ScreenShot
| Created | 2023.09.15 07:50 | Machine | s1_win7_x6401 |
| Filename | Belphegor_crypto.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | |||
| md5 | 1ae5e18c3f032578c3e8e1f2dad127ac | ||
| sha256 | f561a2851020a8f0473104f4c4123c9730710c0fb6faf6cfcdd926694960374d | ||
| ssdeep | 12288:1KzgvtVn3BsnL5BG4Obz7Ie3zxv6FxQ1Hr35X5m7fT3GOIavtSYF:1KzinWnE8sxy+C7LWwV5F | ||
| imphash | 0c9c64525522b2a989036b9afc41aa0b | ||
| impfuzzy | 24:1DoryPGxjeMjOovb/J3InktsQFQ8RyvDkRT4QfalWgLGGml:5MCY9ts3DgcQfaIsC | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41200c lstrlenW
0x412010 VirtualProtect
0x412014 GetProcAddress
0x412018 LoadLibraryA
0x41201c VirtualAlloc
0x412020 LockResource
0x412024 LoadResource
0x412028 CreateThread
0x41202c FindResourceW
0x412030 GetModuleHandleW
0x412034 GetLastError
0x412038 CreateMutexA
0x41203c GetModuleHandleA
0x412040 LocalAlloc
0x412044 FreeConsole
0x412048 Sleep
0x41204c SizeofResource
0x412050 WaitForSingleObject
0x412054 RtlUnwind
0x412058 RaiseException
0x41205c GetCommandLineA
0x412060 TlsGetValue
0x412064 TlsAlloc
0x412068 TlsSetValue
0x41206c TlsFree
0x412070 InterlockedIncrement
0x412074 SetLastError
0x412078 GetCurrentThreadId
0x41207c InterlockedDecrement
0x412080 HeapFree
0x412084 HeapAlloc
0x412088 TerminateProcess
0x41208c GetCurrentProcess
0x412090 UnhandledExceptionFilter
0x412094 SetUnhandledExceptionFilter
0x412098 IsDebuggerPresent
0x41209c ExitProcess
0x4120a0 WriteFile
0x4120a4 GetStdHandle
0x4120a8 GetModuleFileNameA
0x4120ac FreeEnvironmentStringsA
0x4120b0 GetEnvironmentStrings
0x4120b4 FreeEnvironmentStringsW
0x4120b8 WideCharToMultiByte
0x4120bc GetEnvironmentStringsW
0x4120c0 SetHandleCount
0x4120c4 GetFileType
0x4120c8 GetStartupInfoA
0x4120cc DeleteCriticalSection
0x4120d0 HeapCreate
0x4120d4 VirtualFree
0x4120d8 QueryPerformanceCounter
0x4120dc GetTickCount
0x4120e0 GetCurrentProcessId
0x4120e4 GetSystemTimeAsFileTime
0x4120e8 GetCPInfo
0x4120ec GetACP
0x4120f0 GetOEMCP
0x4120f4 IsValidCodePage
0x4120f8 LeaveCriticalSection
0x4120fc EnterCriticalSection
0x412100 HeapReAlloc
0x412104 HeapSize
0x412108 InitializeCriticalSectionAndSpinCount
0x41210c LCMapStringA
0x412110 MultiByteToWideChar
0x412114 LCMapStringW
0x412118 GetStringTypeA
0x41211c GetStringTypeW
0x412120 GetLocaleInfoA
COMDLG32.dll
0x412000 GetSaveFileNameA
0x412004 GetOpenFileNameA
ole32.dll
0x412128 CoGetInstanceFromFile
EAT(Export Address Table) is none
KERNEL32.dll
0x41200c lstrlenW
0x412010 VirtualProtect
0x412014 GetProcAddress
0x412018 LoadLibraryA
0x41201c VirtualAlloc
0x412020 LockResource
0x412024 LoadResource
0x412028 CreateThread
0x41202c FindResourceW
0x412030 GetModuleHandleW
0x412034 GetLastError
0x412038 CreateMutexA
0x41203c GetModuleHandleA
0x412040 LocalAlloc
0x412044 FreeConsole
0x412048 Sleep
0x41204c SizeofResource
0x412050 WaitForSingleObject
0x412054 RtlUnwind
0x412058 RaiseException
0x41205c GetCommandLineA
0x412060 TlsGetValue
0x412064 TlsAlloc
0x412068 TlsSetValue
0x41206c TlsFree
0x412070 InterlockedIncrement
0x412074 SetLastError
0x412078 GetCurrentThreadId
0x41207c InterlockedDecrement
0x412080 HeapFree
0x412084 HeapAlloc
0x412088 TerminateProcess
0x41208c GetCurrentProcess
0x412090 UnhandledExceptionFilter
0x412094 SetUnhandledExceptionFilter
0x412098 IsDebuggerPresent
0x41209c ExitProcess
0x4120a0 WriteFile
0x4120a4 GetStdHandle
0x4120a8 GetModuleFileNameA
0x4120ac FreeEnvironmentStringsA
0x4120b0 GetEnvironmentStrings
0x4120b4 FreeEnvironmentStringsW
0x4120b8 WideCharToMultiByte
0x4120bc GetEnvironmentStringsW
0x4120c0 SetHandleCount
0x4120c4 GetFileType
0x4120c8 GetStartupInfoA
0x4120cc DeleteCriticalSection
0x4120d0 HeapCreate
0x4120d4 VirtualFree
0x4120d8 QueryPerformanceCounter
0x4120dc GetTickCount
0x4120e0 GetCurrentProcessId
0x4120e4 GetSystemTimeAsFileTime
0x4120e8 GetCPInfo
0x4120ec GetACP
0x4120f0 GetOEMCP
0x4120f4 IsValidCodePage
0x4120f8 LeaveCriticalSection
0x4120fc EnterCriticalSection
0x412100 HeapReAlloc
0x412104 HeapSize
0x412108 InitializeCriticalSectionAndSpinCount
0x41210c LCMapStringA
0x412110 MultiByteToWideChar
0x412114 LCMapStringW
0x412118 GetStringTypeA
0x41211c GetStringTypeW
0x412120 GetLocaleInfoA
COMDLG32.dll
0x412000 GetSaveFileNameA
0x412004 GetOpenFileNameA
ole32.dll
0x412128 CoGetInstanceFromFile
EAT(Export Address Table) is none