ScreenShot
| Created | 2023.01.27 19:21 | Machine | s1_win7_x6401 |
| Filename | file3.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 57 detected (ZpevJaikIAH, lCNY, malicious, high confidence, Mint, Zard, AgentRI, S21164639, Save, confidence, 100%, Azorult, VIBH, Kryptik, HLIK, Raccoon, Zenpak, ixakhr, CrypterX, Edei, R002C0DFG21, R + Troj, Static AI, Malicious PE, Racealer, ahkla, ASMalwS, kcloud, score, Suspig, R425581, ai score=82, BScope, Sabsik, CLASSIC, SHteN1Ucf7M, Glupteba, Unsafe, GenKryptik, FGMG, ZexaF, WuX@a49VmBbO, GdSda, susgen) | ||
| md5 | 89bc30347b1d6eb8d04fad715c08551a | ||
| sha256 | e78c0f2d81015f0c095cc4fbf50d3528b4f9aaaec22345d17feac5b5846f97c1 | ||
| ssdeep | 12288:f9Pcv2MVFtLXt+LFfGAPFIxvPUVKm61F0J6wPDOuHwUcnO6x/Nqp8UzOU:f9PFMVP3APifmS26iDOlUcnTxk | ||
| imphash | f3b31e907320cadf5820c6eb76eca851 | ||
| impfuzzy | 48:IthrcFYzdPn81U9tFklpMSB+fcXOusK9tBaeEbcvppwfPOlz:I3cGPn8m/kvvB+fcXI4toeEbcvppd | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 57 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4a3008 CreateFileA
0x4a300c GetFileSize
0x4a3010 SetFilePointer
0x4a3014 lstrlenA
0x4a3018 WritePrivateProfileStructA
0x4a301c TlsGetValue
0x4a3020 GetNumberOfConsoleInputEvents
0x4a3024 MapUserPhysicalPages
0x4a3028 InterlockedDecrement
0x4a302c SetEnvironmentVariableW
0x4a3030 CreateDirectoryW
0x4a3034 GetProfileSectionA
0x4a3038 WaitForSingleObject
0x4a303c WriteConsoleInputA
0x4a3040 SetComputerNameW
0x4a3044 SetVolumeMountPointW
0x4a3048 FreeEnvironmentStringsA
0x4a304c GetModuleHandleW
0x4a3050 LocalFlags
0x4a3054 GetConsoleTitleA
0x4a3058 ReadConsoleW
0x4a305c GetWindowsDirectoryA
0x4a3060 WriteFile
0x4a3064 GetDriveTypeA
0x4a3068 GlobalAlloc
0x4a306c AddRefActCtx
0x4a3070 GetPrivateProfileStructW
0x4a3074 SetSystemTimeAdjustment
0x4a3078 GetVersionExW
0x4a307c GetComputerNameExA
0x4a3080 Beep
0x4a3084 GetBinaryTypeA
0x4a3088 WritePrivateProfileSectionW
0x4a308c GetAtomNameW
0x4a3090 FileTimeToSystemTime
0x4a3094 GetModuleFileNameW
0x4a3098 CompareStringW
0x4a309c SetConsoleTitleA
0x4a30a0 GlobalUnlock
0x4a30a4 HeapReAlloc
0x4a30a8 VerifyVersionInfoW
0x4a30ac InterlockedExchange
0x4a30b0 SetCurrentDirectoryA
0x4a30b4 GetLastError
0x4a30b8 GetProcAddress
0x4a30bc CreateNamedPipeA
0x4a30c0 CopyFileA
0x4a30c4 SetStdHandle
0x4a30c8 GetTempFileNameA
0x4a30cc GetPrivateProfileStringA
0x4a30d0 OpenWaitableTimerA
0x4a30d4 OpenMutexA
0x4a30d8 OpenWaitableTimerW
0x4a30dc SetCalendarInfoW
0x4a30e0 IsWow64Process
0x4a30e4 IsSystemResumeAutomatic
0x4a30e8 SetConsoleOutputCP
0x4a30ec AddAtomW
0x4a30f0 QueryDosDeviceW
0x4a30f4 GetCommMask
0x4a30f8 EnumResourceTypesW
0x4a30fc GetThreadPriority
0x4a3100 FindNextFileW
0x4a3104 GetCurrentDirectoryA
0x4a3108 CompareStringA
0x4a310c GetConsoleCursorInfo
0x4a3110 ScrollConsoleScreenBufferA
0x4a3114 OpenSemaphoreW
0x4a3118 DeleteTimerQueueTimer
0x4a311c ReadConsoleOutputCharacterW
0x4a3120 InterlockedPushEntrySList
0x4a3124 TlsFree
0x4a3128 GetVolumeInformationW
0x4a312c FlushFileBuffers
0x4a3130 IsProcessorFeaturePresent
0x4a3134 CloseHandle
0x4a3138 CreateFileW
0x4a313c LCMapStringA
0x4a3140 FileTimeToDosDateTime
0x4a3144 InterlockedIncrement
0x4a3148 InitializeCriticalSection
0x4a314c DeleteCriticalSection
0x4a3150 EnterCriticalSection
0x4a3154 LeaveCriticalSection
0x4a3158 DeleteFileA
0x4a315c MultiByteToWideChar
0x4a3160 GetCommandLineW
0x4a3164 HeapSetInformation
0x4a3168 GetStartupInfoW
0x4a316c EncodePointer
0x4a3170 DecodePointer
0x4a3174 InitializeCriticalSectionAndSpinCount
0x4a3178 GetFileType
0x4a317c WideCharToMultiByte
0x4a3180 GetConsoleCP
0x4a3184 GetConsoleMode
0x4a3188 TerminateProcess
0x4a318c GetCurrentProcess
0x4a3190 UnhandledExceptionFilter
0x4a3194 SetUnhandledExceptionFilter
0x4a3198 IsDebuggerPresent
0x4a319c HeapValidate
0x4a31a0 IsBadReadPtr
0x4a31a4 GetACP
0x4a31a8 GetOEMCP
0x4a31ac GetCPInfo
0x4a31b0 IsValidCodePage
0x4a31b4 TlsAlloc
0x4a31b8 TlsSetValue
0x4a31bc GetCurrentThreadId
0x4a31c0 SetLastError
0x4a31c4 RaiseException
0x4a31c8 QueryPerformanceCounter
0x4a31cc GetTickCount
0x4a31d0 GetCurrentProcessId
0x4a31d4 GetSystemTimeAsFileTime
0x4a31d8 ExitProcess
0x4a31dc FreeEnvironmentStringsW
0x4a31e0 GetEnvironmentStringsW
0x4a31e4 SetHandleCount
0x4a31e8 GetStdHandle
0x4a31ec HeapCreate
0x4a31f0 WriteConsoleW
0x4a31f4 RtlUnwind
0x4a31f8 OutputDebugStringA
0x4a31fc OutputDebugStringW
0x4a3200 LoadLibraryW
0x4a3204 HeapAlloc
0x4a3208 GetModuleFileNameA
0x4a320c HeapSize
0x4a3210 HeapQueryInformation
0x4a3214 HeapFree
0x4a3218 GetStringTypeW
0x4a321c LCMapStringW
USER32.dll
0x4a3224 GetMenuBarInfo
0x4a3228 GetCursorInfo
0x4a322c GetListBoxInfo
0x4a3230 GetComboBoxInfo
ADVAPI32.dll
0x4a3000 InitiateSystemShutdownA
EAT(Export Address Table) is none
KERNEL32.dll
0x4a3008 CreateFileA
0x4a300c GetFileSize
0x4a3010 SetFilePointer
0x4a3014 lstrlenA
0x4a3018 WritePrivateProfileStructA
0x4a301c TlsGetValue
0x4a3020 GetNumberOfConsoleInputEvents
0x4a3024 MapUserPhysicalPages
0x4a3028 InterlockedDecrement
0x4a302c SetEnvironmentVariableW
0x4a3030 CreateDirectoryW
0x4a3034 GetProfileSectionA
0x4a3038 WaitForSingleObject
0x4a303c WriteConsoleInputA
0x4a3040 SetComputerNameW
0x4a3044 SetVolumeMountPointW
0x4a3048 FreeEnvironmentStringsA
0x4a304c GetModuleHandleW
0x4a3050 LocalFlags
0x4a3054 GetConsoleTitleA
0x4a3058 ReadConsoleW
0x4a305c GetWindowsDirectoryA
0x4a3060 WriteFile
0x4a3064 GetDriveTypeA
0x4a3068 GlobalAlloc
0x4a306c AddRefActCtx
0x4a3070 GetPrivateProfileStructW
0x4a3074 SetSystemTimeAdjustment
0x4a3078 GetVersionExW
0x4a307c GetComputerNameExA
0x4a3080 Beep
0x4a3084 GetBinaryTypeA
0x4a3088 WritePrivateProfileSectionW
0x4a308c GetAtomNameW
0x4a3090 FileTimeToSystemTime
0x4a3094 GetModuleFileNameW
0x4a3098 CompareStringW
0x4a309c SetConsoleTitleA
0x4a30a0 GlobalUnlock
0x4a30a4 HeapReAlloc
0x4a30a8 VerifyVersionInfoW
0x4a30ac InterlockedExchange
0x4a30b0 SetCurrentDirectoryA
0x4a30b4 GetLastError
0x4a30b8 GetProcAddress
0x4a30bc CreateNamedPipeA
0x4a30c0 CopyFileA
0x4a30c4 SetStdHandle
0x4a30c8 GetTempFileNameA
0x4a30cc GetPrivateProfileStringA
0x4a30d0 OpenWaitableTimerA
0x4a30d4 OpenMutexA
0x4a30d8 OpenWaitableTimerW
0x4a30dc SetCalendarInfoW
0x4a30e0 IsWow64Process
0x4a30e4 IsSystemResumeAutomatic
0x4a30e8 SetConsoleOutputCP
0x4a30ec AddAtomW
0x4a30f0 QueryDosDeviceW
0x4a30f4 GetCommMask
0x4a30f8 EnumResourceTypesW
0x4a30fc GetThreadPriority
0x4a3100 FindNextFileW
0x4a3104 GetCurrentDirectoryA
0x4a3108 CompareStringA
0x4a310c GetConsoleCursorInfo
0x4a3110 ScrollConsoleScreenBufferA
0x4a3114 OpenSemaphoreW
0x4a3118 DeleteTimerQueueTimer
0x4a311c ReadConsoleOutputCharacterW
0x4a3120 InterlockedPushEntrySList
0x4a3124 TlsFree
0x4a3128 GetVolumeInformationW
0x4a312c FlushFileBuffers
0x4a3130 IsProcessorFeaturePresent
0x4a3134 CloseHandle
0x4a3138 CreateFileW
0x4a313c LCMapStringA
0x4a3140 FileTimeToDosDateTime
0x4a3144 InterlockedIncrement
0x4a3148 InitializeCriticalSection
0x4a314c DeleteCriticalSection
0x4a3150 EnterCriticalSection
0x4a3154 LeaveCriticalSection
0x4a3158 DeleteFileA
0x4a315c MultiByteToWideChar
0x4a3160 GetCommandLineW
0x4a3164 HeapSetInformation
0x4a3168 GetStartupInfoW
0x4a316c EncodePointer
0x4a3170 DecodePointer
0x4a3174 InitializeCriticalSectionAndSpinCount
0x4a3178 GetFileType
0x4a317c WideCharToMultiByte
0x4a3180 GetConsoleCP
0x4a3184 GetConsoleMode
0x4a3188 TerminateProcess
0x4a318c GetCurrentProcess
0x4a3190 UnhandledExceptionFilter
0x4a3194 SetUnhandledExceptionFilter
0x4a3198 IsDebuggerPresent
0x4a319c HeapValidate
0x4a31a0 IsBadReadPtr
0x4a31a4 GetACP
0x4a31a8 GetOEMCP
0x4a31ac GetCPInfo
0x4a31b0 IsValidCodePage
0x4a31b4 TlsAlloc
0x4a31b8 TlsSetValue
0x4a31bc GetCurrentThreadId
0x4a31c0 SetLastError
0x4a31c4 RaiseException
0x4a31c8 QueryPerformanceCounter
0x4a31cc GetTickCount
0x4a31d0 GetCurrentProcessId
0x4a31d4 GetSystemTimeAsFileTime
0x4a31d8 ExitProcess
0x4a31dc FreeEnvironmentStringsW
0x4a31e0 GetEnvironmentStringsW
0x4a31e4 SetHandleCount
0x4a31e8 GetStdHandle
0x4a31ec HeapCreate
0x4a31f0 WriteConsoleW
0x4a31f4 RtlUnwind
0x4a31f8 OutputDebugStringA
0x4a31fc OutputDebugStringW
0x4a3200 LoadLibraryW
0x4a3204 HeapAlloc
0x4a3208 GetModuleFileNameA
0x4a320c HeapSize
0x4a3210 HeapQueryInformation
0x4a3214 HeapFree
0x4a3218 GetStringTypeW
0x4a321c LCMapStringW
USER32.dll
0x4a3224 GetMenuBarInfo
0x4a3228 GetCursorInfo
0x4a322c GetListBoxInfo
0x4a3230 GetComboBoxInfo
ADVAPI32.dll
0x4a3000 InitiateSystemShutdownA
EAT(Export Address Table) is none