ScreenShot
Created | 2023.03.13 03:37 | Machine | s1_win7_x6401 |
Filename | assignment2.exe | ||
Type | PE32+ executable (console) x86-64, for MS Windows | ||
AI Score | Not founds | Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | 7 detected (Almi, malicious, confidence, Wacatac, Wacapew, R002H01BL23) | ||
md5 | 28f81fad984a66e7078ffa11a1000d0d | ||
sha256 | 45395baba9c6357668204056cf6bb84b02561032af99fac7a2da807b142393ca | ||
ssdeep | 196608:2pB2jchX5P7zj9AKm6gUU8gBk6cICteEroXxnwNE+sKsXXg6J41EOLksBs1jXUz3:jq3GH6YkDInEroXssKkXg6J4SzgqoN1 | ||
imphash | d170e2e5adcfc4c271f2eb78a565305e | ||
impfuzzy | 48:CkCP9rteS1hEc+pFCJcgT+OtaipbmbU1M:lCPFteS1hEc+pFst+iruyM |
Network IP location
Signature (5cnts)
Level | Description |
---|---|
notice | Creates executable files on the filesystem |
notice | File has been identified by 7 AntiVirus engines on VirusTotal as malicious |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
info | Checks amount of memory in system |
info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (17cnts)
Level | Name | Description | Collection |
---|---|---|---|
danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
watch | UPX_Zero | UPX packed file | binaries (download) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (download) |
info | IsDLL | (no description) | binaries (download) |
info | IsPE64 | (no description) | binaries (download) |
info | IsPE64 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (download) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
info | zip_file_format | ZIP file format | binaries (download) |
info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (download) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140025028 GetCommandLineW
0x140025030 GetEnvironmentVariableW
0x140025038 SetEnvironmentVariableW
0x140025040 ExpandEnvironmentStringsW
0x140025048 CreateDirectoryW
0x140025050 GetTempPathW
0x140025058 WaitForSingleObject
0x140025060 Sleep
0x140025068 GetExitCodeProcess
0x140025070 GetStartupInfoW
0x140025078 FreeLibrary
0x140025080 LoadLibraryExW
0x140025088 CloseHandle
0x140025090 GetCurrentProcess
0x140025098 LocalFree
0x1400250a0 FormatMessageW
0x1400250a8 MultiByteToWideChar
0x1400250b0 WideCharToMultiByte
0x1400250b8 SetEndOfFile
0x1400250c0 GetProcAddress
0x1400250c8 GetModuleFileNameW
0x1400250d0 SetDllDirectoryW
0x1400250d8 CreateProcessW
0x1400250e0 GetLastError
0x1400250e8 RtlCaptureContext
0x1400250f0 RtlLookupFunctionEntry
0x1400250f8 RtlVirtualUnwind
0x140025100 UnhandledExceptionFilter
0x140025108 SetUnhandledExceptionFilter
0x140025110 TerminateProcess
0x140025118 IsProcessorFeaturePresent
0x140025120 QueryPerformanceCounter
0x140025128 GetCurrentProcessId
0x140025130 GetCurrentThreadId
0x140025138 GetSystemTimeAsFileTime
0x140025140 InitializeSListHead
0x140025148 IsDebuggerPresent
0x140025150 GetModuleHandleW
0x140025158 RtlUnwindEx
0x140025160 SetLastError
0x140025168 EnterCriticalSection
0x140025170 LeaveCriticalSection
0x140025178 DeleteCriticalSection
0x140025180 InitializeCriticalSectionAndSpinCount
0x140025188 TlsAlloc
0x140025190 TlsGetValue
0x140025198 TlsSetValue
0x1400251a0 TlsFree
0x1400251a8 RaiseException
0x1400251b0 GetCommandLineA
0x1400251b8 CreateFileW
0x1400251c0 GetDriveTypeW
0x1400251c8 GetFileInformationByHandle
0x1400251d0 GetFileType
0x1400251d8 PeekNamedPipe
0x1400251e0 SystemTimeToTzSpecificLocalTime
0x1400251e8 FileTimeToSystemTime
0x1400251f0 GetFullPathNameW
0x1400251f8 RemoveDirectoryW
0x140025200 FindClose
0x140025208 FindFirstFileExW
0x140025210 FindNextFileW
0x140025218 SetStdHandle
0x140025220 SetConsoleCtrlHandler
0x140025228 DeleteFileW
0x140025230 ReadFile
0x140025238 GetStdHandle
0x140025240 WriteFile
0x140025248 ExitProcess
0x140025250 GetModuleHandleExW
0x140025258 HeapFree
0x140025260 GetConsoleMode
0x140025268 ReadConsoleW
0x140025270 SetFilePointerEx
0x140025278 GetConsoleOutputCP
0x140025280 GetFileSizeEx
0x140025288 HeapAlloc
0x140025290 CompareStringW
0x140025298 LCMapStringW
0x1400252a0 GetCurrentDirectoryW
0x1400252a8 FlushFileBuffers
0x1400252b0 GetFileAttributesExW
0x1400252b8 GetStringTypeW
0x1400252c0 IsValidCodePage
0x1400252c8 GetACP
0x1400252d0 GetOEMCP
0x1400252d8 GetCPInfo
0x1400252e0 GetEnvironmentStringsW
0x1400252e8 FreeEnvironmentStringsW
0x1400252f0 GetProcessHeap
0x1400252f8 GetTimeZoneInformation
0x140025300 HeapSize
0x140025308 HeapReAlloc
0x140025310 WriteConsoleW
ADVAPI32.dll
0x140025000 ConvertSidToStringSidW
0x140025008 GetTokenInformation
0x140025010 OpenProcessToken
0x140025018 ConvertStringSecurityDescriptorToSecurityDescriptorW
EAT(Export Address Table) is none
KERNEL32.dll
0x140025028 GetCommandLineW
0x140025030 GetEnvironmentVariableW
0x140025038 SetEnvironmentVariableW
0x140025040 ExpandEnvironmentStringsW
0x140025048 CreateDirectoryW
0x140025050 GetTempPathW
0x140025058 WaitForSingleObject
0x140025060 Sleep
0x140025068 GetExitCodeProcess
0x140025070 GetStartupInfoW
0x140025078 FreeLibrary
0x140025080 LoadLibraryExW
0x140025088 CloseHandle
0x140025090 GetCurrentProcess
0x140025098 LocalFree
0x1400250a0 FormatMessageW
0x1400250a8 MultiByteToWideChar
0x1400250b0 WideCharToMultiByte
0x1400250b8 SetEndOfFile
0x1400250c0 GetProcAddress
0x1400250c8 GetModuleFileNameW
0x1400250d0 SetDllDirectoryW
0x1400250d8 CreateProcessW
0x1400250e0 GetLastError
0x1400250e8 RtlCaptureContext
0x1400250f0 RtlLookupFunctionEntry
0x1400250f8 RtlVirtualUnwind
0x140025100 UnhandledExceptionFilter
0x140025108 SetUnhandledExceptionFilter
0x140025110 TerminateProcess
0x140025118 IsProcessorFeaturePresent
0x140025120 QueryPerformanceCounter
0x140025128 GetCurrentProcessId
0x140025130 GetCurrentThreadId
0x140025138 GetSystemTimeAsFileTime
0x140025140 InitializeSListHead
0x140025148 IsDebuggerPresent
0x140025150 GetModuleHandleW
0x140025158 RtlUnwindEx
0x140025160 SetLastError
0x140025168 EnterCriticalSection
0x140025170 LeaveCriticalSection
0x140025178 DeleteCriticalSection
0x140025180 InitializeCriticalSectionAndSpinCount
0x140025188 TlsAlloc
0x140025190 TlsGetValue
0x140025198 TlsSetValue
0x1400251a0 TlsFree
0x1400251a8 RaiseException
0x1400251b0 GetCommandLineA
0x1400251b8 CreateFileW
0x1400251c0 GetDriveTypeW
0x1400251c8 GetFileInformationByHandle
0x1400251d0 GetFileType
0x1400251d8 PeekNamedPipe
0x1400251e0 SystemTimeToTzSpecificLocalTime
0x1400251e8 FileTimeToSystemTime
0x1400251f0 GetFullPathNameW
0x1400251f8 RemoveDirectoryW
0x140025200 FindClose
0x140025208 FindFirstFileExW
0x140025210 FindNextFileW
0x140025218 SetStdHandle
0x140025220 SetConsoleCtrlHandler
0x140025228 DeleteFileW
0x140025230 ReadFile
0x140025238 GetStdHandle
0x140025240 WriteFile
0x140025248 ExitProcess
0x140025250 GetModuleHandleExW
0x140025258 HeapFree
0x140025260 GetConsoleMode
0x140025268 ReadConsoleW
0x140025270 SetFilePointerEx
0x140025278 GetConsoleOutputCP
0x140025280 GetFileSizeEx
0x140025288 HeapAlloc
0x140025290 CompareStringW
0x140025298 LCMapStringW
0x1400252a0 GetCurrentDirectoryW
0x1400252a8 FlushFileBuffers
0x1400252b0 GetFileAttributesExW
0x1400252b8 GetStringTypeW
0x1400252c0 IsValidCodePage
0x1400252c8 GetACP
0x1400252d0 GetOEMCP
0x1400252d8 GetCPInfo
0x1400252e0 GetEnvironmentStringsW
0x1400252e8 FreeEnvironmentStringsW
0x1400252f0 GetProcessHeap
0x1400252f8 GetTimeZoneInformation
0x140025300 HeapSize
0x140025308 HeapReAlloc
0x140025310 WriteConsoleW
ADVAPI32.dll
0x140025000 ConvertSidToStringSidW
0x140025008 GetTokenInformation
0x140025010 OpenProcessToken
0x140025018 ConvertStringSecurityDescriptorToSecurityDescriptorW
EAT(Export Address Table) is none