ScreenShot
| Created | 2021.11.07 10:16 | Machine | s1_win7_x6401 |
| Filename | qwe.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 25 detected (Strab, malicious, high confidence, Unsafe, confidence, Attribute, HighConfidence, Kryptik, HNFE, Artemis, Static AI, Malicious PE, susgen, kcloud, StopCrypt, score, BScope, Sabsik, InvalidSig, PossibleThreat, PALLAS) | ||
| md5 | 85ec477462d743926f740b17c40b323a | ||
| sha256 | 90aed2bc654014fa0706c10df251d4ccec94a1e06b9c0b15ec7b4f938fc18696 | ||
| ssdeep | 6144:9h3Bc5UiD5uUnQhfrWuaoMgGaHtH9FStwG7+erf1:9h3wUa5rnQFrxaoMgGaHteprf1 | ||
| imphash | 3c601bcfcec4678bbeefd6cc4d60711a | ||
| impfuzzy | 48:7YwQSVJezTIEtpEOjmcHK9AtfV8dcrkuAPG4:kEA0EXENcHQAtfV8dcrkz | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 25 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x401000 FindFirstChangeNotificationW
0x401004 GetConsoleAliasesLengthW
0x401008 TlsGetValue
0x40100c InterlockedIncrement
0x401010 ReadConsoleA
0x401014 GetSystemWindowsDirectoryW
0x401018 SetHandleInformation
0x40101c BackupSeek
0x401020 FreeEnvironmentStringsA
0x401024 IsBadReadPtr
0x401028 GetConsoleAliasesLengthA
0x40102c GetPrivateProfileStringW
0x401030 CreateActCtxW
0x401034 ActivateActCtx
0x401038 GlobalAlloc
0x40103c GetSystemDirectoryW
0x401040 LoadLibraryW
0x401044 ReadConsoleInputA
0x401048 GetSystemWow64DirectoryW
0x40104c SetVolumeMountPointA
0x401050 SetDllDirectoryA
0x401054 SetConsoleMode
0x401058 HeapValidate
0x40105c SetConsoleCursorPosition
0x401060 VerifyVersionInfoA
0x401064 GetACP
0x401068 GetStartupInfoW
0x40106c GetNamedPipeHandleStateW
0x401070 GetPrivateProfileIntW
0x401074 FindFirstFileExA
0x401078 GetLastError
0x40107c IsDBCSLeadByteEx
0x401080 GetCurrentDirectoryW
0x401084 SetLastError
0x401088 GetProcAddress
0x40108c SetFirmwareEnvironmentVariableW
0x401090 GlobalGetAtomNameA
0x401094 BuildCommDCBW
0x401098 OpenWaitableTimerW
0x40109c WritePrivateProfileStringA
0x4010a0 WriteProfileSectionW
0x4010a4 SetEnvironmentVariableA
0x4010a8 GetModuleFileNameA
0x4010ac GetOEMCP
0x4010b0 SetConsoleCursorInfo
0x4010b4 CompareStringA
0x4010b8 GetFileTime
0x4010bc SetProcessShutdownParameters
0x4010c0 SetFileShortNameA
0x4010c4 GetVersionExA
0x4010c8 GetWindowsDirectoryW
0x4010cc GetSystemTime
0x4010d0 TlsFree
0x4010d4 GetProfileSectionW
0x4010d8 DeleteFileA
0x4010dc LocalFileTimeToFileTime
0x4010e0 CloseHandle
0x4010e4 ReadFile
0x4010e8 GetCommandLineW
0x4010ec HeapSetInformation
0x4010f0 EnterCriticalSection
0x4010f4 LeaveCriticalSection
0x4010f8 SetHandleCount
0x4010fc GetStdHandle
0x401100 InitializeCriticalSectionAndSpinCount
0x401104 GetFileType
0x401108 DeleteCriticalSection
0x40110c DecodePointer
0x401110 TerminateProcess
0x401114 GetCurrentProcess
0x401118 UnhandledExceptionFilter
0x40111c SetUnhandledExceptionFilter
0x401120 IsDebuggerPresent
0x401124 EncodePointer
0x401128 GetModuleFileNameW
0x40112c IsProcessorFeaturePresent
0x401130 QueryPerformanceCounter
0x401134 GetTickCount
0x401138 GetCurrentThreadId
0x40113c GetCurrentProcessId
0x401140 GetSystemTimeAsFileTime
0x401144 InterlockedDecrement
0x401148 GetModuleHandleW
0x40114c ExitProcess
0x401150 FreeEnvironmentStringsW
0x401154 GetEnvironmentStringsW
0x401158 TlsAlloc
0x40115c TlsSetValue
0x401160 HeapCreate
0x401164 WriteFile
0x401168 SetFilePointer
0x40116c WideCharToMultiByte
0x401170 GetConsoleCP
0x401174 GetConsoleMode
0x401178 OutputDebugStringA
0x40117c WriteConsoleW
0x401180 OutputDebugStringW
0x401184 RtlUnwind
0x401188 MultiByteToWideChar
0x40118c GetCPInfo
0x401190 IsValidCodePage
0x401194 RaiseException
0x401198 HeapAlloc
0x40119c HeapReAlloc
0x4011a0 HeapSize
0x4011a4 HeapQueryInformation
0x4011a8 HeapFree
0x4011ac FlushFileBuffers
0x4011b0 SetStdHandle
0x4011b4 GetStringTypeW
0x4011b8 LCMapStringW
0x4011bc CreateFileW
USER32.dll
0x4011c4 GetCursorInfo
0x4011c8 GetMenuInfo
0x4011cc GetMessagePos
WINHTTP.dll
0x4011d4 WinHttpCloseHandle
EAT(Export Address Table) is none
KERNEL32.dll
0x401000 FindFirstChangeNotificationW
0x401004 GetConsoleAliasesLengthW
0x401008 TlsGetValue
0x40100c InterlockedIncrement
0x401010 ReadConsoleA
0x401014 GetSystemWindowsDirectoryW
0x401018 SetHandleInformation
0x40101c BackupSeek
0x401020 FreeEnvironmentStringsA
0x401024 IsBadReadPtr
0x401028 GetConsoleAliasesLengthA
0x40102c GetPrivateProfileStringW
0x401030 CreateActCtxW
0x401034 ActivateActCtx
0x401038 GlobalAlloc
0x40103c GetSystemDirectoryW
0x401040 LoadLibraryW
0x401044 ReadConsoleInputA
0x401048 GetSystemWow64DirectoryW
0x40104c SetVolumeMountPointA
0x401050 SetDllDirectoryA
0x401054 SetConsoleMode
0x401058 HeapValidate
0x40105c SetConsoleCursorPosition
0x401060 VerifyVersionInfoA
0x401064 GetACP
0x401068 GetStartupInfoW
0x40106c GetNamedPipeHandleStateW
0x401070 GetPrivateProfileIntW
0x401074 FindFirstFileExA
0x401078 GetLastError
0x40107c IsDBCSLeadByteEx
0x401080 GetCurrentDirectoryW
0x401084 SetLastError
0x401088 GetProcAddress
0x40108c SetFirmwareEnvironmentVariableW
0x401090 GlobalGetAtomNameA
0x401094 BuildCommDCBW
0x401098 OpenWaitableTimerW
0x40109c WritePrivateProfileStringA
0x4010a0 WriteProfileSectionW
0x4010a4 SetEnvironmentVariableA
0x4010a8 GetModuleFileNameA
0x4010ac GetOEMCP
0x4010b0 SetConsoleCursorInfo
0x4010b4 CompareStringA
0x4010b8 GetFileTime
0x4010bc SetProcessShutdownParameters
0x4010c0 SetFileShortNameA
0x4010c4 GetVersionExA
0x4010c8 GetWindowsDirectoryW
0x4010cc GetSystemTime
0x4010d0 TlsFree
0x4010d4 GetProfileSectionW
0x4010d8 DeleteFileA
0x4010dc LocalFileTimeToFileTime
0x4010e0 CloseHandle
0x4010e4 ReadFile
0x4010e8 GetCommandLineW
0x4010ec HeapSetInformation
0x4010f0 EnterCriticalSection
0x4010f4 LeaveCriticalSection
0x4010f8 SetHandleCount
0x4010fc GetStdHandle
0x401100 InitializeCriticalSectionAndSpinCount
0x401104 GetFileType
0x401108 DeleteCriticalSection
0x40110c DecodePointer
0x401110 TerminateProcess
0x401114 GetCurrentProcess
0x401118 UnhandledExceptionFilter
0x40111c SetUnhandledExceptionFilter
0x401120 IsDebuggerPresent
0x401124 EncodePointer
0x401128 GetModuleFileNameW
0x40112c IsProcessorFeaturePresent
0x401130 QueryPerformanceCounter
0x401134 GetTickCount
0x401138 GetCurrentThreadId
0x40113c GetCurrentProcessId
0x401140 GetSystemTimeAsFileTime
0x401144 InterlockedDecrement
0x401148 GetModuleHandleW
0x40114c ExitProcess
0x401150 FreeEnvironmentStringsW
0x401154 GetEnvironmentStringsW
0x401158 TlsAlloc
0x40115c TlsSetValue
0x401160 HeapCreate
0x401164 WriteFile
0x401168 SetFilePointer
0x40116c WideCharToMultiByte
0x401170 GetConsoleCP
0x401174 GetConsoleMode
0x401178 OutputDebugStringA
0x40117c WriteConsoleW
0x401180 OutputDebugStringW
0x401184 RtlUnwind
0x401188 MultiByteToWideChar
0x40118c GetCPInfo
0x401190 IsValidCodePage
0x401194 RaiseException
0x401198 HeapAlloc
0x40119c HeapReAlloc
0x4011a0 HeapSize
0x4011a4 HeapQueryInformation
0x4011a8 HeapFree
0x4011ac FlushFileBuffers
0x4011b0 SetStdHandle
0x4011b4 GetStringTypeW
0x4011b8 LCMapStringW
0x4011bc CreateFileW
USER32.dll
0x4011c4 GetCursorInfo
0x4011c8 GetMenuInfo
0x4011cc GetMessagePos
WINHTTP.dll
0x4011d4 WinHttpCloseHandle
EAT(Export Address Table) is none