ScreenShot
| Created | 2022.12.05 09:51 | Machine | s1_win7_x6401 |
| Filename | spacemen.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 16 detected (AIDetect, malware2, Artemis, MachineLearning, Anomalous, malicious, high confidence, score, Generic@AI, RDML, Untt50UqvF7oJgSiHEV1IQ, BScope, Zlob, susgen, ZexaF, CvX@amLRCsOi) | ||
| md5 | d1e2721997a49175744d36d9eaa2a946 | ||
| sha256 | d31658e0fec53c1d98100d576418bbd1c1d3da46ce4aeadc181827a63ccd973a | ||
| ssdeep | 24576:GRcq0pCim0ecOnj10vcmwvMP+JQt8mLkhAjl+ANnvddoeVdbx:G/i9inj1a9HRttLCAj1nFS+5x | ||
| imphash | 784f331f65fd93c249119b3a8e6ca469 | ||
| impfuzzy | 24:R2WIyVeOQkJM6M7Erag9GDwoXD2omvelEu1XZatNVcLLAwkgiz04M:HQQra+Gk+Qeeu1kt7cfA/g004M | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 16 AntiVirus engines on VirusTotal as malicious |
| watch | One or more of the buffers contains an embedded PE file |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | One or more potentially interesting buffers were extracted |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x537008 TlsGetValue
0x53700c GetSystemDefaultUILanguage
0x537010 HeapAlloc
0x537014 ClearCommError
0x537018 InterlockedIncrement
0x53701c OutputDebugStringW
0x537020 GetTickCount
0x537024 GetProcessHeap
0x537028 GetConsoleCP
0x53702c LoadLibraryW
0x537030 Sleep
0x537034 HeapCreate
0x537038 GetFileAttributesW
0x53703c GetCommandLineW
0x537040 GetCurrentDirectoryW
0x537044 SetLastError
0x537048 GetLongPathNameA
0x53704c GetProcessHeaps
0x537050 IsValidCodePage
0x537054 FoldStringW
0x537058 CloseHandle
0x53705c WriteConsoleW
0x537060 SetFilePointerEx
0x537064 SetStdHandle
0x537068 GetConsoleMode
0x53706c FlushFileBuffers
0x537070 GetStringTypeW
0x537074 GetLastError
0x537078 GetSystemDefaultLangID
0x53707c LCMapStringEx
0x537080 EncodePointer
0x537084 DecodePointer
0x537088 RaiseException
0x53708c RtlUnwind
0x537090 IsDebuggerPresent
0x537094 IsProcessorFeaturePresent
0x537098 InterlockedDecrement
0x53709c ExitProcess
0x5370a0 GetModuleHandleExW
0x5370a4 GetProcAddress
0x5370a8 MultiByteToWideChar
0x5370ac HeapSize
0x5370b0 GetStdHandle
0x5370b4 WriteFile
0x5370b8 GetModuleFileNameW
0x5370bc HeapFree
0x5370c0 GetACP
0x5370c4 GetOEMCP
0x5370c8 GetCPInfo
0x5370cc GetCurrentThreadId
0x5370d0 GetFileType
0x5370d4 InitializeCriticalSectionAndSpinCount
0x5370d8 DeleteCriticalSection
0x5370dc InitOnceExecuteOnce
0x5370e0 GetStartupInfoW
0x5370e4 QueryPerformanceCounter
0x5370e8 GetSystemTimeAsFileTime
0x5370ec GetTickCount64
0x5370f0 GetEnvironmentStringsW
0x5370f4 FreeEnvironmentStringsW
0x5370f8 UnhandledExceptionFilter
0x5370fc SetUnhandledExceptionFilter
0x537100 FlsAlloc
0x537104 FlsGetValue
0x537108 FlsSetValue
0x53710c FlsFree
0x537110 GetCurrentProcess
0x537114 TerminateProcess
0x537118 GetModuleHandleW
0x53711c EnterCriticalSection
0x537120 LeaveCriticalSection
0x537124 LoadLibraryExW
0x537128 HeapReAlloc
0x53712c WideCharToMultiByte
0x537130 CreateFileW
USER32.dll
0x537138 MessageBoxW
0x53713c GetForegroundWindow
0x537140 EnumDisplayDevicesW
0x537144 GetDC
0x537148 LoadAcceleratorsW
GDI32.dll
0x537000 GetGraphicsMode
ole32.dll
0x537150 CoInitialize
0x537154 CoUninitialize
EAT(Export Address Table) is none
KERNEL32.dll
0x537008 TlsGetValue
0x53700c GetSystemDefaultUILanguage
0x537010 HeapAlloc
0x537014 ClearCommError
0x537018 InterlockedIncrement
0x53701c OutputDebugStringW
0x537020 GetTickCount
0x537024 GetProcessHeap
0x537028 GetConsoleCP
0x53702c LoadLibraryW
0x537030 Sleep
0x537034 HeapCreate
0x537038 GetFileAttributesW
0x53703c GetCommandLineW
0x537040 GetCurrentDirectoryW
0x537044 SetLastError
0x537048 GetLongPathNameA
0x53704c GetProcessHeaps
0x537050 IsValidCodePage
0x537054 FoldStringW
0x537058 CloseHandle
0x53705c WriteConsoleW
0x537060 SetFilePointerEx
0x537064 SetStdHandle
0x537068 GetConsoleMode
0x53706c FlushFileBuffers
0x537070 GetStringTypeW
0x537074 GetLastError
0x537078 GetSystemDefaultLangID
0x53707c LCMapStringEx
0x537080 EncodePointer
0x537084 DecodePointer
0x537088 RaiseException
0x53708c RtlUnwind
0x537090 IsDebuggerPresent
0x537094 IsProcessorFeaturePresent
0x537098 InterlockedDecrement
0x53709c ExitProcess
0x5370a0 GetModuleHandleExW
0x5370a4 GetProcAddress
0x5370a8 MultiByteToWideChar
0x5370ac HeapSize
0x5370b0 GetStdHandle
0x5370b4 WriteFile
0x5370b8 GetModuleFileNameW
0x5370bc HeapFree
0x5370c0 GetACP
0x5370c4 GetOEMCP
0x5370c8 GetCPInfo
0x5370cc GetCurrentThreadId
0x5370d0 GetFileType
0x5370d4 InitializeCriticalSectionAndSpinCount
0x5370d8 DeleteCriticalSection
0x5370dc InitOnceExecuteOnce
0x5370e0 GetStartupInfoW
0x5370e4 QueryPerformanceCounter
0x5370e8 GetSystemTimeAsFileTime
0x5370ec GetTickCount64
0x5370f0 GetEnvironmentStringsW
0x5370f4 FreeEnvironmentStringsW
0x5370f8 UnhandledExceptionFilter
0x5370fc SetUnhandledExceptionFilter
0x537100 FlsAlloc
0x537104 FlsGetValue
0x537108 FlsSetValue
0x53710c FlsFree
0x537110 GetCurrentProcess
0x537114 TerminateProcess
0x537118 GetModuleHandleW
0x53711c EnterCriticalSection
0x537120 LeaveCriticalSection
0x537124 LoadLibraryExW
0x537128 HeapReAlloc
0x53712c WideCharToMultiByte
0x537130 CreateFileW
USER32.dll
0x537138 MessageBoxW
0x53713c GetForegroundWindow
0x537140 EnumDisplayDevicesW
0x537144 GetDC
0x537148 LoadAcceleratorsW
GDI32.dll
0x537000 GetGraphicsMode
ole32.dll
0x537150 CoInitialize
0x537154 CoUninitialize
EAT(Export Address Table) is none