ScreenShot
| Created | 2021.03.22 09:14 | Machine | s1_win7_x6401 |
| Filename | ss.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 33 detected (GenKryptik, malicious, confidence, FDCN, score, GenericKD, CrypterX, Siggen12, Krypt, fecwv, kcloud, Kryptik, Cobaltstrike, ai score=80, CLOUD, HgEASRIA) | ||
| md5 | 91ee2afefdf066eae3aead061a8075ed | ||
| sha256 | 4435942b9f09846a337474f396fd0a885f41742f05899dcc1a12b6b44a31126b | ||
| ssdeep | 12288:2GjMVZYw0CREHRVULpO7uagohcOQkfoLTqcekccO:2GjMnYw0wEHRVULcaNohcBsSa | ||
| imphash | 0ddf27d2187b127be390094aeea1bdaa | ||
| impfuzzy | 48:L/KA/XSv09sjKS5zGSY+nB6UyCEBzBuc+U8tMSa7BggJnkZq:zN4sQc+U8tMSa7BggJkq | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 33 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x1400ba268 GetMessageW
0x1400ba270 DefWindowProcW
0x1400ba278 DestroyWindow
0x1400ba280 CreateWindowExW
0x1400ba288 EndDialog
0x1400ba290 RegisterClassExW
0x1400ba298 LoadAcceleratorsW
0x1400ba2a0 LoadStringW
0x1400ba2a8 ShowWindow
0x1400ba2b0 EndPaint
0x1400ba2b8 TranslateAcceleratorW
0x1400ba2c0 TranslateMessage
0x1400ba2c8 LoadIconW
0x1400ba2d0 LoadCursorW
0x1400ba2d8 PostQuitMessage
0x1400ba2e0 DialogBoxParamW
0x1400ba2e8 UpdateWindow
0x1400ba2f0 BeginPaint
0x1400ba2f8 DispatchMessageW
KERNEL32.dll
0x1400ba000 GetCurrentThreadId
0x1400ba008 WriteConsoleW
0x1400ba010 CreateFileW
0x1400ba018 HeapSize
0x1400ba020 GetProcessHeap
0x1400ba028 SetStdHandle
0x1400ba030 FreeEnvironmentStringsW
0x1400ba038 GetEnvironmentStringsW
0x1400ba040 GetCommandLineW
0x1400ba048 GetCommandLineA
0x1400ba050 GetOEMCP
0x1400ba058 GetACP
0x1400ba060 IsValidCodePage
0x1400ba068 FindNextFileW
0x1400ba070 FindFirstFileExW
0x1400ba078 FindClose
0x1400ba080 HeapReAlloc
0x1400ba088 WideCharToMultiByte
0x1400ba090 EnterCriticalSection
0x1400ba098 LeaveCriticalSection
0x1400ba0a0 DeleteCriticalSection
0x1400ba0a8 EncodePointer
0x1400ba0b0 DecodePointer
0x1400ba0b8 MultiByteToWideChar
0x1400ba0c0 SetLastError
0x1400ba0c8 InitializeCriticalSectionAndSpinCount
0x1400ba0d0 TlsAlloc
0x1400ba0d8 TlsGetValue
0x1400ba0e0 TlsSetValue
0x1400ba0e8 TlsFree
0x1400ba0f0 GetSystemTimeAsFileTime
0x1400ba0f8 GetModuleHandleW
0x1400ba100 GetProcAddress
0x1400ba108 LCMapStringW
0x1400ba110 GetLocaleInfoW
0x1400ba118 GetStringTypeW
0x1400ba120 GetCPInfo
0x1400ba128 RtlCaptureContext
0x1400ba130 RtlLookupFunctionEntry
0x1400ba138 RtlVirtualUnwind
0x1400ba140 UnhandledExceptionFilter
0x1400ba148 SetUnhandledExceptionFilter
0x1400ba150 GetCurrentProcess
0x1400ba158 TerminateProcess
0x1400ba160 IsProcessorFeaturePresent
0x1400ba168 QueryPerformanceCounter
0x1400ba170 GetCurrentProcessId
0x1400ba178 RtlUnwind
0x1400ba180 InitializeSListHead
0x1400ba188 IsDebuggerPresent
0x1400ba190 GetStartupInfoW
0x1400ba198 RtlUnwindEx
0x1400ba1a0 RtlPcToFileHeader
0x1400ba1a8 RaiseException
0x1400ba1b0 GetLastError
0x1400ba1b8 FreeLibrary
0x1400ba1c0 LoadLibraryExW
0x1400ba1c8 GetStdHandle
0x1400ba1d0 WriteFile
0x1400ba1d8 GetModuleFileNameW
0x1400ba1e0 ExitProcess
0x1400ba1e8 GetModuleHandleExW
0x1400ba1f0 HeapAlloc
0x1400ba1f8 HeapFree
0x1400ba200 GetFileType
0x1400ba208 IsValidLocale
0x1400ba210 GetUserDefaultLCID
0x1400ba218 EnumSystemLocalesW
0x1400ba220 CloseHandle
0x1400ba228 FlushFileBuffers
0x1400ba230 GetConsoleCP
0x1400ba238 GetConsoleMode
0x1400ba240 ReadFile
0x1400ba248 GetFileSizeEx
0x1400ba250 SetFilePointerEx
0x1400ba258 ReadConsoleW
EAT(Export Address Table) is none
USER32.dll
0x1400ba268 GetMessageW
0x1400ba270 DefWindowProcW
0x1400ba278 DestroyWindow
0x1400ba280 CreateWindowExW
0x1400ba288 EndDialog
0x1400ba290 RegisterClassExW
0x1400ba298 LoadAcceleratorsW
0x1400ba2a0 LoadStringW
0x1400ba2a8 ShowWindow
0x1400ba2b0 EndPaint
0x1400ba2b8 TranslateAcceleratorW
0x1400ba2c0 TranslateMessage
0x1400ba2c8 LoadIconW
0x1400ba2d0 LoadCursorW
0x1400ba2d8 PostQuitMessage
0x1400ba2e0 DialogBoxParamW
0x1400ba2e8 UpdateWindow
0x1400ba2f0 BeginPaint
0x1400ba2f8 DispatchMessageW
KERNEL32.dll
0x1400ba000 GetCurrentThreadId
0x1400ba008 WriteConsoleW
0x1400ba010 CreateFileW
0x1400ba018 HeapSize
0x1400ba020 GetProcessHeap
0x1400ba028 SetStdHandle
0x1400ba030 FreeEnvironmentStringsW
0x1400ba038 GetEnvironmentStringsW
0x1400ba040 GetCommandLineW
0x1400ba048 GetCommandLineA
0x1400ba050 GetOEMCP
0x1400ba058 GetACP
0x1400ba060 IsValidCodePage
0x1400ba068 FindNextFileW
0x1400ba070 FindFirstFileExW
0x1400ba078 FindClose
0x1400ba080 HeapReAlloc
0x1400ba088 WideCharToMultiByte
0x1400ba090 EnterCriticalSection
0x1400ba098 LeaveCriticalSection
0x1400ba0a0 DeleteCriticalSection
0x1400ba0a8 EncodePointer
0x1400ba0b0 DecodePointer
0x1400ba0b8 MultiByteToWideChar
0x1400ba0c0 SetLastError
0x1400ba0c8 InitializeCriticalSectionAndSpinCount
0x1400ba0d0 TlsAlloc
0x1400ba0d8 TlsGetValue
0x1400ba0e0 TlsSetValue
0x1400ba0e8 TlsFree
0x1400ba0f0 GetSystemTimeAsFileTime
0x1400ba0f8 GetModuleHandleW
0x1400ba100 GetProcAddress
0x1400ba108 LCMapStringW
0x1400ba110 GetLocaleInfoW
0x1400ba118 GetStringTypeW
0x1400ba120 GetCPInfo
0x1400ba128 RtlCaptureContext
0x1400ba130 RtlLookupFunctionEntry
0x1400ba138 RtlVirtualUnwind
0x1400ba140 UnhandledExceptionFilter
0x1400ba148 SetUnhandledExceptionFilter
0x1400ba150 GetCurrentProcess
0x1400ba158 TerminateProcess
0x1400ba160 IsProcessorFeaturePresent
0x1400ba168 QueryPerformanceCounter
0x1400ba170 GetCurrentProcessId
0x1400ba178 RtlUnwind
0x1400ba180 InitializeSListHead
0x1400ba188 IsDebuggerPresent
0x1400ba190 GetStartupInfoW
0x1400ba198 RtlUnwindEx
0x1400ba1a0 RtlPcToFileHeader
0x1400ba1a8 RaiseException
0x1400ba1b0 GetLastError
0x1400ba1b8 FreeLibrary
0x1400ba1c0 LoadLibraryExW
0x1400ba1c8 GetStdHandle
0x1400ba1d0 WriteFile
0x1400ba1d8 GetModuleFileNameW
0x1400ba1e0 ExitProcess
0x1400ba1e8 GetModuleHandleExW
0x1400ba1f0 HeapAlloc
0x1400ba1f8 HeapFree
0x1400ba200 GetFileType
0x1400ba208 IsValidLocale
0x1400ba210 GetUserDefaultLCID
0x1400ba218 EnumSystemLocalesW
0x1400ba220 CloseHandle
0x1400ba228 FlushFileBuffers
0x1400ba230 GetConsoleCP
0x1400ba238 GetConsoleMode
0x1400ba240 ReadFile
0x1400ba248 GetFileSizeEx
0x1400ba250 SetFilePointerEx
0x1400ba258 ReadConsoleW
EAT(Export Address Table) is none