ScreenShot
| Created | 2021.03.23 18:04 | Machine | s1_win7_x6401 |
| Filename | regasm.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 26 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, ZexaF, lqW@am4TYsjG, Attribute, HighConfidence, FileRepMetagen, Vawtrak, Static AI, Suspicious PE, Wacatac, score, Glupteba, Bruteforce, GenKryptik, FDFQ, ET#89%, RDMK, cmRtazqAMuFOO7KvnPQgue5dO7EE, UrSnif, susgen, confidence, 100%, QVM10) | ||
| md5 | 0e4438e0bfcf156fa295606c644f1dc1 | ||
| sha256 | 65ddf9aab27a629c12e3547e41cae654ef6988a9b071cd75b47941d1f80f6c25 | ||
| ssdeep | 3072:omMrWNhmwEqIMr7Y9b0WcVCLXYFD76uFGhLFkEhRR0o:dMyiYIMre0yaCN/kEB7 | ||
| imphash | 324f7a23dd9ee2981a38a6a6d641842c | ||
| impfuzzy | 48:Ohb3pf6OusEOeJffzsuFCbdGfcjtc217f59cBZIdO:OhNfl/eBLsAC5Gfcjtp17R9crIA | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (10cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Trojan_Win32_Glupteba_1_Zero | Trojan Win32 Glupteba | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsPacked | Entropy Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
| info | win_mutex | Create or check mutex | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x416000 HeapCompact
0x416004 lstrlenA
0x416008 CopyFileExW
0x41600c GetDriveTypeW
0x416010 CommConfigDialogA
0x416014 BuildCommDCBAndTimeoutsA
0x416018 FreeLibrary
0x41601c CallNamedPipeA
0x416020 GetCommState
0x416024 GetNamedPipeHandleStateA
0x416028 AddConsoleAliasW
0x41602c GetComputerNameW
0x416030 CallNamedPipeW
0x416034 GetProcessPriorityBoost
0x416038 SetCommState
0x41603c InitializeCriticalSection
0x416040 GetPriorityClass
0x416044 ActivateActCtx
0x416048 GlobalAlloc
0x41604c LoadLibraryW
0x416050 _hread
0x416054 GetVersionExW
0x416058 SetConsoleMode
0x41605c GetBinaryTypeA
0x416060 ReadFile
0x416064 lstrcatA
0x416068 RaiseException
0x41606c CreateJobObjectA
0x416070 IsDBCSLeadByteEx
0x416074 GetCurrentDirectoryW
0x416078 SetLastError
0x41607c VirtualAlloc
0x416080 BeginUpdateResourceW
0x416084 CopyFileA
0x416088 GetConsoleDisplayMode
0x41608c IsSystemResumeAutomatic
0x416090 SetConsoleOutputCP
0x416094 PostQueuedCompletionStatus
0x416098 AddAtomA
0x41609c GetPrivateProfileStructA
0x4160a0 GetTapeParameters
0x4160a4 SetEnvironmentVariableA
0x4160a8 GetPrivateProfileSectionNamesA
0x4160ac GetOEMCP
0x4160b0 EnumDateFormatsA
0x4160b4 GetThreadPriority
0x4160b8 DebugSetProcessKillOnExit
0x4160bc CreateIoCompletionPort
0x4160c0 CreateMutexA
0x4160c4 VirtualProtect
0x4160c8 LocalSize
0x4160cc FlushFileBuffers
0x4160d0 WideCharToMultiByte
0x4160d4 InterlockedIncrement
0x4160d8 InterlockedDecrement
0x4160dc InterlockedCompareExchange
0x4160e0 InterlockedExchange
0x4160e4 MultiByteToWideChar
0x4160e8 Sleep
0x4160ec DeleteCriticalSection
0x4160f0 EnterCriticalSection
0x4160f4 LeaveCriticalSection
0x4160f8 UnhandledExceptionFilter
0x4160fc SetUnhandledExceptionFilter
0x416100 GetLastError
0x416104 HeapFree
0x416108 TerminateProcess
0x41610c GetCurrentProcess
0x416110 IsDebuggerPresent
0x416114 GetCommandLineA
0x416118 GetStartupInfoA
0x41611c GetCPInfo
0x416120 RtlUnwind
0x416124 LCMapStringW
0x416128 LCMapStringA
0x41612c GetStringTypeW
0x416130 GetModuleHandleW
0x416134 GetProcAddress
0x416138 ExitProcess
0x41613c WriteFile
0x416140 GetStdHandle
0x416144 GetModuleFileNameA
0x416148 SetStdHandle
0x41614c GetFileType
0x416150 GetConsoleCP
0x416154 GetConsoleMode
0x416158 HeapAlloc
0x41615c HeapCreate
0x416160 VirtualFree
0x416164 HeapReAlloc
0x416168 TlsGetValue
0x41616c TlsAlloc
0x416170 TlsSetValue
0x416174 TlsFree
0x416178 GetCurrentThreadId
0x41617c FreeEnvironmentStringsA
0x416180 GetEnvironmentStrings
0x416184 FreeEnvironmentStringsW
0x416188 GetEnvironmentStringsW
0x41618c SetHandleCount
0x416190 QueryPerformanceCounter
0x416194 GetTickCount
0x416198 GetCurrentProcessId
0x41619c GetSystemTimeAsFileTime
0x4161a0 GetStringTypeA
0x4161a4 HeapSize
0x4161a8 GetACP
0x4161ac IsValidCodePage
0x4161b0 GetUserDefaultLCID
0x4161b4 GetLocaleInfoA
0x4161b8 EnumSystemLocalesA
0x4161bc IsValidLocale
0x4161c0 LoadLibraryA
0x4161c4 InitializeCriticalSectionAndSpinCount
0x4161c8 WriteConsoleA
0x4161cc GetConsoleOutputCP
0x4161d0 WriteConsoleW
0x4161d4 SetFilePointer
0x4161d8 GetLocaleInfoW
0x4161dc CreateFileA
0x4161e0 CloseHandle
USER32.dll
0x4161e8 GetAncestor
EAT(Export Address Table) is none
KERNEL32.dll
0x416000 HeapCompact
0x416004 lstrlenA
0x416008 CopyFileExW
0x41600c GetDriveTypeW
0x416010 CommConfigDialogA
0x416014 BuildCommDCBAndTimeoutsA
0x416018 FreeLibrary
0x41601c CallNamedPipeA
0x416020 GetCommState
0x416024 GetNamedPipeHandleStateA
0x416028 AddConsoleAliasW
0x41602c GetComputerNameW
0x416030 CallNamedPipeW
0x416034 GetProcessPriorityBoost
0x416038 SetCommState
0x41603c InitializeCriticalSection
0x416040 GetPriorityClass
0x416044 ActivateActCtx
0x416048 GlobalAlloc
0x41604c LoadLibraryW
0x416050 _hread
0x416054 GetVersionExW
0x416058 SetConsoleMode
0x41605c GetBinaryTypeA
0x416060 ReadFile
0x416064 lstrcatA
0x416068 RaiseException
0x41606c CreateJobObjectA
0x416070 IsDBCSLeadByteEx
0x416074 GetCurrentDirectoryW
0x416078 SetLastError
0x41607c VirtualAlloc
0x416080 BeginUpdateResourceW
0x416084 CopyFileA
0x416088 GetConsoleDisplayMode
0x41608c IsSystemResumeAutomatic
0x416090 SetConsoleOutputCP
0x416094 PostQueuedCompletionStatus
0x416098 AddAtomA
0x41609c GetPrivateProfileStructA
0x4160a0 GetTapeParameters
0x4160a4 SetEnvironmentVariableA
0x4160a8 GetPrivateProfileSectionNamesA
0x4160ac GetOEMCP
0x4160b0 EnumDateFormatsA
0x4160b4 GetThreadPriority
0x4160b8 DebugSetProcessKillOnExit
0x4160bc CreateIoCompletionPort
0x4160c0 CreateMutexA
0x4160c4 VirtualProtect
0x4160c8 LocalSize
0x4160cc FlushFileBuffers
0x4160d0 WideCharToMultiByte
0x4160d4 InterlockedIncrement
0x4160d8 InterlockedDecrement
0x4160dc InterlockedCompareExchange
0x4160e0 InterlockedExchange
0x4160e4 MultiByteToWideChar
0x4160e8 Sleep
0x4160ec DeleteCriticalSection
0x4160f0 EnterCriticalSection
0x4160f4 LeaveCriticalSection
0x4160f8 UnhandledExceptionFilter
0x4160fc SetUnhandledExceptionFilter
0x416100 GetLastError
0x416104 HeapFree
0x416108 TerminateProcess
0x41610c GetCurrentProcess
0x416110 IsDebuggerPresent
0x416114 GetCommandLineA
0x416118 GetStartupInfoA
0x41611c GetCPInfo
0x416120 RtlUnwind
0x416124 LCMapStringW
0x416128 LCMapStringA
0x41612c GetStringTypeW
0x416130 GetModuleHandleW
0x416134 GetProcAddress
0x416138 ExitProcess
0x41613c WriteFile
0x416140 GetStdHandle
0x416144 GetModuleFileNameA
0x416148 SetStdHandle
0x41614c GetFileType
0x416150 GetConsoleCP
0x416154 GetConsoleMode
0x416158 HeapAlloc
0x41615c HeapCreate
0x416160 VirtualFree
0x416164 HeapReAlloc
0x416168 TlsGetValue
0x41616c TlsAlloc
0x416170 TlsSetValue
0x416174 TlsFree
0x416178 GetCurrentThreadId
0x41617c FreeEnvironmentStringsA
0x416180 GetEnvironmentStrings
0x416184 FreeEnvironmentStringsW
0x416188 GetEnvironmentStringsW
0x41618c SetHandleCount
0x416190 QueryPerformanceCounter
0x416194 GetTickCount
0x416198 GetCurrentProcessId
0x41619c GetSystemTimeAsFileTime
0x4161a0 GetStringTypeA
0x4161a4 HeapSize
0x4161a8 GetACP
0x4161ac IsValidCodePage
0x4161b0 GetUserDefaultLCID
0x4161b4 GetLocaleInfoA
0x4161b8 EnumSystemLocalesA
0x4161bc IsValidLocale
0x4161c0 LoadLibraryA
0x4161c4 InitializeCriticalSectionAndSpinCount
0x4161c8 WriteConsoleA
0x4161cc GetConsoleOutputCP
0x4161d0 WriteConsoleW
0x4161d4 SetFilePointer
0x4161d8 GetLocaleInfoW
0x4161dc CreateFileA
0x4161e0 CloseHandle
USER32.dll
0x4161e8 GetAncestor
EAT(Export Address Table) is none