ScreenShot
| Created | 2021.04.01 11:27 | Machine | s1_win7_x6402 |
| Filename | proxye.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 20 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, confidence, ZexaF, uqW@aCln@XhG, Attribute, HighConfidence, UrSnif, Glupteba, score, ET#85%, RDMK, cmRtazobLxMyulavf98V0FbXc9Mx, Static AI, Malicious PE, QVM10) | ||
| md5 | 5ef2edbe6f861900be718fede096087b | ||
| sha256 | 7240afed7789db0937295e22d2d6edbaf01c50612822ed7b247ac10cb032e025 | ||
| ssdeep | 6144:BilfpNLmmca2gStQxrqmEjwXXbZKmcZuBiQzk9W+8NNb8yPuyYY:cfpNymca2oxWmpHbImSuBYifIyPu | ||
| imphash | d4140c6a2f14379bc2c9ea2aac7824cd | ||
| impfuzzy | 48:tXyZO+jOF7DIVjzucpnuSO1Dzrpdx+cXsIMZz7h02cBZFE:tXyw+yCPvnuSizrzx+cXsIMZXhFcra | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 20 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Trojan_Win32_Glupteba_1_Zero | Trojan Win32 Glupteba | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | IsPacked | Entropy Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
| info | win_mutex | Create or check mutex | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x419008 SetThreadContext
0x41900c OpenFile
0x419010 lstrlenA
0x419014 SetLocalTime
0x419018 GetCPInfo
0x41901c SetWaitableTimer
0x419020 SetUnhandledExceptionFilter
0x419024 LoadLibraryExW
0x419028 GetCommState
0x41902c ReadConsoleOutputAttribute
0x419030 CreateJobObjectW
0x419034 GetNamedPipeHandleStateA
0x419038 GetComputerNameW
0x41903c CallNamedPipeW
0x419040 GetProcessPriorityBoost
0x419044 GetModuleHandleW
0x419048 FindNextVolumeMountPointA
0x41904c WriteFile
0x419050 SetProcessPriorityBoost
0x419054 _hread
0x419058 GetVersionExW
0x41905c HeapValidate
0x419060 GetBinaryTypeA
0x419064 GetPrivateProfileIntW
0x419068 SetCurrentDirectoryA
0x41906c GetStdHandle
0x419070 GetHandleInformation
0x419074 GetLastError
0x419078 SetDefaultCommConfigA
0x41907c GetProcAddress
0x419080 BeginUpdateResourceW
0x419084 SetVolumeLabelW
0x419088 GetConsoleDisplayMode
0x41908c EnterCriticalSection
0x419090 GetLocalTime
0x419094 OpenMutexA
0x419098 LocalAlloc
0x41909c BuildCommDCBAndTimeoutsW
0x4190a0 GetCommMask
0x4190a4 AddAtomA
0x4190a8 WaitForMultipleObjects
0x4190ac SetSystemTime
0x4190b0 SetEnvironmentVariableA
0x4190b4 GetOEMCP
0x4190b8 CreateIoCompletionPort
0x4190bc DebugBreakProcess
0x4190c0 CreateMutexA
0x4190c4 VirtualProtect
0x4190c8 EnumDateFormatsW
0x4190cc LocalSize
0x4190d0 DeleteFileW
0x4190d4 TlsFree
0x4190d8 GetProfileSectionW
0x4190dc CommConfigDialogW
0x4190e0 lstrcpyA
0x4190e4 CloseHandle
0x4190e8 GetCurrentDirectoryW
0x4190ec GetSystemDefaultLangID
0x4190f0 WideCharToMultiByte
0x4190f4 InterlockedIncrement
0x4190f8 InterlockedDecrement
0x4190fc InterlockedCompareExchange
0x419100 InterlockedExchange
0x419104 MultiByteToWideChar
0x419108 Sleep
0x41910c InitializeCriticalSection
0x419110 DeleteCriticalSection
0x419114 LeaveCriticalSection
0x419118 MoveFileA
0x41911c HeapFree
0x419120 TerminateProcess
0x419124 GetCurrentProcess
0x419128 UnhandledExceptionFilter
0x41912c IsDebuggerPresent
0x419130 ExitProcess
0x419134 GetStartupInfoW
0x419138 RtlUnwind
0x41913c RaiseException
0x419140 LCMapStringW
0x419144 LCMapStringA
0x419148 GetStringTypeW
0x41914c SetHandleCount
0x419150 GetFileType
0x419154 GetStartupInfoA
0x419158 SetStdHandle
0x41915c GetConsoleCP
0x419160 GetConsoleMode
0x419164 HeapAlloc
0x419168 HeapCreate
0x41916c VirtualFree
0x419170 VirtualAlloc
0x419174 HeapReAlloc
0x419178 TlsGetValue
0x41917c TlsAlloc
0x419180 TlsSetValue
0x419184 SetLastError
0x419188 GetCurrentThreadId
0x41918c GetModuleFileNameA
0x419190 LoadLibraryA
0x419194 InitializeCriticalSectionAndSpinCount
0x419198 GetModuleFileNameW
0x41919c FreeEnvironmentStringsW
0x4191a0 GetEnvironmentStringsW
0x4191a4 GetCommandLineW
0x4191a8 QueryPerformanceCounter
0x4191ac GetTickCount
0x4191b0 GetCurrentProcessId
0x4191b4 GetSystemTimeAsFileTime
0x4191b8 GetStringTypeA
0x4191bc HeapSize
0x4191c0 GetACP
0x4191c4 IsValidCodePage
0x4191c8 GetUserDefaultLCID
0x4191cc GetLocaleInfoA
0x4191d0 EnumSystemLocalesA
0x4191d4 IsValidLocale
0x4191d8 WriteConsoleA
0x4191dc GetConsoleOutputCP
0x4191e0 WriteConsoleW
0x4191e4 SetFilePointer
0x4191e8 GetLocaleInfoW
0x4191ec FlushFileBuffers
0x4191f0 ReadFile
0x4191f4 CreateFileA
USER32.dll
0x4191fc GetAncestor
ADVAPI32.dll
0x419000 IsTextUnicode
EAT(Export Address Table) is none
KERNEL32.dll
0x419008 SetThreadContext
0x41900c OpenFile
0x419010 lstrlenA
0x419014 SetLocalTime
0x419018 GetCPInfo
0x41901c SetWaitableTimer
0x419020 SetUnhandledExceptionFilter
0x419024 LoadLibraryExW
0x419028 GetCommState
0x41902c ReadConsoleOutputAttribute
0x419030 CreateJobObjectW
0x419034 GetNamedPipeHandleStateA
0x419038 GetComputerNameW
0x41903c CallNamedPipeW
0x419040 GetProcessPriorityBoost
0x419044 GetModuleHandleW
0x419048 FindNextVolumeMountPointA
0x41904c WriteFile
0x419050 SetProcessPriorityBoost
0x419054 _hread
0x419058 GetVersionExW
0x41905c HeapValidate
0x419060 GetBinaryTypeA
0x419064 GetPrivateProfileIntW
0x419068 SetCurrentDirectoryA
0x41906c GetStdHandle
0x419070 GetHandleInformation
0x419074 GetLastError
0x419078 SetDefaultCommConfigA
0x41907c GetProcAddress
0x419080 BeginUpdateResourceW
0x419084 SetVolumeLabelW
0x419088 GetConsoleDisplayMode
0x41908c EnterCriticalSection
0x419090 GetLocalTime
0x419094 OpenMutexA
0x419098 LocalAlloc
0x41909c BuildCommDCBAndTimeoutsW
0x4190a0 GetCommMask
0x4190a4 AddAtomA
0x4190a8 WaitForMultipleObjects
0x4190ac SetSystemTime
0x4190b0 SetEnvironmentVariableA
0x4190b4 GetOEMCP
0x4190b8 CreateIoCompletionPort
0x4190bc DebugBreakProcess
0x4190c0 CreateMutexA
0x4190c4 VirtualProtect
0x4190c8 EnumDateFormatsW
0x4190cc LocalSize
0x4190d0 DeleteFileW
0x4190d4 TlsFree
0x4190d8 GetProfileSectionW
0x4190dc CommConfigDialogW
0x4190e0 lstrcpyA
0x4190e4 CloseHandle
0x4190e8 GetCurrentDirectoryW
0x4190ec GetSystemDefaultLangID
0x4190f0 WideCharToMultiByte
0x4190f4 InterlockedIncrement
0x4190f8 InterlockedDecrement
0x4190fc InterlockedCompareExchange
0x419100 InterlockedExchange
0x419104 MultiByteToWideChar
0x419108 Sleep
0x41910c InitializeCriticalSection
0x419110 DeleteCriticalSection
0x419114 LeaveCriticalSection
0x419118 MoveFileA
0x41911c HeapFree
0x419120 TerminateProcess
0x419124 GetCurrentProcess
0x419128 UnhandledExceptionFilter
0x41912c IsDebuggerPresent
0x419130 ExitProcess
0x419134 GetStartupInfoW
0x419138 RtlUnwind
0x41913c RaiseException
0x419140 LCMapStringW
0x419144 LCMapStringA
0x419148 GetStringTypeW
0x41914c SetHandleCount
0x419150 GetFileType
0x419154 GetStartupInfoA
0x419158 SetStdHandle
0x41915c GetConsoleCP
0x419160 GetConsoleMode
0x419164 HeapAlloc
0x419168 HeapCreate
0x41916c VirtualFree
0x419170 VirtualAlloc
0x419174 HeapReAlloc
0x419178 TlsGetValue
0x41917c TlsAlloc
0x419180 TlsSetValue
0x419184 SetLastError
0x419188 GetCurrentThreadId
0x41918c GetModuleFileNameA
0x419190 LoadLibraryA
0x419194 InitializeCriticalSectionAndSpinCount
0x419198 GetModuleFileNameW
0x41919c FreeEnvironmentStringsW
0x4191a0 GetEnvironmentStringsW
0x4191a4 GetCommandLineW
0x4191a8 QueryPerformanceCounter
0x4191ac GetTickCount
0x4191b0 GetCurrentProcessId
0x4191b4 GetSystemTimeAsFileTime
0x4191b8 GetStringTypeA
0x4191bc HeapSize
0x4191c0 GetACP
0x4191c4 IsValidCodePage
0x4191c8 GetUserDefaultLCID
0x4191cc GetLocaleInfoA
0x4191d0 EnumSystemLocalesA
0x4191d4 IsValidLocale
0x4191d8 WriteConsoleA
0x4191dc GetConsoleOutputCP
0x4191e0 WriteConsoleW
0x4191e4 SetFilePointer
0x4191e8 GetLocaleInfoW
0x4191ec FlushFileBuffers
0x4191f0 ReadFile
0x4191f4 CreateFileA
USER32.dll
0x4191fc GetAncestor
ADVAPI32.dll
0x419000 IsTextUnicode
EAT(Export Address Table) is none