ScreenShot
| Created | 2024.10.20 09:47 | Machine | s1_win7_x6401 |
| Filename | cain2.0_win9x.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 48 detected (Cain, Malicious, score, Generic PUP, Misc, HackTool, CainAbel, Unsafe, Pwcrack, PSWTool, Nessuna a, Attribute, HighConfidence, AC potentially unsafe, hrrt, CLOUD, SPNR, 03J313, Tool, Detected, PSWTroj, Malware@#1r0rynemlcwd0, PSCW, Abuse, Worry, Gencirc, i0zephSGxB8, susgen) | ||
| md5 | a14185fafc1a0a433752a75c0b8ce15d | ||
| sha256 | 970fde28edb741dca6f838f55ad56fb4d614f6f7dd6beab25137f5f6535ad81c | ||
| ssdeep | 12288:iBSOEvY6xJk2GcHCuXFb7pDdBaKFJKa1xZ+sOY2mDCE5ktP/wPwr9UlaE4N:ZvY6xrGciqbdjaKFJKaHZ2YZDCES/frT | ||
| imphash | 80e39e4a5aae5758f11c19884114f191 | ||
| impfuzzy | 48:RKtJOKzDOY54u0QlSeCK5KQnBES5/1XQolr:RKzfzDkRw5R | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4081bc LoadLibraryA
0x4081c0 _lopen
0x4081c4 _lcreat
0x4081c8 lstrcpyA
0x4081cc GetProcAddress
0x4081d0 _lclose
0x4081d4 lstrlenA
0x4081d8 GetWindowsDirectoryA
0x4081dc GlobalHandle
0x4081e0 _lwrite
0x4081e4 _llseek
0x4081e8 FreeLibrary
0x4081ec WinExec
0x4081f0 GlobalFree
0x4081f4 _lread
0x4081f8 GlobalUnlock
0x4081fc GetModuleFileNameA
0x408200 SetErrorMode
0x408204 GlobalLock
0x408208 GetLastError
0x40820c GetCurrentProcess
0x408210 WriteFile
0x408214 GetStdHandle
0x408218 GetFileType
0x40821c SetHandleCount
0x408220 GetOEMCP
0x408224 GetACP
0x408228 GetCPInfo
0x40822c WideCharToMultiByte
0x408230 GetEnvironmentStringsW
0x408234 GlobalAlloc
0x408238 DeleteFileA
0x40823c FreeEnvironmentStringsA
0x408240 GetEnvironmentStrings
0x408244 RtlUnwind
0x408248 VirtualAlloc
0x40824c UnhandledExceptionFilter
0x408250 HeapCreate
0x408254 HeapDestroy
0x408258 HeapAlloc
0x40825c HeapFree
0x408260 ExitProcess
0x408264 TerminateProcess
0x408268 FreeEnvironmentStringsW
0x40826c VirtualFree
0x408270 GetFileAttributesA
0x408274 GetModuleHandleA
0x408278 GetStartupInfoA
0x40827c GetCommandLineA
0x408280 GetVersion
USER32.dll
0x408288 ExitWindowsEx
0x40828c LoadCursorA
0x408290 MessageBoxA
0x408294 RegisterClassA
0x408298 SetWindowPos
0x40829c LoadIconA
0x4082a0 UpdateWindow
0x4082a4 ShowWindow
0x4082a8 ReleaseDC
0x4082ac wsprintfA
0x4082b0 PostQuitMessage
0x4082b4 BeginPaint
0x4082b8 EndPaint
0x4082bc DefWindowProcA
0x4082c0 SendMessageA
0x4082c4 InvalidateRect
0x4082c8 GetClientRect
0x4082cc CreateWindowExA
0x4082d0 GetDC
GDI32.dll
0x408194 DeleteObject
0x408198 GetDeviceCaps
0x40819c RealizePalette
0x4081a0 GetStockObject
0x4081a4 SelectObject
0x4081a8 PatBlt
0x4081ac SelectPalette
0x4081b0 CreatePalette
0x4081b4 CreateSolidBrush
EAT(Export Address Table) Library
0x402811 _MainWndProc@16
0x402d0c _StubFileWrite@12
KERNEL32.dll
0x4081bc LoadLibraryA
0x4081c0 _lopen
0x4081c4 _lcreat
0x4081c8 lstrcpyA
0x4081cc GetProcAddress
0x4081d0 _lclose
0x4081d4 lstrlenA
0x4081d8 GetWindowsDirectoryA
0x4081dc GlobalHandle
0x4081e0 _lwrite
0x4081e4 _llseek
0x4081e8 FreeLibrary
0x4081ec WinExec
0x4081f0 GlobalFree
0x4081f4 _lread
0x4081f8 GlobalUnlock
0x4081fc GetModuleFileNameA
0x408200 SetErrorMode
0x408204 GlobalLock
0x408208 GetLastError
0x40820c GetCurrentProcess
0x408210 WriteFile
0x408214 GetStdHandle
0x408218 GetFileType
0x40821c SetHandleCount
0x408220 GetOEMCP
0x408224 GetACP
0x408228 GetCPInfo
0x40822c WideCharToMultiByte
0x408230 GetEnvironmentStringsW
0x408234 GlobalAlloc
0x408238 DeleteFileA
0x40823c FreeEnvironmentStringsA
0x408240 GetEnvironmentStrings
0x408244 RtlUnwind
0x408248 VirtualAlloc
0x40824c UnhandledExceptionFilter
0x408250 HeapCreate
0x408254 HeapDestroy
0x408258 HeapAlloc
0x40825c HeapFree
0x408260 ExitProcess
0x408264 TerminateProcess
0x408268 FreeEnvironmentStringsW
0x40826c VirtualFree
0x408270 GetFileAttributesA
0x408274 GetModuleHandleA
0x408278 GetStartupInfoA
0x40827c GetCommandLineA
0x408280 GetVersion
USER32.dll
0x408288 ExitWindowsEx
0x40828c LoadCursorA
0x408290 MessageBoxA
0x408294 RegisterClassA
0x408298 SetWindowPos
0x40829c LoadIconA
0x4082a0 UpdateWindow
0x4082a4 ShowWindow
0x4082a8 ReleaseDC
0x4082ac wsprintfA
0x4082b0 PostQuitMessage
0x4082b4 BeginPaint
0x4082b8 EndPaint
0x4082bc DefWindowProcA
0x4082c0 SendMessageA
0x4082c4 InvalidateRect
0x4082c8 GetClientRect
0x4082cc CreateWindowExA
0x4082d0 GetDC
GDI32.dll
0x408194 DeleteObject
0x408198 GetDeviceCaps
0x40819c RealizePalette
0x4081a0 GetStockObject
0x4081a4 SelectObject
0x4081a8 PatBlt
0x4081ac SelectPalette
0x4081b0 CreatePalette
0x4081b4 CreateSolidBrush
EAT(Export Address Table) Library
0x402811 _MainWndProc@16
0x402d0c _StubFileWrite@12