ScreenShot
| Created | 2023.10.02 08:44 | Machine | s1_win7_x6401 |
| Filename | Rules.doc | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 55 detected (Common, malicious, high confidence, GenericKD, Artemis, Kryptik, V2h9, Extgen, confidence, 100%, ZexaE, nPW@a4vNMuoi, Genus, Eldorado, Attribute, HighConfidence, HUBU, score, Pwsx, kbcpwj, Gencirc, vkiad, Pandora, Static AI, Suspicious PE, ai score=89, Sabsik, Redline, GPAC, R5WBTG, Detected, Injection, BScope, TrojanPSW, unsafe, Genetic, R06CH0CIN23, GRn6PQFyOMS, MgSaWByqcSA, Krypt, susgen) | ||
| md5 | 316e3ee9229e0b06a6a7b9bf890bdbda | ||
| sha256 | fa0388d10c5b777ec6b0107022c6000fb1b70665f89e9d9f96d50eb16c865bb8 | ||
| ssdeep | 24576:t+7xMpDDU1mPxLfvwV+8csVSu2KxpIy7w02AX:+xj1mPxLtzQQ2Zj | ||
| imphash | a5db911979066385d2f2a2a10d0783e1 | ||
| impfuzzy | 48:CyzCBfWJcpH+zD9vrxQSXtXvZr8bt8OzbQo3lbuFZqL:tOBfWJcpH+X1rxHXtXvx8bt8OPQHm | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 55 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x51e2bc CallNextHookEx
0x51e2c0 GetTopWindow
0x51e2c4 DrawFocusRect
KERNEL32.dll
0x51e000 GetCPInfo
0x51e004 CreateFileW
0x51e008 HeapSize
0x51e00c ReadConsoleW
0x51e010 FreeConsole
0x51e014 RaiseException
0x51e018 CloseHandle
0x51e01c WaitForSingleObjectEx
0x51e020 Sleep
0x51e024 SwitchToThread
0x51e028 GetCurrentThreadId
0x51e02c GetExitCodeThread
0x51e030 GetNativeSystemInfo
0x51e034 InitializeSRWLock
0x51e038 ReleaseSRWLockExclusive
0x51e03c AcquireSRWLockExclusive
0x51e040 EnterCriticalSection
0x51e044 LeaveCriticalSection
0x51e048 InitializeCriticalSectionEx
0x51e04c TryEnterCriticalSection
0x51e050 DeleteCriticalSection
0x51e054 InitializeConditionVariable
0x51e058 WakeConditionVariable
0x51e05c WakeAllConditionVariable
0x51e060 SleepConditionVariableCS
0x51e064 SleepConditionVariableSRW
0x51e068 FormatMessageA
0x51e06c WideCharToMultiByte
0x51e070 MultiByteToWideChar
0x51e074 GetStringTypeW
0x51e078 InitOnceBeginInitialize
0x51e07c InitOnceComplete
0x51e080 GetLastError
0x51e084 FreeLibraryWhenCallbackReturns
0x51e088 CreateThreadpoolWork
0x51e08c SubmitThreadpoolWork
0x51e090 CloseThreadpoolWork
0x51e094 GetModuleHandleExW
0x51e098 RtlCaptureStackBackTrace
0x51e09c IsProcessorFeaturePresent
0x51e0a0 QueryPerformanceCounter
0x51e0a4 QueryPerformanceFrequency
0x51e0a8 SetFileInformationByHandle
0x51e0ac FlsAlloc
0x51e0b0 FlsGetValue
0x51e0b4 FlsSetValue
0x51e0b8 FlsFree
0x51e0bc InitOnceExecuteOnce
0x51e0c0 CreateEventExW
0x51e0c4 CreateSemaphoreExW
0x51e0c8 FlushProcessWriteBuffers
0x51e0cc GetCurrentProcessorNumber
0x51e0d0 GetSystemTimeAsFileTime
0x51e0d4 GetTickCount64
0x51e0d8 CreateThreadpoolTimer
0x51e0dc SetThreadpoolTimer
0x51e0e0 WaitForThreadpoolTimerCallbacks
0x51e0e4 CloseThreadpoolTimer
0x51e0e8 CreateThreadpoolWait
0x51e0ec SetThreadpoolWait
0x51e0f0 CloseThreadpoolWait
0x51e0f4 GetModuleHandleW
0x51e0f8 GetProcAddress
0x51e0fc GetFileInformationByHandleEx
0x51e100 CreateSymbolicLinkW
0x51e104 LocalFree
0x51e108 EncodePointer
0x51e10c DecodePointer
0x51e110 LCMapStringEx
0x51e114 GetLocaleInfoEx
0x51e118 CompareStringEx
0x51e11c WriteConsoleW
0x51e120 InitializeCriticalSectionAndSpinCount
0x51e124 SetEvent
0x51e128 ResetEvent
0x51e12c CreateEventW
0x51e130 IsDebuggerPresent
0x51e134 UnhandledExceptionFilter
0x51e138 SetUnhandledExceptionFilter
0x51e13c GetStartupInfoW
0x51e140 GetCurrentProcess
0x51e144 TerminateProcess
0x51e148 GetCurrentProcessId
0x51e14c InitializeSListHead
0x51e150 SetStdHandle
0x51e154 RtlUnwind
0x51e158 InterlockedPushEntrySList
0x51e15c InterlockedFlushSList
0x51e160 SetLastError
0x51e164 TlsAlloc
0x51e168 TlsGetValue
0x51e16c TlsSetValue
0x51e170 TlsFree
0x51e174 FreeLibrary
0x51e178 LoadLibraryExW
0x51e17c CreateThread
0x51e180 ExitThread
0x51e184 ResumeThread
0x51e188 FreeLibraryAndExitThread
0x51e18c ExitProcess
0x51e190 GetModuleFileNameW
0x51e194 GetStdHandle
0x51e198 WriteFile
0x51e19c GetCommandLineA
0x51e1a0 GetCommandLineW
0x51e1a4 GetCurrentThread
0x51e1a8 HeapAlloc
0x51e1ac HeapFree
0x51e1b0 SetConsoleCtrlHandler
0x51e1b4 GetFileType
0x51e1b8 GetDateFormatW
0x51e1bc GetTimeFormatW
0x51e1c0 CompareStringW
0x51e1c4 LCMapStringW
0x51e1c8 GetLocaleInfoW
0x51e1cc IsValidLocale
0x51e1d0 GetUserDefaultLCID
0x51e1d4 EnumSystemLocalesW
0x51e1d8 GetFileSizeEx
0x51e1dc SetFilePointerEx
0x51e1e0 FlushFileBuffers
0x51e1e4 GetConsoleOutputCP
0x51e1e8 GetConsoleMode
0x51e1ec ReadFile
0x51e1f0 HeapReAlloc
0x51e1f4 GetTimeZoneInformation
0x51e1f8 FindClose
0x51e1fc FindFirstFileExW
0x51e200 FindNextFileW
0x51e204 IsValidCodePage
0x51e208 GetACP
0x51e20c GetOEMCP
0x51e210 GetEnvironmentStringsW
0x51e214 FreeEnvironmentStringsW
0x51e218 SetEnvironmentVariableW
0x51e21c GetProcessHeap
0x51e220 OutputDebugStringW
EAT(Export Address Table) is none
USER32.dll
0x51e2bc CallNextHookEx
0x51e2c0 GetTopWindow
0x51e2c4 DrawFocusRect
KERNEL32.dll
0x51e000 GetCPInfo
0x51e004 CreateFileW
0x51e008 HeapSize
0x51e00c ReadConsoleW
0x51e010 FreeConsole
0x51e014 RaiseException
0x51e018 CloseHandle
0x51e01c WaitForSingleObjectEx
0x51e020 Sleep
0x51e024 SwitchToThread
0x51e028 GetCurrentThreadId
0x51e02c GetExitCodeThread
0x51e030 GetNativeSystemInfo
0x51e034 InitializeSRWLock
0x51e038 ReleaseSRWLockExclusive
0x51e03c AcquireSRWLockExclusive
0x51e040 EnterCriticalSection
0x51e044 LeaveCriticalSection
0x51e048 InitializeCriticalSectionEx
0x51e04c TryEnterCriticalSection
0x51e050 DeleteCriticalSection
0x51e054 InitializeConditionVariable
0x51e058 WakeConditionVariable
0x51e05c WakeAllConditionVariable
0x51e060 SleepConditionVariableCS
0x51e064 SleepConditionVariableSRW
0x51e068 FormatMessageA
0x51e06c WideCharToMultiByte
0x51e070 MultiByteToWideChar
0x51e074 GetStringTypeW
0x51e078 InitOnceBeginInitialize
0x51e07c InitOnceComplete
0x51e080 GetLastError
0x51e084 FreeLibraryWhenCallbackReturns
0x51e088 CreateThreadpoolWork
0x51e08c SubmitThreadpoolWork
0x51e090 CloseThreadpoolWork
0x51e094 GetModuleHandleExW
0x51e098 RtlCaptureStackBackTrace
0x51e09c IsProcessorFeaturePresent
0x51e0a0 QueryPerformanceCounter
0x51e0a4 QueryPerformanceFrequency
0x51e0a8 SetFileInformationByHandle
0x51e0ac FlsAlloc
0x51e0b0 FlsGetValue
0x51e0b4 FlsSetValue
0x51e0b8 FlsFree
0x51e0bc InitOnceExecuteOnce
0x51e0c0 CreateEventExW
0x51e0c4 CreateSemaphoreExW
0x51e0c8 FlushProcessWriteBuffers
0x51e0cc GetCurrentProcessorNumber
0x51e0d0 GetSystemTimeAsFileTime
0x51e0d4 GetTickCount64
0x51e0d8 CreateThreadpoolTimer
0x51e0dc SetThreadpoolTimer
0x51e0e0 WaitForThreadpoolTimerCallbacks
0x51e0e4 CloseThreadpoolTimer
0x51e0e8 CreateThreadpoolWait
0x51e0ec SetThreadpoolWait
0x51e0f0 CloseThreadpoolWait
0x51e0f4 GetModuleHandleW
0x51e0f8 GetProcAddress
0x51e0fc GetFileInformationByHandleEx
0x51e100 CreateSymbolicLinkW
0x51e104 LocalFree
0x51e108 EncodePointer
0x51e10c DecodePointer
0x51e110 LCMapStringEx
0x51e114 GetLocaleInfoEx
0x51e118 CompareStringEx
0x51e11c WriteConsoleW
0x51e120 InitializeCriticalSectionAndSpinCount
0x51e124 SetEvent
0x51e128 ResetEvent
0x51e12c CreateEventW
0x51e130 IsDebuggerPresent
0x51e134 UnhandledExceptionFilter
0x51e138 SetUnhandledExceptionFilter
0x51e13c GetStartupInfoW
0x51e140 GetCurrentProcess
0x51e144 TerminateProcess
0x51e148 GetCurrentProcessId
0x51e14c InitializeSListHead
0x51e150 SetStdHandle
0x51e154 RtlUnwind
0x51e158 InterlockedPushEntrySList
0x51e15c InterlockedFlushSList
0x51e160 SetLastError
0x51e164 TlsAlloc
0x51e168 TlsGetValue
0x51e16c TlsSetValue
0x51e170 TlsFree
0x51e174 FreeLibrary
0x51e178 LoadLibraryExW
0x51e17c CreateThread
0x51e180 ExitThread
0x51e184 ResumeThread
0x51e188 FreeLibraryAndExitThread
0x51e18c ExitProcess
0x51e190 GetModuleFileNameW
0x51e194 GetStdHandle
0x51e198 WriteFile
0x51e19c GetCommandLineA
0x51e1a0 GetCommandLineW
0x51e1a4 GetCurrentThread
0x51e1a8 HeapAlloc
0x51e1ac HeapFree
0x51e1b0 SetConsoleCtrlHandler
0x51e1b4 GetFileType
0x51e1b8 GetDateFormatW
0x51e1bc GetTimeFormatW
0x51e1c0 CompareStringW
0x51e1c4 LCMapStringW
0x51e1c8 GetLocaleInfoW
0x51e1cc IsValidLocale
0x51e1d0 GetUserDefaultLCID
0x51e1d4 EnumSystemLocalesW
0x51e1d8 GetFileSizeEx
0x51e1dc SetFilePointerEx
0x51e1e0 FlushFileBuffers
0x51e1e4 GetConsoleOutputCP
0x51e1e8 GetConsoleMode
0x51e1ec ReadFile
0x51e1f0 HeapReAlloc
0x51e1f4 GetTimeZoneInformation
0x51e1f8 FindClose
0x51e1fc FindFirstFileExW
0x51e200 FindNextFileW
0x51e204 IsValidCodePage
0x51e208 GetACP
0x51e20c GetOEMCP
0x51e210 GetEnvironmentStringsW
0x51e214 FreeEnvironmentStringsW
0x51e218 SetEnvironmentVariableW
0x51e21c GetProcessHeap
0x51e220 OutputDebugStringW
EAT(Export Address Table) is none