ScreenShot
| Created | 2023.02.22 09:32 | Machine | s1_win7_x6403 |
| Filename | Talking-Points-with-China-PLAAF.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 22 detected (GenericKD, Remcos, Attribute, HighConfidence, malicious, high confidence, AFAK, Artemis, Sysdupate, Onkods, Q@52urg7, ai score=84, BScope, Unsafe, CLOUD, confidence) | ||
| md5 | d51e8ebb04a5849f46514dcaef7f4c32 | ||
| sha256 | 3a573796b5e6f1cc3a92eef7e268fa4e74aeddf34f5dd62f7b02109fe560ecd2 | ||
| ssdeep | 12288:3iSHMv8y+XQcA6AJPe+kDuOlwflEzQBxfQPoQaM010P4AiwlUpq+C3AXwvYzcOFG:3K+XQcA6Z7vglEE1Qv3qUTQLwurLM | ||
| imphash | 4dd24c5aa6efe26191b8c320e81469c3 | ||
| impfuzzy | 24:R6zxilDSsb3lEJ3JjqMUyHateS1Ghnc+plm/CGB5vRSOovbObwsR1GjtAjd:RCNsbVEwteS1G5c+pfij3bJ | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| watch | Queries information on disks |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
Rules (10cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| warning | PhysicalDrive_20181001 | (no description) | binaries (upload) |
| watch | ASPack_Zero | ASPack packed file | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x412008 DeviceIoControl
0x41200c VirtualAlloc
0x412010 GetModuleFileNameW
0x412014 VirtualAllocExNuma
0x412018 Thread32Next
0x41201c CreateFileW
0x412020 lstrcmpA
0x412024 GetSystemDirectoryW
0x412028 OpenProcess
0x41202c CreateToolhelp32Snapshot
0x412030 Sleep
0x412034 OutputDebugStringW
0x412038 K32GetModuleBaseNameW
0x41203c lstrcatW
0x412040 GlobalAlloc
0x412044 CloseHandle
0x412048 GetSystemInfo
0x41204c K32GetModuleInformation
0x412050 GetCurrentProcess
0x412054 GetProcAddress
0x412058 VirtualAllocEx
0x41205c ExitProcess
0x412060 VerSetConditionMask
0x412064 GlobalMemoryStatusEx
0x412068 GetModuleHandleW
0x41206c FreeLibrary
0x412070 CopyFileW
0x412074 lstrcpyW
0x412078 VerifyVersionInfoW
0x41207c K32EnumProcessModules
0x412080 CreateFileMappingW
0x412084 MapViewOfFile
0x412088 OpenThread
0x41208c WriteConsoleW
0x412090 SetLastError
0x412094 LoadLibraryW
0x412098 VirtualProtect
0x41209c HeapReAlloc
0x4120a0 HeapSize
0x4120a4 SetFilePointerEx
0x4120a8 GetConsoleMode
0x4120ac GetConsoleOutputCP
0x4120b0 FlushFileBuffers
0x4120b4 GetProcessHeap
0x4120b8 GetStringTypeW
0x4120bc SetStdHandle
0x4120c0 FreeEnvironmentStringsW
0x4120c4 GetEnvironmentStringsW
0x4120c8 UnhandledExceptionFilter
0x4120cc SetUnhandledExceptionFilter
0x4120d0 TerminateProcess
0x4120d4 IsProcessorFeaturePresent
0x4120d8 QueryPerformanceCounter
0x4120dc GetCurrentProcessId
0x4120e0 GetCurrentThreadId
0x4120e4 GetSystemTimeAsFileTime
0x4120e8 InitializeSListHead
0x4120ec IsDebuggerPresent
0x4120f0 GetStartupInfoW
0x4120f4 RtlUnwind
0x4120f8 GetLastError
0x4120fc EnterCriticalSection
0x412100 LeaveCriticalSection
0x412104 DeleteCriticalSection
0x412108 InitializeCriticalSectionAndSpinCount
0x41210c TlsAlloc
0x412110 TlsGetValue
0x412114 TlsSetValue
0x412118 TlsFree
0x41211c LoadLibraryExW
0x412120 EncodePointer
0x412124 RaiseException
0x412128 GetStdHandle
0x41212c WriteFile
0x412130 GetModuleHandleExW
0x412134 HeapAlloc
0x412138 HeapFree
0x41213c LCMapStringW
0x412140 GetFileType
0x412144 FindClose
0x412148 FindFirstFileExW
0x41214c FindNextFileW
0x412150 IsValidCodePage
0x412154 GetACP
0x412158 GetOEMCP
0x41215c GetCPInfo
0x412160 GetCommandLineA
0x412164 GetCommandLineW
0x412168 MultiByteToWideChar
0x41216c WideCharToMultiByte
0x412170 DecodePointer
USER32.dll
0x412178 MessageBoxW
ADVAPI32.dll
0x412000 OpenSCManagerA
ole32.dll
0x412198 CoInitialize
WINHTTP.dll
0x412180 WinHttpConnect
0x412184 WinHttpSendRequest
0x412188 WinHttpOpen
0x41218c WinHttpOpenRequest
0x412190 WinHttpCloseHandle
EAT(Export Address Table) Library
0x403130 PostBuildPatch
0x403150 dmain
KERNEL32.dll
0x412008 DeviceIoControl
0x41200c VirtualAlloc
0x412010 GetModuleFileNameW
0x412014 VirtualAllocExNuma
0x412018 Thread32Next
0x41201c CreateFileW
0x412020 lstrcmpA
0x412024 GetSystemDirectoryW
0x412028 OpenProcess
0x41202c CreateToolhelp32Snapshot
0x412030 Sleep
0x412034 OutputDebugStringW
0x412038 K32GetModuleBaseNameW
0x41203c lstrcatW
0x412040 GlobalAlloc
0x412044 CloseHandle
0x412048 GetSystemInfo
0x41204c K32GetModuleInformation
0x412050 GetCurrentProcess
0x412054 GetProcAddress
0x412058 VirtualAllocEx
0x41205c ExitProcess
0x412060 VerSetConditionMask
0x412064 GlobalMemoryStatusEx
0x412068 GetModuleHandleW
0x41206c FreeLibrary
0x412070 CopyFileW
0x412074 lstrcpyW
0x412078 VerifyVersionInfoW
0x41207c K32EnumProcessModules
0x412080 CreateFileMappingW
0x412084 MapViewOfFile
0x412088 OpenThread
0x41208c WriteConsoleW
0x412090 SetLastError
0x412094 LoadLibraryW
0x412098 VirtualProtect
0x41209c HeapReAlloc
0x4120a0 HeapSize
0x4120a4 SetFilePointerEx
0x4120a8 GetConsoleMode
0x4120ac GetConsoleOutputCP
0x4120b0 FlushFileBuffers
0x4120b4 GetProcessHeap
0x4120b8 GetStringTypeW
0x4120bc SetStdHandle
0x4120c0 FreeEnvironmentStringsW
0x4120c4 GetEnvironmentStringsW
0x4120c8 UnhandledExceptionFilter
0x4120cc SetUnhandledExceptionFilter
0x4120d0 TerminateProcess
0x4120d4 IsProcessorFeaturePresent
0x4120d8 QueryPerformanceCounter
0x4120dc GetCurrentProcessId
0x4120e0 GetCurrentThreadId
0x4120e4 GetSystemTimeAsFileTime
0x4120e8 InitializeSListHead
0x4120ec IsDebuggerPresent
0x4120f0 GetStartupInfoW
0x4120f4 RtlUnwind
0x4120f8 GetLastError
0x4120fc EnterCriticalSection
0x412100 LeaveCriticalSection
0x412104 DeleteCriticalSection
0x412108 InitializeCriticalSectionAndSpinCount
0x41210c TlsAlloc
0x412110 TlsGetValue
0x412114 TlsSetValue
0x412118 TlsFree
0x41211c LoadLibraryExW
0x412120 EncodePointer
0x412124 RaiseException
0x412128 GetStdHandle
0x41212c WriteFile
0x412130 GetModuleHandleExW
0x412134 HeapAlloc
0x412138 HeapFree
0x41213c LCMapStringW
0x412140 GetFileType
0x412144 FindClose
0x412148 FindFirstFileExW
0x41214c FindNextFileW
0x412150 IsValidCodePage
0x412154 GetACP
0x412158 GetOEMCP
0x41215c GetCPInfo
0x412160 GetCommandLineA
0x412164 GetCommandLineW
0x412168 MultiByteToWideChar
0x41216c WideCharToMultiByte
0x412170 DecodePointer
USER32.dll
0x412178 MessageBoxW
ADVAPI32.dll
0x412000 OpenSCManagerA
ole32.dll
0x412198 CoInitialize
WINHTTP.dll
0x412180 WinHttpConnect
0x412184 WinHttpSendRequest
0x412188 WinHttpOpen
0x41218c WinHttpOpenRequest
0x412190 WinHttpCloseHandle
EAT(Export Address Table) Library
0x403130 PostBuildPatch
0x403150 dmain