ScreenShot
| Created | 2021.06.24 20:19 | Machine | s1_win7_x6401 |
| Filename | proxy-IRXC-setup.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 23 detected (malicious, high confidence, Unsafe, Save, confidence, ZexaF, @xW@aGbAUXpG, Attribute, HighConfidence, Generic@ML, RDML, o+p3io23WIrE178DddkNWg, Lockbit, Static AI, Suspicious PE, Zenpak, susgen, Azorult, score, BScope) | ||
| md5 | fd21878da4856b1d35cc873540d7f6f2 | ||
| sha256 | 644ac8a4124578b48412c2c5bd65b4be358fc6b1b99b035327fe1a04b41aabc1 | ||
| ssdeep | 98304:yhVEnPmR4+F2I5dX+SHpoWICIbeMiJ/SZEuQWVpI8ng1y2i:yInPmR/Fn575jIe/puQWzIP1 | ||
| imphash | 1e17a996886aa2657a4de6c042170d2c | ||
| impfuzzy | 48:yEbODA+fmpdVXAZI1qlpoX/OQ9YWaE8cRhV8+UpeLXvGBg:WEZzVXAW4voX/+zE8cRhV8+SeLXB | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x862000 SetVolumeLabelA
0x862004 SearchPathW
0x862008 WriteConsoleInputW
0x86200c TlsGetValue
0x862010 GetProfileIntW
0x862014 MapUserPhysicalPages
0x862018 LoadResource
0x86201c InterlockedIncrement
0x862020 InterlockedDecrement
0x862024 ScrollConsoleScreenBufferW
0x862028 CreateDirectoryW
0x86202c GetComputerNameW
0x862030 GetCommProperties
0x862034 FreeEnvironmentStringsA
0x862038 GetModuleHandleW
0x86203c CreateNamedPipeW
0x862040 LocalFlags
0x862044 GetConsoleAliasesLengthA
0x862048 GetPrivateProfileStringW
0x86204c GetWindowsDirectoryA
0x862050 WriteFile
0x862054 SetCommState
0x862058 GetCommandLineA
0x86205c GetSystemWow64DirectoryA
0x862060 WriteFileGather
0x862064 CreateDirectoryExW
0x862068 SetProcessPriorityBoost
0x86206c FindResourceExA
0x862070 GlobalAlloc
0x862074 LoadLibraryW
0x862078 GetConsoleMode
0x86207c GetCalendarInfoA
0x862080 SetSystemTimeAdjustment
0x862084 GetSystemWindowsDirectoryA
0x862088 SetConsoleCursorPosition
0x86208c VerifyVersionInfoA
0x862090 TerminateProcess
0x862094 IsDBCSLeadByte
0x862098 GetBinaryTypeW
0x86209c GetOverlappedResult
0x8620a0 lstrlenW
0x8620a4 SetConsoleTitleA
0x8620a8 GlobalUnlock
0x8620ac LCMapStringA
0x8620b0 GetConsoleOutputCP
0x8620b4 InterlockedExchange
0x8620b8 ReleaseActCtx
0x8620bc GetFileSizeEx
0x8620c0 SetThreadLocale
0x8620c4 GetProcAddress
0x8620c8 SetComputerNameA
0x8620cc EnterCriticalSection
0x8620d0 SearchPathA
0x8620d4 BuildCommDCBW
0x8620d8 OpenWaitableTimerA
0x8620dc GetLocalTime
0x8620e0 GetConsoleScreenBufferInfo
0x8620e4 IsSystemResumeAutomatic
0x8620e8 SetConsoleCtrlHandler
0x8620ec WriteProfileSectionW
0x8620f0 FindAtomA
0x8620f4 GetTapeParameters
0x8620f8 EnumResourceTypesW
0x8620fc SetConsoleCursorInfo
0x862100 GetConsoleTitleW
0x862104 GetCurrentDirectoryA
0x862108 CompareStringA
0x86210c GetConsoleCursorInfo
0x862110 SetThreadAffinityMask
0x862114 GetVersionExA
0x862118 DeleteFileW
0x86211c InterlockedPushEntrySList
0x862120 GetProfileSectionW
0x862124 CopyFileExA
0x862128 AreFileApisANSI
0x86212c GetVolumeInformationW
0x862130 GetModuleHandleA
0x862134 FlushFileBuffers
0x862138 GetStartupInfoA
0x86213c HeapValidate
0x862140 IsBadReadPtr
0x862144 RaiseException
0x862148 DeleteCriticalSection
0x86214c LeaveCriticalSection
0x862150 GetModuleFileNameW
0x862154 SetUnhandledExceptionFilter
0x862158 QueryPerformanceCounter
0x86215c GetTickCount
0x862160 GetCurrentThreadId
0x862164 GetCurrentProcessId
0x862168 GetSystemTimeAsFileTime
0x86216c Sleep
0x862170 ExitProcess
0x862174 GetModuleFileNameA
0x862178 GetEnvironmentStrings
0x86217c FreeEnvironmentStringsW
0x862180 WideCharToMultiByte
0x862184 GetLastError
0x862188 GetEnvironmentStringsW
0x86218c SetHandleCount
0x862190 GetStdHandle
0x862194 GetFileType
0x862198 TlsAlloc
0x86219c TlsSetValue
0x8621a0 TlsFree
0x8621a4 SetLastError
0x8621a8 HeapDestroy
0x8621ac HeapCreate
0x8621b0 HeapFree
0x8621b4 VirtualFree
0x8621b8 HeapAlloc
0x8621bc GetCurrentProcess
0x8621c0 UnhandledExceptionFilter
0x8621c4 IsDebuggerPresent
0x8621c8 HeapSize
0x8621cc HeapReAlloc
0x8621d0 VirtualAlloc
0x8621d4 GetACP
0x8621d8 GetOEMCP
0x8621dc GetCPInfo
0x8621e0 IsValidCodePage
0x8621e4 RtlUnwind
0x8621e8 InitializeCriticalSectionAndSpinCount
0x8621ec DebugBreak
0x8621f0 OutputDebugStringA
0x8621f4 WriteConsoleW
0x8621f8 OutputDebugStringW
0x8621fc LoadLibraryA
0x862200 MultiByteToWideChar
0x862204 LCMapStringW
0x862208 GetStringTypeA
0x86220c GetStringTypeW
0x862210 GetLocaleInfoA
0x862214 SetFilePointer
0x862218 GetConsoleCP
0x86221c SetStdHandle
0x862220 WriteConsoleA
0x862224 CreateFileA
0x862228 CloseHandle
USER32.dll
0x862230 GetMenuInfo
0x862234 GetMessageTime
0x862238 GetMenuCheckMarkDimensions
EAT(Export Address Table) Library
0x857620 _CallPattern@8
KERNEL32.dll
0x862000 SetVolumeLabelA
0x862004 SearchPathW
0x862008 WriteConsoleInputW
0x86200c TlsGetValue
0x862010 GetProfileIntW
0x862014 MapUserPhysicalPages
0x862018 LoadResource
0x86201c InterlockedIncrement
0x862020 InterlockedDecrement
0x862024 ScrollConsoleScreenBufferW
0x862028 CreateDirectoryW
0x86202c GetComputerNameW
0x862030 GetCommProperties
0x862034 FreeEnvironmentStringsA
0x862038 GetModuleHandleW
0x86203c CreateNamedPipeW
0x862040 LocalFlags
0x862044 GetConsoleAliasesLengthA
0x862048 GetPrivateProfileStringW
0x86204c GetWindowsDirectoryA
0x862050 WriteFile
0x862054 SetCommState
0x862058 GetCommandLineA
0x86205c GetSystemWow64DirectoryA
0x862060 WriteFileGather
0x862064 CreateDirectoryExW
0x862068 SetProcessPriorityBoost
0x86206c FindResourceExA
0x862070 GlobalAlloc
0x862074 LoadLibraryW
0x862078 GetConsoleMode
0x86207c GetCalendarInfoA
0x862080 SetSystemTimeAdjustment
0x862084 GetSystemWindowsDirectoryA
0x862088 SetConsoleCursorPosition
0x86208c VerifyVersionInfoA
0x862090 TerminateProcess
0x862094 IsDBCSLeadByte
0x862098 GetBinaryTypeW
0x86209c GetOverlappedResult
0x8620a0 lstrlenW
0x8620a4 SetConsoleTitleA
0x8620a8 GlobalUnlock
0x8620ac LCMapStringA
0x8620b0 GetConsoleOutputCP
0x8620b4 InterlockedExchange
0x8620b8 ReleaseActCtx
0x8620bc GetFileSizeEx
0x8620c0 SetThreadLocale
0x8620c4 GetProcAddress
0x8620c8 SetComputerNameA
0x8620cc EnterCriticalSection
0x8620d0 SearchPathA
0x8620d4 BuildCommDCBW
0x8620d8 OpenWaitableTimerA
0x8620dc GetLocalTime
0x8620e0 GetConsoleScreenBufferInfo
0x8620e4 IsSystemResumeAutomatic
0x8620e8 SetConsoleCtrlHandler
0x8620ec WriteProfileSectionW
0x8620f0 FindAtomA
0x8620f4 GetTapeParameters
0x8620f8 EnumResourceTypesW
0x8620fc SetConsoleCursorInfo
0x862100 GetConsoleTitleW
0x862104 GetCurrentDirectoryA
0x862108 CompareStringA
0x86210c GetConsoleCursorInfo
0x862110 SetThreadAffinityMask
0x862114 GetVersionExA
0x862118 DeleteFileW
0x86211c InterlockedPushEntrySList
0x862120 GetProfileSectionW
0x862124 CopyFileExA
0x862128 AreFileApisANSI
0x86212c GetVolumeInformationW
0x862130 GetModuleHandleA
0x862134 FlushFileBuffers
0x862138 GetStartupInfoA
0x86213c HeapValidate
0x862140 IsBadReadPtr
0x862144 RaiseException
0x862148 DeleteCriticalSection
0x86214c LeaveCriticalSection
0x862150 GetModuleFileNameW
0x862154 SetUnhandledExceptionFilter
0x862158 QueryPerformanceCounter
0x86215c GetTickCount
0x862160 GetCurrentThreadId
0x862164 GetCurrentProcessId
0x862168 GetSystemTimeAsFileTime
0x86216c Sleep
0x862170 ExitProcess
0x862174 GetModuleFileNameA
0x862178 GetEnvironmentStrings
0x86217c FreeEnvironmentStringsW
0x862180 WideCharToMultiByte
0x862184 GetLastError
0x862188 GetEnvironmentStringsW
0x86218c SetHandleCount
0x862190 GetStdHandle
0x862194 GetFileType
0x862198 TlsAlloc
0x86219c TlsSetValue
0x8621a0 TlsFree
0x8621a4 SetLastError
0x8621a8 HeapDestroy
0x8621ac HeapCreate
0x8621b0 HeapFree
0x8621b4 VirtualFree
0x8621b8 HeapAlloc
0x8621bc GetCurrentProcess
0x8621c0 UnhandledExceptionFilter
0x8621c4 IsDebuggerPresent
0x8621c8 HeapSize
0x8621cc HeapReAlloc
0x8621d0 VirtualAlloc
0x8621d4 GetACP
0x8621d8 GetOEMCP
0x8621dc GetCPInfo
0x8621e0 IsValidCodePage
0x8621e4 RtlUnwind
0x8621e8 InitializeCriticalSectionAndSpinCount
0x8621ec DebugBreak
0x8621f0 OutputDebugStringA
0x8621f4 WriteConsoleW
0x8621f8 OutputDebugStringW
0x8621fc LoadLibraryA
0x862200 MultiByteToWideChar
0x862204 LCMapStringW
0x862208 GetStringTypeA
0x86220c GetStringTypeW
0x862210 GetLocaleInfoA
0x862214 SetFilePointer
0x862218 GetConsoleCP
0x86221c SetStdHandle
0x862220 WriteConsoleA
0x862224 CreateFileA
0x862228 CloseHandle
USER32.dll
0x862230 GetMenuInfo
0x862234 GetMessageTime
0x862238 GetMenuCheckMarkDimensions
EAT(Export Address Table) Library
0x857620 _CallPattern@8