ScreenShot
| Created | 2023.08.24 09:25 | Machine | s1_win7_x6401 |
| Filename | mm.txt | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 36 detected (AIDetectMalware, Farfli, GenericKD, Artemis, unsafe, V91a, ZexaF, iu0@aaIMVeoj, ABRisk, TEMW, Attribute, HighConfidence, malicious, high confidence, score, Msmw, svrdu, Generic Reputation PUA, Wacapew, Detected, ai score=88, Generic@AI, RDML, nUy1rbAQszNm3EV, aXWAfg, PossibleThreat, confidence) | ||
| md5 | d79de8432d47642e80a50eee453fbe4b | ||
| sha256 | e00306ee3b76d9ad5e64c10e76a2871777d2542fc13d95340f8628fcd648dd8c | ||
| ssdeep | 3072:z5fOjUw72Uy+Omjd/OAyUE5d5y8JBVV/dqXg61:z5WI/kOzAeEXg61 | ||
| imphash | df9902d76df38fc9846ad5192f1770e2 | ||
| impfuzzy | 24:SYNNDUSLMUdtdS1CMdlJeDc+plmroDSOovbO9ZYv3xG/wx05WEQI:ASVtdS1CMic+pE23W3IsAp | ||
Network IP location
Signature (11cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 36 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Foreign language identified in PE resource |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| notice | Repeatedly searches for a not-found process |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| info | Checks amount of memory in system |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Suricata ids
ET HUNTING Terse Request for .txt - Likely Hostile
ET HUNTING Rejetto HTTP File Sever Response
ET HUNTING Rejetto HTTP File Sever Response
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x410000 Sleep
0x410004 VirtualProtect
0x410008 HeapFree
0x41000c VirtualFree
0x410010 VirtualAlloc
0x410014 LoadLibraryA
0x410018 HeapAlloc
0x41001c GetProcAddress
0x410020 GetProcessHeap
0x410024 FreeLibrary
0x410028 IsBadReadPtr
0x41002c WriteConsoleW
0x410030 CloseHandle
0x410034 CreateFileW
0x410038 SetFilePointerEx
0x41003c GetConsoleMode
0x410040 GetConsoleOutputCP
0x410044 FlushFileBuffers
0x410048 HeapSize
0x41004c GetStringTypeW
0x410050 SetStdHandle
0x410054 UnhandledExceptionFilter
0x410058 SetUnhandledExceptionFilter
0x41005c GetCurrentProcess
0x410060 TerminateProcess
0x410064 IsProcessorFeaturePresent
0x410068 IsDebuggerPresent
0x41006c GetStartupInfoW
0x410070 GetModuleHandleW
0x410074 QueryPerformanceCounter
0x410078 GetCurrentProcessId
0x41007c GetCurrentThreadId
0x410080 GetSystemTimeAsFileTime
0x410084 InitializeSListHead
0x410088 RtlUnwind
0x41008c RaiseException
0x410090 GetLastError
0x410094 SetLastError
0x410098 EncodePointer
0x41009c EnterCriticalSection
0x4100a0 LeaveCriticalSection
0x4100a4 DeleteCriticalSection
0x4100a8 InitializeCriticalSectionAndSpinCount
0x4100ac TlsAlloc
0x4100b0 TlsGetValue
0x4100b4 TlsSetValue
0x4100b8 TlsFree
0x4100bc LoadLibraryExW
0x4100c0 ExitProcess
0x4100c4 GetModuleHandleExW
0x4100c8 GetModuleFileNameW
0x4100cc GetStdHandle
0x4100d0 WriteFile
0x4100d4 HeapReAlloc
0x4100d8 FindClose
0x4100dc FindFirstFileExW
0x4100e0 FindNextFileW
0x4100e4 IsValidCodePage
0x4100e8 GetACP
0x4100ec GetOEMCP
0x4100f0 GetCPInfo
0x4100f4 GetCommandLineA
0x4100f8 GetCommandLineW
0x4100fc MultiByteToWideChar
0x410100 WideCharToMultiByte
0x410104 GetEnvironmentStringsW
0x410108 FreeEnvironmentStringsW
0x41010c LCMapStringW
0x410110 GetFileType
0x410114 DecodePointer
USER32.dll
0x41013c SendMessageA
ole32.dll
0x410144 CoInitialize
0x410148 CoCreateInstance
0x41014c CoUninitialize
OLEAUT32.dll
0x41011c SysFreeString
0x410120 SysAllocString
0x410124 SafeArrayGetUBound
0x410128 SafeArrayAccessData
0x41012c VariantClear
0x410130 SafeArrayUnaccessData
0x410134 SafeArrayGetLBound
EAT(Export Address Table) is none
KERNEL32.dll
0x410000 Sleep
0x410004 VirtualProtect
0x410008 HeapFree
0x41000c VirtualFree
0x410010 VirtualAlloc
0x410014 LoadLibraryA
0x410018 HeapAlloc
0x41001c GetProcAddress
0x410020 GetProcessHeap
0x410024 FreeLibrary
0x410028 IsBadReadPtr
0x41002c WriteConsoleW
0x410030 CloseHandle
0x410034 CreateFileW
0x410038 SetFilePointerEx
0x41003c GetConsoleMode
0x410040 GetConsoleOutputCP
0x410044 FlushFileBuffers
0x410048 HeapSize
0x41004c GetStringTypeW
0x410050 SetStdHandle
0x410054 UnhandledExceptionFilter
0x410058 SetUnhandledExceptionFilter
0x41005c GetCurrentProcess
0x410060 TerminateProcess
0x410064 IsProcessorFeaturePresent
0x410068 IsDebuggerPresent
0x41006c GetStartupInfoW
0x410070 GetModuleHandleW
0x410074 QueryPerformanceCounter
0x410078 GetCurrentProcessId
0x41007c GetCurrentThreadId
0x410080 GetSystemTimeAsFileTime
0x410084 InitializeSListHead
0x410088 RtlUnwind
0x41008c RaiseException
0x410090 GetLastError
0x410094 SetLastError
0x410098 EncodePointer
0x41009c EnterCriticalSection
0x4100a0 LeaveCriticalSection
0x4100a4 DeleteCriticalSection
0x4100a8 InitializeCriticalSectionAndSpinCount
0x4100ac TlsAlloc
0x4100b0 TlsGetValue
0x4100b4 TlsSetValue
0x4100b8 TlsFree
0x4100bc LoadLibraryExW
0x4100c0 ExitProcess
0x4100c4 GetModuleHandleExW
0x4100c8 GetModuleFileNameW
0x4100cc GetStdHandle
0x4100d0 WriteFile
0x4100d4 HeapReAlloc
0x4100d8 FindClose
0x4100dc FindFirstFileExW
0x4100e0 FindNextFileW
0x4100e4 IsValidCodePage
0x4100e8 GetACP
0x4100ec GetOEMCP
0x4100f0 GetCPInfo
0x4100f4 GetCommandLineA
0x4100f8 GetCommandLineW
0x4100fc MultiByteToWideChar
0x410100 WideCharToMultiByte
0x410104 GetEnvironmentStringsW
0x410108 FreeEnvironmentStringsW
0x41010c LCMapStringW
0x410110 GetFileType
0x410114 DecodePointer
USER32.dll
0x41013c SendMessageA
ole32.dll
0x410144 CoInitialize
0x410148 CoCreateInstance
0x41014c CoUninitialize
OLEAUT32.dll
0x41011c SysFreeString
0x410120 SysAllocString
0x410124 SafeArrayGetUBound
0x410128 SafeArrayAccessData
0x41012c VariantClear
0x410130 SafeArrayUnaccessData
0x410134 SafeArrayGetLBound
EAT(Export Address Table) is none