ScreenShot
Created | 2023.03.29 14:11 | Machine | s1_win7_x6401 |
Filename | 2.1.0ff.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 45 detected (Raccoon, malicious, high confidence, Agiala, PasswordStealer, Veee, confidence, 100%, TrojanPSW, Attribute, HighConfidence, Kryptik, HTAJ, score, QQPass, QQRob, Zfow, Artemis, high, EncPk, AGEN, ai score=85, Wacatac, Detected, unsafe, UEeylJZ8YgL, susgen, Genetic) | ||
md5 | bc338e23e5411697561306eabb29bd9c | ||
sha256 | fc89f7167628e95935070f6a72c859da69a91655e72c4d8c8e31fbac73c2d379 | ||
ssdeep | 1536:/ja4qX8uFJQvccqJ4QFn8XwcWwH7Yq8BG8TcdayFtvhV732+oOl8s4PBqZ1zObEg:/jYPQRQmr8YLNL6dzjPAvZjy5g | ||
imphash | 97d41417e1c898a9dc85fb4d98655fda | ||
impfuzzy | 3:sygWho3aAXwUgEJJ67aIdBA5bAJS9KTXzhAXwWBJAEPQLMAXZTA1LMRMExn:fZy3/JqAF7GDYBJAEYdTA1cL |
Network IP location
Signature (3cnts)
Level | Description |
---|---|
danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
watch | Tries to unhook Windows functions monitored by Cuckoo |
info | One or more processes crashed |
Rules (3cnts)
Level | Name | Description | Collection |
---|---|---|---|
danger | Raccoon_Stealer_1_Zero | Raccoon Stealer | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41a008 LocalSize
0x41a00c lstrlenA
0x41a010 LocalAlloc
0x41a014 IsBadCodePtr
0x41a018 GetProcAddress
0x41a01c LoadLibraryA
GDI32.dll
0x41a000 GetDeviceCaps
ole32.dll
0x41a024 CoInitialize
EAT(Export Address Table) is none
KERNEL32.dll
0x41a008 LocalSize
0x41a00c lstrlenA
0x41a010 LocalAlloc
0x41a014 IsBadCodePtr
0x41a018 GetProcAddress
0x41a01c LoadLibraryA
GDI32.dll
0x41a000 GetDeviceCaps
ole32.dll
0x41a024 CoInitialize
EAT(Export Address Table) is none