDefaultCommConfigW
0x43a014 HeapAlloc
0x43a018 GetConsoleAliasA
0x43a01c GetEnvironmentStringsW
0x43a020 SetConsoleScreenBufferSize
0x43a024 SizeofResource
0x43a028 FindNextVolumeW
0x43a02c SetConsoleCursorPosition
0x43a030 WriteConsoleW
0x43a034 GetModuleFileNameW
0x43a038 SetLastError
0x43a03c GetProcAddress
0x43a040 VirtualAlloc
0x43a044 GetFirmwareEnvironmentVariableW
0x43a048 GetAtomNameA
0x43a04c LoadLibraryA
0x43a050 WriteConsoleA
0x43a054 LocalAlloc
0x43a058 BeginUpdateResourceA
0x43a05c GetModuleFileNameA
0x43a060 EraseTape
0x43a064 AddConsoleAliasA
0x43a068 lstrcpyW
0x43a06c LCMapStringA
0x43a070 SetProcessAffinityMask
0x43a074 CreateFileW
0x43a078 ReadFile
0x43a07c EncodePointer
0x43a080 DecodePointer
0x43a084 GetCommandLineA
0x43a088 HeapSetInformation
0x43a08c GetStartupInfoW
0x43a090 UnhandledExceptionFilter
0x43a094 SetUnhandledExceptionFilter
0x43a098 IsDebuggerPresent
0x43a09c TerminateProcess
0x43a0a0 GetCurrentProcess
0x43a0a4 IsProcessorFeaturePresent
0x43a0a8 EnterCriticalSection
0x43a0ac LeaveCriticalSection
0x43a0b0 SetHandleCount
0x43a0b4 GetStdHandle
0x43a0b8 InitializeCriticalSectionAndSpinCount
0x43a0bc GetFileType
0x43a0c0 DeleteCriticalSection
0x43a0c4 GetModuleHandleW
0x43a0c8 ExitProcess
0x43a0cc WriteFile
0x43a0d0 HeapCreate
0x43a0d4 Sleep
0x43a0d8 HeapSize
0x43a0dc RtlUnwind
0x43a0e0 GetLastError
0x43a0e4 SetFilePointer
0x43a0e8 HeapFree
0x43a0ec CloseHandle
0x43a0f0 FreeEnvironmentStringsW
0x43a0f4 WideCharToMultiByte
0x43a0f8 TlsAlloc
0x43a0fc TlsGetValue
0x43a100 TlsSetValue
0x43a104 TlsFree
0x43a108 InterlockedIncrement
0x43a10c GetCurrentThreadId
0x43a110 InterlockedDecrement
0x43a114 QueryPerformanceCounter
0x43a118 GetTickCount
0x43a11c GetCurrentProcessId
0x43a120 GetSystemTimeAsFileTime
0x43a124 RaiseException
0x43a128 GetConsoleCP
0x43a12c GetConsoleMode
0x43a130 LoadLibraryW
0x43a134 HeapReAlloc
0x43a138 GetCPInfo
0x43a13c GetACP
0x43a140 GetOEMCP
0x43a144 IsValidCodePage
0x43a148 CreateFileA
0x43a14c SetStdHandle
0x43a150 FlushFileBuffers
0x43a154 MultiByteToWideChar
0x43a158 LCMapStringW
0x43a15c GetStringTypeW
0x43a160 SetEndOfFile
0x43a164 GetProcessHeap
USER32.dll
0x43a16c GetCursorPos
GDI32.dll
0x43a008 GetCharWidth32A
ADVAPI32.dll
0x43a000 CloseEventLog
EAT(Export Address Table) is none
KERNEL32.dll
0x43a010 GetDefaultCommConfigW
0x43a014 HeapAlloc
0x43a018 GetConsoleAliasA
0x43a01c GetEnvironmentStringsW
0x43a020 SetConsoleScreenBufferSize
0x43a024 SizeofResource
0x43a028 FindNextVolumeW
0x43a02c SetConsoleCursorPosition
0x43a030 WriteConsoleW
0x43a034 GetModuleFileNameW
0x43a038 SetLastError
0x43a03c GetProcAddress
0x43a040 VirtualAlloc
0x43a044 GetFirmwareEnvironmentVariableW
0x43a048 GetAtomNameA
0x43a04c LoadLibraryA
0x43a050 WriteConsoleA
0x43a054 LocalAlloc
0x43a058 BeginUpdateResourceA
0x43a05c GetModuleFileNameA
0x43a060 EraseTape
0x43a064 AddConsoleAliasA
0x43a068 lstrcpyW
0x43a06c LCMapStringA
0x43a070 SetProcessAffinityMask
0x43a074 CreateFileW
0x43a078 ReadFile
0x43a07c EncodePointer
0x43a080 DecodePointer
0x43a084 GetCommandLineA
0x43a088 HeapSetInformation
0x43a08c GetStartupInfoW
0x43a090 UnhandledExceptionFilter
0x43a094 SetUnhandledExceptionFilter
0x43a098 IsDebuggerPresent
0x43a09c TerminateProcess
0x43a0a0 GetCurrentProcess
0x43a0a4 IsProcessorFeaturePresent
0x43a0a8 EnterCriticalSection
0x43a0ac LeaveCriticalSection
0x43a0b0 SetHandleCount
0x43a0b4 GetStdHandle
0x43a0b8 InitializeCriticalSectionAndSpinCount
0x43a0bc GetFileType
0x43a0c0 DeleteCriticalSection
0x43a0c4 GetModuleHandleW
0x43a0c8 ExitProcess
0x43a0cc WriteFile
0x43a0d0 HeapCreate
0x43a0d4 Sleep
0x43a0d8 HeapSize
0x43a0dc RtlUnwind
0x43a0e0 GetLastError
0x43a0e4 SetFilePointer
0x43a0e8 HeapFree
0x43a0ec CloseHandle
0x43a0f0 FreeEnvironmentStringsW
0x43a0f4 WideCharToMultiByte
0x43a0f8 TlsAlloc
0x43a0fc TlsGetValue
0x43a100 TlsSetValue
0x43a104 TlsFree
0x43a108 InterlockedIncrement
0x43a10c GetCurrentThreadId
0x43a110 InterlockedDecrement
0x43a114 QueryPerformanceCounter
0x43a118 GetTickCount
0x43a11c GetCurrentProcessId
0x43a120 GetSystemTimeAsFileTime
0x43a124 RaiseException
0x43a128 GetConsoleCP
0x43a12c GetConsoleMode
0x43a130 LoadLibraryW
0x43a134 HeapReAlloc
0x43a138 GetCPInfo
0x43a13c GetACP
0x43a140 GetOEMCP
0x43a144 IsValidCodePage
0x43a148 CreateFileA
0x43a14c SetStdHandle
0x43a150 FlushFileBuffers
0x43a154 MultiByteToWideChar
0x43a158 LCMapStringW
0x43a15c GetStringTypeW
0x43a160 SetEndOfFile
0x43a164 GetProcessHeap
USER32.dll
0x43a16c GetCursorPos
GDI32.dll
0x43a008 GetCharWidth32A
ADVAPI32.dll
0x43a000 CloseEventLog
EAT(Export Address Table) is none