ScreenShot
| Created | 2023.10.27 07:40 | Machine | s1_win7_x6401 |
| Filename | timeSync.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 33 detected (AIDetectMalware, malicious, high confidence, Stop, Lockbit, MachineLearning, Anomalous, Save, Hacktool, Attribute, HighConfidence, score, Generic@AI, RDML, Y84DMzQN, fNAYVpRJg, high, Static AI, Malicious PE, Detected, Sabsik, Artemis, Azorult, unsafe, Obfuscated, Outbreak, susgen, TrojanX, confidence, 100%) | ||
| md5 | 555b5b941485801baec85945db27bb86 | ||
| sha256 | 53dc29187191f04860a12fcec1d810f8c2e6b827dfc1d3c06471c6b865b96897 | ||
| ssdeep | 3072:+HBNL7gtWE0kH40RFG2RklPJc5E/nwtiOPP/rMrZ7eE68u3vH9W4/Bn:WZ7sPH40S2Rk05EP7eZ8ufHU4 | ||
| imphash | 4231872410651d8504d1d45976ad591d | ||
| impfuzzy | 48:cnutz2NZ4psODc50/2SkEe3OQHh5cHK9CCcBGUA2i:i1EoW2Sk53Fh5cHQCCcBGN | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 33 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x401000 GetVolumeNameForVolumeMountPointA
0x401004 GetTempFileNameW
0x401008 SetVolumeLabelA
0x40100c SetDefaultCommConfigA
0x401010 FindResourceA
0x401014 WriteConsoleInputW
0x401018 WriteConsoleOutputCharacterW
0x40101c lstrlenA
0x401020 GetModuleHandleExA
0x401024 GetLocaleInfoA
0x401028 SetLocalTime
0x40102c CommConfigDialogA
0x401030 MapUserPhysicalPages
0x401034 GlobalAddAtomA
0x401038 GetConsoleAliasA
0x40103c ZombifyActCtx
0x401040 SetHandleInformation
0x401044 SetConsoleScreenBufferSize
0x401048 WriteConsoleInputA
0x40104c OpenSemaphoreA
0x401050 GetSystemDefaultLCID
0x401054 _lclose
0x401058 GetModuleHandleW
0x40105c CreateNamedPipeW
0x401060 FindNextVolumeMountPointA
0x401064 GetConsoleAliasesA
0x401068 GetWindowsDirectoryA
0x40106c GetConsoleAliasExesW
0x401070 WaitNamedPipeW
0x401074 SetCommState
0x401078 GetCommandLineA
0x40107c SetCommTimeouts
0x401080 GetDriveTypeA
0x401084 GetEnvironmentStrings
0x401088 LoadLibraryW
0x40108c CopyFileW
0x401090 _hread
0x401094 GetExitCodeProcess
0x401098 GetConsoleAliasW
0x40109c GetFileAttributesW
0x4010a0 ReadFile
0x4010a4 GetCompressedFileSizeA
0x4010a8 CompareStringW
0x4010ac lstrlenW
0x4010b0 GetStartupInfoW
0x4010b4 ReplaceFileA
0x4010b8 GetStartupInfoA
0x4010bc GetLastError
0x4010c0 GetCurrentDirectoryW
0x4010c4 SetLastError
0x4010c8 AttachConsole
0x4010cc VerLanguageNameA
0x4010d0 CreateNamedPipeA
0x4010d4 RemoveDirectoryA
0x4010d8 CopyFileA
0x4010dc EnumSystemCodePagesW
0x4010e0 SetComputerNameA
0x4010e4 UnhandledExceptionFilter
0x4010e8 LocalAlloc
0x4010ec SetConsoleCtrlHandler
0x4010f0 AddAtomW
0x4010f4 CreateEventW
0x4010f8 FoldStringW
0x4010fc FindNextFileA
0x401100 SetConsoleTitleW
0x401104 GetModuleHandleA
0x401108 GetProcessShutdownParameters
0x40110c GetCommTimeouts
0x401110 lstrcatW
0x401114 FatalExit
0x401118 FindNextFileW
0x40111c VirtualProtect
0x401120 GetFileTime
0x401124 GetConsoleCursorInfo
0x401128 QueryPerformanceFrequency
0x40112c GetShortPathNameW
0x401130 TerminateJobObject
0x401134 FindAtomW
0x401138 MoveFileWithProgressW
0x40113c ResetWriteWatch
0x401140 ReadConsoleOutputCharacterW
0x401144 EnumSystemLocalesW
0x401148 DeleteFileA
0x40114c lstrcpyA
0x401150 HeapSize
0x401154 WideCharToMultiByte
0x401158 HeapAlloc
0x40115c HeapReAlloc
0x401160 GetCommandLineW
0x401164 HeapSetInformation
0x401168 IsProcessorFeaturePresent
0x40116c GetCPInfo
0x401170 InterlockedIncrement
0x401174 InterlockedDecrement
0x401178 GetACP
0x40117c GetOEMCP
0x401180 IsValidCodePage
0x401184 EncodePointer
0x401188 TlsAlloc
0x40118c TlsGetValue
0x401190 TlsSetValue
0x401194 DecodePointer
0x401198 TlsFree
0x40119c GetCurrentThreadId
0x4011a0 GetProcAddress
0x4011a4 SetUnhandledExceptionFilter
0x4011a8 IsDebuggerPresent
0x4011ac TerminateProcess
0x4011b0 GetCurrentProcess
0x4011b4 EnterCriticalSection
0x4011b8 LeaveCriticalSection
0x4011bc SetHandleCount
0x4011c0 GetStdHandle
0x4011c4 InitializeCriticalSectionAndSpinCount
0x4011c8 GetFileType
0x4011cc DeleteCriticalSection
0x4011d0 ExitProcess
0x4011d4 WriteFile
0x4011d8 GetModuleFileNameW
0x4011dc HeapCreate
0x4011e0 HeapFree
0x4011e4 CloseHandle
0x4011e8 FreeEnvironmentStringsW
0x4011ec GetEnvironmentStringsW
0x4011f0 QueryPerformanceCounter
0x4011f4 GetTickCount
0x4011f8 GetCurrentProcessId
0x4011fc GetSystemTimeAsFileTime
0x401200 LCMapStringW
0x401204 MultiByteToWideChar
0x401208 GetStringTypeW
0x40120c Sleep
0x401210 SetFilePointer
0x401214 GetConsoleCP
0x401218 GetConsoleMode
0x40121c RaiseException
0x401220 RtlUnwind
0x401224 SetStdHandle
0x401228 FlushFileBuffers
0x40122c WriteConsoleW
0x401230 CreateFileW
USER32.dll
0x401238 CharUpperW
WINHTTP.dll
0x401240 WinHttpWriteData
EAT(Export Address Table) is none
KERNEL32.dll
0x401000 GetVolumeNameForVolumeMountPointA
0x401004 GetTempFileNameW
0x401008 SetVolumeLabelA
0x40100c SetDefaultCommConfigA
0x401010 FindResourceA
0x401014 WriteConsoleInputW
0x401018 WriteConsoleOutputCharacterW
0x40101c lstrlenA
0x401020 GetModuleHandleExA
0x401024 GetLocaleInfoA
0x401028 SetLocalTime
0x40102c CommConfigDialogA
0x401030 MapUserPhysicalPages
0x401034 GlobalAddAtomA
0x401038 GetConsoleAliasA
0x40103c ZombifyActCtx
0x401040 SetHandleInformation
0x401044 SetConsoleScreenBufferSize
0x401048 WriteConsoleInputA
0x40104c OpenSemaphoreA
0x401050 GetSystemDefaultLCID
0x401054 _lclose
0x401058 GetModuleHandleW
0x40105c CreateNamedPipeW
0x401060 FindNextVolumeMountPointA
0x401064 GetConsoleAliasesA
0x401068 GetWindowsDirectoryA
0x40106c GetConsoleAliasExesW
0x401070 WaitNamedPipeW
0x401074 SetCommState
0x401078 GetCommandLineA
0x40107c SetCommTimeouts
0x401080 GetDriveTypeA
0x401084 GetEnvironmentStrings
0x401088 LoadLibraryW
0x40108c CopyFileW
0x401090 _hread
0x401094 GetExitCodeProcess
0x401098 GetConsoleAliasW
0x40109c GetFileAttributesW
0x4010a0 ReadFile
0x4010a4 GetCompressedFileSizeA
0x4010a8 CompareStringW
0x4010ac lstrlenW
0x4010b0 GetStartupInfoW
0x4010b4 ReplaceFileA
0x4010b8 GetStartupInfoA
0x4010bc GetLastError
0x4010c0 GetCurrentDirectoryW
0x4010c4 SetLastError
0x4010c8 AttachConsole
0x4010cc VerLanguageNameA
0x4010d0 CreateNamedPipeA
0x4010d4 RemoveDirectoryA
0x4010d8 CopyFileA
0x4010dc EnumSystemCodePagesW
0x4010e0 SetComputerNameA
0x4010e4 UnhandledExceptionFilter
0x4010e8 LocalAlloc
0x4010ec SetConsoleCtrlHandler
0x4010f0 AddAtomW
0x4010f4 CreateEventW
0x4010f8 FoldStringW
0x4010fc FindNextFileA
0x401100 SetConsoleTitleW
0x401104 GetModuleHandleA
0x401108 GetProcessShutdownParameters
0x40110c GetCommTimeouts
0x401110 lstrcatW
0x401114 FatalExit
0x401118 FindNextFileW
0x40111c VirtualProtect
0x401120 GetFileTime
0x401124 GetConsoleCursorInfo
0x401128 QueryPerformanceFrequency
0x40112c GetShortPathNameW
0x401130 TerminateJobObject
0x401134 FindAtomW
0x401138 MoveFileWithProgressW
0x40113c ResetWriteWatch
0x401140 ReadConsoleOutputCharacterW
0x401144 EnumSystemLocalesW
0x401148 DeleteFileA
0x40114c lstrcpyA
0x401150 HeapSize
0x401154 WideCharToMultiByte
0x401158 HeapAlloc
0x40115c HeapReAlloc
0x401160 GetCommandLineW
0x401164 HeapSetInformation
0x401168 IsProcessorFeaturePresent
0x40116c GetCPInfo
0x401170 InterlockedIncrement
0x401174 InterlockedDecrement
0x401178 GetACP
0x40117c GetOEMCP
0x401180 IsValidCodePage
0x401184 EncodePointer
0x401188 TlsAlloc
0x40118c TlsGetValue
0x401190 TlsSetValue
0x401194 DecodePointer
0x401198 TlsFree
0x40119c GetCurrentThreadId
0x4011a0 GetProcAddress
0x4011a4 SetUnhandledExceptionFilter
0x4011a8 IsDebuggerPresent
0x4011ac TerminateProcess
0x4011b0 GetCurrentProcess
0x4011b4 EnterCriticalSection
0x4011b8 LeaveCriticalSection
0x4011bc SetHandleCount
0x4011c0 GetStdHandle
0x4011c4 InitializeCriticalSectionAndSpinCount
0x4011c8 GetFileType
0x4011cc DeleteCriticalSection
0x4011d0 ExitProcess
0x4011d4 WriteFile
0x4011d8 GetModuleFileNameW
0x4011dc HeapCreate
0x4011e0 HeapFree
0x4011e4 CloseHandle
0x4011e8 FreeEnvironmentStringsW
0x4011ec GetEnvironmentStringsW
0x4011f0 QueryPerformanceCounter
0x4011f4 GetTickCount
0x4011f8 GetCurrentProcessId
0x4011fc GetSystemTimeAsFileTime
0x401200 LCMapStringW
0x401204 MultiByteToWideChar
0x401208 GetStringTypeW
0x40120c Sleep
0x401210 SetFilePointer
0x401214 GetConsoleCP
0x401218 GetConsoleMode
0x40121c RaiseException
0x401220 RtlUnwind
0x401224 SetStdHandle
0x401228 FlushFileBuffers
0x40122c WriteConsoleW
0x401230 CreateFileW
USER32.dll
0x401238 CharUpperW
WINHTTP.dll
0x401240 WinHttpWriteData
EAT(Export Address Table) is none