ScreenShot
| Created | 2024.11.18 09:31 | Machine | s1_win7_x6401 |
| Filename | stories.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 42 detected (AIDetectMalware, Ekstak, Malicious, score, GenericKD, Unsafe, grayware, confidence, moderate confidence, multiple detections, ayznk, ICLoader, bkska, SOCKSSYSTEMZ, YXEKOZ, Generic Reputation PUA, Wacatac, Kryptik, K6ME2K, Artemis, Iqil, NDAoF) | ||
| md5 | cbb34d95217826f4ad877e7e7a46b69c | ||
| sha256 | 707b321c42fbaa91cf41a9b41c85f3b56c7326cb32f40fc495f17df83b21cbed | ||
| ssdeep | 98304:PX4wRX+gNnYLzYhrMfgiBB3owncvnuOK+VWUhFh6J3GB4VVPYhpYEFyazx1G0:vnRX+gNnYvgHycaYwTVVPQyaB | ||
| imphash | eb5bc6ff6263b364dfbfb78bdb48ed59 | ||
| impfuzzy | 48:ukHAxN9RJjD3vF9X1RfOz9O1hr8XNVXGSHAS4Fo/g/vEj5MlVNb7q/cE:ukH+NbJj7N9X1tOz9Yhr8XbMlVNb7CcE | ||
Network IP location
Signature (12cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 42 AntiVirus engines on VirusTotal as malicious |
| watch | Deletes executed files from disk |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | Queries for potentially installed applications |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Checks if process is being debugged by a debugger |
| info | Command line console output was observed |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (18cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (download) |
| danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (upload) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (download) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (download) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x4b42e0 GetACP
0x4b42e4 GetExitCodeProcess
0x4b42e8 LocalFree
0x4b42ec CloseHandle
0x4b42f0 SizeofResource
0x4b42f4 VirtualProtect
0x4b42f8 VirtualFree
0x4b42fc GetFullPathNameW
0x4b4300 ExitProcess
0x4b4304 HeapAlloc
0x4b4308 GetCPInfoExW
0x4b430c RtlUnwind
0x4b4310 GetCPInfo
0x4b4314 GetStdHandle
0x4b4318 GetModuleHandleW
0x4b431c FreeLibrary
0x4b4320 HeapDestroy
0x4b4324 ReadFile
0x4b4328 CreateProcessW
0x4b432c GetLastError
0x4b4330 GetModuleFileNameW
0x4b4334 SetLastError
0x4b4338 FindResourceW
0x4b433c CreateThread
0x4b4340 CompareStringW
0x4b4344 LoadLibraryA
0x4b4348 ResetEvent
0x4b434c GetVersion
0x4b4350 RaiseException
0x4b4354 FormatMessageW
0x4b4358 SwitchToThread
0x4b435c GetExitCodeThread
0x4b4360 GetCurrentThread
0x4b4364 LoadLibraryExW
0x4b4368 LockResource
0x4b436c GetCurrentThreadId
0x4b4370 UnhandledExceptionFilter
0x4b4374 VirtualQuery
0x4b4378 VirtualQueryEx
0x4b437c Sleep
0x4b4380 EnterCriticalSection
0x4b4384 SetFilePointer
0x4b4388 LoadResource
0x4b438c SuspendThread
0x4b4390 GetTickCount
0x4b4394 GetFileSize
0x4b4398 GetStartupInfoW
0x4b439c GetFileAttributesW
0x4b43a0 InitializeCriticalSection
0x4b43a4 GetThreadPriority
0x4b43a8 SetThreadPriority
0x4b43ac GetCurrentProcess
0x4b43b0 VirtualAlloc
0x4b43b4 GetSystemInfo
0x4b43b8 GetCommandLineW
0x4b43bc LeaveCriticalSection
0x4b43c0 GetProcAddress
0x4b43c4 ResumeThread
0x4b43c8 GetVersionExW
0x4b43cc VerifyVersionInfoW
0x4b43d0 HeapCreate
0x4b43d4 GetWindowsDirectoryW
0x4b43d8 VerSetConditionMask
0x4b43dc GetDiskFreeSpaceW
0x4b43e0 FindFirstFileW
0x4b43e4 GetUserDefaultUILanguage
0x4b43e8 lstrlenW
0x4b43ec QueryPerformanceCounter
0x4b43f0 SetEndOfFile
0x4b43f4 HeapFree
0x4b43f8 WideCharToMultiByte
0x4b43fc FindClose
0x4b4400 MultiByteToWideChar
0x4b4404 LoadLibraryW
0x4b4408 SetEvent
0x4b440c CreateFileW
0x4b4410 GetLocaleInfoW
0x4b4414 GetSystemDirectoryW
0x4b4418 DeleteFileW
0x4b441c GetLocalTime
0x4b4420 GetEnvironmentVariableW
0x4b4424 WaitForSingleObject
0x4b4428 WriteFile
0x4b442c ExitThread
0x4b4430 DeleteCriticalSection
0x4b4434 TlsGetValue
0x4b4438 GetDateFormatW
0x4b443c SetErrorMode
0x4b4440 IsValidLocale
0x4b4444 TlsSetValue
0x4b4448 CreateDirectoryW
0x4b444c GetSystemDefaultUILanguage
0x4b4450 EnumCalendarInfoW
0x4b4454 LocalAlloc
0x4b4458 GetUserDefaultLangID
0x4b445c RemoveDirectoryW
0x4b4460 CreateEventW
0x4b4464 SetThreadLocale
0x4b4468 GetThreadLocale
comctl32.dll
0x4b4470 InitCommonControls
version.dll
0x4b4478 GetFileVersionInfoSizeW
0x4b447c VerQueryValueW
0x4b4480 GetFileVersionInfoW
user32.dll
0x4b4488 CreateWindowExW
0x4b448c TranslateMessage
0x4b4490 CharLowerBuffW
0x4b4494 CallWindowProcW
0x4b4498 CharUpperW
0x4b449c PeekMessageW
0x4b44a0 GetSystemMetrics
0x4b44a4 SetWindowLongW
0x4b44a8 MessageBoxW
0x4b44ac DestroyWindow
0x4b44b0 CharNextW
0x4b44b4 MsgWaitForMultipleObjects
0x4b44b8 LoadStringW
0x4b44bc ExitWindowsEx
0x4b44c0 DispatchMessageW
oleaut32.dll
0x4b44c8 SysAllocStringLen
0x4b44cc SafeArrayPtrOfIndex
0x4b44d0 VariantCopy
0x4b44d4 SafeArrayGetLBound
0x4b44d8 SafeArrayGetUBound
0x4b44dc VariantInit
0x4b44e0 VariantClear
0x4b44e4 SysFreeString
0x4b44e8 SysReAllocStringLen
0x4b44ec VariantChangeType
0x4b44f0 SafeArrayCreate
netapi32.dll
0x4b44f8 NetWkstaGetInfo
0x4b44fc NetApiBufferFree
advapi32.dll
0x4b4504 RegQueryValueExW
0x4b4508 AdjustTokenPrivileges
0x4b450c LookupPrivilegeValueW
0x4b4510 RegCloseKey
0x4b4514 OpenProcessToken
0x4b4518 RegOpenKeyExW
EAT(Export Address Table) Library
0x453abc TMethodImplementationIntercept
0x40d3dc __dbk_fcall_wrapper
0x4b063c dbkFCallWrapperAddr
kernel32.dll
0x4b42e0 GetACP
0x4b42e4 GetExitCodeProcess
0x4b42e8 LocalFree
0x4b42ec CloseHandle
0x4b42f0 SizeofResource
0x4b42f4 VirtualProtect
0x4b42f8 VirtualFree
0x4b42fc GetFullPathNameW
0x4b4300 ExitProcess
0x4b4304 HeapAlloc
0x4b4308 GetCPInfoExW
0x4b430c RtlUnwind
0x4b4310 GetCPInfo
0x4b4314 GetStdHandle
0x4b4318 GetModuleHandleW
0x4b431c FreeLibrary
0x4b4320 HeapDestroy
0x4b4324 ReadFile
0x4b4328 CreateProcessW
0x4b432c GetLastError
0x4b4330 GetModuleFileNameW
0x4b4334 SetLastError
0x4b4338 FindResourceW
0x4b433c CreateThread
0x4b4340 CompareStringW
0x4b4344 LoadLibraryA
0x4b4348 ResetEvent
0x4b434c GetVersion
0x4b4350 RaiseException
0x4b4354 FormatMessageW
0x4b4358 SwitchToThread
0x4b435c GetExitCodeThread
0x4b4360 GetCurrentThread
0x4b4364 LoadLibraryExW
0x4b4368 LockResource
0x4b436c GetCurrentThreadId
0x4b4370 UnhandledExceptionFilter
0x4b4374 VirtualQuery
0x4b4378 VirtualQueryEx
0x4b437c Sleep
0x4b4380 EnterCriticalSection
0x4b4384 SetFilePointer
0x4b4388 LoadResource
0x4b438c SuspendThread
0x4b4390 GetTickCount
0x4b4394 GetFileSize
0x4b4398 GetStartupInfoW
0x4b439c GetFileAttributesW
0x4b43a0 InitializeCriticalSection
0x4b43a4 GetThreadPriority
0x4b43a8 SetThreadPriority
0x4b43ac GetCurrentProcess
0x4b43b0 VirtualAlloc
0x4b43b4 GetSystemInfo
0x4b43b8 GetCommandLineW
0x4b43bc LeaveCriticalSection
0x4b43c0 GetProcAddress
0x4b43c4 ResumeThread
0x4b43c8 GetVersionExW
0x4b43cc VerifyVersionInfoW
0x4b43d0 HeapCreate
0x4b43d4 GetWindowsDirectoryW
0x4b43d8 VerSetConditionMask
0x4b43dc GetDiskFreeSpaceW
0x4b43e0 FindFirstFileW
0x4b43e4 GetUserDefaultUILanguage
0x4b43e8 lstrlenW
0x4b43ec QueryPerformanceCounter
0x4b43f0 SetEndOfFile
0x4b43f4 HeapFree
0x4b43f8 WideCharToMultiByte
0x4b43fc FindClose
0x4b4400 MultiByteToWideChar
0x4b4404 LoadLibraryW
0x4b4408 SetEvent
0x4b440c CreateFileW
0x4b4410 GetLocaleInfoW
0x4b4414 GetSystemDirectoryW
0x4b4418 DeleteFileW
0x4b441c GetLocalTime
0x4b4420 GetEnvironmentVariableW
0x4b4424 WaitForSingleObject
0x4b4428 WriteFile
0x4b442c ExitThread
0x4b4430 DeleteCriticalSection
0x4b4434 TlsGetValue
0x4b4438 GetDateFormatW
0x4b443c SetErrorMode
0x4b4440 IsValidLocale
0x4b4444 TlsSetValue
0x4b4448 CreateDirectoryW
0x4b444c GetSystemDefaultUILanguage
0x4b4450 EnumCalendarInfoW
0x4b4454 LocalAlloc
0x4b4458 GetUserDefaultLangID
0x4b445c RemoveDirectoryW
0x4b4460 CreateEventW
0x4b4464 SetThreadLocale
0x4b4468 GetThreadLocale
comctl32.dll
0x4b4470 InitCommonControls
version.dll
0x4b4478 GetFileVersionInfoSizeW
0x4b447c VerQueryValueW
0x4b4480 GetFileVersionInfoW
user32.dll
0x4b4488 CreateWindowExW
0x4b448c TranslateMessage
0x4b4490 CharLowerBuffW
0x4b4494 CallWindowProcW
0x4b4498 CharUpperW
0x4b449c PeekMessageW
0x4b44a0 GetSystemMetrics
0x4b44a4 SetWindowLongW
0x4b44a8 MessageBoxW
0x4b44ac DestroyWindow
0x4b44b0 CharNextW
0x4b44b4 MsgWaitForMultipleObjects
0x4b44b8 LoadStringW
0x4b44bc ExitWindowsEx
0x4b44c0 DispatchMessageW
oleaut32.dll
0x4b44c8 SysAllocStringLen
0x4b44cc SafeArrayPtrOfIndex
0x4b44d0 VariantCopy
0x4b44d4 SafeArrayGetLBound
0x4b44d8 SafeArrayGetUBound
0x4b44dc VariantInit
0x4b44e0 VariantClear
0x4b44e4 SysFreeString
0x4b44e8 SysReAllocStringLen
0x4b44ec VariantChangeType
0x4b44f0 SafeArrayCreate
netapi32.dll
0x4b44f8 NetWkstaGetInfo
0x4b44fc NetApiBufferFree
advapi32.dll
0x4b4504 RegQueryValueExW
0x4b4508 AdjustTokenPrivileges
0x4b450c LookupPrivilegeValueW
0x4b4510 RegCloseKey
0x4b4514 OpenProcessToken
0x4b4518 RegOpenKeyExW
EAT(Export Address Table) Library
0x453abc TMethodImplementationIntercept
0x40d3dc __dbk_fcall_wrapper
0x4b063c dbkFCallWrapperAddr