ScreenShot
| Created | 2021.11.05 18:28 | Machine | s1_win7_x6401 |
| Filename | mi1_yjdzfg.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 16 detected (malicious, VMProtect, kcloud, Tnega, score, Artemis, Unsafe, confidence) | ||
| md5 | d8cf58004f66339acefc2b6f1c6ecdc8 | ||
| sha256 | 8ff340bd6201a5fe37594d4c5257729d42a9030a22566999b123a7f2c783590b | ||
| ssdeep | 196608:FLvl5PCjXPPMGHMZnliZSBqmBPkShDyE8:j5Pks6MZnmSUm2Shk | ||
| imphash | ad03ae817c87fd74bd29f1c17e69dc64 | ||
| impfuzzy | 96:oqa+w61AXB+Zcp+qjtu86tevVBSiZXpcu/:fmvR+BuPZcg | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 16 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
msvcrt.dll
0xc6b000 malloc
0xc6b008 memset
0xc6b010 _get_pgmptr
0xc6b018 getenv
0xc6b020 sprintf
0xc6b028 __argc
0xc6b030 __argv
0xc6b038 _environ
0xc6b040 _XcptFilter
0xc6b048 __set_app_type
0xc6b050 _controlfp
0xc6b058 __getmainargs
0xc6b060 exit
kernel32.dll
0xc6b070 Sleep
0xc6b078 CreateProcessA
0xc6b080 SetUnhandledExceptionFilter
WTSAPI32.dll
0xc6b090 WTSSendMessageW
kernel32.dll
0xc6b0a0 GetSystemTimeAsFileTime
0xc6b0a8 GetModuleHandleA
0xc6b0b0 CreateEventA
0xc6b0b8 GetModuleFileNameW
0xc6b0c0 LoadLibraryA
0xc6b0c8 TerminateProcess
0xc6b0d0 GetCurrentProcess
0xc6b0d8 CreateToolhelp32Snapshot
0xc6b0e0 Thread32First
0xc6b0e8 GetCurrentProcessId
0xc6b0f0 GetCurrentThreadId
0xc6b0f8 OpenThread
0xc6b100 Thread32Next
0xc6b108 CloseHandle
0xc6b110 SuspendThread
0xc6b118 ResumeThread
0xc6b120 WriteProcessMemory
0xc6b128 GetSystemInfo
0xc6b130 VirtualAlloc
0xc6b138 VirtualProtect
0xc6b140 VirtualFree
0xc6b148 GetProcessAffinityMask
0xc6b150 SetProcessAffinityMask
0xc6b158 GetCurrentThread
0xc6b160 SetThreadAffinityMask
0xc6b168 Sleep
0xc6b170 FreeLibrary
0xc6b178 GetTickCount
0xc6b180 SystemTimeToFileTime
0xc6b188 FileTimeToSystemTime
0xc6b190 GlobalFree
0xc6b198 LocalAlloc
0xc6b1a0 LocalFree
0xc6b1a8 GetProcAddress
0xc6b1b0 ExitProcess
0xc6b1b8 EnterCriticalSection
0xc6b1c0 LeaveCriticalSection
0xc6b1c8 InitializeCriticalSection
0xc6b1d0 DeleteCriticalSection
0xc6b1d8 GetModuleHandleW
0xc6b1e0 LoadResource
0xc6b1e8 MultiByteToWideChar
0xc6b1f0 FindResourceExW
0xc6b1f8 FindResourceExA
0xc6b200 WideCharToMultiByte
0xc6b208 GetThreadLocale
0xc6b210 GetUserDefaultLCID
0xc6b218 GetSystemDefaultLCID
0xc6b220 EnumResourceNamesA
0xc6b228 EnumResourceNamesW
0xc6b230 EnumResourceLanguagesA
0xc6b238 EnumResourceLanguagesW
0xc6b240 EnumResourceTypesA
0xc6b248 EnumResourceTypesW
0xc6b250 CreateFileW
0xc6b258 LoadLibraryW
0xc6b260 GetLastError
0xc6b268 FlushFileBuffers
0xc6b270 CreateFileA
0xc6b278 WriteConsoleW
0xc6b280 GetConsoleOutputCP
0xc6b288 WriteConsoleA
0xc6b290 SetStdHandle
0xc6b298 FlsSetValue
0xc6b2a0 GetCommandLineA
0xc6b2a8 RaiseException
0xc6b2b0 RtlPcToFileHeader
0xc6b2b8 RtlLookupFunctionEntry
0xc6b2c0 RtlUnwindEx
0xc6b2c8 HeapFree
0xc6b2d0 GetCPInfo
0xc6b2d8 GetACP
0xc6b2e0 GetOEMCP
0xc6b2e8 IsValidCodePage
0xc6b2f0 EncodePointer
0xc6b2f8 DecodePointer
0xc6b300 FlsGetValue
0xc6b308 FlsFree
0xc6b310 SetLastError
0xc6b318 FlsAlloc
0xc6b320 UnhandledExceptionFilter
0xc6b328 SetUnhandledExceptionFilter
0xc6b330 IsDebuggerPresent
0xc6b338 RtlVirtualUnwind
0xc6b340 RtlCaptureContext
0xc6b348 HeapAlloc
0xc6b350 LCMapStringA
0xc6b358 LCMapStringW
0xc6b360 SetHandleCount
0xc6b368 GetStdHandle
0xc6b370 GetFileType
0xc6b378 GetStartupInfoA
0xc6b380 GetModuleFileNameA
0xc6b388 FreeEnvironmentStringsA
0xc6b390 GetEnvironmentStrings
0xc6b398 FreeEnvironmentStringsW
0xc6b3a0 GetEnvironmentStringsW
0xc6b3a8 HeapSetInformation
0xc6b3b0 HeapCreate
0xc6b3b8 HeapDestroy
0xc6b3c0 QueryPerformanceCounter
0xc6b3c8 GetStringTypeA
0xc6b3d0 GetStringTypeW
0xc6b3d8 GetLocaleInfoA
0xc6b3e0 HeapSize
0xc6b3e8 WriteFile
0xc6b3f0 SetFilePointer
0xc6b3f8 GetConsoleCP
0xc6b400 GetConsoleMode
0xc6b408 HeapReAlloc
0xc6b410 InitializeCriticalSectionAndSpinCount
USER32.dll
0xc6b420 GetUserObjectInformationW
0xc6b428 CharUpperBuffW
0xc6b430 MessageBoxW
0xc6b438 GetProcessWindowStation
kernel32.dll
0xc6b448 LocalAlloc
0xc6b450 LocalFree
0xc6b458 GetModuleFileNameW
0xc6b460 GetProcessAffinityMask
0xc6b468 SetProcessAffinityMask
0xc6b470 SetThreadAffinityMask
0xc6b478 Sleep
0xc6b480 ExitProcess
0xc6b488 FreeLibrary
0xc6b490 LoadLibraryA
0xc6b498 GetModuleHandleA
0xc6b4a0 GetProcAddress
USER32.dll
0xc6b4b0 GetProcessWindowStation
0xc6b4b8 GetUserObjectInformationW
EAT(Export Address Table) Library
msvcrt.dll
0xc6b000 malloc
0xc6b008 memset
0xc6b010 _get_pgmptr
0xc6b018 getenv
0xc6b020 sprintf
0xc6b028 __argc
0xc6b030 __argv
0xc6b038 _environ
0xc6b040 _XcptFilter
0xc6b048 __set_app_type
0xc6b050 _controlfp
0xc6b058 __getmainargs
0xc6b060 exit
kernel32.dll
0xc6b070 Sleep
0xc6b078 CreateProcessA
0xc6b080 SetUnhandledExceptionFilter
WTSAPI32.dll
0xc6b090 WTSSendMessageW
kernel32.dll
0xc6b0a0 GetSystemTimeAsFileTime
0xc6b0a8 GetModuleHandleA
0xc6b0b0 CreateEventA
0xc6b0b8 GetModuleFileNameW
0xc6b0c0 LoadLibraryA
0xc6b0c8 TerminateProcess
0xc6b0d0 GetCurrentProcess
0xc6b0d8 CreateToolhelp32Snapshot
0xc6b0e0 Thread32First
0xc6b0e8 GetCurrentProcessId
0xc6b0f0 GetCurrentThreadId
0xc6b0f8 OpenThread
0xc6b100 Thread32Next
0xc6b108 CloseHandle
0xc6b110 SuspendThread
0xc6b118 ResumeThread
0xc6b120 WriteProcessMemory
0xc6b128 GetSystemInfo
0xc6b130 VirtualAlloc
0xc6b138 VirtualProtect
0xc6b140 VirtualFree
0xc6b148 GetProcessAffinityMask
0xc6b150 SetProcessAffinityMask
0xc6b158 GetCurrentThread
0xc6b160 SetThreadAffinityMask
0xc6b168 Sleep
0xc6b170 FreeLibrary
0xc6b178 GetTickCount
0xc6b180 SystemTimeToFileTime
0xc6b188 FileTimeToSystemTime
0xc6b190 GlobalFree
0xc6b198 LocalAlloc
0xc6b1a0 LocalFree
0xc6b1a8 GetProcAddress
0xc6b1b0 ExitProcess
0xc6b1b8 EnterCriticalSection
0xc6b1c0 LeaveCriticalSection
0xc6b1c8 InitializeCriticalSection
0xc6b1d0 DeleteCriticalSection
0xc6b1d8 GetModuleHandleW
0xc6b1e0 LoadResource
0xc6b1e8 MultiByteToWideChar
0xc6b1f0 FindResourceExW
0xc6b1f8 FindResourceExA
0xc6b200 WideCharToMultiByte
0xc6b208 GetThreadLocale
0xc6b210 GetUserDefaultLCID
0xc6b218 GetSystemDefaultLCID
0xc6b220 EnumResourceNamesA
0xc6b228 EnumResourceNamesW
0xc6b230 EnumResourceLanguagesA
0xc6b238 EnumResourceLanguagesW
0xc6b240 EnumResourceTypesA
0xc6b248 EnumResourceTypesW
0xc6b250 CreateFileW
0xc6b258 LoadLibraryW
0xc6b260 GetLastError
0xc6b268 FlushFileBuffers
0xc6b270 CreateFileA
0xc6b278 WriteConsoleW
0xc6b280 GetConsoleOutputCP
0xc6b288 WriteConsoleA
0xc6b290 SetStdHandle
0xc6b298 FlsSetValue
0xc6b2a0 GetCommandLineA
0xc6b2a8 RaiseException
0xc6b2b0 RtlPcToFileHeader
0xc6b2b8 RtlLookupFunctionEntry
0xc6b2c0 RtlUnwindEx
0xc6b2c8 HeapFree
0xc6b2d0 GetCPInfo
0xc6b2d8 GetACP
0xc6b2e0 GetOEMCP
0xc6b2e8 IsValidCodePage
0xc6b2f0 EncodePointer
0xc6b2f8 DecodePointer
0xc6b300 FlsGetValue
0xc6b308 FlsFree
0xc6b310 SetLastError
0xc6b318 FlsAlloc
0xc6b320 UnhandledExceptionFilter
0xc6b328 SetUnhandledExceptionFilter
0xc6b330 IsDebuggerPresent
0xc6b338 RtlVirtualUnwind
0xc6b340 RtlCaptureContext
0xc6b348 HeapAlloc
0xc6b350 LCMapStringA
0xc6b358 LCMapStringW
0xc6b360 SetHandleCount
0xc6b368 GetStdHandle
0xc6b370 GetFileType
0xc6b378 GetStartupInfoA
0xc6b380 GetModuleFileNameA
0xc6b388 FreeEnvironmentStringsA
0xc6b390 GetEnvironmentStrings
0xc6b398 FreeEnvironmentStringsW
0xc6b3a0 GetEnvironmentStringsW
0xc6b3a8 HeapSetInformation
0xc6b3b0 HeapCreate
0xc6b3b8 HeapDestroy
0xc6b3c0 QueryPerformanceCounter
0xc6b3c8 GetStringTypeA
0xc6b3d0 GetStringTypeW
0xc6b3d8 GetLocaleInfoA
0xc6b3e0 HeapSize
0xc6b3e8 WriteFile
0xc6b3f0 SetFilePointer
0xc6b3f8 GetConsoleCP
0xc6b400 GetConsoleMode
0xc6b408 HeapReAlloc
0xc6b410 InitializeCriticalSectionAndSpinCount
USER32.dll
0xc6b420 GetUserObjectInformationW
0xc6b428 CharUpperBuffW
0xc6b430 MessageBoxW
0xc6b438 GetProcessWindowStation
kernel32.dll
0xc6b448 LocalAlloc
0xc6b450 LocalFree
0xc6b458 GetModuleFileNameW
0xc6b460 GetProcessAffinityMask
0xc6b468 SetProcessAffinityMask
0xc6b470 SetThreadAffinityMask
0xc6b478 Sleep
0xc6b480 ExitProcess
0xc6b488 FreeLibrary
0xc6b490 LoadLibraryA
0xc6b498 GetModuleHandleA
0xc6b4a0 GetProcAddress
USER32.dll
0xc6b4b0 GetProcessWindowStation
0xc6b4b8 GetUserObjectInformationW
EAT(Export Address Table) Library