Report - AlCapone99.exe

UPX Malicious Library OS Processor Check PE32 PE File
ScreenShot
Created 2023.03.21 10:06 Machine s1_win7_x6403
Filename AlCapone99.exe
Type PE32 executable (console) Intel 80386, for MS Windows
AI Score
8
Behavior Score
2.0
ZERO API file : malware
VT API (file) 45 detected (Convagent, malicious, high confidence, Fragtor, Artemis, unsafe, Kryptik, V8k2, ZexaE, qu2@aiIzsQei, Eldorado, HTCD, score, CrypterX, RedLineSteal, otvog, Siggen3, REDLINE, YXDCTZ, high, Malware@#w7vshkzta1l, Detected, ai score=83, fK4e4rRai8M, Static AI, Suspicious PE, PossibleThreat, PALLASNET)
md5 3db6d94b8df4916aa7cb0d67f2bba3f6
sha256 15b31a3a4ab58991a4e7c7e2cc49fdec1002ea907effb2402b949263dcf0a0bd
ssdeep 3072:UvmEID31U40ByUrwJ9Cfo25a1Ts0f1BiAHon3aLOoPTrXkVmPvFPtoHwKqZJxIxB:4m5lUF1wJ9CfoR1TsC1NwQ/emXFiHwKn
imphash 23ab51c15380bcf81a5cee1a5c0399b5
impfuzzy 24:WDaOovnOQFQjERyvDh/J3ISlRT4acmfLpl8rq:sEOLDjhcacmfFKrq
  Network IP location

Signature (3cnts)

Level Description
danger File has been identified by 45 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
notice The binary likely contains encrypted or compressed data indicative of a packer

Rules (5cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x40e008 FreeConsole
 0x40e00c GetVersion
 0x40e010 GetSystemInfo
 0x40e014 MultiByteToWideChar
 0x40e018 GetModuleHandleA
 0x40e01c GetProcAddress
 0x40e020 GetCommandLineA
 0x40e024 SetUnhandledExceptionFilter
 0x40e028 GetModuleHandleW
 0x40e02c Sleep
 0x40e030 ExitProcess
 0x40e034 WriteFile
 0x40e038 GetStdHandle
 0x40e03c GetModuleFileNameA
 0x40e040 FreeEnvironmentStringsA
 0x40e044 GetEnvironmentStrings
 0x40e048 FreeEnvironmentStringsW
 0x40e04c WideCharToMultiByte
 0x40e050 GetLastError
 0x40e054 GetEnvironmentStringsW
 0x40e058 SetHandleCount
 0x40e05c GetFileType
 0x40e060 GetStartupInfoA
 0x40e064 DeleteCriticalSection
 0x40e068 TlsGetValue
 0x40e06c TlsAlloc
 0x40e070 TlsSetValue
 0x40e074 TlsFree
 0x40e078 InterlockedIncrement
 0x40e07c SetLastError
 0x40e080 GetCurrentThreadId
 0x40e084 InterlockedDecrement
 0x40e088 HeapCreate
 0x40e08c VirtualFree
 0x40e090 HeapFree
 0x40e094 QueryPerformanceCounter
 0x40e098 GetTickCount
 0x40e09c GetCurrentProcessId
 0x40e0a0 GetSystemTimeAsFileTime
 0x40e0a4 HeapAlloc
 0x40e0a8 RaiseException
 0x40e0ac GetCPInfo
 0x40e0b0 GetACP
 0x40e0b4 GetOEMCP
 0x40e0b8 IsValidCodePage
 0x40e0bc TerminateProcess
 0x40e0c0 GetCurrentProcess
 0x40e0c4 UnhandledExceptionFilter
 0x40e0c8 IsDebuggerPresent
 0x40e0cc LeaveCriticalSection
 0x40e0d0 EnterCriticalSection
 0x40e0d4 LoadLibraryA
 0x40e0d8 InitializeCriticalSectionAndSpinCount
 0x40e0dc VirtualAlloc
 0x40e0e0 HeapReAlloc
 0x40e0e4 RtlUnwind
 0x40e0e8 HeapSize
 0x40e0ec LCMapStringA
 0x40e0f0 LCMapStringW
 0x40e0f4 GetStringTypeA
 0x40e0f8 GetStringTypeW
 0x40e0fc GetLocaleInfoA
GDI32.dll
 0x40e000 SetBkColor

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure