ScreenShot
| Created | 2021.07.08 09:46 | Machine | s1_win7_x6401 |
| Filename | upl.txt | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 31 detected (GenericKD, Unsafe, Attribute, HighConfidence, Ursnif, Malicious, cnfss@0, Generic PWS, UrsnifDropper, uytnr, kcloud, Wacatac, score, ai score=84, TrojanPSW, Gozi, HgkASX8A) | ||
| md5 | 5522c21a05daf91658951bdf1c0e5271 | ||
| sha256 | eb6e2519aa5c31174a1ed6c0193b2d0e49e9ed6ca1ac01ed94b3007b5e2f6993 | ||
| ssdeep | 6144:h8vockvtMD67Dvy8CyOuq107KjWMTxdtcrsianUAqPt/MmG3G/GERIgg:SwhtCy50mpMTxdtV8AqPtM3gN | ||
| imphash | 789fcca066875e59aafcb5a18bb50d1b | ||
| impfuzzy | 48:+iDGdZ+fcoMZFmKzRPZfc3ohOl/XZpmg/:+iDKZ+fcoMZFZ9BfcADC | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 31 AntiVirus engines on VirusTotal as malicious |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x104801c GetProcAddress
0x1048020 LoadLibraryA
0x1048024 GetEnvironmentVariableA
0x1048028 VirtualProtectEx
0x104802c GetModuleFileNameA
0x1048030 GetWindowsDirectoryA
0x1048034 SetConsoleCP
0x1048038 SetConsoleOutputCP
0x104803c GetModuleHandleA
0x1048040 Sleep
0x1048044 GetLocaleInfoW
0x1048048 WriteConsoleW
0x104804c GetConsoleOutputCP
0x1048050 WriteConsoleA
0x1048054 InitializeCriticalSectionAndSpinCount
0x1048058 GetProcessHeap
0x104805c SetEndOfFile
0x1048060 GlobalLock
0x1048064 QueryPerformanceFrequency
0x1048068 GlobalAlloc
0x104806c SetUnhandledExceptionFilter
0x1048070 CreatePipe
0x1048074 GlobalFree
0x1048078 InterlockedIncrement
0x104807c InterlockedDecrement
0x1048080 WideCharToMultiByte
0x1048084 InterlockedExchange
0x1048088 InitializeCriticalSection
0x104808c DeleteCriticalSection
0x1048090 EnterCriticalSection
0x1048094 LeaveCriticalSection
0x1048098 MultiByteToWideChar
0x104809c GetLastError
0x10480a0 CloseHandle
0x10480a4 HeapAlloc
0x10480a8 RtlUnwind
0x10480ac RaiseException
0x10480b0 TerminateProcess
0x10480b4 GetCurrentProcess
0x10480b8 UnhandledExceptionFilter
0x10480bc IsDebuggerPresent
0x10480c0 GetCurrentThreadId
0x10480c4 GetCommandLineA
0x10480c8 HeapFree
0x10480cc GetCPInfo
0x10480d0 LCMapStringA
0x10480d4 LCMapStringW
0x10480d8 GetFileType
0x10480dc CreateFileA
0x10480e0 SetStdHandle
0x10480e4 SetHandleCount
0x10480e8 GetStdHandle
0x10480ec GetStartupInfoA
0x10480f0 VirtualFree
0x10480f4 VirtualAlloc
0x10480f8 HeapReAlloc
0x10480fc HeapCreate
0x1048100 HeapDestroy
0x1048104 GetModuleHandleW
0x1048108 ExitProcess
0x104810c WriteFile
0x1048110 TlsGetValue
0x1048114 TlsAlloc
0x1048118 TlsSetValue
0x104811c TlsFree
0x1048120 SetLastError
0x1048124 GetACP
0x1048128 GetOEMCP
0x104812c IsValidCodePage
0x1048130 GetUserDefaultLCID
0x1048134 GetLocaleInfoA
0x1048138 EnumSystemLocalesA
0x104813c IsValidLocale
0x1048140 GetStringTypeA
0x1048144 GetStringTypeW
0x1048148 FreeEnvironmentStringsA
0x104814c GetEnvironmentStrings
0x1048150 FreeEnvironmentStringsW
0x1048154 GetEnvironmentStringsW
0x1048158 QueryPerformanceCounter
0x104815c GetTickCount
0x1048160 GetCurrentProcessId
0x1048164 GetSystemTimeAsFileTime
0x1048168 HeapSize
0x104816c GetConsoleCP
0x1048170 GetConsoleMode
0x1048174 FlushFileBuffers
0x1048178 ReadFile
0x104817c SetFilePointer
USER32.dll
0x1048184 SetForegroundWindow
0x1048188 CheckRadioButton
0x104818c SetClipboardData
0x1048190 DestroyWindow
0x1048194 SendMessageA
0x1048198 GetClipboardData
0x104819c SendDlgItemMessageA
ole32.dll
0x10481a4 OleInitialize
0x10481a8 OleUninitialize
IMM32.dll
0x1048000 ImmNotifyIME
0x1048004 ImmSetCompositionFontA
0x1048008 ImmGetContext
0x104800c ImmGetCompositionStringA
0x1048010 ImmSetCompositionWindow
0x1048014 ImmReleaseContext
EAT(Export Address Table) Library
0x102c6b0 Formweather
0x102c420 Piecehear
0x102b3f0 Stickregion
0x102c510 Would
KERNEL32.dll
0x104801c GetProcAddress
0x1048020 LoadLibraryA
0x1048024 GetEnvironmentVariableA
0x1048028 VirtualProtectEx
0x104802c GetModuleFileNameA
0x1048030 GetWindowsDirectoryA
0x1048034 SetConsoleCP
0x1048038 SetConsoleOutputCP
0x104803c GetModuleHandleA
0x1048040 Sleep
0x1048044 GetLocaleInfoW
0x1048048 WriteConsoleW
0x104804c GetConsoleOutputCP
0x1048050 WriteConsoleA
0x1048054 InitializeCriticalSectionAndSpinCount
0x1048058 GetProcessHeap
0x104805c SetEndOfFile
0x1048060 GlobalLock
0x1048064 QueryPerformanceFrequency
0x1048068 GlobalAlloc
0x104806c SetUnhandledExceptionFilter
0x1048070 CreatePipe
0x1048074 GlobalFree
0x1048078 InterlockedIncrement
0x104807c InterlockedDecrement
0x1048080 WideCharToMultiByte
0x1048084 InterlockedExchange
0x1048088 InitializeCriticalSection
0x104808c DeleteCriticalSection
0x1048090 EnterCriticalSection
0x1048094 LeaveCriticalSection
0x1048098 MultiByteToWideChar
0x104809c GetLastError
0x10480a0 CloseHandle
0x10480a4 HeapAlloc
0x10480a8 RtlUnwind
0x10480ac RaiseException
0x10480b0 TerminateProcess
0x10480b4 GetCurrentProcess
0x10480b8 UnhandledExceptionFilter
0x10480bc IsDebuggerPresent
0x10480c0 GetCurrentThreadId
0x10480c4 GetCommandLineA
0x10480c8 HeapFree
0x10480cc GetCPInfo
0x10480d0 LCMapStringA
0x10480d4 LCMapStringW
0x10480d8 GetFileType
0x10480dc CreateFileA
0x10480e0 SetStdHandle
0x10480e4 SetHandleCount
0x10480e8 GetStdHandle
0x10480ec GetStartupInfoA
0x10480f0 VirtualFree
0x10480f4 VirtualAlloc
0x10480f8 HeapReAlloc
0x10480fc HeapCreate
0x1048100 HeapDestroy
0x1048104 GetModuleHandleW
0x1048108 ExitProcess
0x104810c WriteFile
0x1048110 TlsGetValue
0x1048114 TlsAlloc
0x1048118 TlsSetValue
0x104811c TlsFree
0x1048120 SetLastError
0x1048124 GetACP
0x1048128 GetOEMCP
0x104812c IsValidCodePage
0x1048130 GetUserDefaultLCID
0x1048134 GetLocaleInfoA
0x1048138 EnumSystemLocalesA
0x104813c IsValidLocale
0x1048140 GetStringTypeA
0x1048144 GetStringTypeW
0x1048148 FreeEnvironmentStringsA
0x104814c GetEnvironmentStrings
0x1048150 FreeEnvironmentStringsW
0x1048154 GetEnvironmentStringsW
0x1048158 QueryPerformanceCounter
0x104815c GetTickCount
0x1048160 GetCurrentProcessId
0x1048164 GetSystemTimeAsFileTime
0x1048168 HeapSize
0x104816c GetConsoleCP
0x1048170 GetConsoleMode
0x1048174 FlushFileBuffers
0x1048178 ReadFile
0x104817c SetFilePointer
USER32.dll
0x1048184 SetForegroundWindow
0x1048188 CheckRadioButton
0x104818c SetClipboardData
0x1048190 DestroyWindow
0x1048194 SendMessageA
0x1048198 GetClipboardData
0x104819c SendDlgItemMessageA
ole32.dll
0x10481a4 OleInitialize
0x10481a8 OleUninitialize
IMM32.dll
0x1048000 ImmNotifyIME
0x1048004 ImmSetCompositionFontA
0x1048008 ImmGetContext
0x104800c ImmGetCompositionStringA
0x1048010 ImmSetCompositionWindow
0x1048014 ImmReleaseContext
EAT(Export Address Table) Library
0x102c6b0 Formweather
0x102c420 Piecehear
0x102b3f0 Stickregion
0x102c510 Would