popup

Report - hut.exe

Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library PE File PE32
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.06.19 10:07 Machine s1_win7_x6401
Filename hut.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
4
 Behavior Score
3.6
ZERO API file : malware
VT API (file) 43 detected (malicious, high confidence, Fareit, confidence, Jacard, Delf, Eldorado, Attribute, HighConfidence, score, Noon, DownLoader39, R06CC0PFI21, kcloud, DelfInject, ai score=100, Kryptik, CLASSIC, Static AI, Suspicious PE, susgen, GenKryptik, FFLW, ZelphiF, bHW@auy5EDci, GdSda)
md5 4ccbe3a8fa850367d5efde685a350d80
sha256 cd35cae0b96e7e0e19d837c418128aa3336fb5e714bc04fb2c1d90c46a7a2124
ssdeep 24576:mt+Le+UAcIAJScTn9t884Wz7vxLdkHq/XQBy:mt+rOTn7R6
imphash 44ae77ffd352712ced0978b5ee3ef88c
impfuzzy 192:33P58f1sTu/AbuuaxSUvK9yeoaqyho7CPbOQSuDM:33e1sXaq9M8PbOQD4
  Network IP location

Signature (8cnts)

Level Description
danger File has been identified by 43 AntiVirus engines on VirusTotal as malicious
watch Network activity contains more than one unique useragent
notice Allocates read-write-execute memory (usually to unpack itself)
notice Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice Performs some HTTP requests
info One or more processes crashed
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
info The executable uses a known packer

Rules (5cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Admin_Tool_IN_Zero Admin Tool Sysinternals binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (3cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
https://cdn.discordapp.com/attachments/854342102649143318/855081140620754964/Vhzygcahiwjrehzrrlqrpmzvootolhb
whois
Unknown 162.159.134.233 mailcious
cdn.discordapp.com
whois
Unknown 162.159.134.233 malware
162.159.134.233
whois
Unknown 162.159.134.233 malware

Suricata ids

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

PE API

IAT(Import Address Table) Library

kernel32.dll
 0x4aa17c DeleteCriticalSection
 0x4aa180 LeaveCriticalSection
 0x4aa184 EnterCriticalSection
 0x4aa188 InitializeCriticalSection
 0x4aa18c VirtualFree
 0x4aa190 VirtualAlloc
 0x4aa194 LocalFree
 0x4aa198 LocalAlloc
 0x4aa19c GetTickCount
 0x4aa1a0 QueryPerformanceCounter
 0x4aa1a4 GetVersion
 0x4aa1a8 GetCurrentThreadId
 0x4aa1ac InterlockedDecrement
 0x4aa1b0 InterlockedIncrement
 0x4aa1b4 VirtualQuery
 0x4aa1b8 WideCharToMultiByte
 0x4aa1bc MultiByteToWideChar
 0x4aa1c0 lstrlenA
 0x4aa1c4 lstrcpynA
 0x4aa1c8 LoadLibraryExA
 0x4aa1cc GetThreadLocale
 0x4aa1d0 GetStartupInfoA
 0x4aa1d4 GetProcAddress
 0x4aa1d8 GetModuleHandleA
 0x4aa1dc GetModuleFileNameA
 0x4aa1e0 GetLocaleInfoA
 0x4aa1e4 GetCommandLineA
 0x4aa1e8 FreeLibrary
 0x4aa1ec FindFirstFileA
 0x4aa1f0 FindClose
 0x4aa1f4 ExitProcess
 0x4aa1f8 WriteFile
 0x4aa1fc UnhandledExceptionFilter
 0x4aa200 RtlUnwind
 0x4aa204 RaiseException
 0x4aa208 GetStdHandle
user32.dll
 0x4aa210 GetKeyboardType
 0x4aa214 LoadStringA
 0x4aa218 MessageBoxA
 0x4aa21c CharNextA
advapi32.dll
 0x4aa224 RegQueryValueExA
 0x4aa228 RegOpenKeyExA
 0x4aa22c RegCloseKey
oleaut32.dll
 0x4aa234 SysFreeString
 0x4aa238 SysReAllocStringLen
 0x4aa23c SysAllocStringLen
kernel32.dll
 0x4aa244 TlsSetValue
 0x4aa248 TlsGetValue
 0x4aa24c LocalAlloc
 0x4aa250 GetModuleHandleA
advapi32.dll
 0x4aa258 RegQueryValueExA
 0x4aa25c RegOpenKeyExA
 0x4aa260 RegCloseKey
kernel32.dll
 0x4aa268 lstrcpyA
 0x4aa26c lstrcmpiA
 0x4aa270 WriteFile
 0x4aa274 WaitForSingleObject
 0x4aa278 VirtualQuery
 0x4aa27c VirtualProtect
 0x4aa280 VirtualAlloc
 0x4aa284 Sleep
 0x4aa288 SizeofResource
 0x4aa28c SetThreadLocale
 0x4aa290 SetFilePointer
 0x4aa294 SetEvent
 0x4aa298 SetErrorMode
 0x4aa29c SetEndOfFile
 0x4aa2a0 ResetEvent
 0x4aa2a4 ReadFile
 0x4aa2a8 MultiByteToWideChar
 0x4aa2ac MulDiv
 0x4aa2b0 LockResource
 0x4aa2b4 LoadResource
 0x4aa2b8 LoadLibraryA
 0x4aa2bc LeaveCriticalSection
 0x4aa2c0 InitializeCriticalSection
 0x4aa2c4 GlobalUnlock
 0x4aa2c8 GlobalSize
 0x4aa2cc GlobalReAlloc
 0x4aa2d0 GlobalHandle
 0x4aa2d4 GlobalLock
 0x4aa2d8 GlobalFree
 0x4aa2dc GlobalFindAtomA
 0x4aa2e0 GlobalDeleteAtom
 0x4aa2e4 GlobalAlloc
 0x4aa2e8 GlobalAddAtomA
 0x4aa2ec GetVersionExA
 0x4aa2f0 GetVersion
 0x4aa2f4 GetUserDefaultLCID
 0x4aa2f8 GetTickCount
 0x4aa2fc GetThreadLocale
 0x4aa300 GetSystemInfo
 0x4aa304 GetStringTypeExA
 0x4aa308 GetStdHandle
 0x4aa30c GetProfileStringA
 0x4aa310 GetProcAddress
 0x4aa314 GetModuleHandleA
 0x4aa318 GetModuleFileNameA
 0x4aa31c GetLocaleInfoA
 0x4aa320 GetLocalTime
 0x4aa324 GetLastError
 0x4aa328 GetFullPathNameA
 0x4aa32c GetDiskFreeSpaceA
 0x4aa330 GetDateFormatA
 0x4aa334 GetCurrentThreadId
 0x4aa338 GetCurrentProcessId
 0x4aa33c GetComputerNameA
 0x4aa340 GetCPInfo
 0x4aa344 GetACP
 0x4aa348 FreeResource
 0x4aa34c InterlockedExchange
 0x4aa350 FreeLibrary
 0x4aa354 FormatMessageA
 0x4aa358 FindResourceA
 0x4aa35c FindFirstFileA
 0x4aa360 FindClose
 0x4aa364 FileTimeToLocalFileTime
 0x4aa368 FileTimeToDosDateTime
 0x4aa36c EnumCalendarInfoA
 0x4aa370 EnterCriticalSection
 0x4aa374 DeleteFileA
 0x4aa378 DeleteCriticalSection
 0x4aa37c CreateThread
 0x4aa380 CreateFileA
 0x4aa384 CreateEventA
 0x4aa388 CompareStringA
 0x4aa38c CloseHandle
version.dll
 0x4aa394 VerQueryValueA
 0x4aa398 GetFileVersionInfoSizeA
 0x4aa39c GetFileVersionInfoA
gdi32.dll
 0x4aa3a4 UnrealizeObject
 0x4aa3a8 StretchBlt
 0x4aa3ac StartPage
 0x4aa3b0 StartDocA
 0x4aa3b4 SetWindowOrgEx
 0x4aa3b8 SetWinMetaFileBits
 0x4aa3bc SetViewportOrgEx
 0x4aa3c0 SetTextColor
 0x4aa3c4 SetStretchBltMode
 0x4aa3c8 SetROP2
 0x4aa3cc SetPixel
 0x4aa3d0 SetMapMode
 0x4aa3d4 SetEnhMetaFileBits
 0x4aa3d8 SetDIBColorTable
 0x4aa3dc SetBrushOrgEx
 0x4aa3e0 SetBkMode
 0x4aa3e4 SetBkColor
 0x4aa3e8 SetAbortProc
 0x4aa3ec SelectPalette
 0x4aa3f0 SelectObject
 0x4aa3f4 SelectClipRgn
 0x4aa3f8 SaveDC
 0x4aa3fc RestoreDC
 0x4aa400 Rectangle
 0x4aa404 RectVisible
 0x4aa408 RealizePalette
 0x4aa40c Polyline
 0x4aa410 Polygon
 0x4aa414 PlayEnhMetaFile
 0x4aa418 PatBlt
 0x4aa41c MoveToEx
 0x4aa420 MaskBlt
 0x4aa424 LineTo
 0x4aa428 IntersectClipRect
 0x4aa42c GetWindowOrgEx
 0x4aa430 GetWinMetaFileBits
 0x4aa434 GetTextMetricsA
 0x4aa438 GetTextExtentPointA
 0x4aa43c GetTextExtentPoint32A
 0x4aa440 GetSystemPaletteEntries
 0x4aa444 GetStockObject
 0x4aa448 GetPixel
 0x4aa44c GetPaletteEntries
 0x4aa450 GetObjectA
 0x4aa454 GetEnhMetaFilePaletteEntries
 0x4aa458 GetEnhMetaFileHeader
 0x4aa45c GetEnhMetaFileDescriptionA
 0x4aa460 GetEnhMetaFileBits
 0x4aa464 GetDeviceCaps
 0x4aa468 GetDIBits
 0x4aa46c GetDIBColorTable
 0x4aa470 GetDCOrgEx
 0x4aa474 GetCurrentPositionEx
 0x4aa478 GetClipBox
 0x4aa47c GetBrushOrgEx
 0x4aa480 GetBitmapBits
 0x4aa484 GdiFlush
 0x4aa488 ExtTextOutA
 0x4aa48c ExcludeClipRect
 0x4aa490 EndPage
 0x4aa494 EndDoc
 0x4aa498 DeleteObject
 0x4aa49c DeleteEnhMetaFile
 0x4aa4a0 DeleteDC
 0x4aa4a4 CreateSolidBrush
 0x4aa4a8 CreatePenIndirect
 0x4aa4ac CreatePalette
 0x4aa4b0 CreateICA
 0x4aa4b4 CreateHalftonePalette
 0x4aa4b8 CreateFontIndirectA
 0x4aa4bc CreateEnhMetaFileA
 0x4aa4c0 CreateDIBitmap
 0x4aa4c4 CreateDIBSection
 0x4aa4c8 CreateDCA
 0x4aa4cc CreateCompatibleDC
 0x4aa4d0 CreateCompatibleBitmap
 0x4aa4d4 CreateBrushIndirect
 0x4aa4d8 CreateBitmap
 0x4aa4dc CopyEnhMetaFileA
 0x4aa4e0 CloseEnhMetaFile
 0x4aa4e4 BitBlt
user32.dll
 0x4aa4ec CreateWindowExA
 0x4aa4f0 WindowFromPoint
 0x4aa4f4 WinHelpA
 0x4aa4f8 WaitMessage
 0x4aa4fc UpdateWindow
 0x4aa500 UnregisterClassA
 0x4aa504 UnhookWindowsHookEx
 0x4aa508 TranslateMessage
 0x4aa50c TranslateMDISysAccel
 0x4aa510 TrackPopupMenu
 0x4aa514 SystemParametersInfoA
 0x4aa518 ShowWindow
 0x4aa51c ShowScrollBar
 0x4aa520 ShowOwnedPopups
 0x4aa524 ShowCursor
 0x4aa528 ShowCaret
 0x4aa52c SetWindowsHookExA
 0x4aa530 SetWindowTextA
 0x4aa534 SetWindowPos
 0x4aa538 SetWindowPlacement
 0x4aa53c SetWindowLongA
 0x4aa540 SetTimer
 0x4aa544 SetScrollRange
 0x4aa548 SetScrollPos
 0x4aa54c SetScrollInfo
 0x4aa550 SetRect
 0x4aa554 SetPropA
 0x4aa558 SetParent
 0x4aa55c SetMenuItemInfoA
 0x4aa560 SetMenu
 0x4aa564 SetForegroundWindow
 0x4aa568 SetFocus
 0x4aa56c SetCursor
 0x4aa570 SetClipboardData
 0x4aa574 SetClassLongA
 0x4aa578 SetCapture
 0x4aa57c SetActiveWindow
 0x4aa580 SendMessageA
 0x4aa584 ScrollWindow
 0x4aa588 ScreenToClient
 0x4aa58c RemovePropA
 0x4aa590 RemoveMenu
 0x4aa594 ReleaseDC
 0x4aa598 ReleaseCapture
 0x4aa59c RegisterWindowMessageA
 0x4aa5a0 RegisterClipboardFormatA
 0x4aa5a4 RegisterClassA
 0x4aa5a8 RedrawWindow
 0x4aa5ac PtInRect
 0x4aa5b0 PostQuitMessage
 0x4aa5b4 PostMessageA
 0x4aa5b8 PeekMessageA
 0x4aa5bc OpenClipboard
 0x4aa5c0 OffsetRect
 0x4aa5c4 OemToCharA
 0x4aa5c8 MessageBoxA
 0x4aa5cc MessageBeep
 0x4aa5d0 MapWindowPoints
 0x4aa5d4 MapVirtualKeyA
 0x4aa5d8 LoadStringA
 0x4aa5dc LoadKeyboardLayoutA
 0x4aa5e0 LoadIconA
 0x4aa5e4 LoadCursorA
 0x4aa5e8 LoadBitmapA
 0x4aa5ec KillTimer
 0x4aa5f0 IsZoomed
 0x4aa5f4 IsWindowVisible
 0x4aa5f8 IsWindowEnabled
 0x4aa5fc IsWindow
 0x4aa600 IsRectEmpty
 0x4aa604 IsIconic
 0x4aa608 IsDialogMessageA
 0x4aa60c IsChild
 0x4aa610 InvalidateRect
 0x4aa614 IntersectRect
 0x4aa618 InsertMenuItemA
 0x4aa61c InsertMenuA
 0x4aa620 InflateRect
 0x4aa624 HideCaret
 0x4aa628 GetWindowThreadProcessId
 0x4aa62c GetWindowTextA
 0x4aa630 GetWindowRect
 0x4aa634 GetWindowPlacement
 0x4aa638 GetWindowLongA
 0x4aa63c GetWindowDC
 0x4aa640 GetUpdateRect
 0x4aa644 GetTopWindow
 0x4aa648 GetSystemMetrics
 0x4aa64c GetSystemMenu
 0x4aa650 GetSysColorBrush
 0x4aa654 GetSysColor
 0x4aa658 GetSubMenu
 0x4aa65c GetScrollRange
 0x4aa660 GetScrollPos
 0x4aa664 GetScrollInfo
 0x4aa668 GetPropA
 0x4aa66c GetParent
 0x4aa670 GetWindow
 0x4aa674 GetMessageTime
 0x4aa678 GetMenuStringA
 0x4aa67c GetMenuState
 0x4aa680 GetMenuItemInfoA
 0x4aa684 GetMenuItemID
 0x4aa688 GetMenuItemCount
 0x4aa68c GetMenu
 0x4aa690 GetLastActivePopup
 0x4aa694 GetKeyboardState
 0x4aa698 GetKeyboardLayoutList
 0x4aa69c GetKeyboardLayout
 0x4aa6a0 GetKeyState
 0x4aa6a4 GetKeyNameTextA
 0x4aa6a8 GetIconInfo
 0x4aa6ac GetForegroundWindow
 0x4aa6b0 GetFocus
 0x4aa6b4 GetDlgItem
 0x4aa6b8 GetDesktopWindow
 0x4aa6bc GetDCEx
 0x4aa6c0 GetDC
 0x4aa6c4 GetCursorPos
 0x4aa6c8 GetCursor
 0x4aa6cc GetClipboardData
 0x4aa6d0 GetClientRect
 0x4aa6d4 GetClassNameA
 0x4aa6d8 GetClassInfoA
 0x4aa6dc GetCapture
 0x4aa6e0 GetActiveWindow
 0x4aa6e4 FrameRect
 0x4aa6e8 FindWindowA
 0x4aa6ec FillRect
 0x4aa6f0 EqualRect
 0x4aa6f4 EnumWindows
 0x4aa6f8 EnumThreadWindows
 0x4aa6fc EndPaint
 0x4aa700 EnableWindow
 0x4aa704 EnableScrollBar
 0x4aa708 EnableMenuItem
 0x4aa70c EmptyClipboard
 0x4aa710 DrawTextA
 0x4aa714 DrawStateA
 0x4aa718 DrawMenuBar
 0x4aa71c DrawIconEx
 0x4aa720 DrawIcon
 0x4aa724 DrawFrameControl
 0x4aa728 DrawFocusRect
 0x4aa72c DrawEdge
 0x4aa730 DispatchMessageA
 0x4aa734 DestroyWindow
 0x4aa738 DestroyMenu
 0x4aa73c DestroyIcon
 0x4aa740 DestroyCursor
 0x4aa744 DeleteMenu
 0x4aa748 DefWindowProcA
 0x4aa74c DefMDIChildProcA
 0x4aa750 DefFrameProcA
 0x4aa754 CreatePopupMenu
 0x4aa758 CreateMenu
 0x4aa75c CreateIcon
 0x4aa760 CloseClipboard
 0x4aa764 ClientToScreen
 0x4aa768 CheckMenuItem
 0x4aa76c CallWindowProcA
 0x4aa770 CallNextHookEx
 0x4aa774 BeginPaint
 0x4aa778 CharNextA
 0x4aa77c CharLowerBuffA
 0x4aa780 CharLowerA
 0x4aa784 CharUpperBuffA
 0x4aa788 CharToOemA
 0x4aa78c AdjustWindowRectEx
 0x4aa790 ActivateKeyboardLayout
kernel32.dll
 0x4aa798 Sleep
oleaut32.dll
 0x4aa7a0 SafeArrayPtrOfIndex
 0x4aa7a4 SafeArrayPutElement
 0x4aa7a8 SafeArrayGetElement
 0x4aa7ac SafeArrayUnaccessData
 0x4aa7b0 SafeArrayAccessData
 0x4aa7b4 SafeArrayGetUBound
 0x4aa7b8 SafeArrayGetLBound
 0x4aa7bc SafeArrayCreate
 0x4aa7c0 VariantChangeType
 0x4aa7c4 VariantCopyInd
 0x4aa7c8 VariantCopy
 0x4aa7cc VariantClear
 0x4aa7d0 VariantInit
ole32.dll
 0x4aa7d8 CreateStreamOnHGlobal
 0x4aa7dc IsAccelerator
 0x4aa7e0 OleDraw
 0x4aa7e4 OleSetMenuDescriptor
 0x4aa7e8 OleUninitialize
 0x4aa7ec CoTaskMemFree
 0x4aa7f0 ProgIDFromCLSID
 0x4aa7f4 StringFromCLSID
 0x4aa7f8 CoCreateInstance
 0x4aa7fc CoGetClassObject
 0x4aa800 CoUninitialize
 0x4aa804 CoInitialize
 0x4aa808 IsEqualGUID
oleaut32.dll
 0x4aa810 GetErrorInfo
 0x4aa814 GetActiveObject
 0x4aa818 SysFreeString
comctl32.dll
 0x4aa820 ImageList_SetIconSize
 0x4aa824 ImageList_GetIconSize
 0x4aa828 ImageList_Write
 0x4aa82c ImageList_Read
 0x4aa830 ImageList_GetDragImage
 0x4aa834 ImageList_DragShowNolock
 0x4aa838 ImageList_SetDragCursorImage
 0x4aa83c ImageList_DragMove
 0x4aa840 ImageList_DragLeave
 0x4aa844 ImageList_DragEnter
 0x4aa848 ImageList_EndDrag
 0x4aa84c ImageList_BeginDrag
 0x4aa850 ImageList_Remove
 0x4aa854 ImageList_DrawEx
 0x4aa858 ImageList_Replace
 0x4aa85c ImageList_Draw
 0x4aa860 ImageList_GetBkColor
 0x4aa864 ImageList_SetBkColor
 0x4aa868 ImageList_ReplaceIcon
 0x4aa86c ImageList_Add
 0x4aa870 ImageList_SetImageCount
 0x4aa874 ImageList_GetImageCount
 0x4aa878 ImageList_Destroy
 0x4aa87c ImageList_Create
 0x4aa880 InitCommonControls
winspool.drv
 0x4aa888 OpenPrinterA
 0x4aa88c EnumPrintersA
 0x4aa890 DocumentPropertiesA
 0x4aa894 ClosePrinter
comdlg32.dll
 0x4aa89c GetSaveFileNameA
 0x4aa8a0 GetOpenFileNameA
winmm.dll
 0x4aa8a8 sndPlaySoundA

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure