ScreenShot
| Created | 2021.06.25 10:19 | Machine | s1_win7_x6402 |
| Filename | %E5%AF%86%E7%A0%81%E4%BF%9D%E6%8A%A4%E5%8D%87%E7%BA%A7.bat | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 22 detected (malicious, high confidence, Gh0stRAT, Unsafe, score, Lotok, Static AI, Suspicious PE, kcloud, Wacatac, Artemis, Kryptik, CLASSIC, Farfli, HFPG, ZexaE, hq0@aSQ9enhb, confidence, susgen) | ||
| md5 | 93340c5fe915ca0a843a38fb9d993e25 | ||
| sha256 | cb1b5642d56aedff09b5eb8368bf54d2ec8a710de5f7cfcfb7fdc6148619dfd8 | ||
| ssdeep | 1536:guAlzmP4NK3jfWPd72JQzVOfgoYYkxP8ZSa6THmQQ:qlzkQz+goY9hTHDQ | ||
| imphash | 5e28e8c55e4358183cbc87d95645cab2 | ||
| impfuzzy | 48:o1IEDCRQfQSjFGLGiMcTJT5AX0ZfcYY3rrPx+x02GxhfqAXXqdRIGT+E45PCHXbu:oTCRQfhGLmYTxUHrJ+RGzqAXXmRS | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Foreign language identified in PE resource |
| notice | Repeatedly searches for a not-found process |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| info | Checks amount of memory in system |
| info | The executable uses a known packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
MFC42.DLL
0x409084 None
0x409088 None
0x40908c None
0x409090 None
0x409094 None
0x409098 None
0x40909c None
0x4090a0 None
0x4090a4 None
0x4090a8 None
0x4090ac None
0x4090b0 None
0x4090b4 None
0x4090b8 None
0x4090bc None
0x4090c0 None
0x4090c4 None
0x4090c8 None
0x4090cc None
0x4090d0 None
0x4090d4 None
0x4090d8 None
0x4090dc None
0x4090e0 None
0x4090e4 None
0x4090e8 None
0x4090ec None
0x4090f0 None
0x4090f4 None
0x4090f8 None
0x4090fc None
0x409100 None
0x409104 None
0x409108 None
0x40910c None
0x409110 None
0x409114 None
0x409118 None
0x40911c None
0x409120 None
0x409124 None
0x409128 None
0x40912c None
0x409130 None
0x409134 None
0x409138 None
0x40913c None
0x409140 None
0x409144 None
0x409148 None
0x40914c None
0x409150 None
0x409154 None
0x409158 None
0x40915c None
0x409160 None
0x409164 None
0x409168 None
0x40916c None
0x409170 None
0x409174 None
0x409178 None
0x40917c None
0x409180 None
0x409184 None
0x409188 None
0x40918c None
0x409190 None
0x409194 None
0x409198 None
0x40919c None
0x4091a0 None
0x4091a4 None
0x4091a8 None
0x4091ac None
0x4091b0 None
0x4091b4 None
0x4091b8 None
0x4091bc None
0x4091c0 None
0x4091c4 None
0x4091c8 None
0x4091cc None
0x4091d0 None
0x4091d4 None
0x4091d8 None
0x4091dc None
0x4091e0 None
0x4091e4 None
0x4091e8 None
0x4091ec None
0x4091f0 None
0x4091f4 None
0x4091f8 None
0x4091fc None
0x409200 None
0x409204 None
0x409208 None
0x40920c None
0x409210 None
0x409214 None
0x409218 None
0x40921c None
0x409220 None
0x409224 None
0x409228 None
0x40922c None
0x409230 None
0x409234 None
0x409238 None
0x40923c None
0x409240 None
0x409244 None
0x409248 None
0x40924c None
0x409250 None
0x409254 None
0x409258 None
0x40925c None
0x409260 None
0x409264 None
0x409268 None
0x40926c None
0x409270 None
0x409274 None
0x409278 None
0x40927c None
0x409280 None
0x409284 None
0x409288 None
0x40928c None
0x409290 None
0x409294 None
0x409298 None
0x40929c None
0x4092a0 None
0x4092a4 None
0x4092a8 None
0x4092ac None
0x4092b0 None
0x4092b4 None
0x4092b8 None
0x4092bc None
0x4092c0 None
0x4092c4 None
0x4092c8 None
0x4092cc None
0x4092d0 None
0x4092d4 None
0x4092d8 None
0x4092dc None
0x4092e0 None
0x4092e4 None
0x4092e8 None
0x4092ec None
0x4092f0 None
0x4092f4 None
0x4092f8 None
0x4092fc None
0x409300 None
0x409304 None
0x409308 None
0x40930c None
0x409310 None
0x409314 None
0x409318 None
0x40931c None
0x409320 None
0x409324 None
0x409328 None
0x40932c None
0x409330 None
0x409334 None
0x409338 None
0x40933c None
0x409340 None
0x409344 None
0x409348 None
0x40934c None
0x409350 None
0x409354 None
0x409358 None
0x40935c None
0x409360 None
0x409364 None
0x409368 None
0x40936c None
0x409370 None
0x409374 None
0x409378 None
0x40937c None
0x409380 None
0x409384 None
0x409388 None
0x40938c None
0x409390 None
0x409394 None
0x409398 None
0x40939c None
0x4093a0 None
0x4093a4 None
0x4093a8 None
0x4093ac None
0x4093b0 None
0x4093b4 None
0x4093b8 None
0x4093bc None
0x4093c0 None
0x4093c4 None
0x4093c8 None
0x4093cc None
0x4093d0 None
0x4093d4 None
0x4093d8 None
0x4093dc None
0x4093e0 None
0x4093e4 None
0x4093e8 None
0x4093ec None
0x4093f0 None
0x4093f4 None
0x4093f8 None
0x4093fc None
0x409400 None
0x409404 None
0x409408 None
0x40940c None
MSVCRT.dll
0x409414 _except_handler3
0x409418 __set_app_type
0x40941c __p__fmode
0x409420 __p__commode
0x409424 _adjust_fdiv
0x409428 __setusermatherr
0x40942c _initterm
0x409430 _setmbcp
0x409434 _ftol
0x409438 _purecall
0x40943c __CxxFrameHandler
0x409440 rand
0x409444 _CIfmod
0x409448 _CIacos
0x40944c __RTDynamicCast
0x409450 free
0x409454 malloc
0x409458 _CxxThrowException
0x40945c _beginthreadex
0x409460 ??1type_info@@UAE@XZ
0x409464 __dllonexit
0x409468 _onexit
0x40946c __getmainargs
0x409470 _acmdln
0x409474 exit
0x409478 _XcptFilter
0x40947c _exit
0x409480 _controlfp
KERNEL32.dll
0x409038 GetStartupInfoA
0x40903c InterlockedExchange
0x409040 CreateEventA
0x409044 WaitForSingleObject
0x409048 SetEvent
0x40904c CreateToolhelp32Snapshot
0x409050 Process32First
0x409054 lstrcmpiA
0x409058 VirtualAlloc
0x40905c VirtualFree
0x409060 GetProcAddress
0x409064 GetModuleHandleA
0x409068 CloseHandle
0x40906c ExitProcess
0x409070 Sleep
0x409074 GetSystemInfo
0x409078 Process32Next
0x40907c GetLocalTime
USER32.dll
0x40949c TranslateMessage
0x4094a0 DispatchMessageA
0x4094a4 PeekMessageA
0x4094a8 EnableWindow
0x4094ac GetDC
0x4094b0 ReleaseDC
0x4094b4 SetRect
0x4094b8 UpdateWindow
0x4094bc IsWindow
0x4094c0 SendMessageA
0x4094c4 EqualRect
0x4094c8 IsWindowVisible
0x4094cc IntersectRect
0x4094d0 CopyRect
GDI32.dll
0x409008 GetTextExtentPoint32A
0x40900c GetDIBColorTable
0x409010 CreateCompatibleDC
0x409014 SelectObject
0x409018 CreateDIBSection
0x40901c GdiFlush
0x409020 GetDeviceCaps
0x409024 RealizePalette
0x409028 SetDIBitsToDevice
0x40902c DeleteObject
0x409030 CreatePalette
ADVAPI32.dll
0x409000 RegOpenKeyExA
MSVFW32.dll
0x409488 DrawDibSetPalette
0x40948c DrawDibRealize
0x409490 DrawDibDraw
0x409494 DrawDibClose
EAT(Export Address Table) is none
MFC42.DLL
0x409084 None
0x409088 None
0x40908c None
0x409090 None
0x409094 None
0x409098 None
0x40909c None
0x4090a0 None
0x4090a4 None
0x4090a8 None
0x4090ac None
0x4090b0 None
0x4090b4 None
0x4090b8 None
0x4090bc None
0x4090c0 None
0x4090c4 None
0x4090c8 None
0x4090cc None
0x4090d0 None
0x4090d4 None
0x4090d8 None
0x4090dc None
0x4090e0 None
0x4090e4 None
0x4090e8 None
0x4090ec None
0x4090f0 None
0x4090f4 None
0x4090f8 None
0x4090fc None
0x409100 None
0x409104 None
0x409108 None
0x40910c None
0x409110 None
0x409114 None
0x409118 None
0x40911c None
0x409120 None
0x409124 None
0x409128 None
0x40912c None
0x409130 None
0x409134 None
0x409138 None
0x40913c None
0x409140 None
0x409144 None
0x409148 None
0x40914c None
0x409150 None
0x409154 None
0x409158 None
0x40915c None
0x409160 None
0x409164 None
0x409168 None
0x40916c None
0x409170 None
0x409174 None
0x409178 None
0x40917c None
0x409180 None
0x409184 None
0x409188 None
0x40918c None
0x409190 None
0x409194 None
0x409198 None
0x40919c None
0x4091a0 None
0x4091a4 None
0x4091a8 None
0x4091ac None
0x4091b0 None
0x4091b4 None
0x4091b8 None
0x4091bc None
0x4091c0 None
0x4091c4 None
0x4091c8 None
0x4091cc None
0x4091d0 None
0x4091d4 None
0x4091d8 None
0x4091dc None
0x4091e0 None
0x4091e4 None
0x4091e8 None
0x4091ec None
0x4091f0 None
0x4091f4 None
0x4091f8 None
0x4091fc None
0x409200 None
0x409204 None
0x409208 None
0x40920c None
0x409210 None
0x409214 None
0x409218 None
0x40921c None
0x409220 None
0x409224 None
0x409228 None
0x40922c None
0x409230 None
0x409234 None
0x409238 None
0x40923c None
0x409240 None
0x409244 None
0x409248 None
0x40924c None
0x409250 None
0x409254 None
0x409258 None
0x40925c None
0x409260 None
0x409264 None
0x409268 None
0x40926c None
0x409270 None
0x409274 None
0x409278 None
0x40927c None
0x409280 None
0x409284 None
0x409288 None
0x40928c None
0x409290 None
0x409294 None
0x409298 None
0x40929c None
0x4092a0 None
0x4092a4 None
0x4092a8 None
0x4092ac None
0x4092b0 None
0x4092b4 None
0x4092b8 None
0x4092bc None
0x4092c0 None
0x4092c4 None
0x4092c8 None
0x4092cc None
0x4092d0 None
0x4092d4 None
0x4092d8 None
0x4092dc None
0x4092e0 None
0x4092e4 None
0x4092e8 None
0x4092ec None
0x4092f0 None
0x4092f4 None
0x4092f8 None
0x4092fc None
0x409300 None
0x409304 None
0x409308 None
0x40930c None
0x409310 None
0x409314 None
0x409318 None
0x40931c None
0x409320 None
0x409324 None
0x409328 None
0x40932c None
0x409330 None
0x409334 None
0x409338 None
0x40933c None
0x409340 None
0x409344 None
0x409348 None
0x40934c None
0x409350 None
0x409354 None
0x409358 None
0x40935c None
0x409360 None
0x409364 None
0x409368 None
0x40936c None
0x409370 None
0x409374 None
0x409378 None
0x40937c None
0x409380 None
0x409384 None
0x409388 None
0x40938c None
0x409390 None
0x409394 None
0x409398 None
0x40939c None
0x4093a0 None
0x4093a4 None
0x4093a8 None
0x4093ac None
0x4093b0 None
0x4093b4 None
0x4093b8 None
0x4093bc None
0x4093c0 None
0x4093c4 None
0x4093c8 None
0x4093cc None
0x4093d0 None
0x4093d4 None
0x4093d8 None
0x4093dc None
0x4093e0 None
0x4093e4 None
0x4093e8 None
0x4093ec None
0x4093f0 None
0x4093f4 None
0x4093f8 None
0x4093fc None
0x409400 None
0x409404 None
0x409408 None
0x40940c None
MSVCRT.dll
0x409414 _except_handler3
0x409418 __set_app_type
0x40941c __p__fmode
0x409420 __p__commode
0x409424 _adjust_fdiv
0x409428 __setusermatherr
0x40942c _initterm
0x409430 _setmbcp
0x409434 _ftol
0x409438 _purecall
0x40943c __CxxFrameHandler
0x409440 rand
0x409444 _CIfmod
0x409448 _CIacos
0x40944c __RTDynamicCast
0x409450 free
0x409454 malloc
0x409458 _CxxThrowException
0x40945c _beginthreadex
0x409460 ??1type_info@@UAE@XZ
0x409464 __dllonexit
0x409468 _onexit
0x40946c __getmainargs
0x409470 _acmdln
0x409474 exit
0x409478 _XcptFilter
0x40947c _exit
0x409480 _controlfp
KERNEL32.dll
0x409038 GetStartupInfoA
0x40903c InterlockedExchange
0x409040 CreateEventA
0x409044 WaitForSingleObject
0x409048 SetEvent
0x40904c CreateToolhelp32Snapshot
0x409050 Process32First
0x409054 lstrcmpiA
0x409058 VirtualAlloc
0x40905c VirtualFree
0x409060 GetProcAddress
0x409064 GetModuleHandleA
0x409068 CloseHandle
0x40906c ExitProcess
0x409070 Sleep
0x409074 GetSystemInfo
0x409078 Process32Next
0x40907c GetLocalTime
USER32.dll
0x40949c TranslateMessage
0x4094a0 DispatchMessageA
0x4094a4 PeekMessageA
0x4094a8 EnableWindow
0x4094ac GetDC
0x4094b0 ReleaseDC
0x4094b4 SetRect
0x4094b8 UpdateWindow
0x4094bc IsWindow
0x4094c0 SendMessageA
0x4094c4 EqualRect
0x4094c8 IsWindowVisible
0x4094cc IntersectRect
0x4094d0 CopyRect
GDI32.dll
0x409008 GetTextExtentPoint32A
0x40900c GetDIBColorTable
0x409010 CreateCompatibleDC
0x409014 SelectObject
0x409018 CreateDIBSection
0x40901c GdiFlush
0x409020 GetDeviceCaps
0x409024 RealizePalette
0x409028 SetDIBitsToDevice
0x40902c DeleteObject
0x409030 CreatePalette
ADVAPI32.dll
0x409000 RegOpenKeyExA
MSVFW32.dll
0x409488 DrawDibSetPalette
0x40948c DrawDibRealize
0x409490 DrawDibDraw
0x409494 DrawDibClose
EAT(Export Address Table) is none