ScreenShot
| Created | 2024.11.13 14:02 | Machine | s1_win7_x6401 |
| Filename | RuntimeBroker.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 29 detected (AIDetectMalware, GenericKD, Unsafe, FileRepMalware, Misc, Wacapew, Artemis, MALICIOUS, Chgt, R011H09HJ24, susgen, PossibleThreat) | ||
| md5 | dec397e36e9f5e8a47040adbbf04e20b | ||
| sha256 | 534fd2d6da5c361831eb7fbfd1b203fbb80cd363d33f69abc4eafc384bafdc5e | ||
| ssdeep | 12288:h/UFDH6aJ7iBSazaZh+jDiAzTImT/rux0GNDP2Fj:9AzFTCxTI+TI/Nz29 | ||
| imphash | 01e20355b5974d2d8443a426ccb6aad1 | ||
| impfuzzy | 24:9zS1jtFll3eDoFbJnc+qoEH8OovbOPZvv3jMK9:9zS1jtbpxlc+qL3tv9 | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
UnityPlayer.dll
0x40c108 UnityMain
KERNEL32.dll
0x40c008 QueryPerformanceCounter
0x40c00c GetCurrentProcessId
0x40c010 GetCurrentThreadId
0x40c014 GetSystemTimeAsFileTime
0x40c018 InitializeSListHead
0x40c01c IsDebuggerPresent
0x40c020 UnhandledExceptionFilter
0x40c024 SetUnhandledExceptionFilter
0x40c028 GetStartupInfoW
0x40c02c IsProcessorFeaturePresent
0x40c030 GetModuleHandleW
0x40c034 GetCurrentProcess
0x40c038 TerminateProcess
0x40c03c GetLastError
0x40c040 GetModuleFileNameW
0x40c044 InitializeCriticalSectionAndSpinCount
0x40c048 TlsAlloc
0x40c04c TlsGetValue
0x40c050 TlsSetValue
0x40c054 TlsFree
0x40c058 FreeLibrary
0x40c05c GetProcAddress
0x40c060 LoadLibraryExW
0x40c064 RtlUnwind
0x40c068 SetLastError
0x40c06c EnterCriticalSection
0x40c070 LeaveCriticalSection
0x40c074 DeleteCriticalSection
0x40c078 GetStdHandle
0x40c07c WriteFile
0x40c080 MultiByteToWideChar
0x40c084 WideCharToMultiByte
0x40c088 ExitProcess
0x40c08c GetModuleHandleExW
0x40c090 GetACP
0x40c094 HeapFree
0x40c098 HeapAlloc
0x40c09c CloseHandle
0x40c0a0 FindClose
0x40c0a4 FindFirstFileExW
0x40c0a8 FindNextFileW
0x40c0ac IsValidCodePage
0x40c0b0 GetOEMCP
0x40c0b4 GetCPInfo
0x40c0b8 GetCommandLineA
0x40c0bc GetCommandLineW
0x40c0c0 GetEnvironmentStringsW
0x40c0c4 FreeEnvironmentStringsW
0x40c0c8 LCMapStringW
0x40c0cc SetStdHandle
0x40c0d0 GetFileType
0x40c0d4 GetStringTypeW
0x40c0d8 GetProcessHeap
0x40c0dc HeapSize
0x40c0e0 HeapReAlloc
0x40c0e4 FlushFileBuffers
0x40c0e8 GetConsoleCP
0x40c0ec GetConsoleMode
0x40c0f0 SetFilePointerEx
0x40c0f4 WriteConsoleW
0x40c0f8 DecodePointer
0x40c0fc CreateFileW
0x40c100 RaiseException
ADVAPI32.dll
0x40c000 SystemFunction036
EAT(Export Address Table) Library
0x4127c0 AmdPowerXpressRequestHighPerformance
0x4127c4 NvOptimusEnablement
UnityPlayer.dll
0x40c108 UnityMain
KERNEL32.dll
0x40c008 QueryPerformanceCounter
0x40c00c GetCurrentProcessId
0x40c010 GetCurrentThreadId
0x40c014 GetSystemTimeAsFileTime
0x40c018 InitializeSListHead
0x40c01c IsDebuggerPresent
0x40c020 UnhandledExceptionFilter
0x40c024 SetUnhandledExceptionFilter
0x40c028 GetStartupInfoW
0x40c02c IsProcessorFeaturePresent
0x40c030 GetModuleHandleW
0x40c034 GetCurrentProcess
0x40c038 TerminateProcess
0x40c03c GetLastError
0x40c040 GetModuleFileNameW
0x40c044 InitializeCriticalSectionAndSpinCount
0x40c048 TlsAlloc
0x40c04c TlsGetValue
0x40c050 TlsSetValue
0x40c054 TlsFree
0x40c058 FreeLibrary
0x40c05c GetProcAddress
0x40c060 LoadLibraryExW
0x40c064 RtlUnwind
0x40c068 SetLastError
0x40c06c EnterCriticalSection
0x40c070 LeaveCriticalSection
0x40c074 DeleteCriticalSection
0x40c078 GetStdHandle
0x40c07c WriteFile
0x40c080 MultiByteToWideChar
0x40c084 WideCharToMultiByte
0x40c088 ExitProcess
0x40c08c GetModuleHandleExW
0x40c090 GetACP
0x40c094 HeapFree
0x40c098 HeapAlloc
0x40c09c CloseHandle
0x40c0a0 FindClose
0x40c0a4 FindFirstFileExW
0x40c0a8 FindNextFileW
0x40c0ac IsValidCodePage
0x40c0b0 GetOEMCP
0x40c0b4 GetCPInfo
0x40c0b8 GetCommandLineA
0x40c0bc GetCommandLineW
0x40c0c0 GetEnvironmentStringsW
0x40c0c4 FreeEnvironmentStringsW
0x40c0c8 LCMapStringW
0x40c0cc SetStdHandle
0x40c0d0 GetFileType
0x40c0d4 GetStringTypeW
0x40c0d8 GetProcessHeap
0x40c0dc HeapSize
0x40c0e0 HeapReAlloc
0x40c0e4 FlushFileBuffers
0x40c0e8 GetConsoleCP
0x40c0ec GetConsoleMode
0x40c0f0 SetFilePointerEx
0x40c0f4 WriteConsoleW
0x40c0f8 DecodePointer
0x40c0fc CreateFileW
0x40c100 RaiseException
ADVAPI32.dll
0x40c000 SystemFunction036
EAT(Export Address Table) Library
0x4127c0 AmdPowerXpressRequestHighPerformance
0x4127c4 NvOptimusEnablement