ScreenShot
| Created | 2021.11.10 18:03 | Machine | s1_win7_x6403 |
| Filename | ipfile.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 22 detected (malicious, high confidence, Unsafe, Kryptik, Eldorado, GenCBL, score, DangerousSig, MalCert, StopCrypt, Sabsik, MalPe, R449286, Artemis, Generic@ML, RDML, rO2mz8mj3q+AZVEArNdn8A, Static AI, Malicious PE) | ||
| md5 | 1629965aff3a7f0a6f815053fcd32755 | ||
| sha256 | 0c02263e82d0885e9562dc4445f462fe2896b44f63808ca51ce0ef4ef15c75f9 | ||
| ssdeep | 12288:g63oe/I4JvIUiOcZzVIBFxIe9DpDeO2t0BunnbtN:xZ/I4JgUivzVo/DKt0KbtN | ||
| imphash | 959e3f7a6ddd7b4ec96854ed6fe13765 | ||
| impfuzzy | 24:6SNbG2SBkq+fM/qFLycDeu94LjcJX0OovVt3ZcXIlyv9275/J3IoBGBWjMtgwYu:6B1B8BF32t3Zc4K92h8BUk | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x45d008 CommConfigDialogA
0x45d00c GetDefaultCommConfigW
0x45d010 GetSystemWindowsDirectoryW
0x45d014 QueryPerformanceCounter
0x45d018 GetEnvironmentStringsW
0x45d01c SetConsoleScreenBufferSize
0x45d020 BackupSeek
0x45d024 GetTickCount
0x45d028 GetProcessHeap
0x45d02c GetSystemTimeAsFileTime
0x45d030 ReadConsoleW
0x45d034 SizeofResource
0x45d038 GetProcessHandleCount
0x45d03c InitAtomTable
0x45d040 HeapValidate
0x45d044 GetModuleFileNameW
0x45d048 DeactivateActCtx
0x45d04c GetLastError
0x45d050 GetProcAddress
0x45d054 VirtualAlloc
0x45d058 HeapSize
0x45d05c BeginUpdateResourceW
0x45d060 GetFirmwareEnvironmentVariableW
0x45d064 GetAtomNameA
0x45d068 LoadLibraryA
0x45d06c WriteConsoleA
0x45d070 LocalAlloc
0x45d074 GetProcessAffinityMask
0x45d078 GetConsoleCursorInfo
0x45d07c DeleteAtom
0x45d080 AddConsoleAliasA
0x45d084 FindNextVolumeA
0x45d088 LCMapStringW
0x45d08c lstrcpyA
0x45d090 WriteConsoleW
0x45d094 CreateFileW
0x45d098 EncodePointer
0x45d09c DecodePointer
0x45d0a0 HeapReAlloc
0x45d0a4 GetCommandLineA
0x45d0a8 HeapSetInformation
0x45d0ac GetStartupInfoW
0x45d0b0 UnhandledExceptionFilter
0x45d0b4 SetUnhandledExceptionFilter
0x45d0b8 IsDebuggerPresent
0x45d0bc TerminateProcess
0x45d0c0 GetCurrentProcess
0x45d0c4 HeapAlloc
0x45d0c8 Sleep
0x45d0cc GetModuleHandleW
0x45d0d0 ExitProcess
0x45d0d4 EnterCriticalSection
0x45d0d8 LeaveCriticalSection
0x45d0dc IsProcessorFeaturePresent
0x45d0e0 SetHandleCount
0x45d0e4 GetStdHandle
0x45d0e8 InitializeCriticalSectionAndSpinCount
0x45d0ec GetFileType
0x45d0f0 DeleteCriticalSection
0x45d0f4 SetFilePointer
0x45d0f8 HeapCreate
0x45d0fc HeapFree
0x45d100 CloseHandle
0x45d104 WriteFile
0x45d108 GetModuleFileNameA
0x45d10c FreeEnvironmentStringsW
0x45d110 WideCharToMultiByte
0x45d114 TlsAlloc
0x45d118 TlsGetValue
0x45d11c TlsSetValue
0x45d120 TlsFree
0x45d124 InterlockedIncrement
0x45d128 SetLastError
0x45d12c GetCurrentThreadId
0x45d130 InterlockedDecrement
0x45d134 GetCurrentProcessId
0x45d138 LoadLibraryW
0x45d13c RtlUnwind
0x45d140 GetCPInfo
0x45d144 GetACP
0x45d148 GetOEMCP
0x45d14c IsValidCodePage
0x45d150 RaiseException
0x45d154 SetStdHandle
0x45d158 GetConsoleCP
0x45d15c GetConsoleMode
0x45d160 FlushFileBuffers
0x45d164 MultiByteToWideChar
0x45d168 GetStringTypeW
USER32.dll
0x45d170 MessageBeep
ADVAPI32.dll
0x45d000 AdjustTokenGroups
EAT(Export Address Table) is none
KERNEL32.dll
0x45d008 CommConfigDialogA
0x45d00c GetDefaultCommConfigW
0x45d010 GetSystemWindowsDirectoryW
0x45d014 QueryPerformanceCounter
0x45d018 GetEnvironmentStringsW
0x45d01c SetConsoleScreenBufferSize
0x45d020 BackupSeek
0x45d024 GetTickCount
0x45d028 GetProcessHeap
0x45d02c GetSystemTimeAsFileTime
0x45d030 ReadConsoleW
0x45d034 SizeofResource
0x45d038 GetProcessHandleCount
0x45d03c InitAtomTable
0x45d040 HeapValidate
0x45d044 GetModuleFileNameW
0x45d048 DeactivateActCtx
0x45d04c GetLastError
0x45d050 GetProcAddress
0x45d054 VirtualAlloc
0x45d058 HeapSize
0x45d05c BeginUpdateResourceW
0x45d060 GetFirmwareEnvironmentVariableW
0x45d064 GetAtomNameA
0x45d068 LoadLibraryA
0x45d06c WriteConsoleA
0x45d070 LocalAlloc
0x45d074 GetProcessAffinityMask
0x45d078 GetConsoleCursorInfo
0x45d07c DeleteAtom
0x45d080 AddConsoleAliasA
0x45d084 FindNextVolumeA
0x45d088 LCMapStringW
0x45d08c lstrcpyA
0x45d090 WriteConsoleW
0x45d094 CreateFileW
0x45d098 EncodePointer
0x45d09c DecodePointer
0x45d0a0 HeapReAlloc
0x45d0a4 GetCommandLineA
0x45d0a8 HeapSetInformation
0x45d0ac GetStartupInfoW
0x45d0b0 UnhandledExceptionFilter
0x45d0b4 SetUnhandledExceptionFilter
0x45d0b8 IsDebuggerPresent
0x45d0bc TerminateProcess
0x45d0c0 GetCurrentProcess
0x45d0c4 HeapAlloc
0x45d0c8 Sleep
0x45d0cc GetModuleHandleW
0x45d0d0 ExitProcess
0x45d0d4 EnterCriticalSection
0x45d0d8 LeaveCriticalSection
0x45d0dc IsProcessorFeaturePresent
0x45d0e0 SetHandleCount
0x45d0e4 GetStdHandle
0x45d0e8 InitializeCriticalSectionAndSpinCount
0x45d0ec GetFileType
0x45d0f0 DeleteCriticalSection
0x45d0f4 SetFilePointer
0x45d0f8 HeapCreate
0x45d0fc HeapFree
0x45d100 CloseHandle
0x45d104 WriteFile
0x45d108 GetModuleFileNameA
0x45d10c FreeEnvironmentStringsW
0x45d110 WideCharToMultiByte
0x45d114 TlsAlloc
0x45d118 TlsGetValue
0x45d11c TlsSetValue
0x45d120 TlsFree
0x45d124 InterlockedIncrement
0x45d128 SetLastError
0x45d12c GetCurrentThreadId
0x45d130 InterlockedDecrement
0x45d134 GetCurrentProcessId
0x45d138 LoadLibraryW
0x45d13c RtlUnwind
0x45d140 GetCPInfo
0x45d144 GetACP
0x45d148 GetOEMCP
0x45d14c IsValidCodePage
0x45d150 RaiseException
0x45d154 SetStdHandle
0x45d158 GetConsoleCP
0x45d15c GetConsoleMode
0x45d160 FlushFileBuffers
0x45d164 MultiByteToWideChar
0x45d168 GetStringTypeW
USER32.dll
0x45d170 MessageBeep
ADVAPI32.dll
0x45d000 AdjustTokenGroups
EAT(Export Address Table) is none