ScreenShot
| Created | 2021.11.10 18:16 | Machine | s1_win7_x6403 |
| Filename | 7993_1636371023_9825.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 36 detected (AIDetect, malware1, malicious, high confidence, GenericKD, Krypter, confidence, ZexaF, Rq0@a45Bk2fI, Kryptik, Eldorado, HNFV, Injuke, R002C0DK921, R + Troj, Krypt, StopCrypt, StellarStealer, npwfu, STOP, CoinMiner, Glupteba, R449277, ai score=83, Generic@ML, RDMK, 5zGJmTjjJ802hdG3zrhekg, Static AI, Malicious PE, GenericKDZ) | ||
| md5 | bde1dbafbe609f7da66db66356d8f9e3 | ||
| sha256 | d17dadc2bb57905c88308f79228810b1f7fd28dfafe07717e2b4bf0d8e014f86 | ||
| ssdeep | 12288:frUIw9C3QOmmaTdHNF29u4+Boc7Ia3MNpLyYKTRmkCdIVunnn7s:QIVjmmaTdHNkcOc7Ia32Z1KNmNdDA | ||
| imphash | b1d7987a638c820f79c0e265e27eaa61 | ||
| impfuzzy | 24:6S0kIa5LUNfIB1cDku9jvbG2UdQRiOovVtlrcQnlyv9GG5/J3Io77jM69ATn:6BnQBI2tlrcIK95h7JmT | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 36 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x483000 CommConfigDialogA
0x483004 QueryPerformanceCounter
0x483008 GetEnvironmentStringsW
0x48300c AddConsoleAliasW
0x483010 BackupSeek
0x483014 GetTickCount
0x483018 ReadConsoleW
0x48301c LoadLibraryW
0x483020 SizeofResource
0x483024 GetProcessHandleCount
0x483028 GetSystemWindowsDirectoryA
0x48302c FindNextVolumeW
0x483030 HeapValidate
0x483034 SetConsoleCursorPosition
0x483038 WriteConsoleW
0x48303c GetAtomNameW
0x483040 LCMapStringA
0x483044 GetLastError
0x483048 GetProcAddress
0x48304c VirtualAlloc
0x483050 GetFirmwareEnvironmentVariableW
0x483054 LoadLibraryA
0x483058 LocalAlloc
0x48305c BeginUpdateResourceA
0x483060 SetSystemTime
0x483064 GetModuleFileNameA
0x483068 GetDefaultCommConfigA
0x48306c SetConsoleCursorInfo
0x483070 UpdateResourceW
0x483074 GetProcessAffinityMask
0x483078 SetFileValidData
0x48307c lstrcpyA
0x483080 CreateFileW
0x483084 GetStringTypeW
0x483088 HeapAlloc
0x48308c EncodePointer
0x483090 DecodePointer
0x483094 GetCommandLineA
0x483098 HeapSetInformation
0x48309c GetStartupInfoW
0x4830a0 UnhandledExceptionFilter
0x4830a4 SetUnhandledExceptionFilter
0x4830a8 IsDebuggerPresent
0x4830ac TerminateProcess
0x4830b0 GetCurrentProcess
0x4830b4 GetModuleHandleW
0x4830b8 ExitProcess
0x4830bc WriteFile
0x4830c0 GetStdHandle
0x4830c4 GetModuleFileNameW
0x4830c8 HeapCreate
0x4830cc Sleep
0x4830d0 HeapSize
0x4830d4 EnterCriticalSection
0x4830d8 LeaveCriticalSection
0x4830dc SetHandleCount
0x4830e0 InitializeCriticalSectionAndSpinCount
0x4830e4 GetFileType
0x4830e8 DeleteCriticalSection
0x4830ec SetFilePointer
0x4830f0 HeapFree
0x4830f4 CloseHandle
0x4830f8 FreeEnvironmentStringsW
0x4830fc WideCharToMultiByte
0x483100 TlsAlloc
0x483104 TlsGetValue
0x483108 TlsSetValue
0x48310c TlsFree
0x483110 InterlockedIncrement
0x483114 SetLastError
0x483118 GetCurrentThreadId
0x48311c InterlockedDecrement
0x483120 GetCurrentProcessId
0x483124 GetSystemTimeAsFileTime
0x483128 HeapReAlloc
0x48312c RtlUnwind
0x483130 GetCPInfo
0x483134 GetACP
0x483138 GetOEMCP
0x48313c IsValidCodePage
0x483140 SetStdHandle
0x483144 GetConsoleCP
0x483148 GetConsoleMode
0x48314c FlushFileBuffers
0x483150 RaiseException
0x483154 IsProcessorFeaturePresent
0x483158 LCMapStringW
0x48315c MultiByteToWideChar
USER32.dll
0x483164 SetCursorPos
EAT(Export Address Table) is none
KERNEL32.dll
0x483000 CommConfigDialogA
0x483004 QueryPerformanceCounter
0x483008 GetEnvironmentStringsW
0x48300c AddConsoleAliasW
0x483010 BackupSeek
0x483014 GetTickCount
0x483018 ReadConsoleW
0x48301c LoadLibraryW
0x483020 SizeofResource
0x483024 GetProcessHandleCount
0x483028 GetSystemWindowsDirectoryA
0x48302c FindNextVolumeW
0x483030 HeapValidate
0x483034 SetConsoleCursorPosition
0x483038 WriteConsoleW
0x48303c GetAtomNameW
0x483040 LCMapStringA
0x483044 GetLastError
0x483048 GetProcAddress
0x48304c VirtualAlloc
0x483050 GetFirmwareEnvironmentVariableW
0x483054 LoadLibraryA
0x483058 LocalAlloc
0x48305c BeginUpdateResourceA
0x483060 SetSystemTime
0x483064 GetModuleFileNameA
0x483068 GetDefaultCommConfigA
0x48306c SetConsoleCursorInfo
0x483070 UpdateResourceW
0x483074 GetProcessAffinityMask
0x483078 SetFileValidData
0x48307c lstrcpyA
0x483080 CreateFileW
0x483084 GetStringTypeW
0x483088 HeapAlloc
0x48308c EncodePointer
0x483090 DecodePointer
0x483094 GetCommandLineA
0x483098 HeapSetInformation
0x48309c GetStartupInfoW
0x4830a0 UnhandledExceptionFilter
0x4830a4 SetUnhandledExceptionFilter
0x4830a8 IsDebuggerPresent
0x4830ac TerminateProcess
0x4830b0 GetCurrentProcess
0x4830b4 GetModuleHandleW
0x4830b8 ExitProcess
0x4830bc WriteFile
0x4830c0 GetStdHandle
0x4830c4 GetModuleFileNameW
0x4830c8 HeapCreate
0x4830cc Sleep
0x4830d0 HeapSize
0x4830d4 EnterCriticalSection
0x4830d8 LeaveCriticalSection
0x4830dc SetHandleCount
0x4830e0 InitializeCriticalSectionAndSpinCount
0x4830e4 GetFileType
0x4830e8 DeleteCriticalSection
0x4830ec SetFilePointer
0x4830f0 HeapFree
0x4830f4 CloseHandle
0x4830f8 FreeEnvironmentStringsW
0x4830fc WideCharToMultiByte
0x483100 TlsAlloc
0x483104 TlsGetValue
0x483108 TlsSetValue
0x48310c TlsFree
0x483110 InterlockedIncrement
0x483114 SetLastError
0x483118 GetCurrentThreadId
0x48311c InterlockedDecrement
0x483120 GetCurrentProcessId
0x483124 GetSystemTimeAsFileTime
0x483128 HeapReAlloc
0x48312c RtlUnwind
0x483130 GetCPInfo
0x483134 GetACP
0x483138 GetOEMCP
0x48313c IsValidCodePage
0x483140 SetStdHandle
0x483144 GetConsoleCP
0x483148 GetConsoleMode
0x48314c FlushFileBuffers
0x483150 RaiseException
0x483154 IsProcessorFeaturePresent
0x483158 LCMapStringW
0x48315c MultiByteToWideChar
USER32.dll
0x483164 SetCursorPos
EAT(Export Address Table) is none