ScreenShot
| Created | 2023.04.12 09:20 | Machine | s1_win7_x6401 |
| Filename | Ruzvelt.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | cafc8351bc21c41083793db0f57b6aa8 | ||
| sha256 | 77cd68e6328a5b58a625e6190b56713e62b37db8fcae04d9b6f7021745c4603f | ||
| ssdeep | 6144:fYUy3y9ElcdE0vVBNdAcKAl39yy3hPXCJMys:1IytqgVbRTx3h/CJ | ||
| imphash | ab6a1f3e3b2e868d2b29ae16c796885b | ||
| impfuzzy | 24:boRRxlgaS9fPpOSduMKKuDgT9AXYCsQHqLOovttmncMVv9mj/J3ClSQ8e4bjMLST:bovgaqd7SsH6ktocMd9m9C8fT | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40100c QueryPerformanceCounter
0x401010 FindCloseChangeNotification
0x401014 BackupSeek
0x401018 FreeEnvironmentStringsA
0x40101c GetModuleHandleW
0x401020 EnumCalendarInfoExW
0x401024 VirtualFree
0x401028 ConvertFiberToThread
0x40102c ReadConsoleW
0x401030 EnumTimeFormatsA
0x401034 EnumResourceTypesA
0x401038 SetHandleCount
0x40103c LoadLibraryW
0x401040 SetCommConfig
0x401044 GetConsoleWindow
0x401048 GetFileAttributesW
0x40104c EnumSystemLocalesA
0x401050 InterlockedExchange
0x401054 GetProfileIntA
0x401058 GetCPInfoExW
0x40105c FillConsoleOutputCharacterW
0x401060 GetLastError
0x401064 InterlockedDecrement
0x401068 GetProcAddress
0x40106c AttachConsole
0x401070 VirtualAlloc
0x401074 HeapSize
0x401078 BeginUpdateResourceW
0x40107c WriteProfileSectionA
0x401080 LoadLibraryA
0x401084 LocalAlloc
0x401088 OpenEventA
0x40108c RemoveDirectoryW
0x401090 PostQueuedCompletionStatus
0x401094 FoldStringA
0x401098 EnumDateFormatsA
0x40109c GetModuleHandleA
0x4010a0 HeapSetInformation
0x4010a4 VirtualProtect
0x4010a8 ScrollConsoleScreenBufferA
0x4010ac GetShortPathNameW
0x4010b0 GetWindowsDirectoryW
0x4010b4 AddConsoleAliasA
0x4010b8 DebugBreak
0x4010bc GetSystemDefaultUILanguage
0x4010c0 Sleep
0x4010c4 ExitProcess
0x4010c8 GetCommandLineA
0x4010cc GetStartupInfoA
0x4010d0 TerminateProcess
0x4010d4 GetCurrentProcess
0x4010d8 UnhandledExceptionFilter
0x4010dc SetUnhandledExceptionFilter
0x4010e0 IsDebuggerPresent
0x4010e4 HeapAlloc
0x4010e8 HeapFree
0x4010ec EnterCriticalSection
0x4010f0 LeaveCriticalSection
0x4010f4 RtlUnwind
0x4010f8 GetStdHandle
0x4010fc GetFileType
0x401100 DeleteCriticalSection
0x401104 RaiseException
0x401108 TlsGetValue
0x40110c TlsAlloc
0x401110 TlsSetValue
0x401114 TlsFree
0x401118 InterlockedIncrement
0x40111c SetLastError
0x401120 GetCurrentThreadId
0x401124 WriteFile
0x401128 GetModuleFileNameA
0x40112c InitializeCriticalSectionAndSpinCount
0x401130 GetEnvironmentStrings
0x401134 FreeEnvironmentStringsW
0x401138 WideCharToMultiByte
0x40113c GetEnvironmentStringsW
0x401140 HeapCreate
0x401144 GetTickCount
0x401148 GetCurrentProcessId
0x40114c GetSystemTimeAsFileTime
0x401150 HeapReAlloc
0x401154 CloseHandle
0x401158 CreateFileA
0x40115c GetCPInfo
0x401160 GetACP
0x401164 GetOEMCP
0x401168 IsValidCodePage
0x40116c GetLocaleInfoA
0x401170 GetConsoleCP
0x401174 GetConsoleMode
0x401178 FlushFileBuffers
0x40117c SetStdHandle
0x401180 SetFilePointer
0x401184 SetEndOfFile
0x401188 GetProcessHeap
0x40118c MultiByteToWideChar
0x401190 ReadFile
0x401194 LCMapStringA
0x401198 LCMapStringW
0x40119c GetStringTypeA
0x4011a0 GetStringTypeW
0x4011a4 WriteConsoleA
0x4011a8 GetConsoleOutputCP
0x4011ac WriteConsoleW
GDI32.dll
0x401000 GetCharWidthA
0x401004 GetCharWidthI
EAT(Export Address Table) is none
KERNEL32.dll
0x40100c QueryPerformanceCounter
0x401010 FindCloseChangeNotification
0x401014 BackupSeek
0x401018 FreeEnvironmentStringsA
0x40101c GetModuleHandleW
0x401020 EnumCalendarInfoExW
0x401024 VirtualFree
0x401028 ConvertFiberToThread
0x40102c ReadConsoleW
0x401030 EnumTimeFormatsA
0x401034 EnumResourceTypesA
0x401038 SetHandleCount
0x40103c LoadLibraryW
0x401040 SetCommConfig
0x401044 GetConsoleWindow
0x401048 GetFileAttributesW
0x40104c EnumSystemLocalesA
0x401050 InterlockedExchange
0x401054 GetProfileIntA
0x401058 GetCPInfoExW
0x40105c FillConsoleOutputCharacterW
0x401060 GetLastError
0x401064 InterlockedDecrement
0x401068 GetProcAddress
0x40106c AttachConsole
0x401070 VirtualAlloc
0x401074 HeapSize
0x401078 BeginUpdateResourceW
0x40107c WriteProfileSectionA
0x401080 LoadLibraryA
0x401084 LocalAlloc
0x401088 OpenEventA
0x40108c RemoveDirectoryW
0x401090 PostQueuedCompletionStatus
0x401094 FoldStringA
0x401098 EnumDateFormatsA
0x40109c GetModuleHandleA
0x4010a0 HeapSetInformation
0x4010a4 VirtualProtect
0x4010a8 ScrollConsoleScreenBufferA
0x4010ac GetShortPathNameW
0x4010b0 GetWindowsDirectoryW
0x4010b4 AddConsoleAliasA
0x4010b8 DebugBreak
0x4010bc GetSystemDefaultUILanguage
0x4010c0 Sleep
0x4010c4 ExitProcess
0x4010c8 GetCommandLineA
0x4010cc GetStartupInfoA
0x4010d0 TerminateProcess
0x4010d4 GetCurrentProcess
0x4010d8 UnhandledExceptionFilter
0x4010dc SetUnhandledExceptionFilter
0x4010e0 IsDebuggerPresent
0x4010e4 HeapAlloc
0x4010e8 HeapFree
0x4010ec EnterCriticalSection
0x4010f0 LeaveCriticalSection
0x4010f4 RtlUnwind
0x4010f8 GetStdHandle
0x4010fc GetFileType
0x401100 DeleteCriticalSection
0x401104 RaiseException
0x401108 TlsGetValue
0x40110c TlsAlloc
0x401110 TlsSetValue
0x401114 TlsFree
0x401118 InterlockedIncrement
0x40111c SetLastError
0x401120 GetCurrentThreadId
0x401124 WriteFile
0x401128 GetModuleFileNameA
0x40112c InitializeCriticalSectionAndSpinCount
0x401130 GetEnvironmentStrings
0x401134 FreeEnvironmentStringsW
0x401138 WideCharToMultiByte
0x40113c GetEnvironmentStringsW
0x401140 HeapCreate
0x401144 GetTickCount
0x401148 GetCurrentProcessId
0x40114c GetSystemTimeAsFileTime
0x401150 HeapReAlloc
0x401154 CloseHandle
0x401158 CreateFileA
0x40115c GetCPInfo
0x401160 GetACP
0x401164 GetOEMCP
0x401168 IsValidCodePage
0x40116c GetLocaleInfoA
0x401170 GetConsoleCP
0x401174 GetConsoleMode
0x401178 FlushFileBuffers
0x40117c SetStdHandle
0x401180 SetFilePointer
0x401184 SetEndOfFile
0x401188 GetProcessHeap
0x40118c MultiByteToWideChar
0x401190 ReadFile
0x401194 LCMapStringA
0x401198 LCMapStringW
0x40119c GetStringTypeA
0x4011a0 GetStringTypeW
0x4011a4 WriteConsoleA
0x4011a8 GetConsoleOutputCP
0x4011ac WriteConsoleW
GDI32.dll
0x401000 GetCharWidthA
0x401004 GetCharWidthI
EAT(Export Address Table) is none