ScreenShot
| Created | 2021.03.30 11:02 | Machine | s1_win7_x6401 |
| Filename | file.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 29 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, Attribute, HighConfidence, score, FileRepMetagen, R + Mal, GandCrypt, Static AI, Malicious PE, Glupteba, ZexaF, NqW@aKVOM2hG, ET#89%, RDMK, cmRtazpzbA+F+ywlbfDWS9h8iobu, UrSnif, susgen, confidence, 100%) | ||
| md5 | 8254c45e7966fc7b7982430653a7caa9 | ||
| sha256 | eccb488915dd33f90f2279fef36bc1967dea81417bfdfcc919a8b5804bf503ef | ||
| ssdeep | 12288:V5e1cDg1yrufApmbnPxCp+LFPEkgmJn5VQXUqzXTHVtTiCKRe:VQKuCmTJCg1Vd3QX7zXTHVdi3 | ||
| imphash | eda3d9c2270ed983c5462ed934ab1d52 | ||
| impfuzzy | 48:X9j5OYc+HKZPp40O7dcdx+cXtTI1KChZcFZFE:XyIox40+qx+cXtTI1HhZcfa | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Trojan_Win32_Glupteba_1_Zero | Trojan Win32 Glupteba | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsPacked | Entropy Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
| info | win_mutex | Create or check mutex | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x493008 lstrlenA
0x49300c CommConfigDialogA
0x493010 GetCPInfo
0x493014 GetQueuedCompletionStatus
0x493018 AddConsoleAliasW
0x49301c GetComputerNameW
0x493020 CallNamedPipeW
0x493024 GetModuleHandleW
0x493028 SetCommState
0x49302c SetProcessPriorityBoost
0x493030 GlobalAlloc
0x493034 _hread
0x493038 GetVersionExW
0x49303c HeapValidate
0x493040 GetBinaryTypeA
0x493044 ReadFile
0x493048 lstrcatA
0x49304c GetACP
0x493050 RaiseException
0x493054 GetNamedPipeHandleStateW
0x493058 GetLargestConsoleWindowSize
0x49305c GetLastError
0x493060 SetDefaultCommConfigA
0x493064 GetProcAddress
0x493068 VirtualAlloc
0x49306c BeginUpdateResourceW
0x493070 CopyFileA
0x493074 SetStdHandle
0x493078 EnterCriticalSection
0x49307c BuildCommDCBAndTimeoutsW
0x493080 SetConsoleOutputCP
0x493084 SetCommMask
0x493088 SetEnvironmentVariableA
0x49308c DebugSetProcessKillOnExit
0x493090 LoadLibraryExA
0x493094 CreateMutexA
0x493098 EnumDateFormatsW
0x49309c WriteConsoleOutputAttribute
0x4930a0 DuplicateHandle
0x4930a4 LocalSize
0x4930a8 DeleteFileW
0x4930ac TlsFree
0x4930b0 CloseHandle
0x4930b4 GetCurrentDirectoryW
0x4930b8 GetCommandLineW
0x4930bc WideCharToMultiByte
0x4930c0 InterlockedIncrement
0x4930c4 InterlockedDecrement
0x4930c8 InterlockedCompareExchange
0x4930cc InterlockedExchange
0x4930d0 MultiByteToWideChar
0x4930d4 Sleep
0x4930d8 InitializeCriticalSection
0x4930dc DeleteCriticalSection
0x4930e0 LeaveCriticalSection
0x4930e4 MoveFileA
0x4930e8 HeapFree
0x4930ec TerminateProcess
0x4930f0 GetCurrentProcess
0x4930f4 UnhandledExceptionFilter
0x4930f8 SetUnhandledExceptionFilter
0x4930fc IsDebuggerPresent
0x493100 HeapReAlloc
0x493104 HeapAlloc
0x493108 ExitProcess
0x49310c GetStartupInfoW
0x493110 RtlUnwind
0x493114 LCMapStringW
0x493118 LCMapStringA
0x49311c GetStringTypeW
0x493120 SetHandleCount
0x493124 GetStdHandle
0x493128 GetFileType
0x49312c GetStartupInfoA
0x493130 WriteFile
0x493134 GetConsoleCP
0x493138 GetConsoleMode
0x49313c HeapCreate
0x493140 VirtualFree
0x493144 TlsGetValue
0x493148 TlsAlloc
0x49314c TlsSetValue
0x493150 SetLastError
0x493154 GetCurrentThreadId
0x493158 GetModuleFileNameA
0x49315c LoadLibraryA
0x493160 InitializeCriticalSectionAndSpinCount
0x493164 GetModuleFileNameW
0x493168 FreeEnvironmentStringsW
0x49316c GetEnvironmentStringsW
0x493170 QueryPerformanceCounter
0x493174 GetTickCount
0x493178 GetCurrentProcessId
0x49317c GetSystemTimeAsFileTime
0x493180 GetStringTypeA
0x493184 HeapSize
0x493188 GetOEMCP
0x49318c IsValidCodePage
0x493190 GetUserDefaultLCID
0x493194 GetLocaleInfoA
0x493198 EnumSystemLocalesA
0x49319c IsValidLocale
0x4931a0 WriteConsoleA
0x4931a4 GetConsoleOutputCP
0x4931a8 WriteConsoleW
0x4931ac SetFilePointer
0x4931b0 GetLocaleInfoW
0x4931b4 FlushFileBuffers
0x4931b8 CreateFileA
USER32.dll
0x4931c0 GetAncestor
ADVAPI32.dll
0x493000 IsTextUnicode
EAT(Export Address Table) is none
KERNEL32.dll
0x493008 lstrlenA
0x49300c CommConfigDialogA
0x493010 GetCPInfo
0x493014 GetQueuedCompletionStatus
0x493018 AddConsoleAliasW
0x49301c GetComputerNameW
0x493020 CallNamedPipeW
0x493024 GetModuleHandleW
0x493028 SetCommState
0x49302c SetProcessPriorityBoost
0x493030 GlobalAlloc
0x493034 _hread
0x493038 GetVersionExW
0x49303c HeapValidate
0x493040 GetBinaryTypeA
0x493044 ReadFile
0x493048 lstrcatA
0x49304c GetACP
0x493050 RaiseException
0x493054 GetNamedPipeHandleStateW
0x493058 GetLargestConsoleWindowSize
0x49305c GetLastError
0x493060 SetDefaultCommConfigA
0x493064 GetProcAddress
0x493068 VirtualAlloc
0x49306c BeginUpdateResourceW
0x493070 CopyFileA
0x493074 SetStdHandle
0x493078 EnterCriticalSection
0x49307c BuildCommDCBAndTimeoutsW
0x493080 SetConsoleOutputCP
0x493084 SetCommMask
0x493088 SetEnvironmentVariableA
0x49308c DebugSetProcessKillOnExit
0x493090 LoadLibraryExA
0x493094 CreateMutexA
0x493098 EnumDateFormatsW
0x49309c WriteConsoleOutputAttribute
0x4930a0 DuplicateHandle
0x4930a4 LocalSize
0x4930a8 DeleteFileW
0x4930ac TlsFree
0x4930b0 CloseHandle
0x4930b4 GetCurrentDirectoryW
0x4930b8 GetCommandLineW
0x4930bc WideCharToMultiByte
0x4930c0 InterlockedIncrement
0x4930c4 InterlockedDecrement
0x4930c8 InterlockedCompareExchange
0x4930cc InterlockedExchange
0x4930d0 MultiByteToWideChar
0x4930d4 Sleep
0x4930d8 InitializeCriticalSection
0x4930dc DeleteCriticalSection
0x4930e0 LeaveCriticalSection
0x4930e4 MoveFileA
0x4930e8 HeapFree
0x4930ec TerminateProcess
0x4930f0 GetCurrentProcess
0x4930f4 UnhandledExceptionFilter
0x4930f8 SetUnhandledExceptionFilter
0x4930fc IsDebuggerPresent
0x493100 HeapReAlloc
0x493104 HeapAlloc
0x493108 ExitProcess
0x49310c GetStartupInfoW
0x493110 RtlUnwind
0x493114 LCMapStringW
0x493118 LCMapStringA
0x49311c GetStringTypeW
0x493120 SetHandleCount
0x493124 GetStdHandle
0x493128 GetFileType
0x49312c GetStartupInfoA
0x493130 WriteFile
0x493134 GetConsoleCP
0x493138 GetConsoleMode
0x49313c HeapCreate
0x493140 VirtualFree
0x493144 TlsGetValue
0x493148 TlsAlloc
0x49314c TlsSetValue
0x493150 SetLastError
0x493154 GetCurrentThreadId
0x493158 GetModuleFileNameA
0x49315c LoadLibraryA
0x493160 InitializeCriticalSectionAndSpinCount
0x493164 GetModuleFileNameW
0x493168 FreeEnvironmentStringsW
0x49316c GetEnvironmentStringsW
0x493170 QueryPerformanceCounter
0x493174 GetTickCount
0x493178 GetCurrentProcessId
0x49317c GetSystemTimeAsFileTime
0x493180 GetStringTypeA
0x493184 HeapSize
0x493188 GetOEMCP
0x49318c IsValidCodePage
0x493190 GetUserDefaultLCID
0x493194 GetLocaleInfoA
0x493198 EnumSystemLocalesA
0x49319c IsValidLocale
0x4931a0 WriteConsoleA
0x4931a4 GetConsoleOutputCP
0x4931a8 WriteConsoleW
0x4931ac SetFilePointer
0x4931b0 GetLocaleInfoW
0x4931b4 FlushFileBuffers
0x4931b8 CreateFileA
USER32.dll
0x4931c0 GetAncestor
ADVAPI32.dll
0x493000 IsTextUnicode
EAT(Export Address Table) is none