ScreenShot
| Created | 2022.12.09 15:12 | Machine | s1_win7_x6401 |
| Filename | 502.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 55 detected (Mint, Ransomware, GenericRI, S16459571, Unsafe, Filecoder, Save, malicious, Eldorado, Cryptolocker, high confidence, score, DeathRansom, hngtyg, Gencirc, AGEN, CRYPTOLOCK, NetLoader, FileCrypter, ai score=88, Wacatac, Synder0s18, Detected, R343432, GenericRXLK, BitRansomware, BScope, FileCryptor, vS4hrXmF9DB, K3ePO8ZFcEM, susgen, ZexaF, gqW@aSLGXEk, GdSda) | ||
| md5 | 842d42bb052a77759c8f55d46021b2e0 | ||
| sha256 | 89844786bb2290797309c881c49a38f8502c39342bf2d9fecdc4ac5b4735f1d4 | ||
| ssdeep | 3072:zSXsRZb0m4BbJpVIYbQf91G3im/2Ef07JysgIXHjg+grwBR1imy3Lh+puYRJy1Cf:GHpVCzGFmRuYRKj7b8 | ||
| imphash | 0ca311d567c0202f7a711f8080ed1bbf | ||
| impfuzzy | 48:pjFMY/7G7DBeDs3p+yX1dtwX7np9Z03bKQfxQNQ:liYTG7DAs3p+yX1dtwX7np9ZVCyNQ | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 55 AntiVirus engines on VirusTotal as malicious |
| watch | Creates known Hupigon files |
| watch | Writes a potential ransom message to disk |
| notice | Creates executable files on the filesystem |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
SHLWAPI.dll
0x4131bc wnsprintfW
0x4131c0 StrStrIW
MPR.dll
0x413184 WNetCloseEnum
0x413188 WNetAddConnection2W
0x41318c WNetOpenEnumW
0x413190 WNetGetConnectionW
0x413194 WNetEnumResourceW
RstrtMgr.DLL
0x4131a8 RmStartSession
0x4131ac RmEndSession
0x4131b0 RmRegisterResources
0x4131b4 RmGetList
KERNEL32.dll
0x413010 LCMapStringW
0x413014 GetStringTypeW
0x413018 GetFileType
0x41301c ReadFile
0x413020 WriteFile
0x413024 TerminateProcess
0x413028 WaitForSingleObject
0x41302c CreateFileW
0x413030 OpenProcess
0x413034 SetFileAttributesW
0x413038 CloseHandle
0x41303c SetFilePointerEx
0x413040 GetFileSize
0x413044 GetCurrentProcessId
0x413048 GetLogicalDrives
0x41304c FindFirstFileW
0x413050 FindFirstVolumeW
0x413054 HeapFree
0x413058 FindNextFileW
0x41305c GetCurrentProcess
0x413060 lstrlenW
0x413064 WaitForMultipleObjects
0x413068 lstrlenA
0x41306c FindClose
0x413070 GetModuleHandleA
0x413074 Sleep
0x413078 lstrcatW
0x41307c CreateThread
0x413080 HeapAlloc
0x413084 SetVolumeMountPointW
0x413088 GetProcAddress
0x41308c FindVolumeClose
0x413090 GetProcessHeap
0x413094 GetVolumePathNamesForVolumeNameW
0x413098 lstrcpyW
0x41309c FindNextVolumeW
0x4130a0 lstrcmpiW
0x4130a4 GetTickCount
0x4130a8 lstrcmpW
0x4130ac MoveFileW
0x4130b0 GetDriveTypeW
0x4130b4 EnterCriticalSection
0x4130b8 ReleaseSemaphore
0x4130bc LeaveCriticalSection
0x4130c0 InitializeCriticalSection
0x4130c4 DeleteCriticalSection
0x4130c8 CreateSemaphoreW
0x4130cc SetStdHandle
0x4130d0 GetConsoleMode
0x4130d4 WriteConsoleW
0x4130d8 DecodePointer
0x4130dc HeapSize
0x4130e0 SetThreadPriority
0x4130e4 GetConsoleCP
0x4130e8 FlushFileBuffers
0x4130ec FreeEnvironmentStringsW
0x4130f0 GetEnvironmentStringsW
0x4130f4 WideCharToMultiByte
0x4130f8 UnhandledExceptionFilter
0x4130fc SetUnhandledExceptionFilter
0x413100 IsProcessorFeaturePresent
0x413104 QueryPerformanceCounter
0x413108 GetCurrentThreadId
0x41310c GetSystemTimeAsFileTime
0x413110 InitializeSListHead
0x413114 IsDebuggerPresent
0x413118 GetStartupInfoW
0x41311c GetModuleHandleW
0x413120 RtlUnwind
0x413124 GetLastError
0x413128 SetLastError
0x41312c InitializeCriticalSectionAndSpinCount
0x413130 TlsAlloc
0x413134 TlsGetValue
0x413138 TlsSetValue
0x41313c TlsFree
0x413140 FreeLibrary
0x413144 LoadLibraryExW
0x413148 RaiseException
0x41314c GetStdHandle
0x413150 GetModuleFileNameW
0x413154 ExitProcess
0x413158 GetModuleHandleExW
0x41315c FindFirstFileExW
0x413160 IsValidCodePage
0x413164 GetACP
0x413168 GetOEMCP
0x41316c GetCPInfo
0x413170 GetCommandLineA
0x413174 GetCommandLineW
0x413178 MultiByteToWideChar
0x41317c HeapReAlloc
USER32.dll
0x4131c8 wsprintfA
0x4131cc wsprintfW
ADVAPI32.dll
0x413000 CryptAcquireContextA
0x413004 CryptReleaseContext
0x413008 CryptGenRandom
ole32.dll
0x4131d4 CoCreateInstance
0x4131d8 CoSetProxyBlanket
OLEAUT32.dll
0x41319c VariantInit
0x4131a0 VariantClear
EAT(Export Address Table) is none
SHLWAPI.dll
0x4131bc wnsprintfW
0x4131c0 StrStrIW
MPR.dll
0x413184 WNetCloseEnum
0x413188 WNetAddConnection2W
0x41318c WNetOpenEnumW
0x413190 WNetGetConnectionW
0x413194 WNetEnumResourceW
RstrtMgr.DLL
0x4131a8 RmStartSession
0x4131ac RmEndSession
0x4131b0 RmRegisterResources
0x4131b4 RmGetList
KERNEL32.dll
0x413010 LCMapStringW
0x413014 GetStringTypeW
0x413018 GetFileType
0x41301c ReadFile
0x413020 WriteFile
0x413024 TerminateProcess
0x413028 WaitForSingleObject
0x41302c CreateFileW
0x413030 OpenProcess
0x413034 SetFileAttributesW
0x413038 CloseHandle
0x41303c SetFilePointerEx
0x413040 GetFileSize
0x413044 GetCurrentProcessId
0x413048 GetLogicalDrives
0x41304c FindFirstFileW
0x413050 FindFirstVolumeW
0x413054 HeapFree
0x413058 FindNextFileW
0x41305c GetCurrentProcess
0x413060 lstrlenW
0x413064 WaitForMultipleObjects
0x413068 lstrlenA
0x41306c FindClose
0x413070 GetModuleHandleA
0x413074 Sleep
0x413078 lstrcatW
0x41307c CreateThread
0x413080 HeapAlloc
0x413084 SetVolumeMountPointW
0x413088 GetProcAddress
0x41308c FindVolumeClose
0x413090 GetProcessHeap
0x413094 GetVolumePathNamesForVolumeNameW
0x413098 lstrcpyW
0x41309c FindNextVolumeW
0x4130a0 lstrcmpiW
0x4130a4 GetTickCount
0x4130a8 lstrcmpW
0x4130ac MoveFileW
0x4130b0 GetDriveTypeW
0x4130b4 EnterCriticalSection
0x4130b8 ReleaseSemaphore
0x4130bc LeaveCriticalSection
0x4130c0 InitializeCriticalSection
0x4130c4 DeleteCriticalSection
0x4130c8 CreateSemaphoreW
0x4130cc SetStdHandle
0x4130d0 GetConsoleMode
0x4130d4 WriteConsoleW
0x4130d8 DecodePointer
0x4130dc HeapSize
0x4130e0 SetThreadPriority
0x4130e4 GetConsoleCP
0x4130e8 FlushFileBuffers
0x4130ec FreeEnvironmentStringsW
0x4130f0 GetEnvironmentStringsW
0x4130f4 WideCharToMultiByte
0x4130f8 UnhandledExceptionFilter
0x4130fc SetUnhandledExceptionFilter
0x413100 IsProcessorFeaturePresent
0x413104 QueryPerformanceCounter
0x413108 GetCurrentThreadId
0x41310c GetSystemTimeAsFileTime
0x413110 InitializeSListHead
0x413114 IsDebuggerPresent
0x413118 GetStartupInfoW
0x41311c GetModuleHandleW
0x413120 RtlUnwind
0x413124 GetLastError
0x413128 SetLastError
0x41312c InitializeCriticalSectionAndSpinCount
0x413130 TlsAlloc
0x413134 TlsGetValue
0x413138 TlsSetValue
0x41313c TlsFree
0x413140 FreeLibrary
0x413144 LoadLibraryExW
0x413148 RaiseException
0x41314c GetStdHandle
0x413150 GetModuleFileNameW
0x413154 ExitProcess
0x413158 GetModuleHandleExW
0x41315c FindFirstFileExW
0x413160 IsValidCodePage
0x413164 GetACP
0x413168 GetOEMCP
0x41316c GetCPInfo
0x413170 GetCommandLineA
0x413174 GetCommandLineW
0x413178 MultiByteToWideChar
0x41317c HeapReAlloc
USER32.dll
0x4131c8 wsprintfA
0x4131cc wsprintfW
ADVAPI32.dll
0x413000 CryptAcquireContextA
0x413004 CryptReleaseContext
0x413008 CryptGenRandom
ole32.dll
0x4131d4 CoCreateInstance
0x4131d8 CoSetProxyBlanket
OLEAUT32.dll
0x41319c VariantInit
0x4131a0 VariantClear
EAT(Export Address Table) is none