ScreenShot
| Created | 2023.09.22 07:52 | Machine | s1_win7_x6401 |
| Filename | sunor.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 29 detected (AIDetectMalware, Uztuby, Save, malicious, confidence, Kryptik, Eldorado, high confidence, score, ccmw, Static AI, Suspicious PE, ai score=81, Zenpak, Detected, unsafe, Generic@AI, RDML, u9L5bNXUwmrpg8e1i1, HUEI) | ||
| md5 | a7e4eb402115dec3547194a610da7760 | ||
| sha256 | 5e3925f4329916d60714a96798a25e5d680d36f0cfa1a9d69879b7b39cec689d | ||
| ssdeep | 49152:CvxfXTf9aIY41N9WGdqcDqnFwWTXwBIq+eP4zMD:Cvxr9aMXqcCr7bz6 | ||
| imphash | 4dfb85da1495e891078e48fc182e3cd7 | ||
| impfuzzy | 48:J9FprOcLy1XFjn6S3NYfGtWXCKc+pncEpFH:JVrFLy1XFLDufGtWXCKc+pn7pFH | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates a suspicious process |
| notice | Drops an executable to the user AppData folder |
| notice | Yara rule detected in process memory |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (17cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | anti_dbg | Checks if being debugged | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x42a000 GetLastError
0x42a004 SetLastError
0x42a008 FormatMessageW
0x42a00c GetFileType
0x42a010 GetStdHandle
0x42a014 WriteFile
0x42a018 ReadFile
0x42a01c FlushFileBuffers
0x42a020 SetEndOfFile
0x42a024 SetFilePointer
0x42a028 SetFileTime
0x42a02c CloseHandle
0x42a030 CreateFileW
0x42a034 GetCurrentProcessId
0x42a038 CreateDirectoryW
0x42a03c SetFileAttributesW
0x42a040 GetFileAttributesW
0x42a044 DeleteFileW
0x42a048 MoveFileW
0x42a04c FindClose
0x42a050 FindFirstFileW
0x42a054 FindNextFileW
0x42a058 GetVersionExW
0x42a05c GetCurrentDirectoryW
0x42a060 GetFullPathNameW
0x42a064 FoldStringW
0x42a068 GetModuleFileNameW
0x42a06c GetModuleHandleW
0x42a070 FindResourceW
0x42a074 FreeLibrary
0x42a078 GetProcAddress
0x42a07c ExitProcess
0x42a080 SetThreadExecutionState
0x42a084 Sleep
0x42a088 LoadLibraryW
0x42a08c GetSystemDirectoryW
0x42a090 CompareStringW
0x42a094 AllocConsole
0x42a098 FreeConsole
0x42a09c AttachConsole
0x42a0a0 WriteConsoleW
0x42a0a4 SystemTimeToTzSpecificLocalTime
0x42a0a8 TzSpecificLocalTimeToSystemTime
0x42a0ac SystemTimeToFileTime
0x42a0b0 LocalFileTimeToFileTime
0x42a0b4 FileTimeToSystemTime
0x42a0b8 GetCPInfo
0x42a0bc IsDBCSLeadByte
0x42a0c0 MultiByteToWideChar
0x42a0c4 WideCharToMultiByte
0x42a0c8 GlobalAlloc
0x42a0cc LockResource
0x42a0d0 GlobalLock
0x42a0d4 GlobalUnlock
0x42a0d8 GlobalFree
0x42a0dc LoadResource
0x42a0e0 SizeofResource
0x42a0e4 SetCurrentDirectoryW
0x42a0e8 GetTimeFormatW
0x42a0ec GetDateFormatW
0x42a0f0 LocalFree
0x42a0f4 GetCurrentProcess
0x42a0f8 GetExitCodeProcess
0x42a0fc WaitForSingleObject
0x42a100 GetLocalTime
0x42a104 GetTickCount
0x42a108 MapViewOfFile
0x42a10c UnmapViewOfFile
0x42a110 CreateFileMappingW
0x42a114 OpenFileMappingW
0x42a118 GetCommandLineW
0x42a11c SetEnvironmentVariableW
0x42a120 ExpandEnvironmentStringsW
0x42a124 GetTempPathW
0x42a128 MoveFileExW
0x42a12c GetLocaleInfoW
0x42a130 GetNumberFormatW
0x42a134 GetOEMCP
0x42a138 DecodePointer
0x42a13c SetFilePointerEx
0x42a140 GetConsoleMode
0x42a144 GetConsoleCP
0x42a148 HeapSize
0x42a14c SetStdHandle
0x42a150 GetProcessHeap
0x42a154 FreeEnvironmentStringsW
0x42a158 GetEnvironmentStringsW
0x42a15c RaiseException
0x42a160 GetSystemInfo
0x42a164 VirtualProtect
0x42a168 VirtualQuery
0x42a16c LoadLibraryExA
0x42a170 UnhandledExceptionFilter
0x42a174 SetUnhandledExceptionFilter
0x42a178 TerminateProcess
0x42a17c IsProcessorFeaturePresent
0x42a180 IsDebuggerPresent
0x42a184 GetStartupInfoW
0x42a188 QueryPerformanceCounter
0x42a18c GetCurrentThreadId
0x42a190 GetSystemTimeAsFileTime
0x42a194 InitializeSListHead
0x42a198 RtlUnwind
0x42a19c EncodePointer
0x42a1a0 EnterCriticalSection
0x42a1a4 LeaveCriticalSection
0x42a1a8 DeleteCriticalSection
0x42a1ac InitializeCriticalSectionAndSpinCount
0x42a1b0 TlsAlloc
0x42a1b4 TlsGetValue
0x42a1b8 TlsSetValue
0x42a1bc TlsFree
0x42a1c0 LoadLibraryExW
0x42a1c4 QueryPerformanceFrequency
0x42a1c8 GetModuleHandleExW
0x42a1cc GetModuleFileNameA
0x42a1d0 GetACP
0x42a1d4 HeapFree
0x42a1d8 HeapAlloc
0x42a1dc HeapReAlloc
0x42a1e0 GetStringTypeW
0x42a1e4 LCMapStringW
0x42a1e8 FindFirstFileExA
0x42a1ec FindNextFileA
0x42a1f0 IsValidCodePage
0x42a1f4 GetCommandLineA
OLEAUT32.dll
0x42a1fc VariantClear
gdiplus.dll
0x42a204 GdipCreateBitmapFromStream
0x42a208 GdipAlloc
0x42a20c GdipCloneImage
0x42a210 GdipDisposeImage
0x42a214 GdipCreateBitmapFromStreamICM
0x42a218 GdipCreateHBITMAPFromBitmap
0x42a21c GdiplusStartup
0x42a220 GdiplusShutdown
0x42a224 GdipFree
EAT(Export Address Table) Library
KERNEL32.dll
0x42a000 GetLastError
0x42a004 SetLastError
0x42a008 FormatMessageW
0x42a00c GetFileType
0x42a010 GetStdHandle
0x42a014 WriteFile
0x42a018 ReadFile
0x42a01c FlushFileBuffers
0x42a020 SetEndOfFile
0x42a024 SetFilePointer
0x42a028 SetFileTime
0x42a02c CloseHandle
0x42a030 CreateFileW
0x42a034 GetCurrentProcessId
0x42a038 CreateDirectoryW
0x42a03c SetFileAttributesW
0x42a040 GetFileAttributesW
0x42a044 DeleteFileW
0x42a048 MoveFileW
0x42a04c FindClose
0x42a050 FindFirstFileW
0x42a054 FindNextFileW
0x42a058 GetVersionExW
0x42a05c GetCurrentDirectoryW
0x42a060 GetFullPathNameW
0x42a064 FoldStringW
0x42a068 GetModuleFileNameW
0x42a06c GetModuleHandleW
0x42a070 FindResourceW
0x42a074 FreeLibrary
0x42a078 GetProcAddress
0x42a07c ExitProcess
0x42a080 SetThreadExecutionState
0x42a084 Sleep
0x42a088 LoadLibraryW
0x42a08c GetSystemDirectoryW
0x42a090 CompareStringW
0x42a094 AllocConsole
0x42a098 FreeConsole
0x42a09c AttachConsole
0x42a0a0 WriteConsoleW
0x42a0a4 SystemTimeToTzSpecificLocalTime
0x42a0a8 TzSpecificLocalTimeToSystemTime
0x42a0ac SystemTimeToFileTime
0x42a0b0 LocalFileTimeToFileTime
0x42a0b4 FileTimeToSystemTime
0x42a0b8 GetCPInfo
0x42a0bc IsDBCSLeadByte
0x42a0c0 MultiByteToWideChar
0x42a0c4 WideCharToMultiByte
0x42a0c8 GlobalAlloc
0x42a0cc LockResource
0x42a0d0 GlobalLock
0x42a0d4 GlobalUnlock
0x42a0d8 GlobalFree
0x42a0dc LoadResource
0x42a0e0 SizeofResource
0x42a0e4 SetCurrentDirectoryW
0x42a0e8 GetTimeFormatW
0x42a0ec GetDateFormatW
0x42a0f0 LocalFree
0x42a0f4 GetCurrentProcess
0x42a0f8 GetExitCodeProcess
0x42a0fc WaitForSingleObject
0x42a100 GetLocalTime
0x42a104 GetTickCount
0x42a108 MapViewOfFile
0x42a10c UnmapViewOfFile
0x42a110 CreateFileMappingW
0x42a114 OpenFileMappingW
0x42a118 GetCommandLineW
0x42a11c SetEnvironmentVariableW
0x42a120 ExpandEnvironmentStringsW
0x42a124 GetTempPathW
0x42a128 MoveFileExW
0x42a12c GetLocaleInfoW
0x42a130 GetNumberFormatW
0x42a134 GetOEMCP
0x42a138 DecodePointer
0x42a13c SetFilePointerEx
0x42a140 GetConsoleMode
0x42a144 GetConsoleCP
0x42a148 HeapSize
0x42a14c SetStdHandle
0x42a150 GetProcessHeap
0x42a154 FreeEnvironmentStringsW
0x42a158 GetEnvironmentStringsW
0x42a15c RaiseException
0x42a160 GetSystemInfo
0x42a164 VirtualProtect
0x42a168 VirtualQuery
0x42a16c LoadLibraryExA
0x42a170 UnhandledExceptionFilter
0x42a174 SetUnhandledExceptionFilter
0x42a178 TerminateProcess
0x42a17c IsProcessorFeaturePresent
0x42a180 IsDebuggerPresent
0x42a184 GetStartupInfoW
0x42a188 QueryPerformanceCounter
0x42a18c GetCurrentThreadId
0x42a190 GetSystemTimeAsFileTime
0x42a194 InitializeSListHead
0x42a198 RtlUnwind
0x42a19c EncodePointer
0x42a1a0 EnterCriticalSection
0x42a1a4 LeaveCriticalSection
0x42a1a8 DeleteCriticalSection
0x42a1ac InitializeCriticalSectionAndSpinCount
0x42a1b0 TlsAlloc
0x42a1b4 TlsGetValue
0x42a1b8 TlsSetValue
0x42a1bc TlsFree
0x42a1c0 LoadLibraryExW
0x42a1c4 QueryPerformanceFrequency
0x42a1c8 GetModuleHandleExW
0x42a1cc GetModuleFileNameA
0x42a1d0 GetACP
0x42a1d4 HeapFree
0x42a1d8 HeapAlloc
0x42a1dc HeapReAlloc
0x42a1e0 GetStringTypeW
0x42a1e4 LCMapStringW
0x42a1e8 FindFirstFileExA
0x42a1ec FindNextFileA
0x42a1f0 IsValidCodePage
0x42a1f4 GetCommandLineA
OLEAUT32.dll
0x42a1fc VariantClear
gdiplus.dll
0x42a204 GdipCreateBitmapFromStream
0x42a208 GdipAlloc
0x42a20c GdipCloneImage
0x42a210 GdipDisposeImage
0x42a214 GdipCreateBitmapFromStreamICM
0x42a218 GdipCreateHBITMAPFromBitmap
0x42a21c GdiplusStartup
0x42a220 GdiplusShutdown
0x42a224 GdipFree
EAT(Export Address Table) Library