ScreenShot
| Created | 2023.03.20 10:07 | Machine | s1_win7_x6401 |
| Filename | 711b8121-1755-40dd-8840-d49d5f12d1f1 | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 22 detected (malicious, high confidence, Save, confidence, ZexaF, @J0@aagvjPpi, Attribute, HighConfidence, VMProtect, score, Generic ML PUA, high, Static AI, Suspicious PE, AGEN, Caynamer, unsafe, Generic@AI, RDML, El+nAknUmndjOz85+GZe6A) | ||
| md5 | fb0deff37fe12bbc4f0c1fe21e2d15ef | ||
| sha256 | ece100b8240f7eb032cb319a019eba1552ac19f563a291cf8422b1090ccf9b76 | ||
| ssdeep | 196608:bdj1WcTeKCVpVAKegYv6Pvz7xCVfQeYDprOtpN6x1Cd:RReKaAlRgxMfvihOwxy | ||
| imphash | f0e8db307701582115b12426e04e3928 | ||
| impfuzzy | 96:AJcpVY3S1RtaMDpJE0j21AXJ+Zcp+qjwSttLyuua:/J1Z+Ra | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| watch | Queries information on disks |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x831000 DeviceIoControl
0x831004 CreateToolhelp32Snapshot
0x831008 GetTickCount64
0x83100c Process32NextW
0x831010 CreateFileA
0x831014 Process32FirstW
0x831018 CloseHandle
0x83101c GetSystemInfo
0x831020 GetProcAddress
0x831024 GlobalMemoryStatusEx
0x831028 GetModuleFileNameA
0x83102c IsDebuggerPresent
0x831030 GetComputerNameA
0x831034 Sleep
0x831038 CreateDirectoryA
0x83103c WriteConsoleW
0x831040 HeapSize
0x831044 CreateFileW
0x831048 GetProcessHeap
0x83104c SetStdHandle
0x831050 SetEnvironmentVariableW
0x831054 FreeEnvironmentStringsW
0x831058 GlobalUnlock
0x83105c GlobalLock
0x831060 GlobalFree
0x831064 GetModuleHandleW
0x831068 GlobalAlloc
0x83106c GetEnvironmentStringsW
0x831070 GetOEMCP
0x831074 GetACP
0x831078 IsValidCodePage
0x83107c FindNextFileW
0x831080 FindFirstFileExW
0x831084 FindClose
0x831088 MultiByteToWideChar
0x83108c WideCharToMultiByte
0x831090 LCMapStringEx
0x831094 EnterCriticalSection
0x831098 LeaveCriticalSection
0x83109c InitializeCriticalSectionEx
0x8310a0 DeleteCriticalSection
0x8310a4 EncodePointer
0x8310a8 DecodePointer
0x8310ac CompareStringEx
0x8310b0 GetCPInfo
0x8310b4 GetStringTypeW
0x8310b8 IsProcessorFeaturePresent
0x8310bc QueryPerformanceCounter
0x8310c0 GetCurrentProcessId
0x8310c4 GetCurrentThreadId
0x8310c8 GetSystemTimeAsFileTime
0x8310cc InitializeSListHead
0x8310d0 UnhandledExceptionFilter
0x8310d4 SetUnhandledExceptionFilter
0x8310d8 GetStartupInfoW
0x8310dc GetCurrentProcess
0x8310e0 TerminateProcess
0x8310e4 RtlUnwind
0x8310e8 RaiseException
0x8310ec GetLastError
0x8310f0 SetLastError
0x8310f4 InitializeCriticalSectionAndSpinCount
0x8310f8 TlsAlloc
0x8310fc TlsGetValue
0x831100 TlsSetValue
0x831104 TlsFree
0x831108 FreeLibrary
0x83110c LoadLibraryExW
0x831110 GetStdHandle
0x831114 WriteFile
0x831118 GetModuleFileNameW
0x83111c ExitProcess
0x831120 GetModuleHandleExW
0x831124 GetCommandLineA
0x831128 GetCommandLineW
0x83112c HeapReAlloc
0x831130 CompareStringW
0x831134 LCMapStringW
0x831138 GetLocaleInfoW
0x83113c IsValidLocale
0x831140 GetUserDefaultLCID
0x831144 EnumSystemLocalesW
0x831148 HeapFree
0x83114c GetFileSizeEx
0x831150 SetFilePointerEx
0x831154 GetFileType
0x831158 FlushFileBuffers
0x83115c GetConsoleOutputCP
0x831160 GetConsoleMode
0x831164 HeapAlloc
0x831168 ReadFile
0x83116c ReadConsoleW
0x831170 SetEndOfFile
USER32.dll
0x831178 EmptyClipboard
0x83117c GetClipboardData
0x831180 OpenClipboard
0x831184 CloseClipboard
0x831188 SetClipboardData
ADVAPI32.dll
0x831190 RegSetValueExA
0x831194 RegOpenKeyExW
0x831198 GetUserNameA
0x83119c RegCloseKey
SHELL32.dll
0x8311a4 ShellExecuteA
0x8311a8 SHGetFolderPathA
WININET.dll
0x8311b0 InternetCloseHandle
0x8311b4 HttpOpenRequestA
0x8311b8 InternetOpenA
0x8311bc HttpSendRequestW
0x8311c0 InternetConnectA
0x8311c4 InternetReadFile
KERNEL32.dll
0x8311cc GetSystemTimeAsFileTime
0x8311d0 GetModuleHandleA
0x8311d4 CreateEventA
0x8311d8 GetModuleFileNameW
0x8311dc TerminateProcess
0x8311e0 GetCurrentProcess
0x8311e4 CreateToolhelp32Snapshot
0x8311e8 Thread32First
0x8311ec GetCurrentProcessId
0x8311f0 GetCurrentThreadId
0x8311f4 OpenThread
0x8311f8 Thread32Next
0x8311fc CloseHandle
0x831200 SuspendThread
0x831204 ResumeThread
0x831208 WriteProcessMemory
0x83120c GetSystemInfo
0x831210 VirtualAlloc
0x831214 VirtualProtect
0x831218 VirtualFree
0x83121c GetProcessAffinityMask
0x831220 SetProcessAffinityMask
0x831224 GetCurrentThread
0x831228 SetThreadAffinityMask
0x83122c Sleep
0x831230 LoadLibraryA
0x831234 FreeLibrary
0x831238 GetTickCount
0x83123c SystemTimeToFileTime
0x831240 FileTimeToSystemTime
0x831244 GlobalFree
0x831248 LocalAlloc
0x83124c LocalFree
0x831250 GetProcAddress
0x831254 ExitProcess
0x831258 EnterCriticalSection
0x83125c LeaveCriticalSection
0x831260 InitializeCriticalSection
0x831264 DeleteCriticalSection
0x831268 GetModuleHandleW
0x83126c LoadResource
0x831270 MultiByteToWideChar
0x831274 FindResourceExW
0x831278 FindResourceExA
0x83127c WideCharToMultiByte
0x831280 GetThreadLocale
0x831284 GetUserDefaultLCID
0x831288 GetSystemDefaultLCID
0x83128c EnumResourceNamesA
0x831290 EnumResourceNamesW
0x831294 EnumResourceLanguagesA
0x831298 EnumResourceLanguagesW
0x83129c EnumResourceTypesA
0x8312a0 EnumResourceTypesW
0x8312a4 CreateFileW
0x8312a8 LoadLibraryW
0x8312ac GetLastError
0x8312b0 FlushFileBuffers
0x8312b4 WriteConsoleW
0x8312b8 SetStdHandle
0x8312bc IsProcessorFeaturePresent
0x8312c0 DecodePointer
0x8312c4 GetCommandLineA
0x8312c8 RaiseException
0x8312cc HeapFree
0x8312d0 GetCPInfo
0x8312d4 InterlockedIncrement
0x8312d8 InterlockedDecrement
0x8312dc GetACP
0x8312e0 GetOEMCP
0x8312e4 IsValidCodePage
0x8312e8 EncodePointer
0x8312ec TlsAlloc
0x8312f0 TlsGetValue
0x8312f4 TlsSetValue
0x8312f8 TlsFree
0x8312fc SetLastError
0x831300 UnhandledExceptionFilter
0x831304 SetUnhandledExceptionFilter
0x831308 IsDebuggerPresent
0x83130c HeapAlloc
0x831310 LCMapStringW
0x831314 GetStringTypeW
0x831318 SetHandleCount
0x83131c GetStdHandle
0x831320 InitializeCriticalSectionAndSpinCount
0x831324 GetFileType
0x831328 GetStartupInfoW
0x83132c GetModuleFileNameA
0x831330 FreeEnvironmentStringsW
0x831334 GetEnvironmentStringsW
0x831338 HeapCreate
0x83133c HeapDestroy
0x831340 QueryPerformanceCounter
0x831344 HeapSize
0x831348 WriteFile
0x83134c RtlUnwind
0x831350 SetFilePointer
0x831354 GetConsoleCP
0x831358 GetConsoleMode
0x83135c HeapReAlloc
0x831360 VirtualQuery
USER32.dll
0x831368 CharUpperBuffW
KERNEL32.dll
0x831370 LocalAlloc
0x831374 LocalFree
0x831378 GetModuleFileNameW
0x83137c ExitProcess
0x831380 LoadLibraryA
0x831384 GetModuleHandleA
0x831388 GetProcAddress
EAT(Export Address Table) is none
KERNEL32.dll
0x831000 DeviceIoControl
0x831004 CreateToolhelp32Snapshot
0x831008 GetTickCount64
0x83100c Process32NextW
0x831010 CreateFileA
0x831014 Process32FirstW
0x831018 CloseHandle
0x83101c GetSystemInfo
0x831020 GetProcAddress
0x831024 GlobalMemoryStatusEx
0x831028 GetModuleFileNameA
0x83102c IsDebuggerPresent
0x831030 GetComputerNameA
0x831034 Sleep
0x831038 CreateDirectoryA
0x83103c WriteConsoleW
0x831040 HeapSize
0x831044 CreateFileW
0x831048 GetProcessHeap
0x83104c SetStdHandle
0x831050 SetEnvironmentVariableW
0x831054 FreeEnvironmentStringsW
0x831058 GlobalUnlock
0x83105c GlobalLock
0x831060 GlobalFree
0x831064 GetModuleHandleW
0x831068 GlobalAlloc
0x83106c GetEnvironmentStringsW
0x831070 GetOEMCP
0x831074 GetACP
0x831078 IsValidCodePage
0x83107c FindNextFileW
0x831080 FindFirstFileExW
0x831084 FindClose
0x831088 MultiByteToWideChar
0x83108c WideCharToMultiByte
0x831090 LCMapStringEx
0x831094 EnterCriticalSection
0x831098 LeaveCriticalSection
0x83109c InitializeCriticalSectionEx
0x8310a0 DeleteCriticalSection
0x8310a4 EncodePointer
0x8310a8 DecodePointer
0x8310ac CompareStringEx
0x8310b0 GetCPInfo
0x8310b4 GetStringTypeW
0x8310b8 IsProcessorFeaturePresent
0x8310bc QueryPerformanceCounter
0x8310c0 GetCurrentProcessId
0x8310c4 GetCurrentThreadId
0x8310c8 GetSystemTimeAsFileTime
0x8310cc InitializeSListHead
0x8310d0 UnhandledExceptionFilter
0x8310d4 SetUnhandledExceptionFilter
0x8310d8 GetStartupInfoW
0x8310dc GetCurrentProcess
0x8310e0 TerminateProcess
0x8310e4 RtlUnwind
0x8310e8 RaiseException
0x8310ec GetLastError
0x8310f0 SetLastError
0x8310f4 InitializeCriticalSectionAndSpinCount
0x8310f8 TlsAlloc
0x8310fc TlsGetValue
0x831100 TlsSetValue
0x831104 TlsFree
0x831108 FreeLibrary
0x83110c LoadLibraryExW
0x831110 GetStdHandle
0x831114 WriteFile
0x831118 GetModuleFileNameW
0x83111c ExitProcess
0x831120 GetModuleHandleExW
0x831124 GetCommandLineA
0x831128 GetCommandLineW
0x83112c HeapReAlloc
0x831130 CompareStringW
0x831134 LCMapStringW
0x831138 GetLocaleInfoW
0x83113c IsValidLocale
0x831140 GetUserDefaultLCID
0x831144 EnumSystemLocalesW
0x831148 HeapFree
0x83114c GetFileSizeEx
0x831150 SetFilePointerEx
0x831154 GetFileType
0x831158 FlushFileBuffers
0x83115c GetConsoleOutputCP
0x831160 GetConsoleMode
0x831164 HeapAlloc
0x831168 ReadFile
0x83116c ReadConsoleW
0x831170 SetEndOfFile
USER32.dll
0x831178 EmptyClipboard
0x83117c GetClipboardData
0x831180 OpenClipboard
0x831184 CloseClipboard
0x831188 SetClipboardData
ADVAPI32.dll
0x831190 RegSetValueExA
0x831194 RegOpenKeyExW
0x831198 GetUserNameA
0x83119c RegCloseKey
SHELL32.dll
0x8311a4 ShellExecuteA
0x8311a8 SHGetFolderPathA
WININET.dll
0x8311b0 InternetCloseHandle
0x8311b4 HttpOpenRequestA
0x8311b8 InternetOpenA
0x8311bc HttpSendRequestW
0x8311c0 InternetConnectA
0x8311c4 InternetReadFile
KERNEL32.dll
0x8311cc GetSystemTimeAsFileTime
0x8311d0 GetModuleHandleA
0x8311d4 CreateEventA
0x8311d8 GetModuleFileNameW
0x8311dc TerminateProcess
0x8311e0 GetCurrentProcess
0x8311e4 CreateToolhelp32Snapshot
0x8311e8 Thread32First
0x8311ec GetCurrentProcessId
0x8311f0 GetCurrentThreadId
0x8311f4 OpenThread
0x8311f8 Thread32Next
0x8311fc CloseHandle
0x831200 SuspendThread
0x831204 ResumeThread
0x831208 WriteProcessMemory
0x83120c GetSystemInfo
0x831210 VirtualAlloc
0x831214 VirtualProtect
0x831218 VirtualFree
0x83121c GetProcessAffinityMask
0x831220 SetProcessAffinityMask
0x831224 GetCurrentThread
0x831228 SetThreadAffinityMask
0x83122c Sleep
0x831230 LoadLibraryA
0x831234 FreeLibrary
0x831238 GetTickCount
0x83123c SystemTimeToFileTime
0x831240 FileTimeToSystemTime
0x831244 GlobalFree
0x831248 LocalAlloc
0x83124c LocalFree
0x831250 GetProcAddress
0x831254 ExitProcess
0x831258 EnterCriticalSection
0x83125c LeaveCriticalSection
0x831260 InitializeCriticalSection
0x831264 DeleteCriticalSection
0x831268 GetModuleHandleW
0x83126c LoadResource
0x831270 MultiByteToWideChar
0x831274 FindResourceExW
0x831278 FindResourceExA
0x83127c WideCharToMultiByte
0x831280 GetThreadLocale
0x831284 GetUserDefaultLCID
0x831288 GetSystemDefaultLCID
0x83128c EnumResourceNamesA
0x831290 EnumResourceNamesW
0x831294 EnumResourceLanguagesA
0x831298 EnumResourceLanguagesW
0x83129c EnumResourceTypesA
0x8312a0 EnumResourceTypesW
0x8312a4 CreateFileW
0x8312a8 LoadLibraryW
0x8312ac GetLastError
0x8312b0 FlushFileBuffers
0x8312b4 WriteConsoleW
0x8312b8 SetStdHandle
0x8312bc IsProcessorFeaturePresent
0x8312c0 DecodePointer
0x8312c4 GetCommandLineA
0x8312c8 RaiseException
0x8312cc HeapFree
0x8312d0 GetCPInfo
0x8312d4 InterlockedIncrement
0x8312d8 InterlockedDecrement
0x8312dc GetACP
0x8312e0 GetOEMCP
0x8312e4 IsValidCodePage
0x8312e8 EncodePointer
0x8312ec TlsAlloc
0x8312f0 TlsGetValue
0x8312f4 TlsSetValue
0x8312f8 TlsFree
0x8312fc SetLastError
0x831300 UnhandledExceptionFilter
0x831304 SetUnhandledExceptionFilter
0x831308 IsDebuggerPresent
0x83130c HeapAlloc
0x831310 LCMapStringW
0x831314 GetStringTypeW
0x831318 SetHandleCount
0x83131c GetStdHandle
0x831320 InitializeCriticalSectionAndSpinCount
0x831324 GetFileType
0x831328 GetStartupInfoW
0x83132c GetModuleFileNameA
0x831330 FreeEnvironmentStringsW
0x831334 GetEnvironmentStringsW
0x831338 HeapCreate
0x83133c HeapDestroy
0x831340 QueryPerformanceCounter
0x831344 HeapSize
0x831348 WriteFile
0x83134c RtlUnwind
0x831350 SetFilePointer
0x831354 GetConsoleCP
0x831358 GetConsoleMode
0x83135c HeapReAlloc
0x831360 VirtualQuery
USER32.dll
0x831368 CharUpperBuffW
KERNEL32.dll
0x831370 LocalAlloc
0x831374 LocalFree
0x831378 GetModuleFileNameW
0x83137c ExitProcess
0x831380 LoadLibraryA
0x831384 GetModuleHandleA
0x831388 GetProcAddress
EAT(Export Address Table) is none