ScreenShot
| Created | 2023.01.22 14:05 | Machine | s1_win7_x6403 |
| Filename | 14141.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 56 detected (AIDetectNet, Convagent, MulDrop21, GenericKD, Filerepmalware, Krypt, S29488046, Unsafe, Deyma, Save, malicious, confidence, 100%, Azorult, Kryptik, Eldorado, high confidence, HSHU, score, juivsa, PWSX, S + Troj, STOP, SMYXCLZZ, Lockbit, high, Static AI, Malicious PE, kcloud, Malware@#ivtsb1zvozza, 12H9IWM, Detected, R551591, Artemis, ai score=85, BScope, Wacatac, CLASSIC, pOpjwK8MoVY, GenKryptik, FBYO, GdSda) | ||
| md5 | 58ccd490229a6eb997fd8bfa74dee077 | ||
| sha256 | 5d7b46092d913f01673161204b22b835a48bf40f110ecb2ba82d59e42d74adc7 | ||
| ssdeep | 3072:lX9QzvY2lIHF4R5ZVvzd4QxzUzKecTFJ6WsVYMRz3xDn1goYNUOxCycapb:hcY2lIK1V54UzPecRJEVD9bg9NUZ4p | ||
| imphash | e3155d9cfab86b6c5c15edea4a8741d5 | ||
| impfuzzy | 24:jKkCHo3kdJuDAXwTx0Hz4KdQBTAAKvJbgqpHV/OAOovROhIvncYFBRyv9kRSSXLT:SzjXwd0TZdisp1/Ov9OncN9gSSXLNuSZ | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 56 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x401010 GetConsoleTitleW
0x401014 CreateFileW
0x401018 VirtualAlloc
0x40101c GetConsoleAliasW
0x401020 SetComputerNameW
0x401024 GetSystemWindowsDirectoryA
0x401028 GlobalUnlock
0x40102c FindFirstVolumeMountPointW
0x401030 CreateDirectoryExW
0x401034 DeleteAtom
0x401038 GetLogicalDriveStringsA
0x40103c ReadConsoleInputW
0x401040 GetTempPathW
0x401044 GetCurrentDirectoryW
0x401048 DebugBreak
0x40104c LCMapStringA
0x401050 GetProcAddress
0x401054 LocalAlloc
0x401058 GetBinaryTypeA
0x40105c SetThreadUILanguage
0x401060 GetHandleInformation
0x401064 FindNextFileA
0x401068 UnhandledExceptionFilter
0x40106c LoadLibraryW
0x401070 FillConsoleOutputAttribute
0x401074 GlobalFlags
0x401078 GetModuleHandleA
0x40107c CopyFileA
0x401080 CreateActCtxA
0x401084 lstrlenA
0x401088 TlsAlloc
0x40108c CreateActCtxW
0x401090 DeleteVolumeMountPointA
0x401094 MoveFileWithProgressA
0x401098 CreateMailslotW
0x40109c WriteConsoleInputA
0x4010a0 GetTempPathA
0x4010a4 InterlockedExchangeAdd
0x4010a8 EnumTimeFormatsA
0x4010ac FindFirstFileW
0x4010b0 FreeEnvironmentStringsW
0x4010b4 VerifyVersionInfoW
0x4010b8 GlobalAlloc
0x4010bc GetTickCount
0x4010c0 SetLastError
0x4010c4 GetLastError
0x4010c8 CreateFileA
0x4010cc GetNumberOfConsoleInputEvents
0x4010d0 CompareStringA
0x4010d4 CreateNamedPipeA
0x4010d8 LoadLibraryA
0x4010dc SetUnhandledExceptionFilter
0x4010e0 DeleteFileA
0x4010e4 GetCommandLineA
0x4010e8 GetStartupInfoA
0x4010ec TerminateProcess
0x4010f0 GetCurrentProcess
0x4010f4 IsDebuggerPresent
0x4010f8 HeapFree
0x4010fc GetModuleHandleW
0x401100 TlsGetValue
0x401104 TlsSetValue
0x401108 TlsFree
0x40110c InterlockedIncrement
0x401110 GetCurrentThreadId
0x401114 InterlockedDecrement
0x401118 Sleep
0x40111c ExitProcess
0x401120 WriteFile
0x401124 GetStdHandle
0x401128 GetModuleFileNameA
0x40112c EnterCriticalSection
0x401130 LeaveCriticalSection
0x401134 FreeEnvironmentStringsA
0x401138 GetEnvironmentStrings
0x40113c WideCharToMultiByte
0x401140 GetEnvironmentStringsW
0x401144 SetHandleCount
0x401148 GetFileType
0x40114c DeleteCriticalSection
0x401150 HeapCreate
0x401154 VirtualFree
0x401158 QueryPerformanceCounter
0x40115c GetCurrentProcessId
0x401160 GetSystemTimeAsFileTime
0x401164 GetCPInfo
0x401168 GetACP
0x40116c GetOEMCP
0x401170 IsValidCodePage
0x401174 RaiseException
0x401178 HeapAlloc
0x40117c HeapReAlloc
0x401180 RtlUnwind
0x401184 InitializeCriticalSectionAndSpinCount
0x401188 MultiByteToWideChar
0x40118c LCMapStringW
0x401190 GetStringTypeA
0x401194 GetStringTypeW
0x401198 GetLocaleInfoA
0x40119c HeapSize
0x4011a0 GetConsoleCP
0x4011a4 GetConsoleMode
0x4011a8 FlushFileBuffers
0x4011ac SetFilePointer
0x4011b0 CloseHandle
0x4011b4 WriteConsoleA
0x4011b8 GetConsoleOutputCP
0x4011bc WriteConsoleW
0x4011c0 SetStdHandle
USER32.dll
0x4011c8 GetCursorInfo
GDI32.dll
0x401000 GetCharWidth32A
0x401004 GetCharABCWidthsA
0x401008 GetBrushOrgEx
EAT(Export Address Table) is none
KERNEL32.dll
0x401010 GetConsoleTitleW
0x401014 CreateFileW
0x401018 VirtualAlloc
0x40101c GetConsoleAliasW
0x401020 SetComputerNameW
0x401024 GetSystemWindowsDirectoryA
0x401028 GlobalUnlock
0x40102c FindFirstVolumeMountPointW
0x401030 CreateDirectoryExW
0x401034 DeleteAtom
0x401038 GetLogicalDriveStringsA
0x40103c ReadConsoleInputW
0x401040 GetTempPathW
0x401044 GetCurrentDirectoryW
0x401048 DebugBreak
0x40104c LCMapStringA
0x401050 GetProcAddress
0x401054 LocalAlloc
0x401058 GetBinaryTypeA
0x40105c SetThreadUILanguage
0x401060 GetHandleInformation
0x401064 FindNextFileA
0x401068 UnhandledExceptionFilter
0x40106c LoadLibraryW
0x401070 FillConsoleOutputAttribute
0x401074 GlobalFlags
0x401078 GetModuleHandleA
0x40107c CopyFileA
0x401080 CreateActCtxA
0x401084 lstrlenA
0x401088 TlsAlloc
0x40108c CreateActCtxW
0x401090 DeleteVolumeMountPointA
0x401094 MoveFileWithProgressA
0x401098 CreateMailslotW
0x40109c WriteConsoleInputA
0x4010a0 GetTempPathA
0x4010a4 InterlockedExchangeAdd
0x4010a8 EnumTimeFormatsA
0x4010ac FindFirstFileW
0x4010b0 FreeEnvironmentStringsW
0x4010b4 VerifyVersionInfoW
0x4010b8 GlobalAlloc
0x4010bc GetTickCount
0x4010c0 SetLastError
0x4010c4 GetLastError
0x4010c8 CreateFileA
0x4010cc GetNumberOfConsoleInputEvents
0x4010d0 CompareStringA
0x4010d4 CreateNamedPipeA
0x4010d8 LoadLibraryA
0x4010dc SetUnhandledExceptionFilter
0x4010e0 DeleteFileA
0x4010e4 GetCommandLineA
0x4010e8 GetStartupInfoA
0x4010ec TerminateProcess
0x4010f0 GetCurrentProcess
0x4010f4 IsDebuggerPresent
0x4010f8 HeapFree
0x4010fc GetModuleHandleW
0x401100 TlsGetValue
0x401104 TlsSetValue
0x401108 TlsFree
0x40110c InterlockedIncrement
0x401110 GetCurrentThreadId
0x401114 InterlockedDecrement
0x401118 Sleep
0x40111c ExitProcess
0x401120 WriteFile
0x401124 GetStdHandle
0x401128 GetModuleFileNameA
0x40112c EnterCriticalSection
0x401130 LeaveCriticalSection
0x401134 FreeEnvironmentStringsA
0x401138 GetEnvironmentStrings
0x40113c WideCharToMultiByte
0x401140 GetEnvironmentStringsW
0x401144 SetHandleCount
0x401148 GetFileType
0x40114c DeleteCriticalSection
0x401150 HeapCreate
0x401154 VirtualFree
0x401158 QueryPerformanceCounter
0x40115c GetCurrentProcessId
0x401160 GetSystemTimeAsFileTime
0x401164 GetCPInfo
0x401168 GetACP
0x40116c GetOEMCP
0x401170 IsValidCodePage
0x401174 RaiseException
0x401178 HeapAlloc
0x40117c HeapReAlloc
0x401180 RtlUnwind
0x401184 InitializeCriticalSectionAndSpinCount
0x401188 MultiByteToWideChar
0x40118c LCMapStringW
0x401190 GetStringTypeA
0x401194 GetStringTypeW
0x401198 GetLocaleInfoA
0x40119c HeapSize
0x4011a0 GetConsoleCP
0x4011a4 GetConsoleMode
0x4011a8 FlushFileBuffers
0x4011ac SetFilePointer
0x4011b0 CloseHandle
0x4011b4 WriteConsoleA
0x4011b8 GetConsoleOutputCP
0x4011bc WriteConsoleW
0x4011c0 SetStdHandle
USER32.dll
0x4011c8 GetCursorInfo
GDI32.dll
0x401000 GetCharWidth32A
0x401004 GetCharABCWidthsA
0x401008 GetBrushOrgEx
EAT(Export Address Table) is none