ScreenShot
| Created | 2021.11.12 10:31 | Machine | s1_win7_x6403 |
| Filename | 9431_1636644172_2842.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 39 detected (malicious, high confidence, GenericKDZ, Unsafe, Save, Jaik, Kryptik, Eldorado, HNGW, Fragtor, Zbot, MalwareX, ET#96%, RDMK, cmRtazrXfmKdzUl7qhEjXpkuYJNn, Lockbit, StopCrypt, Score, ai score=87, Raccrypt, CoinMiner, Glupteba, R449620, ZexaF, Oq0@aSDPj1gc, Static AI, Malicious PE, susgen, GdSda, confidence, 100%) | ||
| md5 | 9be7ba9afcb345e57ed908bb4947ea01 | ||
| sha256 | 20db7ae176f332d5e96b95d382909163dd3440b13eb6845e2d3fdb6ddeea2ff0 | ||
| ssdeep | 12288:z/eG1b0Dzgwy3FtmfbGAMWLZRKXcyJd3oK75inCXYhpEs:CZcFkf7LzKsQOIYh/ | ||
| imphash | 52f3cbaa89ec222f54fb6ad33fd12ebf | ||
| impfuzzy | 24:AbG2S11kq+fMlu3qFzHbwJcDSNc5lCSRc7oOovVtU4cXIlyv9217hI16cMWjMTgO:j1f80FTVCPn2tlc4K903cMGO | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 39 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x48a008 GetDefaultCommConfigW
0x48a00c LoadResource
0x48a010 GetSystemWindowsDirectoryW
0x48a014 QueryPerformanceCounter
0x48a018 GetEnvironmentStringsW
0x48a01c SetConsoleScreenBufferSize
0x48a020 BackupSeek
0x48a024 GetTickCount
0x48a028 GetProcessHeap
0x48a02c GetSystemTimeAsFileTime
0x48a030 ReadConsoleW
0x48a034 GetFirmwareEnvironmentVariableA
0x48a038 GetProcessHandleCount
0x48a03c InitAtomTable
0x48a040 HeapValidate
0x48a044 HeapCompact
0x48a048 WriteConsoleW
0x48a04c DeactivateActCtx
0x48a050 LCMapStringA
0x48a054 GetConsoleOutputCP
0x48a058 SetLastError
0x48a05c GetProcAddress
0x48a060 VirtualAlloc
0x48a064 BeginUpdateResourceW
0x48a068 GetAtomNameA
0x48a06c LoadLibraryA
0x48a070 LocalAlloc
0x48a074 GetModuleFileNameA
0x48a078 GetConsoleCursorInfo
0x48a07c DeleteAtom
0x48a080 AddConsoleAliasA
0x48a084 FindNextVolumeA
0x48a088 lstrcpyW
0x48a08c CommConfigDialogW
0x48a090 SetProcessAffinityMask
0x48a094 CreateFileW
0x48a098 GetLastError
0x48a09c HeapReAlloc
0x48a0a0 GetModuleHandleW
0x48a0a4 ExitProcess
0x48a0a8 DecodePointer
0x48a0ac GetCommandLineA
0x48a0b0 HeapSetInformation
0x48a0b4 GetStartupInfoW
0x48a0b8 UnhandledExceptionFilter
0x48a0bc SetUnhandledExceptionFilter
0x48a0c0 IsDebuggerPresent
0x48a0c4 EncodePointer
0x48a0c8 TerminateProcess
0x48a0cc GetCurrentProcess
0x48a0d0 HeapAlloc
0x48a0d4 EnterCriticalSection
0x48a0d8 LeaveCriticalSection
0x48a0dc IsProcessorFeaturePresent
0x48a0e0 SetHandleCount
0x48a0e4 GetStdHandle
0x48a0e8 InitializeCriticalSectionAndSpinCount
0x48a0ec GetFileType
0x48a0f0 DeleteCriticalSection
0x48a0f4 SetFilePointer
0x48a0f8 HeapCreate
0x48a0fc HeapFree
0x48a100 CloseHandle
0x48a104 LoadLibraryW
0x48a108 TlsAlloc
0x48a10c TlsGetValue
0x48a110 TlsSetValue
0x48a114 TlsFree
0x48a118 InterlockedIncrement
0x48a11c GetCurrentThreadId
0x48a120 InterlockedDecrement
0x48a124 WriteFile
0x48a128 GetModuleFileNameW
0x48a12c FreeEnvironmentStringsW
0x48a130 WideCharToMultiByte
0x48a134 GetCurrentProcessId
0x48a138 Sleep
0x48a13c GetCPInfo
0x48a140 GetACP
0x48a144 GetOEMCP
0x48a148 IsValidCodePage
0x48a14c RtlUnwind
0x48a150 RaiseException
0x48a154 SetStdHandle
0x48a158 GetConsoleCP
0x48a15c GetConsoleMode
0x48a160 FlushFileBuffers
0x48a164 HeapSize
0x48a168 LCMapStringW
0x48a16c MultiByteToWideChar
0x48a170 GetStringTypeW
USER32.dll
0x48a178 ShowCursor
ADVAPI32.dll
0x48a000 AdjustTokenGroups
EAT(Export Address Table) is none
KERNEL32.dll
0x48a008 GetDefaultCommConfigW
0x48a00c LoadResource
0x48a010 GetSystemWindowsDirectoryW
0x48a014 QueryPerformanceCounter
0x48a018 GetEnvironmentStringsW
0x48a01c SetConsoleScreenBufferSize
0x48a020 BackupSeek
0x48a024 GetTickCount
0x48a028 GetProcessHeap
0x48a02c GetSystemTimeAsFileTime
0x48a030 ReadConsoleW
0x48a034 GetFirmwareEnvironmentVariableA
0x48a038 GetProcessHandleCount
0x48a03c InitAtomTable
0x48a040 HeapValidate
0x48a044 HeapCompact
0x48a048 WriteConsoleW
0x48a04c DeactivateActCtx
0x48a050 LCMapStringA
0x48a054 GetConsoleOutputCP
0x48a058 SetLastError
0x48a05c GetProcAddress
0x48a060 VirtualAlloc
0x48a064 BeginUpdateResourceW
0x48a068 GetAtomNameA
0x48a06c LoadLibraryA
0x48a070 LocalAlloc
0x48a074 GetModuleFileNameA
0x48a078 GetConsoleCursorInfo
0x48a07c DeleteAtom
0x48a080 AddConsoleAliasA
0x48a084 FindNextVolumeA
0x48a088 lstrcpyW
0x48a08c CommConfigDialogW
0x48a090 SetProcessAffinityMask
0x48a094 CreateFileW
0x48a098 GetLastError
0x48a09c HeapReAlloc
0x48a0a0 GetModuleHandleW
0x48a0a4 ExitProcess
0x48a0a8 DecodePointer
0x48a0ac GetCommandLineA
0x48a0b0 HeapSetInformation
0x48a0b4 GetStartupInfoW
0x48a0b8 UnhandledExceptionFilter
0x48a0bc SetUnhandledExceptionFilter
0x48a0c0 IsDebuggerPresent
0x48a0c4 EncodePointer
0x48a0c8 TerminateProcess
0x48a0cc GetCurrentProcess
0x48a0d0 HeapAlloc
0x48a0d4 EnterCriticalSection
0x48a0d8 LeaveCriticalSection
0x48a0dc IsProcessorFeaturePresent
0x48a0e0 SetHandleCount
0x48a0e4 GetStdHandle
0x48a0e8 InitializeCriticalSectionAndSpinCount
0x48a0ec GetFileType
0x48a0f0 DeleteCriticalSection
0x48a0f4 SetFilePointer
0x48a0f8 HeapCreate
0x48a0fc HeapFree
0x48a100 CloseHandle
0x48a104 LoadLibraryW
0x48a108 TlsAlloc
0x48a10c TlsGetValue
0x48a110 TlsSetValue
0x48a114 TlsFree
0x48a118 InterlockedIncrement
0x48a11c GetCurrentThreadId
0x48a120 InterlockedDecrement
0x48a124 WriteFile
0x48a128 GetModuleFileNameW
0x48a12c FreeEnvironmentStringsW
0x48a130 WideCharToMultiByte
0x48a134 GetCurrentProcessId
0x48a138 Sleep
0x48a13c GetCPInfo
0x48a140 GetACP
0x48a144 GetOEMCP
0x48a148 IsValidCodePage
0x48a14c RtlUnwind
0x48a150 RaiseException
0x48a154 SetStdHandle
0x48a158 GetConsoleCP
0x48a15c GetConsoleMode
0x48a160 FlushFileBuffers
0x48a164 HeapSize
0x48a168 LCMapStringW
0x48a16c MultiByteToWideChar
0x48a170 GetStringTypeW
USER32.dll
0x48a178 ShowCursor
ADVAPI32.dll
0x48a000 AdjustTokenGroups
EAT(Export Address Table) is none