ScreenShot
| Created | 2023.09.10 16:55 | Machine | s1_win7_x6401 |
| Filename | Update_controller.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 17 detected (AIDetectMalware, Malicious, score, Save, confidence, 100%, Attribute, HighConfidence, high confidence, Artemis, dmcr, Wacatac, Sabsik, Static AI, Suspicious PE) | ||
| md5 | 0787b3b6049ce57921fa6f32fcc33c67 | ||
| sha256 | c27968c70424a38c6f692921062abcdd71714ad0ab1e6a16abaf28fc44602253 | ||
| ssdeep | 24576:nCpCajB3BZcVYwg1PqwaxMu6eo89TZ4fFq0Y:nu1ghr1P | ||
| imphash | f8a3459bab630e159efff3fdf5aa1788 | ||
| impfuzzy | 24:9tDoevUS1jtjhlJnc+pl39/CyoEOovbOIURZHu93vBEGMC:5US1jtj5c+ppQyc3yBR | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 17 AntiVirus engines on VirusTotal as malicious |
| watch | Installs itself for autorun at Windows startup |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates a suspicious process |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Checks amount of memory in system |
| info | Command line console output was observed |
| info | Queries for the computername |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x517000 CreateFileA
0x517004 CloseHandle
0x517008 HeapAlloc
0x51700c GetProcessHeap
0x517010 VirtualAlloc
0x517014 VirtualProtect
0x517018 VirtualFree
0x51701c MapViewOfFile
0x517020 GetModuleHandleA
0x517024 GetProcAddress
0x517028 LoadLibraryA
0x51702c GlobalAlloc
0x517030 GlobalFlags
0x517034 CreateFileMappingA
0x517038 FreeConsole
0x51703c QueryPerformanceCounter
0x517040 GetCurrentProcessId
0x517044 GetCurrentThreadId
0x517048 GetSystemTimeAsFileTime
0x51704c InitializeSListHead
0x517050 IsDebuggerPresent
0x517054 UnhandledExceptionFilter
0x517058 SetUnhandledExceptionFilter
0x51705c GetStartupInfoW
0x517060 IsProcessorFeaturePresent
0x517064 GetModuleHandleW
0x517068 GetCurrentProcess
0x51706c TerminateProcess
0x517070 WriteConsoleW
0x517074 RtlUnwind
0x517078 GetLastError
0x51707c SetLastError
0x517080 EnterCriticalSection
0x517084 LeaveCriticalSection
0x517088 DeleteCriticalSection
0x51708c InitializeCriticalSectionAndSpinCount
0x517090 TlsAlloc
0x517094 TlsGetValue
0x517098 TlsSetValue
0x51709c TlsFree
0x5170a0 FreeLibrary
0x5170a4 LoadLibraryExW
0x5170a8 EncodePointer
0x5170ac RaiseException
0x5170b0 GetStdHandle
0x5170b4 WriteFile
0x5170b8 GetModuleFileNameW
0x5170bc ExitProcess
0x5170c0 GetModuleHandleExW
0x5170c4 GetCommandLineA
0x5170c8 GetCommandLineW
0x5170cc HeapFree
0x5170d0 FindClose
0x5170d4 FindFirstFileExW
0x5170d8 FindNextFileW
0x5170dc IsValidCodePage
0x5170e0 GetACP
0x5170e4 GetOEMCP
0x5170e8 GetCPInfo
0x5170ec MultiByteToWideChar
0x5170f0 WideCharToMultiByte
0x5170f4 GetEnvironmentStringsW
0x5170f8 FreeEnvironmentStringsW
0x5170fc SetEnvironmentVariableW
0x517100 SetStdHandle
0x517104 GetFileType
0x517108 GetStringTypeW
0x51710c CompareStringW
0x517110 LCMapStringW
0x517114 HeapSize
0x517118 HeapReAlloc
0x51711c FlushFileBuffers
0x517120 GetConsoleOutputCP
0x517124 GetConsoleMode
0x517128 SetFilePointerEx
0x51712c CreateFileW
0x517130 DecodePointer
EAT(Export Address Table) is none
KERNEL32.dll
0x517000 CreateFileA
0x517004 CloseHandle
0x517008 HeapAlloc
0x51700c GetProcessHeap
0x517010 VirtualAlloc
0x517014 VirtualProtect
0x517018 VirtualFree
0x51701c MapViewOfFile
0x517020 GetModuleHandleA
0x517024 GetProcAddress
0x517028 LoadLibraryA
0x51702c GlobalAlloc
0x517030 GlobalFlags
0x517034 CreateFileMappingA
0x517038 FreeConsole
0x51703c QueryPerformanceCounter
0x517040 GetCurrentProcessId
0x517044 GetCurrentThreadId
0x517048 GetSystemTimeAsFileTime
0x51704c InitializeSListHead
0x517050 IsDebuggerPresent
0x517054 UnhandledExceptionFilter
0x517058 SetUnhandledExceptionFilter
0x51705c GetStartupInfoW
0x517060 IsProcessorFeaturePresent
0x517064 GetModuleHandleW
0x517068 GetCurrentProcess
0x51706c TerminateProcess
0x517070 WriteConsoleW
0x517074 RtlUnwind
0x517078 GetLastError
0x51707c SetLastError
0x517080 EnterCriticalSection
0x517084 LeaveCriticalSection
0x517088 DeleteCriticalSection
0x51708c InitializeCriticalSectionAndSpinCount
0x517090 TlsAlloc
0x517094 TlsGetValue
0x517098 TlsSetValue
0x51709c TlsFree
0x5170a0 FreeLibrary
0x5170a4 LoadLibraryExW
0x5170a8 EncodePointer
0x5170ac RaiseException
0x5170b0 GetStdHandle
0x5170b4 WriteFile
0x5170b8 GetModuleFileNameW
0x5170bc ExitProcess
0x5170c0 GetModuleHandleExW
0x5170c4 GetCommandLineA
0x5170c8 GetCommandLineW
0x5170cc HeapFree
0x5170d0 FindClose
0x5170d4 FindFirstFileExW
0x5170d8 FindNextFileW
0x5170dc IsValidCodePage
0x5170e0 GetACP
0x5170e4 GetOEMCP
0x5170e8 GetCPInfo
0x5170ec MultiByteToWideChar
0x5170f0 WideCharToMultiByte
0x5170f4 GetEnvironmentStringsW
0x5170f8 FreeEnvironmentStringsW
0x5170fc SetEnvironmentVariableW
0x517100 SetStdHandle
0x517104 GetFileType
0x517108 GetStringTypeW
0x51710c CompareStringW
0x517110 LCMapStringW
0x517114 HeapSize
0x517118 HeapReAlloc
0x51711c FlushFileBuffers
0x517120 GetConsoleOutputCP
0x517124 GetConsoleMode
0x517128 SetFilePointerEx
0x51712c CreateFileW
0x517130 DecodePointer
EAT(Export Address Table) is none