ScreenShot
| Created | 2021.11.14 18:29 | Machine | s1_win7_x6403 |
| Filename | 7870_1636781441_9630.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 36 detected (malicious, high confidence, GenericKD, Lockbit, FSWW, confidence, 100%, Kryptik, Eldorado, HNHS, TrojanX, Fragtor, Generic@ML, RDML, PBn+Xk+pWpxG, xVVbIIZow, DownLoader43, bxidk, kcloud, score, CoinMiner, Glupteba, R449923, GenericKDZ, R002C0WKD21, Static AI, Malicious PE, susgen, GdSda) | ||
| md5 | d985b4cfdceecc3c0fe4f3e4fda4e416 | ||
| sha256 | a8b37d6b073ee045ae63473cb1a592c974e896b19e3db06d552f955901c06db7 | ||
| ssdeep | 3072:X7UuBgLClgxDRXr8FszykHszuubqbgLt0ODpZa9uD6Vdyhkd:2LClgxDVwq4r4gRVwVf | ||
| imphash | 620327c357b4e134c44aeeb41890b58a | ||
| impfuzzy | 24:4q+fsZBCr1uAUDlcDAm2bG2Aq9l1SBoOLUcjtnlyv9Gj7/J3I+OSEoaMjAfou:QUZAYL1+ngcjtnK9A6SEoZAfR | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 36 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x417008 GetCurrentActCtx
0x41700c GetEnvironmentStringsW
0x417010 SetConsoleScreenBufferSize
0x417014 GetSystemDefaultLCID
0x417018 GetTickCount
0x41701c GetProcessHeap
0x417020 GetSystemTimeAsFileTime
0x417024 ReadConsoleW
0x417028 SetHandleCount
0x41702c GetConsoleCP
0x417030 GlobalAlloc
0x417034 GetFirmwareEnvironmentVariableA
0x417038 Sleep
0x41703c GetProcessHandleCount
0x417040 GetSystemWindowsDirectoryA
0x417044 DeleteVolumeMountPointW
0x417048 FindNextVolumeW
0x41704c GetFileAttributesW
0x417050 WriteConsoleW
0x417054 GetLastError
0x417058 GetProcAddress
0x41705c VirtualAlloc
0x417060 BackupWrite
0x417064 VirtualAllocEx
0x417068 GetAtomNameA
0x41706c LoadLibraryA
0x417070 GetDefaultCommConfigA
0x417074 GetConsoleCursorInfo
0x417078 QueryPerformanceFrequency
0x41707c CloseHandle
0x417080 DeleteAtom
0x417084 lstrcpyW
0x417088 LCMapStringW
0x41708c CommConfigDialogW
0x417090 HeapAlloc
0x417094 GetModuleHandleW
0x417098 ExitProcess
0x41709c DecodePointer
0x4170a0 GetCommandLineW
0x4170a4 HeapSetInformation
0x4170a8 GetStartupInfoW
0x4170ac EncodePointer
0x4170b0 IsProcessorFeaturePresent
0x4170b4 WriteFile
0x4170b8 GetStdHandle
0x4170bc GetModuleFileNameW
0x4170c0 HeapCreate
0x4170c4 EnterCriticalSection
0x4170c8 LeaveCriticalSection
0x4170cc UnhandledExceptionFilter
0x4170d0 SetUnhandledExceptionFilter
0x4170d4 IsDebuggerPresent
0x4170d8 TerminateProcess
0x4170dc GetCurrentProcess
0x4170e0 InitializeCriticalSectionAndSpinCount
0x4170e4 GetFileType
0x4170e8 DeleteCriticalSection
0x4170ec SetFilePointer
0x4170f0 HeapFree
0x4170f4 LoadLibraryW
0x4170f8 TlsAlloc
0x4170fc TlsGetValue
0x417100 TlsSetValue
0x417104 TlsFree
0x417108 InterlockedIncrement
0x41710c SetLastError
0x417110 GetCurrentThreadId
0x417114 InterlockedDecrement
0x417118 FreeEnvironmentStringsW
0x41711c QueryPerformanceCounter
0x417120 GetCurrentProcessId
0x417124 RaiseException
0x417128 GetCPInfo
0x41712c GetACP
0x417130 GetOEMCP
0x417134 IsValidCodePage
0x417138 WideCharToMultiByte
0x41713c RtlUnwind
0x417140 SetStdHandle
0x417144 GetConsoleMode
0x417148 FlushFileBuffers
0x41714c HeapSize
0x417150 HeapReAlloc
0x417154 MultiByteToWideChar
0x417158 GetStringTypeW
0x41715c CreateFileW
USER32.dll
0x417164 ClipCursor
ADVAPI32.dll
0x417000 AdjustTokenGroups
EAT(Export Address Table) is none
KERNEL32.dll
0x417008 GetCurrentActCtx
0x41700c GetEnvironmentStringsW
0x417010 SetConsoleScreenBufferSize
0x417014 GetSystemDefaultLCID
0x417018 GetTickCount
0x41701c GetProcessHeap
0x417020 GetSystemTimeAsFileTime
0x417024 ReadConsoleW
0x417028 SetHandleCount
0x41702c GetConsoleCP
0x417030 GlobalAlloc
0x417034 GetFirmwareEnvironmentVariableA
0x417038 Sleep
0x41703c GetProcessHandleCount
0x417040 GetSystemWindowsDirectoryA
0x417044 DeleteVolumeMountPointW
0x417048 FindNextVolumeW
0x41704c GetFileAttributesW
0x417050 WriteConsoleW
0x417054 GetLastError
0x417058 GetProcAddress
0x41705c VirtualAlloc
0x417060 BackupWrite
0x417064 VirtualAllocEx
0x417068 GetAtomNameA
0x41706c LoadLibraryA
0x417070 GetDefaultCommConfigA
0x417074 GetConsoleCursorInfo
0x417078 QueryPerformanceFrequency
0x41707c CloseHandle
0x417080 DeleteAtom
0x417084 lstrcpyW
0x417088 LCMapStringW
0x41708c CommConfigDialogW
0x417090 HeapAlloc
0x417094 GetModuleHandleW
0x417098 ExitProcess
0x41709c DecodePointer
0x4170a0 GetCommandLineW
0x4170a4 HeapSetInformation
0x4170a8 GetStartupInfoW
0x4170ac EncodePointer
0x4170b0 IsProcessorFeaturePresent
0x4170b4 WriteFile
0x4170b8 GetStdHandle
0x4170bc GetModuleFileNameW
0x4170c0 HeapCreate
0x4170c4 EnterCriticalSection
0x4170c8 LeaveCriticalSection
0x4170cc UnhandledExceptionFilter
0x4170d0 SetUnhandledExceptionFilter
0x4170d4 IsDebuggerPresent
0x4170d8 TerminateProcess
0x4170dc GetCurrentProcess
0x4170e0 InitializeCriticalSectionAndSpinCount
0x4170e4 GetFileType
0x4170e8 DeleteCriticalSection
0x4170ec SetFilePointer
0x4170f0 HeapFree
0x4170f4 LoadLibraryW
0x4170f8 TlsAlloc
0x4170fc TlsGetValue
0x417100 TlsSetValue
0x417104 TlsFree
0x417108 InterlockedIncrement
0x41710c SetLastError
0x417110 GetCurrentThreadId
0x417114 InterlockedDecrement
0x417118 FreeEnvironmentStringsW
0x41711c QueryPerformanceCounter
0x417120 GetCurrentProcessId
0x417124 RaiseException
0x417128 GetCPInfo
0x41712c GetACP
0x417130 GetOEMCP
0x417134 IsValidCodePage
0x417138 WideCharToMultiByte
0x41713c RtlUnwind
0x417140 SetStdHandle
0x417144 GetConsoleMode
0x417148 FlushFileBuffers
0x41714c HeapSize
0x417150 HeapReAlloc
0x417154 MultiByteToWideChar
0x417158 GetStringTypeW
0x41715c CreateFileW
USER32.dll
0x417164 ClipCursor
ADVAPI32.dll
0x417000 AdjustTokenGroups
EAT(Export Address Table) is none