ScreenShot
| Created | 2023.03.05 14:27 | Machine | s1_win7_x6401 |
| Filename | ColorMC.exe | ||
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 14 detected (GenericKD, Artemis, xyands, Agow, ai score=82, R002H07BS23) | ||
| md5 | 3ace227a334fa18636c42ab18638abf2 | ||
| sha256 | fd107620a9bab6f816dfd4583119ae4f88253a901a46c1ed37e97ba7de7fb613 | ||
| ssdeep | 393216:h9DNFabhV8d9LNJ+y3k2woJuQFkyRmazVNEJVZOUcryo8mRHVG5xR:rDNFwVeey3kZoFVR8qyo8mByR | ||
| imphash | c6e51dda1622035b42b177c9afe67c30 | ||
| impfuzzy | 48:9ZfCS93aScXpXr2n7QnJlD1/Gbq+pUGYlT/43F8tLECjIfunBXoylKGE:3fCSsScX5rw72l+q+pUFC | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 14 AntiVirus engines on VirusTotal as malicious |
| info | Checks amount of memory in system |
| info | One or more processes crashed |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
advapi32.dll
0x414268 RegCloseKey
0x41426c RegEnumKeyExA
0x414270 RegOpenKeyExA
0x414274 RegQueryValueExA
kernel32.dll
0x41427c CloseHandle
0x414280 CreateMutexA
0x414284 CreateProcessA
0x414288 DeleteCriticalSection
0x41428c EnterCriticalSection
0x414290 ExitProcess
0x414294 FindResourceExA
0x414298 FormatMessageA
0x41429c GetCommandLineA
0x4142a0 GetCurrentDirectoryA
0x4142a4 GetCurrentProcess
0x4142a8 GetEnvironmentVariableA
0x4142ac GetExitCodeProcess
0x4142b0 GetLastError
0x4142b4 GetModuleFileNameA
0x4142b8 GetModuleHandleA
0x4142bc GetProcAddress
0x4142c0 GetStartupInfoA
0x4142c4 GlobalMemoryStatusEx
0x4142c8 InitializeCriticalSection
0x4142cc LeaveCriticalSection
0x4142d0 LoadResource
0x4142d4 LocalFree
0x4142d8 LockResource
0x4142dc SetEnvironmentVariableA
0x4142e0 SetLastError
0x4142e4 SetUnhandledExceptionFilter
0x4142e8 TlsGetValue
0x4142ec VirtualProtect
0x4142f0 VirtualQuery
0x4142f4 WaitForSingleObject
msvcrt.dll
0x4142fc _strdup
0x414300 _stricoll
msvcrt.dll
0x414308 __getmainargs
0x41430c __p__environ
0x414310 __p__fmode
0x414314 __set_app_type
0x414318 _cexit
0x41431c _chdir
0x414320 _close
0x414324 _errno
0x414328 _findclose
0x41432c _findfirst
0x414330 _findnext
0x414334 _fullpath
0x414338 _iob
0x41433c _itoa
0x414340 _onexit
0x414344 _open
0x414348 _read
0x41434c _setmode
0x414350 _stat64
0x414354 _stricmp
0x414358 abort
0x41435c atexit
0x414360 atoi
0x414364 calloc
0x414368 fclose
0x41436c fopen
0x414370 fprintf
0x414374 fputs
0x414378 free
0x41437c fwrite
0x414380 isspace
0x414384 malloc
0x414388 mbstowcs
0x41438c memcpy
0x414390 printf
0x414394 puts
0x414398 realloc
0x41439c setlocale
0x4143a0 signal
0x4143a4 strcat
0x4143a8 strchr
0x4143ac strcmp
0x4143b0 strcoll
0x4143b4 strcpy
0x4143b8 strlen
0x4143bc strncat
0x4143c0 strncpy
0x4143c4 strpbrk
0x4143c8 strrchr
0x4143cc strstr
0x4143d0 strtok
0x4143d4 tolower
0x4143d8 vfprintf
0x4143dc wcstombs
shell32.dll
0x4143e4 ShellExecuteA
user32.dll
0x4143ec CreateWindowExA
0x4143f0 DispatchMessageA
0x4143f4 EnumWindows
0x4143f8 FindWindowExA
0x4143fc GetMessageA
0x414400 GetSystemMetrics
0x414404 GetWindowLongA
0x414408 GetWindowRect
0x41440c GetWindowTextA
0x414410 GetWindowThreadProcessId
0x414414 KillTimer
0x414418 LoadImageA
0x41441c MessageBoxA
0x414420 PostQuitMessage
0x414424 SendMessageA
0x414428 SetForegroundWindow
0x41442c SetTimer
0x414430 SetWindowPos
0x414434 ShowWindow
0x414438 TranslateMessage
0x41443c UpdateWindow
EAT(Export Address Table) is none
advapi32.dll
0x414268 RegCloseKey
0x41426c RegEnumKeyExA
0x414270 RegOpenKeyExA
0x414274 RegQueryValueExA
kernel32.dll
0x41427c CloseHandle
0x414280 CreateMutexA
0x414284 CreateProcessA
0x414288 DeleteCriticalSection
0x41428c EnterCriticalSection
0x414290 ExitProcess
0x414294 FindResourceExA
0x414298 FormatMessageA
0x41429c GetCommandLineA
0x4142a0 GetCurrentDirectoryA
0x4142a4 GetCurrentProcess
0x4142a8 GetEnvironmentVariableA
0x4142ac GetExitCodeProcess
0x4142b0 GetLastError
0x4142b4 GetModuleFileNameA
0x4142b8 GetModuleHandleA
0x4142bc GetProcAddress
0x4142c0 GetStartupInfoA
0x4142c4 GlobalMemoryStatusEx
0x4142c8 InitializeCriticalSection
0x4142cc LeaveCriticalSection
0x4142d0 LoadResource
0x4142d4 LocalFree
0x4142d8 LockResource
0x4142dc SetEnvironmentVariableA
0x4142e0 SetLastError
0x4142e4 SetUnhandledExceptionFilter
0x4142e8 TlsGetValue
0x4142ec VirtualProtect
0x4142f0 VirtualQuery
0x4142f4 WaitForSingleObject
msvcrt.dll
0x4142fc _strdup
0x414300 _stricoll
msvcrt.dll
0x414308 __getmainargs
0x41430c __p__environ
0x414310 __p__fmode
0x414314 __set_app_type
0x414318 _cexit
0x41431c _chdir
0x414320 _close
0x414324 _errno
0x414328 _findclose
0x41432c _findfirst
0x414330 _findnext
0x414334 _fullpath
0x414338 _iob
0x41433c _itoa
0x414340 _onexit
0x414344 _open
0x414348 _read
0x41434c _setmode
0x414350 _stat64
0x414354 _stricmp
0x414358 abort
0x41435c atexit
0x414360 atoi
0x414364 calloc
0x414368 fclose
0x41436c fopen
0x414370 fprintf
0x414374 fputs
0x414378 free
0x41437c fwrite
0x414380 isspace
0x414384 malloc
0x414388 mbstowcs
0x41438c memcpy
0x414390 printf
0x414394 puts
0x414398 realloc
0x41439c setlocale
0x4143a0 signal
0x4143a4 strcat
0x4143a8 strchr
0x4143ac strcmp
0x4143b0 strcoll
0x4143b4 strcpy
0x4143b8 strlen
0x4143bc strncat
0x4143c0 strncpy
0x4143c4 strpbrk
0x4143c8 strrchr
0x4143cc strstr
0x4143d0 strtok
0x4143d4 tolower
0x4143d8 vfprintf
0x4143dc wcstombs
shell32.dll
0x4143e4 ShellExecuteA
user32.dll
0x4143ec CreateWindowExA
0x4143f0 DispatchMessageA
0x4143f4 EnumWindows
0x4143f8 FindWindowExA
0x4143fc GetMessageA
0x414400 GetSystemMetrics
0x414404 GetWindowLongA
0x414408 GetWindowRect
0x41440c GetWindowTextA
0x414410 GetWindowThreadProcessId
0x414414 KillTimer
0x414418 LoadImageA
0x41441c MessageBoxA
0x414420 PostQuitMessage
0x414424 SendMessageA
0x414428 SetForegroundWindow
0x41442c SetTimer
0x414430 SetWindowPos
0x414434 ShowWindow
0x414438 TranslateMessage
0x41443c UpdateWindow
EAT(Export Address Table) is none