ScreenShot
| Created | 2022.02.25 17:44 | Machine | s1_win7_x6401 |
| Filename | toolspab1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 27 detected (AIDetect, malware1, malicious, high confidence, score, Unsafe, Save, Kryptik, Injuke, Eldorado, Attribute, HighConfidence, Generickdz, Convagent, A + Troj, Krypt, StopCrypt, BScope, Mokes, Obscure, CLASSIC, Static AI, Malicious PE, confidence, susgen) | ||
| md5 | 74237f2f009020c7bfe80f274a049843 | ||
| sha256 | 328a6537dfd9065ccb7579cda5877e452fd6b147dfbe80d13754f0635bbee6eb | ||
| ssdeep | 3072:aQ7i8yKVLyl+DeERhcybKXVxArVyBjuIN9N4fWrPMMW5zDYJOXUnnOPeGyJ5tNo1:6p+DeEzNbvVyBju89NFrPmXUOPArgY | ||
| imphash | 33c707c2a415a475d1f7fd53625c54c8 | ||
| impfuzzy | 96:rI4vSJObF5kXXL1JuLnDJ1K6J2ANJtxUScLSgC:rzP55krPyG6JBh | ||
Network IP location
Signature (14cnts)
| Level | Description |
|---|---|
| danger | Executed a process and injected code into it |
| warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Detects Avast Antivirus through the presence of a library |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | Used NtSetContextThread to modify a thread in a remote process indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | One or more potentially interesting buffers were extracted |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Yara rule detected in process memory |
| info | Checks if process is being debugged by a debugger |
| info | This executable has a PDB path |
Rules (13cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Trojan_DarkSide_Ransomware_1_Zero | Darkside Ransomware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x401000 LoadLibraryA
0x401004 lstrcatA
0x401008 GetComputerNameExA
0x40100c WriteProfileSectionA
0x401010 GetNumaProcessorNode
0x401014 FindFirstVolumeA
0x401018 SetConsoleCursorInfo
0x40101c HeapUnlock
0x401020 FindFirstChangeNotificationA
0x401024 WaitForSingleObject
0x401028 GetNamedPipeHandleStateW
0x40102c FileTimeToDosDateTime
0x401030 EnumResourceTypesA
0x401034 EnumResourceNamesW
0x401038 ExitProcess
0x40103c TerminateProcess
0x401040 ActivateActCtx
0x401044 GetVersionExW
0x401048 VerifyVersionInfoW
0x40104c SetConsoleOutputCP
0x401050 ResetEvent
0x401054 FindNextFileW
0x401058 GetCompressedFileSizeA
0x40105c CopyFileExA
0x401060 ReadConsoleOutputCharacterA
0x401064 GetDefaultCommConfigW
0x401068 VerLanguageNameA
0x40106c _hread
0x401070 GetCommConfig
0x401074 WritePrivateProfileStructA
0x401078 FreeEnvironmentStringsW
0x40107c CreateTimerQueue
0x401080 FindVolumeClose
0x401084 LeaveCriticalSection
0x401088 WriteConsoleInputA
0x40108c CancelWaitableTimer
0x401090 SetComputerNameExW
0x401094 FindAtomW
0x401098 ReleaseMutex
0x40109c LocalUnlock
0x4010a0 CallNamedPipeW
0x4010a4 BuildCommDCBAndTimeoutsA
0x4010a8 VirtualProtect
0x4010ac LocalAlloc
0x4010b0 TlsSetValue
0x4010b4 GetCommandLineW
0x4010b8 InterlockedIncrement
0x4010bc CopyFileA
0x4010c0 AddRefActCtx
0x4010c4 OutputDebugStringW
0x4010c8 FormatMessageA
0x4010cc GetPriorityClass
0x4010d0 WritePrivateProfileStringW
0x4010d4 GetUserDefaultLCID
0x4010d8 TerminateThread
0x4010dc GlobalUnfix
0x4010e0 HeapValidate
0x4010e4 _hwrite
0x4010e8 GetWindowsDirectoryA
0x4010ec GetStartupInfoW
0x4010f0 CreatePipe
0x4010f4 GetCPInfoExW
0x4010f8 GetSystemWindowsDirectoryA
0x4010fc GetSystemWow64DirectoryA
0x401100 GetLastError
0x401104 WriteProfileSectionW
0x401108 GetCalendarInfoW
0x40110c DebugBreak
0x401110 GetConsoleCursorInfo
0x401114 GetTickCount
0x401118 DeleteVolumeMountPointA
0x40111c OpenFileMappingW
0x401120 ContinueDebugEvent
0x401124 GetSystemWindowsDirectoryW
0x401128 CopyFileW
0x40112c SetMailslotInfo
0x401130 AddConsoleAliasA
0x401134 GetPrivateProfileIntW
0x401138 ReadConsoleInputW
0x40113c OutputDebugStringA
0x401140 InterlockedDecrement
0x401144 DefineDosDeviceA
0x401148 SetVolumeMountPointA
0x40114c SetThreadAffinityMask
0x401150 SetConsoleActiveScreenBuffer
0x401154 SetProcessAffinityMask
0x401158 EnumResourceNamesA
0x40115c GetThreadContext
0x401160 GetLongPathNameW
0x401164 SetConsoleTextAttribute
0x401168 LoadLibraryW
0x40116c EndUpdateResourceW
0x401170 WaitForDebugEvent
0x401174 ReadConsoleA
0x401178 WriteConsoleA
0x40117c InterlockedFlushSList
0x401180 WritePrivateProfileSectionA
0x401184 GetPrivateProfileStructA
0x401188 DeleteCriticalSection
0x40118c GetPrivateProfileSectionNamesA
0x401190 GetDriveTypeW
0x401194 GetFileAttributesExA
0x401198 LocalFileTimeToFileTime
0x40119c GetVolumePathNameA
0x4011a0 GetConsoleMode
0x4011a4 HeapSetInformation
0x4011a8 GetComputerNameA
0x4011ac ProcessIdToSessionId
0x4011b0 ReadProcessMemory
0x4011b4 MoveFileExW
0x4011b8 DisableThreadLibraryCalls
0x4011bc GlobalFix
0x4011c0 WriteConsoleInputW
0x4011c4 GlobalDeleteAtom
0x4011c8 GetEnvironmentStrings
0x4011cc InterlockedExchangeAdd
0x4011d0 WaitNamedPipeW
0x4011d4 GetPrivateProfileStructW
0x4011d8 GetExitCodeProcess
0x4011dc GetSystemTimeAsFileTime
0x4011e0 GetLocalTime
0x4011e4 EnumCalendarInfoExA
0x4011e8 FreeEnvironmentStringsA
0x4011ec CreateIoCompletionPort
0x4011f0 OpenSemaphoreA
0x4011f4 GetMailslotInfo
0x4011f8 GetCommProperties
0x4011fc lstrcpyA
0x401200 HeapWalk
0x401204 LockFile
0x401208 EndUpdateResourceA
0x40120c GetConsoleCP
0x401210 GetConsoleAliasW
0x401214 GetNumberOfConsoleInputEvents
0x401218 GetProfileStringA
0x40121c GetQueuedCompletionStatus
0x401220 AllocConsole
0x401224 GetNumaNodeProcessorMask
0x401228 CreateMailslotW
0x40122c SetCommState
0x401230 FileTimeToLocalFileTime
0x401234 IsDebuggerPresent
0x401238 GetSystemTimeAdjustment
0x40123c _lread
0x401240 GetConsoleAliasExesLengthA
0x401244 GetWriteWatch
0x401248 GetModuleHandleA
0x40124c GetPrivateProfileStringA
0x401250 ReadConsoleOutputAttribute
0x401254 GetFileInformationByHandle
0x401258 GetProfileStringW
0x40125c MoveFileA
0x401260 CreateActCtxW
0x401264 GetSystemDefaultUILanguage
0x401268 SetCommMask
0x40126c SetMessageWaitingIndicator
0x401270 SetFileApisToANSI
0x401274 OpenWaitableTimerW
0x401278 GetProcessShutdownParameters
0x40127c PeekNamedPipe
0x401280 FillConsoleOutputCharacterW
0x401284 FindNextVolumeMountPointA
0x401288 GetThreadPriority
0x40128c DeleteAtom
0x401290 AddAtomW
0x401294 WriteConsoleOutputCharacterW
0x401298 QueryDosDeviceA
0x40129c GetConsoleAliasExesW
0x4012a0 GetBinaryTypeA
0x4012a4 RaiseException
0x4012a8 GetCommandLineA
0x4012ac GetStartupInfoA
0x4012b0 IsBadReadPtr
0x4012b4 EnterCriticalSection
0x4012b8 GetModuleFileNameW
0x4012bc GetCurrentProcess
0x4012c0 UnhandledExceptionFilter
0x4012c4 SetUnhandledExceptionFilter
0x4012c8 GetModuleHandleW
0x4012cc Sleep
0x4012d0 GetProcAddress
0x4012d4 TlsGetValue
0x4012d8 TlsAlloc
0x4012dc GetCurrentThreadId
0x4012e0 TlsFree
0x4012e4 SetLastError
0x4012e8 QueryPerformanceCounter
0x4012ec GetCurrentProcessId
0x4012f0 GetModuleFileNameA
0x4012f4 WideCharToMultiByte
0x4012f8 GetEnvironmentStringsW
0x4012fc SetHandleCount
0x401300 GetStdHandle
0x401304 GetFileType
0x401308 HeapDestroy
0x40130c HeapCreate
0x401310 HeapFree
0x401314 VirtualFree
0x401318 WriteFile
0x40131c HeapAlloc
0x401320 HeapSize
0x401324 HeapReAlloc
0x401328 VirtualAlloc
0x40132c GetACP
0x401330 GetOEMCP
0x401334 GetCPInfo
0x401338 IsValidCodePage
0x40133c RtlUnwind
0x401340 InitializeCriticalSectionAndSpinCount
0x401344 WriteConsoleW
0x401348 MultiByteToWideChar
0x40134c LCMapStringA
0x401350 LCMapStringW
0x401354 GetStringTypeA
0x401358 GetStringTypeW
0x40135c GetLocaleInfoA
0x401360 SetFilePointer
0x401364 SetStdHandle
0x401368 GetConsoleOutputCP
0x40136c CreateFileA
0x401370 CloseHandle
0x401374 FlushFileBuffers
USER32.dll
0x40137c OemToCharW
EAT(Export Address Table) is none
KERNEL32.dll
0x401000 LoadLibraryA
0x401004 lstrcatA
0x401008 GetComputerNameExA
0x40100c WriteProfileSectionA
0x401010 GetNumaProcessorNode
0x401014 FindFirstVolumeA
0x401018 SetConsoleCursorInfo
0x40101c HeapUnlock
0x401020 FindFirstChangeNotificationA
0x401024 WaitForSingleObject
0x401028 GetNamedPipeHandleStateW
0x40102c FileTimeToDosDateTime
0x401030 EnumResourceTypesA
0x401034 EnumResourceNamesW
0x401038 ExitProcess
0x40103c TerminateProcess
0x401040 ActivateActCtx
0x401044 GetVersionExW
0x401048 VerifyVersionInfoW
0x40104c SetConsoleOutputCP
0x401050 ResetEvent
0x401054 FindNextFileW
0x401058 GetCompressedFileSizeA
0x40105c CopyFileExA
0x401060 ReadConsoleOutputCharacterA
0x401064 GetDefaultCommConfigW
0x401068 VerLanguageNameA
0x40106c _hread
0x401070 GetCommConfig
0x401074 WritePrivateProfileStructA
0x401078 FreeEnvironmentStringsW
0x40107c CreateTimerQueue
0x401080 FindVolumeClose
0x401084 LeaveCriticalSection
0x401088 WriteConsoleInputA
0x40108c CancelWaitableTimer
0x401090 SetComputerNameExW
0x401094 FindAtomW
0x401098 ReleaseMutex
0x40109c LocalUnlock
0x4010a0 CallNamedPipeW
0x4010a4 BuildCommDCBAndTimeoutsA
0x4010a8 VirtualProtect
0x4010ac LocalAlloc
0x4010b0 TlsSetValue
0x4010b4 GetCommandLineW
0x4010b8 InterlockedIncrement
0x4010bc CopyFileA
0x4010c0 AddRefActCtx
0x4010c4 OutputDebugStringW
0x4010c8 FormatMessageA
0x4010cc GetPriorityClass
0x4010d0 WritePrivateProfileStringW
0x4010d4 GetUserDefaultLCID
0x4010d8 TerminateThread
0x4010dc GlobalUnfix
0x4010e0 HeapValidate
0x4010e4 _hwrite
0x4010e8 GetWindowsDirectoryA
0x4010ec GetStartupInfoW
0x4010f0 CreatePipe
0x4010f4 GetCPInfoExW
0x4010f8 GetSystemWindowsDirectoryA
0x4010fc GetSystemWow64DirectoryA
0x401100 GetLastError
0x401104 WriteProfileSectionW
0x401108 GetCalendarInfoW
0x40110c DebugBreak
0x401110 GetConsoleCursorInfo
0x401114 GetTickCount
0x401118 DeleteVolumeMountPointA
0x40111c OpenFileMappingW
0x401120 ContinueDebugEvent
0x401124 GetSystemWindowsDirectoryW
0x401128 CopyFileW
0x40112c SetMailslotInfo
0x401130 AddConsoleAliasA
0x401134 GetPrivateProfileIntW
0x401138 ReadConsoleInputW
0x40113c OutputDebugStringA
0x401140 InterlockedDecrement
0x401144 DefineDosDeviceA
0x401148 SetVolumeMountPointA
0x40114c SetThreadAffinityMask
0x401150 SetConsoleActiveScreenBuffer
0x401154 SetProcessAffinityMask
0x401158 EnumResourceNamesA
0x40115c GetThreadContext
0x401160 GetLongPathNameW
0x401164 SetConsoleTextAttribute
0x401168 LoadLibraryW
0x40116c EndUpdateResourceW
0x401170 WaitForDebugEvent
0x401174 ReadConsoleA
0x401178 WriteConsoleA
0x40117c InterlockedFlushSList
0x401180 WritePrivateProfileSectionA
0x401184 GetPrivateProfileStructA
0x401188 DeleteCriticalSection
0x40118c GetPrivateProfileSectionNamesA
0x401190 GetDriveTypeW
0x401194 GetFileAttributesExA
0x401198 LocalFileTimeToFileTime
0x40119c GetVolumePathNameA
0x4011a0 GetConsoleMode
0x4011a4 HeapSetInformation
0x4011a8 GetComputerNameA
0x4011ac ProcessIdToSessionId
0x4011b0 ReadProcessMemory
0x4011b4 MoveFileExW
0x4011b8 DisableThreadLibraryCalls
0x4011bc GlobalFix
0x4011c0 WriteConsoleInputW
0x4011c4 GlobalDeleteAtom
0x4011c8 GetEnvironmentStrings
0x4011cc InterlockedExchangeAdd
0x4011d0 WaitNamedPipeW
0x4011d4 GetPrivateProfileStructW
0x4011d8 GetExitCodeProcess
0x4011dc GetSystemTimeAsFileTime
0x4011e0 GetLocalTime
0x4011e4 EnumCalendarInfoExA
0x4011e8 FreeEnvironmentStringsA
0x4011ec CreateIoCompletionPort
0x4011f0 OpenSemaphoreA
0x4011f4 GetMailslotInfo
0x4011f8 GetCommProperties
0x4011fc lstrcpyA
0x401200 HeapWalk
0x401204 LockFile
0x401208 EndUpdateResourceA
0x40120c GetConsoleCP
0x401210 GetConsoleAliasW
0x401214 GetNumberOfConsoleInputEvents
0x401218 GetProfileStringA
0x40121c GetQueuedCompletionStatus
0x401220 AllocConsole
0x401224 GetNumaNodeProcessorMask
0x401228 CreateMailslotW
0x40122c SetCommState
0x401230 FileTimeToLocalFileTime
0x401234 IsDebuggerPresent
0x401238 GetSystemTimeAdjustment
0x40123c _lread
0x401240 GetConsoleAliasExesLengthA
0x401244 GetWriteWatch
0x401248 GetModuleHandleA
0x40124c GetPrivateProfileStringA
0x401250 ReadConsoleOutputAttribute
0x401254 GetFileInformationByHandle
0x401258 GetProfileStringW
0x40125c MoveFileA
0x401260 CreateActCtxW
0x401264 GetSystemDefaultUILanguage
0x401268 SetCommMask
0x40126c SetMessageWaitingIndicator
0x401270 SetFileApisToANSI
0x401274 OpenWaitableTimerW
0x401278 GetProcessShutdownParameters
0x40127c PeekNamedPipe
0x401280 FillConsoleOutputCharacterW
0x401284 FindNextVolumeMountPointA
0x401288 GetThreadPriority
0x40128c DeleteAtom
0x401290 AddAtomW
0x401294 WriteConsoleOutputCharacterW
0x401298 QueryDosDeviceA
0x40129c GetConsoleAliasExesW
0x4012a0 GetBinaryTypeA
0x4012a4 RaiseException
0x4012a8 GetCommandLineA
0x4012ac GetStartupInfoA
0x4012b0 IsBadReadPtr
0x4012b4 EnterCriticalSection
0x4012b8 GetModuleFileNameW
0x4012bc GetCurrentProcess
0x4012c0 UnhandledExceptionFilter
0x4012c4 SetUnhandledExceptionFilter
0x4012c8 GetModuleHandleW
0x4012cc Sleep
0x4012d0 GetProcAddress
0x4012d4 TlsGetValue
0x4012d8 TlsAlloc
0x4012dc GetCurrentThreadId
0x4012e0 TlsFree
0x4012e4 SetLastError
0x4012e8 QueryPerformanceCounter
0x4012ec GetCurrentProcessId
0x4012f0 GetModuleFileNameA
0x4012f4 WideCharToMultiByte
0x4012f8 GetEnvironmentStringsW
0x4012fc SetHandleCount
0x401300 GetStdHandle
0x401304 GetFileType
0x401308 HeapDestroy
0x40130c HeapCreate
0x401310 HeapFree
0x401314 VirtualFree
0x401318 WriteFile
0x40131c HeapAlloc
0x401320 HeapSize
0x401324 HeapReAlloc
0x401328 VirtualAlloc
0x40132c GetACP
0x401330 GetOEMCP
0x401334 GetCPInfo
0x401338 IsValidCodePage
0x40133c RtlUnwind
0x401340 InitializeCriticalSectionAndSpinCount
0x401344 WriteConsoleW
0x401348 MultiByteToWideChar
0x40134c LCMapStringA
0x401350 LCMapStringW
0x401354 GetStringTypeA
0x401358 GetStringTypeW
0x40135c GetLocaleInfoA
0x401360 SetFilePointer
0x401364 SetStdHandle
0x401368 GetConsoleOutputCP
0x40136c CreateFileA
0x401370 CloseHandle
0x401374 FlushFileBuffers
USER32.dll
0x40137c OemToCharW
EAT(Export Address Table) is none