ScreenShot
| Created | 2021.04.16 18:51 | Machine | s1_win7_x6401 |
| Filename | 46911997163.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 18 detected (New or modified X97M, Ole2, druvzi, GenDownloader, Presenoker, Artemis, Unsafe, R002H0CIP19, CLASSIC) | ||
| md5 | 66e25d4c12fb491e0a5c5b8dcd9fa85a | ||
| sha256 | 719773cb460bbc9727a5287e754edd398ead64879d229afb6130638e5dde9d19 | ||
| ssdeep | 196608:x4zB7jSSso98MbfUZ+aBZVPgYY5hn3WMKrXsQX1lnkM7W4eluPlEf:x4ZSS8Of++a1ItDnGTIQXvnH7W4elus | ||
| imphash | 4a09e13dffd1254b086a50c0614d1c3e | ||
| impfuzzy | 48:gONOJbY7qKp4pnACSviFLHZXpNV6U0uECKQG+NpT71xH/wt4hxFA:gONebY7qlpqSu | ||
Network IP location
Signature (12cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 18 AntiVirus engines on VirusTotal as malicious |
| watch | Libraries known to be associated with a CVE were requested (may be False Positive) |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks whether any human activity is being performed by constantly checking whether the foreground window changed |
| notice | Creates (office) documents on the filesystem |
| notice | Creates a shortcut to an executable file |
| notice | Foreign language identified in PE resource |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Collects information to fingerprint the system (MachineGuid |
| info | The executable uses a known packer |
Rules (15cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Contains_VBA_macro_code | Detect a MS Office document with embedded VBA macro code [binaries] | binaries (download) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (download) |
| notice | Str_Win32_Http_API | Match Windows Http API call | binaries (download) |
| notice | Str_Win32_Internet_API | Match Windows Inet API call | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasOverlay | Overlay Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsPacked | Entropy Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | Microsoft_Office_Document_Zero | Microsoft Office Document Signature Zero | binaries (download) |
| info | network_http | Communications over HTTP | binaries (download) |
| info | Str_Win32_Wininet_Library | Match Windows Inet API library declaration | binaries (download) |
| info | win_files_operation | Affect private profile | binaries (upload) |
| info | win_registry | Affect system registries | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40b018 ReadFile
0x40b01c CreateFileA
0x40b020 GetModuleFileNameA
0x40b024 WaitForSingleObject
0x40b028 CreateProcessA
0x40b02c SetFilePointer
0x40b030 SetCurrentDirectoryA
0x40b034 GetCurrentDirectoryA
0x40b038 MoveFileExA
0x40b03c DeleteFileA
0x40b040 SetFileAttributesA
0x40b044 GetFileAttributesA
0x40b048 lstrcatA
0x40b04c CreateDirectoryA
0x40b050 MapViewOfFile
0x40b054 CreateFileMappingA
0x40b058 GlobalAlloc
0x40b05c GlobalReAlloc
0x40b060 GlobalSize
0x40b064 GlobalFree
0x40b068 GlobalHandle
0x40b06c WriteFile
0x40b070 _lclose
0x40b074 SetFileTime
0x40b078 LocalFileTimeToFileTime
0x40b07c DosDateTimeToFileTime
0x40b080 GetTempPathA
0x40b084 MulDiv
0x40b088 GetSystemDirectoryA
0x40b08c GetWindowsDirectoryA
0x40b090 UnmapViewOfFile
0x40b094 lstrcpyA
0x40b098 lstrlenA
0x40b09c GlobalUnlock
0x40b0a0 GlobalLock
0x40b0a4 LoadLibraryA
0x40b0a8 GetModuleHandleA
0x40b0ac GetStartupInfoA
0x40b0b0 GetStringTypeA
0x40b0b4 LCMapStringW
0x40b0b8 GetStringTypeW
0x40b0bc MultiByteToWideChar
0x40b0c0 RtlUnwind
0x40b0c4 LCMapStringA
0x40b0c8 GetStdHandle
0x40b0cc SetHandleCount
0x40b0d0 GetFileType
0x40b0d4 GetProcAddress
0x40b0d8 CloseHandle
0x40b0dc GetCommandLineA
0x40b0e0 GetVersion
0x40b0e4 GetEnvironmentStrings
0x40b0e8 WideCharToMultiByte
0x40b0ec GetEnvironmentStringsW
0x40b0f0 FreeEnvironmentStringsA
0x40b0f4 UnhandledExceptionFilter
0x40b0f8 FreeEnvironmentStringsW
0x40b0fc TerminateProcess
0x40b100 GetCurrentProcess
0x40b104 VirtualFree
0x40b108 HeapCreate
0x40b10c GetVersionExA
0x40b110 GetEnvironmentVariableA
0x40b114 HeapReAlloc
0x40b118 VirtualAlloc
0x40b11c HeapFree
0x40b120 HeapAlloc
0x40b124 GetOEMCP
0x40b128 HeapDestroy
0x40b12c GetCPInfo
0x40b130 ExitProcess
0x40b134 GetACP
USER32.dll
0x40b150 SetWindowTextA
0x40b154 EndDialog
0x40b158 MoveWindow
0x40b15c GetSystemMetrics
0x40b160 GetWindowRect
0x40b164 SetPropA
0x40b168 RemovePropA
0x40b16c SendDlgItemMessageA
0x40b170 GetDlgItemTextA
0x40b174 DialogBoxParamA
0x40b178 MessageBoxA
0x40b17c GetWindowTextA
0x40b180 wsprintfA
0x40b184 TranslateMessage
0x40b188 PeekMessageA
0x40b18c IsDialogMessageA
0x40b190 SetDlgItemTextA
0x40b194 DispatchMessageA
0x40b198 GetPropA
0x40b19c CreateDialogParamA
0x40b1a0 IsWindow
0x40b1a4 DestroyWindow
0x40b1a8 SetWindowLongA
0x40b1ac GetWindowLongA
ADVAPI32.dll
0x40b000 RegQueryValueExA
0x40b004 RegOpenKeyExA
0x40b008 RegCloseKey
SHELL32.dll
0x40b13c DragQueryFileA
0x40b140 SHChangeNotify
0x40b144 ShellExecuteA
0x40b148 DragFinish
COMCTL32.dll
0x40b010 None
EAT(Export Address Table) is none
KERNEL32.dll
0x40b018 ReadFile
0x40b01c CreateFileA
0x40b020 GetModuleFileNameA
0x40b024 WaitForSingleObject
0x40b028 CreateProcessA
0x40b02c SetFilePointer
0x40b030 SetCurrentDirectoryA
0x40b034 GetCurrentDirectoryA
0x40b038 MoveFileExA
0x40b03c DeleteFileA
0x40b040 SetFileAttributesA
0x40b044 GetFileAttributesA
0x40b048 lstrcatA
0x40b04c CreateDirectoryA
0x40b050 MapViewOfFile
0x40b054 CreateFileMappingA
0x40b058 GlobalAlloc
0x40b05c GlobalReAlloc
0x40b060 GlobalSize
0x40b064 GlobalFree
0x40b068 GlobalHandle
0x40b06c WriteFile
0x40b070 _lclose
0x40b074 SetFileTime
0x40b078 LocalFileTimeToFileTime
0x40b07c DosDateTimeToFileTime
0x40b080 GetTempPathA
0x40b084 MulDiv
0x40b088 GetSystemDirectoryA
0x40b08c GetWindowsDirectoryA
0x40b090 UnmapViewOfFile
0x40b094 lstrcpyA
0x40b098 lstrlenA
0x40b09c GlobalUnlock
0x40b0a0 GlobalLock
0x40b0a4 LoadLibraryA
0x40b0a8 GetModuleHandleA
0x40b0ac GetStartupInfoA
0x40b0b0 GetStringTypeA
0x40b0b4 LCMapStringW
0x40b0b8 GetStringTypeW
0x40b0bc MultiByteToWideChar
0x40b0c0 RtlUnwind
0x40b0c4 LCMapStringA
0x40b0c8 GetStdHandle
0x40b0cc SetHandleCount
0x40b0d0 GetFileType
0x40b0d4 GetProcAddress
0x40b0d8 CloseHandle
0x40b0dc GetCommandLineA
0x40b0e0 GetVersion
0x40b0e4 GetEnvironmentStrings
0x40b0e8 WideCharToMultiByte
0x40b0ec GetEnvironmentStringsW
0x40b0f0 FreeEnvironmentStringsA
0x40b0f4 UnhandledExceptionFilter
0x40b0f8 FreeEnvironmentStringsW
0x40b0fc TerminateProcess
0x40b100 GetCurrentProcess
0x40b104 VirtualFree
0x40b108 HeapCreate
0x40b10c GetVersionExA
0x40b110 GetEnvironmentVariableA
0x40b114 HeapReAlloc
0x40b118 VirtualAlloc
0x40b11c HeapFree
0x40b120 HeapAlloc
0x40b124 GetOEMCP
0x40b128 HeapDestroy
0x40b12c GetCPInfo
0x40b130 ExitProcess
0x40b134 GetACP
USER32.dll
0x40b150 SetWindowTextA
0x40b154 EndDialog
0x40b158 MoveWindow
0x40b15c GetSystemMetrics
0x40b160 GetWindowRect
0x40b164 SetPropA
0x40b168 RemovePropA
0x40b16c SendDlgItemMessageA
0x40b170 GetDlgItemTextA
0x40b174 DialogBoxParamA
0x40b178 MessageBoxA
0x40b17c GetWindowTextA
0x40b180 wsprintfA
0x40b184 TranslateMessage
0x40b188 PeekMessageA
0x40b18c IsDialogMessageA
0x40b190 SetDlgItemTextA
0x40b194 DispatchMessageA
0x40b198 GetPropA
0x40b19c CreateDialogParamA
0x40b1a0 IsWindow
0x40b1a4 DestroyWindow
0x40b1a8 SetWindowLongA
0x40b1ac GetWindowLongA
ADVAPI32.dll
0x40b000 RegQueryValueExA
0x40b004 RegOpenKeyExA
0x40b008 RegCloseKey
SHELL32.dll
0x40b13c DragQueryFileA
0x40b140 SHChangeNotify
0x40b144 ShellExecuteA
0x40b148 DragFinish
COMCTL32.dll
0x40b010 None
EAT(Export Address Table) is none