ScreenShot
| Created | 2022.01.18 10:33 | Machine | s1_win7_x6401 |
| Filename | putty.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 34 detected (AIDetect, malware2, malicious, high confidence, Artemis, Unsafe, Save, Qbot, Eldorado, Attribute, HighConfidence, Kryptik, HNZN, score, GenericKD, CrypterX, A + Mal, Siggen16, Static AI, Malicious PE, ai score=80, StopCrypt, BScope, ET#78%, RDMK, cmRtazo2hNPH, jGIbvwuHqyWpcwr, GenKryptik, ERHN, ZexaF, qqW@aaDBeNdG, confidence, 100%) | ||
| md5 | 4d94112c0748ff7b76fc79651f0f00cf | ||
| sha256 | 59fbef79c89592a0f7af91f56183c663ab5acadf2bc1576922edd96c8053fa15 | ||
| ssdeep | 3072:AIhl9DtMTx58PlUME0BT7Ypwo35+bKERSWrxpzbgqru:AI/PiITsl35qRSuzbgwu | ||
| imphash | 6d4af36ccbaddaffd179ef41d42df9cf | ||
| impfuzzy | 24:jkrkERbG2S/kDCuUTrkrA1w1IdcDMOOgvE6IgOova1tD2cfwf+0/J3cFQ8OT42lV:ku1tJceI5ETv1tScfILvc23b | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 34 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x413000 GetConsoleAliasesLengthW
0x413004 GetLocaleInfoA
0x413008 SetComputerNameExA
0x41300c VirtualQuery
0x413010 GetDefaultCommConfigW
0x413014 FindResourceExW
0x413018 OpenJobObjectA
0x41301c GetConsoleAliasA
0x413020 InterlockedDecrement
0x413024 CompareFileTime
0x413028 GetProfileSectionA
0x41302c GetConsoleAliasesA
0x413030 GetConsoleTitleA
0x413034 ReadConsoleW
0x413038 SetFileTime
0x41303c GlobalAlloc
0x413040 Sleep
0x413044 GetFileAttributesW
0x413048 GetAtomNameW
0x41304c SetConsoleTitleA
0x413050 RaiseException
0x413054 GetLastError
0x413058 GetProcAddress
0x41305c GetLongPathNameA
0x413060 VirtualAlloc
0x413064 PrepareTape
0x413068 DnsHostnameToComputerNameA
0x41306c GetFileType
0x413070 GetModuleFileNameA
0x413074 CreateIoCompletionPort
0x413078 GetModuleHandleA
0x41307c GetStringTypeW
0x413080 GetVersionExA
0x413084 ReadConsoleInputW
0x413088 EnumSystemLocalesW
0x41308c CreateThread
0x413090 HeapAlloc
0x413094 GetCommandLineA
0x413098 GetStartupInfoA
0x41309c RtlUnwind
0x4130a0 TerminateProcess
0x4130a4 GetCurrentProcess
0x4130a8 UnhandledExceptionFilter
0x4130ac SetUnhandledExceptionFilter
0x4130b0 IsDebuggerPresent
0x4130b4 HeapFree
0x4130b8 DeleteCriticalSection
0x4130bc LeaveCriticalSection
0x4130c0 EnterCriticalSection
0x4130c4 VirtualFree
0x4130c8 HeapReAlloc
0x4130cc HeapCreate
0x4130d0 GetModuleHandleW
0x4130d4 ExitProcess
0x4130d8 WriteFile
0x4130dc GetStdHandle
0x4130e0 SetHandleCount
0x4130e4 SetFilePointer
0x4130e8 TlsGetValue
0x4130ec TlsAlloc
0x4130f0 TlsSetValue
0x4130f4 TlsFree
0x4130f8 InterlockedIncrement
0x4130fc SetLastError
0x413100 GetCurrentThreadId
0x413104 CloseHandle
0x413108 FreeEnvironmentStringsA
0x41310c GetEnvironmentStrings
0x413110 FreeEnvironmentStringsW
0x413114 WideCharToMultiByte
0x413118 GetEnvironmentStringsW
0x41311c QueryPerformanceCounter
0x413120 GetTickCount
0x413124 GetCurrentProcessId
0x413128 GetSystemTimeAsFileTime
0x41312c InitializeCriticalSectionAndSpinCount
0x413130 LoadLibraryA
0x413134 GetCPInfo
0x413138 GetACP
0x41313c GetOEMCP
0x413140 IsValidCodePage
0x413144 CreateFileA
0x413148 SetStdHandle
0x41314c GetConsoleCP
0x413150 GetConsoleMode
0x413154 FlushFileBuffers
0x413158 HeapSize
0x41315c LCMapStringA
0x413160 MultiByteToWideChar
0x413164 LCMapStringW
0x413168 GetStringTypeA
0x41316c SetEndOfFile
0x413170 GetProcessHeap
0x413174 ReadFile
0x413178 WriteConsoleA
0x41317c GetConsoleOutputCP
0x413180 WriteConsoleW
EAT(Export Address Table) is none
KERNEL32.dll
0x413000 GetConsoleAliasesLengthW
0x413004 GetLocaleInfoA
0x413008 SetComputerNameExA
0x41300c VirtualQuery
0x413010 GetDefaultCommConfigW
0x413014 FindResourceExW
0x413018 OpenJobObjectA
0x41301c GetConsoleAliasA
0x413020 InterlockedDecrement
0x413024 CompareFileTime
0x413028 GetProfileSectionA
0x41302c GetConsoleAliasesA
0x413030 GetConsoleTitleA
0x413034 ReadConsoleW
0x413038 SetFileTime
0x41303c GlobalAlloc
0x413040 Sleep
0x413044 GetFileAttributesW
0x413048 GetAtomNameW
0x41304c SetConsoleTitleA
0x413050 RaiseException
0x413054 GetLastError
0x413058 GetProcAddress
0x41305c GetLongPathNameA
0x413060 VirtualAlloc
0x413064 PrepareTape
0x413068 DnsHostnameToComputerNameA
0x41306c GetFileType
0x413070 GetModuleFileNameA
0x413074 CreateIoCompletionPort
0x413078 GetModuleHandleA
0x41307c GetStringTypeW
0x413080 GetVersionExA
0x413084 ReadConsoleInputW
0x413088 EnumSystemLocalesW
0x41308c CreateThread
0x413090 HeapAlloc
0x413094 GetCommandLineA
0x413098 GetStartupInfoA
0x41309c RtlUnwind
0x4130a0 TerminateProcess
0x4130a4 GetCurrentProcess
0x4130a8 UnhandledExceptionFilter
0x4130ac SetUnhandledExceptionFilter
0x4130b0 IsDebuggerPresent
0x4130b4 HeapFree
0x4130b8 DeleteCriticalSection
0x4130bc LeaveCriticalSection
0x4130c0 EnterCriticalSection
0x4130c4 VirtualFree
0x4130c8 HeapReAlloc
0x4130cc HeapCreate
0x4130d0 GetModuleHandleW
0x4130d4 ExitProcess
0x4130d8 WriteFile
0x4130dc GetStdHandle
0x4130e0 SetHandleCount
0x4130e4 SetFilePointer
0x4130e8 TlsGetValue
0x4130ec TlsAlloc
0x4130f0 TlsSetValue
0x4130f4 TlsFree
0x4130f8 InterlockedIncrement
0x4130fc SetLastError
0x413100 GetCurrentThreadId
0x413104 CloseHandle
0x413108 FreeEnvironmentStringsA
0x41310c GetEnvironmentStrings
0x413110 FreeEnvironmentStringsW
0x413114 WideCharToMultiByte
0x413118 GetEnvironmentStringsW
0x41311c QueryPerformanceCounter
0x413120 GetTickCount
0x413124 GetCurrentProcessId
0x413128 GetSystemTimeAsFileTime
0x41312c InitializeCriticalSectionAndSpinCount
0x413130 LoadLibraryA
0x413134 GetCPInfo
0x413138 GetACP
0x41313c GetOEMCP
0x413140 IsValidCodePage
0x413144 CreateFileA
0x413148 SetStdHandle
0x41314c GetConsoleCP
0x413150 GetConsoleMode
0x413154 FlushFileBuffers
0x413158 HeapSize
0x41315c LCMapStringA
0x413160 MultiByteToWideChar
0x413164 LCMapStringW
0x413168 GetStringTypeA
0x41316c SetEndOfFile
0x413170 GetProcessHeap
0x413174 ReadFile
0x413178 WriteConsoleA
0x41317c GetConsoleOutputCP
0x413180 WriteConsoleW
EAT(Export Address Table) is none