ScreenShot
| Created | 2021.06.25 10:29 | Machine | s1_win7_x6402 |
| Filename | bg-kuwo.com | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 27 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, PWSX, Generic@ML, RDML, VsweWMA1FnWI5o1ij0dG8Q, Emotet, Racealer, Wacatac, score, Artemis, BScope, Static AI, Malicious PE, ZexaF, vu0@aG79VEfO) | ||
| md5 | 15f6e8aa6806ad6f33d61195c69159c5 | ||
| sha256 | a42a948fe044f5610b006cb2666708270a7a40b241e5ab3f92d9b9492f7586ce | ||
| ssdeep | 6144:ed3YdSoAm+f0KtGQXZxtZmwKLHkaBzPEBIawZexYk:EYdSoAm+xLXZxGwaBzPnHMY | ||
| imphash | 5623df6c548fad12f71d235627729e47 | ||
| impfuzzy | 48:YM1/JKUVODuYpdrXlbPNUQlpoXvKYHO3aEZtqFdcJcuZ/XlOGp:YqCyGrXx1UQvoXhHVEZtqFdcJcA/XJ | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x434000 ExitProcess
0x434004 SetVolumeLabelA
0x434008 GetFileSize
0x43400c CreateMutexW
0x434010 SearchPathW
0x434014 WriteConsoleInputW
0x434018 CopyFileExW
0x43401c GetProfileIntW
0x434020 GetDefaultCommConfigW
0x434024 LoadResource
0x434028 InterlockedIncrement
0x43402c InterlockedDecrement
0x434030 ZombifyActCtx
0x434034 ScrollConsoleScreenBufferW
0x434038 GetNamedPipeHandleStateA
0x43403c CreateDirectoryW
0x434040 GetProfileSectionA
0x434044 SetComputerNameW
0x434048 GetComputerNameW
0x43404c GetCommProperties
0x434050 FreeEnvironmentStringsA
0x434054 GetProcessPriorityBoost
0x434058 LocalFlags
0x43405c GetConsoleAliasesLengthA
0x434060 GetConsoleTitleA
0x434064 GetWindowsDirectoryA
0x434068 WriteFile
0x43406c SetCommState
0x434070 GetCommandLineA
0x434074 WriteFileGather
0x434078 EnumResourceTypesA
0x43407c CreateDirectoryExW
0x434080 TlsSetValue
0x434084 FindResourceExA
0x434088 GlobalAlloc
0x43408c LoadLibraryW
0x434090 GetConsoleMode
0x434094 GetCalendarInfoA
0x434098 GetSystemWow64DirectoryW
0x43409c SetSystemTimeAdjustment
0x4340a0 GetSystemWindowsDirectoryA
0x4340a4 GetVersionExW
0x4340a8 SetConsoleCursorPosition
0x4340ac VerifyVersionInfoA
0x4340b0 GetBinaryTypeA
0x4340b4 GetAtomNameW
0x4340b8 IsDBCSLeadByte
0x4340bc GetBinaryTypeW
0x4340c0 GetOverlappedResult
0x4340c4 lstrlenW
0x4340c8 SetConsoleTitleA
0x4340cc GlobalUnlock
0x4340d0 GetConsoleOutputCP
0x4340d4 InterlockedExchange
0x4340d8 SetThreadLocale
0x4340dc FreeUserPhysicalPages
0x4340e0 EnterCriticalSection
0x4340e4 BuildCommDCBW
0x4340e8 GetPrivateProfileStringA
0x4340ec GetLocalTime
0x4340f0 LoadLibraryA
0x4340f4 OpenWaitableTimerW
0x4340f8 GetConsoleScreenBufferInfo
0x4340fc IsSystemResumeAutomatic
0x434100 SetConsoleCtrlHandler
0x434104 WriteProfileSectionW
0x434108 FindAtomA
0x43410c GetTapeParameters
0x434110 SetConsoleCursorInfo
0x434114 GetModuleHandleA
0x434118 VirtualProtect
0x43411c GetCurrentDirectoryA
0x434120 CompareStringA
0x434124 GetConsoleCursorInfo
0x434128 SetThreadAffinityMask
0x43412c FileTimeToLocalFileTime
0x434130 InterlockedPushEntrySList
0x434134 LCMapStringW
0x434138 AreFileApisANSI
0x43413c DeleteFileA
0x434140 FlushFileBuffers
0x434144 GetLastError
0x434148 GetStartupInfoA
0x43414c HeapValidate
0x434150 IsBadReadPtr
0x434154 RaiseException
0x434158 TerminateProcess
0x43415c GetCurrentProcess
0x434160 UnhandledExceptionFilter
0x434164 SetUnhandledExceptionFilter
0x434168 IsDebuggerPresent
0x43416c GetModuleFileNameW
0x434170 RtlUnwind
0x434174 GetACP
0x434178 GetOEMCP
0x43417c GetCPInfo
0x434180 IsValidCodePage
0x434184 GetProcAddress
0x434188 TlsGetValue
0x43418c GetModuleHandleW
0x434190 TlsAlloc
0x434194 GetCurrentThreadId
0x434198 TlsFree
0x43419c SetLastError
0x4341a0 DeleteCriticalSection
0x4341a4 LeaveCriticalSection
0x4341a8 QueryPerformanceCounter
0x4341ac GetTickCount
0x4341b0 GetCurrentProcessId
0x4341b4 GetSystemTimeAsFileTime
0x4341b8 Sleep
0x4341bc GetModuleFileNameA
0x4341c0 GetEnvironmentStrings
0x4341c4 FreeEnvironmentStringsW
0x4341c8 WideCharToMultiByte
0x4341cc GetEnvironmentStringsW
0x4341d0 SetHandleCount
0x4341d4 GetStdHandle
0x4341d8 GetFileType
0x4341dc HeapDestroy
0x4341e0 HeapCreate
0x4341e4 HeapFree
0x4341e8 VirtualFree
0x4341ec HeapAlloc
0x4341f0 HeapSize
0x4341f4 HeapReAlloc
0x4341f8 VirtualAlloc
0x4341fc MultiByteToWideChar
0x434200 GetStringTypeA
0x434204 GetStringTypeW
0x434208 GetLocaleInfoA
0x43420c DebugBreak
0x434210 OutputDebugStringA
0x434214 WriteConsoleW
0x434218 OutputDebugStringW
0x43421c LCMapStringA
0x434220 InitializeCriticalSectionAndSpinCount
0x434224 SetFilePointer
0x434228 GetConsoleCP
0x43422c SetStdHandle
0x434230 WriteConsoleA
0x434234 CreateFileA
0x434238 CloseHandle
USER32.dll
0x434240 GetMenuCheckMarkDimensions
0x434244 GetMenuInfo
0x434248 GetMessageTime
EAT(Export Address Table) Library
0x42a0f0 _CallPattern@8
0x42a0e0 _zabiray@8
KERNEL32.dll
0x434000 ExitProcess
0x434004 SetVolumeLabelA
0x434008 GetFileSize
0x43400c CreateMutexW
0x434010 SearchPathW
0x434014 WriteConsoleInputW
0x434018 CopyFileExW
0x43401c GetProfileIntW
0x434020 GetDefaultCommConfigW
0x434024 LoadResource
0x434028 InterlockedIncrement
0x43402c InterlockedDecrement
0x434030 ZombifyActCtx
0x434034 ScrollConsoleScreenBufferW
0x434038 GetNamedPipeHandleStateA
0x43403c CreateDirectoryW
0x434040 GetProfileSectionA
0x434044 SetComputerNameW
0x434048 GetComputerNameW
0x43404c GetCommProperties
0x434050 FreeEnvironmentStringsA
0x434054 GetProcessPriorityBoost
0x434058 LocalFlags
0x43405c GetConsoleAliasesLengthA
0x434060 GetConsoleTitleA
0x434064 GetWindowsDirectoryA
0x434068 WriteFile
0x43406c SetCommState
0x434070 GetCommandLineA
0x434074 WriteFileGather
0x434078 EnumResourceTypesA
0x43407c CreateDirectoryExW
0x434080 TlsSetValue
0x434084 FindResourceExA
0x434088 GlobalAlloc
0x43408c LoadLibraryW
0x434090 GetConsoleMode
0x434094 GetCalendarInfoA
0x434098 GetSystemWow64DirectoryW
0x43409c SetSystemTimeAdjustment
0x4340a0 GetSystemWindowsDirectoryA
0x4340a4 GetVersionExW
0x4340a8 SetConsoleCursorPosition
0x4340ac VerifyVersionInfoA
0x4340b0 GetBinaryTypeA
0x4340b4 GetAtomNameW
0x4340b8 IsDBCSLeadByte
0x4340bc GetBinaryTypeW
0x4340c0 GetOverlappedResult
0x4340c4 lstrlenW
0x4340c8 SetConsoleTitleA
0x4340cc GlobalUnlock
0x4340d0 GetConsoleOutputCP
0x4340d4 InterlockedExchange
0x4340d8 SetThreadLocale
0x4340dc FreeUserPhysicalPages
0x4340e0 EnterCriticalSection
0x4340e4 BuildCommDCBW
0x4340e8 GetPrivateProfileStringA
0x4340ec GetLocalTime
0x4340f0 LoadLibraryA
0x4340f4 OpenWaitableTimerW
0x4340f8 GetConsoleScreenBufferInfo
0x4340fc IsSystemResumeAutomatic
0x434100 SetConsoleCtrlHandler
0x434104 WriteProfileSectionW
0x434108 FindAtomA
0x43410c GetTapeParameters
0x434110 SetConsoleCursorInfo
0x434114 GetModuleHandleA
0x434118 VirtualProtect
0x43411c GetCurrentDirectoryA
0x434120 CompareStringA
0x434124 GetConsoleCursorInfo
0x434128 SetThreadAffinityMask
0x43412c FileTimeToLocalFileTime
0x434130 InterlockedPushEntrySList
0x434134 LCMapStringW
0x434138 AreFileApisANSI
0x43413c DeleteFileA
0x434140 FlushFileBuffers
0x434144 GetLastError
0x434148 GetStartupInfoA
0x43414c HeapValidate
0x434150 IsBadReadPtr
0x434154 RaiseException
0x434158 TerminateProcess
0x43415c GetCurrentProcess
0x434160 UnhandledExceptionFilter
0x434164 SetUnhandledExceptionFilter
0x434168 IsDebuggerPresent
0x43416c GetModuleFileNameW
0x434170 RtlUnwind
0x434174 GetACP
0x434178 GetOEMCP
0x43417c GetCPInfo
0x434180 IsValidCodePage
0x434184 GetProcAddress
0x434188 TlsGetValue
0x43418c GetModuleHandleW
0x434190 TlsAlloc
0x434194 GetCurrentThreadId
0x434198 TlsFree
0x43419c SetLastError
0x4341a0 DeleteCriticalSection
0x4341a4 LeaveCriticalSection
0x4341a8 QueryPerformanceCounter
0x4341ac GetTickCount
0x4341b0 GetCurrentProcessId
0x4341b4 GetSystemTimeAsFileTime
0x4341b8 Sleep
0x4341bc GetModuleFileNameA
0x4341c0 GetEnvironmentStrings
0x4341c4 FreeEnvironmentStringsW
0x4341c8 WideCharToMultiByte
0x4341cc GetEnvironmentStringsW
0x4341d0 SetHandleCount
0x4341d4 GetStdHandle
0x4341d8 GetFileType
0x4341dc HeapDestroy
0x4341e0 HeapCreate
0x4341e4 HeapFree
0x4341e8 VirtualFree
0x4341ec HeapAlloc
0x4341f0 HeapSize
0x4341f4 HeapReAlloc
0x4341f8 VirtualAlloc
0x4341fc MultiByteToWideChar
0x434200 GetStringTypeA
0x434204 GetStringTypeW
0x434208 GetLocaleInfoA
0x43420c DebugBreak
0x434210 OutputDebugStringA
0x434214 WriteConsoleW
0x434218 OutputDebugStringW
0x43421c LCMapStringA
0x434220 InitializeCriticalSectionAndSpinCount
0x434224 SetFilePointer
0x434228 GetConsoleCP
0x43422c SetStdHandle
0x434230 WriteConsoleA
0x434234 CreateFileA
0x434238 CloseHandle
USER32.dll
0x434240 GetMenuCheckMarkDimensions
0x434244 GetMenuInfo
0x434248 GetMessageTime
EAT(Export Address Table) Library
0x42a0f0 _CallPattern@8
0x42a0e0 _zabiray@8