ScreenShot
| Created | 2024.10.21 14:38 | Machine | s1_win7_x6401 |
| Filename | file.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 60 detected (AIDetectMalware, Hacktool, Malicious, score, Stop, GenericKDZ, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, high confidence, Kryptik, HGJC, TrojanX, Glupteba, Azorult, AntiAV, hynjhz, CLASSIC, AGEN, DownLoader34, Real Protect, Static AI, Malicious PE, NetTool, TorTool, Detected, Eldorado, MalPe, R352088, Lockbit, GdSda, Timw, MEBDccn6UDQ, HGGP, RansomWare) | ||
| md5 | fa3f3956695fa1ff108e351a4d75da65 | ||
| sha256 | d30e92d8cf21a0da2fe7689e665b53b80b789e11a5bb31f7e86c989bf639578f | ||
| ssdeep | 12288:NYeutcvs4g2TcRw3GRjnTLokV2XWgO8hFB:u3k74RASnfwGgO8h | ||
| imphash | 5014d12ccdf1d5f304fcc7fa38207338 | ||
| impfuzzy | 24:5bsjI1uav4D1h1wbIV4TweyOxS/PfkX+fcjlRt/OovaM+niDPJ3cjFQHRyv0T4D8:FuswekOx4K+fc/t2vM+ocb0cDZNIHES | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 60 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Trojan_Win32_Glupteba_1_Zero | Trojan Win32 Glupteba | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x401018 SetEndOfFile
0x40101c FindResourceExW
0x401020 HeapAlloc
0x401024 FindActCtxSectionGuid
0x401028 GetCurrentProcess
0x40102c WaitForSingleObject
0x401030 SetEvent
0x401034 GetModuleHandleW
0x401038 GetConsoleTitleA
0x40103c WriteFile
0x401040 GlobalAlloc
0x401044 Sleep
0x401048 FreeConsole
0x40104c ReadProcessMemory
0x401050 GetFileAttributesA
0x401054 lstrcpynW
0x401058 GetCPInfo
0x40105c SetSystemPowerState
0x401060 ReadFile
0x401064 SetConsoleTitleA
0x401068 BuildCommDCBW
0x40106c ResetEvent
0x401070 LocalAlloc
0x401074 OpenEventA
0x401078 WaitForMultipleObjects
0x40107c GetOEMCP
0x401080 GetModuleHandleA
0x401084 CreateMutexA
0x401088 GetPrivateProfileSectionA
0x40108c VirtualProtect
0x401090 ReleaseMutex
0x401094 SetFileShortNameA
0x401098 FindActCtxSectionStringW
0x40109c DeleteFileA
0x4010a0 CommConfigDialogA
0x4010a4 TryEnterCriticalSection
0x4010a8 CreateFileA
0x4010ac LocalReAlloc
0x4010b0 PulseEvent
0x4010b4 InterlockedIncrement
0x4010b8 InterlockedDecrement
0x4010bc InitializeCriticalSection
0x4010c0 DeleteCriticalSection
0x4010c4 EnterCriticalSection
0x4010c8 LeaveCriticalSection
0x4010cc GetLastError
0x4010d0 HeapFree
0x4010d4 TerminateProcess
0x4010d8 UnhandledExceptionFilter
0x4010dc SetUnhandledExceptionFilter
0x4010e0 IsDebuggerPresent
0x4010e4 GetCommandLineA
0x4010e8 GetStartupInfoA
0x4010ec RtlUnwind
0x4010f0 RaiseException
0x4010f4 LCMapStringA
0x4010f8 WideCharToMultiByte
0x4010fc MultiByteToWideChar
0x401100 LCMapStringW
0x401104 HeapCreate
0x401108 VirtualFree
0x40110c VirtualAlloc
0x401110 HeapReAlloc
0x401114 GetProcAddress
0x401118 TlsGetValue
0x40111c TlsAlloc
0x401120 TlsSetValue
0x401124 TlsFree
0x401128 SetLastError
0x40112c GetCurrentThreadId
0x401130 ExitProcess
0x401134 GetStdHandle
0x401138 GetModuleFileNameA
0x40113c FreeEnvironmentStringsA
0x401140 GetEnvironmentStrings
0x401144 FreeEnvironmentStringsW
0x401148 GetEnvironmentStringsW
0x40114c SetHandleCount
0x401150 GetFileType
0x401154 QueryPerformanceCounter
0x401158 GetTickCount
0x40115c GetCurrentProcessId
0x401160 GetSystemTimeAsFileTime
0x401164 HeapSize
0x401168 GetACP
0x40116c IsValidCodePage
0x401170 GetUserDefaultLCID
0x401174 GetLocaleInfoA
0x401178 EnumSystemLocalesA
0x40117c IsValidLocale
0x401180 GetStringTypeA
0x401184 GetStringTypeW
0x401188 SetFilePointer
0x40118c GetConsoleCP
0x401190 GetConsoleMode
0x401194 InitializeCriticalSectionAndSpinCount
0x401198 LoadLibraryA
0x40119c GetLocaleInfoW
0x4011a0 SetStdHandle
0x4011a4 WriteConsoleA
0x4011a8 GetConsoleOutputCP
0x4011ac WriteConsoleW
0x4011b0 FlushFileBuffers
0x4011b4 CloseHandle
ADVAPI32.dll
0x401000 AreAnyAccessesGranted
0x401004 BackupEventLogA
0x401008 AdjustTokenGroups
0x40100c MapGenericMask
0x401010 AdjustTokenPrivileges
EAT(Export Address Table) is none
KERNEL32.dll
0x401018 SetEndOfFile
0x40101c FindResourceExW
0x401020 HeapAlloc
0x401024 FindActCtxSectionGuid
0x401028 GetCurrentProcess
0x40102c WaitForSingleObject
0x401030 SetEvent
0x401034 GetModuleHandleW
0x401038 GetConsoleTitleA
0x40103c WriteFile
0x401040 GlobalAlloc
0x401044 Sleep
0x401048 FreeConsole
0x40104c ReadProcessMemory
0x401050 GetFileAttributesA
0x401054 lstrcpynW
0x401058 GetCPInfo
0x40105c SetSystemPowerState
0x401060 ReadFile
0x401064 SetConsoleTitleA
0x401068 BuildCommDCBW
0x40106c ResetEvent
0x401070 LocalAlloc
0x401074 OpenEventA
0x401078 WaitForMultipleObjects
0x40107c GetOEMCP
0x401080 GetModuleHandleA
0x401084 CreateMutexA
0x401088 GetPrivateProfileSectionA
0x40108c VirtualProtect
0x401090 ReleaseMutex
0x401094 SetFileShortNameA
0x401098 FindActCtxSectionStringW
0x40109c DeleteFileA
0x4010a0 CommConfigDialogA
0x4010a4 TryEnterCriticalSection
0x4010a8 CreateFileA
0x4010ac LocalReAlloc
0x4010b0 PulseEvent
0x4010b4 InterlockedIncrement
0x4010b8 InterlockedDecrement
0x4010bc InitializeCriticalSection
0x4010c0 DeleteCriticalSection
0x4010c4 EnterCriticalSection
0x4010c8 LeaveCriticalSection
0x4010cc GetLastError
0x4010d0 HeapFree
0x4010d4 TerminateProcess
0x4010d8 UnhandledExceptionFilter
0x4010dc SetUnhandledExceptionFilter
0x4010e0 IsDebuggerPresent
0x4010e4 GetCommandLineA
0x4010e8 GetStartupInfoA
0x4010ec RtlUnwind
0x4010f0 RaiseException
0x4010f4 LCMapStringA
0x4010f8 WideCharToMultiByte
0x4010fc MultiByteToWideChar
0x401100 LCMapStringW
0x401104 HeapCreate
0x401108 VirtualFree
0x40110c VirtualAlloc
0x401110 HeapReAlloc
0x401114 GetProcAddress
0x401118 TlsGetValue
0x40111c TlsAlloc
0x401120 TlsSetValue
0x401124 TlsFree
0x401128 SetLastError
0x40112c GetCurrentThreadId
0x401130 ExitProcess
0x401134 GetStdHandle
0x401138 GetModuleFileNameA
0x40113c FreeEnvironmentStringsA
0x401140 GetEnvironmentStrings
0x401144 FreeEnvironmentStringsW
0x401148 GetEnvironmentStringsW
0x40114c SetHandleCount
0x401150 GetFileType
0x401154 QueryPerformanceCounter
0x401158 GetTickCount
0x40115c GetCurrentProcessId
0x401160 GetSystemTimeAsFileTime
0x401164 HeapSize
0x401168 GetACP
0x40116c IsValidCodePage
0x401170 GetUserDefaultLCID
0x401174 GetLocaleInfoA
0x401178 EnumSystemLocalesA
0x40117c IsValidLocale
0x401180 GetStringTypeA
0x401184 GetStringTypeW
0x401188 SetFilePointer
0x40118c GetConsoleCP
0x401190 GetConsoleMode
0x401194 InitializeCriticalSectionAndSpinCount
0x401198 LoadLibraryA
0x40119c GetLocaleInfoW
0x4011a0 SetStdHandle
0x4011a4 WriteConsoleA
0x4011a8 GetConsoleOutputCP
0x4011ac WriteConsoleW
0x4011b0 FlushFileBuffers
0x4011b4 CloseHandle
ADVAPI32.dll
0x401000 AreAnyAccessesGranted
0x401004 BackupEventLogA
0x401008 AdjustTokenGroups
0x40100c MapGenericMask
0x401010 AdjustTokenPrivileges
EAT(Export Address Table) is none