ScreenShot
| Created | 2021.06.24 20:48 | Machine | s1_win7_x6401 |
| Filename | Update.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 36 detected (AIDetect, malware2, malicious, high confidence, kuW@ayYTstli, Unsafe, Save, Tinukebot, Attribute, HighConfidence, Wonton, AGEN, ai score=89, Glupteba, score, BScope, Static AI, Malicious PE, susgen, FileRepMalware, confidence) | ||
| md5 | 95d4eaa382bb065dc3902628ba72f070 | ||
| sha256 | 5523754a38cf328d55671e6a46e74e5ed87207d00c04a20b6820f4bf92ad2fc8 | ||
| ssdeep | 3072:DbUrZrU+8VWAb6pGiPt74HGpHJ6Us3cYmwlY2ELOAg0FujryI95eZ:P56pGgsHGTwckvAOvl9I | ||
| imphash | 68589802667f5968c6f955531807dfa6 | ||
| impfuzzy | 48:WSX1liBjgZGp/bWx/cO5tQS1C7rxXpus4KQn6GXiSRjyzvrzwt8tCjz5L54HULPT:jXPjGp/Kx/cO5tQS1C7VX/wyXk9udW | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| danger | File has been identified by 36 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41d03c Sleep
0x41d040 CreateThread
0x41d044 TerminateThread
0x41d048 ResumeThread
0x41d04c CreateProcessA
0x41d050 GetThreadContext
0x41d054 SetThreadContext
0x41d058 GetWindowsDirectoryA
0x41d05c GetVersionExA
0x41d060 GetNativeSystemInfo
0x41d064 VirtualAllocEx
0x41d068 WriteProcessMemory
0x41d06c IsWow64Process
0x41d070 GetModuleHandleA
0x41d074 GetProcAddress
0x41d078 LoadResource
0x41d07c LockResource
0x41d080 SizeofResource
0x41d084 LoadLibraryA
0x41d088 LocalAlloc
0x41d08c lstrcmpA
0x41d090 lstrcpyA
0x41d094 lstrcatA
0x41d098 lstrlenA
0x41d09c FindResourceA
0x41d0a0 CopyFileA
0x41d0a4 CreateFileW
0x41d0a8 WaitForSingleObject
0x41d0ac GetProcessHeap
0x41d0b0 FreeEnvironmentStringsW
0x41d0b4 GetEnvironmentStringsW
0x41d0b8 GetCommandLineW
0x41d0bc GetCommandLineA
0x41d0c0 GetOEMCP
0x41d0c4 GetACP
0x41d0c8 IsValidCodePage
0x41d0cc FindNextFileW
0x41d0d0 FindFirstFileExW
0x41d0d4 FindClose
0x41d0d8 HeapSize
0x41d0dc ReadConsoleW
0x41d0e0 SetFilePointerEx
0x41d0e4 GetFileSizeEx
0x41d0e8 GetConsoleMode
0x41d0ec GetConsoleOutputCP
0x41d0f0 FlushFileBuffers
0x41d0f4 GetFileType
0x41d0f8 EnumSystemLocalesW
0x41d0fc GetUserDefaultLCID
0x41d100 IsValidLocale
0x41d104 GetLocaleInfoW
0x41d108 LCMapStringW
0x41d10c DeleteCriticalSection
0x41d110 InitializeCriticalSectionEx
0x41d114 GetLastError
0x41d118 RaiseException
0x41d11c CloseHandle
0x41d120 DecodePointer
0x41d124 GetVolumeInformationA
0x41d128 GetTempPathA
0x41d12c GetFileSize
0x41d130 ReadFile
0x41d134 FindNextFileA
0x41d138 FindFirstFileA
0x41d13c CreateFileA
0x41d140 SetStdHandle
0x41d144 CreateDirectoryA
0x41d148 HeapReAlloc
0x41d14c HeapAlloc
0x41d150 WriteConsoleW
0x41d154 HeapFree
0x41d158 WriteFile
0x41d15c GetStdHandle
0x41d160 GetModuleFileNameW
0x41d164 GetModuleHandleExW
0x41d168 ExitProcess
0x41d16c LoadLibraryExW
0x41d170 FreeLibrary
0x41d174 TlsFree
0x41d178 EncodePointer
0x41d17c EnterCriticalSection
0x41d180 LeaveCriticalSection
0x41d184 MultiByteToWideChar
0x41d188 WideCharToMultiByte
0x41d18c LCMapStringEx
0x41d190 GetStringTypeW
0x41d194 GetCPInfo
0x41d198 IsDebuggerPresent
0x41d19c OutputDebugStringW
0x41d1a0 IsProcessorFeaturePresent
0x41d1a4 UnhandledExceptionFilter
0x41d1a8 SetUnhandledExceptionFilter
0x41d1ac GetStartupInfoW
0x41d1b0 GetModuleHandleW
0x41d1b4 GetCurrentProcess
0x41d1b8 TerminateProcess
0x41d1bc QueryPerformanceCounter
0x41d1c0 GetCurrentProcessId
0x41d1c4 GetCurrentThreadId
0x41d1c8 GetSystemTimeAsFileTime
0x41d1cc InitializeSListHead
0x41d1d0 RtlUnwind
0x41d1d4 SetLastError
0x41d1d8 InitializeCriticalSectionAndSpinCount
0x41d1dc TlsAlloc
0x41d1e0 TlsGetValue
0x41d1e4 TlsSetValue
USER32.dll
0x41d200 SetThreadDesktop
0x41d204 PrintWindow
0x41d208 OpenDesktopA
0x41d20c CreateDesktopA
0x41d210 wsprintfA
0x41d214 PostMessageA
0x41d218 SendMessageA
0x41d21c MoveWindow
0x41d220 RealGetWindowClassA
0x41d224 GetWindow
0x41d228 GetWindowThreadProcessId
0x41d22c GetTopWindow
0x41d230 FindWindowA
0x41d234 GetDesktopWindow
0x41d238 SetWindowLongA
0x41d23c GetWindowLongA
0x41d240 PtInRect
0x41d244 ChildWindowFromPoint
0x41d248 WindowFromPoint
0x41d24c ScreenToClient
0x41d250 GetWindowRect
0x41d254 ReleaseDC
0x41d258 GetDC
0x41d25c MenuItemFromPoint
0x41d260 GetMenuItemID
0x41d264 IsWindowVisible
0x41d268 GetWindowPlacement
GDI32.dll
0x41d014 SetStretchBltMode
0x41d018 StretchBlt
0x41d01c SelectObject
0x41d020 GetDIBits
0x41d024 DeleteObject
0x41d028 DeleteDC
0x41d02c CreateCompatibleDC
0x41d030 CreateCompatibleBitmap
0x41d034 BitBlt
ADVAPI32.dll
0x41d000 RegQueryValueExA
0x41d004 RegOpenKeyExA
0x41d008 RegCloseKey
0x41d00c RegSetValueExA
SHELL32.dll
0x41d1ec SHGetFolderPathA
0x41d1f0 SHAppBarMessage
SHLWAPI.dll
0x41d1f8 StrStrA
WS2_32.dll
0x41d270 connect
0x41d274 htons
0x41d278 recv
0x41d27c send
0x41d280 socket
0x41d284 gethostbyname
0x41d288 WSAStartup
ntdll.dll
0x41d290 NtQueryInformationProcess
EAT(Export Address Table) is none
KERNEL32.dll
0x41d03c Sleep
0x41d040 CreateThread
0x41d044 TerminateThread
0x41d048 ResumeThread
0x41d04c CreateProcessA
0x41d050 GetThreadContext
0x41d054 SetThreadContext
0x41d058 GetWindowsDirectoryA
0x41d05c GetVersionExA
0x41d060 GetNativeSystemInfo
0x41d064 VirtualAllocEx
0x41d068 WriteProcessMemory
0x41d06c IsWow64Process
0x41d070 GetModuleHandleA
0x41d074 GetProcAddress
0x41d078 LoadResource
0x41d07c LockResource
0x41d080 SizeofResource
0x41d084 LoadLibraryA
0x41d088 LocalAlloc
0x41d08c lstrcmpA
0x41d090 lstrcpyA
0x41d094 lstrcatA
0x41d098 lstrlenA
0x41d09c FindResourceA
0x41d0a0 CopyFileA
0x41d0a4 CreateFileW
0x41d0a8 WaitForSingleObject
0x41d0ac GetProcessHeap
0x41d0b0 FreeEnvironmentStringsW
0x41d0b4 GetEnvironmentStringsW
0x41d0b8 GetCommandLineW
0x41d0bc GetCommandLineA
0x41d0c0 GetOEMCP
0x41d0c4 GetACP
0x41d0c8 IsValidCodePage
0x41d0cc FindNextFileW
0x41d0d0 FindFirstFileExW
0x41d0d4 FindClose
0x41d0d8 HeapSize
0x41d0dc ReadConsoleW
0x41d0e0 SetFilePointerEx
0x41d0e4 GetFileSizeEx
0x41d0e8 GetConsoleMode
0x41d0ec GetConsoleOutputCP
0x41d0f0 FlushFileBuffers
0x41d0f4 GetFileType
0x41d0f8 EnumSystemLocalesW
0x41d0fc GetUserDefaultLCID
0x41d100 IsValidLocale
0x41d104 GetLocaleInfoW
0x41d108 LCMapStringW
0x41d10c DeleteCriticalSection
0x41d110 InitializeCriticalSectionEx
0x41d114 GetLastError
0x41d118 RaiseException
0x41d11c CloseHandle
0x41d120 DecodePointer
0x41d124 GetVolumeInformationA
0x41d128 GetTempPathA
0x41d12c GetFileSize
0x41d130 ReadFile
0x41d134 FindNextFileA
0x41d138 FindFirstFileA
0x41d13c CreateFileA
0x41d140 SetStdHandle
0x41d144 CreateDirectoryA
0x41d148 HeapReAlloc
0x41d14c HeapAlloc
0x41d150 WriteConsoleW
0x41d154 HeapFree
0x41d158 WriteFile
0x41d15c GetStdHandle
0x41d160 GetModuleFileNameW
0x41d164 GetModuleHandleExW
0x41d168 ExitProcess
0x41d16c LoadLibraryExW
0x41d170 FreeLibrary
0x41d174 TlsFree
0x41d178 EncodePointer
0x41d17c EnterCriticalSection
0x41d180 LeaveCriticalSection
0x41d184 MultiByteToWideChar
0x41d188 WideCharToMultiByte
0x41d18c LCMapStringEx
0x41d190 GetStringTypeW
0x41d194 GetCPInfo
0x41d198 IsDebuggerPresent
0x41d19c OutputDebugStringW
0x41d1a0 IsProcessorFeaturePresent
0x41d1a4 UnhandledExceptionFilter
0x41d1a8 SetUnhandledExceptionFilter
0x41d1ac GetStartupInfoW
0x41d1b0 GetModuleHandleW
0x41d1b4 GetCurrentProcess
0x41d1b8 TerminateProcess
0x41d1bc QueryPerformanceCounter
0x41d1c0 GetCurrentProcessId
0x41d1c4 GetCurrentThreadId
0x41d1c8 GetSystemTimeAsFileTime
0x41d1cc InitializeSListHead
0x41d1d0 RtlUnwind
0x41d1d4 SetLastError
0x41d1d8 InitializeCriticalSectionAndSpinCount
0x41d1dc TlsAlloc
0x41d1e0 TlsGetValue
0x41d1e4 TlsSetValue
USER32.dll
0x41d200 SetThreadDesktop
0x41d204 PrintWindow
0x41d208 OpenDesktopA
0x41d20c CreateDesktopA
0x41d210 wsprintfA
0x41d214 PostMessageA
0x41d218 SendMessageA
0x41d21c MoveWindow
0x41d220 RealGetWindowClassA
0x41d224 GetWindow
0x41d228 GetWindowThreadProcessId
0x41d22c GetTopWindow
0x41d230 FindWindowA
0x41d234 GetDesktopWindow
0x41d238 SetWindowLongA
0x41d23c GetWindowLongA
0x41d240 PtInRect
0x41d244 ChildWindowFromPoint
0x41d248 WindowFromPoint
0x41d24c ScreenToClient
0x41d250 GetWindowRect
0x41d254 ReleaseDC
0x41d258 GetDC
0x41d25c MenuItemFromPoint
0x41d260 GetMenuItemID
0x41d264 IsWindowVisible
0x41d268 GetWindowPlacement
GDI32.dll
0x41d014 SetStretchBltMode
0x41d018 StretchBlt
0x41d01c SelectObject
0x41d020 GetDIBits
0x41d024 DeleteObject
0x41d028 DeleteDC
0x41d02c CreateCompatibleDC
0x41d030 CreateCompatibleBitmap
0x41d034 BitBlt
ADVAPI32.dll
0x41d000 RegQueryValueExA
0x41d004 RegOpenKeyExA
0x41d008 RegCloseKey
0x41d00c RegSetValueExA
SHELL32.dll
0x41d1ec SHGetFolderPathA
0x41d1f0 SHAppBarMessage
SHLWAPI.dll
0x41d1f8 StrStrA
WS2_32.dll
0x41d270 connect
0x41d274 htons
0x41d278 recv
0x41d27c send
0x41d280 socket
0x41d284 gethostbyname
0x41d288 WSAStartup
ntdll.dll
0x41d290 NtQueryInformationProcess
EAT(Export Address Table) is none