ScreenShot
| Created | 2021.11.08 13:19 | Machine | s1_win7_x6401 |
| Filename | sefile2.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 33 detected (AIDetect, malware1, malicious, high confidence, Fragtor, GenericRXQC, LockBit, Save, Hacktool, ZexaF, zq0@auYjstiI, Kryptik, Eldorado, ET#92%, RDMK, cmRtazrKBK5RwpkT, yzTDsGp7x30, RedLine, score, R449232, ai score=86, Unsafe, Static AI, Malicious PE, confidence, 100%) | ||
| md5 | 0742a9d7aa05cf88cc3577114e5c0592 | ||
| sha256 | ffc226b7cb570f5bf52ffdd10526396f2762fb4c08b0e351e9f8b8d45b5c9b10 | ||
| ssdeep | 12288:+OEXVkQM++FM81k4jKsuxauXQpVvunnn7s:MXVkQLfR4lHfIA | ||
| imphash | ad35223e42e488e819f8bab49b2709bc | ||
| impfuzzy | 24:1/jkrk8bG2SzkSNuvOGfIi1cDHhdhPlyoOovVtUVgcpluiyv92/J3I+6RjMzdBgT:2K1zuRgyn2tZcpsb98uG0T | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 33 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x43a000 FillConsoleOutputCharacterA
0x43a004 SetProcessAffinityMask
0x43a008 GetConsoleAliasesLengthW
0x43a00c GetDefaultCommConfigW
0x43a010 ReadConsoleA
0x43a014 QueryPerformanceCounter
0x43a018 GetEnvironmentStringsW
0x43a01c BackupSeek
0x43a020 GetTickCount
0x43a024 GlobalAlloc
0x43a028 GetFirmwareEnvironmentVariableA
0x43a02c LoadLibraryW
0x43a030 SizeofResource
0x43a034 GetSystemWindowsDirectoryA
0x43a038 HeapValidate
0x43a03c SetConsoleCursorPosition
0x43a040 GetAtomNameW
0x43a044 LCMapStringA
0x43a048 GetLastError
0x43a04c GetProcAddress
0x43a050 VirtualAlloc
0x43a054 SetStdHandle
0x43a058 LoadLibraryA
0x43a05c WriteConsoleA
0x43a060 BeginUpdateResourceA
0x43a064 SetSystemTime
0x43a068 GetModuleFileNameA
0x43a06c SetConsoleCursorInfo
0x43a070 UpdateResourceW
0x43a074 GetProcessAffinityMask
0x43a078 AddConsoleAliasA
0x43a07c SetFileValidData
0x43a080 FindNextVolumeA
0x43a084 lstrcpyW
0x43a088 CreateFileW
0x43a08c WriteConsoleW
0x43a090 HeapAlloc
0x43a094 GetModuleHandleW
0x43a098 ExitProcess
0x43a09c DecodePointer
0x43a0a0 GetCommandLineA
0x43a0a4 HeapSetInformation
0x43a0a8 GetStartupInfoW
0x43a0ac UnhandledExceptionFilter
0x43a0b0 SetUnhandledExceptionFilter
0x43a0b4 IsDebuggerPresent
0x43a0b8 EncodePointer
0x43a0bc TerminateProcess
0x43a0c0 GetCurrentProcess
0x43a0c4 HeapFree
0x43a0c8 IsProcessorFeaturePresent
0x43a0cc WriteFile
0x43a0d0 GetStdHandle
0x43a0d4 GetModuleFileNameW
0x43a0d8 HeapCreate
0x43a0dc EnterCriticalSection
0x43a0e0 LeaveCriticalSection
0x43a0e4 InitializeCriticalSectionAndSpinCount
0x43a0e8 RtlUnwind
0x43a0ec SetHandleCount
0x43a0f0 GetFileType
0x43a0f4 DeleteCriticalSection
0x43a0f8 SetFilePointer
0x43a0fc CloseHandle
0x43a100 TlsAlloc
0x43a104 TlsGetValue
0x43a108 TlsSetValue
0x43a10c TlsFree
0x43a110 InterlockedIncrement
0x43a114 SetLastError
0x43a118 GetCurrentThreadId
0x43a11c InterlockedDecrement
0x43a120 FreeEnvironmentStringsW
0x43a124 WideCharToMultiByte
0x43a128 GetCurrentProcessId
0x43a12c GetSystemTimeAsFileTime
0x43a130 Sleep
0x43a134 CreateFileA
0x43a138 GetCPInfo
0x43a13c GetACP
0x43a140 GetOEMCP
0x43a144 IsValidCodePage
0x43a148 GetConsoleCP
0x43a14c GetConsoleMode
0x43a150 FlushFileBuffers
0x43a154 HeapSize
0x43a158 RaiseException
0x43a15c HeapReAlloc
0x43a160 SetEndOfFile
0x43a164 GetProcessHeap
0x43a168 MultiByteToWideChar
0x43a16c ReadFile
0x43a170 LCMapStringW
0x43a174 GetStringTypeW
USER32.dll
0x43a17c SetCursorPos
EAT(Export Address Table) is none
KERNEL32.dll
0x43a000 FillConsoleOutputCharacterA
0x43a004 SetProcessAffinityMask
0x43a008 GetConsoleAliasesLengthW
0x43a00c GetDefaultCommConfigW
0x43a010 ReadConsoleA
0x43a014 QueryPerformanceCounter
0x43a018 GetEnvironmentStringsW
0x43a01c BackupSeek
0x43a020 GetTickCount
0x43a024 GlobalAlloc
0x43a028 GetFirmwareEnvironmentVariableA
0x43a02c LoadLibraryW
0x43a030 SizeofResource
0x43a034 GetSystemWindowsDirectoryA
0x43a038 HeapValidate
0x43a03c SetConsoleCursorPosition
0x43a040 GetAtomNameW
0x43a044 LCMapStringA
0x43a048 GetLastError
0x43a04c GetProcAddress
0x43a050 VirtualAlloc
0x43a054 SetStdHandle
0x43a058 LoadLibraryA
0x43a05c WriteConsoleA
0x43a060 BeginUpdateResourceA
0x43a064 SetSystemTime
0x43a068 GetModuleFileNameA
0x43a06c SetConsoleCursorInfo
0x43a070 UpdateResourceW
0x43a074 GetProcessAffinityMask
0x43a078 AddConsoleAliasA
0x43a07c SetFileValidData
0x43a080 FindNextVolumeA
0x43a084 lstrcpyW
0x43a088 CreateFileW
0x43a08c WriteConsoleW
0x43a090 HeapAlloc
0x43a094 GetModuleHandleW
0x43a098 ExitProcess
0x43a09c DecodePointer
0x43a0a0 GetCommandLineA
0x43a0a4 HeapSetInformation
0x43a0a8 GetStartupInfoW
0x43a0ac UnhandledExceptionFilter
0x43a0b0 SetUnhandledExceptionFilter
0x43a0b4 IsDebuggerPresent
0x43a0b8 EncodePointer
0x43a0bc TerminateProcess
0x43a0c0 GetCurrentProcess
0x43a0c4 HeapFree
0x43a0c8 IsProcessorFeaturePresent
0x43a0cc WriteFile
0x43a0d0 GetStdHandle
0x43a0d4 GetModuleFileNameW
0x43a0d8 HeapCreate
0x43a0dc EnterCriticalSection
0x43a0e0 LeaveCriticalSection
0x43a0e4 InitializeCriticalSectionAndSpinCount
0x43a0e8 RtlUnwind
0x43a0ec SetHandleCount
0x43a0f0 GetFileType
0x43a0f4 DeleteCriticalSection
0x43a0f8 SetFilePointer
0x43a0fc CloseHandle
0x43a100 TlsAlloc
0x43a104 TlsGetValue
0x43a108 TlsSetValue
0x43a10c TlsFree
0x43a110 InterlockedIncrement
0x43a114 SetLastError
0x43a118 GetCurrentThreadId
0x43a11c InterlockedDecrement
0x43a120 FreeEnvironmentStringsW
0x43a124 WideCharToMultiByte
0x43a128 GetCurrentProcessId
0x43a12c GetSystemTimeAsFileTime
0x43a130 Sleep
0x43a134 CreateFileA
0x43a138 GetCPInfo
0x43a13c GetACP
0x43a140 GetOEMCP
0x43a144 IsValidCodePage
0x43a148 GetConsoleCP
0x43a14c GetConsoleMode
0x43a150 FlushFileBuffers
0x43a154 HeapSize
0x43a158 RaiseException
0x43a15c HeapReAlloc
0x43a160 SetEndOfFile
0x43a164 GetProcessHeap
0x43a168 MultiByteToWideChar
0x43a16c ReadFile
0x43a170 LCMapStringW
0x43a174 GetStringTypeW
USER32.dll
0x43a17c SetCursorPos
EAT(Export Address Table) is none