ScreenShot
| Created | 2021.11.13 11:16 | Machine | s1_win7_x6403 |
| Filename | 8577_1636402824_8748.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 50 detected (malicious, high confidence, Steam, GenericKD, Unsafe, Save, Krypter, ZexaF, xq0@aKV9A6eI, Kryptik, Eldorado, HNFZ, MalwareX, Pepc, R + Troj, Krypt, rgedl@0, R002C0DK921, Static AI, Malicious PE, GenSHCode, pndpu, ASMalwS, STOP, score, CoinMiner, Glupteba, R449277, ai score=82, Generic@ML, RDML, OvKIAp5Uye31kFRfkgMtLQ, FXkbFTcqbjQ, StopCrypt, susgen, GenericKDZ, GdSda, confidence, 100%) | ||
| md5 | b1a0bc55343edb874ec4c54cbb5a21b4 | ||
| sha256 | f063a271d8a2da357559a32adcec6083529158168bf340c2b3c393778898da66 | ||
| ssdeep | 6144:YHWuK6isfynD/VQ5Nie31XXP1klVjdbnmuzbgwu6QigabwVf:kWunfLtRXP1Qdjmunn5 | ||
| imphash | d258636f72d347eaf01f17dafac75115 | ||
| impfuzzy | 24:NSQkq+fmaA0ScDku9jGbG2UdfiiOovVtlLcQnlyv9G45/J3IoBq7jM6Kgwn:Nx8F7q2tlLcIK9nhIJ/c | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x43c000 HeapCompact
0x43c004 CommConfigDialogA
0x43c008 GetSystemWindowsDirectoryW
0x43c00c QueryPerformanceCounter
0x43c010 GetEnvironmentStringsW
0x43c014 SetConsoleScreenBufferSize
0x43c018 AddConsoleAliasW
0x43c01c BackupSeek
0x43c020 GetTickCount
0x43c024 GetSystemTimeAsFileTime
0x43c028 ReadConsoleW
0x43c02c SizeofResource
0x43c030 GetProcessHandleCount
0x43c034 FindNextVolumeW
0x43c038 HeapValidate
0x43c03c GetAtomNameW
0x43c040 GetModuleFileNameW
0x43c044 GetLastError
0x43c048 GetProcAddress
0x43c04c VirtualAlloc
0x43c050 GetFirmwareEnvironmentVariableW
0x43c054 LoadLibraryA
0x43c058 WriteConsoleA
0x43c05c LocalAlloc
0x43c060 BeginUpdateResourceA
0x43c064 GetDefaultCommConfigA
0x43c068 SetConsoleCursorInfo
0x43c06c UpdateResourceW
0x43c070 GetProcessAffinityMask
0x43c074 LCMapStringW
0x43c078 lstrcpyA
0x43c07c CreateFileW
0x43c080 WriteConsoleW
0x43c084 HeapAlloc
0x43c088 EncodePointer
0x43c08c DecodePointer
0x43c090 GetCommandLineA
0x43c094 HeapSetInformation
0x43c098 GetStartupInfoW
0x43c09c UnhandledExceptionFilter
0x43c0a0 SetUnhandledExceptionFilter
0x43c0a4 IsDebuggerPresent
0x43c0a8 TerminateProcess
0x43c0ac GetCurrentProcess
0x43c0b0 GetModuleHandleW
0x43c0b4 ExitProcess
0x43c0b8 WriteFile
0x43c0bc GetStdHandle
0x43c0c0 HeapCreate
0x43c0c4 Sleep
0x43c0c8 HeapSize
0x43c0cc EnterCriticalSection
0x43c0d0 LeaveCriticalSection
0x43c0d4 SetHandleCount
0x43c0d8 InitializeCriticalSectionAndSpinCount
0x43c0dc GetFileType
0x43c0e0 DeleteCriticalSection
0x43c0e4 SetFilePointer
0x43c0e8 HeapFree
0x43c0ec CloseHandle
0x43c0f0 GetModuleFileNameA
0x43c0f4 FreeEnvironmentStringsW
0x43c0f8 WideCharToMultiByte
0x43c0fc TlsAlloc
0x43c100 TlsGetValue
0x43c104 TlsSetValue
0x43c108 TlsFree
0x43c10c InterlockedIncrement
0x43c110 SetLastError
0x43c114 GetCurrentThreadId
0x43c118 InterlockedDecrement
0x43c11c GetCurrentProcessId
0x43c120 LoadLibraryW
0x43c124 HeapReAlloc
0x43c128 RtlUnwind
0x43c12c GetCPInfo
0x43c130 GetACP
0x43c134 GetOEMCP
0x43c138 IsValidCodePage
0x43c13c SetStdHandle
0x43c140 GetConsoleCP
0x43c144 GetConsoleMode
0x43c148 FlushFileBuffers
0x43c14c RaiseException
0x43c150 IsProcessorFeaturePresent
0x43c154 MultiByteToWideChar
0x43c158 GetStringTypeW
USER32.dll
0x43c160 MessageBeep
EAT(Export Address Table) is none
KERNEL32.dll
0x43c000 HeapCompact
0x43c004 CommConfigDialogA
0x43c008 GetSystemWindowsDirectoryW
0x43c00c QueryPerformanceCounter
0x43c010 GetEnvironmentStringsW
0x43c014 SetConsoleScreenBufferSize
0x43c018 AddConsoleAliasW
0x43c01c BackupSeek
0x43c020 GetTickCount
0x43c024 GetSystemTimeAsFileTime
0x43c028 ReadConsoleW
0x43c02c SizeofResource
0x43c030 GetProcessHandleCount
0x43c034 FindNextVolumeW
0x43c038 HeapValidate
0x43c03c GetAtomNameW
0x43c040 GetModuleFileNameW
0x43c044 GetLastError
0x43c048 GetProcAddress
0x43c04c VirtualAlloc
0x43c050 GetFirmwareEnvironmentVariableW
0x43c054 LoadLibraryA
0x43c058 WriteConsoleA
0x43c05c LocalAlloc
0x43c060 BeginUpdateResourceA
0x43c064 GetDefaultCommConfigA
0x43c068 SetConsoleCursorInfo
0x43c06c UpdateResourceW
0x43c070 GetProcessAffinityMask
0x43c074 LCMapStringW
0x43c078 lstrcpyA
0x43c07c CreateFileW
0x43c080 WriteConsoleW
0x43c084 HeapAlloc
0x43c088 EncodePointer
0x43c08c DecodePointer
0x43c090 GetCommandLineA
0x43c094 HeapSetInformation
0x43c098 GetStartupInfoW
0x43c09c UnhandledExceptionFilter
0x43c0a0 SetUnhandledExceptionFilter
0x43c0a4 IsDebuggerPresent
0x43c0a8 TerminateProcess
0x43c0ac GetCurrentProcess
0x43c0b0 GetModuleHandleW
0x43c0b4 ExitProcess
0x43c0b8 WriteFile
0x43c0bc GetStdHandle
0x43c0c0 HeapCreate
0x43c0c4 Sleep
0x43c0c8 HeapSize
0x43c0cc EnterCriticalSection
0x43c0d0 LeaveCriticalSection
0x43c0d4 SetHandleCount
0x43c0d8 InitializeCriticalSectionAndSpinCount
0x43c0dc GetFileType
0x43c0e0 DeleteCriticalSection
0x43c0e4 SetFilePointer
0x43c0e8 HeapFree
0x43c0ec CloseHandle
0x43c0f0 GetModuleFileNameA
0x43c0f4 FreeEnvironmentStringsW
0x43c0f8 WideCharToMultiByte
0x43c0fc TlsAlloc
0x43c100 TlsGetValue
0x43c104 TlsSetValue
0x43c108 TlsFree
0x43c10c InterlockedIncrement
0x43c110 SetLastError
0x43c114 GetCurrentThreadId
0x43c118 InterlockedDecrement
0x43c11c GetCurrentProcessId
0x43c120 LoadLibraryW
0x43c124 HeapReAlloc
0x43c128 RtlUnwind
0x43c12c GetCPInfo
0x43c130 GetACP
0x43c134 GetOEMCP
0x43c138 IsValidCodePage
0x43c13c SetStdHandle
0x43c140 GetConsoleCP
0x43c144 GetConsoleMode
0x43c148 FlushFileBuffers
0x43c14c RaiseException
0x43c150 IsProcessorFeaturePresent
0x43c154 MultiByteToWideChar
0x43c158 GetStringTypeW
USER32.dll
0x43c160 MessageBeep
EAT(Export Address Table) is none