ScreenShot
| Created | 2021.11.07 09:57 | Machine | s1_win7_x6401 |
| Filename | top.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 29 detected (AIDetect, malware1, malicious, high confidence, Fragtor, GenericRXQC, Unsafe, Save, confidence, 100%, Hacktool, ZexaF, vq0@aKciSFjI, Kryptik, Eldorado, Convagent, Lockbit, Sabsik, score, ai score=88, Generic@ML, RDML, Q2u67mXI9+aKmI7SApHSfw, Static AI, Malicious PE) | ||
| md5 | ec96328f54c17fa67a308772e6987d0c | ||
| sha256 | b28536f360a4fbc9f2f03a50e5d66caa534b51a8fc68764f1961f6bcb1160b0f | ||
| ssdeep | 6144:AM9GCZYlGWpa/jIecHe+8bkSUOcyDZuUuzbgwu7igaipfjz:X9GCZiLp7HbuPunnjK | ||
| imphash | 9e3ac2424cecff905bdab3e7336b91cb | ||
| impfuzzy | 24:tXSPbG2SmESxCIB1cDku9jpso7qoOovVtUwcpluiyv92/J3I+JSnujMfK318n:tX/1wTn2tbcpsb981SnkF8 | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x43a008 SetThreadContext
0x43a00c WriteConsoleOutputCharacterW
0x43a010 GetDefaultCommConfigW
0x43a014 HeapAlloc
0x43a018 UpdateResourceA
0x43a01c HeapFree
0x43a020 GetEnvironmentStringsW
0x43a024 BackupSeek
0x43a028 GetTickCount
0x43a02c GlobalAlloc
0x43a030 LoadLibraryW
0x43a034 SizeofResource
0x43a038 GetTapePosition
0x43a03c SetConsoleCursorPosition
0x43a040 WriteConsoleW
0x43a044 GetAtomNameW
0x43a048 LCMapStringA
0x43a04c GetLastError
0x43a050 GetProcAddress
0x43a054 VirtualAlloc
0x43a058 GetFirmwareEnvironmentVariableW
0x43a05c LoadLibraryA
0x43a060 WriteConsoleA
0x43a064 BeginUpdateResourceA
0x43a068 GetModuleFileNameA
0x43a06c SetConsoleCursorInfo
0x43a070 AddConsoleAliasA
0x43a074 FindNextVolumeA
0x43a078 lstrcpyA
0x43a07c SetProcessAffinityMask
0x43a080 CreateFileW
0x43a084 GetStringTypeW
0x43a088 GetModuleHandleW
0x43a08c ExitProcess
0x43a090 DecodePointer
0x43a094 GetCommandLineA
0x43a098 HeapSetInformation
0x43a09c GetStartupInfoW
0x43a0a0 UnhandledExceptionFilter
0x43a0a4 SetUnhandledExceptionFilter
0x43a0a8 IsDebuggerPresent
0x43a0ac EncodePointer
0x43a0b0 TerminateProcess
0x43a0b4 GetCurrentProcess
0x43a0b8 IsProcessorFeaturePresent
0x43a0bc WriteFile
0x43a0c0 GetStdHandle
0x43a0c4 GetModuleFileNameW
0x43a0c8 HeapCreate
0x43a0cc EnterCriticalSection
0x43a0d0 LeaveCriticalSection
0x43a0d4 InitializeCriticalSectionAndSpinCount
0x43a0d8 RtlUnwind
0x43a0dc SetHandleCount
0x43a0e0 GetFileType
0x43a0e4 DeleteCriticalSection
0x43a0e8 SetFilePointer
0x43a0ec CloseHandle
0x43a0f0 TlsAlloc
0x43a0f4 TlsGetValue
0x43a0f8 TlsSetValue
0x43a0fc TlsFree
0x43a100 InterlockedIncrement
0x43a104 SetLastError
0x43a108 GetCurrentThreadId
0x43a10c InterlockedDecrement
0x43a110 FreeEnvironmentStringsW
0x43a114 WideCharToMultiByte
0x43a118 QueryPerformanceCounter
0x43a11c GetCurrentProcessId
0x43a120 GetSystemTimeAsFileTime
0x43a124 RaiseException
0x43a128 Sleep
0x43a12c CreateFileA
0x43a130 GetCPInfo
0x43a134 GetACP
0x43a138 GetOEMCP
0x43a13c IsValidCodePage
0x43a140 GetConsoleCP
0x43a144 GetConsoleMode
0x43a148 SetStdHandle
0x43a14c FlushFileBuffers
0x43a150 HeapSize
0x43a154 HeapReAlloc
0x43a158 SetEndOfFile
0x43a15c GetProcessHeap
0x43a160 MultiByteToWideChar
0x43a164 ReadFile
0x43a168 LCMapStringW
USER32.dll
0x43a170 GetCursorPos
ADVAPI32.dll
0x43a000 NotifyChangeEventLog
EAT(Export Address Table) is none
KERNEL32.dll
0x43a008 SetThreadContext
0x43a00c WriteConsoleOutputCharacterW
0x43a010 GetDefaultCommConfigW
0x43a014 HeapAlloc
0x43a018 UpdateResourceA
0x43a01c HeapFree
0x43a020 GetEnvironmentStringsW
0x43a024 BackupSeek
0x43a028 GetTickCount
0x43a02c GlobalAlloc
0x43a030 LoadLibraryW
0x43a034 SizeofResource
0x43a038 GetTapePosition
0x43a03c SetConsoleCursorPosition
0x43a040 WriteConsoleW
0x43a044 GetAtomNameW
0x43a048 LCMapStringA
0x43a04c GetLastError
0x43a050 GetProcAddress
0x43a054 VirtualAlloc
0x43a058 GetFirmwareEnvironmentVariableW
0x43a05c LoadLibraryA
0x43a060 WriteConsoleA
0x43a064 BeginUpdateResourceA
0x43a068 GetModuleFileNameA
0x43a06c SetConsoleCursorInfo
0x43a070 AddConsoleAliasA
0x43a074 FindNextVolumeA
0x43a078 lstrcpyA
0x43a07c SetProcessAffinityMask
0x43a080 CreateFileW
0x43a084 GetStringTypeW
0x43a088 GetModuleHandleW
0x43a08c ExitProcess
0x43a090 DecodePointer
0x43a094 GetCommandLineA
0x43a098 HeapSetInformation
0x43a09c GetStartupInfoW
0x43a0a0 UnhandledExceptionFilter
0x43a0a4 SetUnhandledExceptionFilter
0x43a0a8 IsDebuggerPresent
0x43a0ac EncodePointer
0x43a0b0 TerminateProcess
0x43a0b4 GetCurrentProcess
0x43a0b8 IsProcessorFeaturePresent
0x43a0bc WriteFile
0x43a0c0 GetStdHandle
0x43a0c4 GetModuleFileNameW
0x43a0c8 HeapCreate
0x43a0cc EnterCriticalSection
0x43a0d0 LeaveCriticalSection
0x43a0d4 InitializeCriticalSectionAndSpinCount
0x43a0d8 RtlUnwind
0x43a0dc SetHandleCount
0x43a0e0 GetFileType
0x43a0e4 DeleteCriticalSection
0x43a0e8 SetFilePointer
0x43a0ec CloseHandle
0x43a0f0 TlsAlloc
0x43a0f4 TlsGetValue
0x43a0f8 TlsSetValue
0x43a0fc TlsFree
0x43a100 InterlockedIncrement
0x43a104 SetLastError
0x43a108 GetCurrentThreadId
0x43a10c InterlockedDecrement
0x43a110 FreeEnvironmentStringsW
0x43a114 WideCharToMultiByte
0x43a118 QueryPerformanceCounter
0x43a11c GetCurrentProcessId
0x43a120 GetSystemTimeAsFileTime
0x43a124 RaiseException
0x43a128 Sleep
0x43a12c CreateFileA
0x43a130 GetCPInfo
0x43a134 GetACP
0x43a138 GetOEMCP
0x43a13c IsValidCodePage
0x43a140 GetConsoleCP
0x43a144 GetConsoleMode
0x43a148 SetStdHandle
0x43a14c FlushFileBuffers
0x43a150 HeapSize
0x43a154 HeapReAlloc
0x43a158 SetEndOfFile
0x43a15c GetProcessHeap
0x43a160 MultiByteToWideChar
0x43a164 ReadFile
0x43a168 LCMapStringW
USER32.dll
0x43a170 GetCursorPos
ADVAPI32.dll
0x43a000 NotifyChangeEventLog
EAT(Export Address Table) is none