ScreenShot
| Created | 2021.04.22 17:22 | Machine | s1_win7_x6401 |
| Filename | regasm.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 22 detected (AIDetect, malware1, malicious, high confidence, GenericRXOH, Unsafe, Save, ZexaF, nqW@aaETHyaG, Attribute, HighConfidence, A + Mal, GandCrypt, Emotet, Wacatac, score, ET#87%, RDMK, cmRtazpI+c98d2pk5eLwA5m3vQoZ, Static AI, Malicious PE, confidence, 100%) | ||
| md5 | 07da81ad26a1698f87210276d494a47b | ||
| sha256 | bf912238db02eef27a887bc726f6c7e11c9a2d897f1d3bb3fe0812e9c593a8ff | ||
| ssdeep | 3072:y4JgMDJxgWX9JGZvJisF73jD+IdV5Qsn8UGQrDMZvoQnA+7539RVRI:y4OMDJx/X9wF7w6GkApf7539XRI | ||
| imphash | 7f6eb35ea13978194d25e74e65ad1031 | ||
| impfuzzy | 48:CTa1Kpd4u7CD8DSSAgOc9epq1ltHn94RcDCdZRGNZj6Q:tqd4u7G8DSa2gltH94RcDeZRKF | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (10cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Trojan_Win32_Glupteba_1_Zero | Trojan Win32 Glupteba | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsPacked | Entropy Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
| info | win_mutex | Create or check mutex | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41e000 CreateJobObjectA
0x41e004 SetProcessPriorityBoost
0x41e008 WriteConsoleW
0x41e00c GetVolumeInformationA
0x41e010 GetSystemPowerStatus
0x41e014 DeleteVolumeMountPointA
0x41e018 GetDefaultCommConfigW
0x41e01c CreateMutexA
0x41e020 GetStdHandle
0x41e024 InterlockedIncrement
0x41e028 GetSystemTimeAdjustment
0x41e02c FileTimeToSystemTime
0x41e030 CreateNamedPipeW
0x41e034 CallNamedPipeA
0x41e038 EnumResourceNamesW
0x41e03c BuildCommDCBAndTimeoutsA
0x41e040 LeaveCriticalSection
0x41e044 DebugSetProcessKillOnExit
0x41e048 EnumTimeFormatsA
0x41e04c TlsGetValue
0x41e050 GetACP
0x41e054 WriteFile
0x41e058 DeactivateActCtx
0x41e05c ReleaseActCtx
0x41e060 AddRefActCtx
0x41e064 SetHandleInformation
0x41e068 VerifyVersionInfoA
0x41e06c GetVersionExW
0x41e070 FreeLibrary
0x41e074 LoadLibraryExW
0x41e078 GetComputerNameW
0x41e07c CommConfigDialogW
0x41e080 VirtualProtect
0x41e084 lstrcpyA
0x41e088 LoadLibraryA
0x41e08c LocalAlloc
0x41e090 SetFilePointer
0x41e094 CancelWaitableTimer
0x41e098 GetCurrentDirectoryW
0x41e09c VirtualFree
0x41e0a0 SetCommMask
0x41e0a4 HeapSize
0x41e0a8 RaiseException
0x41e0ac GetBinaryTypeA
0x41e0b0 GlobalSize
0x41e0b4 SetConsoleMode
0x41e0b8 GetConsoleCursorInfo
0x41e0bc MoveFileW
0x41e0c0 SetTimeZoneInformation
0x41e0c4 TzSpecificLocalTimeToSystemTime
0x41e0c8 WriteConsoleInputW
0x41e0cc OpenMutexW
0x41e0d0 GetThreadContext
0x41e0d4 AddAtomW
0x41e0d8 FindVolumeMountPointClose
0x41e0dc SetSystemTime
0x41e0e0 GlobalAlloc
0x41e0e4 TerminateProcess
0x41e0e8 GetCommandLineW
0x41e0ec SetLocalTime
0x41e0f0 GetSystemTimeAsFileTime
0x41e0f4 DisconnectNamedPipe
0x41e0f8 GetFileAttributesW
0x41e0fc GetLastError
0x41e100 lstrlenA
0x41e104 CompareStringW
0x41e108 CompareStringA
0x41e10c GetCommandLineA
0x41e110 GetStartupInfoA
0x41e114 HeapAlloc
0x41e118 EnterCriticalSection
0x41e11c GetCurrentProcess
0x41e120 UnhandledExceptionFilter
0x41e124 SetUnhandledExceptionFilter
0x41e128 IsDebuggerPresent
0x41e12c GetProcAddress
0x41e130 GetModuleHandleA
0x41e134 GetModuleHandleW
0x41e138 Sleep
0x41e13c ExitProcess
0x41e140 GetModuleFileNameA
0x41e144 FreeEnvironmentStringsA
0x41e148 GetEnvironmentStrings
0x41e14c FreeEnvironmentStringsW
0x41e150 WideCharToMultiByte
0x41e154 GetEnvironmentStringsW
0x41e158 SetHandleCount
0x41e15c GetFileType
0x41e160 DeleteCriticalSection
0x41e164 TlsAlloc
0x41e168 TlsSetValue
0x41e16c TlsFree
0x41e170 SetLastError
0x41e174 GetCurrentThreadId
0x41e178 InterlockedDecrement
0x41e17c GetCurrentThread
0x41e180 HeapCreate
0x41e184 HeapDestroy
0x41e188 HeapFree
0x41e18c QueryPerformanceCounter
0x41e190 GetTickCount
0x41e194 GetCurrentProcessId
0x41e198 FatalAppExitA
0x41e19c VirtualAlloc
0x41e1a0 HeapReAlloc
0x41e1a4 GetCPInfo
0x41e1a8 GetOEMCP
0x41e1ac IsValidCodePage
0x41e1b0 RtlUnwind
0x41e1b4 SetConsoleCtrlHandler
0x41e1b8 InterlockedExchange
0x41e1bc InitializeCriticalSectionAndSpinCount
0x41e1c0 GetConsoleCP
0x41e1c4 GetConsoleMode
0x41e1c8 FlushFileBuffers
0x41e1cc LCMapStringA
0x41e1d0 MultiByteToWideChar
0x41e1d4 LCMapStringW
0x41e1d8 GetStringTypeA
0x41e1dc GetStringTypeW
0x41e1e0 GetTimeFormatA
0x41e1e4 GetDateFormatA
0x41e1e8 GetUserDefaultLCID
0x41e1ec GetLocaleInfoA
0x41e1f0 EnumSystemLocalesA
0x41e1f4 IsValidLocale
0x41e1f8 GetLocaleInfoW
0x41e1fc CloseHandle
0x41e200 WriteConsoleA
0x41e204 GetConsoleOutputCP
0x41e208 SetStdHandle
0x41e20c GetTimeZoneInformation
0x41e210 CreateFileA
0x41e214 SetEnvironmentVariableA
USER32.dll
0x41e21c GetComboBoxInfo
EAT(Export Address Table) is none
KERNEL32.dll
0x41e000 CreateJobObjectA
0x41e004 SetProcessPriorityBoost
0x41e008 WriteConsoleW
0x41e00c GetVolumeInformationA
0x41e010 GetSystemPowerStatus
0x41e014 DeleteVolumeMountPointA
0x41e018 GetDefaultCommConfigW
0x41e01c CreateMutexA
0x41e020 GetStdHandle
0x41e024 InterlockedIncrement
0x41e028 GetSystemTimeAdjustment
0x41e02c FileTimeToSystemTime
0x41e030 CreateNamedPipeW
0x41e034 CallNamedPipeA
0x41e038 EnumResourceNamesW
0x41e03c BuildCommDCBAndTimeoutsA
0x41e040 LeaveCriticalSection
0x41e044 DebugSetProcessKillOnExit
0x41e048 EnumTimeFormatsA
0x41e04c TlsGetValue
0x41e050 GetACP
0x41e054 WriteFile
0x41e058 DeactivateActCtx
0x41e05c ReleaseActCtx
0x41e060 AddRefActCtx
0x41e064 SetHandleInformation
0x41e068 VerifyVersionInfoA
0x41e06c GetVersionExW
0x41e070 FreeLibrary
0x41e074 LoadLibraryExW
0x41e078 GetComputerNameW
0x41e07c CommConfigDialogW
0x41e080 VirtualProtect
0x41e084 lstrcpyA
0x41e088 LoadLibraryA
0x41e08c LocalAlloc
0x41e090 SetFilePointer
0x41e094 CancelWaitableTimer
0x41e098 GetCurrentDirectoryW
0x41e09c VirtualFree
0x41e0a0 SetCommMask
0x41e0a4 HeapSize
0x41e0a8 RaiseException
0x41e0ac GetBinaryTypeA
0x41e0b0 GlobalSize
0x41e0b4 SetConsoleMode
0x41e0b8 GetConsoleCursorInfo
0x41e0bc MoveFileW
0x41e0c0 SetTimeZoneInformation
0x41e0c4 TzSpecificLocalTimeToSystemTime
0x41e0c8 WriteConsoleInputW
0x41e0cc OpenMutexW
0x41e0d0 GetThreadContext
0x41e0d4 AddAtomW
0x41e0d8 FindVolumeMountPointClose
0x41e0dc SetSystemTime
0x41e0e0 GlobalAlloc
0x41e0e4 TerminateProcess
0x41e0e8 GetCommandLineW
0x41e0ec SetLocalTime
0x41e0f0 GetSystemTimeAsFileTime
0x41e0f4 DisconnectNamedPipe
0x41e0f8 GetFileAttributesW
0x41e0fc GetLastError
0x41e100 lstrlenA
0x41e104 CompareStringW
0x41e108 CompareStringA
0x41e10c GetCommandLineA
0x41e110 GetStartupInfoA
0x41e114 HeapAlloc
0x41e118 EnterCriticalSection
0x41e11c GetCurrentProcess
0x41e120 UnhandledExceptionFilter
0x41e124 SetUnhandledExceptionFilter
0x41e128 IsDebuggerPresent
0x41e12c GetProcAddress
0x41e130 GetModuleHandleA
0x41e134 GetModuleHandleW
0x41e138 Sleep
0x41e13c ExitProcess
0x41e140 GetModuleFileNameA
0x41e144 FreeEnvironmentStringsA
0x41e148 GetEnvironmentStrings
0x41e14c FreeEnvironmentStringsW
0x41e150 WideCharToMultiByte
0x41e154 GetEnvironmentStringsW
0x41e158 SetHandleCount
0x41e15c GetFileType
0x41e160 DeleteCriticalSection
0x41e164 TlsAlloc
0x41e168 TlsSetValue
0x41e16c TlsFree
0x41e170 SetLastError
0x41e174 GetCurrentThreadId
0x41e178 InterlockedDecrement
0x41e17c GetCurrentThread
0x41e180 HeapCreate
0x41e184 HeapDestroy
0x41e188 HeapFree
0x41e18c QueryPerformanceCounter
0x41e190 GetTickCount
0x41e194 GetCurrentProcessId
0x41e198 FatalAppExitA
0x41e19c VirtualAlloc
0x41e1a0 HeapReAlloc
0x41e1a4 GetCPInfo
0x41e1a8 GetOEMCP
0x41e1ac IsValidCodePage
0x41e1b0 RtlUnwind
0x41e1b4 SetConsoleCtrlHandler
0x41e1b8 InterlockedExchange
0x41e1bc InitializeCriticalSectionAndSpinCount
0x41e1c0 GetConsoleCP
0x41e1c4 GetConsoleMode
0x41e1c8 FlushFileBuffers
0x41e1cc LCMapStringA
0x41e1d0 MultiByteToWideChar
0x41e1d4 LCMapStringW
0x41e1d8 GetStringTypeA
0x41e1dc GetStringTypeW
0x41e1e0 GetTimeFormatA
0x41e1e4 GetDateFormatA
0x41e1e8 GetUserDefaultLCID
0x41e1ec GetLocaleInfoA
0x41e1f0 EnumSystemLocalesA
0x41e1f4 IsValidLocale
0x41e1f8 GetLocaleInfoW
0x41e1fc CloseHandle
0x41e200 WriteConsoleA
0x41e204 GetConsoleOutputCP
0x41e208 SetStdHandle
0x41e20c GetTimeZoneInformation
0x41e210 CreateFileA
0x41e214 SetEnvironmentVariableA
USER32.dll
0x41e21c GetComboBoxInfo
EAT(Export Address Table) is none