ScreenShot
| Created | 2021.07.04 11:12 | Machine | s1_win7_x6402 |
| Filename | build2.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 49 detected (AIDetect, malware1, malicious, high confidence, GenericKD, Unsafe, Save, Azorult, Kryptik, Eldorado, Attribute, HighConfidence, HLNS, PWSX, Mokes, R + Troj, DownLoader40, STOP, SMYXBFX, Emotet, Outbreak, 1F25ZEX, VidarStealer, hrhta, kcloud, score, MalPE, R428378, BScope, Wacatac, ai score=100, CLASSIC, Static AI, Malicious PE, HLNN, ZexaF, RuW@aq66w7fO, Genetic, confidence, 100%, Vidar, HwoCTXsA) | ||
| md5 | c89fda6449e697936fe56fc265f82731 | ||
| sha256 | cfdc4c7dadf73658cc8e09808ac23ca929ec611fc211ac0dec48c033f7d7d788 | ||
| ssdeep | 12288:W1Gb1hIad95oX0PJJ9eNvf/J3+0eEyXMP1h9VB2reBYYDRYy5DR7piPejX6SgHp:RoEPJDwOdEyXs1h3B2w1zDR1iPtzJ | ||
| imphash | e2d3496b3b287ea2b61fe32b1b1b6e50 | ||
| impfuzzy | 48:CMKB1t4O7IvL550uX0dJv9p8FOudo+fcft2NaEG6glnTc9ZktBD:otDkzL0uX0bHC3o+fcftpEG6glTc3k3 | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 49 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x497000 GetCommandLineW
0x497004 GetComputerNameA
0x497008 CreateMutexW
0x49700c SearchPathW
0x497010 WriteConsoleInputW
0x497014 WritePrivateProfileStructA
0x497018 GetConsoleAliasesLengthW
0x49701c CopyFileExW
0x497020 TlsGetValue
0x497024 SetLocalTime
0x497028 CommConfigDialogA
0x49702c GetDefaultCommConfigW
0x497030 FindResourceExW
0x497034 FreeLibrary
0x497038 CallNamedPipeA
0x49703c SetConsoleTextAttribute
0x497040 GetCommState
0x497044 InterlockedDecrement
0x497048 ZombifyActCtx
0x49704c ScrollConsoleScreenBufferW
0x497050 GetNamedPipeHandleStateA
0x497054 GlobalLock
0x497058 SetComputerNameW
0x49705c CreateDirectoryExA
0x497060 GetModuleHandleW
0x497064 GetCommConfig
0x497068 GetPrivateProfileStringW
0x49706c FindActCtxSectionStringA
0x497070 SetProcessPriorityBoost
0x497074 ActivateActCtx
0x497078 GetSystemDirectoryW
0x49707c LoadLibraryW
0x497080 GetConsoleMode
0x497084 SizeofResource
0x497088 GetCalendarInfoA
0x49708c ReadFileScatter
0x497090 GetSystemWow64DirectoryW
0x497094 GetSystemWindowsDirectoryA
0x497098 GetSystemTimeAdjustment
0x49709c GetVersionExW
0x4970a0 InterlockedPopEntrySList
0x4970a4 GlobalFlags
0x4970a8 SetConsoleCursorPosition
0x4970ac GetBinaryTypeA
0x4970b0 IsDBCSLeadByte
0x4970b4 ReadFile
0x4970b8 GetOverlappedResult
0x4970bc ExitThread
0x4970c0 lstrlenW
0x4970c4 SetConsoleTitleA
0x4970c8 LCMapStringA
0x4970cc VerifyVersionInfoW
0x4970d0 CreateDirectoryA
0x4970d4 GetProfileIntA
0x4970d8 GetFileSizeEx
0x4970dc SetCurrentDirectoryA
0x4970e0 SetThreadLocale
0x4970e4 GetCPInfoExW
0x4970e8 GetCurrentDirectoryW
0x4970ec ReadConsoleOutputCharacterA
0x4970f0 SetVolumeLabelW
0x4970f4 WriteProfileSectionA
0x4970f8 FreeUserPhysicalPages
0x4970fc GetLocalTime
0x497100 GetAtomNameA
0x497104 LoadLibraryA
0x497108 LocalAlloc
0x49710c SetConsoleOutputCP
0x497110 GetTapeParameters
0x497114 WTSGetActiveConsoleSessionId
0x497118 GetProcessShutdownParameters
0x49711c FreeEnvironmentStringsW
0x497120 RequestWakeupLatency
0x497124 VirtualProtect
0x497128 CompareStringA
0x49712c GetConsoleCursorInfo
0x497130 FindAtomW
0x497134 GetWindowsDirectoryW
0x497138 FileTimeToLocalFileTime
0x49713c GetVolumeNameForVolumeMountPointW
0x497140 GetProfileSectionW
0x497144 CommConfigDialogW
0x497148 DeleteFileA
0x49714c WideCharToMultiByte
0x497150 InterlockedIncrement
0x497154 MultiByteToWideChar
0x497158 InterlockedExchange
0x49715c Sleep
0x497160 InitializeCriticalSection
0x497164 DeleteCriticalSection
0x497168 EnterCriticalSection
0x49716c LeaveCriticalSection
0x497170 TerminateProcess
0x497174 GetCurrentProcess
0x497178 UnhandledExceptionFilter
0x49717c SetUnhandledExceptionFilter
0x497180 IsDebuggerPresent
0x497184 GetModuleFileNameW
0x497188 GetCommandLineA
0x49718c GetStartupInfoA
0x497190 GetCPInfo
0x497194 HeapValidate
0x497198 IsBadReadPtr
0x49719c RaiseException
0x4971a0 RtlUnwind
0x4971a4 GetLastError
0x4971a8 LCMapStringW
0x4971ac GetProcAddress
0x4971b0 TlsAlloc
0x4971b4 TlsSetValue
0x4971b8 GetCurrentThreadId
0x4971bc TlsFree
0x4971c0 SetLastError
0x4971c4 GetACP
0x4971c8 GetOEMCP
0x4971cc IsValidCodePage
0x4971d0 DebugBreak
0x4971d4 GetStdHandle
0x4971d8 WriteFile
0x4971dc OutputDebugStringA
0x4971e0 WriteConsoleW
0x4971e4 GetFileType
0x4971e8 OutputDebugStringW
0x4971ec ExitProcess
0x4971f0 QueryPerformanceCounter
0x4971f4 GetTickCount
0x4971f8 GetCurrentProcessId
0x4971fc GetSystemTimeAsFileTime
0x497200 GetModuleFileNameA
0x497204 FreeEnvironmentStringsA
0x497208 GetEnvironmentStrings
0x49720c GetEnvironmentStringsW
0x497210 SetHandleCount
0x497214 HeapDestroy
0x497218 HeapCreate
0x49721c HeapFree
0x497220 VirtualFree
0x497224 GetStringTypeA
0x497228 GetStringTypeW
0x49722c FlushFileBuffers
0x497230 GetConsoleCP
0x497234 HeapAlloc
0x497238 HeapSize
0x49723c HeapReAlloc
0x497240 VirtualAlloc
0x497244 GetLocaleInfoA
0x497248 IsValidLocale
0x49724c EnumSystemLocalesA
0x497250 GetUserDefaultLCID
0x497254 SetFilePointer
0x497258 InitializeCriticalSectionAndSpinCount
0x49725c GetLocaleInfoW
0x497260 SetStdHandle
0x497264 WriteConsoleA
0x497268 GetConsoleOutputCP
0x49726c CloseHandle
0x497270 CreateFileA
0x497274 GetModuleHandleA
USER32.dll
0x49727c GetMessageTime
0x497280 GetCursorInfo
EAT(Export Address Table) is none
KERNEL32.dll
0x497000 GetCommandLineW
0x497004 GetComputerNameA
0x497008 CreateMutexW
0x49700c SearchPathW
0x497010 WriteConsoleInputW
0x497014 WritePrivateProfileStructA
0x497018 GetConsoleAliasesLengthW
0x49701c CopyFileExW
0x497020 TlsGetValue
0x497024 SetLocalTime
0x497028 CommConfigDialogA
0x49702c GetDefaultCommConfigW
0x497030 FindResourceExW
0x497034 FreeLibrary
0x497038 CallNamedPipeA
0x49703c SetConsoleTextAttribute
0x497040 GetCommState
0x497044 InterlockedDecrement
0x497048 ZombifyActCtx
0x49704c ScrollConsoleScreenBufferW
0x497050 GetNamedPipeHandleStateA
0x497054 GlobalLock
0x497058 SetComputerNameW
0x49705c CreateDirectoryExA
0x497060 GetModuleHandleW
0x497064 GetCommConfig
0x497068 GetPrivateProfileStringW
0x49706c FindActCtxSectionStringA
0x497070 SetProcessPriorityBoost
0x497074 ActivateActCtx
0x497078 GetSystemDirectoryW
0x49707c LoadLibraryW
0x497080 GetConsoleMode
0x497084 SizeofResource
0x497088 GetCalendarInfoA
0x49708c ReadFileScatter
0x497090 GetSystemWow64DirectoryW
0x497094 GetSystemWindowsDirectoryA
0x497098 GetSystemTimeAdjustment
0x49709c GetVersionExW
0x4970a0 InterlockedPopEntrySList
0x4970a4 GlobalFlags
0x4970a8 SetConsoleCursorPosition
0x4970ac GetBinaryTypeA
0x4970b0 IsDBCSLeadByte
0x4970b4 ReadFile
0x4970b8 GetOverlappedResult
0x4970bc ExitThread
0x4970c0 lstrlenW
0x4970c4 SetConsoleTitleA
0x4970c8 LCMapStringA
0x4970cc VerifyVersionInfoW
0x4970d0 CreateDirectoryA
0x4970d4 GetProfileIntA
0x4970d8 GetFileSizeEx
0x4970dc SetCurrentDirectoryA
0x4970e0 SetThreadLocale
0x4970e4 GetCPInfoExW
0x4970e8 GetCurrentDirectoryW
0x4970ec ReadConsoleOutputCharacterA
0x4970f0 SetVolumeLabelW
0x4970f4 WriteProfileSectionA
0x4970f8 FreeUserPhysicalPages
0x4970fc GetLocalTime
0x497100 GetAtomNameA
0x497104 LoadLibraryA
0x497108 LocalAlloc
0x49710c SetConsoleOutputCP
0x497110 GetTapeParameters
0x497114 WTSGetActiveConsoleSessionId
0x497118 GetProcessShutdownParameters
0x49711c FreeEnvironmentStringsW
0x497120 RequestWakeupLatency
0x497124 VirtualProtect
0x497128 CompareStringA
0x49712c GetConsoleCursorInfo
0x497130 FindAtomW
0x497134 GetWindowsDirectoryW
0x497138 FileTimeToLocalFileTime
0x49713c GetVolumeNameForVolumeMountPointW
0x497140 GetProfileSectionW
0x497144 CommConfigDialogW
0x497148 DeleteFileA
0x49714c WideCharToMultiByte
0x497150 InterlockedIncrement
0x497154 MultiByteToWideChar
0x497158 InterlockedExchange
0x49715c Sleep
0x497160 InitializeCriticalSection
0x497164 DeleteCriticalSection
0x497168 EnterCriticalSection
0x49716c LeaveCriticalSection
0x497170 TerminateProcess
0x497174 GetCurrentProcess
0x497178 UnhandledExceptionFilter
0x49717c SetUnhandledExceptionFilter
0x497180 IsDebuggerPresent
0x497184 GetModuleFileNameW
0x497188 GetCommandLineA
0x49718c GetStartupInfoA
0x497190 GetCPInfo
0x497194 HeapValidate
0x497198 IsBadReadPtr
0x49719c RaiseException
0x4971a0 RtlUnwind
0x4971a4 GetLastError
0x4971a8 LCMapStringW
0x4971ac GetProcAddress
0x4971b0 TlsAlloc
0x4971b4 TlsSetValue
0x4971b8 GetCurrentThreadId
0x4971bc TlsFree
0x4971c0 SetLastError
0x4971c4 GetACP
0x4971c8 GetOEMCP
0x4971cc IsValidCodePage
0x4971d0 DebugBreak
0x4971d4 GetStdHandle
0x4971d8 WriteFile
0x4971dc OutputDebugStringA
0x4971e0 WriteConsoleW
0x4971e4 GetFileType
0x4971e8 OutputDebugStringW
0x4971ec ExitProcess
0x4971f0 QueryPerformanceCounter
0x4971f4 GetTickCount
0x4971f8 GetCurrentProcessId
0x4971fc GetSystemTimeAsFileTime
0x497200 GetModuleFileNameA
0x497204 FreeEnvironmentStringsA
0x497208 GetEnvironmentStrings
0x49720c GetEnvironmentStringsW
0x497210 SetHandleCount
0x497214 HeapDestroy
0x497218 HeapCreate
0x49721c HeapFree
0x497220 VirtualFree
0x497224 GetStringTypeA
0x497228 GetStringTypeW
0x49722c FlushFileBuffers
0x497230 GetConsoleCP
0x497234 HeapAlloc
0x497238 HeapSize
0x49723c HeapReAlloc
0x497240 VirtualAlloc
0x497244 GetLocaleInfoA
0x497248 IsValidLocale
0x49724c EnumSystemLocalesA
0x497250 GetUserDefaultLCID
0x497254 SetFilePointer
0x497258 InitializeCriticalSectionAndSpinCount
0x49725c GetLocaleInfoW
0x497260 SetStdHandle
0x497264 WriteConsoleA
0x497268 GetConsoleOutputCP
0x49726c CloseHandle
0x497270 CreateFileA
0x497274 GetModuleHandleA
USER32.dll
0x49727c GetMessageTime
0x497280 GetCursorInfo
EAT(Export Address Table) is none