ScreenShot
| Created | 2023.03.14 10:36 | Machine | s1_win7_x6403 |
| Filename | stlr.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 56 detected (MushrwuNocC, Strab, malicious, high confidence, Zusy, Rhadamanthys, Artemis, PasswordStealer, V95y, confidence, 100%, ZexaF, lqW@a4tcFNk, Genus, Eldorado, Attribute, HighConfidence, AFES, score, juuhsf, TrojanX, Gencirc, Generic ML PUA, DownLoader45, YXDCMZ, high, xnctp, ai score=84, Wacatac, Detected, Khalesi, unsafe, Convagent, 7fuwJMoABtV, susgen, AFCZ) | ||
| md5 | e179b14f26972c159c58519496978a07 | ||
| sha256 | f9d387135a7a4e49eb96fc29d3da8f412d870417bf684b5e8ae91c4a1fbcc6d5 | ||
| ssdeep | 3072:bwevYpKTDMDUDfuuE46lC4PQyfHU6Ig4cjnjFRpbll/XbqefxlS3ETgmBN8vqI5L:sevY8m6u3wB4HzlrzPOefxoEBK7 | ||
| imphash | f214c5f744673db93dec4b219265fbc2 | ||
| impfuzzy | 24:d0VpkNmD6tVP4JNu2ffOovyNJKh4XDxvelEu7XZjtNVcxjMHArdAFyDzgbT4wx3x:UpUmD4NsW8yeeu7dt7c4ArGF/bT/3IE/ | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 56 AntiVirus engines on VirusTotal as malicious |
| watch | Detects Avast Antivirus through the presence of a library |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40e03c GetLastError
0x40e040 CloseHandle
0x40e044 IsBadStringPtrA
0x40e048 IsBadCodePtr
0x40e04c GetModuleHandleA
0x40e050 GetQueuedCompletionStatus
0x40e054 FlushFileBuffers
0x40e058 HeapSize
0x40e05c WriteConsoleW
0x40e060 SetStdHandle
0x40e064 RtlUnwind
0x40e068 IsBadReadPtr
0x40e06c VirtualQuery
0x40e070 GetSystemInfo
0x40e074 CreateIoCompletionPort
0x40e078 HeapDestroy
0x40e07c GetProcessHeap
0x40e080 HeapCreate
0x40e084 ExitProcess
0x40e088 GetTickCount
0x40e08c lstrlenA
0x40e090 HeapReAlloc
0x40e094 HeapFree
0x40e098 HeapAlloc
0x40e09c InterlockedIncrement
0x40e0a0 LoadLibraryW
0x40e0a4 OutputDebugStringW
0x40e0a8 LoadLibraryExW
0x40e0ac LCMapStringEx
0x40e0b0 GetStringTypeW
0x40e0b4 GetCommandLineA
0x40e0b8 IsDebuggerPresent
0x40e0bc EncodePointer
0x40e0c0 DecodePointer
0x40e0c4 IsProcessorFeaturePresent
0x40e0c8 SetLastError
0x40e0cc InterlockedDecrement
0x40e0d0 GetCurrentThreadId
0x40e0d4 IsValidCodePage
0x40e0d8 GetACP
0x40e0dc GetOEMCP
0x40e0e0 GetCPInfo
0x40e0e4 MultiByteToWideChar
0x40e0e8 GetModuleHandleExW
0x40e0ec GetProcAddress
0x40e0f0 GetStdHandle
0x40e0f4 WriteFile
0x40e0f8 GetModuleFileNameW
0x40e0fc GetFileType
0x40e100 InitializeCriticalSectionAndSpinCount
0x40e104 DeleteCriticalSection
0x40e108 InitOnceExecuteOnce
0x40e10c GetStartupInfoW
0x40e110 GetModuleFileNameA
0x40e114 QueryPerformanceCounter
0x40e118 GetSystemTimeAsFileTime
0x40e11c GetTickCount64
0x40e120 GetEnvironmentStringsW
0x40e124 FreeEnvironmentStringsW
0x40e128 WideCharToMultiByte
0x40e12c UnhandledExceptionFilter
0x40e130 SetUnhandledExceptionFilter
0x40e134 FlsAlloc
0x40e138 FlsGetValue
0x40e13c FlsSetValue
0x40e140 FlsFree
0x40e144 GetCurrentProcess
0x40e148 TerminateProcess
0x40e14c GetModuleHandleW
0x40e150 EnterCriticalSection
0x40e154 LeaveCriticalSection
0x40e158 GetConsoleCP
0x40e15c GetConsoleMode
0x40e160 SetFilePointerEx
0x40e164 Sleep
0x40e168 CreateFileW
USER32.dll
0x40e18c DrawTextW
0x40e190 TranslateMessage
0x40e194 GetMessageW
0x40e198 DispatchMessageW
GDI32.dll
0x40e00c CreateCompatibleDC
0x40e010 SelectPalette
0x40e014 CreatePen
0x40e018 DeleteObject
0x40e01c SetROP2
0x40e020 BitBlt
0x40e024 CreateRectRgn
0x40e028 PathToRegion
0x40e02c CreateCompatibleBitmap
0x40e030 CreateBitmap
0x40e034 DeleteDC
ADVAPI32.dll
0x40e000 GetUserNameW
0x40e004 IsTextUnicode
SHELL32.dll
0x40e170 CommandLineToArgvW
0x40e174 SHGetFolderPathW
0x40e178 SHGetSpecialFolderPathW
ole32.dll
0x40e1ac CoUninitialize
0x40e1b0 CoInitialize
0x40e1b4 CoTaskMemFree
0x40e1b8 CoCreateInstance
SHLWAPI.dll
0x40e180 PathCompactPathExW
0x40e184 PathMakeSystemFolderW
WINMM.dll
0x40e1a0 PlaySoundW
0x40e1a4 waveOutGetNumDevs
EAT(Export Address Table) is none
KERNEL32.dll
0x40e03c GetLastError
0x40e040 CloseHandle
0x40e044 IsBadStringPtrA
0x40e048 IsBadCodePtr
0x40e04c GetModuleHandleA
0x40e050 GetQueuedCompletionStatus
0x40e054 FlushFileBuffers
0x40e058 HeapSize
0x40e05c WriteConsoleW
0x40e060 SetStdHandle
0x40e064 RtlUnwind
0x40e068 IsBadReadPtr
0x40e06c VirtualQuery
0x40e070 GetSystemInfo
0x40e074 CreateIoCompletionPort
0x40e078 HeapDestroy
0x40e07c GetProcessHeap
0x40e080 HeapCreate
0x40e084 ExitProcess
0x40e088 GetTickCount
0x40e08c lstrlenA
0x40e090 HeapReAlloc
0x40e094 HeapFree
0x40e098 HeapAlloc
0x40e09c InterlockedIncrement
0x40e0a0 LoadLibraryW
0x40e0a4 OutputDebugStringW
0x40e0a8 LoadLibraryExW
0x40e0ac LCMapStringEx
0x40e0b0 GetStringTypeW
0x40e0b4 GetCommandLineA
0x40e0b8 IsDebuggerPresent
0x40e0bc EncodePointer
0x40e0c0 DecodePointer
0x40e0c4 IsProcessorFeaturePresent
0x40e0c8 SetLastError
0x40e0cc InterlockedDecrement
0x40e0d0 GetCurrentThreadId
0x40e0d4 IsValidCodePage
0x40e0d8 GetACP
0x40e0dc GetOEMCP
0x40e0e0 GetCPInfo
0x40e0e4 MultiByteToWideChar
0x40e0e8 GetModuleHandleExW
0x40e0ec GetProcAddress
0x40e0f0 GetStdHandle
0x40e0f4 WriteFile
0x40e0f8 GetModuleFileNameW
0x40e0fc GetFileType
0x40e100 InitializeCriticalSectionAndSpinCount
0x40e104 DeleteCriticalSection
0x40e108 InitOnceExecuteOnce
0x40e10c GetStartupInfoW
0x40e110 GetModuleFileNameA
0x40e114 QueryPerformanceCounter
0x40e118 GetSystemTimeAsFileTime
0x40e11c GetTickCount64
0x40e120 GetEnvironmentStringsW
0x40e124 FreeEnvironmentStringsW
0x40e128 WideCharToMultiByte
0x40e12c UnhandledExceptionFilter
0x40e130 SetUnhandledExceptionFilter
0x40e134 FlsAlloc
0x40e138 FlsGetValue
0x40e13c FlsSetValue
0x40e140 FlsFree
0x40e144 GetCurrentProcess
0x40e148 TerminateProcess
0x40e14c GetModuleHandleW
0x40e150 EnterCriticalSection
0x40e154 LeaveCriticalSection
0x40e158 GetConsoleCP
0x40e15c GetConsoleMode
0x40e160 SetFilePointerEx
0x40e164 Sleep
0x40e168 CreateFileW
USER32.dll
0x40e18c DrawTextW
0x40e190 TranslateMessage
0x40e194 GetMessageW
0x40e198 DispatchMessageW
GDI32.dll
0x40e00c CreateCompatibleDC
0x40e010 SelectPalette
0x40e014 CreatePen
0x40e018 DeleteObject
0x40e01c SetROP2
0x40e020 BitBlt
0x40e024 CreateRectRgn
0x40e028 PathToRegion
0x40e02c CreateCompatibleBitmap
0x40e030 CreateBitmap
0x40e034 DeleteDC
ADVAPI32.dll
0x40e000 GetUserNameW
0x40e004 IsTextUnicode
SHELL32.dll
0x40e170 CommandLineToArgvW
0x40e174 SHGetFolderPathW
0x40e178 SHGetSpecialFolderPathW
ole32.dll
0x40e1ac CoUninitialize
0x40e1b0 CoInitialize
0x40e1b4 CoTaskMemFree
0x40e1b8 CoCreateInstance
SHLWAPI.dll
0x40e180 PathCompactPathExW
0x40e184 PathMakeSystemFolderW
WINMM.dll
0x40e1a0 PlaySoundW
0x40e1a4 waveOutGetNumDevs
EAT(Export Address Table) is none