ScreenShot
| Created | 2021.07.12 10:31 | Machine | s1_win7_x6402 |
| Filename | dexploer.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 48 detected (AIDetect, malware1, Agentb, Graftor, Wacatac, Unsafe, malicious, confidence, ZexaE, iuW@aaR6iRoi, PRCO, Attribute, HighConfidence, PowerPool, jxrj, Wqcm, Malware@#3e73yri9ucvng, Redcap, mupbo, VSNTG821, Static AI, Malicious PE, kcloud, ai score=85, GdSda) | ||
| md5 | d4602d1663b6b8b5dea53a0ef463eaf6 | ||
| sha256 | bf0762b9fc3866fa23cf6e76326d3164ff72af1cfc6094ff8f69b8f48f4e211d | ||
| ssdeep | 3072:0RiB5BH9Ta1YlkAwca1TBfqTNOhctZRm9IOxXoQ:0R29TmEHwd1TBCBOkZ8IOxX | ||
| imphash | 777800c7ddc0a42fc0145d8d93a4860a | ||
| impfuzzy | 96:QJYwh9nX3Hs3HE+7satrcS3rObbGDIvhX7PuVcazIjuoZ1o9AclNzeQQcuGIuayv:QVh9nsHrR3rObKL6a5oZPdgnB | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | IAmTheKing_Family | IAmTheKing Family | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
WINHTTP.dll
0x4162f4 WinHttpQueryHeaders
0x4162f8 WinHttpOpenRequest
0x4162fc WinHttpConnect
0x416300 WinHttpSendRequest
0x416304 WinHttpSetOption
0x416308 WinHttpSetTimeouts
0x41630c WinHttpGetProxyForUrl
0x416310 WinHttpReadData
0x416314 WinHttpOpen
0x416318 WinHttpQueryDataAvailable
0x41631c WinHttpReceiveResponse
0x416320 WinHttpCloseHandle
0x416324 WinHttpWriteData
0x416328 WinHttpGetIEProxyConfigForCurrentUser
0x41632c WinHttpAddRequestHeaders
WS2_32.dll
0x416334 WSAStartup
0x416338 inet_ntoa
0x41633c gethostname
0x416340 ntohs
0x416344 gethostbyname
SHLWAPI.dll
0x4162dc PathAppendW
VERSION.dll
0x4162e4 GetFileVersionInfoW
0x4162e8 VerQueryValueW
0x4162ec GetFileVersionInfoSizeW
IPHLPAPI.DLL
0x416068 GetExtendedUdpTable
0x41606c GetAdaptersAddresses
0x416070 GetExtendedTcpTable
PSAPI.DLL
0x4162cc GetModuleFileNameExW
WTSAPI32.dll
0x41634c WTSQueryUserToken
CRYPT32.dll
0x41605c CryptBinaryToStringA
0x416060 CryptStringToBinaryA
mfc90u.dll
0x416354 None
0x416358 None
0x41635c None
0x416360 None
0x416364 None
0x416368 None
0x41636c None
0x416370 None
0x416374 None
0x416378 None
0x41637c None
0x416380 None
0x416384 None
0x416388 None
0x41638c None
0x416390 None
0x416394 None
0x416398 None
0x41639c None
0x4163a0 None
0x4163a4 None
0x4163a8 None
MSVCR90.dll
0x4161e0 _CxxThrowException
0x4161e4 __wgetmainargs
0x4161e8 _amsg_exit
0x4161ec wcsncat_s
0x4161f0 vswprintf_s
0x4161f4 fseek
0x4161f8 ftell
0x4161fc fread
0x416200 _wfopen
0x416204 wprintf
0x416208 _vsnwprintf_s
0x41620c wcsncmp
0x416210 strncpy
0x416214 _beginthread
0x416218 _wtoi
0x41621c strncmp
0x416220 _vscwprintf
0x416224 wcsncpy_s
0x416228 sprintf
0x41622c _invalid_parameter_noinfo
0x416230 wcsncpy
0x416234 malloc
0x416238 free
0x41623c ??0exception@std@@QAE@ABV01@@Z
0x416240 ??0exception@std@@QAE@ABQBD@Z
0x416244 ??0exception@std@@QAE@XZ
0x416248 ??1exception@std@@UAE@XZ
0x41624c ?what@exception@std@@UBEPBDXZ
0x416250 swprintf_s
0x416254 _vswprintf
0x416258 sprintf_s
0x41625c _crt_debugger_hook
0x416260 _controlfp_s
0x416264 _invoke_watson
0x416268 _except_handler4_common
0x41626c ?terminate@@YAXXZ
0x416270 _decode_pointer
0x416274 _onexit
0x416278 _lock
0x41627c __dllonexit
0x416280 _unlock
0x416284 __set_app_type
0x416288 _encode_pointer
0x41628c __p__fmode
0x416290 __p__commode
0x416294 _adjust_fdiv
0x416298 __setusermatherr
0x41629c _configthreadlocale
0x4162a0 _initterm_e
0x4162a4 _initterm
0x4162a8 _wcmdln
0x4162ac exit
0x4162b0 _XcptFilter
0x4162b4 _exit
0x4162b8 _cexit
0x4162bc __CxxFrameHandler3
0x4162c0 fclose
0x4162c4 ?_type_info_dtor_internal_method@type_info@@QAEXXZ
KERNEL32.dll
0x416078 GetModuleFileNameW
0x41607c VerifyVersionInfoW
0x416080 GetLastError
0x416084 SetCurrentDirectoryW
0x416088 GetVersionExW
0x41608c SetEvent
0x416090 GetExitCodeThread
0x416094 CreateEventW
0x416098 FindVolumeClose
0x41609c FreeLibrary
0x4160a0 OpenProcess
0x4160a4 GetSystemDirectoryW
0x4160a8 LoadLibraryW
0x4160ac FindNextVolumeW
0x4160b0 GetVolumePathNamesForVolumeNameW
0x4160b4 Process32FirstW
0x4160b8 QueryDosDeviceW
0x4160bc Process32NextW
0x4160c0 GetModuleHandleA
0x4160c4 CreateToolhelp32Snapshot
0x4160c8 FindFirstVolumeW
0x4160cc InterlockedExchange
0x4160d0 InterlockedCompareExchange
0x4160d4 GetStartupInfoW
0x4160d8 SetUnhandledExceptionFilter
0x4160dc QueryPerformanceCounter
0x4160e0 GetCurrentThreadId
0x4160e4 IsDebuggerPresent
0x4160e8 UnhandledExceptionFilter
0x4160ec GetSystemTimeAsFileTime
0x4160f0 GetCurrentProcessId
0x4160f4 VerSetConditionMask
0x4160f8 GetSystemDefaultUILanguage
0x4160fc CreateMutexW
0x416100 ExitProcess
0x416104 GetCurrentDirectoryW
0x416108 FlushFileBuffers
0x41610c MultiByteToWideChar
0x416110 ExitThread
0x416114 TerminateProcess
0x416118 Sleep
0x41611c TerminateThread
0x416120 OutputDebugStringW
0x416124 PeekNamedPipe
0x416128 FileTimeToLocalFileTime
0x41612c FileTimeToSystemTime
0x416130 GetDriveTypeW
0x416134 DeleteFileW
0x416138 CloseHandle
0x41613c WTSGetActiveConsoleSessionId
0x416140 CreateFileW
0x416144 ReadFile
0x416148 WaitForSingleObject
0x41614c SetFilePointer
0x416150 GetFileSize
0x416154 CreatePipe
0x416158 GetProcAddress
0x41615c WideCharToMultiByte
0x416160 WriteFile
0x416164 GetTickCount
0x416168 GetModuleHandleW
0x41616c GetSystemDefaultLCID
0x416170 GetCurrentProcess
0x416174 CreateProcessW
ADVAPI32.dll
0x416000 CreateProcessAsUserW
0x416004 ImpersonateLoggedOnUser
0x416008 RevertToSelf
0x41600c CryptGetHashParam
0x416010 OpenServiceA
0x416014 CloseServiceHandle
0x416018 CryptAcquireContextW
0x41601c OpenSCManagerW
0x416020 GetUserNameW
0x416024 CryptReleaseContext
0x416028 CryptCreateHash
0x41602c GetUserNameA
0x416030 CryptDestroyHash
0x416034 CryptHashData
0x416038 StartServiceCtrlDispatcherA
0x41603c RegisterServiceCtrlHandlerA
0x416040 SetServiceStatus
0x416044 OpenProcessToken
0x416048 AdjustTokenPrivileges
0x41604c LookupAccountSidW
0x416050 LookupPrivilegeValueW
0x416054 GetTokenInformation
SHELL32.dll
0x4162d4 ShellExecuteW
MSVCP90.dll
0x41617c ??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
0x416180 ?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
0x416184 ?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
0x416188 ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
0x41618c ?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
0x416190 ?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
0x416194 ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
0x416198 ?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
0x41619c ?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
0x4161a0 ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
0x4161a4 ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
0x4161a8 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
0x4161ac ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
0x4161b0 ?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
0x4161b4 ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
0x4161b8 ?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
0x4161bc ?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
0x4161c0 ?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
0x4161c4 ?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
0x4161c8 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
0x4161cc ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
0x4161d0 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
0x4161d4 ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
0x4161d8 ?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
EAT(Export Address Table) is none
WINHTTP.dll
0x4162f4 WinHttpQueryHeaders
0x4162f8 WinHttpOpenRequest
0x4162fc WinHttpConnect
0x416300 WinHttpSendRequest
0x416304 WinHttpSetOption
0x416308 WinHttpSetTimeouts
0x41630c WinHttpGetProxyForUrl
0x416310 WinHttpReadData
0x416314 WinHttpOpen
0x416318 WinHttpQueryDataAvailable
0x41631c WinHttpReceiveResponse
0x416320 WinHttpCloseHandle
0x416324 WinHttpWriteData
0x416328 WinHttpGetIEProxyConfigForCurrentUser
0x41632c WinHttpAddRequestHeaders
WS2_32.dll
0x416334 WSAStartup
0x416338 inet_ntoa
0x41633c gethostname
0x416340 ntohs
0x416344 gethostbyname
SHLWAPI.dll
0x4162dc PathAppendW
VERSION.dll
0x4162e4 GetFileVersionInfoW
0x4162e8 VerQueryValueW
0x4162ec GetFileVersionInfoSizeW
IPHLPAPI.DLL
0x416068 GetExtendedUdpTable
0x41606c GetAdaptersAddresses
0x416070 GetExtendedTcpTable
PSAPI.DLL
0x4162cc GetModuleFileNameExW
WTSAPI32.dll
0x41634c WTSQueryUserToken
CRYPT32.dll
0x41605c CryptBinaryToStringA
0x416060 CryptStringToBinaryA
mfc90u.dll
0x416354 None
0x416358 None
0x41635c None
0x416360 None
0x416364 None
0x416368 None
0x41636c None
0x416370 None
0x416374 None
0x416378 None
0x41637c None
0x416380 None
0x416384 None
0x416388 None
0x41638c None
0x416390 None
0x416394 None
0x416398 None
0x41639c None
0x4163a0 None
0x4163a4 None
0x4163a8 None
MSVCR90.dll
0x4161e0 _CxxThrowException
0x4161e4 __wgetmainargs
0x4161e8 _amsg_exit
0x4161ec wcsncat_s
0x4161f0 vswprintf_s
0x4161f4 fseek
0x4161f8 ftell
0x4161fc fread
0x416200 _wfopen
0x416204 wprintf
0x416208 _vsnwprintf_s
0x41620c wcsncmp
0x416210 strncpy
0x416214 _beginthread
0x416218 _wtoi
0x41621c strncmp
0x416220 _vscwprintf
0x416224 wcsncpy_s
0x416228 sprintf
0x41622c _invalid_parameter_noinfo
0x416230 wcsncpy
0x416234 malloc
0x416238 free
0x41623c ??0exception@std@@QAE@ABV01@@Z
0x416240 ??0exception@std@@QAE@ABQBD@Z
0x416244 ??0exception@std@@QAE@XZ
0x416248 ??1exception@std@@UAE@XZ
0x41624c ?what@exception@std@@UBEPBDXZ
0x416250 swprintf_s
0x416254 _vswprintf
0x416258 sprintf_s
0x41625c _crt_debugger_hook
0x416260 _controlfp_s
0x416264 _invoke_watson
0x416268 _except_handler4_common
0x41626c ?terminate@@YAXXZ
0x416270 _decode_pointer
0x416274 _onexit
0x416278 _lock
0x41627c __dllonexit
0x416280 _unlock
0x416284 __set_app_type
0x416288 _encode_pointer
0x41628c __p__fmode
0x416290 __p__commode
0x416294 _adjust_fdiv
0x416298 __setusermatherr
0x41629c _configthreadlocale
0x4162a0 _initterm_e
0x4162a4 _initterm
0x4162a8 _wcmdln
0x4162ac exit
0x4162b0 _XcptFilter
0x4162b4 _exit
0x4162b8 _cexit
0x4162bc __CxxFrameHandler3
0x4162c0 fclose
0x4162c4 ?_type_info_dtor_internal_method@type_info@@QAEXXZ
KERNEL32.dll
0x416078 GetModuleFileNameW
0x41607c VerifyVersionInfoW
0x416080 GetLastError
0x416084 SetCurrentDirectoryW
0x416088 GetVersionExW
0x41608c SetEvent
0x416090 GetExitCodeThread
0x416094 CreateEventW
0x416098 FindVolumeClose
0x41609c FreeLibrary
0x4160a0 OpenProcess
0x4160a4 GetSystemDirectoryW
0x4160a8 LoadLibraryW
0x4160ac FindNextVolumeW
0x4160b0 GetVolumePathNamesForVolumeNameW
0x4160b4 Process32FirstW
0x4160b8 QueryDosDeviceW
0x4160bc Process32NextW
0x4160c0 GetModuleHandleA
0x4160c4 CreateToolhelp32Snapshot
0x4160c8 FindFirstVolumeW
0x4160cc InterlockedExchange
0x4160d0 InterlockedCompareExchange
0x4160d4 GetStartupInfoW
0x4160d8 SetUnhandledExceptionFilter
0x4160dc QueryPerformanceCounter
0x4160e0 GetCurrentThreadId
0x4160e4 IsDebuggerPresent
0x4160e8 UnhandledExceptionFilter
0x4160ec GetSystemTimeAsFileTime
0x4160f0 GetCurrentProcessId
0x4160f4 VerSetConditionMask
0x4160f8 GetSystemDefaultUILanguage
0x4160fc CreateMutexW
0x416100 ExitProcess
0x416104 GetCurrentDirectoryW
0x416108 FlushFileBuffers
0x41610c MultiByteToWideChar
0x416110 ExitThread
0x416114 TerminateProcess
0x416118 Sleep
0x41611c TerminateThread
0x416120 OutputDebugStringW
0x416124 PeekNamedPipe
0x416128 FileTimeToLocalFileTime
0x41612c FileTimeToSystemTime
0x416130 GetDriveTypeW
0x416134 DeleteFileW
0x416138 CloseHandle
0x41613c WTSGetActiveConsoleSessionId
0x416140 CreateFileW
0x416144 ReadFile
0x416148 WaitForSingleObject
0x41614c SetFilePointer
0x416150 GetFileSize
0x416154 CreatePipe
0x416158 GetProcAddress
0x41615c WideCharToMultiByte
0x416160 WriteFile
0x416164 GetTickCount
0x416168 GetModuleHandleW
0x41616c GetSystemDefaultLCID
0x416170 GetCurrentProcess
0x416174 CreateProcessW
ADVAPI32.dll
0x416000 CreateProcessAsUserW
0x416004 ImpersonateLoggedOnUser
0x416008 RevertToSelf
0x41600c CryptGetHashParam
0x416010 OpenServiceA
0x416014 CloseServiceHandle
0x416018 CryptAcquireContextW
0x41601c OpenSCManagerW
0x416020 GetUserNameW
0x416024 CryptReleaseContext
0x416028 CryptCreateHash
0x41602c GetUserNameA
0x416030 CryptDestroyHash
0x416034 CryptHashData
0x416038 StartServiceCtrlDispatcherA
0x41603c RegisterServiceCtrlHandlerA
0x416040 SetServiceStatus
0x416044 OpenProcessToken
0x416048 AdjustTokenPrivileges
0x41604c LookupAccountSidW
0x416050 LookupPrivilegeValueW
0x416054 GetTokenInformation
SHELL32.dll
0x4162d4 ShellExecuteW
MSVCP90.dll
0x41617c ??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
0x416180 ?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
0x416184 ?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
0x416188 ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
0x41618c ?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
0x416190 ?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
0x416194 ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
0x416198 ?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
0x41619c ?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
0x4161a0 ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
0x4161a4 ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
0x4161a8 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
0x4161ac ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
0x4161b0 ?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
0x4161b4 ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
0x4161b8 ?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
0x4161bc ?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
0x4161c0 ?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
0x4161c4 ?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
0x4161c8 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
0x4161cc ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
0x4161d0 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
0x4161d4 ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
0x4161d8 ?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
EAT(Export Address Table) is none