ScreenShot
| Created | 2021.03.30 09:15 | Machine | s1_win7_x6401 |
| Filename | rt3ret3.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 14 detected (malicious, high confidence, Artemis, Injuke, FileRepMetagen, Undefined, CLOUD, Wacatac, score, confidence) | ||
| md5 | efa4b2e7d7016a1f80efff5840de3a18 | ||
| sha256 | 291c573996c647508544e8e21bd2764e6e4c834d53d6d2c8903a0001c783764b | ||
| ssdeep | 6144:NgsO6Xkm0RsQNCR/JG+z5nLGcKYp05dMgSsXMH7/wrtKHRAwrcKxN:7GRsQ6RLhLGO05dMgrXwTKtKxA5w | ||
| imphash | 787151c6bef6ee11d1d73736521d9ba7 | ||
| impfuzzy | 6:w8RG7g/qA/HCC1Dwz2BSzedr809GRJPaCuLxdFjMnSBdhKp4YeE:w86gfaCRwzkvZ8HRJObhSeE | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 14 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
| info | Queries for the computername |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x140006068 DlgDirListComboBoxW
0x140006070 LoadImageA
0x140006078 LoadBitmapA
0x140006080 GetWindow
0x140006088 GetUpdateRect
0x140006090 IsWindowVisible
GDI32.dll
0x140006000 CreateEllipticRgnIndirect
0x140006008 DrawEscape
0x140006010 CreateEllipticRgn
0x140006018 CreateCompatibleBitmap
0x140006020 CombineRgn
0x140006028 AbortPath
0x140006030 EndDoc
SHLWAPI.dll
0x140006040 StrToIntA
0x140006048 StrRChrA
0x140006050 StrCmpIW
0x140006058 StrPBrkA
EAT(Export Address Table) is none
USER32.dll
0x140006068 DlgDirListComboBoxW
0x140006070 LoadImageA
0x140006078 LoadBitmapA
0x140006080 GetWindow
0x140006088 GetUpdateRect
0x140006090 IsWindowVisible
GDI32.dll
0x140006000 CreateEllipticRgnIndirect
0x140006008 DrawEscape
0x140006010 CreateEllipticRgn
0x140006018 CreateCompatibleBitmap
0x140006020 CombineRgn
0x140006028 AbortPath
0x140006030 EndDoc
SHLWAPI.dll
0x140006040 StrToIntA
0x140006048 StrRChrA
0x140006050 StrCmpIW
0x140006058 StrPBrkA
EAT(Export Address Table) is none