ScreenShot
| Created | 2021.11.08 13:24 | Machine | s1_win7_x6401 |
| Filename | RuntimeBroker.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 50 detected (ClipBanker, trUq, Razy, Unsafe, TrojanBanker, Eldorado, Malicious, BankerX, Syri, Malware@#1wl4dtorwoos6, Banker1, R002C0GJM21, ksxpk, ASMalwS, kcloud, Mamson, score, ai score=88, Clipper, rSQYN80RL+w, confidence, 100%, susgen) | ||
| md5 | c86235ec2e69ecdcd4a738b6903981a0 | ||
| sha256 | e4ea7d80c6568179346b8c5213338f4684703b0f71466a848840a6e9a5b74f51 | ||
| ssdeep | 6144:M7wLFxVvTDhqhyN8x/UYv3XcwKJzww93vfIeJZLMY:M7YFHTDYlUYv3o7 | ||
| imphash | 85876006c2ecd2e9a446192cb4f7518c | ||
| impfuzzy | 48:ZOPLcRrXsWIWFQ99gVL+8vYlaZ/vNz9kl4O+tpMBMLSQMM:ZaLcRrXsWIWFQrgVL+8vxNz9klctpGc | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
| notice | Creates a shortcut to an executable file |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x14003d000 SystemFunction036
KERNEL32.dll
0x14003d010 DeleteFileW
0x14003d018 HeapFree
0x14003d020 GetLastError
0x14003d028 SetLastError
0x14003d030 GetModuleFileNameW
0x14003d038 CopyFileExW
0x14003d040 Sleep
0x14003d048 GlobalLock
0x14003d050 GlobalSize
0x14003d058 GlobalUnlock
0x14003d060 EnterCriticalSection
0x14003d068 LeaveCriticalSection
0x14003d070 GlobalAlloc
0x14003d078 GlobalFree
0x14003d080 CreateSymbolicLinkW
0x14003d088 AddVectoredExceptionHandler
0x14003d090 SetThreadStackGuarantee
0x14003d098 HeapAlloc
0x14003d0a0 GetProcessHeap
0x14003d0a8 HeapReAlloc
0x14003d0b0 lstrlenW
0x14003d0b8 AcquireSRWLockExclusive
0x14003d0c0 ReleaseSRWLockExclusive
0x14003d0c8 GetModuleHandleA
0x14003d0d0 GetProcAddress
0x14003d0d8 TlsGetValue
0x14003d0e0 TlsSetValue
0x14003d0e8 AcquireSRWLockShared
0x14003d0f0 ReleaseSRWLockShared
0x14003d0f8 GetEnvironmentVariableW
0x14003d100 GetCurrentDirectoryW
0x14003d108 GetCurrentProcess
0x14003d110 GetCurrentThread
0x14003d118 RtlCaptureContext
0x14003d120 RtlLookupFunctionEntry
0x14003d128 ReleaseMutex
0x14003d130 WaitForSingleObjectEx
0x14003d138 LoadLibraryA
0x14003d140 CreateMutexA
0x14003d148 CloseHandle
0x14003d150 GetStdHandle
0x14003d158 GetConsoleMode
0x14003d160 WriteFile
0x14003d168 WriteConsoleW
0x14003d170 TlsAlloc
0x14003d178 GetModuleHandleW
0x14003d180 FormatMessageW
0x14003d188 CreateDirectoryW
0x14003d190 CreateFileW
0x14003d198 GetFileInformationByHandle
0x14003d1a0 DeviceIoControl
0x14003d1a8 InitializeCriticalSection
0x14003d1b0 TryEnterCriticalSection
0x14003d1b8 SetUnhandledExceptionFilter
0x14003d1c0 UnhandledExceptionFilter
0x14003d1c8 IsDebuggerPresent
0x14003d1d0 IsProcessorFeaturePresent
0x14003d1d8 RtlVirtualUnwind
0x14003d1e0 InitializeSListHead
0x14003d1e8 GetSystemTimeAsFileTime
0x14003d1f0 GetCurrentThreadId
0x14003d1f8 GetCurrentProcessId
0x14003d200 QueryPerformanceCounter
ole32.dll
0x14003d380 CoTaskMemFree
SHELL32.dll
0x14003d210 SHGetKnownFolderPath
USER32.dll
0x14003d220 SetClipboardData
0x14003d228 EmptyClipboard
0x14003d230 GetClipboardData
0x14003d238 OpenClipboard
0x14003d240 CloseClipboard
WS2_32.dll
0x14003d290 WSACleanup
VCRUNTIME140.dll
0x14003d250 __current_exception
0x14003d258 memset
0x14003d260 __C_specific_handler
0x14003d268 memmove
0x14003d270 memcmp
0x14003d278 memcpy
0x14003d280 __current_exception_context
api-ms-win-crt-runtime-l1-1-0.dll
0x14003d2d0 _initterm_e
0x14003d2d8 __p___argv
0x14003d2e0 __p___argc
0x14003d2e8 _seh_filter_exe
0x14003d2f0 _exit
0x14003d2f8 _c_exit
0x14003d300 _register_onexit_function
0x14003d308 _crt_atexit
0x14003d310 terminate
0x14003d318 _set_app_type
0x14003d320 _initialize_onexit_table
0x14003d328 _cexit
0x14003d330 exit
0x14003d338 _initterm
0x14003d340 _get_initial_narrow_environment
0x14003d348 _initialize_narrow_environment
0x14003d350 _configure_narrow_argv
0x14003d358 _register_thread_local_exe_atexit_callback
api-ms-win-crt-math-l1-1-0.dll
0x14003d2c0 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x14003d368 __p__commode
0x14003d370 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x14003d2b0 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x14003d2a0 _set_new_mode
EAT(Export Address Table) is none
ADVAPI32.dll
0x14003d000 SystemFunction036
KERNEL32.dll
0x14003d010 DeleteFileW
0x14003d018 HeapFree
0x14003d020 GetLastError
0x14003d028 SetLastError
0x14003d030 GetModuleFileNameW
0x14003d038 CopyFileExW
0x14003d040 Sleep
0x14003d048 GlobalLock
0x14003d050 GlobalSize
0x14003d058 GlobalUnlock
0x14003d060 EnterCriticalSection
0x14003d068 LeaveCriticalSection
0x14003d070 GlobalAlloc
0x14003d078 GlobalFree
0x14003d080 CreateSymbolicLinkW
0x14003d088 AddVectoredExceptionHandler
0x14003d090 SetThreadStackGuarantee
0x14003d098 HeapAlloc
0x14003d0a0 GetProcessHeap
0x14003d0a8 HeapReAlloc
0x14003d0b0 lstrlenW
0x14003d0b8 AcquireSRWLockExclusive
0x14003d0c0 ReleaseSRWLockExclusive
0x14003d0c8 GetModuleHandleA
0x14003d0d0 GetProcAddress
0x14003d0d8 TlsGetValue
0x14003d0e0 TlsSetValue
0x14003d0e8 AcquireSRWLockShared
0x14003d0f0 ReleaseSRWLockShared
0x14003d0f8 GetEnvironmentVariableW
0x14003d100 GetCurrentDirectoryW
0x14003d108 GetCurrentProcess
0x14003d110 GetCurrentThread
0x14003d118 RtlCaptureContext
0x14003d120 RtlLookupFunctionEntry
0x14003d128 ReleaseMutex
0x14003d130 WaitForSingleObjectEx
0x14003d138 LoadLibraryA
0x14003d140 CreateMutexA
0x14003d148 CloseHandle
0x14003d150 GetStdHandle
0x14003d158 GetConsoleMode
0x14003d160 WriteFile
0x14003d168 WriteConsoleW
0x14003d170 TlsAlloc
0x14003d178 GetModuleHandleW
0x14003d180 FormatMessageW
0x14003d188 CreateDirectoryW
0x14003d190 CreateFileW
0x14003d198 GetFileInformationByHandle
0x14003d1a0 DeviceIoControl
0x14003d1a8 InitializeCriticalSection
0x14003d1b0 TryEnterCriticalSection
0x14003d1b8 SetUnhandledExceptionFilter
0x14003d1c0 UnhandledExceptionFilter
0x14003d1c8 IsDebuggerPresent
0x14003d1d0 IsProcessorFeaturePresent
0x14003d1d8 RtlVirtualUnwind
0x14003d1e0 InitializeSListHead
0x14003d1e8 GetSystemTimeAsFileTime
0x14003d1f0 GetCurrentThreadId
0x14003d1f8 GetCurrentProcessId
0x14003d200 QueryPerformanceCounter
ole32.dll
0x14003d380 CoTaskMemFree
SHELL32.dll
0x14003d210 SHGetKnownFolderPath
USER32.dll
0x14003d220 SetClipboardData
0x14003d228 EmptyClipboard
0x14003d230 GetClipboardData
0x14003d238 OpenClipboard
0x14003d240 CloseClipboard
WS2_32.dll
0x14003d290 WSACleanup
VCRUNTIME140.dll
0x14003d250 __current_exception
0x14003d258 memset
0x14003d260 __C_specific_handler
0x14003d268 memmove
0x14003d270 memcmp
0x14003d278 memcpy
0x14003d280 __current_exception_context
api-ms-win-crt-runtime-l1-1-0.dll
0x14003d2d0 _initterm_e
0x14003d2d8 __p___argv
0x14003d2e0 __p___argc
0x14003d2e8 _seh_filter_exe
0x14003d2f0 _exit
0x14003d2f8 _c_exit
0x14003d300 _register_onexit_function
0x14003d308 _crt_atexit
0x14003d310 terminate
0x14003d318 _set_app_type
0x14003d320 _initialize_onexit_table
0x14003d328 _cexit
0x14003d330 exit
0x14003d338 _initterm
0x14003d340 _get_initial_narrow_environment
0x14003d348 _initialize_narrow_environment
0x14003d350 _configure_narrow_argv
0x14003d358 _register_thread_local_exe_atexit_callback
api-ms-win-crt-math-l1-1-0.dll
0x14003d2c0 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x14003d368 __p__commode
0x14003d370 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x14003d2b0 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x14003d2a0 _set_new_mode
EAT(Export Address Table) is none