ScreenShot
| Created | 2021.03.19 17:11 | Machine | s1_win7_x6401 |
| Filename | dubi.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 45 detected (AIDetect, malware1, malicious, high confidence, GenericKD, Unsafe, Save, Obfuscated, Kryptik, Eldorado, HKAD, Ulise, Chapak, InstaBot, ipuihd, PWSX, DownLoader37, UrSnif, Azorult, score, Glupteba, ZexaF, SqW@a4US54U, Stop, ai score=85, R002H06CI21, CLOUD, Static AI, Suspicious PE, PossibleThreat, PALLAS, confidence, 100%, HwoCBPsC) | ||
| md5 | c2f2834b216ef788b6c0568d0267223c | ||
| sha256 | b055016e0d82c57b58cd126f26b4b8f4dae1441f0019bdaa42452e815f128944 | ||
| ssdeep | 12288:AgzgR1xvd+wlVC4/YOJtn7DX+JL8gycwAwF7sGC9rrvnwHf8FgYT2b1px8WrE:AgzQzV+wzC7OJtnOL8gEAUBkm8ST7f | ||
| imphash | fadb03432906cb0b1086222508551a23 | ||
| impfuzzy | 48:vqSEpfjxJjHE8ZuFzlXTvm+cjtxvqr+O0c7Zum2XW:SSkfjnE8ZAzlXq+cjt5qr+bctuJXW | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (10cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Trojan_Win32_Glupteba_1_Zero | Trojan Win32 Glupteba | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsPacked | Entropy Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
| info | win_mutex | Create or check mutex | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x415008 SetDefaultCommConfigA
0x41500c HeapCompact
0x415010 SetPriorityClass
0x415014 lstrlenA
0x415018 GetDriveTypeW
0x41501c BuildCommDCBAndTimeoutsA
0x415020 FreeLibrary
0x415024 SystemTimeToTzSpecificLocalTime
0x415028 GetQueuedCompletionStatus
0x41502c SetEnvironmentVariableW
0x415030 CreateJobObjectW
0x415034 SetTapeParameters
0x415038 WriteFile
0x41503c SetProcessPriorityBoost
0x415040 TlsSetValue
0x415044 ActivateActCtx
0x415048 GlobalAlloc
0x41504c LoadLibraryW
0x415050 GetConsoleMode
0x415054 CopyFileW
0x415058 GetPrivateProfileStructW
0x41505c GetConsoleWindow
0x415060 GetVersionExW
0x415064 IsDBCSLeadByte
0x415068 lstrcatA
0x41506c GetBinaryTypeW
0x415070 RaiseException
0x415074 GetPrivateProfileSectionNamesW
0x415078 GetConsoleOutputCP
0x41507c GetCurrentDirectoryW
0x415080 SetLastError
0x415084 VirtualAlloc
0x415088 IsValidCodePage
0x41508c GetConsoleDisplayMode
0x415090 EnterCriticalSection
0x415094 _hwrite
0x415098 LoadLibraryA
0x41509c BeginUpdateResourceA
0x4150a0 PostQueuedCompletionStatus
0x4150a4 AddAtomA
0x4150a8 GetOEMCP
0x4150ac EnumDateFormatsA
0x4150b0 GetThreadPriority
0x4150b4 CreateIoCompletionPort
0x4150b8 GetCommTimeouts
0x4150bc DebugBreakProcess
0x4150c0 CreateMutexA
0x4150c4 VirtualProtect
0x4150c8 SetThreadAffinityMask
0x4150cc LocalSize
0x4150d0 CopyFileExA
0x4150d4 CommConfigDialogW
0x4150d8 GetNamedPipeHandleStateW
0x4150dc GetComputerNameA
0x4150e0 InterlockedIncrement
0x4150e4 InterlockedDecrement
0x4150e8 Sleep
0x4150ec InitializeCriticalSection
0x4150f0 DeleteCriticalSection
0x4150f4 LeaveCriticalSection
0x4150f8 UnhandledExceptionFilter
0x4150fc SetUnhandledExceptionFilter
0x415100 GetLastError
0x415104 HeapFree
0x415108 TerminateProcess
0x41510c GetCurrentProcess
0x415110 IsDebuggerPresent
0x415114 HeapReAlloc
0x415118 HeapAlloc
0x41511c GetCommandLineA
0x415120 GetStartupInfoA
0x415124 RtlUnwind
0x415128 LCMapStringA
0x41512c WideCharToMultiByte
0x415130 MultiByteToWideChar
0x415134 LCMapStringW
0x415138 GetCPInfo
0x41513c GetModuleHandleW
0x415140 GetProcAddress
0x415144 ExitProcess
0x415148 GetStdHandle
0x41514c GetModuleFileNameA
0x415150 HeapCreate
0x415154 VirtualFree
0x415158 TlsGetValue
0x41515c TlsAlloc
0x415160 TlsFree
0x415164 GetCurrentThreadId
0x415168 FreeEnvironmentStringsA
0x41516c GetEnvironmentStrings
0x415170 FreeEnvironmentStringsW
0x415174 GetEnvironmentStringsW
0x415178 SetHandleCount
0x41517c GetFileType
0x415180 QueryPerformanceCounter
0x415184 GetTickCount
0x415188 GetCurrentProcessId
0x41518c GetSystemTimeAsFileTime
0x415190 HeapSize
0x415194 GetACP
0x415198 GetUserDefaultLCID
0x41519c GetLocaleInfoA
0x4151a0 EnumSystemLocalesA
0x4151a4 IsValidLocale
0x4151a8 GetStringTypeA
0x4151ac GetStringTypeW
0x4151b0 InitializeCriticalSectionAndSpinCount
0x4151b4 GetLocaleInfoW
0x4151b8 GetConsoleCP
0x4151bc FlushFileBuffers
0x4151c0 SetFilePointer
0x4151c4 CloseHandle
0x4151c8 WriteConsoleA
0x4151cc WriteConsoleW
0x4151d0 SetStdHandle
0x4151d4 CreateFileA
USER32.dll
0x4151dc GetAncestor
ADVAPI32.dll
0x415000 SetThreadToken
EAT(Export Address Table) is none
KERNEL32.dll
0x415008 SetDefaultCommConfigA
0x41500c HeapCompact
0x415010 SetPriorityClass
0x415014 lstrlenA
0x415018 GetDriveTypeW
0x41501c BuildCommDCBAndTimeoutsA
0x415020 FreeLibrary
0x415024 SystemTimeToTzSpecificLocalTime
0x415028 GetQueuedCompletionStatus
0x41502c SetEnvironmentVariableW
0x415030 CreateJobObjectW
0x415034 SetTapeParameters
0x415038 WriteFile
0x41503c SetProcessPriorityBoost
0x415040 TlsSetValue
0x415044 ActivateActCtx
0x415048 GlobalAlloc
0x41504c LoadLibraryW
0x415050 GetConsoleMode
0x415054 CopyFileW
0x415058 GetPrivateProfileStructW
0x41505c GetConsoleWindow
0x415060 GetVersionExW
0x415064 IsDBCSLeadByte
0x415068 lstrcatA
0x41506c GetBinaryTypeW
0x415070 RaiseException
0x415074 GetPrivateProfileSectionNamesW
0x415078 GetConsoleOutputCP
0x41507c GetCurrentDirectoryW
0x415080 SetLastError
0x415084 VirtualAlloc
0x415088 IsValidCodePage
0x41508c GetConsoleDisplayMode
0x415090 EnterCriticalSection
0x415094 _hwrite
0x415098 LoadLibraryA
0x41509c BeginUpdateResourceA
0x4150a0 PostQueuedCompletionStatus
0x4150a4 AddAtomA
0x4150a8 GetOEMCP
0x4150ac EnumDateFormatsA
0x4150b0 GetThreadPriority
0x4150b4 CreateIoCompletionPort
0x4150b8 GetCommTimeouts
0x4150bc DebugBreakProcess
0x4150c0 CreateMutexA
0x4150c4 VirtualProtect
0x4150c8 SetThreadAffinityMask
0x4150cc LocalSize
0x4150d0 CopyFileExA
0x4150d4 CommConfigDialogW
0x4150d8 GetNamedPipeHandleStateW
0x4150dc GetComputerNameA
0x4150e0 InterlockedIncrement
0x4150e4 InterlockedDecrement
0x4150e8 Sleep
0x4150ec InitializeCriticalSection
0x4150f0 DeleteCriticalSection
0x4150f4 LeaveCriticalSection
0x4150f8 UnhandledExceptionFilter
0x4150fc SetUnhandledExceptionFilter
0x415100 GetLastError
0x415104 HeapFree
0x415108 TerminateProcess
0x41510c GetCurrentProcess
0x415110 IsDebuggerPresent
0x415114 HeapReAlloc
0x415118 HeapAlloc
0x41511c GetCommandLineA
0x415120 GetStartupInfoA
0x415124 RtlUnwind
0x415128 LCMapStringA
0x41512c WideCharToMultiByte
0x415130 MultiByteToWideChar
0x415134 LCMapStringW
0x415138 GetCPInfo
0x41513c GetModuleHandleW
0x415140 GetProcAddress
0x415144 ExitProcess
0x415148 GetStdHandle
0x41514c GetModuleFileNameA
0x415150 HeapCreate
0x415154 VirtualFree
0x415158 TlsGetValue
0x41515c TlsAlloc
0x415160 TlsFree
0x415164 GetCurrentThreadId
0x415168 FreeEnvironmentStringsA
0x41516c GetEnvironmentStrings
0x415170 FreeEnvironmentStringsW
0x415174 GetEnvironmentStringsW
0x415178 SetHandleCount
0x41517c GetFileType
0x415180 QueryPerformanceCounter
0x415184 GetTickCount
0x415188 GetCurrentProcessId
0x41518c GetSystemTimeAsFileTime
0x415190 HeapSize
0x415194 GetACP
0x415198 GetUserDefaultLCID
0x41519c GetLocaleInfoA
0x4151a0 EnumSystemLocalesA
0x4151a4 IsValidLocale
0x4151a8 GetStringTypeA
0x4151ac GetStringTypeW
0x4151b0 InitializeCriticalSectionAndSpinCount
0x4151b4 GetLocaleInfoW
0x4151b8 GetConsoleCP
0x4151bc FlushFileBuffers
0x4151c0 SetFilePointer
0x4151c4 CloseHandle
0x4151c8 WriteConsoleA
0x4151cc WriteConsoleW
0x4151d0 SetStdHandle
0x4151d4 CreateFileA
USER32.dll
0x4151dc GetAncestor
ADVAPI32.dll
0x415000 SetThreadToken
EAT(Export Address Table) is none