ScreenShot
| Created | 2023.10.06 14:45 | Machine | s1_win7_x6402 |
| Filename | doser.exe | ||
| Type | PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 18 detected (Common, Artemis, Vrte, Malicious, HackTool, Convagent, Generic Reputation PUA, ai score=99, Znyonm, GenericKD, unsafe, susgen, PossibleThreat) | ||
| md5 | 4b30467bb8a0c1f50d0705febb02c35d | ||
| sha256 | 72eb45deb97510f2a2f7e136dde62b85900866b9cbb9c64d844df213dce20af4 | ||
| ssdeep | 98304:ffb13rIvrSARd1slvXqmQ/ohEXGcjUlJeCKGG2DdI0EipclwzEafOi:bdcTdOvamyXGEUdGedI0EipDhOi | ||
| imphash | c7269d59926fa4252270f407e4dab043 | ||
| impfuzzy | 24:UbVjhN5O+VuT2oLtXOr6kwmDruMztxdEr6tP:K5O+VAXOmGx0oP | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 18 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x86b020 WriteFile
0x86b028 WriteConsoleW
0x86b030 WaitForMultipleObjects
0x86b038 WaitForSingleObject
0x86b040 VirtualQuery
0x86b048 VirtualFree
0x86b050 VirtualAlloc
0x86b058 SwitchToThread
0x86b060 SuspendThread
0x86b068 Sleep
0x86b070 SetWaitableTimer
0x86b078 SetUnhandledExceptionFilter
0x86b080 SetProcessPriorityBoost
0x86b088 SetEvent
0x86b090 SetErrorMode
0x86b098 SetConsoleCtrlHandler
0x86b0a0 ResumeThread
0x86b0a8 PostQueuedCompletionStatus
0x86b0b0 LoadLibraryA
0x86b0b8 LoadLibraryW
0x86b0c0 SetThreadContext
0x86b0c8 GetThreadContext
0x86b0d0 GetSystemInfo
0x86b0d8 GetSystemDirectoryA
0x86b0e0 GetStdHandle
0x86b0e8 GetQueuedCompletionStatusEx
0x86b0f0 GetProcessAffinityMask
0x86b0f8 GetProcAddress
0x86b100 GetEnvironmentStringsW
0x86b108 GetConsoleMode
0x86b110 FreeEnvironmentStringsW
0x86b118 ExitProcess
0x86b120 DuplicateHandle
0x86b128 CreateWaitableTimerExW
0x86b130 CreateThread
0x86b138 CreateIoCompletionPort
0x86b140 CreateFileA
0x86b148 CreateEventA
0x86b150 CloseHandle
0x86b158 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x86b020 WriteFile
0x86b028 WriteConsoleW
0x86b030 WaitForMultipleObjects
0x86b038 WaitForSingleObject
0x86b040 VirtualQuery
0x86b048 VirtualFree
0x86b050 VirtualAlloc
0x86b058 SwitchToThread
0x86b060 SuspendThread
0x86b068 Sleep
0x86b070 SetWaitableTimer
0x86b078 SetUnhandledExceptionFilter
0x86b080 SetProcessPriorityBoost
0x86b088 SetEvent
0x86b090 SetErrorMode
0x86b098 SetConsoleCtrlHandler
0x86b0a0 ResumeThread
0x86b0a8 PostQueuedCompletionStatus
0x86b0b0 LoadLibraryA
0x86b0b8 LoadLibraryW
0x86b0c0 SetThreadContext
0x86b0c8 GetThreadContext
0x86b0d0 GetSystemInfo
0x86b0d8 GetSystemDirectoryA
0x86b0e0 GetStdHandle
0x86b0e8 GetQueuedCompletionStatusEx
0x86b0f0 GetProcessAffinityMask
0x86b0f8 GetProcAddress
0x86b100 GetEnvironmentStringsW
0x86b108 GetConsoleMode
0x86b110 FreeEnvironmentStringsW
0x86b118 ExitProcess
0x86b120 DuplicateHandle
0x86b128 CreateWaitableTimerExW
0x86b130 CreateThread
0x86b138 CreateIoCompletionPort
0x86b140 CreateFileA
0x86b148 CreateEventA
0x86b150 CloseHandle
0x86b158 AddVectoredExceptionHandler
EAT(Export Address Table) is none