ScreenShot
| Created | 2024.07.08 17:10 | Machine | s1_win7_x6403 |
| Filename | serrrr.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 49 detected (AIDetectMalware, Tasker, malicious, high confidence, score, Fragtor, Unsafe, Save, Zusy, Attribute, HighConfidence, Artemis, DropperX, CLOUD, cgymk, AMADEY, YXEGFZ, Real Protect, Generic Reputation PUA, Detected, ai score=80, Wacatac, ABRisk, REZE, ZexaF, nrW@a8DxyCf, MachineLearning, Anomalous, Static AI, Malicious PE, PossibleThreat, confidence) | ||
| md5 | 293bdbec6a256c88eb2cfb4e46e892ae | ||
| sha256 | ad151a7ff1d02e3ff5043b3cc7c85d3e1d7961d012ec0950233f52601e76ff09 | ||
| ssdeep | 24576:5xIRF9sB8mDluB5N+RcZN69tJq/nTVJdFoa+Se/Z1K+BV4Ztnrm2FsiIRsyHtUoz:5HINUCe5CnrFyNPaugiAUXWeySlD | ||
| imphash | 106cbfdf6ab2fd719fc4ae78e1cb0910 | ||
| impfuzzy | 48:Ys6iu/o9b2yjl09Jp6rXdYWctWybWDmzF/b2An/TBDQPRdtjyBMQSLMA:Yhi+o9y8l0Tp6rXdYBtWwWDmFbapnjQ6 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 49 AntiVirus engines on VirusTotal as malicious |
| watch | Harvests credentials from local email clients |
| watch | Looks for the Windows Idle Time to determine the uptime |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ntdll.dll
0x43f220 NtWriteFile
0x43f224 NtQueryInformationProcess
0x43f228 RtlUnwind
0x43f22c RtlNtStatusToDosError
0x43f230 RtlGetVersion
0x43f234 NtQuerySystemInformation
0x43f238 RtlCaptureContext
kernel32.dll
0x43f0d0 HeapAlloc
0x43f0d4 ReadProcessMemory
0x43f0d8 SetUnhandledExceptionFilter
0x43f0dc TlsGetValue
0x43f0e0 TlsSetValue
0x43f0e4 CreateFileW
0x43f0e8 OpenProcess
0x43f0ec HeapFree
0x43f0f0 CloseHandle
0x43f0f4 InitializeSListHead
0x43f0f8 GetCurrentThreadId
0x43f0fc LocalFree
0x43f100 VirtualProtect
0x43f104 WriteProcessMemory
0x43f108 VirtualProtectEx
0x43f10c GetCurrentProcess
0x43f110 GetProcAddress
0x43f114 SleepConditionVariableSRW
0x43f118 TryAcquireSRWLockExclusive
0x43f11c IsDebuggerPresent
0x43f120 CheckRemoteDebuggerPresent
0x43f124 LoadLibraryA
0x43f128 GetProcessHeap
0x43f12c IsProcessorFeaturePresent
0x43f130 GetProcessIoCounters
0x43f134 GetLastError
0x43f138 WaitForSingleObject
0x43f13c UnhandledExceptionFilter
0x43f140 GetSystemTimes
0x43f144 FreeLibrary
0x43f148 EncodePointer
0x43f14c FormatMessageW
0x43f150 VirtualAlloc
0x43f154 DeleteCriticalSection
0x43f158 InitializeCriticalSectionAndSpinCount
0x43f15c LoadLibraryExW
0x43f160 ReleaseMutex
0x43f164 FindClose
0x43f168 ReleaseSRWLockShared
0x43f16c AddVectoredExceptionHandler
0x43f170 SetThreadStackGuarantee
0x43f174 SwitchToThread
0x43f178 Sleep
0x43f17c QueryPerformanceCounter
0x43f180 GetCurrentThread
0x43f184 SetLastError
0x43f188 GetCurrentDirectoryW
0x43f18c GetEnvironmentVariableW
0x43f190 GetComputerNameExW
0x43f194 GetProcessTimes
0x43f198 K32GetPerformanceInfo
0x43f19c GlobalMemoryStatusEx
0x43f1a0 VirtualQueryEx
0x43f1a4 RaiseException
0x43f1a8 GetSystemInfo
0x43f1ac ReleaseSRWLockExclusive
0x43f1b0 GetStdHandle
0x43f1b4 AcquireSRWLockExclusive
0x43f1b8 TerminateProcess
0x43f1bc WakeAllConditionVariable
0x43f1c0 WakeConditionVariable
0x43f1c4 HeapReAlloc
0x43f1c8 AcquireSRWLockShared
0x43f1cc WaitForSingleObjectEx
0x43f1d0 CreateMutexA
0x43f1d4 GetModuleHandleA
0x43f1d8 GetFileInformationByHandle
0x43f1dc GetFileInformationByHandleEx
0x43f1e0 FindFirstFileW
0x43f1e4 GetConsoleMode
0x43f1e8 LoadLibraryExA
0x43f1ec GetModuleHandleW
0x43f1f0 ExitProcess
0x43f1f4 GetFullPathNameW
0x43f1f8 MultiByteToWideChar
0x43f1fc WriteConsoleW
0x43f200 CreateThread
0x43f204 InitOnceBeginInitialize
0x43f208 TlsAlloc
0x43f20c InitOnceComplete
0x43f210 TlsFree
0x43f214 GetSystemTimeAsFileTime
0x43f218 GetCurrentProcessId
advapi32.dll
0x43f000 OpenProcessToken
0x43f004 RegOpenKeyExW
0x43f008 GetTokenInformation
0x43f00c RegQueryValueExW
0x43f010 SystemFunction036
0x43f014 AddAccessAllowedAce
0x43f018 SetSecurityInfo
0x43f01c InitializeAcl
0x43f020 IsValidSid
0x43f024 CopySid
0x43f028 GetLengthSid
0x43f02c RegCloseKey
pdh.dll
0x43f250 PdhCollectQueryData
0x43f254 PdhAddEnglishCounterW
0x43f258 PdhGetFormattedCounterValue
0x43f25c PdhRemoveCounter
0x43f260 PdhCloseQuery
0x43f264 PdhOpenQueryA
powrprof.dll
0x43f26c CallNtPowerInformation
oleaut32.dll
0x43f240 SysFreeString
0x43f244 GetErrorInfo
0x43f248 SysStringLen
psapi.dll
0x43f274 GetProcessMemoryInfo
0x43f278 GetModuleFileNameExW
shell32.dll
0x43f280 CommandLineToArgvW
crypt.dll
0x43f0c8 BCryptGenRandom
api-ms-win-crt-heap-l1-1-0.dll
0x43f034 malloc
0x43f038 calloc
0x43f03c _set_new_mode
0x43f040 free
api-ms-win-crt-string-l1-1-0.dll
0x43f0b8 strcpy_s
0x43f0bc wcsncmp
0x43f0c0 wcslen
api-ms-win-crt-runtime-l1-1-0.dll
0x43f058 _configure_narrow_argv
0x43f05c __p___argv
0x43f060 _cexit
0x43f064 _c_exit
0x43f068 __p___argc
0x43f06c _initialize_narrow_environment
0x43f070 _register_thread_local_exe_atexit_callback
0x43f074 abort
0x43f078 _set_app_type
0x43f07c _exit
0x43f080 _initterm_e
0x43f084 _initialize_onexit_table
0x43f088 _register_onexit_function
0x43f08c _crt_atexit
0x43f090 _controlfp_s
0x43f094 terminate
0x43f098 _get_initial_narrow_environment
0x43f09c _initterm
0x43f0a0 exit
0x43f0a4 _seh_filter_exe
api-ms-win-crt-math-l1-1-0.dll
0x43f050 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x43f0ac _set_fmode
0x43f0b0 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x43f048 _configthreadlocale
EAT(Export Address Table) is none
ntdll.dll
0x43f220 NtWriteFile
0x43f224 NtQueryInformationProcess
0x43f228 RtlUnwind
0x43f22c RtlNtStatusToDosError
0x43f230 RtlGetVersion
0x43f234 NtQuerySystemInformation
0x43f238 RtlCaptureContext
kernel32.dll
0x43f0d0 HeapAlloc
0x43f0d4 ReadProcessMemory
0x43f0d8 SetUnhandledExceptionFilter
0x43f0dc TlsGetValue
0x43f0e0 TlsSetValue
0x43f0e4 CreateFileW
0x43f0e8 OpenProcess
0x43f0ec HeapFree
0x43f0f0 CloseHandle
0x43f0f4 InitializeSListHead
0x43f0f8 GetCurrentThreadId
0x43f0fc LocalFree
0x43f100 VirtualProtect
0x43f104 WriteProcessMemory
0x43f108 VirtualProtectEx
0x43f10c GetCurrentProcess
0x43f110 GetProcAddress
0x43f114 SleepConditionVariableSRW
0x43f118 TryAcquireSRWLockExclusive
0x43f11c IsDebuggerPresent
0x43f120 CheckRemoteDebuggerPresent
0x43f124 LoadLibraryA
0x43f128 GetProcessHeap
0x43f12c IsProcessorFeaturePresent
0x43f130 GetProcessIoCounters
0x43f134 GetLastError
0x43f138 WaitForSingleObject
0x43f13c UnhandledExceptionFilter
0x43f140 GetSystemTimes
0x43f144 FreeLibrary
0x43f148 EncodePointer
0x43f14c FormatMessageW
0x43f150 VirtualAlloc
0x43f154 DeleteCriticalSection
0x43f158 InitializeCriticalSectionAndSpinCount
0x43f15c LoadLibraryExW
0x43f160 ReleaseMutex
0x43f164 FindClose
0x43f168 ReleaseSRWLockShared
0x43f16c AddVectoredExceptionHandler
0x43f170 SetThreadStackGuarantee
0x43f174 SwitchToThread
0x43f178 Sleep
0x43f17c QueryPerformanceCounter
0x43f180 GetCurrentThread
0x43f184 SetLastError
0x43f188 GetCurrentDirectoryW
0x43f18c GetEnvironmentVariableW
0x43f190 GetComputerNameExW
0x43f194 GetProcessTimes
0x43f198 K32GetPerformanceInfo
0x43f19c GlobalMemoryStatusEx
0x43f1a0 VirtualQueryEx
0x43f1a4 RaiseException
0x43f1a8 GetSystemInfo
0x43f1ac ReleaseSRWLockExclusive
0x43f1b0 GetStdHandle
0x43f1b4 AcquireSRWLockExclusive
0x43f1b8 TerminateProcess
0x43f1bc WakeAllConditionVariable
0x43f1c0 WakeConditionVariable
0x43f1c4 HeapReAlloc
0x43f1c8 AcquireSRWLockShared
0x43f1cc WaitForSingleObjectEx
0x43f1d0 CreateMutexA
0x43f1d4 GetModuleHandleA
0x43f1d8 GetFileInformationByHandle
0x43f1dc GetFileInformationByHandleEx
0x43f1e0 FindFirstFileW
0x43f1e4 GetConsoleMode
0x43f1e8 LoadLibraryExA
0x43f1ec GetModuleHandleW
0x43f1f0 ExitProcess
0x43f1f4 GetFullPathNameW
0x43f1f8 MultiByteToWideChar
0x43f1fc WriteConsoleW
0x43f200 CreateThread
0x43f204 InitOnceBeginInitialize
0x43f208 TlsAlloc
0x43f20c InitOnceComplete
0x43f210 TlsFree
0x43f214 GetSystemTimeAsFileTime
0x43f218 GetCurrentProcessId
advapi32.dll
0x43f000 OpenProcessToken
0x43f004 RegOpenKeyExW
0x43f008 GetTokenInformation
0x43f00c RegQueryValueExW
0x43f010 SystemFunction036
0x43f014 AddAccessAllowedAce
0x43f018 SetSecurityInfo
0x43f01c InitializeAcl
0x43f020 IsValidSid
0x43f024 CopySid
0x43f028 GetLengthSid
0x43f02c RegCloseKey
pdh.dll
0x43f250 PdhCollectQueryData
0x43f254 PdhAddEnglishCounterW
0x43f258 PdhGetFormattedCounterValue
0x43f25c PdhRemoveCounter
0x43f260 PdhCloseQuery
0x43f264 PdhOpenQueryA
powrprof.dll
0x43f26c CallNtPowerInformation
oleaut32.dll
0x43f240 SysFreeString
0x43f244 GetErrorInfo
0x43f248 SysStringLen
psapi.dll
0x43f274 GetProcessMemoryInfo
0x43f278 GetModuleFileNameExW
shell32.dll
0x43f280 CommandLineToArgvW
crypt.dll
0x43f0c8 BCryptGenRandom
api-ms-win-crt-heap-l1-1-0.dll
0x43f034 malloc
0x43f038 calloc
0x43f03c _set_new_mode
0x43f040 free
api-ms-win-crt-string-l1-1-0.dll
0x43f0b8 strcpy_s
0x43f0bc wcsncmp
0x43f0c0 wcslen
api-ms-win-crt-runtime-l1-1-0.dll
0x43f058 _configure_narrow_argv
0x43f05c __p___argv
0x43f060 _cexit
0x43f064 _c_exit
0x43f068 __p___argc
0x43f06c _initialize_narrow_environment
0x43f070 _register_thread_local_exe_atexit_callback
0x43f074 abort
0x43f078 _set_app_type
0x43f07c _exit
0x43f080 _initterm_e
0x43f084 _initialize_onexit_table
0x43f088 _register_onexit_function
0x43f08c _crt_atexit
0x43f090 _controlfp_s
0x43f094 terminate
0x43f098 _get_initial_narrow_environment
0x43f09c _initterm
0x43f0a0 exit
0x43f0a4 _seh_filter_exe
api-ms-win-crt-math-l1-1-0.dll
0x43f050 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x43f0ac _set_fmode
0x43f0b0 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x43f048 _configthreadlocale
EAT(Export Address Table) is none