ScreenShot
| Created | 2021.11.11 12:33 | Machine | s1_win7_x6401 |
| Filename | lots.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 25 detected (malicious, high confidence, Unsafe, Save, Hacktool, Kryptik, Eldorado, Fragtor, Lockbit, StopCrypt, Sabsik, score, MachineLearning, Anomalous, 100%, ET#96%, RDMK, cmRtazqTiih+BiP1F, GD311q, Static AI, Malicious PE, ZexaF, fr0@a0eTFGoc, confidence, susgen) | ||
| md5 | 5575302eba0ea0e5f6b9fda28d1e1eb7 | ||
| sha256 | 650eff421fbfdcd69fac227ac7b9fef214630df8375dc5cb458a200bbabfd589 | ||
| ssdeep | 24576:GIauX7sBRy6WV4CUJ1LSce5vZyUjAfA1rppS4V:9JiRyYwZzAfANp | ||
| imphash | 149977303cbb8d29a979e3e74fa868a1 | ||
| impfuzzy | 24:AbG2S11kq+fMzpqX8V6H/JcDVu93NrlCSR7oOovVtU4cXIlyv9217hI16cMWjMTZ:j1f8xYWLCkn2tlc4K903cMGO | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 25 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4fd008 GetDefaultCommConfigW
0x4fd00c LoadResource
0x4fd010 GetSystemWindowsDirectoryW
0x4fd014 QueryPerformanceCounter
0x4fd018 GetEnvironmentStringsW
0x4fd01c SetConsoleScreenBufferSize
0x4fd020 BackupSeek
0x4fd024 GetTickCount
0x4fd028 GetProcessHeap
0x4fd02c GetSystemTimeAsFileTime
0x4fd030 ReadConsoleW
0x4fd034 SetFileShortNameW
0x4fd038 GetProcessHandleCount
0x4fd03c InitAtomTable
0x4fd040 SetConsoleCP
0x4fd044 DeleteVolumeMountPointW
0x4fd048 HeapValidate
0x4fd04c WriteConsoleW
0x4fd050 DeactivateActCtx
0x4fd054 LCMapStringA
0x4fd058 SetLastError
0x4fd05c GetProcAddress
0x4fd060 VirtualAlloc
0x4fd064 BeginUpdateResourceW
0x4fd068 GetFirmwareEnvironmentVariableW
0x4fd06c VirtualAllocEx
0x4fd070 GetAtomNameA
0x4fd074 LoadLibraryA
0x4fd078 LocalAlloc
0x4fd07c GetModuleFileNameA
0x4fd080 GetConsoleCursorInfo
0x4fd084 DeleteAtom
0x4fd088 FindNextVolumeA
0x4fd08c lstrcpyW
0x4fd090 CommConfigDialogW
0x4fd094 CreateFileW
0x4fd098 GetLastError
0x4fd09c HeapReAlloc
0x4fd0a0 GetModuleHandleW
0x4fd0a4 ExitProcess
0x4fd0a8 DecodePointer
0x4fd0ac GetCommandLineA
0x4fd0b0 HeapSetInformation
0x4fd0b4 GetStartupInfoW
0x4fd0b8 UnhandledExceptionFilter
0x4fd0bc SetUnhandledExceptionFilter
0x4fd0c0 IsDebuggerPresent
0x4fd0c4 EncodePointer
0x4fd0c8 TerminateProcess
0x4fd0cc GetCurrentProcess
0x4fd0d0 HeapAlloc
0x4fd0d4 EnterCriticalSection
0x4fd0d8 LeaveCriticalSection
0x4fd0dc IsProcessorFeaturePresent
0x4fd0e0 SetHandleCount
0x4fd0e4 GetStdHandle
0x4fd0e8 InitializeCriticalSectionAndSpinCount
0x4fd0ec GetFileType
0x4fd0f0 DeleteCriticalSection
0x4fd0f4 SetFilePointer
0x4fd0f8 HeapCreate
0x4fd0fc HeapFree
0x4fd100 CloseHandle
0x4fd104 LoadLibraryW
0x4fd108 TlsAlloc
0x4fd10c TlsGetValue
0x4fd110 TlsSetValue
0x4fd114 TlsFree
0x4fd118 InterlockedIncrement
0x4fd11c GetCurrentThreadId
0x4fd120 InterlockedDecrement
0x4fd124 WriteFile
0x4fd128 GetModuleFileNameW
0x4fd12c FreeEnvironmentStringsW
0x4fd130 WideCharToMultiByte
0x4fd134 GetCurrentProcessId
0x4fd138 Sleep
0x4fd13c GetCPInfo
0x4fd140 GetACP
0x4fd144 GetOEMCP
0x4fd148 IsValidCodePage
0x4fd14c RtlUnwind
0x4fd150 RaiseException
0x4fd154 SetStdHandle
0x4fd158 GetConsoleCP
0x4fd15c GetConsoleMode
0x4fd160 FlushFileBuffers
0x4fd164 HeapSize
0x4fd168 LCMapStringW
0x4fd16c MultiByteToWideChar
0x4fd170 GetStringTypeW
USER32.dll
0x4fd178 ShowCursor
ADVAPI32.dll
0x4fd000 AdjustTokenGroups
EAT(Export Address Table) is none
KERNEL32.dll
0x4fd008 GetDefaultCommConfigW
0x4fd00c LoadResource
0x4fd010 GetSystemWindowsDirectoryW
0x4fd014 QueryPerformanceCounter
0x4fd018 GetEnvironmentStringsW
0x4fd01c SetConsoleScreenBufferSize
0x4fd020 BackupSeek
0x4fd024 GetTickCount
0x4fd028 GetProcessHeap
0x4fd02c GetSystemTimeAsFileTime
0x4fd030 ReadConsoleW
0x4fd034 SetFileShortNameW
0x4fd038 GetProcessHandleCount
0x4fd03c InitAtomTable
0x4fd040 SetConsoleCP
0x4fd044 DeleteVolumeMountPointW
0x4fd048 HeapValidate
0x4fd04c WriteConsoleW
0x4fd050 DeactivateActCtx
0x4fd054 LCMapStringA
0x4fd058 SetLastError
0x4fd05c GetProcAddress
0x4fd060 VirtualAlloc
0x4fd064 BeginUpdateResourceW
0x4fd068 GetFirmwareEnvironmentVariableW
0x4fd06c VirtualAllocEx
0x4fd070 GetAtomNameA
0x4fd074 LoadLibraryA
0x4fd078 LocalAlloc
0x4fd07c GetModuleFileNameA
0x4fd080 GetConsoleCursorInfo
0x4fd084 DeleteAtom
0x4fd088 FindNextVolumeA
0x4fd08c lstrcpyW
0x4fd090 CommConfigDialogW
0x4fd094 CreateFileW
0x4fd098 GetLastError
0x4fd09c HeapReAlloc
0x4fd0a0 GetModuleHandleW
0x4fd0a4 ExitProcess
0x4fd0a8 DecodePointer
0x4fd0ac GetCommandLineA
0x4fd0b0 HeapSetInformation
0x4fd0b4 GetStartupInfoW
0x4fd0b8 UnhandledExceptionFilter
0x4fd0bc SetUnhandledExceptionFilter
0x4fd0c0 IsDebuggerPresent
0x4fd0c4 EncodePointer
0x4fd0c8 TerminateProcess
0x4fd0cc GetCurrentProcess
0x4fd0d0 HeapAlloc
0x4fd0d4 EnterCriticalSection
0x4fd0d8 LeaveCriticalSection
0x4fd0dc IsProcessorFeaturePresent
0x4fd0e0 SetHandleCount
0x4fd0e4 GetStdHandle
0x4fd0e8 InitializeCriticalSectionAndSpinCount
0x4fd0ec GetFileType
0x4fd0f0 DeleteCriticalSection
0x4fd0f4 SetFilePointer
0x4fd0f8 HeapCreate
0x4fd0fc HeapFree
0x4fd100 CloseHandle
0x4fd104 LoadLibraryW
0x4fd108 TlsAlloc
0x4fd10c TlsGetValue
0x4fd110 TlsSetValue
0x4fd114 TlsFree
0x4fd118 InterlockedIncrement
0x4fd11c GetCurrentThreadId
0x4fd120 InterlockedDecrement
0x4fd124 WriteFile
0x4fd128 GetModuleFileNameW
0x4fd12c FreeEnvironmentStringsW
0x4fd130 WideCharToMultiByte
0x4fd134 GetCurrentProcessId
0x4fd138 Sleep
0x4fd13c GetCPInfo
0x4fd140 GetACP
0x4fd144 GetOEMCP
0x4fd148 IsValidCodePage
0x4fd14c RtlUnwind
0x4fd150 RaiseException
0x4fd154 SetStdHandle
0x4fd158 GetConsoleCP
0x4fd15c GetConsoleMode
0x4fd160 FlushFileBuffers
0x4fd164 HeapSize
0x4fd168 LCMapStringW
0x4fd16c MultiByteToWideChar
0x4fd170 GetStringTypeW
USER32.dll
0x4fd178 ShowCursor
ADVAPI32.dll
0x4fd000 AdjustTokenGroups
EAT(Export Address Table) is none