ScreenShot
| Created | 2023.07.22 21:43 | Machine | s1_win7_x6403 |
| Filename | elevator.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 19 detected (Common, malicious, moderate confidence, Artemis, score, Sabsik, Elevator, unsafe, Sdum, wfZBXt833vN, PossibleThreat) | ||
| md5 | 5f6c86ec159f2b0d99f88bc3c3c6a641 | ||
| sha256 | 4348d0d550e739807bfdd89524fbeb7f4300193f4cb9aa5a62dc219640be59a2 | ||
| ssdeep | 3072:9+bwPB64+8ZFjwMVuG74CHy/8c77uv6tvkNN0P3ohdeaEK8aTVcZIaKW:9+bwp64JjtVuG7Hy/7uv6tvNPVs+K | ||
| imphash | 7cd0bbb42d4b316f99f5cabd76b4bcaa | ||
| impfuzzy | 48:qWm9FvrXlYXPMvRWLeeduGdLy/ahLR7/7hy4FMPbBMLSQMBm:qWmrvrXlYXUvRWqeduGdL6avTdy4FKE | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 19 AntiVirus engines on VirusTotal as malicious |
| info | Command line console output was observed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140030020 GetCurrentProcess
0x140030028 CloseHandle
0x140030030 GetCurrentThread
0x140030038 TerminateProcess
0x140030040 AcquireSRWLockExclusive
0x140030048 ReleaseSRWLockExclusive
0x140030050 RtlCaptureContext
0x140030058 ReleaseMutex
0x140030060 WaitForSingleObjectEx
0x140030068 LoadLibraryA
0x140030070 CreateMutexA
0x140030078 RtlLookupFunctionEntry
0x140030080 GetLastError
0x140030088 FormatMessageW
0x140030090 FreeLibrary
0x140030098 GetProcessHeap
0x1400300a0 HeapFree
0x1400300a8 HeapAlloc
0x1400300b0 WaitForSingleObject
0x1400300b8 ReleaseSRWLockShared
0x1400300c0 AddVectoredExceptionHandler
0x1400300c8 SetThreadStackGuarantee
0x1400300d0 SetLastError
0x1400300d8 GetCurrentDirectoryW
0x1400300e0 GetEnvironmentVariableW
0x1400300e8 SetThreadContext
0x1400300f0 GetCommandLineW
0x1400300f8 GetStdHandle
0x140030100 GetCurrentProcessId
0x140030108 QueryPerformanceCounter
0x140030110 TryAcquireSRWLockExclusive
0x140030118 HeapReAlloc
0x140030120 AcquireSRWLockShared
0x140030128 GetModuleHandleW
0x140030130 GetModuleFileNameW
0x140030138 TlsGetValue
0x140030140 TlsSetValue
0x140030148 GetSystemTimeAsFileTime
0x140030150 GetConsoleMode
0x140030158 WriteConsoleW
0x140030160 GetThreadContext
0x140030168 GetSystemInfo
0x140030170 GetProcAddress
0x140030178 GetModuleHandleA
0x140030180 LoadLibraryExW
0x140030188 TlsFree
0x140030190 TlsAlloc
0x140030198 InitializeCriticalSectionAndSpinCount
0x1400301a0 DeleteCriticalSection
0x1400301a8 EncodePointer
0x1400301b0 RaiseException
0x1400301b8 RtlPcToFileHeader
0x1400301c0 RtlUnwindEx
0x1400301c8 IsProcessorFeaturePresent
0x1400301d0 SetUnhandledExceptionFilter
0x1400301d8 UnhandledExceptionFilter
0x1400301e0 IsDebuggerPresent
0x1400301e8 RtlVirtualUnwind
0x1400301f0 InitializeSListHead
0x1400301f8 GetCurrentThreadId
ADVAPI32.dll
0x140030000 RegQueryValueExW
0x140030008 RegOpenKeyExW
0x140030010 SystemFunction036
PSAPI.DLL
0x140030208 EnumProcessModulesEx
0x140030210 GetModuleBaseNameW
USER32.dll
0x140030220 GetSystemMetrics
crypt.dll
0x140030348 BCryptCloseAlgorithmProvider
0x140030350 BCryptOpenAlgorithmProvider
0x140030358 BCryptGenRandom
api-ms-win-crt-string-l1-1-0.dll
0x140030330 strcpy_s
0x140030338 wcsncmp
api-ms-win-crt-runtime-l1-1-0.dll
0x140030278 terminate
0x140030280 _crt_atexit
0x140030288 _register_onexit_function
0x140030290 _initialize_onexit_table
0x140030298 _seh_filter_exe
0x1400302a0 _set_app_type
0x1400302a8 __p___argc
0x1400302b0 _register_thread_local_exe_atexit_callback
0x1400302b8 _configure_narrow_argv
0x1400302c0 _initialize_narrow_environment
0x1400302c8 _get_initial_narrow_environment
0x1400302d0 __p___argv
0x1400302d8 _initterm
0x1400302e0 _c_exit
0x1400302e8 _cexit
0x1400302f0 abort
0x1400302f8 _initterm_e
0x140030300 _exit
0x140030308 exit
api-ms-win-crt-math-l1-1-0.dll
0x140030268 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x140030318 __p__commode
0x140030320 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x140030258 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x140030230 calloc
0x140030238 malloc
0x140030240 _set_new_mode
0x140030248 free
EAT(Export Address Table) is none
KERNEL32.dll
0x140030020 GetCurrentProcess
0x140030028 CloseHandle
0x140030030 GetCurrentThread
0x140030038 TerminateProcess
0x140030040 AcquireSRWLockExclusive
0x140030048 ReleaseSRWLockExclusive
0x140030050 RtlCaptureContext
0x140030058 ReleaseMutex
0x140030060 WaitForSingleObjectEx
0x140030068 LoadLibraryA
0x140030070 CreateMutexA
0x140030078 RtlLookupFunctionEntry
0x140030080 GetLastError
0x140030088 FormatMessageW
0x140030090 FreeLibrary
0x140030098 GetProcessHeap
0x1400300a0 HeapFree
0x1400300a8 HeapAlloc
0x1400300b0 WaitForSingleObject
0x1400300b8 ReleaseSRWLockShared
0x1400300c0 AddVectoredExceptionHandler
0x1400300c8 SetThreadStackGuarantee
0x1400300d0 SetLastError
0x1400300d8 GetCurrentDirectoryW
0x1400300e0 GetEnvironmentVariableW
0x1400300e8 SetThreadContext
0x1400300f0 GetCommandLineW
0x1400300f8 GetStdHandle
0x140030100 GetCurrentProcessId
0x140030108 QueryPerformanceCounter
0x140030110 TryAcquireSRWLockExclusive
0x140030118 HeapReAlloc
0x140030120 AcquireSRWLockShared
0x140030128 GetModuleHandleW
0x140030130 GetModuleFileNameW
0x140030138 TlsGetValue
0x140030140 TlsSetValue
0x140030148 GetSystemTimeAsFileTime
0x140030150 GetConsoleMode
0x140030158 WriteConsoleW
0x140030160 GetThreadContext
0x140030168 GetSystemInfo
0x140030170 GetProcAddress
0x140030178 GetModuleHandleA
0x140030180 LoadLibraryExW
0x140030188 TlsFree
0x140030190 TlsAlloc
0x140030198 InitializeCriticalSectionAndSpinCount
0x1400301a0 DeleteCriticalSection
0x1400301a8 EncodePointer
0x1400301b0 RaiseException
0x1400301b8 RtlPcToFileHeader
0x1400301c0 RtlUnwindEx
0x1400301c8 IsProcessorFeaturePresent
0x1400301d0 SetUnhandledExceptionFilter
0x1400301d8 UnhandledExceptionFilter
0x1400301e0 IsDebuggerPresent
0x1400301e8 RtlVirtualUnwind
0x1400301f0 InitializeSListHead
0x1400301f8 GetCurrentThreadId
ADVAPI32.dll
0x140030000 RegQueryValueExW
0x140030008 RegOpenKeyExW
0x140030010 SystemFunction036
PSAPI.DLL
0x140030208 EnumProcessModulesEx
0x140030210 GetModuleBaseNameW
USER32.dll
0x140030220 GetSystemMetrics
crypt.dll
0x140030348 BCryptCloseAlgorithmProvider
0x140030350 BCryptOpenAlgorithmProvider
0x140030358 BCryptGenRandom
api-ms-win-crt-string-l1-1-0.dll
0x140030330 strcpy_s
0x140030338 wcsncmp
api-ms-win-crt-runtime-l1-1-0.dll
0x140030278 terminate
0x140030280 _crt_atexit
0x140030288 _register_onexit_function
0x140030290 _initialize_onexit_table
0x140030298 _seh_filter_exe
0x1400302a0 _set_app_type
0x1400302a8 __p___argc
0x1400302b0 _register_thread_local_exe_atexit_callback
0x1400302b8 _configure_narrow_argv
0x1400302c0 _initialize_narrow_environment
0x1400302c8 _get_initial_narrow_environment
0x1400302d0 __p___argv
0x1400302d8 _initterm
0x1400302e0 _c_exit
0x1400302e8 _cexit
0x1400302f0 abort
0x1400302f8 _initterm_e
0x140030300 _exit
0x140030308 exit
api-ms-win-crt-math-l1-1-0.dll
0x140030268 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x140030318 __p__commode
0x140030320 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x140030258 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x140030230 calloc
0x140030238 malloc
0x140030240 _set_new_mode
0x140030248 free
EAT(Export Address Table) is none