ScreenShot
| Created | 2022.01.17 13:34 | Machine | s1_win7_x6403 |
| Filename | AdobeUpdate.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 9 detected (Artemis, Unsafe, Malicious, score, Double, Encoded, Wacatac, CLOUD) | ||
| md5 | aee35c2dc70abe1732fc4fc593aa6e37 | ||
| sha256 | 5847c9caee588bf5b3c9c710cd8f12aabed088becea48b79637c73732948feac | ||
| ssdeep | 24576:HYng7x1WeZkcJ5os5hej4Rlk4rwla/b9kD5sOz/fl8drNy:HYgtEDiCswPla6mhy | ||
| imphash | 794fc9f2b10bbbf122bb018ecb15e5fa | ||
| impfuzzy | 24:OQjOjpygDpu2XBcpVWcD02tdS1CBg3JBlmro3v4GM+3FZxCpOovbOPZHu9X1:O7NXBcpV5HtdS1CBgPE6JFZn3G1 | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| watch | Drops a binary and executes it |
| notice | Creates executable files on the filesystem |
| notice | File has been identified by 9 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (12cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140039000 GetModuleFileNameA
0x140039008 SizeofResource
0x140039010 WriteProcessMemory
0x140039018 FindResourceA
0x140039020 CreateMutexA
0x140039028 WaitForSingleObject
0x140039030 ResumeThread
0x140039038 GetModuleHandleA
0x140039040 Sleep
0x140039048 GetLastError
0x140039050 LoadLibraryA
0x140039058 LockResource
0x140039060 LoadResource
0x140039068 GetProcAddress
0x140039070 FreeLibrary
0x140039078 CreateDirectoryA
0x140039080 SetThreadContext
0x140039088 SetEndOfFile
0x140039090 WideCharToMultiByte
0x140039098 EnterCriticalSection
0x1400390a0 LeaveCriticalSection
0x1400390a8 InitializeCriticalSectionEx
0x1400390b0 DeleteCriticalSection
0x1400390b8 EncodePointer
0x1400390c0 DecodePointer
0x1400390c8 MultiByteToWideChar
0x1400390d0 LCMapStringEx
0x1400390d8 GetStringTypeW
0x1400390e0 GetCPInfo
0x1400390e8 RtlCaptureContext
0x1400390f0 RtlLookupFunctionEntry
0x1400390f8 RtlVirtualUnwind
0x140039100 UnhandledExceptionFilter
0x140039108 SetUnhandledExceptionFilter
0x140039110 GetCurrentProcess
0x140039118 TerminateProcess
0x140039120 IsProcessorFeaturePresent
0x140039128 IsDebuggerPresent
0x140039130 GetStartupInfoW
0x140039138 GetModuleHandleW
0x140039140 QueryPerformanceCounter
0x140039148 GetCurrentProcessId
0x140039150 GetCurrentThreadId
0x140039158 GetSystemTimeAsFileTime
0x140039160 InitializeSListHead
0x140039168 RtlUnwindEx
0x140039170 RtlPcToFileHeader
0x140039178 RaiseException
0x140039180 SetLastError
0x140039188 InitializeCriticalSectionAndSpinCount
0x140039190 TlsAlloc
0x140039198 TlsGetValue
0x1400391a0 TlsSetValue
0x1400391a8 TlsFree
0x1400391b0 LoadLibraryExW
0x1400391b8 ExitProcess
0x1400391c0 GetModuleHandleExW
0x1400391c8 GetModuleFileNameW
0x1400391d0 GetStdHandle
0x1400391d8 WriteFile
0x1400391e0 GetFileSizeEx
0x1400391e8 SetFilePointerEx
0x1400391f0 GetFileType
0x1400391f8 HeapAlloc
0x140039200 FlushFileBuffers
0x140039208 GetConsoleOutputCP
0x140039210 GetConsoleMode
0x140039218 HeapFree
0x140039220 CloseHandle
0x140039228 GetExitCodeProcess
0x140039230 CreateProcessW
0x140039238 GetFileAttributesExW
0x140039240 CompareStringW
0x140039248 LCMapStringW
0x140039250 GetLocaleInfoW
0x140039258 IsValidLocale
0x140039260 GetUserDefaultLCID
0x140039268 EnumSystemLocalesW
0x140039270 ReadFile
0x140039278 ReadConsoleW
0x140039280 HeapReAlloc
0x140039288 FindClose
0x140039290 FindFirstFileExW
0x140039298 FindNextFileW
0x1400392a0 IsValidCodePage
0x1400392a8 GetACP
0x1400392b0 GetOEMCP
0x1400392b8 GetCommandLineA
0x1400392c0 GetCommandLineW
0x1400392c8 GetEnvironmentStringsW
0x1400392d0 FreeEnvironmentStringsW
0x1400392d8 SetEnvironmentVariableW
0x1400392e0 GetProcessHeap
0x1400392e8 SetStdHandle
0x1400392f0 CreateFileW
0x1400392f8 HeapSize
0x140039300 WriteConsoleW
0x140039308 RtlUnwind
EAT(Export Address Table) is none
KERNEL32.dll
0x140039000 GetModuleFileNameA
0x140039008 SizeofResource
0x140039010 WriteProcessMemory
0x140039018 FindResourceA
0x140039020 CreateMutexA
0x140039028 WaitForSingleObject
0x140039030 ResumeThread
0x140039038 GetModuleHandleA
0x140039040 Sleep
0x140039048 GetLastError
0x140039050 LoadLibraryA
0x140039058 LockResource
0x140039060 LoadResource
0x140039068 GetProcAddress
0x140039070 FreeLibrary
0x140039078 CreateDirectoryA
0x140039080 SetThreadContext
0x140039088 SetEndOfFile
0x140039090 WideCharToMultiByte
0x140039098 EnterCriticalSection
0x1400390a0 LeaveCriticalSection
0x1400390a8 InitializeCriticalSectionEx
0x1400390b0 DeleteCriticalSection
0x1400390b8 EncodePointer
0x1400390c0 DecodePointer
0x1400390c8 MultiByteToWideChar
0x1400390d0 LCMapStringEx
0x1400390d8 GetStringTypeW
0x1400390e0 GetCPInfo
0x1400390e8 RtlCaptureContext
0x1400390f0 RtlLookupFunctionEntry
0x1400390f8 RtlVirtualUnwind
0x140039100 UnhandledExceptionFilter
0x140039108 SetUnhandledExceptionFilter
0x140039110 GetCurrentProcess
0x140039118 TerminateProcess
0x140039120 IsProcessorFeaturePresent
0x140039128 IsDebuggerPresent
0x140039130 GetStartupInfoW
0x140039138 GetModuleHandleW
0x140039140 QueryPerformanceCounter
0x140039148 GetCurrentProcessId
0x140039150 GetCurrentThreadId
0x140039158 GetSystemTimeAsFileTime
0x140039160 InitializeSListHead
0x140039168 RtlUnwindEx
0x140039170 RtlPcToFileHeader
0x140039178 RaiseException
0x140039180 SetLastError
0x140039188 InitializeCriticalSectionAndSpinCount
0x140039190 TlsAlloc
0x140039198 TlsGetValue
0x1400391a0 TlsSetValue
0x1400391a8 TlsFree
0x1400391b0 LoadLibraryExW
0x1400391b8 ExitProcess
0x1400391c0 GetModuleHandleExW
0x1400391c8 GetModuleFileNameW
0x1400391d0 GetStdHandle
0x1400391d8 WriteFile
0x1400391e0 GetFileSizeEx
0x1400391e8 SetFilePointerEx
0x1400391f0 GetFileType
0x1400391f8 HeapAlloc
0x140039200 FlushFileBuffers
0x140039208 GetConsoleOutputCP
0x140039210 GetConsoleMode
0x140039218 HeapFree
0x140039220 CloseHandle
0x140039228 GetExitCodeProcess
0x140039230 CreateProcessW
0x140039238 GetFileAttributesExW
0x140039240 CompareStringW
0x140039248 LCMapStringW
0x140039250 GetLocaleInfoW
0x140039258 IsValidLocale
0x140039260 GetUserDefaultLCID
0x140039268 EnumSystemLocalesW
0x140039270 ReadFile
0x140039278 ReadConsoleW
0x140039280 HeapReAlloc
0x140039288 FindClose
0x140039290 FindFirstFileExW
0x140039298 FindNextFileW
0x1400392a0 IsValidCodePage
0x1400392a8 GetACP
0x1400392b0 GetOEMCP
0x1400392b8 GetCommandLineA
0x1400392c0 GetCommandLineW
0x1400392c8 GetEnvironmentStringsW
0x1400392d0 FreeEnvironmentStringsW
0x1400392d8 SetEnvironmentVariableW
0x1400392e0 GetProcessHeap
0x1400392e8 SetStdHandle
0x1400392f0 CreateFileW
0x1400392f8 HeapSize
0x140039300 WriteConsoleW
0x140039308 RtlUnwind
EAT(Export Address Table) is none