ScreenShot
Created | 2023.09.09 21:55 | Machine | s1_win7_x6403 |
Filename | Black_Saturn.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | 43 detected (AIDetectMalware, ClipBanker, Midie, Botx, Artemis, Neshta, FileInfector, TrojanBanker, Eldorado, Attribute, HighConfidence, malicious, high confidence, Kryptik, HUBU, score, FalseSign, Cujl, RedLineNET, AMADEY, YXDIIZ, ai score=81, LaplasClipper, Detected, BScope, unsafe, aehnnhXOEfO, Outbreak, susgen, HUKQ, confidence) | ||
md5 | 33a22c3db8fe05d4c819a9c9360c8de4 | ||
sha256 | 7f1f5182fa1e302f5e5dd7700fea36d1466b68216c73f6a30dd4750f988f705a | ||
ssdeep | 12288:76KX0OuRLZNV5DpMhnnsNWDDW7juQ/kd9oUTAmzwDbAbKj9GB6EEQd6:7H0Og0nnsNfI9oUTPw3AbKjsAEEQd6 | ||
imphash | 283efa8b8b510b11551f297f9dcd33d1 | ||
impfuzzy | 24:7kf0HTOovTS1jtGGzplJeDc+pl3eDoLotOsFURZHu93vFZSudTxGMck:AsHSOS1jtGGz2c+ppXhyFZSux |
Network IP location
Signature (5cnts)
Level | Description |
---|---|
danger | File has been identified by 43 AntiVirus engines on VirusTotal as malicious |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
info | The executable uses a known packer |
info | This executable has a PDB path |
Rules (5cnts)
Level | Name | Description | Collection |
---|---|---|---|
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x46e1e4 GetPhysicalCursorPos
COMCTL32.dll
0x46e000 ImageList_SetDragCursorImage
KERNEL32.dll
0x46e030 WriteConsoleW
0x46e034 GetCommandLineA
0x46e038 GetModuleFileNameA
0x46e03c CopyFileA
0x46e040 QueryPerformanceCounter
0x46e044 GetCurrentProcessId
0x46e048 GetCurrentThreadId
0x46e04c GetSystemTimeAsFileTime
0x46e050 InitializeSListHead
0x46e054 IsDebuggerPresent
0x46e058 UnhandledExceptionFilter
0x46e05c SetUnhandledExceptionFilter
0x46e060 GetStartupInfoW
0x46e064 IsProcessorFeaturePresent
0x46e068 GetModuleHandleW
0x46e06c GetCurrentProcess
0x46e070 TerminateProcess
0x46e074 CloseHandle
0x46e078 RaiseException
0x46e07c RtlUnwind
0x46e080 InterlockedPushEntrySList
0x46e084 InterlockedFlushSList
0x46e088 GetLastError
0x46e08c SetLastError
0x46e090 EncodePointer
0x46e094 EnterCriticalSection
0x46e098 LeaveCriticalSection
0x46e09c DeleteCriticalSection
0x46e0a0 InitializeCriticalSectionAndSpinCount
0x46e0a4 TlsAlloc
0x46e0a8 TlsGetValue
0x46e0ac TlsSetValue
0x46e0b0 TlsFree
0x46e0b4 FreeLibrary
0x46e0b8 GetProcAddress
0x46e0bc LoadLibraryExW
0x46e0c0 GetStdHandle
0x46e0c4 WriteFile
0x46e0c8 GetModuleFileNameW
0x46e0cc ExitProcess
0x46e0d0 GetModuleHandleExW
0x46e0d4 DecodePointer
0x46e0d8 GetCommandLineW
0x46e0dc GetCurrentThread
0x46e0e0 OutputDebugStringW
0x46e0e4 HeapAlloc
0x46e0e8 HeapFree
0x46e0ec FindClose
0x46e0f0 FindFirstFileExW
0x46e0f4 FindNextFileW
0x46e0f8 IsValidCodePage
0x46e0fc GetACP
0x46e100 GetOEMCP
0x46e104 GetCPInfo
0x46e108 MultiByteToWideChar
0x46e10c WideCharToMultiByte
0x46e110 GetEnvironmentStringsW
0x46e114 FreeEnvironmentStringsW
0x46e118 SetEnvironmentVariableW
0x46e11c SetStdHandle
0x46e120 GetFileType
0x46e124 GetStringTypeW
0x46e128 GetLocaleInfoW
0x46e12c IsValidLocale
0x46e130 GetUserDefaultLCID
0x46e134 EnumSystemLocalesW
0x46e138 GetDateFormatW
0x46e13c GetTimeFormatW
0x46e140 CompareStringW
0x46e144 LCMapStringW
0x46e148 GetProcessHeap
0x46e14c SetConsoleCtrlHandler
0x46e150 HeapSize
0x46e154 HeapReAlloc
0x46e158 FlushFileBuffers
0x46e15c GetConsoleOutputCP
0x46e160 GetConsoleMode
0x46e164 GetFileSizeEx
0x46e168 SetFilePointerEx
0x46e16c ReadFile
0x46e170 ReadConsoleW
0x46e174 CreateFileW
EAT(Export Address Table) is none
USER32.dll
0x46e1e4 GetPhysicalCursorPos
COMCTL32.dll
0x46e000 ImageList_SetDragCursorImage
KERNEL32.dll
0x46e030 WriteConsoleW
0x46e034 GetCommandLineA
0x46e038 GetModuleFileNameA
0x46e03c CopyFileA
0x46e040 QueryPerformanceCounter
0x46e044 GetCurrentProcessId
0x46e048 GetCurrentThreadId
0x46e04c GetSystemTimeAsFileTime
0x46e050 InitializeSListHead
0x46e054 IsDebuggerPresent
0x46e058 UnhandledExceptionFilter
0x46e05c SetUnhandledExceptionFilter
0x46e060 GetStartupInfoW
0x46e064 IsProcessorFeaturePresent
0x46e068 GetModuleHandleW
0x46e06c GetCurrentProcess
0x46e070 TerminateProcess
0x46e074 CloseHandle
0x46e078 RaiseException
0x46e07c RtlUnwind
0x46e080 InterlockedPushEntrySList
0x46e084 InterlockedFlushSList
0x46e088 GetLastError
0x46e08c SetLastError
0x46e090 EncodePointer
0x46e094 EnterCriticalSection
0x46e098 LeaveCriticalSection
0x46e09c DeleteCriticalSection
0x46e0a0 InitializeCriticalSectionAndSpinCount
0x46e0a4 TlsAlloc
0x46e0a8 TlsGetValue
0x46e0ac TlsSetValue
0x46e0b0 TlsFree
0x46e0b4 FreeLibrary
0x46e0b8 GetProcAddress
0x46e0bc LoadLibraryExW
0x46e0c0 GetStdHandle
0x46e0c4 WriteFile
0x46e0c8 GetModuleFileNameW
0x46e0cc ExitProcess
0x46e0d0 GetModuleHandleExW
0x46e0d4 DecodePointer
0x46e0d8 GetCommandLineW
0x46e0dc GetCurrentThread
0x46e0e0 OutputDebugStringW
0x46e0e4 HeapAlloc
0x46e0e8 HeapFree
0x46e0ec FindClose
0x46e0f0 FindFirstFileExW
0x46e0f4 FindNextFileW
0x46e0f8 IsValidCodePage
0x46e0fc GetACP
0x46e100 GetOEMCP
0x46e104 GetCPInfo
0x46e108 MultiByteToWideChar
0x46e10c WideCharToMultiByte
0x46e110 GetEnvironmentStringsW
0x46e114 FreeEnvironmentStringsW
0x46e118 SetEnvironmentVariableW
0x46e11c SetStdHandle
0x46e120 GetFileType
0x46e124 GetStringTypeW
0x46e128 GetLocaleInfoW
0x46e12c IsValidLocale
0x46e130 GetUserDefaultLCID
0x46e134 EnumSystemLocalesW
0x46e138 GetDateFormatW
0x46e13c GetTimeFormatW
0x46e140 CompareStringW
0x46e144 LCMapStringW
0x46e148 GetProcessHeap
0x46e14c SetConsoleCtrlHandler
0x46e150 HeapSize
0x46e154 HeapReAlloc
0x46e158 FlushFileBuffers
0x46e15c GetConsoleOutputCP
0x46e160 GetConsoleMode
0x46e164 GetFileSizeEx
0x46e168 SetFilePointerEx
0x46e16c ReadFile
0x46e170 ReadConsoleW
0x46e174 CreateFileW
EAT(Export Address Table) is none