ScreenShot
| Created | 2022.12.15 15:55 | Machine | s1_win7_x6403 |
| Filename | AllmakeString2.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 42 detected (CVE-2018-8120, Hacktool, malicious, high confidence, CVE-2019-0808, GenericKD, Unsafe, CVE-2020-1908, CVE20190808, Consoler, ABHV, ivmwnk, CVE-2019-1458, R002C0DED21, Artemis, BHAZ, csjup, score, ai score=87, CLOUD, susgen, CVE-2020-2117, CVE20211732) | ||
| md5 | 5b7db76369cfda2450af6bebdc62ff15 | ||
| sha256 | 5d7c25df48dac73698ae455a3d98ea38c2502edf862a47dc6db9a177147db453 | ||
| ssdeep | 6144:6vem+wL6FRT/7OXCiXhk5lTLY0psWJkdXVKAlHW:cd+wL6FPiXhk7/YGJkdXws | ||
| imphash | 4f7cea697bd9dd2a588ec4d74b63531c | ||
| impfuzzy | 48:xlKVCVt6IMBc+ppZa3wbSGFeXaoJl0vg1WRdEJJznSlHB1go/XE09fnB/KAME0G:xwVut6IMBc+ppZ10gxph4G | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 42 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140046030 VirtualProtect
0x140046038 VirtualQuery
0x140046040 GetCurrentProcessId
0x140046048 CreatePipe
0x140046050 GetStartupInfoW
0x140046058 lstrcpyW
0x140046060 CreateProcessW
0x140046068 CloseHandle
0x140046070 GetLastError
0x140046078 ReadFile
0x140046080 ExitProcess
0x140046088 VirtualAlloc
0x140046090 GetCurrentProcess
0x140046098 GetCurrentThreadId
0x1400460a0 CreateFileW
0x1400460a8 SetFilePointerEx
0x1400460b0 GetFileSizeEx
0x1400460b8 WriteConsoleW
0x1400460c0 HeapQueryInformation
0x1400460c8 HeapReAlloc
0x1400460d0 HeapFree
0x1400460d8 GetStringTypeW
0x1400460e0 GetModuleHandleA
0x1400460e8 OutputDebugStringW
0x1400460f0 GetProcessHeap
0x1400460f8 SetEnvironmentVariableW
0x140046100 FreeEnvironmentStringsW
0x140046108 GetEnvironmentStringsW
0x140046110 MultiByteToWideChar
0x140046118 GetCPInfo
0x140046120 GetOEMCP
0x140046128 GetACP
0x140046130 IsValidCodePage
0x140046138 FindNextFileW
0x140046140 FindFirstFileExW
0x140046148 FindClose
0x140046150 GetFileAttributesExW
0x140046158 GetExitCodeProcess
0x140046160 WaitForSingleObject
0x140046168 WideCharToMultiByte
0x140046170 GetConsoleMode
0x140046178 GetConsoleOutputCP
0x140046180 FlushFileBuffers
0x140046188 GetFileType
0x140046190 LocalAlloc
0x140046198 LoadLibraryA
0x1400461a0 GetModuleHandleW
0x1400461a8 GetProcAddress
0x1400461b0 SetStdHandle
0x1400461b8 LoadLibraryW
0x1400461c0 RtlCaptureContext
0x1400461c8 RtlLookupFunctionEntry
0x1400461d0 RtlVirtualUnwind
0x1400461d8 UnhandledExceptionFilter
0x1400461e0 SetUnhandledExceptionFilter
0x1400461e8 TerminateProcess
0x1400461f0 IsProcessorFeaturePresent
0x1400461f8 IsDebuggerPresent
0x140046200 QueryPerformanceCounter
0x140046208 GetSystemTimeAsFileTime
0x140046210 InitializeSListHead
0x140046218 RtlUnwindEx
0x140046220 SetLastError
0x140046228 EncodePointer
0x140046230 RaiseException
0x140046238 EnterCriticalSection
0x140046240 LeaveCriticalSection
0x140046248 DeleteCriticalSection
0x140046250 InitializeCriticalSectionAndSpinCount
0x140046258 TlsAlloc
0x140046260 TlsGetValue
0x140046268 TlsSetValue
0x140046270 TlsFree
0x140046278 FreeLibrary
0x140046280 LoadLibraryExW
0x140046288 RtlPcToFileHeader
0x140046290 GetModuleHandleExW
0x140046298 GetModuleFileNameW
0x1400462a0 GetStdHandle
0x1400462a8 WriteFile
0x1400462b0 GetCommandLineA
0x1400462b8 GetCommandLineW
0x1400462c0 HeapAlloc
0x1400462c8 HeapSize
0x1400462d0 HeapValidate
0x1400462d8 GetSystemInfo
0x1400462e0 CompareStringW
0x1400462e8 LCMapStringW
USER32.dll
0x1400462f8 TranslateMessage
0x140046300 GetMessageW
0x140046308 TrackPopupMenuEx
0x140046310 AppendMenuA
0x140046318 SetMenuInfo
0x140046320 SetWinEventHook
0x140046328 SetWindowsHookExW
0x140046330 CreateWindowExA
0x140046338 RegisterClassExA
0x140046340 CallNextHookEx
0x140046348 UnregisterClassW
0x140046350 SetKeyboardState
0x140046358 GetKeyboardState
0x140046360 SetWindowLongPtrW
0x140046368 DispatchMessageW
0x140046370 InternalGetWindowText
0x140046378 SetClassLongPtrW
0x140046380 SendMessageW
0x140046388 DrawIconEx
0x140046390 SetWindowLongPtrA
0x140046398 SetWindowLongW
0x1400463a0 DestroyWindow
0x1400463a8 CreateWindowExW
0x1400463b0 CreatePopupMenu
0x1400463b8 RegisterClassExW
0x1400463c0 GetMenuBarInfo
0x1400463c8 PostQuitMessage
0x1400463d0 DefWindowProcW
0x1400463d8 DestroyMenu
0x1400463e0 CreateMenu
0x1400463e8 RegisterClassW
GDI32.dll
0x140046000 GetBitmapBits
0x140046008 SelectObject
0x140046010 CreateCompatibleBitmap
0x140046018 CreateCompatibleDC
0x140046020 SetBitmapBits
EAT(Export Address Table) is none
KERNEL32.dll
0x140046030 VirtualProtect
0x140046038 VirtualQuery
0x140046040 GetCurrentProcessId
0x140046048 CreatePipe
0x140046050 GetStartupInfoW
0x140046058 lstrcpyW
0x140046060 CreateProcessW
0x140046068 CloseHandle
0x140046070 GetLastError
0x140046078 ReadFile
0x140046080 ExitProcess
0x140046088 VirtualAlloc
0x140046090 GetCurrentProcess
0x140046098 GetCurrentThreadId
0x1400460a0 CreateFileW
0x1400460a8 SetFilePointerEx
0x1400460b0 GetFileSizeEx
0x1400460b8 WriteConsoleW
0x1400460c0 HeapQueryInformation
0x1400460c8 HeapReAlloc
0x1400460d0 HeapFree
0x1400460d8 GetStringTypeW
0x1400460e0 GetModuleHandleA
0x1400460e8 OutputDebugStringW
0x1400460f0 GetProcessHeap
0x1400460f8 SetEnvironmentVariableW
0x140046100 FreeEnvironmentStringsW
0x140046108 GetEnvironmentStringsW
0x140046110 MultiByteToWideChar
0x140046118 GetCPInfo
0x140046120 GetOEMCP
0x140046128 GetACP
0x140046130 IsValidCodePage
0x140046138 FindNextFileW
0x140046140 FindFirstFileExW
0x140046148 FindClose
0x140046150 GetFileAttributesExW
0x140046158 GetExitCodeProcess
0x140046160 WaitForSingleObject
0x140046168 WideCharToMultiByte
0x140046170 GetConsoleMode
0x140046178 GetConsoleOutputCP
0x140046180 FlushFileBuffers
0x140046188 GetFileType
0x140046190 LocalAlloc
0x140046198 LoadLibraryA
0x1400461a0 GetModuleHandleW
0x1400461a8 GetProcAddress
0x1400461b0 SetStdHandle
0x1400461b8 LoadLibraryW
0x1400461c0 RtlCaptureContext
0x1400461c8 RtlLookupFunctionEntry
0x1400461d0 RtlVirtualUnwind
0x1400461d8 UnhandledExceptionFilter
0x1400461e0 SetUnhandledExceptionFilter
0x1400461e8 TerminateProcess
0x1400461f0 IsProcessorFeaturePresent
0x1400461f8 IsDebuggerPresent
0x140046200 QueryPerformanceCounter
0x140046208 GetSystemTimeAsFileTime
0x140046210 InitializeSListHead
0x140046218 RtlUnwindEx
0x140046220 SetLastError
0x140046228 EncodePointer
0x140046230 RaiseException
0x140046238 EnterCriticalSection
0x140046240 LeaveCriticalSection
0x140046248 DeleteCriticalSection
0x140046250 InitializeCriticalSectionAndSpinCount
0x140046258 TlsAlloc
0x140046260 TlsGetValue
0x140046268 TlsSetValue
0x140046270 TlsFree
0x140046278 FreeLibrary
0x140046280 LoadLibraryExW
0x140046288 RtlPcToFileHeader
0x140046290 GetModuleHandleExW
0x140046298 GetModuleFileNameW
0x1400462a0 GetStdHandle
0x1400462a8 WriteFile
0x1400462b0 GetCommandLineA
0x1400462b8 GetCommandLineW
0x1400462c0 HeapAlloc
0x1400462c8 HeapSize
0x1400462d0 HeapValidate
0x1400462d8 GetSystemInfo
0x1400462e0 CompareStringW
0x1400462e8 LCMapStringW
USER32.dll
0x1400462f8 TranslateMessage
0x140046300 GetMessageW
0x140046308 TrackPopupMenuEx
0x140046310 AppendMenuA
0x140046318 SetMenuInfo
0x140046320 SetWinEventHook
0x140046328 SetWindowsHookExW
0x140046330 CreateWindowExA
0x140046338 RegisterClassExA
0x140046340 CallNextHookEx
0x140046348 UnregisterClassW
0x140046350 SetKeyboardState
0x140046358 GetKeyboardState
0x140046360 SetWindowLongPtrW
0x140046368 DispatchMessageW
0x140046370 InternalGetWindowText
0x140046378 SetClassLongPtrW
0x140046380 SendMessageW
0x140046388 DrawIconEx
0x140046390 SetWindowLongPtrA
0x140046398 SetWindowLongW
0x1400463a0 DestroyWindow
0x1400463a8 CreateWindowExW
0x1400463b0 CreatePopupMenu
0x1400463b8 RegisterClassExW
0x1400463c0 GetMenuBarInfo
0x1400463c8 PostQuitMessage
0x1400463d0 DefWindowProcW
0x1400463d8 DestroyMenu
0x1400463e0 CreateMenu
0x1400463e8 RegisterClassW
GDI32.dll
0x140046000 GetBitmapBits
0x140046008 SelectObject
0x140046010 CreateCompatibleBitmap
0x140046018 CreateCompatibleDC
0x140046020 SetBitmapBits
EAT(Export Address Table) is none