ScreenShot
| Created | 2023.09.06 16:05 | Machine | s1_win7_x6401 |
| Filename | 2cfa8e8aaadb6372a5cad4814785bb581fe0cf0487a5ec67aa0b39f99a575623 | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 65 detected (VBKryjetorTAAE, Wanna, toNz, WannaCryptor, Ransomware, WannaCry, IRG1, unsafe, Wannacrypt, malicious, confidence, 100%, Eldorado, high confidence, CVE-2017-0147, score, eovgam, WNCryLdr, Gencirc, Rbot, WCRY, RansomWannaCry, high, WanaCry, Scatter, se30058, jet@714um4, R200572, ai score=100, CVE-2020-1701, CVE20170147, EternalBlue, CLASSIC, GenAsa, VW7HnU9046M, Static AI, Suspicious PE) | ||
| md5 | a51fb67b5c13bb54aeb6126c2cadc61b | ||
| sha256 | 2cfa8e8aaadb6372a5cad4814785bb581fe0cf0487a5ec67aa0b39f99a575623 | ||
| ssdeep | 24576:wbLgdeQhfdmMSirYbcMNgef0QeQ4kRiwDnz9cEA5yYSZxN0P:wnjQqMSPbcBVQeRkRiwt/Zx+P | ||
| imphash | 9ecee117164e0b870a53dd187cdd7174 | ||
| impfuzzy | 24:Wjsh8hnSDklJcp2LTTdEpZwu8eBaBGT1LFWzOxcOwjy876eZ+RP5H0vB+GvrcCGR:NYncp2Lly8SnI76eZ+RPp05+GoCGR | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 65 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Installs itself for autorun at Windows startup |
| notice | A process created a hidden window |
| notice | Creates a service |
| notice | Creates executable files on the filesystem |
| notice | Creates hidden or system file |
| info | The executable uses a known packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (12cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40a030 WaitForSingleObject
0x40a034 InterlockedIncrement
0x40a038 GetCurrentThreadId
0x40a03c GetCurrentThread
0x40a040 ReadFile
0x40a044 GetFileSize
0x40a048 CreateFileA
0x40a04c MoveFileExA
0x40a050 SizeofResource
0x40a054 TerminateThread
0x40a058 LoadResource
0x40a05c FindResourceA
0x40a060 GetProcAddress
0x40a064 GetModuleHandleW
0x40a068 ExitProcess
0x40a06c GetModuleFileNameA
0x40a070 LocalFree
0x40a074 LocalAlloc
0x40a078 CloseHandle
0x40a07c InterlockedDecrement
0x40a080 EnterCriticalSection
0x40a084 LeaveCriticalSection
0x40a088 InitializeCriticalSection
0x40a08c GlobalAlloc
0x40a090 GlobalFree
0x40a094 QueryPerformanceFrequency
0x40a098 QueryPerformanceCounter
0x40a09c GetTickCount
0x40a0a0 LockResource
0x40a0a4 Sleep
0x40a0a8 GetStartupInfoA
0x40a0ac GetModuleHandleA
ADVAPI32.dll
0x40a000 StartServiceCtrlDispatcherA
0x40a004 RegisterServiceCtrlHandlerA
0x40a008 ChangeServiceConfig2A
0x40a00c SetServiceStatus
0x40a010 OpenSCManagerA
0x40a014 CreateServiceA
0x40a018 CloseServiceHandle
0x40a01c StartServiceA
0x40a020 CryptGenRandom
0x40a024 CryptAcquireContextA
0x40a028 OpenServiceA
WS2_32.dll
0x40a144 closesocket
0x40a148 recv
0x40a14c send
0x40a150 htonl
0x40a154 ntohl
0x40a158 WSAStartup
0x40a15c inet_ntoa
0x40a160 ioctlsocket
0x40a164 select
0x40a168 htons
0x40a16c socket
0x40a170 connect
0x40a174 inet_addr
MSVCP60.dll
0x40a0b4 ??1_Lockit@std@@QAE@XZ
0x40a0b8 ??0_Lockit@std@@QAE@XZ
iphlpapi.dll
0x40a17c GetAdaptersInfo
0x40a180 GetPerAdapterInfo
WININET.dll
0x40a134 InternetOpenA
0x40a138 InternetOpenUrlA
0x40a13c InternetCloseHandle
MSVCRT.dll
0x40a0c0 __set_app_type
0x40a0c4 _stricmp
0x40a0c8 __p__fmode
0x40a0cc __p__commode
0x40a0d0 _except_handler3
0x40a0d4 __setusermatherr
0x40a0d8 _initterm
0x40a0dc __getmainargs
0x40a0e0 _acmdln
0x40a0e4 _adjust_fdiv
0x40a0e8 _controlfp
0x40a0ec exit
0x40a0f0 _XcptFilter
0x40a0f4 _exit
0x40a0f8 _onexit
0x40a0fc __dllonexit
0x40a100 free
0x40a104 ??2@YAPAXI@Z
0x40a108 _ftol
0x40a10c sprintf
0x40a110 _endthreadex
0x40a114 strncpy
0x40a118 rand
0x40a11c _beginthreadex
0x40a120 __CxxFrameHandler
0x40a124 srand
0x40a128 time
0x40a12c __p___argc
EAT(Export Address Table) is none
KERNEL32.dll
0x40a030 WaitForSingleObject
0x40a034 InterlockedIncrement
0x40a038 GetCurrentThreadId
0x40a03c GetCurrentThread
0x40a040 ReadFile
0x40a044 GetFileSize
0x40a048 CreateFileA
0x40a04c MoveFileExA
0x40a050 SizeofResource
0x40a054 TerminateThread
0x40a058 LoadResource
0x40a05c FindResourceA
0x40a060 GetProcAddress
0x40a064 GetModuleHandleW
0x40a068 ExitProcess
0x40a06c GetModuleFileNameA
0x40a070 LocalFree
0x40a074 LocalAlloc
0x40a078 CloseHandle
0x40a07c InterlockedDecrement
0x40a080 EnterCriticalSection
0x40a084 LeaveCriticalSection
0x40a088 InitializeCriticalSection
0x40a08c GlobalAlloc
0x40a090 GlobalFree
0x40a094 QueryPerformanceFrequency
0x40a098 QueryPerformanceCounter
0x40a09c GetTickCount
0x40a0a0 LockResource
0x40a0a4 Sleep
0x40a0a8 GetStartupInfoA
0x40a0ac GetModuleHandleA
ADVAPI32.dll
0x40a000 StartServiceCtrlDispatcherA
0x40a004 RegisterServiceCtrlHandlerA
0x40a008 ChangeServiceConfig2A
0x40a00c SetServiceStatus
0x40a010 OpenSCManagerA
0x40a014 CreateServiceA
0x40a018 CloseServiceHandle
0x40a01c StartServiceA
0x40a020 CryptGenRandom
0x40a024 CryptAcquireContextA
0x40a028 OpenServiceA
WS2_32.dll
0x40a144 closesocket
0x40a148 recv
0x40a14c send
0x40a150 htonl
0x40a154 ntohl
0x40a158 WSAStartup
0x40a15c inet_ntoa
0x40a160 ioctlsocket
0x40a164 select
0x40a168 htons
0x40a16c socket
0x40a170 connect
0x40a174 inet_addr
MSVCP60.dll
0x40a0b4 ??1_Lockit@std@@QAE@XZ
0x40a0b8 ??0_Lockit@std@@QAE@XZ
iphlpapi.dll
0x40a17c GetAdaptersInfo
0x40a180 GetPerAdapterInfo
WININET.dll
0x40a134 InternetOpenA
0x40a138 InternetOpenUrlA
0x40a13c InternetCloseHandle
MSVCRT.dll
0x40a0c0 __set_app_type
0x40a0c4 _stricmp
0x40a0c8 __p__fmode
0x40a0cc __p__commode
0x40a0d0 _except_handler3
0x40a0d4 __setusermatherr
0x40a0d8 _initterm
0x40a0dc __getmainargs
0x40a0e0 _acmdln
0x40a0e4 _adjust_fdiv
0x40a0e8 _controlfp
0x40a0ec exit
0x40a0f0 _XcptFilter
0x40a0f4 _exit
0x40a0f8 _onexit
0x40a0fc __dllonexit
0x40a100 free
0x40a104 ??2@YAPAXI@Z
0x40a108 _ftol
0x40a10c sprintf
0x40a110 _endthreadex
0x40a114 strncpy
0x40a118 rand
0x40a11c _beginthreadex
0x40a120 __CxxFrameHandler
0x40a124 srand
0x40a128 time
0x40a12c __p___argc
EAT(Export Address Table) is none