ScreenShot
| Created | 2021.06.29 13:48 | Machine | s1_win7_x6402 |
| Filename | 92d8c89e8dc92d61a9ff78a304711791.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 37 detected (malicious, high confidence, Graftor, Unsafe, Farfli, ZexaCO, gq0@aKtA@6ab, Attribute, HighConfidence, Gh0stRAT, Lotok, Kryptik, CLASSIC, Score, ngrmt, ai score=99, kcloud, Ditertag, R002H07FP21, Static AI, Suspicious PE, HFPG, GdSda, confidence) | ||
| md5 | 92d8c89e8dc92d61a9ff78a304711791 | ||
| sha256 | 0e4c2040ee56cf81df3334e99fb2e419e9ed81a3c9d47bd8f57bb8a95a927baa | ||
| ssdeep | 1536:I+32lhFXyi+aXm+CCAUAPkxP8ZSa6THm2vI4V:IjxXKLqJAshTHVvI4V | ||
| imphash | 4357284766c55fad255e27178ff7d481 | ||
| impfuzzy | 48:we9/XC8+h5bCui+2bggF0x0cgtIED3crqyGShtnL24YRmpijAOGQARJtAjD3bglL:gX7x0JLLytnLNYWj+IltRGIXwut3ke | ||
Network IP location
Signature (10cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 37 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Creates known Nitol/ServStart files |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Foreign language identified in PE resource |
| notice | Repeatedly searches for a not-found process |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| info | Checks amount of memory in system |
| info | The executable uses a known packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
OPENGL32.dll
0x4074bc glClear
0x4074c0 glLightfv
0x4074c4 glMaterialfv
0x4074c8 glMaterialf
0x4074cc wglDeleteContext
0x4074d0 glVertex3f
0x4074d4 glNormal3f
0x4074d8 glEnd
0x4074dc glBegin
0x4074e0 wglMakeCurrent
0x4074e4 wglCreateContext
0x4074e8 glViewport
0x4074ec glLoadIdentity
0x4074f0 glMatrixMode
0x4074f4 glEnable
0x4074f8 glClearColor
0x4074fc glFlush
0x407500 glRotatef
0x407504 glTranslatef
GLU32.dll
0x407030 gluPerspective
MFC42.DLL
0x4070a0 None
0x4070a4 None
0x4070a8 None
0x4070ac None
0x4070b0 None
0x4070b4 None
0x4070b8 None
0x4070bc None
0x4070c0 None
0x4070c4 None
0x4070c8 None
0x4070cc None
0x4070d0 None
0x4070d4 None
0x4070d8 None
0x4070dc None
0x4070e0 None
0x4070e4 None
0x4070e8 None
0x4070ec None
0x4070f0 None
0x4070f4 None
0x4070f8 None
0x4070fc None
0x407100 None
0x407104 None
0x407108 None
0x40710c None
0x407110 None
0x407114 None
0x407118 None
0x40711c None
0x407120 None
0x407124 None
0x407128 None
0x40712c None
0x407130 None
0x407134 None
0x407138 None
0x40713c None
0x407140 None
0x407144 None
0x407148 None
0x40714c None
0x407150 None
0x407154 None
0x407158 None
0x40715c None
0x407160 None
0x407164 None
0x407168 None
0x40716c None
0x407170 None
0x407174 None
0x407178 None
0x40717c None
0x407180 None
0x407184 None
0x407188 None
0x40718c None
0x407190 None
0x407194 None
0x407198 None
0x40719c None
0x4071a0 None
0x4071a4 None
0x4071a8 None
0x4071ac None
0x4071b0 None
0x4071b4 None
0x4071b8 None
0x4071bc None
0x4071c0 None
0x4071c4 None
0x4071c8 None
0x4071cc None
0x4071d0 None
0x4071d4 None
0x4071d8 None
0x4071dc None
0x4071e0 None
0x4071e4 None
0x4071e8 None
0x4071ec None
0x4071f0 None
0x4071f4 None
0x4071f8 None
0x4071fc None
0x407200 None
0x407204 None
0x407208 None
0x40720c None
0x407210 None
0x407214 None
0x407218 None
0x40721c None
0x407220 None
0x407224 None
0x407228 None
0x40722c None
0x407230 None
0x407234 None
0x407238 None
0x40723c None
0x407240 None
0x407244 None
0x407248 None
0x40724c None
0x407250 None
0x407254 None
0x407258 None
0x40725c None
0x407260 None
0x407264 None
0x407268 None
0x40726c None
0x407270 None
0x407274 None
0x407278 None
0x40727c None
0x407280 None
0x407284 None
0x407288 None
0x40728c None
0x407290 None
0x407294 None
0x407298 None
0x40729c None
0x4072a0 None
0x4072a4 None
0x4072a8 None
0x4072ac None
0x4072b0 None
0x4072b4 None
0x4072b8 None
0x4072bc None
0x4072c0 None
0x4072c4 None
0x4072c8 None
0x4072cc None
0x4072d0 None
0x4072d4 None
0x4072d8 None
0x4072dc None
0x4072e0 None
0x4072e4 None
0x4072e8 None
0x4072ec None
0x4072f0 None
0x4072f4 None
0x4072f8 None
0x4072fc None
0x407300 None
0x407304 None
0x407308 None
0x40730c None
0x407310 None
0x407314 None
0x407318 None
0x40731c None
0x407320 None
0x407324 None
0x407328 None
0x40732c None
0x407330 None
0x407334 None
0x407338 None
0x40733c None
0x407340 None
0x407344 None
0x407348 None
0x40734c None
0x407350 None
0x407354 None
0x407358 None
0x40735c None
0x407360 None
0x407364 None
0x407368 None
0x40736c None
0x407370 None
0x407374 None
0x407378 None
0x40737c None
0x407380 None
0x407384 None
0x407388 None
0x40738c None
0x407390 None
0x407394 None
0x407398 None
0x40739c None
0x4073a0 None
0x4073a4 None
0x4073a8 None
0x4073ac None
0x4073b0 None
0x4073b4 None
0x4073b8 None
0x4073bc None
0x4073c0 None
0x4073c4 None
0x4073c8 None
0x4073cc None
0x4073d0 None
0x4073d4 None
0x4073d8 None
0x4073dc None
0x4073e0 None
0x4073e4 None
0x4073e8 None
0x4073ec None
0x4073f0 None
0x4073f4 None
0x4073f8 None
0x4073fc None
0x407400 None
0x407404 None
0x407408 None
0x40740c None
0x407410 None
0x407414 None
0x407418 None
0x40741c None
0x407420 None
0x407424 None
0x407428 None
0x40742c None
0x407430 None
0x407434 None
0x407438 None
0x40743c None
0x407440 None
0x407444 None
0x407448 None
MSVCRT.dll
0x407450 _except_handler3
0x407454 _controlfp
0x407458 __set_app_type
0x40745c __p__fmode
0x407460 __p__commode
0x407464 _adjust_fdiv
0x407468 __setusermatherr
0x40746c _initterm
0x407470 __getmainargs
0x407474 _acmdln
0x407478 exit
0x40747c _XcptFilter
0x407480 _exit
0x407484 ??1type_info@@UAE@XZ
0x407488 _onexit
0x40748c __dllonexit
0x407490 _mbsstr
0x407494 strstr
0x407498 _mbsicmp
0x40749c _beginthreadex
0x4074a0 _CxxThrowException
0x4074a4 fread
0x4074a8 fopen
0x4074ac fclose
0x4074b0 __CxxFrameHandler
0x4074b4 _setmbcp
KERNEL32.dll
0x407038 GetWindowsDirectoryA
0x40703c LoadLibraryA
0x407040 FreeLibrary
0x407044 lstrcpyA
0x407048 GetStartupInfoA
0x40704c CloseHandle
0x407050 GetProcAddress
0x407054 GetModuleHandleA
0x407058 ExitProcess
0x40705c Sleep
0x407060 GetSystemInfo
0x407064 GetLocalTime
0x407068 Process32Next
0x40706c lstrcmpiA
0x407070 Process32First
0x407074 CreateToolhelp32Snapshot
0x407078 SetEvent
0x40707c WaitForSingleObject
0x407080 CreateEventA
0x407084 GlobalFree
0x407088 GlobalUnlock
0x40708c GlobalLock
0x407090 WinExec
0x407094 lstrlenA
0x407098 lstrcatA
USER32.dll
0x407514 SetCursor
0x407518 SetCapture
0x40751c RedrawWindow
0x407520 ReleaseCapture
0x407524 PtInRect
0x407528 MessageBeep
0x40752c GetWindowRect
0x407530 GetParent
0x407534 LoadCursorA
0x407538 ReleaseDC
0x40753c InflateRect
0x407540 SetWindowLongA
0x407544 SendMessageA
0x407548 IsWindow
0x40754c GetSysColor
0x407550 InvalidateRect
0x407554 GetClientRect
0x407558 TranslateMessage
0x40755c DispatchMessageA
0x407560 GetDC
0x407564 CopyIcon
0x407568 PeekMessageA
0x40756c EnableWindow
GDI32.dll
0x407010 SetPixelFormat
0x407014 GetStockObject
0x407018 GetTextExtentPoint32A
0x40701c GetObjectA
0x407020 CreateFontIndirectA
0x407024 ChoosePixelFormat
0x407028 SwapBuffers
ADVAPI32.dll
0x407000 RegQueryValueA
0x407004 RegCloseKey
0x407008 RegOpenKeyExA
SHELL32.dll
0x40750c ShellExecuteA
EAT(Export Address Table) is none
OPENGL32.dll
0x4074bc glClear
0x4074c0 glLightfv
0x4074c4 glMaterialfv
0x4074c8 glMaterialf
0x4074cc wglDeleteContext
0x4074d0 glVertex3f
0x4074d4 glNormal3f
0x4074d8 glEnd
0x4074dc glBegin
0x4074e0 wglMakeCurrent
0x4074e4 wglCreateContext
0x4074e8 glViewport
0x4074ec glLoadIdentity
0x4074f0 glMatrixMode
0x4074f4 glEnable
0x4074f8 glClearColor
0x4074fc glFlush
0x407500 glRotatef
0x407504 glTranslatef
GLU32.dll
0x407030 gluPerspective
MFC42.DLL
0x4070a0 None
0x4070a4 None
0x4070a8 None
0x4070ac None
0x4070b0 None
0x4070b4 None
0x4070b8 None
0x4070bc None
0x4070c0 None
0x4070c4 None
0x4070c8 None
0x4070cc None
0x4070d0 None
0x4070d4 None
0x4070d8 None
0x4070dc None
0x4070e0 None
0x4070e4 None
0x4070e8 None
0x4070ec None
0x4070f0 None
0x4070f4 None
0x4070f8 None
0x4070fc None
0x407100 None
0x407104 None
0x407108 None
0x40710c None
0x407110 None
0x407114 None
0x407118 None
0x40711c None
0x407120 None
0x407124 None
0x407128 None
0x40712c None
0x407130 None
0x407134 None
0x407138 None
0x40713c None
0x407140 None
0x407144 None
0x407148 None
0x40714c None
0x407150 None
0x407154 None
0x407158 None
0x40715c None
0x407160 None
0x407164 None
0x407168 None
0x40716c None
0x407170 None
0x407174 None
0x407178 None
0x40717c None
0x407180 None
0x407184 None
0x407188 None
0x40718c None
0x407190 None
0x407194 None
0x407198 None
0x40719c None
0x4071a0 None
0x4071a4 None
0x4071a8 None
0x4071ac None
0x4071b0 None
0x4071b4 None
0x4071b8 None
0x4071bc None
0x4071c0 None
0x4071c4 None
0x4071c8 None
0x4071cc None
0x4071d0 None
0x4071d4 None
0x4071d8 None
0x4071dc None
0x4071e0 None
0x4071e4 None
0x4071e8 None
0x4071ec None
0x4071f0 None
0x4071f4 None
0x4071f8 None
0x4071fc None
0x407200 None
0x407204 None
0x407208 None
0x40720c None
0x407210 None
0x407214 None
0x407218 None
0x40721c None
0x407220 None
0x407224 None
0x407228 None
0x40722c None
0x407230 None
0x407234 None
0x407238 None
0x40723c None
0x407240 None
0x407244 None
0x407248 None
0x40724c None
0x407250 None
0x407254 None
0x407258 None
0x40725c None
0x407260 None
0x407264 None
0x407268 None
0x40726c None
0x407270 None
0x407274 None
0x407278 None
0x40727c None
0x407280 None
0x407284 None
0x407288 None
0x40728c None
0x407290 None
0x407294 None
0x407298 None
0x40729c None
0x4072a0 None
0x4072a4 None
0x4072a8 None
0x4072ac None
0x4072b0 None
0x4072b4 None
0x4072b8 None
0x4072bc None
0x4072c0 None
0x4072c4 None
0x4072c8 None
0x4072cc None
0x4072d0 None
0x4072d4 None
0x4072d8 None
0x4072dc None
0x4072e0 None
0x4072e4 None
0x4072e8 None
0x4072ec None
0x4072f0 None
0x4072f4 None
0x4072f8 None
0x4072fc None
0x407300 None
0x407304 None
0x407308 None
0x40730c None
0x407310 None
0x407314 None
0x407318 None
0x40731c None
0x407320 None
0x407324 None
0x407328 None
0x40732c None
0x407330 None
0x407334 None
0x407338 None
0x40733c None
0x407340 None
0x407344 None
0x407348 None
0x40734c None
0x407350 None
0x407354 None
0x407358 None
0x40735c None
0x407360 None
0x407364 None
0x407368 None
0x40736c None
0x407370 None
0x407374 None
0x407378 None
0x40737c None
0x407380 None
0x407384 None
0x407388 None
0x40738c None
0x407390 None
0x407394 None
0x407398 None
0x40739c None
0x4073a0 None
0x4073a4 None
0x4073a8 None
0x4073ac None
0x4073b0 None
0x4073b4 None
0x4073b8 None
0x4073bc None
0x4073c0 None
0x4073c4 None
0x4073c8 None
0x4073cc None
0x4073d0 None
0x4073d4 None
0x4073d8 None
0x4073dc None
0x4073e0 None
0x4073e4 None
0x4073e8 None
0x4073ec None
0x4073f0 None
0x4073f4 None
0x4073f8 None
0x4073fc None
0x407400 None
0x407404 None
0x407408 None
0x40740c None
0x407410 None
0x407414 None
0x407418 None
0x40741c None
0x407420 None
0x407424 None
0x407428 None
0x40742c None
0x407430 None
0x407434 None
0x407438 None
0x40743c None
0x407440 None
0x407444 None
0x407448 None
MSVCRT.dll
0x407450 _except_handler3
0x407454 _controlfp
0x407458 __set_app_type
0x40745c __p__fmode
0x407460 __p__commode
0x407464 _adjust_fdiv
0x407468 __setusermatherr
0x40746c _initterm
0x407470 __getmainargs
0x407474 _acmdln
0x407478 exit
0x40747c _XcptFilter
0x407480 _exit
0x407484 ??1type_info@@UAE@XZ
0x407488 _onexit
0x40748c __dllonexit
0x407490 _mbsstr
0x407494 strstr
0x407498 _mbsicmp
0x40749c _beginthreadex
0x4074a0 _CxxThrowException
0x4074a4 fread
0x4074a8 fopen
0x4074ac fclose
0x4074b0 __CxxFrameHandler
0x4074b4 _setmbcp
KERNEL32.dll
0x407038 GetWindowsDirectoryA
0x40703c LoadLibraryA
0x407040 FreeLibrary
0x407044 lstrcpyA
0x407048 GetStartupInfoA
0x40704c CloseHandle
0x407050 GetProcAddress
0x407054 GetModuleHandleA
0x407058 ExitProcess
0x40705c Sleep
0x407060 GetSystemInfo
0x407064 GetLocalTime
0x407068 Process32Next
0x40706c lstrcmpiA
0x407070 Process32First
0x407074 CreateToolhelp32Snapshot
0x407078 SetEvent
0x40707c WaitForSingleObject
0x407080 CreateEventA
0x407084 GlobalFree
0x407088 GlobalUnlock
0x40708c GlobalLock
0x407090 WinExec
0x407094 lstrlenA
0x407098 lstrcatA
USER32.dll
0x407514 SetCursor
0x407518 SetCapture
0x40751c RedrawWindow
0x407520 ReleaseCapture
0x407524 PtInRect
0x407528 MessageBeep
0x40752c GetWindowRect
0x407530 GetParent
0x407534 LoadCursorA
0x407538 ReleaseDC
0x40753c InflateRect
0x407540 SetWindowLongA
0x407544 SendMessageA
0x407548 IsWindow
0x40754c GetSysColor
0x407550 InvalidateRect
0x407554 GetClientRect
0x407558 TranslateMessage
0x40755c DispatchMessageA
0x407560 GetDC
0x407564 CopyIcon
0x407568 PeekMessageA
0x40756c EnableWindow
GDI32.dll
0x407010 SetPixelFormat
0x407014 GetStockObject
0x407018 GetTextExtentPoint32A
0x40701c GetObjectA
0x407020 CreateFontIndirectA
0x407024 ChoosePixelFormat
0x407028 SwapBuffers
ADVAPI32.dll
0x407000 RegQueryValueA
0x407004 RegCloseKey
0x407008 RegOpenKeyExA
SHELL32.dll
0x40750c ShellExecuteA
EAT(Export Address Table) is none