ScreenShot
| Created | 2023.04.02 08:56 | Machine | s1_win7_x6403 |
| Filename | 9a3e5c94-0917-4b87-b1e2-540783d5729f | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 36 detected (Strab, malicious, high confidence, StealerNET, Doina, Jaik, unsafe, score, Kryptik, Eldorado, Attribute, HighConfidence, HSEV, R002C0DCU23, high, Nekark, dpmlu, Detected, ai score=86, FakeSig, FalseSign, Hajl, GdSda) | ||
| md5 | 041b96460a5646b883436e0b327829eb | ||
| sha256 | 831de4f721d72790aa397a9f8ad7b02eaf86b4d522748452922260b0b2127d92 | ||
| ssdeep | 6144:otjpISgwKH0fqmTSyteqsmri+c2Y7PFT5X8WBIP0GQkA7Hi6SicHQ9:mjRgwnf9Wmri+c2WPF9XsP0GQkALSnu | ||
| imphash | 303b4a863d3cdfccef2b33459673ef8a | ||
| impfuzzy | 24:mDIOezscfpsXl9RMjOov1lG/J3IOtLQFQ8RyvDkRTkfcGOqFUZ1B2:YezvfpsXNMCd9tL3Dgwf3HFUZz2 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 36 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x418000 GetProcAddress
0x418004 GetModuleHandleA
0x418008 GetVersion
0x41800c MultiByteToWideChar
0x418010 FreeConsole
0x418014 PrepareTape
0x418018 EscapeCommFunction
0x41801c ResetEvent
0x418020 SetEvent
0x418024 GetFileInformationByHandle
0x418028 DeleteAtom
0x41802c GetCurrentProcessId
0x418030 InitializeCriticalSection
0x418034 GetCurrentProcess
0x418038 GetNativeSystemInfo
0x41803c CreateEventW
0x418040 AssignProcessToJobObject
0x418044 QueryPerformanceFrequency
0x418048 AddAtomW
0x41804c CreateFileW
0x418050 GetLocaleInfoA
0x418054 GetStringTypeW
0x418058 GetStringTypeA
0x41805c LCMapStringW
0x418060 LCMapStringA
0x418064 InitializeCriticalSectionAndSpinCount
0x418068 LoadLibraryA
0x41806c HeapSize
0x418070 RtlUnwind
0x418074 RaiseException
0x418078 GetCommandLineA
0x41807c GetLastError
0x418080 HeapFree
0x418084 GetModuleHandleW
0x418088 TlsGetValue
0x41808c TlsAlloc
0x418090 TlsSetValue
0x418094 TlsFree
0x418098 InterlockedIncrement
0x41809c SetLastError
0x4180a0 GetCurrentThreadId
0x4180a4 InterlockedDecrement
0x4180a8 HeapAlloc
0x4180ac TerminateProcess
0x4180b0 UnhandledExceptionFilter
0x4180b4 SetUnhandledExceptionFilter
0x4180b8 IsDebuggerPresent
0x4180bc Sleep
0x4180c0 ExitProcess
0x4180c4 WriteFile
0x4180c8 GetStdHandle
0x4180cc GetModuleFileNameA
0x4180d0 FreeEnvironmentStringsA
0x4180d4 GetEnvironmentStrings
0x4180d8 FreeEnvironmentStringsW
0x4180dc WideCharToMultiByte
0x4180e0 GetEnvironmentStringsW
0x4180e4 SetHandleCount
0x4180e8 GetFileType
0x4180ec GetStartupInfoA
0x4180f0 DeleteCriticalSection
0x4180f4 HeapCreate
0x4180f8 VirtualFree
0x4180fc QueryPerformanceCounter
0x418100 GetTickCount
0x418104 GetSystemTimeAsFileTime
0x418108 GetCPInfo
0x41810c GetACP
0x418110 GetOEMCP
0x418114 IsValidCodePage
0x418118 LeaveCriticalSection
0x41811c EnterCriticalSection
0x418120 VirtualAlloc
0x418124 HeapReAlloc
SHELL32.dll
0x41812c SHGetInstanceExplorer
0x418130 None
0x418134 DragFinish
0x418138 Shell_NotifyIconW
0x41813c SHGetDiskFreeSpaceExW
0x418140 SHGetPathFromIDListW
0x418144 None
0x418148 SHParseDisplayName
0x41814c None
0x418150 None
0x418154 ShellExecuteW
0x418158 SHPathPrepareForWriteW
0x41815c None
0x418160 SHGetSettings
0x418164 None
0x418168 None
0x41816c SHBrowseForFolderW
0x418170 SHBindToParent
0x418174 None
EAT(Export Address Table) is none
KERNEL32.dll
0x418000 GetProcAddress
0x418004 GetModuleHandleA
0x418008 GetVersion
0x41800c MultiByteToWideChar
0x418010 FreeConsole
0x418014 PrepareTape
0x418018 EscapeCommFunction
0x41801c ResetEvent
0x418020 SetEvent
0x418024 GetFileInformationByHandle
0x418028 DeleteAtom
0x41802c GetCurrentProcessId
0x418030 InitializeCriticalSection
0x418034 GetCurrentProcess
0x418038 GetNativeSystemInfo
0x41803c CreateEventW
0x418040 AssignProcessToJobObject
0x418044 QueryPerformanceFrequency
0x418048 AddAtomW
0x41804c CreateFileW
0x418050 GetLocaleInfoA
0x418054 GetStringTypeW
0x418058 GetStringTypeA
0x41805c LCMapStringW
0x418060 LCMapStringA
0x418064 InitializeCriticalSectionAndSpinCount
0x418068 LoadLibraryA
0x41806c HeapSize
0x418070 RtlUnwind
0x418074 RaiseException
0x418078 GetCommandLineA
0x41807c GetLastError
0x418080 HeapFree
0x418084 GetModuleHandleW
0x418088 TlsGetValue
0x41808c TlsAlloc
0x418090 TlsSetValue
0x418094 TlsFree
0x418098 InterlockedIncrement
0x41809c SetLastError
0x4180a0 GetCurrentThreadId
0x4180a4 InterlockedDecrement
0x4180a8 HeapAlloc
0x4180ac TerminateProcess
0x4180b0 UnhandledExceptionFilter
0x4180b4 SetUnhandledExceptionFilter
0x4180b8 IsDebuggerPresent
0x4180bc Sleep
0x4180c0 ExitProcess
0x4180c4 WriteFile
0x4180c8 GetStdHandle
0x4180cc GetModuleFileNameA
0x4180d0 FreeEnvironmentStringsA
0x4180d4 GetEnvironmentStrings
0x4180d8 FreeEnvironmentStringsW
0x4180dc WideCharToMultiByte
0x4180e0 GetEnvironmentStringsW
0x4180e4 SetHandleCount
0x4180e8 GetFileType
0x4180ec GetStartupInfoA
0x4180f0 DeleteCriticalSection
0x4180f4 HeapCreate
0x4180f8 VirtualFree
0x4180fc QueryPerformanceCounter
0x418100 GetTickCount
0x418104 GetSystemTimeAsFileTime
0x418108 GetCPInfo
0x41810c GetACP
0x418110 GetOEMCP
0x418114 IsValidCodePage
0x418118 LeaveCriticalSection
0x41811c EnterCriticalSection
0x418120 VirtualAlloc
0x418124 HeapReAlloc
SHELL32.dll
0x41812c SHGetInstanceExplorer
0x418130 None
0x418134 DragFinish
0x418138 Shell_NotifyIconW
0x41813c SHGetDiskFreeSpaceExW
0x418140 SHGetPathFromIDListW
0x418144 None
0x418148 SHParseDisplayName
0x41814c None
0x418150 None
0x418154 ShellExecuteW
0x418158 SHPathPrepareForWriteW
0x41815c None
0x418160 SHGetSettings
0x418164 None
0x418168 None
0x41816c SHBrowseForFolderW
0x418170 SHBindToParent
0x418174 None
EAT(Export Address Table) is none