ScreenShot
| Created | 2021.11.07 10:31 | Machine | s1_win7_x6401 |
| Filename | sufile.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 31 detected (malicious, high confidence, Fragtor, Unsafe, Save, confidence, 100%, Hacktool, ZexaF, zq0@a8smW4gI, Kryptik, Eldorado, Lockbit, Static AI, Malicious PE, ai score=85, Sabsik, score, GenericRXQC, ET#98%, RDMK, cmRtazp9RjXtWS2LXXHOPDLL35mZ, susgen) | ||
| md5 | d68ea9d5b1d16b39aa4e8ec619b7927b | ||
| sha256 | 6f79b33987462d091fff7d7522de014f2b4ca5f20c0d3b0428a0137c33120844 | ||
| ssdeep | 6144:rJ7HM+ushuNFkytziWrQM7GriZYOLT4HxFQQuEGNe8Pai4hV6OQXuzbgwu7igad:N7HvQNtnXnZuoQu28CD2OQXunnj | ||
| imphash | 80ba2861c278646549335a754dc96d41 | ||
| impfuzzy | 24:AbG2SRFEIaNuvtI4XA9KcDpclllroOovVtUwcpluiyv92/J3I+6nujMfK318n:j1RPXAihn2tbcpsb98unkF8 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 31 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x44b008 GetDefaultCommConfigW
0x44b00c QueryPerformanceCounter
0x44b010 HeapFree
0x44b014 GetEnvironmentStringsW
0x44b018 AddConsoleAliasW
0x44b01c BackupSeek
0x44b020 GetTickCount
0x44b024 GlobalAlloc
0x44b028 GetFirmwareEnvironmentVariableA
0x44b02c LoadLibraryW
0x44b030 SizeofResource
0x44b034 SetConsoleCursorPosition
0x44b038 SetThreadContext
0x44b03c GetAtomNameW
0x44b040 LCMapStringA
0x44b044 FillConsoleOutputCharacterW
0x44b048 GetLastError
0x44b04c GetProcAddress
0x44b050 VirtualAlloc
0x44b054 BeginUpdateResourceW
0x44b058 LoadLibraryA
0x44b05c WriteConsoleA
0x44b060 GetModuleFileNameA
0x44b064 SetConsoleCursorInfo
0x44b068 UpdateResourceW
0x44b06c SetFileValidData
0x44b070 FindNextVolumeA
0x44b074 lstrcpyW
0x44b078 WriteConsoleW
0x44b07c SetProcessAffinityMask
0x44b080 CreateFileW
0x44b084 GetStringTypeW
0x44b088 HeapAlloc
0x44b08c GetModuleHandleW
0x44b090 ExitProcess
0x44b094 DecodePointer
0x44b098 GetCommandLineA
0x44b09c HeapSetInformation
0x44b0a0 GetStartupInfoW
0x44b0a4 UnhandledExceptionFilter
0x44b0a8 SetUnhandledExceptionFilter
0x44b0ac IsDebuggerPresent
0x44b0b0 EncodePointer
0x44b0b4 TerminateProcess
0x44b0b8 GetCurrentProcess
0x44b0bc IsProcessorFeaturePresent
0x44b0c0 WriteFile
0x44b0c4 GetStdHandle
0x44b0c8 GetModuleFileNameW
0x44b0cc HeapCreate
0x44b0d0 EnterCriticalSection
0x44b0d4 LeaveCriticalSection
0x44b0d8 InitializeCriticalSectionAndSpinCount
0x44b0dc RtlUnwind
0x44b0e0 SetHandleCount
0x44b0e4 GetFileType
0x44b0e8 DeleteCriticalSection
0x44b0ec SetFilePointer
0x44b0f0 CloseHandle
0x44b0f4 TlsAlloc
0x44b0f8 TlsGetValue
0x44b0fc TlsSetValue
0x44b100 TlsFree
0x44b104 InterlockedIncrement
0x44b108 SetLastError
0x44b10c GetCurrentThreadId
0x44b110 InterlockedDecrement
0x44b114 FreeEnvironmentStringsW
0x44b118 WideCharToMultiByte
0x44b11c GetCurrentProcessId
0x44b120 GetSystemTimeAsFileTime
0x44b124 RaiseException
0x44b128 Sleep
0x44b12c CreateFileA
0x44b130 GetCPInfo
0x44b134 GetACP
0x44b138 GetOEMCP
0x44b13c IsValidCodePage
0x44b140 GetConsoleCP
0x44b144 GetConsoleMode
0x44b148 SetStdHandle
0x44b14c FlushFileBuffers
0x44b150 HeapSize
0x44b154 HeapReAlloc
0x44b158 SetEndOfFile
0x44b15c GetProcessHeap
0x44b160 MultiByteToWideChar
0x44b164 ReadFile
0x44b168 LCMapStringW
USER32.dll
0x44b170 GetCursorPos
ADVAPI32.dll
0x44b000 NotifyChangeEventLog
EAT(Export Address Table) is none
KERNEL32.dll
0x44b008 GetDefaultCommConfigW
0x44b00c QueryPerformanceCounter
0x44b010 HeapFree
0x44b014 GetEnvironmentStringsW
0x44b018 AddConsoleAliasW
0x44b01c BackupSeek
0x44b020 GetTickCount
0x44b024 GlobalAlloc
0x44b028 GetFirmwareEnvironmentVariableA
0x44b02c LoadLibraryW
0x44b030 SizeofResource
0x44b034 SetConsoleCursorPosition
0x44b038 SetThreadContext
0x44b03c GetAtomNameW
0x44b040 LCMapStringA
0x44b044 FillConsoleOutputCharacterW
0x44b048 GetLastError
0x44b04c GetProcAddress
0x44b050 VirtualAlloc
0x44b054 BeginUpdateResourceW
0x44b058 LoadLibraryA
0x44b05c WriteConsoleA
0x44b060 GetModuleFileNameA
0x44b064 SetConsoleCursorInfo
0x44b068 UpdateResourceW
0x44b06c SetFileValidData
0x44b070 FindNextVolumeA
0x44b074 lstrcpyW
0x44b078 WriteConsoleW
0x44b07c SetProcessAffinityMask
0x44b080 CreateFileW
0x44b084 GetStringTypeW
0x44b088 HeapAlloc
0x44b08c GetModuleHandleW
0x44b090 ExitProcess
0x44b094 DecodePointer
0x44b098 GetCommandLineA
0x44b09c HeapSetInformation
0x44b0a0 GetStartupInfoW
0x44b0a4 UnhandledExceptionFilter
0x44b0a8 SetUnhandledExceptionFilter
0x44b0ac IsDebuggerPresent
0x44b0b0 EncodePointer
0x44b0b4 TerminateProcess
0x44b0b8 GetCurrentProcess
0x44b0bc IsProcessorFeaturePresent
0x44b0c0 WriteFile
0x44b0c4 GetStdHandle
0x44b0c8 GetModuleFileNameW
0x44b0cc HeapCreate
0x44b0d0 EnterCriticalSection
0x44b0d4 LeaveCriticalSection
0x44b0d8 InitializeCriticalSectionAndSpinCount
0x44b0dc RtlUnwind
0x44b0e0 SetHandleCount
0x44b0e4 GetFileType
0x44b0e8 DeleteCriticalSection
0x44b0ec SetFilePointer
0x44b0f0 CloseHandle
0x44b0f4 TlsAlloc
0x44b0f8 TlsGetValue
0x44b0fc TlsSetValue
0x44b100 TlsFree
0x44b104 InterlockedIncrement
0x44b108 SetLastError
0x44b10c GetCurrentThreadId
0x44b110 InterlockedDecrement
0x44b114 FreeEnvironmentStringsW
0x44b118 WideCharToMultiByte
0x44b11c GetCurrentProcessId
0x44b120 GetSystemTimeAsFileTime
0x44b124 RaiseException
0x44b128 Sleep
0x44b12c CreateFileA
0x44b130 GetCPInfo
0x44b134 GetACP
0x44b138 GetOEMCP
0x44b13c IsValidCodePage
0x44b140 GetConsoleCP
0x44b144 GetConsoleMode
0x44b148 SetStdHandle
0x44b14c FlushFileBuffers
0x44b150 HeapSize
0x44b154 HeapReAlloc
0x44b158 SetEndOfFile
0x44b15c GetProcessHeap
0x44b160 MultiByteToWideChar
0x44b164 ReadFile
0x44b168 LCMapStringW
USER32.dll
0x44b170 GetCursorPos
ADVAPI32.dll
0x44b000 NotifyChangeEventLog
EAT(Export Address Table) is none