ScreenShot
| Created | 2021.06.02 18:13 | Machine | s1_win7_x6402 |
| Filename | toolspab1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 26 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, Hacktool, Kryptik, Eldorado, FileRepMetagen, ET#88%, RDMK, cmRtazqTSPeGkQfVbzJVvazKlA35, A + Troj, Static AI, Malicious PE, Hynamer, 18JIJAK, score, Raccoon, ZexaF, uqW@aedAjgjc, confidence, susgen) | ||
| md5 | bc004ebe4199980b8686dc9202f3b7cb | ||
| sha256 | c129ece5ce4cc5bc3c8d93ba6801c79e644bf838f4adb262bf7780476576bde1 | ||
| ssdeep | 6144:W4p1j3VUf82XBk7Cc2ZZOQx4HNsWjnwVHLCj6i:W4p1Rq82u7CcdQ6NsWeH | ||
| imphash | 56f05d258312142ce96e49dab5506ef4 | ||
| impfuzzy | 48:b8z8q9Os7YJX1hEkjI1Ynd/f54p78+fcmWxtjtavV8y9SB8:b87sdX1hET8Jag+fcmWxtjUvV8y9F | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x430008 PulseEvent
0x43000c FillConsoleOutputCharacterA
0x430010 GlobalFix
0x430014 GetFileSize
0x430018 SetPriorityClass
0x43001c lstrlenA
0x430020 GetConsoleAliasesLengthW
0x430024 GetModuleHandleExA
0x430028 SetEnvironmentVariableW
0x43002c SetHandleInformation
0x430030 SetComputerNameW
0x430034 SetVolumeMountPointW
0x430038 OpenSemaphoreA
0x43003c CallNamedPipeW
0x430040 GetCurrentThread
0x430044 GetWindowsDirectoryA
0x430048 WriteFile
0x43004c EnumTimeFormatsW
0x430050 SetCommState
0x430054 CreateDirectoryExW
0x430058 TlsSetValue
0x43005c GetVolumeInformationA
0x430060 LoadLibraryW
0x430064 ReadConsoleInputA
0x430068 CopyFileW
0x43006c GetVersionExW
0x430070 GetFileAttributesA
0x430074 SetConsoleMode
0x430078 WriteConsoleW
0x43007c WritePrivateProfileSectionW
0x430080 CompareStringW
0x430084 SetThreadPriority
0x430088 SetConsoleTitleA
0x43008c VerifyVersionInfoW
0x430090 SetCurrentDirectoryA
0x430094 GetStdHandle
0x430098 GetComputerNameA
0x43009c GetLastError
0x4300a0 GetCurrentDirectoryW
0x4300a4 SetLastError
0x4300a8 GetThreadLocale
0x4300ac ReadConsoleOutputCharacterA
0x4300b0 GetProcAddress
0x4300b4 VirtualAlloc
0x4300b8 BuildCommDCBW
0x4300bc OpenWaitableTimerA
0x4300c0 LoadLibraryA
0x4300c4 OpenMutexA
0x4300c8 InterlockedExchangeAdd
0x4300cc LocalAlloc
0x4300d0 DnsHostnameToComputerNameA
0x4300d4 GetFileType
0x4300d8 MoveFileA
0x4300dc SetFileApisToANSI
0x4300e0 WriteProfileSectionW
0x4300e4 SetConsoleWindowInfo
0x4300e8 AddAtomA
0x4300ec GetPrivateProfileSectionNamesA
0x4300f0 WTSGetActiveConsoleSessionId
0x4300f4 WaitCommEvent
0x4300f8 ContinueDebugEvent
0x4300fc OpenFileMappingW
0x430100 FreeEnvironmentStringsW
0x430104 CompareStringA
0x430108 SetProcessShutdownParameters
0x43010c GetVersionExA
0x430110 LocalSize
0x430114 FindAtomW
0x430118 FindActCtxSectionStringW
0x43011c FindFirstFileA
0x430120 GetCommandLineW
0x430124 InterlockedIncrement
0x430128 InterlockedDecrement
0x43012c InitializeCriticalSection
0x430130 DeleteCriticalSection
0x430134 EnterCriticalSection
0x430138 LeaveCriticalSection
0x43013c HeapSetInformation
0x430140 GetStartupInfoW
0x430144 GetModuleFileNameW
0x430148 RaiseException
0x43014c EncodePointer
0x430150 DecodePointer
0x430154 IsProcessorFeaturePresent
0x430158 GetModuleHandleW
0x43015c ExitProcess
0x430160 TerminateProcess
0x430164 GetCurrentProcess
0x430168 UnhandledExceptionFilter
0x43016c SetUnhandledExceptionFilter
0x430170 IsDebuggerPresent
0x430174 InitializeCriticalSectionAndSpinCount
0x430178 SetStdHandle
0x43017c WideCharToMultiByte
0x430180 GetConsoleCP
0x430184 GetConsoleMode
0x430188 HeapValidate
0x43018c IsBadReadPtr
0x430190 QueryPerformanceCounter
0x430194 GetTickCount
0x430198 GetCurrentThreadId
0x43019c GetCurrentProcessId
0x4301a0 GetSystemTimeAsFileTime
0x4301a4 GetEnvironmentStringsW
0x4301a8 SetHandleCount
0x4301ac TlsAlloc
0x4301b0 TlsGetValue
0x4301b4 TlsFree
0x4301b8 HeapCreate
0x4301bc OutputDebugStringA
0x4301c0 OutputDebugStringW
0x4301c4 GetACP
0x4301c8 GetOEMCP
0x4301cc GetCPInfo
0x4301d0 IsValidCodePage
0x4301d4 MultiByteToWideChar
0x4301d8 SetFilePointer
0x4301dc RtlUnwind
0x4301e0 HeapAlloc
0x4301e4 GetModuleFileNameA
0x4301e8 HeapReAlloc
0x4301ec HeapSize
0x4301f0 HeapQueryInformation
0x4301f4 HeapFree
0x4301f8 LCMapStringW
0x4301fc GetStringTypeW
0x430200 CreateFileW
0x430204 CloseHandle
0x430208 FlushFileBuffers
USER32.dll
0x430210 GetMessageTime
0x430214 GetMenuBarInfo
ADVAPI32.dll
0x430000 RevertToSelf
EAT(Export Address Table) is none
KERNEL32.dll
0x430008 PulseEvent
0x43000c FillConsoleOutputCharacterA
0x430010 GlobalFix
0x430014 GetFileSize
0x430018 SetPriorityClass
0x43001c lstrlenA
0x430020 GetConsoleAliasesLengthW
0x430024 GetModuleHandleExA
0x430028 SetEnvironmentVariableW
0x43002c SetHandleInformation
0x430030 SetComputerNameW
0x430034 SetVolumeMountPointW
0x430038 OpenSemaphoreA
0x43003c CallNamedPipeW
0x430040 GetCurrentThread
0x430044 GetWindowsDirectoryA
0x430048 WriteFile
0x43004c EnumTimeFormatsW
0x430050 SetCommState
0x430054 CreateDirectoryExW
0x430058 TlsSetValue
0x43005c GetVolumeInformationA
0x430060 LoadLibraryW
0x430064 ReadConsoleInputA
0x430068 CopyFileW
0x43006c GetVersionExW
0x430070 GetFileAttributesA
0x430074 SetConsoleMode
0x430078 WriteConsoleW
0x43007c WritePrivateProfileSectionW
0x430080 CompareStringW
0x430084 SetThreadPriority
0x430088 SetConsoleTitleA
0x43008c VerifyVersionInfoW
0x430090 SetCurrentDirectoryA
0x430094 GetStdHandle
0x430098 GetComputerNameA
0x43009c GetLastError
0x4300a0 GetCurrentDirectoryW
0x4300a4 SetLastError
0x4300a8 GetThreadLocale
0x4300ac ReadConsoleOutputCharacterA
0x4300b0 GetProcAddress
0x4300b4 VirtualAlloc
0x4300b8 BuildCommDCBW
0x4300bc OpenWaitableTimerA
0x4300c0 LoadLibraryA
0x4300c4 OpenMutexA
0x4300c8 InterlockedExchangeAdd
0x4300cc LocalAlloc
0x4300d0 DnsHostnameToComputerNameA
0x4300d4 GetFileType
0x4300d8 MoveFileA
0x4300dc SetFileApisToANSI
0x4300e0 WriteProfileSectionW
0x4300e4 SetConsoleWindowInfo
0x4300e8 AddAtomA
0x4300ec GetPrivateProfileSectionNamesA
0x4300f0 WTSGetActiveConsoleSessionId
0x4300f4 WaitCommEvent
0x4300f8 ContinueDebugEvent
0x4300fc OpenFileMappingW
0x430100 FreeEnvironmentStringsW
0x430104 CompareStringA
0x430108 SetProcessShutdownParameters
0x43010c GetVersionExA
0x430110 LocalSize
0x430114 FindAtomW
0x430118 FindActCtxSectionStringW
0x43011c FindFirstFileA
0x430120 GetCommandLineW
0x430124 InterlockedIncrement
0x430128 InterlockedDecrement
0x43012c InitializeCriticalSection
0x430130 DeleteCriticalSection
0x430134 EnterCriticalSection
0x430138 LeaveCriticalSection
0x43013c HeapSetInformation
0x430140 GetStartupInfoW
0x430144 GetModuleFileNameW
0x430148 RaiseException
0x43014c EncodePointer
0x430150 DecodePointer
0x430154 IsProcessorFeaturePresent
0x430158 GetModuleHandleW
0x43015c ExitProcess
0x430160 TerminateProcess
0x430164 GetCurrentProcess
0x430168 UnhandledExceptionFilter
0x43016c SetUnhandledExceptionFilter
0x430170 IsDebuggerPresent
0x430174 InitializeCriticalSectionAndSpinCount
0x430178 SetStdHandle
0x43017c WideCharToMultiByte
0x430180 GetConsoleCP
0x430184 GetConsoleMode
0x430188 HeapValidate
0x43018c IsBadReadPtr
0x430190 QueryPerformanceCounter
0x430194 GetTickCount
0x430198 GetCurrentThreadId
0x43019c GetCurrentProcessId
0x4301a0 GetSystemTimeAsFileTime
0x4301a4 GetEnvironmentStringsW
0x4301a8 SetHandleCount
0x4301ac TlsAlloc
0x4301b0 TlsGetValue
0x4301b4 TlsFree
0x4301b8 HeapCreate
0x4301bc OutputDebugStringA
0x4301c0 OutputDebugStringW
0x4301c4 GetACP
0x4301c8 GetOEMCP
0x4301cc GetCPInfo
0x4301d0 IsValidCodePage
0x4301d4 MultiByteToWideChar
0x4301d8 SetFilePointer
0x4301dc RtlUnwind
0x4301e0 HeapAlloc
0x4301e4 GetModuleFileNameA
0x4301e8 HeapReAlloc
0x4301ec HeapSize
0x4301f0 HeapQueryInformation
0x4301f4 HeapFree
0x4301f8 LCMapStringW
0x4301fc GetStringTypeW
0x430200 CreateFileW
0x430204 CloseHandle
0x430208 FlushFileBuffers
USER32.dll
0x430210 GetMessageTime
0x430214 GetMenuBarInfo
ADVAPI32.dll
0x430000 RevertToSelf
EAT(Export Address Table) is none