ScreenShot
| Created | 2021.11.09 09:57 | Machine | s1_win7_x6401 |
| Filename | loads3.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 27 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, Hacktool, ZexaF, nq0@aGpSnEfI, Kryptik, Eldorado, Emotet, A + Troj, Krypt, StopCrypt, Sabsik, score, ET#95%, RDMK, cmRtazrXkWiLIy0BwjdycMv6FY8I, Static AI, Malicious PE, susgen, confidence) | ||
| md5 | f4c5d3ee974deea5fed544c55e6b7d7c | ||
| sha256 | 39482825792a57e47347b7ee1a4a82f4e6113e0b8b74332c22658d88c0bb350f | ||
| ssdeep | 6144:+esFbRAFVDlV5qOHQuzbgwu6QigabwVf:LsAFxMOHQunn5 | ||
| imphash | c8725b7ab8753c936cc4c98a181b2488 | ||
| impfuzzy | 24:NSQkq+fma1D0ScDku9jGbG2U1fiiOovVtlLcQnlyv9G45/J3IoBq7jM6Kgwn:Nx8Pg7O2tlLcIK9nhIJ/c | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x415000 HeapCompact
0x415004 CommConfigDialogA
0x415008 GetSystemWindowsDirectoryW
0x41500c QueryPerformanceCounter
0x415010 GetEnvironmentStringsW
0x415014 SetConsoleScreenBufferSize
0x415018 AddConsoleAliasW
0x41501c BackupSeek
0x415020 GetTickCount
0x415024 GetSystemTimeAsFileTime
0x415028 ReadConsoleW
0x41502c FindActCtxSectionStringA
0x415030 SizeofResource
0x415034 GetProcessHandleCount
0x415038 FindNextVolumeW
0x41503c HeapValidate
0x415040 GetAtomNameW
0x415044 GetModuleFileNameW
0x415048 GetLastError
0x41504c GetProcAddress
0x415050 VirtualAlloc
0x415054 GetFirmwareEnvironmentVariableW
0x415058 LoadLibraryA
0x41505c WriteConsoleA
0x415060 LocalAlloc
0x415064 BeginUpdateResourceA
0x415068 GetDefaultCommConfigA
0x41506c SetConsoleCursorInfo
0x415070 GetProcessAffinityMask
0x415074 LCMapStringW
0x415078 lstrcpyA
0x41507c CreateFileW
0x415080 WriteConsoleW
0x415084 HeapAlloc
0x415088 EncodePointer
0x41508c DecodePointer
0x415090 GetCommandLineA
0x415094 HeapSetInformation
0x415098 GetStartupInfoW
0x41509c UnhandledExceptionFilter
0x4150a0 SetUnhandledExceptionFilter
0x4150a4 IsDebuggerPresent
0x4150a8 TerminateProcess
0x4150ac GetCurrentProcess
0x4150b0 GetModuleHandleW
0x4150b4 ExitProcess
0x4150b8 WriteFile
0x4150bc GetStdHandle
0x4150c0 HeapCreate
0x4150c4 Sleep
0x4150c8 HeapSize
0x4150cc EnterCriticalSection
0x4150d0 LeaveCriticalSection
0x4150d4 SetHandleCount
0x4150d8 InitializeCriticalSectionAndSpinCount
0x4150dc GetFileType
0x4150e0 DeleteCriticalSection
0x4150e4 SetFilePointer
0x4150e8 HeapFree
0x4150ec CloseHandle
0x4150f0 GetModuleFileNameA
0x4150f4 FreeEnvironmentStringsW
0x4150f8 WideCharToMultiByte
0x4150fc TlsAlloc
0x415100 TlsGetValue
0x415104 TlsSetValue
0x415108 TlsFree
0x41510c InterlockedIncrement
0x415110 SetLastError
0x415114 GetCurrentThreadId
0x415118 InterlockedDecrement
0x41511c GetCurrentProcessId
0x415120 LoadLibraryW
0x415124 HeapReAlloc
0x415128 RtlUnwind
0x41512c GetCPInfo
0x415130 GetACP
0x415134 GetOEMCP
0x415138 IsValidCodePage
0x41513c SetStdHandle
0x415140 GetConsoleCP
0x415144 GetConsoleMode
0x415148 FlushFileBuffers
0x41514c RaiseException
0x415150 IsProcessorFeaturePresent
0x415154 MultiByteToWideChar
0x415158 GetStringTypeW
USER32.dll
0x415160 MessageBeep
EAT(Export Address Table) is none
KERNEL32.dll
0x415000 HeapCompact
0x415004 CommConfigDialogA
0x415008 GetSystemWindowsDirectoryW
0x41500c QueryPerformanceCounter
0x415010 GetEnvironmentStringsW
0x415014 SetConsoleScreenBufferSize
0x415018 AddConsoleAliasW
0x41501c BackupSeek
0x415020 GetTickCount
0x415024 GetSystemTimeAsFileTime
0x415028 ReadConsoleW
0x41502c FindActCtxSectionStringA
0x415030 SizeofResource
0x415034 GetProcessHandleCount
0x415038 FindNextVolumeW
0x41503c HeapValidate
0x415040 GetAtomNameW
0x415044 GetModuleFileNameW
0x415048 GetLastError
0x41504c GetProcAddress
0x415050 VirtualAlloc
0x415054 GetFirmwareEnvironmentVariableW
0x415058 LoadLibraryA
0x41505c WriteConsoleA
0x415060 LocalAlloc
0x415064 BeginUpdateResourceA
0x415068 GetDefaultCommConfigA
0x41506c SetConsoleCursorInfo
0x415070 GetProcessAffinityMask
0x415074 LCMapStringW
0x415078 lstrcpyA
0x41507c CreateFileW
0x415080 WriteConsoleW
0x415084 HeapAlloc
0x415088 EncodePointer
0x41508c DecodePointer
0x415090 GetCommandLineA
0x415094 HeapSetInformation
0x415098 GetStartupInfoW
0x41509c UnhandledExceptionFilter
0x4150a0 SetUnhandledExceptionFilter
0x4150a4 IsDebuggerPresent
0x4150a8 TerminateProcess
0x4150ac GetCurrentProcess
0x4150b0 GetModuleHandleW
0x4150b4 ExitProcess
0x4150b8 WriteFile
0x4150bc GetStdHandle
0x4150c0 HeapCreate
0x4150c4 Sleep
0x4150c8 HeapSize
0x4150cc EnterCriticalSection
0x4150d0 LeaveCriticalSection
0x4150d4 SetHandleCount
0x4150d8 InitializeCriticalSectionAndSpinCount
0x4150dc GetFileType
0x4150e0 DeleteCriticalSection
0x4150e4 SetFilePointer
0x4150e8 HeapFree
0x4150ec CloseHandle
0x4150f0 GetModuleFileNameA
0x4150f4 FreeEnvironmentStringsW
0x4150f8 WideCharToMultiByte
0x4150fc TlsAlloc
0x415100 TlsGetValue
0x415104 TlsSetValue
0x415108 TlsFree
0x41510c InterlockedIncrement
0x415110 SetLastError
0x415114 GetCurrentThreadId
0x415118 InterlockedDecrement
0x41511c GetCurrentProcessId
0x415120 LoadLibraryW
0x415124 HeapReAlloc
0x415128 RtlUnwind
0x41512c GetCPInfo
0x415130 GetACP
0x415134 GetOEMCP
0x415138 IsValidCodePage
0x41513c SetStdHandle
0x415140 GetConsoleCP
0x415144 GetConsoleMode
0x415148 FlushFileBuffers
0x41514c RaiseException
0x415150 IsProcessorFeaturePresent
0x415154 MultiByteToWideChar
0x415158 GetStringTypeW
USER32.dll
0x415160 MessageBeep
EAT(Export Address Table) is none