ScreenShot
| Created | 2022.01.24 11:10 | Machine | s1_win7_x6401 |
| Filename | 182_1642770496_605.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 48 detected (AIDetect, malware1, Zenpak, malicious, high confidence, DownLoader44, GenericKD, Unsafe, Save, Kryptik, Eldorado, HOBP, 0NA103AM22, Mikey, DropperX, StellarStealer, uqihw, Static AI, Malicious PE, S + Troj, Krypt, kcloud, DllCheck, 11WL534, score, SmokeLoader, R467211, CLOUD, ai score=80, GdSda, confidence, 100%, susgen) | ||
| md5 | a5e1bd071692b98eb33ce95509259e18 | ||
| sha256 | bab55804afef5da34492f5decf8cd52733055b4101e95bed62f3680c715e241d | ||
| ssdeep | 12288:z59I5NJxvn2jRME7FLOr4TMYz5+J44AXKJ7z5wtrZweVQ+/EtMPPs5pXMsE:l2Zn2jCE7lO0TMYz5+AUf5J+/EtAm | ||
| imphash | 475f7058e090be99fd15edb6d2e40c10 | ||
| impfuzzy | 96:h9o1V1FB2PBQGy0xX+NU1dQTA6ZfcmGBtcCw24cRg6C:bYB2PBQ7SOqQ9wg | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Dridex_Gene_Zero | Win32 Trojan Dridex Gene | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x401000 HeapLock
0x401004 CreateNamedPipeW
0x401008 TerminateThread
0x40100c DeactivateActCtx
0x401010 GetVersionExW
0x401014 GetConsoleCP
0x401018 GetConsoleAliasesLengthA
0x40101c GetDefaultCommConfigA
0x401020 FindFirstFileExW
0x401024 GetDriveTypeW
0x401028 FreeEnvironmentStringsW
0x40102c GetProcessPriorityBoost
0x401030 SetVolumeMountPointA
0x401034 SetCurrentDirectoryW
0x401038 GetLongPathNameA
0x40103c CopyFileW
0x401040 TlsGetValue
0x401044 LoadResource
0x401048 SetComputerNameExW
0x40104c SystemTimeToTzSpecificLocalTime
0x401050 FindAtomA
0x401054 ReleaseMutex
0x401058 CallNamedPipeW
0x40105c CreateMailslotW
0x401060 BuildCommDCBAndTimeoutsA
0x401064 VirtualProtect
0x401068 LoadLibraryA
0x40106c GlobalAlloc
0x401070 TryEnterCriticalSection
0x401074 TlsSetValue
0x401078 GetCommandLineA
0x40107c InterlockedDecrement
0x401080 GetCalendarInfoA
0x401084 DeleteFileA
0x401088 CreateActCtxW
0x40108c OutputDebugStringA
0x401090 GetSystemTimeAdjustment
0x401094 GetPriorityClass
0x401098 WritePrivateProfileStringW
0x40109c GetProcessHeaps
0x4010a0 GlobalUnWire
0x4010a4 GetProcessHeap
0x4010a8 GetStartupInfoW
0x4010ac GetDiskFreeSpaceExW
0x4010b0 GetCPInfoExW
0x4010b4 GetWindowsDirectoryW
0x4010b8 GetSystemWow64DirectoryW
0x4010bc GetLastError
0x4010c0 GetProfileStringA
0x4010c4 WriteProfileSectionA
0x4010c8 GetProfileStringW
0x4010cc GetConsoleCursorInfo
0x4010d0 SetLastError
0x4010d4 DeleteVolumeMountPointW
0x4010d8 DebugBreak
0x4010dc GetPrivateProfileSectionW
0x4010e0 lstrcmpA
0x4010e4 ReadFileScatter
0x4010e8 SetConsoleMode
0x4010ec GetSystemWindowsDirectoryA
0x4010f0 TerminateProcess
0x4010f4 GlobalFindAtomA
0x4010f8 FindCloseChangeNotification
0x4010fc SetMailslotInfo
0x401100 InterlockedExchange
0x401104 DefineDosDeviceA
0x401108 FindVolumeMountPointClose
0x40110c EndUpdateResourceW
0x401110 WriteConsoleA
0x401114 GetPrivateProfileSectionA
0x401118 WritePrivateProfileSectionA
0x40111c GetPrivateProfileStructA
0x401120 GetDriveTypeA
0x401124 GetFileAttributesExA
0x401128 FileTimeToLocalFileTime
0x40112c MoveFileA
0x401130 GetVolumePathNameW
0x401134 HeapUnlock
0x401138 lstrcmpW
0x40113c SetDefaultCommConfigA
0x401140 FindActCtxSectionGuid
0x401144 SetThreadContext
0x401148 MoveFileExA
0x40114c GlobalUnlock
0x401150 UnregisterWait
0x401154 BuildCommDCBA
0x401158 GlobalDeleteAtom
0x40115c OpenEventW
0x401160 TransmitCommChar
0x401164 WaitNamedPipeA
0x401168 GetPrivateProfileSectionNamesW
0x40116c FindResourceExW
0x401170 GetLocalTime
0x401174 SetLocalTime
0x401178 OpenSemaphoreA
0x40117c GetProcAddress
0x401180 CreateIoCompletionPort
0x401184 SetFileShortNameW
0x401188 lstrcpyW
0x40118c VerLanguageNameW
0x401190 GetThreadSelectorEntry
0x401194 SetSystemTime
0x401198 GetConsoleAliasW
0x40119c FlushConsoleInputBuffer
0x4011a0 AllocConsole
0x4011a4 GetAtomNameA
0x4011a8 WriteConsoleInputA
0x4011ac TransactNamedPipe
0x4011b0 GetCommState
0x4011b4 LockFile
0x4011b8 _lopen
0x4011bc ResetWriteWatch
0x4011c0 GetConsoleOutputCP
0x4011c4 GetModuleHandleA
0x4011c8 WriteConsoleOutputCharacterW
0x4011cc EnumDateFormatsW
0x4011d0 GetConsoleAliasExesLengthA
0x4011d4 HeapReAlloc
0x4011d8 GetCommMask
0x4011dc SetFilePointer
0x4011e0 FindClose
0x4011e4 PostQueuedCompletionStatus
0x4011e8 SetFileApisToANSI
0x4011ec CancelWaitableTimer
0x4011f0 GetCurrentProcess
0x4011f4 SetNamedPipeHandleState
0x4011f8 GetCompressedFileSizeA
0x4011fc FindNextVolumeMountPointW
0x401200 GetFullPathNameW
0x401204 WriteProfileStringW
0x401208 DeleteAtom
0x40120c GlobalAddAtomA
0x401210 AssignProcessToJobObject
0x401214 QueryDosDeviceW
0x401218 InitializeCriticalSection
0x40121c SetFirmwareEnvironmentVariableW
0x401220 GetBinaryTypeA
0x401224 InterlockedIncrement
0x401228 Sleep
0x40122c DeleteCriticalSection
0x401230 EnterCriticalSection
0x401234 LeaveCriticalSection
0x401238 RaiseException
0x40123c RtlUnwind
0x401240 UnhandledExceptionFilter
0x401244 SetUnhandledExceptionFilter
0x401248 IsDebuggerPresent
0x40124c GetModuleFileNameW
0x401250 GetStartupInfoA
0x401254 WideCharToMultiByte
0x401258 MultiByteToWideChar
0x40125c LCMapStringA
0x401260 LCMapStringW
0x401264 GetCPInfo
0x401268 HeapValidate
0x40126c IsBadReadPtr
0x401270 GetModuleHandleW
0x401274 TlsAlloc
0x401278 GetCurrentThreadId
0x40127c TlsFree
0x401280 GetStdHandle
0x401284 WriteFile
0x401288 WriteConsoleW
0x40128c GetFileType
0x401290 OutputDebugStringW
0x401294 ExitProcess
0x401298 LoadLibraryW
0x40129c GetModuleFileNameA
0x4012a0 SetHandleCount
0x4012a4 QueryPerformanceCounter
0x4012a8 GetTickCount
0x4012ac GetCurrentProcessId
0x4012b0 GetSystemTimeAsFileTime
0x4012b4 FreeEnvironmentStringsA
0x4012b8 GetEnvironmentStrings
0x4012bc GetEnvironmentStringsW
0x4012c0 HeapDestroy
0x4012c4 HeapCreate
0x4012c8 HeapFree
0x4012cc VirtualFree
0x4012d0 GetACP
0x4012d4 GetOEMCP
0x4012d8 IsValidCodePage
0x4012dc GetLocaleInfoA
0x4012e0 GetStringTypeA
0x4012e4 GetStringTypeW
0x4012e8 HeapAlloc
0x4012ec HeapSize
0x4012f0 VirtualAlloc
0x4012f4 IsValidLocale
0x4012f8 EnumSystemLocalesA
0x4012fc GetUserDefaultLCID
0x401300 FlushFileBuffers
0x401304 GetConsoleMode
0x401308 InitializeCriticalSectionAndSpinCount
0x40130c GetLocaleInfoW
0x401310 SetStdHandle
0x401314 CloseHandle
0x401318 CreateFileA
USER32.dll
0x401320 OemToCharW
EAT(Export Address Table) is none
KERNEL32.dll
0x401000 HeapLock
0x401004 CreateNamedPipeW
0x401008 TerminateThread
0x40100c DeactivateActCtx
0x401010 GetVersionExW
0x401014 GetConsoleCP
0x401018 GetConsoleAliasesLengthA
0x40101c GetDefaultCommConfigA
0x401020 FindFirstFileExW
0x401024 GetDriveTypeW
0x401028 FreeEnvironmentStringsW
0x40102c GetProcessPriorityBoost
0x401030 SetVolumeMountPointA
0x401034 SetCurrentDirectoryW
0x401038 GetLongPathNameA
0x40103c CopyFileW
0x401040 TlsGetValue
0x401044 LoadResource
0x401048 SetComputerNameExW
0x40104c SystemTimeToTzSpecificLocalTime
0x401050 FindAtomA
0x401054 ReleaseMutex
0x401058 CallNamedPipeW
0x40105c CreateMailslotW
0x401060 BuildCommDCBAndTimeoutsA
0x401064 VirtualProtect
0x401068 LoadLibraryA
0x40106c GlobalAlloc
0x401070 TryEnterCriticalSection
0x401074 TlsSetValue
0x401078 GetCommandLineA
0x40107c InterlockedDecrement
0x401080 GetCalendarInfoA
0x401084 DeleteFileA
0x401088 CreateActCtxW
0x40108c OutputDebugStringA
0x401090 GetSystemTimeAdjustment
0x401094 GetPriorityClass
0x401098 WritePrivateProfileStringW
0x40109c GetProcessHeaps
0x4010a0 GlobalUnWire
0x4010a4 GetProcessHeap
0x4010a8 GetStartupInfoW
0x4010ac GetDiskFreeSpaceExW
0x4010b0 GetCPInfoExW
0x4010b4 GetWindowsDirectoryW
0x4010b8 GetSystemWow64DirectoryW
0x4010bc GetLastError
0x4010c0 GetProfileStringA
0x4010c4 WriteProfileSectionA
0x4010c8 GetProfileStringW
0x4010cc GetConsoleCursorInfo
0x4010d0 SetLastError
0x4010d4 DeleteVolumeMountPointW
0x4010d8 DebugBreak
0x4010dc GetPrivateProfileSectionW
0x4010e0 lstrcmpA
0x4010e4 ReadFileScatter
0x4010e8 SetConsoleMode
0x4010ec GetSystemWindowsDirectoryA
0x4010f0 TerminateProcess
0x4010f4 GlobalFindAtomA
0x4010f8 FindCloseChangeNotification
0x4010fc SetMailslotInfo
0x401100 InterlockedExchange
0x401104 DefineDosDeviceA
0x401108 FindVolumeMountPointClose
0x40110c EndUpdateResourceW
0x401110 WriteConsoleA
0x401114 GetPrivateProfileSectionA
0x401118 WritePrivateProfileSectionA
0x40111c GetPrivateProfileStructA
0x401120 GetDriveTypeA
0x401124 GetFileAttributesExA
0x401128 FileTimeToLocalFileTime
0x40112c MoveFileA
0x401130 GetVolumePathNameW
0x401134 HeapUnlock
0x401138 lstrcmpW
0x40113c SetDefaultCommConfigA
0x401140 FindActCtxSectionGuid
0x401144 SetThreadContext
0x401148 MoveFileExA
0x40114c GlobalUnlock
0x401150 UnregisterWait
0x401154 BuildCommDCBA
0x401158 GlobalDeleteAtom
0x40115c OpenEventW
0x401160 TransmitCommChar
0x401164 WaitNamedPipeA
0x401168 GetPrivateProfileSectionNamesW
0x40116c FindResourceExW
0x401170 GetLocalTime
0x401174 SetLocalTime
0x401178 OpenSemaphoreA
0x40117c GetProcAddress
0x401180 CreateIoCompletionPort
0x401184 SetFileShortNameW
0x401188 lstrcpyW
0x40118c VerLanguageNameW
0x401190 GetThreadSelectorEntry
0x401194 SetSystemTime
0x401198 GetConsoleAliasW
0x40119c FlushConsoleInputBuffer
0x4011a0 AllocConsole
0x4011a4 GetAtomNameA
0x4011a8 WriteConsoleInputA
0x4011ac TransactNamedPipe
0x4011b0 GetCommState
0x4011b4 LockFile
0x4011b8 _lopen
0x4011bc ResetWriteWatch
0x4011c0 GetConsoleOutputCP
0x4011c4 GetModuleHandleA
0x4011c8 WriteConsoleOutputCharacterW
0x4011cc EnumDateFormatsW
0x4011d0 GetConsoleAliasExesLengthA
0x4011d4 HeapReAlloc
0x4011d8 GetCommMask
0x4011dc SetFilePointer
0x4011e0 FindClose
0x4011e4 PostQueuedCompletionStatus
0x4011e8 SetFileApisToANSI
0x4011ec CancelWaitableTimer
0x4011f0 GetCurrentProcess
0x4011f4 SetNamedPipeHandleState
0x4011f8 GetCompressedFileSizeA
0x4011fc FindNextVolumeMountPointW
0x401200 GetFullPathNameW
0x401204 WriteProfileStringW
0x401208 DeleteAtom
0x40120c GlobalAddAtomA
0x401210 AssignProcessToJobObject
0x401214 QueryDosDeviceW
0x401218 InitializeCriticalSection
0x40121c SetFirmwareEnvironmentVariableW
0x401220 GetBinaryTypeA
0x401224 InterlockedIncrement
0x401228 Sleep
0x40122c DeleteCriticalSection
0x401230 EnterCriticalSection
0x401234 LeaveCriticalSection
0x401238 RaiseException
0x40123c RtlUnwind
0x401240 UnhandledExceptionFilter
0x401244 SetUnhandledExceptionFilter
0x401248 IsDebuggerPresent
0x40124c GetModuleFileNameW
0x401250 GetStartupInfoA
0x401254 WideCharToMultiByte
0x401258 MultiByteToWideChar
0x40125c LCMapStringA
0x401260 LCMapStringW
0x401264 GetCPInfo
0x401268 HeapValidate
0x40126c IsBadReadPtr
0x401270 GetModuleHandleW
0x401274 TlsAlloc
0x401278 GetCurrentThreadId
0x40127c TlsFree
0x401280 GetStdHandle
0x401284 WriteFile
0x401288 WriteConsoleW
0x40128c GetFileType
0x401290 OutputDebugStringW
0x401294 ExitProcess
0x401298 LoadLibraryW
0x40129c GetModuleFileNameA
0x4012a0 SetHandleCount
0x4012a4 QueryPerformanceCounter
0x4012a8 GetTickCount
0x4012ac GetCurrentProcessId
0x4012b0 GetSystemTimeAsFileTime
0x4012b4 FreeEnvironmentStringsA
0x4012b8 GetEnvironmentStrings
0x4012bc GetEnvironmentStringsW
0x4012c0 HeapDestroy
0x4012c4 HeapCreate
0x4012c8 HeapFree
0x4012cc VirtualFree
0x4012d0 GetACP
0x4012d4 GetOEMCP
0x4012d8 IsValidCodePage
0x4012dc GetLocaleInfoA
0x4012e0 GetStringTypeA
0x4012e4 GetStringTypeW
0x4012e8 HeapAlloc
0x4012ec HeapSize
0x4012f0 VirtualAlloc
0x4012f4 IsValidLocale
0x4012f8 EnumSystemLocalesA
0x4012fc GetUserDefaultLCID
0x401300 FlushFileBuffers
0x401304 GetConsoleMode
0x401308 InitializeCriticalSectionAndSpinCount
0x40130c GetLocaleInfoW
0x401310 SetStdHandle
0x401314 CloseHandle
0x401318 CreateFileA
USER32.dll
0x401320 OemToCharW
EAT(Export Address Table) is none