ScreenShot
| Created | 2021.05.04 10:05 | Machine | s1_win7_x6401 |
| Filename | yourlocallotto.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 33 detected (HfsAdware, Mindsparki1, MindSpark, MyWebSearch, WisdomEyes, MyWeb, AdInstaller potentially unwanted, SPNR, 0EI513, FunWeb, WebSearch, dbxdjn, AdInstaller, Trjoan, xQZSKt3K8GV, Cloud, Generic PUA MH, MulDrop6, not malicious, YEIO, Tnega, GaNNPfC, Falsesign, Aguu) | ||
| md5 | 7564bb42086def493a6e8f27bf923647 | ||
| sha256 | a3c26859ace3885b7226ca185e922a78725603d81a0a9e6bc1ec69a2d83435cb | ||
| ssdeep | 1536:c2DSHGSEqH9DYaeSS3d5he/09YAn/MmVrYemI3AErUrlE0jUc2kNSDeBD/HaOGWo:c2KGcRmV5b9YEVknI31SEUUeN2eZxZJu | ||
| imphash | f221bd0a5050ce1161617d2aef8cf2d7 | ||
| impfuzzy | 24:VPrrqyLyOQLOovuDI+MAkfjlJVGv+4hyvvb+be9w3/ZVMM2uda1e1R:prUOQ6w+YfcWjLr9u/rbLR | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 33 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win_PUP_MyWebSearch | It changes the browser start page | binaries (upload) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x403020 LoadLibraryA
0x403024 CreateEventA
0x403028 GetUserDefaultLangID
0x40302c LocalFree
0x403030 CloseHandle
0x403034 WriteFile
0x403038 CreateFileA
0x40303c lstrcpyA
0x403040 LockResource
0x403044 LoadResource
0x403048 SizeofResource
0x40304c FindResourceA
0x403050 LoadLibraryExA
0x403054 DeleteFileA
0x403058 SetFileAttributesA
0x40305c lstrcatA
0x403060 lstrcmpiA
0x403064 GetStartupInfoA
0x403068 ExitProcess
0x40306c GetCommandLineA
0x403070 GetProcAddress
0x403074 InitializeCriticalSection
0x403078 DeleteCriticalSection
0x40307c DebugBreak
0x403080 HeapAlloc
0x403084 GetProcessHeap
0x403088 HeapReAlloc
0x40308c HeapFree
0x403090 LeaveCriticalSection
0x403094 EnterCriticalSection
0x403098 GetLastError
0x40309c SetLastError
0x4030a0 GetSystemDirectoryA
0x4030a4 GetCurrentDirectoryA
0x4030a8 GetFileAttributesA
0x4030ac GetDriveTypeA
0x4030b0 lstrcpynA
0x4030b4 ReadFile
0x4030b8 GetFileSize
0x4030bc GetVersionExA
0x4030c0 CreateDirectoryA
0x4030c4 EnumResourceNamesA
0x4030c8 SetCurrentDirectoryA
0x4030cc RemoveDirectoryA
0x4030d0 FreeLibrary
0x4030d4 WaitForMultipleObjects
0x4030d8 GetModuleHandleA
0x4030dc lstrlenA
USER32.dll
0x4030e4 CharNextA
0x4030e8 MessageBoxA
0x4030ec wsprintfA
ADVAPI32.dll
0x403000 RegFlushKey
0x403004 RegCloseKey
0x403008 RegOpenKeyExA
0x40300c RegSetValueExA
0x403010 RegCreateKeyExA
0x403014 RegDeleteValueA
0x403018 RegQueryValueExA
ole32.dll
0x4030f4 CoInitialize
0x4030f8 CoUninitialize
EAT(Export Address Table) is none
KERNEL32.dll
0x403020 LoadLibraryA
0x403024 CreateEventA
0x403028 GetUserDefaultLangID
0x40302c LocalFree
0x403030 CloseHandle
0x403034 WriteFile
0x403038 CreateFileA
0x40303c lstrcpyA
0x403040 LockResource
0x403044 LoadResource
0x403048 SizeofResource
0x40304c FindResourceA
0x403050 LoadLibraryExA
0x403054 DeleteFileA
0x403058 SetFileAttributesA
0x40305c lstrcatA
0x403060 lstrcmpiA
0x403064 GetStartupInfoA
0x403068 ExitProcess
0x40306c GetCommandLineA
0x403070 GetProcAddress
0x403074 InitializeCriticalSection
0x403078 DeleteCriticalSection
0x40307c DebugBreak
0x403080 HeapAlloc
0x403084 GetProcessHeap
0x403088 HeapReAlloc
0x40308c HeapFree
0x403090 LeaveCriticalSection
0x403094 EnterCriticalSection
0x403098 GetLastError
0x40309c SetLastError
0x4030a0 GetSystemDirectoryA
0x4030a4 GetCurrentDirectoryA
0x4030a8 GetFileAttributesA
0x4030ac GetDriveTypeA
0x4030b0 lstrcpynA
0x4030b4 ReadFile
0x4030b8 GetFileSize
0x4030bc GetVersionExA
0x4030c0 CreateDirectoryA
0x4030c4 EnumResourceNamesA
0x4030c8 SetCurrentDirectoryA
0x4030cc RemoveDirectoryA
0x4030d0 FreeLibrary
0x4030d4 WaitForMultipleObjects
0x4030d8 GetModuleHandleA
0x4030dc lstrlenA
USER32.dll
0x4030e4 CharNextA
0x4030e8 MessageBoxA
0x4030ec wsprintfA
ADVAPI32.dll
0x403000 RegFlushKey
0x403004 RegCloseKey
0x403008 RegOpenKeyExA
0x40300c RegSetValueExA
0x403010 RegCreateKeyExA
0x403014 RegDeleteValueA
0x403018 RegQueryValueExA
ole32.dll
0x4030f4 CoInitialize
0x4030f8 CoUninitialize
EAT(Export Address Table) is none