ScreenShot
| Created | 2021.11.11 18:25 | Machine | s1_win7_x6401 |
| Filename | System.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 24 detected (ClipBanker, trUq, Razy, Artemis, BankerX, ASMalwS, Wacatac, Malicious, score, ai score=88, R002H0CK621, Yakes, Crzn) | ||
| md5 | 02b8cb8730c406478b6dc0443e3fa25a | ||
| sha256 | d7322d2705ab994d8769ca74cb6e109018d07afd764393ad89354d8ee98da914 | ||
| ssdeep | 6144:+PhXAdE12Fxdv/Fp+SetZ7U63wNIuS1RjcyJMpwjblZmN2tvgWxOV5/KDlT3bn5V:+1AdE12FDFkj0pwjbeUtvgOO | ||
| imphash | 25b968091be59d259f0897499d7c418f | ||
| impfuzzy | 48:EOALc4rXFWIWFQ99gVL+8vYlZ/ahpNz9kl4O+tpMBMLSQMM:EBLc4rXFWIWFQrgVL+8v/Nz9klctpGc | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 24 AntiVirus engines on VirusTotal as malicious |
| notice | Creates a shortcut to an executable file |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x140053000 SystemFunction036
KERNEL32.dll
0x140053010 HeapFree
0x140053018 lstrlenW
0x140053020 GetModuleFileNameW
0x140053028 SetLastError
0x140053030 GetLastError
0x140053038 DeleteFileW
0x140053040 CopyFileExW
0x140053048 CreateSymbolicLinkW
0x140053050 GetProcessHeap
0x140053058 HeapAlloc
0x140053060 Sleep
0x140053068 GlobalLock
0x140053070 GlobalSize
0x140053078 GlobalUnlock
0x140053080 EnterCriticalSection
0x140053088 LeaveCriticalSection
0x140053090 GlobalAlloc
0x140053098 GlobalFree
0x1400530a0 AddVectoredExceptionHandler
0x1400530a8 SetThreadStackGuarantee
0x1400530b0 HeapReAlloc
0x1400530b8 AcquireSRWLockExclusive
0x1400530c0 ReleaseSRWLockExclusive
0x1400530c8 GetModuleHandleA
0x1400530d0 GetProcAddress
0x1400530d8 TlsGetValue
0x1400530e0 TlsSetValue
0x1400530e8 AcquireSRWLockShared
0x1400530f0 ReleaseSRWLockShared
0x1400530f8 GetEnvironmentVariableW
0x140053100 GetCurrentDirectoryW
0x140053108 GetCurrentProcess
0x140053110 GetCurrentThread
0x140053118 RtlCaptureContext
0x140053120 RtlLookupFunctionEntry
0x140053128 ReleaseMutex
0x140053130 WaitForSingleObjectEx
0x140053138 LoadLibraryA
0x140053140 CreateMutexA
0x140053148 CloseHandle
0x140053150 GetStdHandle
0x140053158 GetConsoleMode
0x140053160 WriteFile
0x140053168 WriteConsoleW
0x140053170 TlsAlloc
0x140053178 GetModuleHandleW
0x140053180 FormatMessageW
0x140053188 CreateDirectoryW
0x140053190 CreateFileW
0x140053198 GetFileInformationByHandle
0x1400531a0 DeviceIoControl
0x1400531a8 InitializeCriticalSection
0x1400531b0 TryEnterCriticalSection
0x1400531b8 SetUnhandledExceptionFilter
0x1400531c0 UnhandledExceptionFilter
0x1400531c8 IsDebuggerPresent
0x1400531d0 IsProcessorFeaturePresent
0x1400531d8 RtlVirtualUnwind
0x1400531e0 InitializeSListHead
0x1400531e8 GetSystemTimeAsFileTime
0x1400531f0 GetCurrentThreadId
0x1400531f8 GetCurrentProcessId
0x140053200 QueryPerformanceCounter
ole32.dll
0x140053380 CoTaskMemFree
SHELL32.dll
0x140053210 SHGetKnownFolderPath
USER32.dll
0x140053220 CloseClipboard
0x140053228 GetClipboardData
0x140053230 OpenClipboard
0x140053238 EmptyClipboard
0x140053240 SetClipboardData
WS2_32.dll
0x140053290 WSACleanup
VCRUNTIME140.dll
0x140053250 __current_exception
0x140053258 memset
0x140053260 __C_specific_handler
0x140053268 memmove
0x140053270 memcmp
0x140053278 memcpy
0x140053280 __current_exception_context
api-ms-win-crt-runtime-l1-1-0.dll
0x1400532d0 _initterm_e
0x1400532d8 __p___argv
0x1400532e0 __p___argc
0x1400532e8 _seh_filter_exe
0x1400532f0 _exit
0x1400532f8 _c_exit
0x140053300 _register_onexit_function
0x140053308 _crt_atexit
0x140053310 terminate
0x140053318 _set_app_type
0x140053320 _initialize_onexit_table
0x140053328 _cexit
0x140053330 exit
0x140053338 _initterm
0x140053340 _get_initial_narrow_environment
0x140053348 _initialize_narrow_environment
0x140053350 _configure_narrow_argv
0x140053358 _register_thread_local_exe_atexit_callback
api-ms-win-crt-math-l1-1-0.dll
0x1400532c0 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x140053368 __p__commode
0x140053370 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x1400532b0 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x1400532a0 _set_new_mode
EAT(Export Address Table) is none
ADVAPI32.dll
0x140053000 SystemFunction036
KERNEL32.dll
0x140053010 HeapFree
0x140053018 lstrlenW
0x140053020 GetModuleFileNameW
0x140053028 SetLastError
0x140053030 GetLastError
0x140053038 DeleteFileW
0x140053040 CopyFileExW
0x140053048 CreateSymbolicLinkW
0x140053050 GetProcessHeap
0x140053058 HeapAlloc
0x140053060 Sleep
0x140053068 GlobalLock
0x140053070 GlobalSize
0x140053078 GlobalUnlock
0x140053080 EnterCriticalSection
0x140053088 LeaveCriticalSection
0x140053090 GlobalAlloc
0x140053098 GlobalFree
0x1400530a0 AddVectoredExceptionHandler
0x1400530a8 SetThreadStackGuarantee
0x1400530b0 HeapReAlloc
0x1400530b8 AcquireSRWLockExclusive
0x1400530c0 ReleaseSRWLockExclusive
0x1400530c8 GetModuleHandleA
0x1400530d0 GetProcAddress
0x1400530d8 TlsGetValue
0x1400530e0 TlsSetValue
0x1400530e8 AcquireSRWLockShared
0x1400530f0 ReleaseSRWLockShared
0x1400530f8 GetEnvironmentVariableW
0x140053100 GetCurrentDirectoryW
0x140053108 GetCurrentProcess
0x140053110 GetCurrentThread
0x140053118 RtlCaptureContext
0x140053120 RtlLookupFunctionEntry
0x140053128 ReleaseMutex
0x140053130 WaitForSingleObjectEx
0x140053138 LoadLibraryA
0x140053140 CreateMutexA
0x140053148 CloseHandle
0x140053150 GetStdHandle
0x140053158 GetConsoleMode
0x140053160 WriteFile
0x140053168 WriteConsoleW
0x140053170 TlsAlloc
0x140053178 GetModuleHandleW
0x140053180 FormatMessageW
0x140053188 CreateDirectoryW
0x140053190 CreateFileW
0x140053198 GetFileInformationByHandle
0x1400531a0 DeviceIoControl
0x1400531a8 InitializeCriticalSection
0x1400531b0 TryEnterCriticalSection
0x1400531b8 SetUnhandledExceptionFilter
0x1400531c0 UnhandledExceptionFilter
0x1400531c8 IsDebuggerPresent
0x1400531d0 IsProcessorFeaturePresent
0x1400531d8 RtlVirtualUnwind
0x1400531e0 InitializeSListHead
0x1400531e8 GetSystemTimeAsFileTime
0x1400531f0 GetCurrentThreadId
0x1400531f8 GetCurrentProcessId
0x140053200 QueryPerformanceCounter
ole32.dll
0x140053380 CoTaskMemFree
SHELL32.dll
0x140053210 SHGetKnownFolderPath
USER32.dll
0x140053220 CloseClipboard
0x140053228 GetClipboardData
0x140053230 OpenClipboard
0x140053238 EmptyClipboard
0x140053240 SetClipboardData
WS2_32.dll
0x140053290 WSACleanup
VCRUNTIME140.dll
0x140053250 __current_exception
0x140053258 memset
0x140053260 __C_specific_handler
0x140053268 memmove
0x140053270 memcmp
0x140053278 memcpy
0x140053280 __current_exception_context
api-ms-win-crt-runtime-l1-1-0.dll
0x1400532d0 _initterm_e
0x1400532d8 __p___argv
0x1400532e0 __p___argc
0x1400532e8 _seh_filter_exe
0x1400532f0 _exit
0x1400532f8 _c_exit
0x140053300 _register_onexit_function
0x140053308 _crt_atexit
0x140053310 terminate
0x140053318 _set_app_type
0x140053320 _initialize_onexit_table
0x140053328 _cexit
0x140053330 exit
0x140053338 _initterm
0x140053340 _get_initial_narrow_environment
0x140053348 _initialize_narrow_environment
0x140053350 _configure_narrow_argv
0x140053358 _register_thread_local_exe_atexit_callback
api-ms-win-crt-math-l1-1-0.dll
0x1400532c0 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x140053368 __p__commode
0x140053370 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x1400532b0 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x1400532a0 _set_new_mode
EAT(Export Address Table) is none