ScreenShot
| Created | 2021.06.19 09:04 | Machine | s1_win7_x6402 |
| Filename | upservices.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 26 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, Hacktool, confidence, Kryptik, Eldorado, Attribute, HighConfidence, Chapak, A + Troj, Static AI, Malicious PE, Zenpak, Score, Azorult, BScope, CLASSIC, Ranumbot, susgen, ZexaF, fz0@aWA8EPbI) | ||
| md5 | 5af71e2a08eed74f115e2b5d3ef4e570 | ||
| sha256 | 71bef343c030a099a182448091052c9788988251e1e9e3236cb27b53a5bd318f | ||
| ssdeep | 24576:OXmQ62WSDVkgL0/vAF1LvXBRCwU6QQBtmsU7p1yOGJ2D:bA0nG1LpRCEQQqsU1s | ||
| imphash | f38124646e535204cd12e80d37ffde43 | ||
| impfuzzy | 48:C1gydrfUpdUJ6G9WDnPlpfO5MaEBcltgJV8vwml0POG+T:SLdIztaWPvfyEBcltgJV8vdl0i | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4ff000 GetCommandLineW
0x4ff004 EnumResourceNamesW
0x4ff008 SetVolumeLabelA
0x4ff00c SearchPathW
0x4ff010 FindFirstFileW
0x4ff014 OpenFile
0x4ff018 SetLocalTime
0x4ff01c GetDriveTypeW
0x4ff020 SetEndOfFile
0x4ff024 GetNumberOfConsoleInputEvents
0x4ff028 CallNamedPipeA
0x4ff02c InterlockedIncrement
0x4ff030 InterlockedDecrement
0x4ff034 GetProfileStringW
0x4ff038 GetProfileSectionA
0x4ff03c GetComputerNameW
0x4ff040 CreateDirectoryExA
0x4ff044 GetModuleHandleW
0x4ff048 GenerateConsoleCtrlEvent
0x4ff04c GetConsoleTitleA
0x4ff050 GetWindowsDirectoryA
0x4ff054 GetSystemWow64DirectoryA
0x4ff058 EnumResourceTypesA
0x4ff05c TlsSetValue
0x4ff060 FindResourceExA
0x4ff064 GlobalAlloc
0x4ff068 AddRefActCtx
0x4ff06c GetVolumeInformationA
0x4ff070 Sleep
0x4ff074 ReadFileScatter
0x4ff078 GetConsoleWindow
0x4ff07c GetSystemTimeAdjustment
0x4ff080 GetVersionExW
0x4ff084 InterlockedPopEntrySList
0x4ff088 GlobalFlags
0x4ff08c VerifyVersionInfoA
0x4ff090 GetBinaryTypeA
0x4ff094 TerminateProcess
0x4ff098 ReadFile
0x4ff09c CompareStringW
0x4ff0a0 lstrlenW
0x4ff0a4 SetConsoleTitleA
0x4ff0a8 GlobalUnlock
0x4ff0ac LCMapStringA
0x4ff0b0 GetConsoleOutputCP
0x4ff0b4 CreateDirectoryA
0x4ff0b8 InterlockedExchange
0x4ff0bc GetFileSizeEx
0x4ff0c0 IsDBCSLeadByteEx
0x4ff0c4 GetProcAddress
0x4ff0c8 FreeUserPhysicalPages
0x4ff0cc SetComputerNameA
0x4ff0d0 CreateMemoryResourceNotification
0x4ff0d4 SearchPathA
0x4ff0d8 GetPrivateProfileStringA
0x4ff0dc GetAtomNameA
0x4ff0e0 Process32FirstW
0x4ff0e4 OpenMutexA
0x4ff0e8 OpenWaitableTimerW
0x4ff0ec SetCalendarInfoW
0x4ff0f0 IsSystemResumeAutomatic
0x4ff0f4 SetFileApisToANSI
0x4ff0f8 WriteProfileSectionW
0x4ff0fc GetCommMask
0x4ff100 AddAtomA
0x4ff104 GetTapeParameters
0x4ff108 GetSystemInfo
0x4ff10c GetOEMCP
0x4ff110 FindNextFileA
0x4ff114 SetConsoleCursorInfo
0x4ff118 CreateIoCompletionPort
0x4ff11c WaitCommEvent
0x4ff120 FreeEnvironmentStringsW
0x4ff124 BuildCommDCBA
0x4ff128 GetCurrentDirectoryA
0x4ff12c CompareStringA
0x4ff130 ScrollConsoleScreenBufferA
0x4ff134 CopyFileExA
0x4ff138 DeleteFileA
0x4ff13c GetModuleHandleA
0x4ff140 CreateFileA
0x4ff144 GetLastError
0x4ff148 MoveFileA
0x4ff14c GetCommandLineA
0x4ff150 GetStartupInfoA
0x4ff154 HeapValidate
0x4ff158 IsBadReadPtr
0x4ff15c RaiseException
0x4ff160 EnterCriticalSection
0x4ff164 LeaveCriticalSection
0x4ff168 GetCurrentProcess
0x4ff16c UnhandledExceptionFilter
0x4ff170 SetUnhandledExceptionFilter
0x4ff174 IsDebuggerPresent
0x4ff178 GetModuleFileNameW
0x4ff17c DeleteCriticalSection
0x4ff180 QueryPerformanceCounter
0x4ff184 GetTickCount
0x4ff188 GetCurrentThreadId
0x4ff18c GetCurrentProcessId
0x4ff190 GetSystemTimeAsFileTime
0x4ff194 ExitProcess
0x4ff198 GetModuleFileNameA
0x4ff19c FreeEnvironmentStringsA
0x4ff1a0 GetEnvironmentStrings
0x4ff1a4 WideCharToMultiByte
0x4ff1a8 GetEnvironmentStringsW
0x4ff1ac SetHandleCount
0x4ff1b0 GetStdHandle
0x4ff1b4 GetFileType
0x4ff1b8 TlsGetValue
0x4ff1bc TlsAlloc
0x4ff1c0 TlsFree
0x4ff1c4 SetLastError
0x4ff1c8 HeapDestroy
0x4ff1cc HeapCreate
0x4ff1d0 HeapFree
0x4ff1d4 VirtualFree
0x4ff1d8 WriteFile
0x4ff1dc HeapAlloc
0x4ff1e0 HeapSize
0x4ff1e4 HeapReAlloc
0x4ff1e8 VirtualAlloc
0x4ff1ec GetACP
0x4ff1f0 GetCPInfo
0x4ff1f4 IsValidCodePage
0x4ff1f8 DebugBreak
0x4ff1fc OutputDebugStringA
0x4ff200 WriteConsoleW
0x4ff204 OutputDebugStringW
0x4ff208 LoadLibraryW
0x4ff20c RtlUnwind
0x4ff210 MultiByteToWideChar
0x4ff214 InitializeCriticalSectionAndSpinCount
0x4ff218 LoadLibraryA
0x4ff21c LCMapStringW
0x4ff220 GetStringTypeA
0x4ff224 GetStringTypeW
0x4ff228 GetLocaleInfoA
0x4ff22c FlushFileBuffers
0x4ff230 GetConsoleCP
0x4ff234 GetConsoleMode
0x4ff238 SetFilePointer
0x4ff23c CloseHandle
0x4ff240 SetStdHandle
0x4ff244 WriteConsoleA
USER32.dll
0x4ff24c GetMenuCheckMarkDimensions
0x4ff250 GetMenuInfo
0x4ff254 GetComboBoxInfo
0x4ff258 GetMenuBarInfo
EAT(Export Address Table) is none
KERNEL32.dll
0x4ff000 GetCommandLineW
0x4ff004 EnumResourceNamesW
0x4ff008 SetVolumeLabelA
0x4ff00c SearchPathW
0x4ff010 FindFirstFileW
0x4ff014 OpenFile
0x4ff018 SetLocalTime
0x4ff01c GetDriveTypeW
0x4ff020 SetEndOfFile
0x4ff024 GetNumberOfConsoleInputEvents
0x4ff028 CallNamedPipeA
0x4ff02c InterlockedIncrement
0x4ff030 InterlockedDecrement
0x4ff034 GetProfileStringW
0x4ff038 GetProfileSectionA
0x4ff03c GetComputerNameW
0x4ff040 CreateDirectoryExA
0x4ff044 GetModuleHandleW
0x4ff048 GenerateConsoleCtrlEvent
0x4ff04c GetConsoleTitleA
0x4ff050 GetWindowsDirectoryA
0x4ff054 GetSystemWow64DirectoryA
0x4ff058 EnumResourceTypesA
0x4ff05c TlsSetValue
0x4ff060 FindResourceExA
0x4ff064 GlobalAlloc
0x4ff068 AddRefActCtx
0x4ff06c GetVolumeInformationA
0x4ff070 Sleep
0x4ff074 ReadFileScatter
0x4ff078 GetConsoleWindow
0x4ff07c GetSystemTimeAdjustment
0x4ff080 GetVersionExW
0x4ff084 InterlockedPopEntrySList
0x4ff088 GlobalFlags
0x4ff08c VerifyVersionInfoA
0x4ff090 GetBinaryTypeA
0x4ff094 TerminateProcess
0x4ff098 ReadFile
0x4ff09c CompareStringW
0x4ff0a0 lstrlenW
0x4ff0a4 SetConsoleTitleA
0x4ff0a8 GlobalUnlock
0x4ff0ac LCMapStringA
0x4ff0b0 GetConsoleOutputCP
0x4ff0b4 CreateDirectoryA
0x4ff0b8 InterlockedExchange
0x4ff0bc GetFileSizeEx
0x4ff0c0 IsDBCSLeadByteEx
0x4ff0c4 GetProcAddress
0x4ff0c8 FreeUserPhysicalPages
0x4ff0cc SetComputerNameA
0x4ff0d0 CreateMemoryResourceNotification
0x4ff0d4 SearchPathA
0x4ff0d8 GetPrivateProfileStringA
0x4ff0dc GetAtomNameA
0x4ff0e0 Process32FirstW
0x4ff0e4 OpenMutexA
0x4ff0e8 OpenWaitableTimerW
0x4ff0ec SetCalendarInfoW
0x4ff0f0 IsSystemResumeAutomatic
0x4ff0f4 SetFileApisToANSI
0x4ff0f8 WriteProfileSectionW
0x4ff0fc GetCommMask
0x4ff100 AddAtomA
0x4ff104 GetTapeParameters
0x4ff108 GetSystemInfo
0x4ff10c GetOEMCP
0x4ff110 FindNextFileA
0x4ff114 SetConsoleCursorInfo
0x4ff118 CreateIoCompletionPort
0x4ff11c WaitCommEvent
0x4ff120 FreeEnvironmentStringsW
0x4ff124 BuildCommDCBA
0x4ff128 GetCurrentDirectoryA
0x4ff12c CompareStringA
0x4ff130 ScrollConsoleScreenBufferA
0x4ff134 CopyFileExA
0x4ff138 DeleteFileA
0x4ff13c GetModuleHandleA
0x4ff140 CreateFileA
0x4ff144 GetLastError
0x4ff148 MoveFileA
0x4ff14c GetCommandLineA
0x4ff150 GetStartupInfoA
0x4ff154 HeapValidate
0x4ff158 IsBadReadPtr
0x4ff15c RaiseException
0x4ff160 EnterCriticalSection
0x4ff164 LeaveCriticalSection
0x4ff168 GetCurrentProcess
0x4ff16c UnhandledExceptionFilter
0x4ff170 SetUnhandledExceptionFilter
0x4ff174 IsDebuggerPresent
0x4ff178 GetModuleFileNameW
0x4ff17c DeleteCriticalSection
0x4ff180 QueryPerformanceCounter
0x4ff184 GetTickCount
0x4ff188 GetCurrentThreadId
0x4ff18c GetCurrentProcessId
0x4ff190 GetSystemTimeAsFileTime
0x4ff194 ExitProcess
0x4ff198 GetModuleFileNameA
0x4ff19c FreeEnvironmentStringsA
0x4ff1a0 GetEnvironmentStrings
0x4ff1a4 WideCharToMultiByte
0x4ff1a8 GetEnvironmentStringsW
0x4ff1ac SetHandleCount
0x4ff1b0 GetStdHandle
0x4ff1b4 GetFileType
0x4ff1b8 TlsGetValue
0x4ff1bc TlsAlloc
0x4ff1c0 TlsFree
0x4ff1c4 SetLastError
0x4ff1c8 HeapDestroy
0x4ff1cc HeapCreate
0x4ff1d0 HeapFree
0x4ff1d4 VirtualFree
0x4ff1d8 WriteFile
0x4ff1dc HeapAlloc
0x4ff1e0 HeapSize
0x4ff1e4 HeapReAlloc
0x4ff1e8 VirtualAlloc
0x4ff1ec GetACP
0x4ff1f0 GetCPInfo
0x4ff1f4 IsValidCodePage
0x4ff1f8 DebugBreak
0x4ff1fc OutputDebugStringA
0x4ff200 WriteConsoleW
0x4ff204 OutputDebugStringW
0x4ff208 LoadLibraryW
0x4ff20c RtlUnwind
0x4ff210 MultiByteToWideChar
0x4ff214 InitializeCriticalSectionAndSpinCount
0x4ff218 LoadLibraryA
0x4ff21c LCMapStringW
0x4ff220 GetStringTypeA
0x4ff224 GetStringTypeW
0x4ff228 GetLocaleInfoA
0x4ff22c FlushFileBuffers
0x4ff230 GetConsoleCP
0x4ff234 GetConsoleMode
0x4ff238 SetFilePointer
0x4ff23c CloseHandle
0x4ff240 SetStdHandle
0x4ff244 WriteConsoleA
USER32.dll
0x4ff24c GetMenuCheckMarkDimensions
0x4ff250 GetMenuInfo
0x4ff254 GetComboBoxInfo
0x4ff258 GetMenuBarInfo
EAT(Export Address Table) is none