ScreenShot
| Created | 2021.11.11 18:12 | Machine | s1_win7_x6401 |
| Filename | 9794_1636547330_2341.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 31 detected (AIDetect, malware1, malicious, high confidence, Siggen15, Unsafe, Save, Hacktool, ZexaF, lq0@aGHQdrhc, Kryptik, Eldorado, HNGP, Fragtor, Static AI, Malicious PE, StopCrypt, Score, Krypter, ET#93%, RDMK, cmRtazqG1VpkSZ42BxxCmmcpjkVh, susgen, confidence, 100%) | ||
| md5 | 435b9c498c170c228aaa2006c59e91d0 | ||
| sha256 | 1dd7a2de3a100eb6258ba36d8714ab63494934bea8a7ec3756ef40c6655e155a | ||
| ssdeep | 3072:a7IQTqdBOULPf3SYTvSVcH6/q2flLWrxpzbgqru2sxkgaBChe:5HTOULyyShTZuzbgwujiga | ||
| imphash | c8cafda4e053c1cc53231f2d3aff32c4 | ||
| impfuzzy | 24:6SNbG2S11kq+fMlu3qFL2wJcD7Ljc5lfeNOovVt3ZcXIlyv9275hIoBGBWjMtgwB:6B1f80Fdz2t3Zc4K96h8BUk | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 31 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x418008 CommConfigDialogA
0x41800c GetDefaultCommConfigW
0x418010 LoadResource
0x418014 GetSystemWindowsDirectoryW
0x418018 QueryPerformanceCounter
0x41801c GetEnvironmentStringsW
0x418020 SetConsoleScreenBufferSize
0x418024 BackupSeek
0x418028 GetTickCount
0x41802c GetProcessHeap
0x418030 GetSystemTimeAsFileTime
0x418034 ReadConsoleW
0x418038 GetFirmwareEnvironmentVariableA
0x41803c GetProcessHandleCount
0x418040 InitAtomTable
0x418044 HeapValidate
0x418048 GetModuleFileNameW
0x41804c DeactivateActCtx
0x418050 GetConsoleOutputCP
0x418054 SetLastError
0x418058 GetProcAddress
0x41805c VirtualAlloc
0x418060 HeapSize
0x418064 BeginUpdateResourceW
0x418068 GetAtomNameA
0x41806c LoadLibraryA
0x418070 WriteConsoleA
0x418074 LocalAlloc
0x418078 GetProcessAffinityMask
0x41807c GetConsoleCursorInfo
0x418080 DeleteAtom
0x418084 AddConsoleAliasA
0x418088 FindNextVolumeA
0x41808c lstrcpyW
0x418090 LCMapStringW
0x418094 WriteConsoleW
0x418098 CreateFileW
0x41809c EncodePointer
0x4180a0 DecodePointer
0x4180a4 GetLastError
0x4180a8 HeapReAlloc
0x4180ac GetCommandLineA
0x4180b0 HeapSetInformation
0x4180b4 GetStartupInfoW
0x4180b8 UnhandledExceptionFilter
0x4180bc SetUnhandledExceptionFilter
0x4180c0 IsDebuggerPresent
0x4180c4 TerminateProcess
0x4180c8 GetCurrentProcess
0x4180cc HeapAlloc
0x4180d0 Sleep
0x4180d4 GetModuleHandleW
0x4180d8 ExitProcess
0x4180dc EnterCriticalSection
0x4180e0 LeaveCriticalSection
0x4180e4 IsProcessorFeaturePresent
0x4180e8 SetHandleCount
0x4180ec GetStdHandle
0x4180f0 InitializeCriticalSectionAndSpinCount
0x4180f4 GetFileType
0x4180f8 DeleteCriticalSection
0x4180fc SetFilePointer
0x418100 HeapCreate
0x418104 HeapFree
0x418108 CloseHandle
0x41810c WriteFile
0x418110 GetModuleFileNameA
0x418114 FreeEnvironmentStringsW
0x418118 WideCharToMultiByte
0x41811c TlsAlloc
0x418120 TlsGetValue
0x418124 TlsSetValue
0x418128 TlsFree
0x41812c InterlockedIncrement
0x418130 GetCurrentThreadId
0x418134 InterlockedDecrement
0x418138 GetCurrentProcessId
0x41813c LoadLibraryW
0x418140 RtlUnwind
0x418144 GetCPInfo
0x418148 GetACP
0x41814c GetOEMCP
0x418150 IsValidCodePage
0x418154 RaiseException
0x418158 SetStdHandle
0x41815c GetConsoleCP
0x418160 GetConsoleMode
0x418164 FlushFileBuffers
0x418168 MultiByteToWideChar
0x41816c GetStringTypeW
USER32.dll
0x418174 MessageBeep
ADVAPI32.dll
0x418000 AdjustTokenGroups
EAT(Export Address Table) is none
KERNEL32.dll
0x418008 CommConfigDialogA
0x41800c GetDefaultCommConfigW
0x418010 LoadResource
0x418014 GetSystemWindowsDirectoryW
0x418018 QueryPerformanceCounter
0x41801c GetEnvironmentStringsW
0x418020 SetConsoleScreenBufferSize
0x418024 BackupSeek
0x418028 GetTickCount
0x41802c GetProcessHeap
0x418030 GetSystemTimeAsFileTime
0x418034 ReadConsoleW
0x418038 GetFirmwareEnvironmentVariableA
0x41803c GetProcessHandleCount
0x418040 InitAtomTable
0x418044 HeapValidate
0x418048 GetModuleFileNameW
0x41804c DeactivateActCtx
0x418050 GetConsoleOutputCP
0x418054 SetLastError
0x418058 GetProcAddress
0x41805c VirtualAlloc
0x418060 HeapSize
0x418064 BeginUpdateResourceW
0x418068 GetAtomNameA
0x41806c LoadLibraryA
0x418070 WriteConsoleA
0x418074 LocalAlloc
0x418078 GetProcessAffinityMask
0x41807c GetConsoleCursorInfo
0x418080 DeleteAtom
0x418084 AddConsoleAliasA
0x418088 FindNextVolumeA
0x41808c lstrcpyW
0x418090 LCMapStringW
0x418094 WriteConsoleW
0x418098 CreateFileW
0x41809c EncodePointer
0x4180a0 DecodePointer
0x4180a4 GetLastError
0x4180a8 HeapReAlloc
0x4180ac GetCommandLineA
0x4180b0 HeapSetInformation
0x4180b4 GetStartupInfoW
0x4180b8 UnhandledExceptionFilter
0x4180bc SetUnhandledExceptionFilter
0x4180c0 IsDebuggerPresent
0x4180c4 TerminateProcess
0x4180c8 GetCurrentProcess
0x4180cc HeapAlloc
0x4180d0 Sleep
0x4180d4 GetModuleHandleW
0x4180d8 ExitProcess
0x4180dc EnterCriticalSection
0x4180e0 LeaveCriticalSection
0x4180e4 IsProcessorFeaturePresent
0x4180e8 SetHandleCount
0x4180ec GetStdHandle
0x4180f0 InitializeCriticalSectionAndSpinCount
0x4180f4 GetFileType
0x4180f8 DeleteCriticalSection
0x4180fc SetFilePointer
0x418100 HeapCreate
0x418104 HeapFree
0x418108 CloseHandle
0x41810c WriteFile
0x418110 GetModuleFileNameA
0x418114 FreeEnvironmentStringsW
0x418118 WideCharToMultiByte
0x41811c TlsAlloc
0x418120 TlsGetValue
0x418124 TlsSetValue
0x418128 TlsFree
0x41812c InterlockedIncrement
0x418130 GetCurrentThreadId
0x418134 InterlockedDecrement
0x418138 GetCurrentProcessId
0x41813c LoadLibraryW
0x418140 RtlUnwind
0x418144 GetCPInfo
0x418148 GetACP
0x41814c GetOEMCP
0x418150 IsValidCodePage
0x418154 RaiseException
0x418158 SetStdHandle
0x41815c GetConsoleCP
0x418160 GetConsoleMode
0x418164 FlushFileBuffers
0x418168 MultiByteToWideChar
0x41816c GetStringTypeW
USER32.dll
0x418174 MessageBeep
ADVAPI32.dll
0x418000 AdjustTokenGroups
EAT(Export Address Table) is none