ScreenShot
| Created | 2021.11.15 15:02 | Machine | s1_win7_x6401 |
| Filename | index.php | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 27 detected (malicious, high confidence, Unsafe, Save, confidence, 100%, Hacktool, Kryptik, Eldorado, Fragtor, Convagent, Emotet, StopCrypt, Sabsik, score, Lockbit, FSWW, Generic@ML, RDML, 4HAF, l3I3q+20zUQ8qK3Zg, Static AI, Malicious PE, ZexaF, Jq0@a8Cv3ChO, susgen) | ||
| md5 | ae43eeced75fa3cb00434d1c43a821fd | ||
| sha256 | b74bf179ccedb1a9e8f219636c903d90ec03d923460449cbda8d037d6cd97699 | ||
| ssdeep | 12288:FUk0pIqeNiyNpAUvhN3Utfh9uSR5LO/KXJReNtiZlh79:FypIqKvX/0J7Rw/pNti3 | ||
| imphash | 804abf6bfd1eb86d699699dd471c7b89 | ||
| impfuzzy | 24:aWrkrmDl6Uo8mIsJcDARu9jiEbG2UnOClPCWuoOyc7v9VOtO17hI+OSCjMJBvAm6:GsYr3IqPJunycL9VP6STBvAmgR | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x46f008 GetEnvironmentStringsW
0x46f00c GetTickCount
0x46f010 GetConsoleAliasesA
0x46f014 GetSystemTimeAsFileTime
0x46f018 ReadConsoleW
0x46f01c WriteFileGather
0x46f020 SetHandleCount
0x46f024 GlobalAlloc
0x46f028 InitializeCriticalSectionAndSpinCount
0x46f02c Sleep
0x46f030 GetProcessHandleCount
0x46f034 GetSystemWindowsDirectoryA
0x46f038 SetConsoleCP
0x46f03c DeleteVolumeMountPointW
0x46f040 FindNextVolumeW
0x46f044 SetConsoleCursorPosition
0x46f048 GetAtomNameW
0x46f04c GetCPInfoExW
0x46f050 SetLastError
0x46f054 GetProcAddress
0x46f058 VirtualAlloc
0x46f05c BeginUpdateResourceW
0x46f060 EnumDateFormatsExA
0x46f064 GetFirmwareEnvironmentVariableW
0x46f068 LoadLibraryA
0x46f06c WriteConsoleA
0x46f070 UnhandledExceptionFilter
0x46f074 CreateHardLinkW
0x46f078 GetDefaultCommConfigA
0x46f07c SetConsoleCursorInfo
0x46f080 IsDebuggerPresent
0x46f084 RequestDeviceWakeup
0x46f088 QueryPerformanceFrequency
0x46f08c DuplicateHandle
0x46f090 DeleteAtom
0x46f094 lstrcpyW
0x46f098 SetCriticalSectionSpinCount
0x46f09c LCMapStringA
0x46f0a0 HeapAlloc
0x46f0a4 GetModuleHandleW
0x46f0a8 ExitProcess
0x46f0ac DecodePointer
0x46f0b0 GetCommandLineW
0x46f0b4 HeapSetInformation
0x46f0b8 GetStartupInfoW
0x46f0bc EnterCriticalSection
0x46f0c0 LeaveCriticalSection
0x46f0c4 GetStdHandle
0x46f0c8 GetFileType
0x46f0cc DeleteCriticalSection
0x46f0d0 SetUnhandledExceptionFilter
0x46f0d4 EncodePointer
0x46f0d8 TerminateProcess
0x46f0dc GetCurrentProcess
0x46f0e0 WriteFile
0x46f0e4 GetModuleFileNameW
0x46f0e8 HeapCreate
0x46f0ec IsProcessorFeaturePresent
0x46f0f0 GetLastError
0x46f0f4 SetFilePointer
0x46f0f8 HeapFree
0x46f0fc CloseHandle
0x46f100 LoadLibraryW
0x46f104 TlsAlloc
0x46f108 TlsGetValue
0x46f10c TlsSetValue
0x46f110 TlsFree
0x46f114 InterlockedIncrement
0x46f118 GetCurrentThreadId
0x46f11c InterlockedDecrement
0x46f120 FreeEnvironmentStringsW
0x46f124 QueryPerformanceCounter
0x46f128 GetCurrentProcessId
0x46f12c WideCharToMultiByte
0x46f130 GetConsoleCP
0x46f134 GetConsoleMode
0x46f138 RtlUnwind
0x46f13c GetCPInfo
0x46f140 GetACP
0x46f144 GetOEMCP
0x46f148 IsValidCodePage
0x46f14c RaiseException
0x46f150 SetStdHandle
0x46f154 FlushFileBuffers
0x46f158 HeapSize
0x46f15c HeapReAlloc
0x46f160 WriteConsoleW
0x46f164 MultiByteToWideChar
0x46f168 LCMapStringW
0x46f16c GetStringTypeW
0x46f170 CreateFileW
USER32.dll
0x46f178 GetClipCursor
ADVAPI32.dll
0x46f000 AdjustTokenPrivileges
EAT(Export Address Table) is none
KERNEL32.dll
0x46f008 GetEnvironmentStringsW
0x46f00c GetTickCount
0x46f010 GetConsoleAliasesA
0x46f014 GetSystemTimeAsFileTime
0x46f018 ReadConsoleW
0x46f01c WriteFileGather
0x46f020 SetHandleCount
0x46f024 GlobalAlloc
0x46f028 InitializeCriticalSectionAndSpinCount
0x46f02c Sleep
0x46f030 GetProcessHandleCount
0x46f034 GetSystemWindowsDirectoryA
0x46f038 SetConsoleCP
0x46f03c DeleteVolumeMountPointW
0x46f040 FindNextVolumeW
0x46f044 SetConsoleCursorPosition
0x46f048 GetAtomNameW
0x46f04c GetCPInfoExW
0x46f050 SetLastError
0x46f054 GetProcAddress
0x46f058 VirtualAlloc
0x46f05c BeginUpdateResourceW
0x46f060 EnumDateFormatsExA
0x46f064 GetFirmwareEnvironmentVariableW
0x46f068 LoadLibraryA
0x46f06c WriteConsoleA
0x46f070 UnhandledExceptionFilter
0x46f074 CreateHardLinkW
0x46f078 GetDefaultCommConfigA
0x46f07c SetConsoleCursorInfo
0x46f080 IsDebuggerPresent
0x46f084 RequestDeviceWakeup
0x46f088 QueryPerformanceFrequency
0x46f08c DuplicateHandle
0x46f090 DeleteAtom
0x46f094 lstrcpyW
0x46f098 SetCriticalSectionSpinCount
0x46f09c LCMapStringA
0x46f0a0 HeapAlloc
0x46f0a4 GetModuleHandleW
0x46f0a8 ExitProcess
0x46f0ac DecodePointer
0x46f0b0 GetCommandLineW
0x46f0b4 HeapSetInformation
0x46f0b8 GetStartupInfoW
0x46f0bc EnterCriticalSection
0x46f0c0 LeaveCriticalSection
0x46f0c4 GetStdHandle
0x46f0c8 GetFileType
0x46f0cc DeleteCriticalSection
0x46f0d0 SetUnhandledExceptionFilter
0x46f0d4 EncodePointer
0x46f0d8 TerminateProcess
0x46f0dc GetCurrentProcess
0x46f0e0 WriteFile
0x46f0e4 GetModuleFileNameW
0x46f0e8 HeapCreate
0x46f0ec IsProcessorFeaturePresent
0x46f0f0 GetLastError
0x46f0f4 SetFilePointer
0x46f0f8 HeapFree
0x46f0fc CloseHandle
0x46f100 LoadLibraryW
0x46f104 TlsAlloc
0x46f108 TlsGetValue
0x46f10c TlsSetValue
0x46f110 TlsFree
0x46f114 InterlockedIncrement
0x46f118 GetCurrentThreadId
0x46f11c InterlockedDecrement
0x46f120 FreeEnvironmentStringsW
0x46f124 QueryPerformanceCounter
0x46f128 GetCurrentProcessId
0x46f12c WideCharToMultiByte
0x46f130 GetConsoleCP
0x46f134 GetConsoleMode
0x46f138 RtlUnwind
0x46f13c GetCPInfo
0x46f140 GetACP
0x46f144 GetOEMCP
0x46f148 IsValidCodePage
0x46f14c RaiseException
0x46f150 SetStdHandle
0x46f154 FlushFileBuffers
0x46f158 HeapSize
0x46f15c HeapReAlloc
0x46f160 WriteConsoleW
0x46f164 MultiByteToWideChar
0x46f168 LCMapStringW
0x46f16c GetStringTypeW
0x46f170 CreateFileW
USER32.dll
0x46f178 GetClipCursor
ADVAPI32.dll
0x46f000 AdjustTokenPrivileges
EAT(Export Address Table) is none