ScreenShot
| Created | 2023.01.26 11:09 | Machine | s1_win7_x6401 |
| Filename | aa.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 40 detected (malicious, high confidence, GenericKDZ, Unsafe, Save, ZexaF, @tW@aeGmUuKe, Kryptik, Eldorado, HNYD, Mikey, ET#85%, RDMK, cmRtazqWyLW, bwChOVjL2d4meqOC, A + Mal, Siggen16, Static AI, Suspicious PE, 16VOW5Z, dube, ASMalwS, StopCrypt, score, MalPE, R463375, ai score=83, BScope, Convagent, GdSda, KigWFWB16O4, susgen, GenKryptik, ERHN, CrypterX, confidence) | ||
| md5 | 4901ce4dd0d78d01170732498f3e8c49 | ||
| sha256 | ecb21bb34f3981624dc19bc634c3f085275cb53d542f460304307e8febe2f295 | ||
| ssdeep | 49152:zTQrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr7:z | ||
| imphash | 7e7dada750fd85eb5f5f9954ddaa9f24 | ||
| impfuzzy | 24:2krklbkP1+YyYSpJcDaoZy4ftgcfdYuehwIeyv5HuO2T4QjMFl9hjM2l9n:5uuZtgcfFeeIL2cd14U9 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 40 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x412000 DosDateTimeToFileTime
0x412004 GetConsoleAliasesLengthW
0x412008 GetStringTypeA
0x41200c FindResourceExW
0x412010 InterlockedIncrement
0x412014 GetConsoleAliasA
0x412018 GetCurrentActCtx
0x41201c WriteConsoleInputA
0x412020 GetConsoleTitleA
0x412024 ReadConsoleW
0x412028 SetFileTime
0x41202c InitializeCriticalSection
0x412030 GlobalAlloc
0x412034 GetLocaleInfoW
0x412038 ReadConsoleInputA
0x41203c ReadFileScatter
0x412040 GetVersionExW
0x412044 GetWriteWatch
0x412048 GetFileAttributesW
0x41204c WriteConsoleW
0x412050 TerminateProcess
0x412054 SetComputerNameExW
0x412058 CreateActCtxA
0x41205c SetLastError
0x412060 GetProcAddress
0x412064 GetLongPathNameA
0x412068 VirtualAlloc
0x41206c HeapUnlock
0x412070 GetAtomNameA
0x412074 DnsHostnameToComputerNameA
0x412078 OpenJobObjectW
0x41207c GetModuleFileNameA
0x412080 SetConsoleTitleW
0x412084 GetModuleHandleA
0x412088 ReleaseMutex
0x41208c EnumCalendarInfoExA
0x412090 CreateThread
0x412094 SwitchToThread
0x412098 HeapAlloc
0x41209c GetStartupInfoW
0x4120a0 GetCurrentProcess
0x4120a4 UnhandledExceptionFilter
0x4120a8 SetUnhandledExceptionFilter
0x4120ac IsDebuggerPresent
0x4120b0 DeleteCriticalSection
0x4120b4 LeaveCriticalSection
0x4120b8 EnterCriticalSection
0x4120bc HeapFree
0x4120c0 VirtualFree
0x4120c4 HeapReAlloc
0x4120c8 HeapCreate
0x4120cc GetModuleHandleW
0x4120d0 Sleep
0x4120d4 ExitProcess
0x4120d8 WriteFile
0x4120dc GetStdHandle
0x4120e0 RtlUnwind
0x4120e4 GetLastError
0x4120e8 TlsGetValue
0x4120ec TlsAlloc
0x4120f0 TlsSetValue
0x4120f4 TlsFree
0x4120f8 GetCurrentThreadId
0x4120fc InterlockedDecrement
0x412100 SetHandleCount
0x412104 GetFileType
0x412108 GetStartupInfoA
0x41210c GetModuleFileNameW
0x412110 FreeEnvironmentStringsW
0x412114 GetEnvironmentStringsW
0x412118 GetCommandLineW
0x41211c QueryPerformanceCounter
0x412120 GetTickCount
0x412124 GetCurrentProcessId
0x412128 GetSystemTimeAsFileTime
0x41212c SetFilePointer
0x412130 WideCharToMultiByte
0x412134 GetConsoleCP
0x412138 GetConsoleMode
0x41213c GetCPInfo
0x412140 GetACP
0x412144 GetOEMCP
0x412148 IsValidCodePage
0x41214c InitializeCriticalSectionAndSpinCount
0x412150 LoadLibraryA
0x412154 CloseHandle
0x412158 CreateFileA
0x41215c RaiseException
0x412160 SetStdHandle
0x412164 WriteConsoleA
0x412168 GetConsoleOutputCP
0x41216c MultiByteToWideChar
0x412170 LCMapStringA
0x412174 LCMapStringW
0x412178 GetStringTypeW
0x41217c GetLocaleInfoA
0x412180 HeapSize
0x412184 FlushFileBuffers
0x412188 SetEndOfFile
0x41218c GetProcessHeap
0x412190 ReadFile
USER32.dll
0x412198 ShowCaret
EAT(Export Address Table) is none
KERNEL32.dll
0x412000 DosDateTimeToFileTime
0x412004 GetConsoleAliasesLengthW
0x412008 GetStringTypeA
0x41200c FindResourceExW
0x412010 InterlockedIncrement
0x412014 GetConsoleAliasA
0x412018 GetCurrentActCtx
0x41201c WriteConsoleInputA
0x412020 GetConsoleTitleA
0x412024 ReadConsoleW
0x412028 SetFileTime
0x41202c InitializeCriticalSection
0x412030 GlobalAlloc
0x412034 GetLocaleInfoW
0x412038 ReadConsoleInputA
0x41203c ReadFileScatter
0x412040 GetVersionExW
0x412044 GetWriteWatch
0x412048 GetFileAttributesW
0x41204c WriteConsoleW
0x412050 TerminateProcess
0x412054 SetComputerNameExW
0x412058 CreateActCtxA
0x41205c SetLastError
0x412060 GetProcAddress
0x412064 GetLongPathNameA
0x412068 VirtualAlloc
0x41206c HeapUnlock
0x412070 GetAtomNameA
0x412074 DnsHostnameToComputerNameA
0x412078 OpenJobObjectW
0x41207c GetModuleFileNameA
0x412080 SetConsoleTitleW
0x412084 GetModuleHandleA
0x412088 ReleaseMutex
0x41208c EnumCalendarInfoExA
0x412090 CreateThread
0x412094 SwitchToThread
0x412098 HeapAlloc
0x41209c GetStartupInfoW
0x4120a0 GetCurrentProcess
0x4120a4 UnhandledExceptionFilter
0x4120a8 SetUnhandledExceptionFilter
0x4120ac IsDebuggerPresent
0x4120b0 DeleteCriticalSection
0x4120b4 LeaveCriticalSection
0x4120b8 EnterCriticalSection
0x4120bc HeapFree
0x4120c0 VirtualFree
0x4120c4 HeapReAlloc
0x4120c8 HeapCreate
0x4120cc GetModuleHandleW
0x4120d0 Sleep
0x4120d4 ExitProcess
0x4120d8 WriteFile
0x4120dc GetStdHandle
0x4120e0 RtlUnwind
0x4120e4 GetLastError
0x4120e8 TlsGetValue
0x4120ec TlsAlloc
0x4120f0 TlsSetValue
0x4120f4 TlsFree
0x4120f8 GetCurrentThreadId
0x4120fc InterlockedDecrement
0x412100 SetHandleCount
0x412104 GetFileType
0x412108 GetStartupInfoA
0x41210c GetModuleFileNameW
0x412110 FreeEnvironmentStringsW
0x412114 GetEnvironmentStringsW
0x412118 GetCommandLineW
0x41211c QueryPerformanceCounter
0x412120 GetTickCount
0x412124 GetCurrentProcessId
0x412128 GetSystemTimeAsFileTime
0x41212c SetFilePointer
0x412130 WideCharToMultiByte
0x412134 GetConsoleCP
0x412138 GetConsoleMode
0x41213c GetCPInfo
0x412140 GetACP
0x412144 GetOEMCP
0x412148 IsValidCodePage
0x41214c InitializeCriticalSectionAndSpinCount
0x412150 LoadLibraryA
0x412154 CloseHandle
0x412158 CreateFileA
0x41215c RaiseException
0x412160 SetStdHandle
0x412164 WriteConsoleA
0x412168 GetConsoleOutputCP
0x41216c MultiByteToWideChar
0x412170 LCMapStringA
0x412174 LCMapStringW
0x412178 GetStringTypeW
0x41217c GetLocaleInfoA
0x412180 HeapSize
0x412184 FlushFileBuffers
0x412188 SetEndOfFile
0x41218c GetProcessHeap
0x412190 ReadFile
USER32.dll
0x412198 ShowCaret
EAT(Export Address Table) is none