ScreenShot
| Created | 2021.11.08 13:17 | Machine | s1_win7_x6401 |
| Filename | 1814_1636273168_4285.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 43 detected (malicious, high confidence, Fragtor, Unsafe, Save, Hacktool, ZexaF, Sq0@aKHU4VfI, Kryptik, Eldorado, HNFO, Convagent, MalwareX, R002C0PK721, Lockbit, Static AI, Malicious PE, susgen, ai score=89, Sabsik, score, GenericRXQC, Generic@ML, RDMK, 4e4Ot1NKJhOUbBvjbFOP1w, PossibleThreat, GdSda, confidence, 100%) | ||
| md5 | 1dc8f380fd88f8ae7ec7ff724cb87f8e | ||
| sha256 | 8abe4bc33112ce5bc9ce4ef8b33187c33a537cf540a63eb9562b4a0622f634aa | ||
| ssdeep | 12288:Q71W1V6d3boQo49CLo42kh91SjTyH490jCcLDRunnn7s:Q8V6xoQoA2LVE6dLD6A | ||
| imphash | efb2fc2a9b34ff2d770174a65ef86f32 | ||
| impfuzzy | 24:AbG2SRFEI5NuvtI4XA9KcDpclll2oOovVtUwcpluiyv92/J3I+6nujMfK318n:j1RaXAisn2tbcpsb98unkF8 | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 43 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x486008 GetDefaultCommConfigW
0x48600c QueryPerformanceCounter
0x486010 HeapFree
0x486014 GetEnvironmentStringsW
0x486018 AddConsoleAliasW
0x48601c BackupSeek
0x486020 GetModuleHandleW
0x486024 GetTickCount
0x486028 GlobalAlloc
0x48602c GetFirmwareEnvironmentVariableA
0x486030 LoadLibraryW
0x486034 SizeofResource
0x486038 SetConsoleCursorPosition
0x48603c SetThreadContext
0x486040 GetAtomNameW
0x486044 LCMapStringA
0x486048 FillConsoleOutputCharacterW
0x48604c GetLastError
0x486050 GetProcAddress
0x486054 VirtualAlloc
0x486058 BeginUpdateResourceW
0x48605c LoadLibraryA
0x486060 WriteConsoleA
0x486064 GetModuleFileNameA
0x486068 SetConsoleCursorInfo
0x48606c UpdateResourceW
0x486070 SetFileValidData
0x486074 FindNextVolumeA
0x486078 lstrcpyW
0x48607c WriteConsoleW
0x486080 SetProcessAffinityMask
0x486084 CreateFileW
0x486088 GetStringTypeW
0x48608c HeapAlloc
0x486090 ExitProcess
0x486094 DecodePointer
0x486098 GetCommandLineA
0x48609c HeapSetInformation
0x4860a0 GetStartupInfoW
0x4860a4 UnhandledExceptionFilter
0x4860a8 SetUnhandledExceptionFilter
0x4860ac IsDebuggerPresent
0x4860b0 EncodePointer
0x4860b4 TerminateProcess
0x4860b8 GetCurrentProcess
0x4860bc IsProcessorFeaturePresent
0x4860c0 WriteFile
0x4860c4 GetStdHandle
0x4860c8 GetModuleFileNameW
0x4860cc HeapCreate
0x4860d0 EnterCriticalSection
0x4860d4 LeaveCriticalSection
0x4860d8 InitializeCriticalSectionAndSpinCount
0x4860dc RtlUnwind
0x4860e0 SetHandleCount
0x4860e4 GetFileType
0x4860e8 DeleteCriticalSection
0x4860ec SetFilePointer
0x4860f0 CloseHandle
0x4860f4 TlsAlloc
0x4860f8 TlsGetValue
0x4860fc TlsSetValue
0x486100 TlsFree
0x486104 InterlockedIncrement
0x486108 SetLastError
0x48610c GetCurrentThreadId
0x486110 InterlockedDecrement
0x486114 FreeEnvironmentStringsW
0x486118 WideCharToMultiByte
0x48611c GetCurrentProcessId
0x486120 GetSystemTimeAsFileTime
0x486124 RaiseException
0x486128 Sleep
0x48612c CreateFileA
0x486130 GetCPInfo
0x486134 GetACP
0x486138 GetOEMCP
0x48613c IsValidCodePage
0x486140 GetConsoleCP
0x486144 GetConsoleMode
0x486148 SetStdHandle
0x48614c FlushFileBuffers
0x486150 HeapSize
0x486154 HeapReAlloc
0x486158 SetEndOfFile
0x48615c GetProcessHeap
0x486160 MultiByteToWideChar
0x486164 ReadFile
0x486168 LCMapStringW
USER32.dll
0x486170 GetCursorPos
ADVAPI32.dll
0x486000 NotifyChangeEventLog
EAT(Export Address Table) is none
KERNEL32.dll
0x486008 GetDefaultCommConfigW
0x48600c QueryPerformanceCounter
0x486010 HeapFree
0x486014 GetEnvironmentStringsW
0x486018 AddConsoleAliasW
0x48601c BackupSeek
0x486020 GetModuleHandleW
0x486024 GetTickCount
0x486028 GlobalAlloc
0x48602c GetFirmwareEnvironmentVariableA
0x486030 LoadLibraryW
0x486034 SizeofResource
0x486038 SetConsoleCursorPosition
0x48603c SetThreadContext
0x486040 GetAtomNameW
0x486044 LCMapStringA
0x486048 FillConsoleOutputCharacterW
0x48604c GetLastError
0x486050 GetProcAddress
0x486054 VirtualAlloc
0x486058 BeginUpdateResourceW
0x48605c LoadLibraryA
0x486060 WriteConsoleA
0x486064 GetModuleFileNameA
0x486068 SetConsoleCursorInfo
0x48606c UpdateResourceW
0x486070 SetFileValidData
0x486074 FindNextVolumeA
0x486078 lstrcpyW
0x48607c WriteConsoleW
0x486080 SetProcessAffinityMask
0x486084 CreateFileW
0x486088 GetStringTypeW
0x48608c HeapAlloc
0x486090 ExitProcess
0x486094 DecodePointer
0x486098 GetCommandLineA
0x48609c HeapSetInformation
0x4860a0 GetStartupInfoW
0x4860a4 UnhandledExceptionFilter
0x4860a8 SetUnhandledExceptionFilter
0x4860ac IsDebuggerPresent
0x4860b0 EncodePointer
0x4860b4 TerminateProcess
0x4860b8 GetCurrentProcess
0x4860bc IsProcessorFeaturePresent
0x4860c0 WriteFile
0x4860c4 GetStdHandle
0x4860c8 GetModuleFileNameW
0x4860cc HeapCreate
0x4860d0 EnterCriticalSection
0x4860d4 LeaveCriticalSection
0x4860d8 InitializeCriticalSectionAndSpinCount
0x4860dc RtlUnwind
0x4860e0 SetHandleCount
0x4860e4 GetFileType
0x4860e8 DeleteCriticalSection
0x4860ec SetFilePointer
0x4860f0 CloseHandle
0x4860f4 TlsAlloc
0x4860f8 TlsGetValue
0x4860fc TlsSetValue
0x486100 TlsFree
0x486104 InterlockedIncrement
0x486108 SetLastError
0x48610c GetCurrentThreadId
0x486110 InterlockedDecrement
0x486114 FreeEnvironmentStringsW
0x486118 WideCharToMultiByte
0x48611c GetCurrentProcessId
0x486120 GetSystemTimeAsFileTime
0x486124 RaiseException
0x486128 Sleep
0x48612c CreateFileA
0x486130 GetCPInfo
0x486134 GetACP
0x486138 GetOEMCP
0x48613c IsValidCodePage
0x486140 GetConsoleCP
0x486144 GetConsoleMode
0x486148 SetStdHandle
0x48614c FlushFileBuffers
0x486150 HeapSize
0x486154 HeapReAlloc
0x486158 SetEndOfFile
0x48615c GetProcessHeap
0x486160 MultiByteToWideChar
0x486164 ReadFile
0x486168 LCMapStringW
USER32.dll
0x486170 GetCursorPos
ADVAPI32.dll
0x486000 NotifyChangeEventLog
EAT(Export Address Table) is none