ScreenShot
| Created | 2022.12.23 18:17 | Machine | s1_win7_x6401 |
| Filename | s.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 26 detected (FamVT, RazyNHmC, Unsafe, Save, malicious, Kryptik, Eldorado, high confidence, Pwsx, DropperX, A + Troj, Krypt, Lockbit, moderate, score, QBot, Detected, Sabsik, Generic@AI, RDML, V8Z2E3+sLR2zGRMewtUNfg, SmokeLoader, confidence, 100%) | ||
| md5 | 27a37d7db6c7a8557b770fb860444825 | ||
| sha256 | fc9b641b739432101f1d21c296e4791ad4e09a5712ecc47a82f99b1f6588c675 | ||
| ssdeep | 3072:0zQ7LmXf5N+NDY39vXRsuYIR7gXrrdR/u+oukz2kWBkOuRGK:kGLmKs39fKDIRsuukKkpjcK | ||
| imphash | 04021a7973cc9386d8ec65f9011a3f00 | ||
| impfuzzy | 24:6BskrkRMzBNokHUeh2zDoCurOt6dmZ9wHBM10+xj4CfPzV4bSSCTMOV4Ty2p6kPP:6BjnDQkd09wiXPy52ucftgKxPvS0L5wl | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x401008 EnumSystemCodePagesW
0x40100c EnumDateFormatsW
0x401010 OpenMutexA
0x401014 GetConsoleAliasesLengthA
0x401018 SetFileApisToOEM
0x40101c EnumCalendarInfoExW
0x401020 RequestWakeupLatency
0x401024 GetConsoleAliasW
0x401028 GetModuleHandleW
0x40102c CreateDirectoryExW
0x401030 GetLogicalDriveStringsW
0x401034 ReadConsoleInputA
0x401038 FindNextVolumeMountPointW
0x40103c SearchPathW
0x401040 CopyFileExW
0x401044 GetCurrentDirectoryW
0x401048 GetSystemDirectoryA
0x40104c CreateMailslotW
0x401050 TlsGetValue
0x401054 GetProcAddress
0x401058 LoadLibraryA
0x40105c LocalAlloc
0x401060 ReadConsoleInputW
0x401064 SearchPathA
0x401068 GetCommandLineW
0x40106c InterlockedIncrement
0x401070 InterlockedExchange
0x401074 ChangeTimerQueueTimer
0x401078 FindResourceA
0x40107c FormatMessageA
0x401080 DebugActiveProcess
0x401084 InterlockedCompareExchange
0x401088 GetConsoleMode
0x40108c FindFirstVolumeA
0x401090 LocalFree
0x401094 LocalFlags
0x401098 ProcessIdToSessionId
0x40109c OpenFileMappingW
0x4010a0 lstrcmpW
0x4010a4 ZombifyActCtx
0x4010a8 CallNamedPipeW
0x4010ac GetComputerNameA
0x4010b0 lstrcpynA
0x4010b4 GenerateConsoleCtrlEvent
0x4010b8 PeekNamedPipe
0x4010bc GetCurrencyFormatW
0x4010c0 FindNextVolumeA
0x4010c4 CreateActCtxW
0x4010c8 OpenJobObjectW
0x4010cc GetPrivateProfileIntA
0x4010d0 _lread
0x4010d4 FreeEnvironmentStringsW
0x4010d8 SetVolumeMountPointW
0x4010dc VirtualAlloc
0x4010e0 GetSystemWindowsDirectoryA
0x4010e4 LoadModule
0x4010e8 lstrlenW
0x4010ec CreateDirectoryW
0x4010f0 GlobalFindAtomW
0x4010f4 CopyFileW
0x4010f8 VerSetConditionMask
0x4010fc EnumSystemLocalesW
0x401100 InterlockedFlushSList
0x401104 WritePrivateProfileSectionA
0x401108 GetStringTypeExA
0x40110c CreateMutexW
0x401110 GetCurrentActCtx
0x401114 ReadFile
0x401118 MoveFileA
0x40111c SetEvent
0x401120 MoveFileExW
0x401124 FindResourceW
0x401128 GetConsoleFontSize
0x40112c GetConsoleAliasExesLengthA
0x401130 FindFirstFileA
0x401134 FreeEnvironmentStringsA
0x401138 EnumResourceLanguagesW
0x40113c InterlockedDecrement
0x401140 GetTickCount
0x401144 SetLastError
0x401148 SetConsoleScreenBufferSize
0x40114c LoadLibraryW
0x401150 HeapAlloc
0x401154 GetStartupInfoW
0x401158 GetLastError
0x40115c SetFilePointer
0x401160 EnterCriticalSection
0x401164 LeaveCriticalSection
0x401168 TerminateProcess
0x40116c GetCurrentProcess
0x401170 UnhandledExceptionFilter
0x401174 SetUnhandledExceptionFilter
0x401178 IsDebuggerPresent
0x40117c DeleteCriticalSection
0x401180 HeapFree
0x401184 VirtualFree
0x401188 HeapReAlloc
0x40118c HeapCreate
0x401190 Sleep
0x401194 ExitProcess
0x401198 WriteFile
0x40119c GetStdHandle
0x4011a0 GetModuleFileNameA
0x4011a4 GetModuleFileNameW
0x4011a8 GetEnvironmentStringsW
0x4011ac SetHandleCount
0x4011b0 GetFileType
0x4011b4 GetStartupInfoA
0x4011b8 TlsAlloc
0x4011bc TlsSetValue
0x4011c0 TlsFree
0x4011c4 GetCurrentThreadId
0x4011c8 QueryPerformanceCounter
0x4011cc GetCurrentProcessId
0x4011d0 GetSystemTimeAsFileTime
0x4011d4 SetStdHandle
0x4011d8 WideCharToMultiByte
0x4011dc GetConsoleCP
0x4011e0 FlushFileBuffers
0x4011e4 RtlUnwind
0x4011e8 InitializeCriticalSectionAndSpinCount
0x4011ec GetCPInfo
0x4011f0 GetACP
0x4011f4 GetOEMCP
0x4011f8 IsValidCodePage
0x4011fc WriteConsoleA
0x401200 GetConsoleOutputCP
0x401204 WriteConsoleW
0x401208 MultiByteToWideChar
0x40120c HeapSize
0x401210 GetLocaleInfoA
0x401214 LCMapStringA
0x401218 LCMapStringW
0x40121c GetStringTypeA
0x401220 GetStringTypeW
0x401224 CreateFileA
0x401228 CloseHandle
ADVAPI32.dll
0x401000 InitiateSystemShutdownW
EAT(Export Address Table) is none
KERNEL32.dll
0x401008 EnumSystemCodePagesW
0x40100c EnumDateFormatsW
0x401010 OpenMutexA
0x401014 GetConsoleAliasesLengthA
0x401018 SetFileApisToOEM
0x40101c EnumCalendarInfoExW
0x401020 RequestWakeupLatency
0x401024 GetConsoleAliasW
0x401028 GetModuleHandleW
0x40102c CreateDirectoryExW
0x401030 GetLogicalDriveStringsW
0x401034 ReadConsoleInputA
0x401038 FindNextVolumeMountPointW
0x40103c SearchPathW
0x401040 CopyFileExW
0x401044 GetCurrentDirectoryW
0x401048 GetSystemDirectoryA
0x40104c CreateMailslotW
0x401050 TlsGetValue
0x401054 GetProcAddress
0x401058 LoadLibraryA
0x40105c LocalAlloc
0x401060 ReadConsoleInputW
0x401064 SearchPathA
0x401068 GetCommandLineW
0x40106c InterlockedIncrement
0x401070 InterlockedExchange
0x401074 ChangeTimerQueueTimer
0x401078 FindResourceA
0x40107c FormatMessageA
0x401080 DebugActiveProcess
0x401084 InterlockedCompareExchange
0x401088 GetConsoleMode
0x40108c FindFirstVolumeA
0x401090 LocalFree
0x401094 LocalFlags
0x401098 ProcessIdToSessionId
0x40109c OpenFileMappingW
0x4010a0 lstrcmpW
0x4010a4 ZombifyActCtx
0x4010a8 CallNamedPipeW
0x4010ac GetComputerNameA
0x4010b0 lstrcpynA
0x4010b4 GenerateConsoleCtrlEvent
0x4010b8 PeekNamedPipe
0x4010bc GetCurrencyFormatW
0x4010c0 FindNextVolumeA
0x4010c4 CreateActCtxW
0x4010c8 OpenJobObjectW
0x4010cc GetPrivateProfileIntA
0x4010d0 _lread
0x4010d4 FreeEnvironmentStringsW
0x4010d8 SetVolumeMountPointW
0x4010dc VirtualAlloc
0x4010e0 GetSystemWindowsDirectoryA
0x4010e4 LoadModule
0x4010e8 lstrlenW
0x4010ec CreateDirectoryW
0x4010f0 GlobalFindAtomW
0x4010f4 CopyFileW
0x4010f8 VerSetConditionMask
0x4010fc EnumSystemLocalesW
0x401100 InterlockedFlushSList
0x401104 WritePrivateProfileSectionA
0x401108 GetStringTypeExA
0x40110c CreateMutexW
0x401110 GetCurrentActCtx
0x401114 ReadFile
0x401118 MoveFileA
0x40111c SetEvent
0x401120 MoveFileExW
0x401124 FindResourceW
0x401128 GetConsoleFontSize
0x40112c GetConsoleAliasExesLengthA
0x401130 FindFirstFileA
0x401134 FreeEnvironmentStringsA
0x401138 EnumResourceLanguagesW
0x40113c InterlockedDecrement
0x401140 GetTickCount
0x401144 SetLastError
0x401148 SetConsoleScreenBufferSize
0x40114c LoadLibraryW
0x401150 HeapAlloc
0x401154 GetStartupInfoW
0x401158 GetLastError
0x40115c SetFilePointer
0x401160 EnterCriticalSection
0x401164 LeaveCriticalSection
0x401168 TerminateProcess
0x40116c GetCurrentProcess
0x401170 UnhandledExceptionFilter
0x401174 SetUnhandledExceptionFilter
0x401178 IsDebuggerPresent
0x40117c DeleteCriticalSection
0x401180 HeapFree
0x401184 VirtualFree
0x401188 HeapReAlloc
0x40118c HeapCreate
0x401190 Sleep
0x401194 ExitProcess
0x401198 WriteFile
0x40119c GetStdHandle
0x4011a0 GetModuleFileNameA
0x4011a4 GetModuleFileNameW
0x4011a8 GetEnvironmentStringsW
0x4011ac SetHandleCount
0x4011b0 GetFileType
0x4011b4 GetStartupInfoA
0x4011b8 TlsAlloc
0x4011bc TlsSetValue
0x4011c0 TlsFree
0x4011c4 GetCurrentThreadId
0x4011c8 QueryPerformanceCounter
0x4011cc GetCurrentProcessId
0x4011d0 GetSystemTimeAsFileTime
0x4011d4 SetStdHandle
0x4011d8 WideCharToMultiByte
0x4011dc GetConsoleCP
0x4011e0 FlushFileBuffers
0x4011e4 RtlUnwind
0x4011e8 InitializeCriticalSectionAndSpinCount
0x4011ec GetCPInfo
0x4011f0 GetACP
0x4011f4 GetOEMCP
0x4011f8 IsValidCodePage
0x4011fc WriteConsoleA
0x401200 GetConsoleOutputCP
0x401204 WriteConsoleW
0x401208 MultiByteToWideChar
0x40120c HeapSize
0x401210 GetLocaleInfoA
0x401214 LCMapStringA
0x401218 LCMapStringW
0x40121c GetStringTypeA
0x401220 GetStringTypeW
0x401224 CreateFileA
0x401228 CloseHandle
ADVAPI32.dll
0x401000 InitiateSystemShutdownW
EAT(Export Address Table) is none