popup

Report - FreeMaps.af75d672c26d4cc59fc74465083f473c.exe

packer Gen2 OSCheck File format
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.04.28 11:11 Machine s1_win7_x6402
Filename FreeMaps.af75d672c26d4cc59fc74465083f473c.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
AI Score
3
 Behavior Score
4.8
ZERO API file : clean
VT API (file) 32 detected (Mindsparki, Unsafe, ANBU, Mindspark, MySearch, CLASSIC, bWQ1OnZ3N, AEVQMtiToiO3hiHy0, ApplicUnwnt@#101t2rdwcqm0e, MyWebSearch, JQZB, Installcore, GrayWare, StartPage, malicious, high confidence, R233545, static engine, UnwantedSig, confidence, 100%)
md5 10e868b5ebf405fe2ca10e0552023d44
sha256 71fb7537b5a88f41f407fcfda5781b4834f3fce234ff50030e48569574b4b043
ssdeep 6144:kbUTp1H7vzPjAcM+zsT8qEJEbrPBj3AIDkk7vCdWYDbHIae+0U/aM4tp5iFw2EWb:kIX7788J2aIDz7asspeuSLp5iefq
imphash 7ed0d71376e55d58ab36dc7d3ffda898
impfuzzy 48:6+wYSD1l03O3VSv5L0W8rOAltkz+eOxHALll3XbqQEFzn7+P9KQJ45EQl/KAEowX:jDSDj4yfffH1zlKsq
  Network IP location

Signature (11cnts)

Level Description
danger File has been identified by 32 AntiVirus engines on VirusTotal as malicious
watch Communicates with host for which no DNS query was performed
notice Allocates read-write-execute memory (usually to unpack itself)
notice Creates executable files on the filesystem
notice Drops an executable to the user AppData folder
notice Expresses interest in specific running processes
notice Performs some HTTP requests
notice Queries for potentially installed applications
notice Searches running processes potentially to identify processes for sandbox evasion
info Checks amount of memory in system
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (17cnts)

Level Name Description Collection
info IsDLL (no description) binaries (download)
info IsPE32 (no description) binaries (download)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check Signature Zero binaries (download)
info PE_Header_Zero PE File Signature Zero binaries (download)
info PE_Header_Zero PE File Signature Zero binaries (upload)
info HasDebugData DebugData Check binaries (download)
info HasDigitalSignature DigitalSignature Check binaries (download)
info HasDigitalSignature DigitalSignature Check binaries (upload)
info HasOverlay Overlay Check binaries (download)
info HasOverlay Overlay Check binaries (upload)
info HasRichSignature Rich Signature Check binaries (download)
info HasRichSignature Rich Signature Check binaries (upload)
info IsPacked Entropy Check binaries (upload)
info IsWindowsGUI (no description) binaries (download)
info IsWindowsGUI (no description) binaries (upload)
info Win32_Trojan_Gen_2_0904B0_Zero Win32 Trojan Gen binaries (download)

Network (7cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://anx.mindspark.com/anx.gif?anxa=CAPDownloadProcess&anxe=Error&errorCode=-11&errorType=nsisError&errorDetails=File+Not+Found+%28404%29&platform=vicinio&anxv=2.7.1.3000&anxd=2018-10-23&coid=af75d672c26d4cc59fc74465083f473c&refPartner=^BXV^mni000^S2940
whois
US GOOGLE 34.102.222.207 clean
http://anx.mindspark.com/anx.gif?anxa=CAPDownloadProcess&anxe=Error&errorCode=-16&errorType=nsisError&errorDetails=af75d672c26d4cc59fc74465083f473c&platform=vicinio&anxv=2.7.1.3000&anxd=2018-10-23&coid=af75d672c26d4cc59fc74465083f473c&refPartner=^BXV^mni0
whois
US GOOGLE 34.102.222.207 clean
https://dp.tb.ask.com/installerParams.jhtml?coId=af75d672c26d4cc59fc74465083f473c
whois
US GOOGLE 34.107.128.118 clean
dp.tb.ask.com
whois
US GOOGLE 34.107.128.118 clean
anx.mindspark.com
whois
US GOOGLE 34.102.222.207 clean
34.107.128.118
whois
US GOOGLE 34.107.128.118 clean
34.102.222.207
whois
US GOOGLE 34.102.222.207 clean

Suricata ids

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x408060 CompareFileTime
 0x408064 SearchPathW
 0x408068 SetFileTime
 0x40806c CloseHandle
 0x408070 GetShortPathNameW
 0x408074 MoveFileW
 0x408078 SetCurrentDirectoryW
 0x40807c GetFileAttributesW
 0x408080 GetLastError
 0x408084 GetFullPathNameW
 0x408088 CreateDirectoryW
 0x40808c Sleep
 0x408090 GetTickCount
 0x408094 GetFileSize
 0x408098 GetModuleFileNameW
 0x40809c GetCurrentProcess
 0x4080a0 CopyFileW
 0x4080a4 ExitProcess
 0x4080a8 SetEnvironmentVariableW
 0x4080ac GetWindowsDirectoryW
 0x4080b0 GetTempPathW
 0x4080b4 SetFileAttributesW
 0x4080b8 ExpandEnvironmentStringsW
 0x4080bc LoadLibraryW
 0x4080c0 lstrlenW
 0x4080c4 lstrcpynW
 0x4080c8 GetDiskFreeSpaceW
 0x4080cc GlobalUnlock
 0x4080d0 GlobalLock
 0x4080d4 CreateThread
 0x4080d8 CreateProcessW
 0x4080dc RemoveDirectoryW
 0x4080e0 lstrcmpiA
 0x4080e4 CreateFileW
 0x4080e8 GetTempFileNameW
 0x4080ec lstrcpyA
 0x4080f0 lstrcpyW
 0x4080f4 lstrcatW
 0x4080f8 GetSystemDirectoryW
 0x4080fc GetVersion
 0x408100 GetProcAddress
 0x408104 LoadLibraryA
 0x408108 GetModuleHandleA
 0x40810c GetModuleHandleW
 0x408110 lstrcmpiW
 0x408114 lstrcmpW
 0x408118 WaitForSingleObject
 0x40811c GlobalFree
 0x408120 GlobalAlloc
 0x408124 LoadLibraryExW
 0x408128 GetExitCodeProcess
 0x40812c FreeLibrary
 0x408130 WritePrivateProfileStringW
 0x408134 SetErrorMode
 0x408138 GetCommandLineW
 0x40813c GetPrivateProfileStringW
 0x408140 FindFirstFileW
 0x408144 FindNextFileW
 0x408148 DeleteFileW
 0x40814c SetFilePointer
 0x408150 ReadFile
 0x408154 FindClose
 0x408158 MulDiv
 0x40815c MultiByteToWideChar
 0x408160 WriteFile
 0x408164 lstrlenA
 0x408168 WideCharToMultiByte
USER32.dll
 0x40818c EndDialog
 0x408190 ScreenToClient
 0x408194 GetWindowRect
 0x408198 RegisterClassW
 0x40819c EnableMenuItem
 0x4081a0 GetSystemMenu
 0x4081a4 SetClassLongW
 0x4081a8 IsWindowEnabled
 0x4081ac SetWindowPos
 0x4081b0 GetSysColor
 0x4081b4 GetWindowLongW
 0x4081b8 SetCursor
 0x4081bc LoadCursorW
 0x4081c0 CheckDlgButton
 0x4081c4 GetMessagePos
 0x4081c8 LoadBitmapW
 0x4081cc CallWindowProcW
 0x4081d0 IsWindowVisible
 0x4081d4 CloseClipboard
 0x4081d8 SetClipboardData
 0x4081dc wsprintfW
 0x4081e0 CreateWindowExW
 0x4081e4 SystemParametersInfoW
 0x4081e8 AppendMenuW
 0x4081ec CreatePopupMenu
 0x4081f0 GetSystemMetrics
 0x4081f4 SetDlgItemTextW
 0x4081f8 GetDlgItemTextW
 0x4081fc MessageBoxIndirectW
 0x408200 CharPrevW
 0x408204 CharNextA
 0x408208 wsprintfA
 0x40820c DispatchMessageW
 0x408210 PeekMessageW
 0x408214 ReleaseDC
 0x408218 EnableWindow
 0x40821c InvalidateRect
 0x408220 SendMessageW
 0x408224 DefWindowProcW
 0x408228 BeginPaint
 0x40822c GetClientRect
 0x408230 FillRect
 0x408234 DrawTextW
 0x408238 GetClassInfoW
 0x40823c DialogBoxParamW
 0x408240 CharNextW
 0x408244 ExitWindowsEx
 0x408248 DestroyWindow
 0x40824c CreateDialogParamW
 0x408250 SetTimer
 0x408254 SetWindowTextW
 0x408258 PostQuitMessage
 0x40825c GetDC
 0x408260 SetWindowLongW
 0x408264 LoadImageW
 0x408268 SendMessageTimeoutW
 0x40826c FindWindowExW
 0x408270 EmptyClipboard
 0x408274 OpenClipboard
 0x408278 TrackPopupMenu
 0x40827c EndPaint
 0x408280 ShowWindow
 0x408284 GetDlgItem
 0x408288 IsWindow
 0x40828c SetForegroundWindow
GDI32.dll
 0x40803c SelectObject
 0x408040 SetBkMode
 0x408044 CreateFontIndirectW
 0x408048 SetTextColor
 0x40804c DeleteObject
 0x408050 GetDeviceCaps
 0x408054 CreateBrushIndirect
 0x408058 SetBkColor
SHELL32.dll
 0x408170 SHGetSpecialFolderLocation
 0x408174 SHGetPathFromIDListW
 0x408178 SHBrowseForFolderW
 0x40817c SHGetFileInfoW
 0x408180 ShellExecuteW
 0x408184 SHFileOperationW
ADVAPI32.dll
 0x408000 RegCloseKey
 0x408004 RegOpenKeyExW
 0x408008 RegDeleteKeyW
 0x40800c RegDeleteValueW
 0x408010 RegEnumValueW
 0x408014 RegCreateKeyExW
 0x408018 RegSetValueExW
 0x40801c RegQueryValueExW
 0x408020 RegEnumKeyW
COMCTL32.dll
 0x408028 ImageList_Create
 0x40802c ImageList_AddMasked
 0x408030 ImageList_Destroy
 0x408034 None
ole32.dll
 0x4082a4 CoCreateInstance
 0x4082a8 CoTaskMemFree
 0x4082ac OleInitialize
 0x4082b0 OleUninitialize
VERSION.dll
 0x408294 GetFileVersionInfoSizeW
 0x408298 GetFileVersionInfoW
 0x40829c VerQueryValueW

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure