ScreenShot
| Created | 2024.08.28 12:28 | Machine | s1_win7_x6403 |
| Filename | MsMpEng.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 40 detected (AIDetectMalware, Guloader, Malicious, score, Artemis, Unsafe, Nemesis, Vvo8, high confidence, NSIS, yesuf, YXEH1Z, high, Detected, ai score=88, Noon, Caynamer, C5R2, Chgt) | ||
| md5 | bd36e9fc7144e50088bdcb08f842d4ae | ||
| sha256 | 6c2a3e01a55bea6e2b5f155b42808c1eeba5d769ba580c496a2d79f04701941a | ||
| ssdeep | 12288:i853wf/iU5Urey5O5viNdo3RuDnEFheCY2eAuVLZEqhaH/e5:i+wN40vi7o3AgMC8AuVLZEk | ||
| imphash | dd68e663380c71f66b512f005f1be7ec | ||
| impfuzzy | 48:4DjFshcnh80DTx4+tt5zL7X8ErFAall/eSv6U0Llly0Q+O95ACy1x/f4wtQ54oEf:4/Fskic7ypu4A4JQI5u6 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 40 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| info | Checks amount of memory in system |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Suspicious_Obfuscation_Script_2 | Suspicious obfuscation script (e.g. executable files) | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x408000 RegCloseKey
0x408004 RegDeleteKeyA
0x408008 RegDeleteValueA
0x40800c RegEnumKeyA
0x408010 RegEnumValueA
0x408014 RegQueryValueExA
0x408018 RegSetValueExA
0x40801c OpenProcessToken
0x408020 AdjustTokenPrivileges
0x408024 LookupPrivilegeValueA
0x408028 RegCreateKeyExA
0x40802c RegOpenKeyExA
SHELL32.dll
0x408168 SHBrowseForFolderA
0x40816c SHFileOperationA
0x408170 SHGetPathFromIDListA
0x408174 SHGetFileInfoA
0x408178 ShellExecuteExA
ole32.dll
0x40827c OleUninitialize
0x408280 IIDFromString
0x408284 OleInitialize
0x408288 CoTaskMemFree
0x40828c CoCreateInstance
COMCTL32.dll
0x408034 None
0x408038 ImageList_Create
0x40803c ImageList_Destroy
0x408040 ImageList_AddMasked
USER32.dll
0x408180 DispatchMessageA
0x408184 SystemParametersInfoA
0x408188 LoadCursorA
0x40818c SetClassLongA
0x408190 GetSysColor
0x408194 ScreenToClient
0x408198 SetCursor
0x40819c GetWindowRect
0x4081a0 TrackPopupMenu
0x4081a4 AppendMenuA
0x4081a8 EnableMenuItem
0x4081ac CreatePopupMenu
0x4081b0 GetSystemMenu
0x4081b4 GetSystemMetrics
0x4081b8 IsWindowEnabled
0x4081bc EmptyClipboard
0x4081c0 SetClipboardData
0x4081c4 CloseClipboard
0x4081c8 OpenClipboard
0x4081cc CheckDlgButton
0x4081d0 EndDialog
0x4081d4 DialogBoxParamA
0x4081d8 IsWindowVisible
0x4081dc SetWindowPos
0x4081e0 CreateWindowExA
0x4081e4 GetClassInfoA
0x4081e8 RegisterClassA
0x4081ec PeekMessageA
0x4081f0 GetMessagePos
0x4081f4 CharNextA
0x4081f8 ExitWindowsEx
0x4081fc SetWindowTextA
0x408200 SetTimer
0x408204 CreateDialogParamA
0x408208 DestroyWindow
0x40820c LoadImageA
0x408210 FindWindowExA
0x408214 SetWindowLongA
0x408218 InvalidateRect
0x40821c ReleaseDC
0x408220 GetDC
0x408224 SetForegroundWindow
0x408228 EnableWindow
0x40822c GetDlgItem
0x408230 ShowWindow
0x408234 IsWindow
0x408238 PostQuitMessage
0x40823c SendMessageTimeoutA
0x408240 SendMessageA
0x408244 wsprintfA
0x408248 FillRect
0x40824c GetClientRect
0x408250 EndPaint
0x408254 BeginPaint
0x408258 DrawTextA
0x40825c DefWindowProcA
0x408260 SetDlgItemTextA
0x408264 GetDlgItemTextA
0x408268 MessageBoxIndirectA
0x40826c CallWindowProcA
0x408270 CharPrevA
0x408274 GetWindowLongA
GDI32.dll
0x408048 GetDeviceCaps
0x40804c SetBkColor
0x408050 CreateBrushIndirect
0x408054 SetTextColor
0x408058 SetBkMode
0x40805c SelectObject
0x408060 DeleteObject
0x408064 CreateFontIndirectA
KERNEL32.dll
0x40806c GetTempFileNameA
0x408070 GetLastError
0x408074 WaitForSingleObject
0x408078 RemoveDirectoryA
0x40807c ReadFile
0x408080 CreateFileA
0x408084 CreateDirectoryA
0x408088 lstrcpynA
0x40808c GlobalLock
0x408090 GlobalUnlock
0x408094 CreateThread
0x408098 GetDiskFreeSpaceA
0x40809c CopyFileA
0x4080a0 lstrlenA
0x4080a4 GetVersionExA
0x4080a8 GetWindowsDirectoryA
0x4080ac ExitProcess
0x4080b0 GetCurrentProcess
0x4080b4 GetExitCodeProcess
0x4080b8 GetTempPathA
0x4080bc SetEnvironmentVariableA
0x4080c0 GetCommandLineA
0x4080c4 GetModuleFileNameA
0x4080c8 GetTickCount
0x4080cc GetFileSize
0x4080d0 MultiByteToWideChar
0x4080d4 MoveFileA
0x4080d8 WritePrivateProfileStringA
0x4080dc GetPrivateProfileStringA
0x4080e0 lstrcmpiA
0x4080e4 lstrcmpA
0x4080e8 MulDiv
0x4080ec GetShortPathNameA
0x4080f0 GlobalFree
0x4080f4 GlobalAlloc
0x4080f8 LoadLibraryExA
0x4080fc GetModuleHandleA
0x408100 FreeLibrary
0x408104 Sleep
0x408108 CloseHandle
0x40810c SetFileTime
0x408110 SetFilePointer
0x408114 SetFileAttributesA
0x408118 GetFullPathNameA
0x40811c GetFileAttributesA
0x408120 FindNextFileA
0x408124 FindFirstFileA
0x408128 FindClose
0x40812c DeleteFileA
0x408130 CompareFileTime
0x408134 SearchPathA
0x408138 SetCurrentDirectoryA
0x40813c ExpandEnvironmentStringsA
0x408140 WriteFile
0x408144 CreateProcessA
0x408148 WideCharToMultiByte
0x40814c GetSystemDirectoryA
0x408150 GetProcAddress
0x408154 lstrcpyA
0x408158 lstrcatA
0x40815c MoveFileExA
0x408160 SetErrorMode
EAT(Export Address Table) is none
ADVAPI32.dll
0x408000 RegCloseKey
0x408004 RegDeleteKeyA
0x408008 RegDeleteValueA
0x40800c RegEnumKeyA
0x408010 RegEnumValueA
0x408014 RegQueryValueExA
0x408018 RegSetValueExA
0x40801c OpenProcessToken
0x408020 AdjustTokenPrivileges
0x408024 LookupPrivilegeValueA
0x408028 RegCreateKeyExA
0x40802c RegOpenKeyExA
SHELL32.dll
0x408168 SHBrowseForFolderA
0x40816c SHFileOperationA
0x408170 SHGetPathFromIDListA
0x408174 SHGetFileInfoA
0x408178 ShellExecuteExA
ole32.dll
0x40827c OleUninitialize
0x408280 IIDFromString
0x408284 OleInitialize
0x408288 CoTaskMemFree
0x40828c CoCreateInstance
COMCTL32.dll
0x408034 None
0x408038 ImageList_Create
0x40803c ImageList_Destroy
0x408040 ImageList_AddMasked
USER32.dll
0x408180 DispatchMessageA
0x408184 SystemParametersInfoA
0x408188 LoadCursorA
0x40818c SetClassLongA
0x408190 GetSysColor
0x408194 ScreenToClient
0x408198 SetCursor
0x40819c GetWindowRect
0x4081a0 TrackPopupMenu
0x4081a4 AppendMenuA
0x4081a8 EnableMenuItem
0x4081ac CreatePopupMenu
0x4081b0 GetSystemMenu
0x4081b4 GetSystemMetrics
0x4081b8 IsWindowEnabled
0x4081bc EmptyClipboard
0x4081c0 SetClipboardData
0x4081c4 CloseClipboard
0x4081c8 OpenClipboard
0x4081cc CheckDlgButton
0x4081d0 EndDialog
0x4081d4 DialogBoxParamA
0x4081d8 IsWindowVisible
0x4081dc SetWindowPos
0x4081e0 CreateWindowExA
0x4081e4 GetClassInfoA
0x4081e8 RegisterClassA
0x4081ec PeekMessageA
0x4081f0 GetMessagePos
0x4081f4 CharNextA
0x4081f8 ExitWindowsEx
0x4081fc SetWindowTextA
0x408200 SetTimer
0x408204 CreateDialogParamA
0x408208 DestroyWindow
0x40820c LoadImageA
0x408210 FindWindowExA
0x408214 SetWindowLongA
0x408218 InvalidateRect
0x40821c ReleaseDC
0x408220 GetDC
0x408224 SetForegroundWindow
0x408228 EnableWindow
0x40822c GetDlgItem
0x408230 ShowWindow
0x408234 IsWindow
0x408238 PostQuitMessage
0x40823c SendMessageTimeoutA
0x408240 SendMessageA
0x408244 wsprintfA
0x408248 FillRect
0x40824c GetClientRect
0x408250 EndPaint
0x408254 BeginPaint
0x408258 DrawTextA
0x40825c DefWindowProcA
0x408260 SetDlgItemTextA
0x408264 GetDlgItemTextA
0x408268 MessageBoxIndirectA
0x40826c CallWindowProcA
0x408270 CharPrevA
0x408274 GetWindowLongA
GDI32.dll
0x408048 GetDeviceCaps
0x40804c SetBkColor
0x408050 CreateBrushIndirect
0x408054 SetTextColor
0x408058 SetBkMode
0x40805c SelectObject
0x408060 DeleteObject
0x408064 CreateFontIndirectA
KERNEL32.dll
0x40806c GetTempFileNameA
0x408070 GetLastError
0x408074 WaitForSingleObject
0x408078 RemoveDirectoryA
0x40807c ReadFile
0x408080 CreateFileA
0x408084 CreateDirectoryA
0x408088 lstrcpynA
0x40808c GlobalLock
0x408090 GlobalUnlock
0x408094 CreateThread
0x408098 GetDiskFreeSpaceA
0x40809c CopyFileA
0x4080a0 lstrlenA
0x4080a4 GetVersionExA
0x4080a8 GetWindowsDirectoryA
0x4080ac ExitProcess
0x4080b0 GetCurrentProcess
0x4080b4 GetExitCodeProcess
0x4080b8 GetTempPathA
0x4080bc SetEnvironmentVariableA
0x4080c0 GetCommandLineA
0x4080c4 GetModuleFileNameA
0x4080c8 GetTickCount
0x4080cc GetFileSize
0x4080d0 MultiByteToWideChar
0x4080d4 MoveFileA
0x4080d8 WritePrivateProfileStringA
0x4080dc GetPrivateProfileStringA
0x4080e0 lstrcmpiA
0x4080e4 lstrcmpA
0x4080e8 MulDiv
0x4080ec GetShortPathNameA
0x4080f0 GlobalFree
0x4080f4 GlobalAlloc
0x4080f8 LoadLibraryExA
0x4080fc GetModuleHandleA
0x408100 FreeLibrary
0x408104 Sleep
0x408108 CloseHandle
0x40810c SetFileTime
0x408110 SetFilePointer
0x408114 SetFileAttributesA
0x408118 GetFullPathNameA
0x40811c GetFileAttributesA
0x408120 FindNextFileA
0x408124 FindFirstFileA
0x408128 FindClose
0x40812c DeleteFileA
0x408130 CompareFileTime
0x408134 SearchPathA
0x408138 SetCurrentDirectoryA
0x40813c ExpandEnvironmentStringsA
0x408140 WriteFile
0x408144 CreateProcessA
0x408148 WideCharToMultiByte
0x40814c GetSystemDirectoryA
0x408150 GetProcAddress
0x408154 lstrcpyA
0x408158 lstrcatA
0x40815c MoveFileExA
0x408160 SetErrorMode
EAT(Export Address Table) is none