ScreenShot
| Created | 2021.07.12 13:32 | Machine | s1_win7_x6401 |
| Filename | Jople.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 44 detected (AIDetect, malware1, Reline, malicious, high confidence, GenericKD, TrojanPSW, ZexaF, @R0@aClW0bmG, Attribute, HighConfidence, a variant of Generik, HIDJCSG, Generic@ML, RDML, SECSbvnvss6Jkqp6JU91fQ, Drixed, egipp, KVMH008, kcloud, Tnega, score, Artemis, ai score=83, BScope, Wacatac, Themida, Static AI, Malicious PE, Unsafe, PossibleThreat, PALLASNET, susgen, confidence, HxMBensA) | ||
| md5 | 0ed8664e0ae8bb176b6d0fc0251b608e | ||
| sha256 | 2959cc74425b45398b7195a26a779dedba3a7cfb28387e50f5b270dda38dd665 | ||
| ssdeep | 98304:STSqui3+XvGqgHV+QGcu3fs0NWBsARD+mhryFItygoLi+FTZ9ia9qzR9:/quiuXOb+D3fo+uk9iiZ9jM | ||
| imphash | d30c2e444a9895fe13a656f52f1ddbb6 | ||
| impfuzzy | 48:Jp14ASXB2Zcp++vZZZCTGXtpdT9y6R/g5ZXpcM5Q8:Jp1AXB2Zcp+qjOGXtpl9fiZXpcu/ | ||
Network IP location
Signature (26cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 44 AntiVirus engines on VirusTotal as malicious |
| watch | Checks for the presence of known windows from debuggers and forensic tools |
| watch | Checks the version of Bios |
| watch | Collects information about installed applications |
| watch | Communicates with host for which no DNS query was performed |
| watch | Detects Virtual Machines through their custom firmware |
| watch | Detects VirtualBox through the presence of a registry key |
| watch | Detects VMWare through the in instruction feature |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Foreign language identified in PE resource |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Queries for potentially installed applications |
| notice | Steals private information from local Internet browsers |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | Tries to locate where the browsers are installed |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Win32_Trojan_PWS_Net_1_Zero | Win32 Trojan PWS .NET Azorult | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | Is_DotNET_EXE | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win_Backdoor_AsyncRAT_Zero | Win Backdoor AsyncRAT | binaries (upload) |
Network (5cnts) ?
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0xc4e000 GetModuleHandleA
mscoree.dll
0xc4e008 _CorExeMain
WTSAPI32.dll
0xc4e010 WTSSendMessageW
kernel32.dll
0xc4e018 VirtualQuery
0xc4e01c GetSystemTimeAsFileTime
0xc4e020 GetModuleHandleA
0xc4e024 CreateEventA
0xc4e028 GetModuleFileNameW
0xc4e02c LoadLibraryA
0xc4e030 TerminateProcess
0xc4e034 GetCurrentProcess
0xc4e038 CreateToolhelp32Snapshot
0xc4e03c Thread32First
0xc4e040 GetCurrentProcessId
0xc4e044 GetCurrentThreadId
0xc4e048 OpenThread
0xc4e04c Thread32Next
0xc4e050 CloseHandle
0xc4e054 SuspendThread
0xc4e058 ResumeThread
0xc4e05c WriteProcessMemory
0xc4e060 GetSystemInfo
0xc4e064 VirtualAlloc
0xc4e068 VirtualProtect
0xc4e06c VirtualFree
0xc4e070 GetProcessAffinityMask
0xc4e074 SetProcessAffinityMask
0xc4e078 GetCurrentThread
0xc4e07c SetThreadAffinityMask
0xc4e080 Sleep
0xc4e084 FreeLibrary
0xc4e088 GetTickCount
0xc4e08c GlobalFree
0xc4e090 GetProcAddress
0xc4e094 LocalAlloc
0xc4e098 LocalFree
0xc4e09c ExitProcess
0xc4e0a0 EnterCriticalSection
0xc4e0a4 LeaveCriticalSection
0xc4e0a8 InitializeCriticalSection
0xc4e0ac DeleteCriticalSection
0xc4e0b0 GetModuleHandleW
0xc4e0b4 LoadResource
0xc4e0b8 MultiByteToWideChar
0xc4e0bc FindResourceExW
0xc4e0c0 FindResourceExA
0xc4e0c4 WideCharToMultiByte
0xc4e0c8 GetThreadLocale
0xc4e0cc GetUserDefaultLCID
0xc4e0d0 GetSystemDefaultLCID
0xc4e0d4 EnumResourceNamesA
0xc4e0d8 EnumResourceNamesW
0xc4e0dc EnumResourceLanguagesA
0xc4e0e0 EnumResourceLanguagesW
0xc4e0e4 EnumResourceTypesA
0xc4e0e8 EnumResourceTypesW
0xc4e0ec CreateFileW
0xc4e0f0 LoadLibraryW
0xc4e0f4 GetLastError
0xc4e0f8 FlushFileBuffers
0xc4e0fc CreateFileA
0xc4e100 WriteConsoleW
0xc4e104 GetConsoleOutputCP
0xc4e108 WriteConsoleA
0xc4e10c GetCommandLineA
0xc4e110 RaiseException
0xc4e114 RtlUnwind
0xc4e118 HeapFree
0xc4e11c GetCPInfo
0xc4e120 InterlockedIncrement
0xc4e124 InterlockedDecrement
0xc4e128 GetACP
0xc4e12c GetOEMCP
0xc4e130 IsValidCodePage
0xc4e134 TlsGetValue
0xc4e138 TlsAlloc
0xc4e13c TlsSetValue
0xc4e140 TlsFree
0xc4e144 SetLastError
0xc4e148 UnhandledExceptionFilter
0xc4e14c SetUnhandledExceptionFilter
0xc4e150 IsDebuggerPresent
0xc4e154 HeapAlloc
0xc4e158 LCMapStringA
0xc4e15c LCMapStringW
0xc4e160 SetHandleCount
0xc4e164 GetStdHandle
0xc4e168 GetFileType
0xc4e16c GetStartupInfoA
0xc4e170 GetModuleFileNameA
0xc4e174 FreeEnvironmentStringsA
0xc4e178 GetEnvironmentStrings
0xc4e17c FreeEnvironmentStringsW
0xc4e180 GetEnvironmentStringsW
0xc4e184 HeapCreate
0xc4e188 HeapDestroy
0xc4e18c QueryPerformanceCounter
0xc4e190 HeapReAlloc
0xc4e194 GetStringTypeA
0xc4e198 GetStringTypeW
0xc4e19c GetLocaleInfoA
0xc4e1a0 HeapSize
0xc4e1a4 WriteFile
0xc4e1a8 SetFilePointer
0xc4e1ac GetConsoleCP
0xc4e1b0 GetConsoleMode
0xc4e1b4 InitializeCriticalSectionAndSpinCount
0xc4e1b8 SetStdHandle
USER32.dll
0xc4e1c0 GetUserObjectInformationW
0xc4e1c4 CharUpperBuffW
0xc4e1c8 MessageBoxW
0xc4e1cc GetProcessWindowStation
kernel32.dll
0xc4e1d4 LocalAlloc
0xc4e1d8 LocalFree
0xc4e1dc GetModuleFileNameW
0xc4e1e0 GetProcessAffinityMask
0xc4e1e4 SetProcessAffinityMask
0xc4e1e8 SetThreadAffinityMask
0xc4e1ec Sleep
0xc4e1f0 ExitProcess
0xc4e1f4 FreeLibrary
0xc4e1f8 LoadLibraryA
0xc4e1fc GetModuleHandleA
0xc4e200 GetProcAddress
USER32.dll
0xc4e208 GetProcessWindowStation
0xc4e20c GetUserObjectInformationW
EAT(Export Address Table) is none
kernel32.dll
0xc4e000 GetModuleHandleA
mscoree.dll
0xc4e008 _CorExeMain
WTSAPI32.dll
0xc4e010 WTSSendMessageW
kernel32.dll
0xc4e018 VirtualQuery
0xc4e01c GetSystemTimeAsFileTime
0xc4e020 GetModuleHandleA
0xc4e024 CreateEventA
0xc4e028 GetModuleFileNameW
0xc4e02c LoadLibraryA
0xc4e030 TerminateProcess
0xc4e034 GetCurrentProcess
0xc4e038 CreateToolhelp32Snapshot
0xc4e03c Thread32First
0xc4e040 GetCurrentProcessId
0xc4e044 GetCurrentThreadId
0xc4e048 OpenThread
0xc4e04c Thread32Next
0xc4e050 CloseHandle
0xc4e054 SuspendThread
0xc4e058 ResumeThread
0xc4e05c WriteProcessMemory
0xc4e060 GetSystemInfo
0xc4e064 VirtualAlloc
0xc4e068 VirtualProtect
0xc4e06c VirtualFree
0xc4e070 GetProcessAffinityMask
0xc4e074 SetProcessAffinityMask
0xc4e078 GetCurrentThread
0xc4e07c SetThreadAffinityMask
0xc4e080 Sleep
0xc4e084 FreeLibrary
0xc4e088 GetTickCount
0xc4e08c GlobalFree
0xc4e090 GetProcAddress
0xc4e094 LocalAlloc
0xc4e098 LocalFree
0xc4e09c ExitProcess
0xc4e0a0 EnterCriticalSection
0xc4e0a4 LeaveCriticalSection
0xc4e0a8 InitializeCriticalSection
0xc4e0ac DeleteCriticalSection
0xc4e0b0 GetModuleHandleW
0xc4e0b4 LoadResource
0xc4e0b8 MultiByteToWideChar
0xc4e0bc FindResourceExW
0xc4e0c0 FindResourceExA
0xc4e0c4 WideCharToMultiByte
0xc4e0c8 GetThreadLocale
0xc4e0cc GetUserDefaultLCID
0xc4e0d0 GetSystemDefaultLCID
0xc4e0d4 EnumResourceNamesA
0xc4e0d8 EnumResourceNamesW
0xc4e0dc EnumResourceLanguagesA
0xc4e0e0 EnumResourceLanguagesW
0xc4e0e4 EnumResourceTypesA
0xc4e0e8 EnumResourceTypesW
0xc4e0ec CreateFileW
0xc4e0f0 LoadLibraryW
0xc4e0f4 GetLastError
0xc4e0f8 FlushFileBuffers
0xc4e0fc CreateFileA
0xc4e100 WriteConsoleW
0xc4e104 GetConsoleOutputCP
0xc4e108 WriteConsoleA
0xc4e10c GetCommandLineA
0xc4e110 RaiseException
0xc4e114 RtlUnwind
0xc4e118 HeapFree
0xc4e11c GetCPInfo
0xc4e120 InterlockedIncrement
0xc4e124 InterlockedDecrement
0xc4e128 GetACP
0xc4e12c GetOEMCP
0xc4e130 IsValidCodePage
0xc4e134 TlsGetValue
0xc4e138 TlsAlloc
0xc4e13c TlsSetValue
0xc4e140 TlsFree
0xc4e144 SetLastError
0xc4e148 UnhandledExceptionFilter
0xc4e14c SetUnhandledExceptionFilter
0xc4e150 IsDebuggerPresent
0xc4e154 HeapAlloc
0xc4e158 LCMapStringA
0xc4e15c LCMapStringW
0xc4e160 SetHandleCount
0xc4e164 GetStdHandle
0xc4e168 GetFileType
0xc4e16c GetStartupInfoA
0xc4e170 GetModuleFileNameA
0xc4e174 FreeEnvironmentStringsA
0xc4e178 GetEnvironmentStrings
0xc4e17c FreeEnvironmentStringsW
0xc4e180 GetEnvironmentStringsW
0xc4e184 HeapCreate
0xc4e188 HeapDestroy
0xc4e18c QueryPerformanceCounter
0xc4e190 HeapReAlloc
0xc4e194 GetStringTypeA
0xc4e198 GetStringTypeW
0xc4e19c GetLocaleInfoA
0xc4e1a0 HeapSize
0xc4e1a4 WriteFile
0xc4e1a8 SetFilePointer
0xc4e1ac GetConsoleCP
0xc4e1b0 GetConsoleMode
0xc4e1b4 InitializeCriticalSectionAndSpinCount
0xc4e1b8 SetStdHandle
USER32.dll
0xc4e1c0 GetUserObjectInformationW
0xc4e1c4 CharUpperBuffW
0xc4e1c8 MessageBoxW
0xc4e1cc GetProcessWindowStation
kernel32.dll
0xc4e1d4 LocalAlloc
0xc4e1d8 LocalFree
0xc4e1dc GetModuleFileNameW
0xc4e1e0 GetProcessAffinityMask
0xc4e1e4 SetProcessAffinityMask
0xc4e1e8 SetThreadAffinityMask
0xc4e1ec Sleep
0xc4e1f0 ExitProcess
0xc4e1f4 FreeLibrary
0xc4e1f8 LoadLibraryA
0xc4e1fc GetModuleHandleA
0xc4e200 GetProcAddress
USER32.dll
0xc4e208 GetProcessWindowStation
0xc4e20c GetUserObjectInformationW
EAT(Export Address Table) is none