ScreenShot
| Created | 2021.11.10 18:05 | Machine | s1_win7_x6403 |
| Filename | 1516_1636380988_6400.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 26 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, Hacktool, confidence, ZexaF, oq0@a8HT8SmI, Kryptik, Eldorado, HNFX, ET#94%, RDMK, cmRtazrHplUJEYo9lvRrJ78j4tVs, R + Troj, Krypt, Emotet, Static AI, Malicious PE, Krypter, score, StopCrypt) | ||
| md5 | 08cb82859479b33dc1d0738b985db28c | ||
| sha256 | 8db223a1ffa1b3b3788ee9f0e050cc64f7b5cbefa8745e95e00391f7babcce58 | ||
| ssdeep | 6144:vLDuP9cE7VUV+/7yfpO7JTx4uzbgwu6QigabwVf:DDxE7VUVPOL4unn5 | ||
| imphash | 60ab4a93298436a0ea920c16b7e59caa | ||
| impfuzzy | 24:NSQkq+fma/91cDku9jvbG2UdQRiOovVtlrcQnlyv9GG5/J3IoCq7jM69ATn:Nx8bBI2tlrcIK95hhJmT | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x415000 HeapCompact
0x415004 CommConfigDialogA
0x415008 GetSystemWindowsDirectoryW
0x41500c QueryPerformanceCounter
0x415010 GetEnvironmentStringsW
0x415014 SetConsoleScreenBufferSize
0x415018 AddConsoleAliasW
0x41501c BackupSeek
0x415020 GetTickCount
0x415024 ReadConsoleW
0x415028 SizeofResource
0x41502c GetProcessHandleCount
0x415030 FindNextVolumeW
0x415034 WriteConsoleW
0x415038 GetAtomNameW
0x41503c LCMapStringA
0x415040 GetLastError
0x415044 GetProcAddress
0x415048 VirtualAlloc
0x41504c GetFirmwareEnvironmentVariableW
0x415050 LoadLibraryA
0x415054 LocalAlloc
0x415058 BeginUpdateResourceA
0x41505c SetSystemTime
0x415060 GetModuleFileNameA
0x415064 GetDefaultCommConfigA
0x415068 SetConsoleCursorInfo
0x41506c UpdateResourceW
0x415070 GetProcessAffinityMask
0x415074 SetFileValidData
0x415078 lstrcpyA
0x41507c CreateFileW
0x415080 GetStringTypeW
0x415084 HeapAlloc
0x415088 EncodePointer
0x41508c DecodePointer
0x415090 GetCommandLineA
0x415094 HeapSetInformation
0x415098 GetStartupInfoW
0x41509c UnhandledExceptionFilter
0x4150a0 SetUnhandledExceptionFilter
0x4150a4 IsDebuggerPresent
0x4150a8 TerminateProcess
0x4150ac GetCurrentProcess
0x4150b0 GetModuleHandleW
0x4150b4 ExitProcess
0x4150b8 WriteFile
0x4150bc GetStdHandle
0x4150c0 GetModuleFileNameW
0x4150c4 HeapCreate
0x4150c8 Sleep
0x4150cc HeapSize
0x4150d0 EnterCriticalSection
0x4150d4 LeaveCriticalSection
0x4150d8 SetHandleCount
0x4150dc InitializeCriticalSectionAndSpinCount
0x4150e0 GetFileType
0x4150e4 DeleteCriticalSection
0x4150e8 SetFilePointer
0x4150ec HeapFree
0x4150f0 CloseHandle
0x4150f4 FreeEnvironmentStringsW
0x4150f8 WideCharToMultiByte
0x4150fc TlsAlloc
0x415100 TlsGetValue
0x415104 TlsSetValue
0x415108 TlsFree
0x41510c InterlockedIncrement
0x415110 SetLastError
0x415114 GetCurrentThreadId
0x415118 InterlockedDecrement
0x41511c GetCurrentProcessId
0x415120 GetSystemTimeAsFileTime
0x415124 LoadLibraryW
0x415128 HeapReAlloc
0x41512c RtlUnwind
0x415130 GetCPInfo
0x415134 GetACP
0x415138 GetOEMCP
0x41513c IsValidCodePage
0x415140 SetStdHandle
0x415144 GetConsoleCP
0x415148 GetConsoleMode
0x41514c FlushFileBuffers
0x415150 RaiseException
0x415154 IsProcessorFeaturePresent
0x415158 LCMapStringW
0x41515c MultiByteToWideChar
USER32.dll
0x415164 SetCursorPos
EAT(Export Address Table) is none
KERNEL32.dll
0x415000 HeapCompact
0x415004 CommConfigDialogA
0x415008 GetSystemWindowsDirectoryW
0x41500c QueryPerformanceCounter
0x415010 GetEnvironmentStringsW
0x415014 SetConsoleScreenBufferSize
0x415018 AddConsoleAliasW
0x41501c BackupSeek
0x415020 GetTickCount
0x415024 ReadConsoleW
0x415028 SizeofResource
0x41502c GetProcessHandleCount
0x415030 FindNextVolumeW
0x415034 WriteConsoleW
0x415038 GetAtomNameW
0x41503c LCMapStringA
0x415040 GetLastError
0x415044 GetProcAddress
0x415048 VirtualAlloc
0x41504c GetFirmwareEnvironmentVariableW
0x415050 LoadLibraryA
0x415054 LocalAlloc
0x415058 BeginUpdateResourceA
0x41505c SetSystemTime
0x415060 GetModuleFileNameA
0x415064 GetDefaultCommConfigA
0x415068 SetConsoleCursorInfo
0x41506c UpdateResourceW
0x415070 GetProcessAffinityMask
0x415074 SetFileValidData
0x415078 lstrcpyA
0x41507c CreateFileW
0x415080 GetStringTypeW
0x415084 HeapAlloc
0x415088 EncodePointer
0x41508c DecodePointer
0x415090 GetCommandLineA
0x415094 HeapSetInformation
0x415098 GetStartupInfoW
0x41509c UnhandledExceptionFilter
0x4150a0 SetUnhandledExceptionFilter
0x4150a4 IsDebuggerPresent
0x4150a8 TerminateProcess
0x4150ac GetCurrentProcess
0x4150b0 GetModuleHandleW
0x4150b4 ExitProcess
0x4150b8 WriteFile
0x4150bc GetStdHandle
0x4150c0 GetModuleFileNameW
0x4150c4 HeapCreate
0x4150c8 Sleep
0x4150cc HeapSize
0x4150d0 EnterCriticalSection
0x4150d4 LeaveCriticalSection
0x4150d8 SetHandleCount
0x4150dc InitializeCriticalSectionAndSpinCount
0x4150e0 GetFileType
0x4150e4 DeleteCriticalSection
0x4150e8 SetFilePointer
0x4150ec HeapFree
0x4150f0 CloseHandle
0x4150f4 FreeEnvironmentStringsW
0x4150f8 WideCharToMultiByte
0x4150fc TlsAlloc
0x415100 TlsGetValue
0x415104 TlsSetValue
0x415108 TlsFree
0x41510c InterlockedIncrement
0x415110 SetLastError
0x415114 GetCurrentThreadId
0x415118 InterlockedDecrement
0x41511c GetCurrentProcessId
0x415120 GetSystemTimeAsFileTime
0x415124 LoadLibraryW
0x415128 HeapReAlloc
0x41512c RtlUnwind
0x415130 GetCPInfo
0x415134 GetACP
0x415138 GetOEMCP
0x41513c IsValidCodePage
0x415140 SetStdHandle
0x415144 GetConsoleCP
0x415148 GetConsoleMode
0x41514c FlushFileBuffers
0x415150 RaiseException
0x415154 IsProcessorFeaturePresent
0x415158 LCMapStringW
0x41515c MultiByteToWideChar
USER32.dll
0x415164 SetCursorPos
EAT(Export Address Table) is none