ScreenShot
| Created | 2025.04.21 12:38 | Machine | s1_win7_x6401 |
| Filename | ReR.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 53 detected (Common, Crysan, Malicious, score, Ghanarava, GenericKD, Unsafe, A0fr, confidence, 100%, high confidence, Kryptik, swgtIFjZzO, lfogk, Detected, GrayWare, Wacapew, Malware@#8vjyf7d09bqx, Znyonm, ABTrojan, VNMR, Artemis, TrojanPSW, Rusty, AEZG, Gencirc, Gq3KUDISBxo, susgen, GenKryptik, HGGK) | ||
| md5 | f3b99592f40e424a2fb51e8f60b98077 | ||
| sha256 | aa63cf25cfc47e6a53dc1b286e425faa8775ac0311c47ca6c59d1950cfa03251 | ||
| ssdeep | 24576:862XyfQvJkX7gwS264/8i3a/Hc2VQsNVrlgKueni:862XJvJkX7gwW4/Rb2+shXdn | ||
| imphash | 184e98d1d9ae7bd5be8a15e7dcad9e4c | ||
| impfuzzy | 48:8fpcmG+JGfwAkoqtTbfItMlmf9/4nenb1XHK:8fpcmG+JGnRqtnQtimfqnSb1XHK | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1400d54f8 DeleteCriticalSection
0x1400d5500 EnterCriticalSection
0x1400d5508 InitializeCriticalSection
0x1400d5510 LeaveCriticalSection
0x1400d5518 RaiseException
0x1400d5520 RtlUnwindEx
0x1400d5528 VirtualQuery
0x1400d5530 __C_specific_handler
msvcrt.dll
0x1400d5540 __getmainargs
0x1400d5548 __initenv
0x1400d5550 __iob_func
0x1400d5558 __set_app_type
0x1400d5560 __setusermatherr
0x1400d5568 _amsg_exit
0x1400d5570 _cexit
0x1400d5578 _commode
0x1400d5580 _fmode
0x1400d5588 _fpreset
0x1400d5590 _initterm
0x1400d5598 abort
0x1400d55a0 atexit
0x1400d55a8 calloc
0x1400d55b0 exit
0x1400d55b8 fprintf
0x1400d55c0 free
0x1400d55c8 fwrite
0x1400d55d0 malloc
0x1400d55d8 memcmp
0x1400d55e0 memcpy
0x1400d55e8 memmove
0x1400d55f0 memset
0x1400d55f8 signal
0x1400d5600 strlen
0x1400d5608 strncmp
0x1400d5610 vfprintf
ntdll.dll
0x1400d5620 NtReadFile
0x1400d5628 NtWriteFile
0x1400d5630 RtlCaptureContext
0x1400d5638 RtlLookupFunctionEntry
0x1400d5640 RtlNtStatusToDosError
0x1400d5648 RtlVirtualUnwind
advapi32.dll
0x1400d5658 GetTokenInformation
0x1400d5660 OpenProcessToken
0x1400d5668 SystemFunction036
crypt.dll
0x1400d5678 BCryptGenRandom
kernel32.dll
0x1400d5688 AddVectoredExceptionHandler
0x1400d5690 CancelIo
0x1400d5698 CloseHandle
0x1400d56a0 CompareStringOrdinal
0x1400d56a8 CreateEventW
0x1400d56b0 CreateFileMappingA
0x1400d56b8 CreateFileW
0x1400d56c0 CreateMutexA
0x1400d56c8 CreateNamedPipeW
0x1400d56d0 CreateProcessW
0x1400d56d8 CreateThread
0x1400d56e0 CreateTimerQueue
0x1400d56e8 CreateToolhelp32Snapshot
0x1400d56f0 DeleteProcThreadAttributeList
0x1400d56f8 DeleteTimerQueue
0x1400d5700 DuplicateHandle
0x1400d5708 ExitProcess
0x1400d5710 FindClose
0x1400d5718 FindFirstFileExW
0x1400d5720 FormatMessageW
0x1400d5728 FreeEnvironmentStringsW
0x1400d5730 GetCommandLineW
0x1400d5738 GetConsoleMode
0x1400d5740 GetCurrentDirectoryW
0x1400d5748 GetCurrentProcess
0x1400d5750 GetCurrentProcessId
0x1400d5758 GetCurrentThread
0x1400d5760 GetEnvironmentStringsW
0x1400d5768 GetEnvironmentVariableW
0x1400d5770 GetExitCodeProcess
0x1400d5778 GetFileAttributesW
0x1400d5780 GetFileInformationByHandle
0x1400d5788 GetFileInformationByHandleEx
0x1400d5790 GetFullPathNameW
0x1400d5798 GetLastError
0x1400d57a0 GetModuleFileNameW
0x1400d57a8 GetModuleHandleA
0x1400d57b0 GetModuleHandleExW
0x1400d57b8 GetModuleHandleW
0x1400d57c0 GetOverlappedResult
0x1400d57c8 GetProcAddress
0x1400d57d0 GetProcessHeap
0x1400d57d8 GetStdHandle
0x1400d57e0 GetSystemDirectoryW
0x1400d57e8 GetWindowsDirectoryW
0x1400d57f0 HeapAlloc
0x1400d57f8 HeapCreate
0x1400d5800 HeapFree
0x1400d5808 HeapReAlloc
0x1400d5810 InitOnceBeginInitialize
0x1400d5818 InitOnceComplete
0x1400d5820 InitializeProcThreadAttributeList
0x1400d5828 LoadLibraryA
0x1400d5830 MapViewOfFile
0x1400d5838 Module32FirstW
0x1400d5840 Module32NextW
0x1400d5848 MultiByteToWideChar
0x1400d5850 Process32FirstW
0x1400d5858 Process32NextW
0x1400d5860 ReadFile
0x1400d5868 ReadFileEx
0x1400d5870 SetEvent
0x1400d5878 SetFileInformationByHandle
0x1400d5880 SetLastError
0x1400d5888 SetThreadStackGuarantee
0x1400d5890 SetUnhandledExceptionFilter
0x1400d5898 Sleep
0x1400d58a0 SleepEx
0x1400d58a8 TlsAlloc
0x1400d58b0 TlsFree
0x1400d58b8 TlsGetValue
0x1400d58c0 TlsSetValue
0x1400d58c8 UnmapViewOfFile
0x1400d58d0 UpdateProcThreadAttribute
0x1400d58d8 VirtualProtect
0x1400d58e0 WaitForMultipleObjects
0x1400d58e8 WaitForSingleObject
0x1400d58f0 WriteConsoleW
0x1400d58f8 WriteFileEx
api-ms-win-core-synch-l1-2-0.dll
0x1400d5908 WaitOnAddress
0x1400d5910 WakeByAddressAll
0x1400d5918 WakeByAddressSingle
cryptprimitives.dll
0x1400d5928 ProcessPrng
EAT(Export Address Table) is none
KERNEL32.dll
0x1400d54f8 DeleteCriticalSection
0x1400d5500 EnterCriticalSection
0x1400d5508 InitializeCriticalSection
0x1400d5510 LeaveCriticalSection
0x1400d5518 RaiseException
0x1400d5520 RtlUnwindEx
0x1400d5528 VirtualQuery
0x1400d5530 __C_specific_handler
msvcrt.dll
0x1400d5540 __getmainargs
0x1400d5548 __initenv
0x1400d5550 __iob_func
0x1400d5558 __set_app_type
0x1400d5560 __setusermatherr
0x1400d5568 _amsg_exit
0x1400d5570 _cexit
0x1400d5578 _commode
0x1400d5580 _fmode
0x1400d5588 _fpreset
0x1400d5590 _initterm
0x1400d5598 abort
0x1400d55a0 atexit
0x1400d55a8 calloc
0x1400d55b0 exit
0x1400d55b8 fprintf
0x1400d55c0 free
0x1400d55c8 fwrite
0x1400d55d0 malloc
0x1400d55d8 memcmp
0x1400d55e0 memcpy
0x1400d55e8 memmove
0x1400d55f0 memset
0x1400d55f8 signal
0x1400d5600 strlen
0x1400d5608 strncmp
0x1400d5610 vfprintf
ntdll.dll
0x1400d5620 NtReadFile
0x1400d5628 NtWriteFile
0x1400d5630 RtlCaptureContext
0x1400d5638 RtlLookupFunctionEntry
0x1400d5640 RtlNtStatusToDosError
0x1400d5648 RtlVirtualUnwind
advapi32.dll
0x1400d5658 GetTokenInformation
0x1400d5660 OpenProcessToken
0x1400d5668 SystemFunction036
crypt.dll
0x1400d5678 BCryptGenRandom
kernel32.dll
0x1400d5688 AddVectoredExceptionHandler
0x1400d5690 CancelIo
0x1400d5698 CloseHandle
0x1400d56a0 CompareStringOrdinal
0x1400d56a8 CreateEventW
0x1400d56b0 CreateFileMappingA
0x1400d56b8 CreateFileW
0x1400d56c0 CreateMutexA
0x1400d56c8 CreateNamedPipeW
0x1400d56d0 CreateProcessW
0x1400d56d8 CreateThread
0x1400d56e0 CreateTimerQueue
0x1400d56e8 CreateToolhelp32Snapshot
0x1400d56f0 DeleteProcThreadAttributeList
0x1400d56f8 DeleteTimerQueue
0x1400d5700 DuplicateHandle
0x1400d5708 ExitProcess
0x1400d5710 FindClose
0x1400d5718 FindFirstFileExW
0x1400d5720 FormatMessageW
0x1400d5728 FreeEnvironmentStringsW
0x1400d5730 GetCommandLineW
0x1400d5738 GetConsoleMode
0x1400d5740 GetCurrentDirectoryW
0x1400d5748 GetCurrentProcess
0x1400d5750 GetCurrentProcessId
0x1400d5758 GetCurrentThread
0x1400d5760 GetEnvironmentStringsW
0x1400d5768 GetEnvironmentVariableW
0x1400d5770 GetExitCodeProcess
0x1400d5778 GetFileAttributesW
0x1400d5780 GetFileInformationByHandle
0x1400d5788 GetFileInformationByHandleEx
0x1400d5790 GetFullPathNameW
0x1400d5798 GetLastError
0x1400d57a0 GetModuleFileNameW
0x1400d57a8 GetModuleHandleA
0x1400d57b0 GetModuleHandleExW
0x1400d57b8 GetModuleHandleW
0x1400d57c0 GetOverlappedResult
0x1400d57c8 GetProcAddress
0x1400d57d0 GetProcessHeap
0x1400d57d8 GetStdHandle
0x1400d57e0 GetSystemDirectoryW
0x1400d57e8 GetWindowsDirectoryW
0x1400d57f0 HeapAlloc
0x1400d57f8 HeapCreate
0x1400d5800 HeapFree
0x1400d5808 HeapReAlloc
0x1400d5810 InitOnceBeginInitialize
0x1400d5818 InitOnceComplete
0x1400d5820 InitializeProcThreadAttributeList
0x1400d5828 LoadLibraryA
0x1400d5830 MapViewOfFile
0x1400d5838 Module32FirstW
0x1400d5840 Module32NextW
0x1400d5848 MultiByteToWideChar
0x1400d5850 Process32FirstW
0x1400d5858 Process32NextW
0x1400d5860 ReadFile
0x1400d5868 ReadFileEx
0x1400d5870 SetEvent
0x1400d5878 SetFileInformationByHandle
0x1400d5880 SetLastError
0x1400d5888 SetThreadStackGuarantee
0x1400d5890 SetUnhandledExceptionFilter
0x1400d5898 Sleep
0x1400d58a0 SleepEx
0x1400d58a8 TlsAlloc
0x1400d58b0 TlsFree
0x1400d58b8 TlsGetValue
0x1400d58c0 TlsSetValue
0x1400d58c8 UnmapViewOfFile
0x1400d58d0 UpdateProcThreadAttribute
0x1400d58d8 VirtualProtect
0x1400d58e0 WaitForMultipleObjects
0x1400d58e8 WaitForSingleObject
0x1400d58f0 WriteConsoleW
0x1400d58f8 WriteFileEx
api-ms-win-core-synch-l1-2-0.dll
0x1400d5908 WaitOnAddress
0x1400d5910 WakeByAddressAll
0x1400d5918 WakeByAddressSingle
cryptprimitives.dll
0x1400d5928 ProcessPrng
EAT(Export Address Table) is none