ScreenShot
Created | 2024.04.30 10:06 | Machine | s1_win7_x6401 |
Filename | PAP46E1UkZ.exe | ||
Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
AI Score | Not founds | Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 37 detected (AIDetectMalware, Reflo, tszb, Malicious, score, Artemis, unsafe, high confidence, Python, Kryptik, Stubo, eoglj, Disco, Detected, Acll, Cordimik, 4R405K, Eldorado, Rwhl, Static AI, Suspicious PE, susgen) | ||
md5 | bb1cb5cd557cac752ccea3f4ba806709 | ||
sha256 | 2ac633521283d233a8478547cb6f8109c6f318a1b0c8e9f822833b5c74c12b39 | ||
ssdeep | 393216:DEkULrpBciidQuslrfrAZYCuPJO8z19P2uDW8B3+d9vkegs+EjY1:D85BydQu4MJuxZz1RbW8BOd9vkz/yY1 | ||
imphash | 1af6c885af093afc55142c2f1761dbe8 | ||
impfuzzy | 48:t/gub6EwoQ54rzSv6xviMqteV9aGhteS1/c+pIuCJcgTkOtV0Kq14r:ph9EeVFhteS1/c+pIustkiWHS |
Network IP location
Signature (8cnts)
Level | Description |
---|---|
danger | File has been identified by 37 AntiVirus engines on VirusTotal as malicious |
watch | Appends a known multi-family ransomware file extension to files that have been encrypted |
watch | Deletes a large number of files from the system indicative of ransomware |
watch | Drops 61 unknown file mime types indicative of ransomware writing encrypted files back to disk |
notice | Creates executable files on the filesystem |
notice | Drops an executable to the user AppData folder |
info | Checks amount of memory in system |
info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (19cnts)
Level | Name | Description | Collection |
---|---|---|---|
danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
watch | UPX_Zero | UPX packed file | binaries (download) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (download) |
info | ftp_command | ftp command | binaries (upload) |
info | IsDLL | (no description) | binaries (download) |
info | IsPE32 | (no description) | binaries (download) |
info | IsPE64 | (no description) | binaries (download) |
info | IsPE64 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (download) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
info | zip_file_format | ZIP file format | binaries (download) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x14002b390 CreateWindowExW
0x14002b398 MessageBoxW
0x14002b3a0 MessageBoxA
0x14002b3a8 SystemParametersInfoW
0x14002b3b0 DestroyIcon
0x14002b3b8 SetWindowLongPtrW
0x14002b3c0 GetWindowLongPtrW
0x14002b3c8 GetClientRect
0x14002b3d0 InvalidateRect
0x14002b3d8 ReleaseDC
0x14002b3e0 GetDC
0x14002b3e8 DrawTextW
0x14002b3f0 GetDialogBaseUnits
0x14002b3f8 EndDialog
0x14002b400 DialogBoxIndirectParamW
0x14002b408 MoveWindow
0x14002b410 SendMessageW
COMCTL32.dll
0x14002b028 None
KERNEL32.dll
0x14002b058 IsValidCodePage
0x14002b060 GetStringTypeW
0x14002b068 GetFileAttributesExW
0x14002b070 HeapReAlloc
0x14002b078 FlushFileBuffers
0x14002b080 GetCurrentDirectoryW
0x14002b088 GetACP
0x14002b090 GetOEMCP
0x14002b098 GetModuleHandleW
0x14002b0a0 MulDiv
0x14002b0a8 GetLastError
0x14002b0b0 SetDllDirectoryW
0x14002b0b8 GetModuleFileNameW
0x14002b0c0 CreateSymbolicLinkW
0x14002b0c8 GetProcAddress
0x14002b0d0 GetCommandLineW
0x14002b0d8 GetEnvironmentVariableW
0x14002b0e0 GetCPInfo
0x14002b0e8 ExpandEnvironmentStringsW
0x14002b0f0 CreateDirectoryW
0x14002b0f8 GetTempPathW
0x14002b100 WaitForSingleObject
0x14002b108 Sleep
0x14002b110 GetExitCodeProcess
0x14002b118 CreateProcessW
0x14002b120 GetStartupInfoW
0x14002b128 FreeLibrary
0x14002b130 LoadLibraryExW
0x14002b138 SetConsoleCtrlHandler
0x14002b140 FindClose
0x14002b148 FindFirstFileExW
0x14002b150 CloseHandle
0x14002b158 GetCurrentProcess
0x14002b160 LocalFree
0x14002b168 FormatMessageW
0x14002b170 MultiByteToWideChar
0x14002b178 WideCharToMultiByte
0x14002b180 GetEnvironmentStringsW
0x14002b188 FreeEnvironmentStringsW
0x14002b190 GetProcessHeap
0x14002b198 GetTimeZoneInformation
0x14002b1a0 HeapSize
0x14002b1a8 WriteConsoleW
0x14002b1b0 SetEndOfFile
0x14002b1b8 SetEnvironmentVariableW
0x14002b1c0 RtlUnwindEx
0x14002b1c8 RtlCaptureContext
0x14002b1d0 RtlLookupFunctionEntry
0x14002b1d8 RtlVirtualUnwind
0x14002b1e0 UnhandledExceptionFilter
0x14002b1e8 SetUnhandledExceptionFilter
0x14002b1f0 TerminateProcess
0x14002b1f8 IsProcessorFeaturePresent
0x14002b200 QueryPerformanceCounter
0x14002b208 GetCurrentProcessId
0x14002b210 GetCurrentThreadId
0x14002b218 GetSystemTimeAsFileTime
0x14002b220 InitializeSListHead
0x14002b228 IsDebuggerPresent
0x14002b230 SetLastError
0x14002b238 EnterCriticalSection
0x14002b240 LeaveCriticalSection
0x14002b248 DeleteCriticalSection
0x14002b250 InitializeCriticalSectionAndSpinCount
0x14002b258 TlsAlloc
0x14002b260 TlsGetValue
0x14002b268 TlsSetValue
0x14002b270 TlsFree
0x14002b278 EncodePointer
0x14002b280 RaiseException
0x14002b288 RtlPcToFileHeader
0x14002b290 GetCommandLineA
0x14002b298 CreateFileW
0x14002b2a0 GetDriveTypeW
0x14002b2a8 GetFileInformationByHandle
0x14002b2b0 GetFileType
0x14002b2b8 PeekNamedPipe
0x14002b2c0 SystemTimeToTzSpecificLocalTime
0x14002b2c8 FileTimeToSystemTime
0x14002b2d0 GetFullPathNameW
0x14002b2d8 RemoveDirectoryW
0x14002b2e0 FindNextFileW
0x14002b2e8 SetStdHandle
0x14002b2f0 DeleteFileW
0x14002b2f8 ReadFile
0x14002b300 GetStdHandle
0x14002b308 WriteFile
0x14002b310 ExitProcess
0x14002b318 GetModuleHandleExW
0x14002b320 HeapFree
0x14002b328 GetConsoleMode
0x14002b330 ReadConsoleW
0x14002b338 SetFilePointerEx
0x14002b340 GetConsoleOutputCP
0x14002b348 GetFileSizeEx
0x14002b350 HeapAlloc
0x14002b358 FlsAlloc
0x14002b360 FlsGetValue
0x14002b368 FlsSetValue
0x14002b370 FlsFree
0x14002b378 CompareStringW
0x14002b380 LCMapStringW
ADVAPI32.dll
0x14002b000 OpenProcessToken
0x14002b008 GetTokenInformation
0x14002b010 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x14002b018 ConvertSidToStringSidW
GDI32.dll
0x14002b038 SelectObject
0x14002b040 DeleteObject
0x14002b048 CreateFontIndirectW
EAT(Export Address Table) is none
USER32.dll
0x14002b390 CreateWindowExW
0x14002b398 MessageBoxW
0x14002b3a0 MessageBoxA
0x14002b3a8 SystemParametersInfoW
0x14002b3b0 DestroyIcon
0x14002b3b8 SetWindowLongPtrW
0x14002b3c0 GetWindowLongPtrW
0x14002b3c8 GetClientRect
0x14002b3d0 InvalidateRect
0x14002b3d8 ReleaseDC
0x14002b3e0 GetDC
0x14002b3e8 DrawTextW
0x14002b3f0 GetDialogBaseUnits
0x14002b3f8 EndDialog
0x14002b400 DialogBoxIndirectParamW
0x14002b408 MoveWindow
0x14002b410 SendMessageW
COMCTL32.dll
0x14002b028 None
KERNEL32.dll
0x14002b058 IsValidCodePage
0x14002b060 GetStringTypeW
0x14002b068 GetFileAttributesExW
0x14002b070 HeapReAlloc
0x14002b078 FlushFileBuffers
0x14002b080 GetCurrentDirectoryW
0x14002b088 GetACP
0x14002b090 GetOEMCP
0x14002b098 GetModuleHandleW
0x14002b0a0 MulDiv
0x14002b0a8 GetLastError
0x14002b0b0 SetDllDirectoryW
0x14002b0b8 GetModuleFileNameW
0x14002b0c0 CreateSymbolicLinkW
0x14002b0c8 GetProcAddress
0x14002b0d0 GetCommandLineW
0x14002b0d8 GetEnvironmentVariableW
0x14002b0e0 GetCPInfo
0x14002b0e8 ExpandEnvironmentStringsW
0x14002b0f0 CreateDirectoryW
0x14002b0f8 GetTempPathW
0x14002b100 WaitForSingleObject
0x14002b108 Sleep
0x14002b110 GetExitCodeProcess
0x14002b118 CreateProcessW
0x14002b120 GetStartupInfoW
0x14002b128 FreeLibrary
0x14002b130 LoadLibraryExW
0x14002b138 SetConsoleCtrlHandler
0x14002b140 FindClose
0x14002b148 FindFirstFileExW
0x14002b150 CloseHandle
0x14002b158 GetCurrentProcess
0x14002b160 LocalFree
0x14002b168 FormatMessageW
0x14002b170 MultiByteToWideChar
0x14002b178 WideCharToMultiByte
0x14002b180 GetEnvironmentStringsW
0x14002b188 FreeEnvironmentStringsW
0x14002b190 GetProcessHeap
0x14002b198 GetTimeZoneInformation
0x14002b1a0 HeapSize
0x14002b1a8 WriteConsoleW
0x14002b1b0 SetEndOfFile
0x14002b1b8 SetEnvironmentVariableW
0x14002b1c0 RtlUnwindEx
0x14002b1c8 RtlCaptureContext
0x14002b1d0 RtlLookupFunctionEntry
0x14002b1d8 RtlVirtualUnwind
0x14002b1e0 UnhandledExceptionFilter
0x14002b1e8 SetUnhandledExceptionFilter
0x14002b1f0 TerminateProcess
0x14002b1f8 IsProcessorFeaturePresent
0x14002b200 QueryPerformanceCounter
0x14002b208 GetCurrentProcessId
0x14002b210 GetCurrentThreadId
0x14002b218 GetSystemTimeAsFileTime
0x14002b220 InitializeSListHead
0x14002b228 IsDebuggerPresent
0x14002b230 SetLastError
0x14002b238 EnterCriticalSection
0x14002b240 LeaveCriticalSection
0x14002b248 DeleteCriticalSection
0x14002b250 InitializeCriticalSectionAndSpinCount
0x14002b258 TlsAlloc
0x14002b260 TlsGetValue
0x14002b268 TlsSetValue
0x14002b270 TlsFree
0x14002b278 EncodePointer
0x14002b280 RaiseException
0x14002b288 RtlPcToFileHeader
0x14002b290 GetCommandLineA
0x14002b298 CreateFileW
0x14002b2a0 GetDriveTypeW
0x14002b2a8 GetFileInformationByHandle
0x14002b2b0 GetFileType
0x14002b2b8 PeekNamedPipe
0x14002b2c0 SystemTimeToTzSpecificLocalTime
0x14002b2c8 FileTimeToSystemTime
0x14002b2d0 GetFullPathNameW
0x14002b2d8 RemoveDirectoryW
0x14002b2e0 FindNextFileW
0x14002b2e8 SetStdHandle
0x14002b2f0 DeleteFileW
0x14002b2f8 ReadFile
0x14002b300 GetStdHandle
0x14002b308 WriteFile
0x14002b310 ExitProcess
0x14002b318 GetModuleHandleExW
0x14002b320 HeapFree
0x14002b328 GetConsoleMode
0x14002b330 ReadConsoleW
0x14002b338 SetFilePointerEx
0x14002b340 GetConsoleOutputCP
0x14002b348 GetFileSizeEx
0x14002b350 HeapAlloc
0x14002b358 FlsAlloc
0x14002b360 FlsGetValue
0x14002b368 FlsSetValue
0x14002b370 FlsFree
0x14002b378 CompareStringW
0x14002b380 LCMapStringW
ADVAPI32.dll
0x14002b000 OpenProcessToken
0x14002b008 GetTokenInformation
0x14002b010 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x14002b018 ConvertSidToStringSidW
GDI32.dll
0x14002b038 SelectObject
0x14002b040 DeleteObject
0x14002b048 CreateFontIndirectW
EAT(Export Address Table) is none