ScreenShot
Created | 2023.03.21 10:06 | Machine | s1_win7_x6403 |
Filename | AlCapone99.exe | ||
Type | PE32 executable (console) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 45 detected (Convagent, malicious, high confidence, Fragtor, Artemis, unsafe, Kryptik, V8k2, ZexaE, qu2@aiIzsQei, Eldorado, HTCD, score, CrypterX, RedLineSteal, otvog, Siggen3, REDLINE, YXDCTZ, high, Malware@#w7vshkzta1l, Detected, ai score=83, fK4e4rRai8M, Static AI, Suspicious PE, PossibleThreat, PALLASNET) | ||
md5 | 3db6d94b8df4916aa7cb0d67f2bba3f6 | ||
sha256 | 15b31a3a4ab58991a4e7c7e2cc49fdec1002ea907effb2402b949263dcf0a0bd | ||
ssdeep | 3072:UvmEID31U40ByUrwJ9Cfo25a1Ts0f1BiAHon3aLOoPTrXkVmPvFPtoHwKqZJxIxB:4m5lUF1wJ9CfoR1TsC1NwQ/emXFiHwKn | ||
imphash | 23ab51c15380bcf81a5cee1a5c0399b5 | ||
impfuzzy | 24:WDaOovnOQFQjERyvDh/J3ISlRT4acmfLpl8rq:sEOLDjhcacmfFKrq |
Network IP location
Signature (3cnts)
Level | Description |
---|---|
danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (5cnts)
Level | Name | Description | Collection |
---|---|---|---|
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40e008 FreeConsole
0x40e00c GetVersion
0x40e010 GetSystemInfo
0x40e014 MultiByteToWideChar
0x40e018 GetModuleHandleA
0x40e01c GetProcAddress
0x40e020 GetCommandLineA
0x40e024 SetUnhandledExceptionFilter
0x40e028 GetModuleHandleW
0x40e02c Sleep
0x40e030 ExitProcess
0x40e034 WriteFile
0x40e038 GetStdHandle
0x40e03c GetModuleFileNameA
0x40e040 FreeEnvironmentStringsA
0x40e044 GetEnvironmentStrings
0x40e048 FreeEnvironmentStringsW
0x40e04c WideCharToMultiByte
0x40e050 GetLastError
0x40e054 GetEnvironmentStringsW
0x40e058 SetHandleCount
0x40e05c GetFileType
0x40e060 GetStartupInfoA
0x40e064 DeleteCriticalSection
0x40e068 TlsGetValue
0x40e06c TlsAlloc
0x40e070 TlsSetValue
0x40e074 TlsFree
0x40e078 InterlockedIncrement
0x40e07c SetLastError
0x40e080 GetCurrentThreadId
0x40e084 InterlockedDecrement
0x40e088 HeapCreate
0x40e08c VirtualFree
0x40e090 HeapFree
0x40e094 QueryPerformanceCounter
0x40e098 GetTickCount
0x40e09c GetCurrentProcessId
0x40e0a0 GetSystemTimeAsFileTime
0x40e0a4 HeapAlloc
0x40e0a8 RaiseException
0x40e0ac GetCPInfo
0x40e0b0 GetACP
0x40e0b4 GetOEMCP
0x40e0b8 IsValidCodePage
0x40e0bc TerminateProcess
0x40e0c0 GetCurrentProcess
0x40e0c4 UnhandledExceptionFilter
0x40e0c8 IsDebuggerPresent
0x40e0cc LeaveCriticalSection
0x40e0d0 EnterCriticalSection
0x40e0d4 LoadLibraryA
0x40e0d8 InitializeCriticalSectionAndSpinCount
0x40e0dc VirtualAlloc
0x40e0e0 HeapReAlloc
0x40e0e4 RtlUnwind
0x40e0e8 HeapSize
0x40e0ec LCMapStringA
0x40e0f0 LCMapStringW
0x40e0f4 GetStringTypeA
0x40e0f8 GetStringTypeW
0x40e0fc GetLocaleInfoA
GDI32.dll
0x40e000 SetBkColor
EAT(Export Address Table) is none
KERNEL32.dll
0x40e008 FreeConsole
0x40e00c GetVersion
0x40e010 GetSystemInfo
0x40e014 MultiByteToWideChar
0x40e018 GetModuleHandleA
0x40e01c GetProcAddress
0x40e020 GetCommandLineA
0x40e024 SetUnhandledExceptionFilter
0x40e028 GetModuleHandleW
0x40e02c Sleep
0x40e030 ExitProcess
0x40e034 WriteFile
0x40e038 GetStdHandle
0x40e03c GetModuleFileNameA
0x40e040 FreeEnvironmentStringsA
0x40e044 GetEnvironmentStrings
0x40e048 FreeEnvironmentStringsW
0x40e04c WideCharToMultiByte
0x40e050 GetLastError
0x40e054 GetEnvironmentStringsW
0x40e058 SetHandleCount
0x40e05c GetFileType
0x40e060 GetStartupInfoA
0x40e064 DeleteCriticalSection
0x40e068 TlsGetValue
0x40e06c TlsAlloc
0x40e070 TlsSetValue
0x40e074 TlsFree
0x40e078 InterlockedIncrement
0x40e07c SetLastError
0x40e080 GetCurrentThreadId
0x40e084 InterlockedDecrement
0x40e088 HeapCreate
0x40e08c VirtualFree
0x40e090 HeapFree
0x40e094 QueryPerformanceCounter
0x40e098 GetTickCount
0x40e09c GetCurrentProcessId
0x40e0a0 GetSystemTimeAsFileTime
0x40e0a4 HeapAlloc
0x40e0a8 RaiseException
0x40e0ac GetCPInfo
0x40e0b0 GetACP
0x40e0b4 GetOEMCP
0x40e0b8 IsValidCodePage
0x40e0bc TerminateProcess
0x40e0c0 GetCurrentProcess
0x40e0c4 UnhandledExceptionFilter
0x40e0c8 IsDebuggerPresent
0x40e0cc LeaveCriticalSection
0x40e0d0 EnterCriticalSection
0x40e0d4 LoadLibraryA
0x40e0d8 InitializeCriticalSectionAndSpinCount
0x40e0dc VirtualAlloc
0x40e0e0 HeapReAlloc
0x40e0e4 RtlUnwind
0x40e0e8 HeapSize
0x40e0ec LCMapStringA
0x40e0f0 LCMapStringW
0x40e0f4 GetStringTypeA
0x40e0f8 GetStringTypeW
0x40e0fc GetLocaleInfoA
GDI32.dll
0x40e000 SetBkColor
EAT(Export Address Table) is none