ScreenShot
| Created | 2023.09.11 18:02 | Machine | s1_win7_x6401 |
| Filename | RaiDrive_2023.9.0_x64.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 15 detected (Common, Artemis, Genus, ABRisk, GKZB, Banload, eqdq, Detected, Agentb, Generic@AI, RDML, K0sMetBopRYQVTP4fhFtQ, PossibleThreat, MALICIOUS) | ||
| md5 | a523a20f9993d562a1e2761d930cc243 | ||
| sha256 | e8c944b9a94b79f2d5a2783d1c20a555d66e6912c077a8a47617da5f0c5caa78 | ||
| ssdeep | 196608:0fl0kYa0SgYavcpMFYeBL/pbtc+swO+7moMVzMvWHpxh7HxMSKoTXKsKIwiTs1v1:mRY/0GrKI7moMV4vWMSKUCsog+wx+w23 | ||
| imphash | 21314122cd4542a6b9b297f52a87acbe | ||
| impfuzzy | 48:JOUcSpvEdTsQYbbqoH9swUwrkrha9xvCrwYUrUvZk78:JHcSpvEdTsQYCMSPwrkrGxvo7UrWt | ||
Network IP location
Signature (11cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 15 AntiVirus engines on VirusTotal as malicious |
| watch | One or more of the buffers contains an embedded PE file |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | One or more potentially interesting buffers were extracted |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| info | Checks amount of memory in system |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (28cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (download) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | ASPack_Zero | ASPack packed file | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | bmp_file_format | bmp file format | binaries (download) |
| info | CAB_file_format | CAB archive file | binaries (download) |
| info | CAB_file_format | CAB archive file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (download) |
| info | icon_file_format | icon file format | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (download) |
| info | JPEG_Format_Zero | JPEG Format | binaries (download) |
| info | Microsoft_Office_File_Zero | Microsoft Office File | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x66c000 CreateFileW
0x66c004 CloseHandle
0x66c008 WriteFile
0x66c00c DeleteFileW
0x66c010 HeapDestroy
0x66c014 HeapSize
0x66c018 HeapReAlloc
0x66c01c HeapFree
0x66c020 HeapAlloc
0x66c024 GetProcessHeap
0x66c028 SizeofResource
0x66c02c LockResource
0x66c030 LoadResource
0x66c034 FindResourceW
0x66c038 FindResourceExW
0x66c03c CreateEventExW
0x66c040 WaitForSingleObject
0x66c044 CreateProcessW
0x66c048 GetLastError
0x66c04c GetExitCodeProcess
0x66c050 SetEvent
0x66c054 RemoveDirectoryW
0x66c058 GetProcAddress
0x66c05c GetModuleHandleW
0x66c060 GetWindowsDirectoryW
0x66c064 CreateDirectoryW
0x66c068 GetTempPathW
0x66c06c GetTempFileNameW
0x66c070 MoveFileW
0x66c074 EnterCriticalSection
0x66c078 LeaveCriticalSection
0x66c07c GetModuleFileNameW
0x66c080 DeleteCriticalSection
0x66c084 InitializeCriticalSectionAndSpinCount
0x66c088 GetCurrentThreadId
0x66c08c RaiseException
0x66c090 SetLastError
0x66c094 GlobalUnlock
0x66c098 GlobalLock
0x66c09c GlobalAlloc
0x66c0a0 MulDiv
0x66c0a4 lstrcmpW
0x66c0a8 CreateEventW
0x66c0ac FindClose
0x66c0b0 FindFirstFileW
0x66c0b4 GetFullPathNameW
0x66c0b8 InitializeCriticalSection
0x66c0bc lstrcpynW
0x66c0c0 CreateThread
0x66c0c4 LoadLibraryExW
0x66c0c8 GetCurrentProcess
0x66c0cc Sleep
0x66c0d0 WideCharToMultiByte
0x66c0d4 GetDiskFreeSpaceExW
0x66c0d8 DecodePointer
0x66c0dc GetExitCodeThread
0x66c0e0 GetCurrentProcessId
0x66c0e4 FreeLibrary
0x66c0e8 GetSystemDirectoryW
0x66c0ec lstrlenW
0x66c0f0 VerifyVersionInfoW
0x66c0f4 VerSetConditionMask
0x66c0f8 lstrcmpiW
0x66c0fc LoadLibraryW
0x66c100 GetDriveTypeW
0x66c104 CompareStringW
0x66c108 FindNextFileW
0x66c10c GetLogicalDriveStringsW
0x66c110 GetFileSize
0x66c114 GetFileAttributesW
0x66c118 GetShortPathNameW
0x66c11c GetFinalPathNameByHandleW
0x66c120 SetFileAttributesW
0x66c124 GetFileTime
0x66c128 CopyFileW
0x66c12c ReadFile
0x66c130 SetFilePointer
0x66c134 SetFileTime
0x66c138 SystemTimeToFileTime
0x66c13c MultiByteToWideChar
0x66c140 GetSystemInfo
0x66c144 WaitForMultipleObjects
0x66c148 GetVersionExW
0x66c14c VirtualProtect
0x66c150 VirtualQuery
0x66c154 LoadLibraryExA
0x66c158 GetStringTypeW
0x66c15c LocalFree
0x66c160 LocalAlloc
0x66c164 SetUnhandledExceptionFilter
0x66c168 FileTimeToSystemTime
0x66c16c GetEnvironmentVariableW
0x66c170 GetSystemTime
0x66c174 GetDateFormatW
0x66c178 GetTimeFormatW
0x66c17c GetLocaleInfoW
0x66c180 CreateToolhelp32Snapshot
0x66c184 Process32FirstW
0x66c188 Process32NextW
0x66c18c FormatMessageW
0x66c190 GetEnvironmentStringsW
0x66c194 InitializeCriticalSectionEx
0x66c198 LoadLibraryA
0x66c19c GetModuleFileNameA
0x66c1a0 GetCurrentThread
0x66c1a4 GetConsoleOutputCP
0x66c1a8 FlushFileBuffers
0x66c1ac Wow64DisableWow64FsRedirection
0x66c1b0 Wow64RevertWow64FsRedirection
0x66c1b4 IsWow64Process
0x66c1b8 SetConsoleTextAttribute
0x66c1bc GetStdHandle
0x66c1c0 GetConsoleScreenBufferInfo
0x66c1c4 OutputDebugStringW
0x66c1c8 GetTickCount
0x66c1cc GetCommandLineW
0x66c1d0 SetCurrentDirectoryW
0x66c1d4 SetEndOfFile
0x66c1d8 EnumResourceLanguagesW
0x66c1dc GetSystemDefaultLangID
0x66c1e0 GetUserDefaultLangID
0x66c1e4 GetLocalTime
0x66c1e8 ResetEvent
0x66c1ec GlobalFree
0x66c1f0 GetPrivateProfileStringW
0x66c1f4 GetPrivateProfileSectionNamesW
0x66c1f8 WritePrivateProfileStringW
0x66c1fc CreateNamedPipeW
0x66c200 ConnectNamedPipe
0x66c204 TerminateThread
0x66c208 CompareFileTime
0x66c20c CopyFileExW
0x66c210 OpenEventW
0x66c214 PeekNamedPipe
0x66c218 WaitForSingleObjectEx
0x66c21c QueryPerformanceCounter
0x66c220 QueryPerformanceFrequency
0x66c224 EncodePointer
0x66c228 LCMapStringEx
0x66c22c CompareStringEx
0x66c230 GetCPInfo
0x66c234 GetSystemTimeAsFileTime
0x66c238 IsDebuggerPresent
0x66c23c InitializeSListHead
0x66c240 InterlockedPopEntrySList
0x66c244 InterlockedPushEntrySList
0x66c248 FlushInstructionCache
0x66c24c IsProcessorFeaturePresent
0x66c250 VirtualAlloc
0x66c254 VirtualFree
0x66c258 UnhandledExceptionFilter
0x66c25c TerminateProcess
0x66c260 GetStartupInfoW
0x66c264 RtlUnwind
0x66c268 TlsAlloc
0x66c26c TlsGetValue
0x66c270 TlsSetValue
0x66c274 TlsFree
0x66c278 ExitThread
0x66c27c FreeLibraryAndExitThread
0x66c280 GetModuleHandleExW
0x66c284 ExitProcess
0x66c288 GetFileType
0x66c28c LCMapStringW
0x66c290 IsValidLocale
0x66c294 GetUserDefaultLCID
0x66c298 EnumSystemLocalesW
0x66c29c GetTimeZoneInformation
0x66c2a0 GetConsoleMode
0x66c2a4 GetFileSizeEx
0x66c2a8 SetFilePointerEx
0x66c2ac FindFirstFileExW
0x66c2b0 IsValidCodePage
0x66c2b4 GetACP
0x66c2b8 GetOEMCP
0x66c2bc GetCommandLineA
0x66c2c0 FreeEnvironmentStringsW
0x66c2c4 SetEnvironmentVariableW
0x66c2c8 SetStdHandle
0x66c2cc ReadConsoleW
0x66c2d0 WriteConsoleW
0x66c2d4 GetProcessAffinityMask
0x66c2d8 GetModuleHandleA
0x66c2dc GlobalMemoryStatus
0x66c2e0 ReleaseSemaphore
0x66c2e4 CreateSemaphoreW
EAT(Export Address Table) is none
KERNEL32.dll
0x66c000 CreateFileW
0x66c004 CloseHandle
0x66c008 WriteFile
0x66c00c DeleteFileW
0x66c010 HeapDestroy
0x66c014 HeapSize
0x66c018 HeapReAlloc
0x66c01c HeapFree
0x66c020 HeapAlloc
0x66c024 GetProcessHeap
0x66c028 SizeofResource
0x66c02c LockResource
0x66c030 LoadResource
0x66c034 FindResourceW
0x66c038 FindResourceExW
0x66c03c CreateEventExW
0x66c040 WaitForSingleObject
0x66c044 CreateProcessW
0x66c048 GetLastError
0x66c04c GetExitCodeProcess
0x66c050 SetEvent
0x66c054 RemoveDirectoryW
0x66c058 GetProcAddress
0x66c05c GetModuleHandleW
0x66c060 GetWindowsDirectoryW
0x66c064 CreateDirectoryW
0x66c068 GetTempPathW
0x66c06c GetTempFileNameW
0x66c070 MoveFileW
0x66c074 EnterCriticalSection
0x66c078 LeaveCriticalSection
0x66c07c GetModuleFileNameW
0x66c080 DeleteCriticalSection
0x66c084 InitializeCriticalSectionAndSpinCount
0x66c088 GetCurrentThreadId
0x66c08c RaiseException
0x66c090 SetLastError
0x66c094 GlobalUnlock
0x66c098 GlobalLock
0x66c09c GlobalAlloc
0x66c0a0 MulDiv
0x66c0a4 lstrcmpW
0x66c0a8 CreateEventW
0x66c0ac FindClose
0x66c0b0 FindFirstFileW
0x66c0b4 GetFullPathNameW
0x66c0b8 InitializeCriticalSection
0x66c0bc lstrcpynW
0x66c0c0 CreateThread
0x66c0c4 LoadLibraryExW
0x66c0c8 GetCurrentProcess
0x66c0cc Sleep
0x66c0d0 WideCharToMultiByte
0x66c0d4 GetDiskFreeSpaceExW
0x66c0d8 DecodePointer
0x66c0dc GetExitCodeThread
0x66c0e0 GetCurrentProcessId
0x66c0e4 FreeLibrary
0x66c0e8 GetSystemDirectoryW
0x66c0ec lstrlenW
0x66c0f0 VerifyVersionInfoW
0x66c0f4 VerSetConditionMask
0x66c0f8 lstrcmpiW
0x66c0fc LoadLibraryW
0x66c100 GetDriveTypeW
0x66c104 CompareStringW
0x66c108 FindNextFileW
0x66c10c GetLogicalDriveStringsW
0x66c110 GetFileSize
0x66c114 GetFileAttributesW
0x66c118 GetShortPathNameW
0x66c11c GetFinalPathNameByHandleW
0x66c120 SetFileAttributesW
0x66c124 GetFileTime
0x66c128 CopyFileW
0x66c12c ReadFile
0x66c130 SetFilePointer
0x66c134 SetFileTime
0x66c138 SystemTimeToFileTime
0x66c13c MultiByteToWideChar
0x66c140 GetSystemInfo
0x66c144 WaitForMultipleObjects
0x66c148 GetVersionExW
0x66c14c VirtualProtect
0x66c150 VirtualQuery
0x66c154 LoadLibraryExA
0x66c158 GetStringTypeW
0x66c15c LocalFree
0x66c160 LocalAlloc
0x66c164 SetUnhandledExceptionFilter
0x66c168 FileTimeToSystemTime
0x66c16c GetEnvironmentVariableW
0x66c170 GetSystemTime
0x66c174 GetDateFormatW
0x66c178 GetTimeFormatW
0x66c17c GetLocaleInfoW
0x66c180 CreateToolhelp32Snapshot
0x66c184 Process32FirstW
0x66c188 Process32NextW
0x66c18c FormatMessageW
0x66c190 GetEnvironmentStringsW
0x66c194 InitializeCriticalSectionEx
0x66c198 LoadLibraryA
0x66c19c GetModuleFileNameA
0x66c1a0 GetCurrentThread
0x66c1a4 GetConsoleOutputCP
0x66c1a8 FlushFileBuffers
0x66c1ac Wow64DisableWow64FsRedirection
0x66c1b0 Wow64RevertWow64FsRedirection
0x66c1b4 IsWow64Process
0x66c1b8 SetConsoleTextAttribute
0x66c1bc GetStdHandle
0x66c1c0 GetConsoleScreenBufferInfo
0x66c1c4 OutputDebugStringW
0x66c1c8 GetTickCount
0x66c1cc GetCommandLineW
0x66c1d0 SetCurrentDirectoryW
0x66c1d4 SetEndOfFile
0x66c1d8 EnumResourceLanguagesW
0x66c1dc GetSystemDefaultLangID
0x66c1e0 GetUserDefaultLangID
0x66c1e4 GetLocalTime
0x66c1e8 ResetEvent
0x66c1ec GlobalFree
0x66c1f0 GetPrivateProfileStringW
0x66c1f4 GetPrivateProfileSectionNamesW
0x66c1f8 WritePrivateProfileStringW
0x66c1fc CreateNamedPipeW
0x66c200 ConnectNamedPipe
0x66c204 TerminateThread
0x66c208 CompareFileTime
0x66c20c CopyFileExW
0x66c210 OpenEventW
0x66c214 PeekNamedPipe
0x66c218 WaitForSingleObjectEx
0x66c21c QueryPerformanceCounter
0x66c220 QueryPerformanceFrequency
0x66c224 EncodePointer
0x66c228 LCMapStringEx
0x66c22c CompareStringEx
0x66c230 GetCPInfo
0x66c234 GetSystemTimeAsFileTime
0x66c238 IsDebuggerPresent
0x66c23c InitializeSListHead
0x66c240 InterlockedPopEntrySList
0x66c244 InterlockedPushEntrySList
0x66c248 FlushInstructionCache
0x66c24c IsProcessorFeaturePresent
0x66c250 VirtualAlloc
0x66c254 VirtualFree
0x66c258 UnhandledExceptionFilter
0x66c25c TerminateProcess
0x66c260 GetStartupInfoW
0x66c264 RtlUnwind
0x66c268 TlsAlloc
0x66c26c TlsGetValue
0x66c270 TlsSetValue
0x66c274 TlsFree
0x66c278 ExitThread
0x66c27c FreeLibraryAndExitThread
0x66c280 GetModuleHandleExW
0x66c284 ExitProcess
0x66c288 GetFileType
0x66c28c LCMapStringW
0x66c290 IsValidLocale
0x66c294 GetUserDefaultLCID
0x66c298 EnumSystemLocalesW
0x66c29c GetTimeZoneInformation
0x66c2a0 GetConsoleMode
0x66c2a4 GetFileSizeEx
0x66c2a8 SetFilePointerEx
0x66c2ac FindFirstFileExW
0x66c2b0 IsValidCodePage
0x66c2b4 GetACP
0x66c2b8 GetOEMCP
0x66c2bc GetCommandLineA
0x66c2c0 FreeEnvironmentStringsW
0x66c2c4 SetEnvironmentVariableW
0x66c2c8 SetStdHandle
0x66c2cc ReadConsoleW
0x66c2d0 WriteConsoleW
0x66c2d4 GetProcessAffinityMask
0x66c2d8 GetModuleHandleA
0x66c2dc GlobalMemoryStatus
0x66c2e0 ReleaseSemaphore
0x66c2e4 CreateSemaphoreW
EAT(Export Address Table) is none