ScreenShot
| Created | 2021.06.24 20:01 | Machine | s1_win7_x6401 |
| Filename | proxy-NSFS-setup.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 700fedb3a0a3fa5e6d74dbb16b909d47 | ||
| sha256 | 0d08230ed56d3391dc2eaae90e49e5c4ad3be5adffc25dbb177b840b9c035cb8 | ||
| ssdeep | 98304:QaGu+wGRJP6w6N1mB0H6pSNsrnnbODj1htz+69LuQa6al:QakRR16wqQ0/NsTnIfMwLA | ||
| imphash | 8e7bfbaa758514d278c068fc8527d288 | ||
| impfuzzy | 48:RK1bODAYmpdbXAZ0alpoX/OQ9YKOUaE8cRhV8+opeLXvGBg:xEvzbXAOavoX/+KaE8cRhV8+2eLXB | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x861000 SetVolumeLabelA
0x861004 GetFileSize
0x861008 SearchPathW
0x86100c WriteConsoleInputW
0x861010 TlsGetValue
0x861014 GetProfileIntW
0x861018 MapUserPhysicalPages
0x86101c LoadResource
0x861020 InterlockedIncrement
0x861024 InterlockedDecrement
0x861028 ScrollConsoleScreenBufferW
0x86102c CreateDirectoryW
0x861030 GetComputerNameW
0x861034 GetCommProperties
0x861038 FreeEnvironmentStringsA
0x86103c GetProcessPriorityBoost
0x861040 GetModuleHandleW
0x861044 CreateNamedPipeW
0x861048 LocalFlags
0x86104c GetConsoleAliasesLengthA
0x861050 GetPrivateProfileStringW
0x861054 GetWindowsDirectoryA
0x861058 WriteFile
0x86105c SetCommState
0x861060 GetCommandLineA
0x861064 GetSystemWow64DirectoryA
0x861068 WriteFileGather
0x86106c CreateDirectoryExW
0x861070 FindResourceExA
0x861074 GlobalAlloc
0x861078 LoadLibraryW
0x86107c GetConsoleMode
0x861080 GetCalendarInfoA
0x861084 SetSystemTimeAdjustment
0x861088 GetSystemWindowsDirectoryA
0x86108c SetConsoleCursorPosition
0x861090 VerifyVersionInfoA
0x861094 TerminateProcess
0x861098 IsDBCSLeadByte
0x86109c GetBinaryTypeW
0x8610a0 GetOverlappedResult
0x8610a4 lstrlenW
0x8610a8 SetConsoleTitleA
0x8610ac GlobalUnlock
0x8610b0 LCMapStringA
0x8610b4 GetConsoleOutputCP
0x8610b8 InterlockedExchange
0x8610bc ReleaseActCtx
0x8610c0 SetThreadLocale
0x8610c4 GetProcAddress
0x8610c8 SetComputerNameA
0x8610cc EnterCriticalSection
0x8610d0 SearchPathA
0x8610d4 BuildCommDCBW
0x8610d8 GetLocalTime
0x8610dc OpenWaitableTimerW
0x8610e0 GetConsoleScreenBufferInfo
0x8610e4 IsSystemResumeAutomatic
0x8610e8 SetConsoleCtrlHandler
0x8610ec WriteProfileSectionW
0x8610f0 FindAtomA
0x8610f4 GetTapeParameters
0x8610f8 EnumResourceTypesW
0x8610fc SetConsoleCursorInfo
0x861100 GetConsoleTitleW
0x861104 GetCurrentDirectoryA
0x861108 CompareStringA
0x86110c GetConsoleCursorInfo
0x861110 SetThreadAffinityMask
0x861114 GetVersionExA
0x861118 DeleteFileW
0x86111c InterlockedPushEntrySList
0x861120 GetProfileSectionW
0x861124 CopyFileExA
0x861128 AreFileApisANSI
0x86112c GetVolumeInformationW
0x861130 FlushFileBuffers
0x861134 GetModuleHandleA
0x861138 GetLastError
0x86113c DeleteFileA
0x861140 GetStartupInfoA
0x861144 HeapValidate
0x861148 IsBadReadPtr
0x86114c RaiseException
0x861150 DeleteCriticalSection
0x861154 LeaveCriticalSection
0x861158 GetModuleFileNameW
0x86115c SetUnhandledExceptionFilter
0x861160 QueryPerformanceCounter
0x861164 GetTickCount
0x861168 GetCurrentThreadId
0x86116c GetCurrentProcessId
0x861170 GetSystemTimeAsFileTime
0x861174 Sleep
0x861178 ExitProcess
0x86117c GetModuleFileNameA
0x861180 GetEnvironmentStrings
0x861184 FreeEnvironmentStringsW
0x861188 WideCharToMultiByte
0x86118c GetEnvironmentStringsW
0x861190 SetHandleCount
0x861194 GetStdHandle
0x861198 GetFileType
0x86119c TlsAlloc
0x8611a0 TlsSetValue
0x8611a4 TlsFree
0x8611a8 SetLastError
0x8611ac HeapDestroy
0x8611b0 HeapCreate
0x8611b4 HeapFree
0x8611b8 VirtualFree
0x8611bc HeapAlloc
0x8611c0 GetCurrentProcess
0x8611c4 UnhandledExceptionFilter
0x8611c8 IsDebuggerPresent
0x8611cc HeapSize
0x8611d0 HeapReAlloc
0x8611d4 VirtualAlloc
0x8611d8 GetACP
0x8611dc GetOEMCP
0x8611e0 GetCPInfo
0x8611e4 IsValidCodePage
0x8611e8 RtlUnwind
0x8611ec InitializeCriticalSectionAndSpinCount
0x8611f0 DebugBreak
0x8611f4 OutputDebugStringA
0x8611f8 WriteConsoleW
0x8611fc OutputDebugStringW
0x861200 LoadLibraryA
0x861204 MultiByteToWideChar
0x861208 LCMapStringW
0x86120c GetStringTypeA
0x861210 GetStringTypeW
0x861214 GetLocaleInfoA
0x861218 SetFilePointer
0x86121c GetConsoleCP
0x861220 SetStdHandle
0x861224 WriteConsoleA
0x861228 CreateFileA
0x86122c CloseHandle
USER32.dll
0x861234 GetMenuInfo
0x861238 GetMessageTime
0x86123c GetMenuCheckMarkDimensions
EAT(Export Address Table) Library
0x8574b0 _CallPattern@8
KERNEL32.dll
0x861000 SetVolumeLabelA
0x861004 GetFileSize
0x861008 SearchPathW
0x86100c WriteConsoleInputW
0x861010 TlsGetValue
0x861014 GetProfileIntW
0x861018 MapUserPhysicalPages
0x86101c LoadResource
0x861020 InterlockedIncrement
0x861024 InterlockedDecrement
0x861028 ScrollConsoleScreenBufferW
0x86102c CreateDirectoryW
0x861030 GetComputerNameW
0x861034 GetCommProperties
0x861038 FreeEnvironmentStringsA
0x86103c GetProcessPriorityBoost
0x861040 GetModuleHandleW
0x861044 CreateNamedPipeW
0x861048 LocalFlags
0x86104c GetConsoleAliasesLengthA
0x861050 GetPrivateProfileStringW
0x861054 GetWindowsDirectoryA
0x861058 WriteFile
0x86105c SetCommState
0x861060 GetCommandLineA
0x861064 GetSystemWow64DirectoryA
0x861068 WriteFileGather
0x86106c CreateDirectoryExW
0x861070 FindResourceExA
0x861074 GlobalAlloc
0x861078 LoadLibraryW
0x86107c GetConsoleMode
0x861080 GetCalendarInfoA
0x861084 SetSystemTimeAdjustment
0x861088 GetSystemWindowsDirectoryA
0x86108c SetConsoleCursorPosition
0x861090 VerifyVersionInfoA
0x861094 TerminateProcess
0x861098 IsDBCSLeadByte
0x86109c GetBinaryTypeW
0x8610a0 GetOverlappedResult
0x8610a4 lstrlenW
0x8610a8 SetConsoleTitleA
0x8610ac GlobalUnlock
0x8610b0 LCMapStringA
0x8610b4 GetConsoleOutputCP
0x8610b8 InterlockedExchange
0x8610bc ReleaseActCtx
0x8610c0 SetThreadLocale
0x8610c4 GetProcAddress
0x8610c8 SetComputerNameA
0x8610cc EnterCriticalSection
0x8610d0 SearchPathA
0x8610d4 BuildCommDCBW
0x8610d8 GetLocalTime
0x8610dc OpenWaitableTimerW
0x8610e0 GetConsoleScreenBufferInfo
0x8610e4 IsSystemResumeAutomatic
0x8610e8 SetConsoleCtrlHandler
0x8610ec WriteProfileSectionW
0x8610f0 FindAtomA
0x8610f4 GetTapeParameters
0x8610f8 EnumResourceTypesW
0x8610fc SetConsoleCursorInfo
0x861100 GetConsoleTitleW
0x861104 GetCurrentDirectoryA
0x861108 CompareStringA
0x86110c GetConsoleCursorInfo
0x861110 SetThreadAffinityMask
0x861114 GetVersionExA
0x861118 DeleteFileW
0x86111c InterlockedPushEntrySList
0x861120 GetProfileSectionW
0x861124 CopyFileExA
0x861128 AreFileApisANSI
0x86112c GetVolumeInformationW
0x861130 FlushFileBuffers
0x861134 GetModuleHandleA
0x861138 GetLastError
0x86113c DeleteFileA
0x861140 GetStartupInfoA
0x861144 HeapValidate
0x861148 IsBadReadPtr
0x86114c RaiseException
0x861150 DeleteCriticalSection
0x861154 LeaveCriticalSection
0x861158 GetModuleFileNameW
0x86115c SetUnhandledExceptionFilter
0x861160 QueryPerformanceCounter
0x861164 GetTickCount
0x861168 GetCurrentThreadId
0x86116c GetCurrentProcessId
0x861170 GetSystemTimeAsFileTime
0x861174 Sleep
0x861178 ExitProcess
0x86117c GetModuleFileNameA
0x861180 GetEnvironmentStrings
0x861184 FreeEnvironmentStringsW
0x861188 WideCharToMultiByte
0x86118c GetEnvironmentStringsW
0x861190 SetHandleCount
0x861194 GetStdHandle
0x861198 GetFileType
0x86119c TlsAlloc
0x8611a0 TlsSetValue
0x8611a4 TlsFree
0x8611a8 SetLastError
0x8611ac HeapDestroy
0x8611b0 HeapCreate
0x8611b4 HeapFree
0x8611b8 VirtualFree
0x8611bc HeapAlloc
0x8611c0 GetCurrentProcess
0x8611c4 UnhandledExceptionFilter
0x8611c8 IsDebuggerPresent
0x8611cc HeapSize
0x8611d0 HeapReAlloc
0x8611d4 VirtualAlloc
0x8611d8 GetACP
0x8611dc GetOEMCP
0x8611e0 GetCPInfo
0x8611e4 IsValidCodePage
0x8611e8 RtlUnwind
0x8611ec InitializeCriticalSectionAndSpinCount
0x8611f0 DebugBreak
0x8611f4 OutputDebugStringA
0x8611f8 WriteConsoleW
0x8611fc OutputDebugStringW
0x861200 LoadLibraryA
0x861204 MultiByteToWideChar
0x861208 LCMapStringW
0x86120c GetStringTypeA
0x861210 GetStringTypeW
0x861214 GetLocaleInfoA
0x861218 SetFilePointer
0x86121c GetConsoleCP
0x861220 SetStdHandle
0x861224 WriteConsoleA
0x861228 CreateFileA
0x86122c CloseHandle
USER32.dll
0x861234 GetMenuInfo
0x861238 GetMessageTime
0x86123c GetMenuCheckMarkDimensions
EAT(Export Address Table) Library
0x8574b0 _CallPattern@8