ScreenShot
| Created | 2021.07.22 10:34 | Machine | s1_win7_x6403_us |
| Filename | a.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 46 detected (Chromepass, malicious, high confidence, oq0@kK9ERXlO, Hacktool, Unsafe, PSWTool, confidence, ZBFX, PasswordRevealer, D potentially unsafe, Tool, ChromePassVariant, FileRepMetagen, NirPassView, Malware@#m51cuhbd5d44, Nirsoft Password Recovery, not malicious, NirsoftPT, PassView, ai score=77, ASMalwS, Wacatac, R346831, ChromePasswordTool, Generic@ML, RDML, 7NWhW+, C1ctzTDMUznAzEQ, Igent, bUkQId, susgen, HgIASQ8A) | ||
| md5 | cf53febec7e1376c2e42b3857ab25424 | ||
| sha256 | 0291e6c35ad5ed041579b75496fa212f04eb1c9d73f639349ddaa01e5da10906 | ||
| ssdeep | 6144:o08gJKENk2IwPDIIgK+TkQcKxRB/ERZ92aDck6:odgcEW2DgeM/EcaDck6 | ||
| imphash | aff246af2667d7ec446697339be86337 | ||
| impfuzzy | 96:hTsVh8pqQqgG3QhZhpGkUGRJz2Vc29I4FAESdZ9lD:9sVupqntAH3z2G293FAZ9lD | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
| notice | Steals private information from local Internet browsers |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x4302ec _purecall
0x4302f0 atoi
0x4302f4 toupper
0x4302f8 realloc
0x4302fc isalnum
0x430300 _gmtime64
0x430304 isxdigit
0x430308 tolower
0x43030c isspace
0x430310 isdigit
0x430314 strftime
0x430318 __dllonexit
0x43031c _onexit
0x430320 _c_exit
0x430324 _exit
0x430328 _XcptFilter
0x43032c _cexit
0x430330 _wcslwr
0x430334 _wcmdln
0x430338 __wgetmainargs
0x43033c free
0x430340 modf
0x430344 _wtoi
0x430348 wcstoul
0x43034c _itow
0x430350 strcmp
0x430354 memcmp
0x430358 memmove
0x43035c _memicmp
0x430360 ??2@YAPAXI@Z
0x430364 ??3@YAXPAX@Z
0x430368 memcpy
0x43036c wcscpy
0x430370 wcsrchr
0x430374 malloc
0x430378 exit
0x43037c log
0x430380 abs
0x430384 _wcsicmp
0x430388 wcscmp
0x43038c wcschr
0x430390 wcslen
0x430394 strlen
0x430398 memset
0x43039c wcsncat
0x4303a0 _snwprintf
0x4303a4 wcscat
0x4303a8 _initterm
0x4303ac __setusermatherr
0x4303b0 _adjust_fdiv
0x4303b4 __p__commode
0x4303b8 __p__fmode
0x4303bc __set_app_type
0x4303c0 _controlfp
0x4303c4 _except_handler3
COMCTL32.dll
0x430010 CreateToolbarEx
0x430014 ImageList_AddMasked
0x430018 ImageList_SetImageCount
0x43001c ImageList_Create
0x430020 None
0x430024 ImageList_ReplaceIcon
0x430028 CreateStatusWindowW
KERNEL32.dll
0x430058 AreFileApisANSI
0x43005c QueryPerformanceCounter
0x430060 GetSystemTime
0x430064 GetTempPathA
0x430068 InterlockedIncrement
0x43006c SetEndOfFile
0x430070 GetFileAttributesA
0x430074 LeaveCriticalSection
0x430078 UnlockFile
0x43007c CreateFileA
0x430080 DeleteCriticalSection
0x430084 Sleep
0x430088 GetFullPathNameA
0x43008c GetFullPathNameW
0x430090 InitializeCriticalSection
0x430094 GetSystemTimeAsFileTime
0x430098 EnterCriticalSection
0x43009c LockFileEx
0x4300a0 GetTickCount
0x4300a4 LocalAlloc
0x4300a8 EnumResourceTypesW
0x4300ac OpenProcess
0x4300b0 DeleteFileW
0x4300b4 LockFile
0x4300b8 CopyFileW
0x4300bc GetModuleHandleA
0x4300c0 GetStartupInfoW
0x4300c4 GetCurrentThreadId
0x4300c8 DeleteFileA
0x4300cc FlushFileBuffers
0x4300d0 CompareFileTime
0x4300d4 WriteFile
0x4300d8 FileTimeToLocalFileTime
0x4300dc WideCharToMultiByte
0x4300e0 SystemTimeToFileTime
0x4300e4 GetModuleHandleW
0x4300e8 LoadLibraryW
0x4300ec FileTimeToSystemTime
0x4300f0 GetProcAddress
0x4300f4 FindClose
0x4300f8 FindNextFileW
0x4300fc CloseHandle
0x430100 GetFileSize
0x430104 FindFirstFileW
0x430108 MultiByteToWideChar
0x43010c GetLastError
0x430110 GetPrivateProfileStringW
0x430114 WritePrivateProfileStringW
0x430118 GetPrivateProfileIntW
0x43011c EnumResourceNamesW
0x430120 FreeLibrary
0x430124 SetFilePointer
0x430128 CreateFileW
0x43012c GlobalAlloc
0x430130 GlobalUnlock
0x430134 FindResourceW
0x430138 GetSystemDirectoryW
0x43013c GetTempPathW
0x430140 LoadResource
0x430144 LoadLibraryExW
0x430148 SizeofResource
0x43014c FormatMessageW
0x430150 GlobalLock
0x430154 GetVersionExW
0x430158 GetWindowsDirectoryW
0x43015c GetTimeFormatW
0x430160 GetDateFormatW
0x430164 GetFileAttributesW
0x430168 LocalFree
0x43016c GetTempFileNameW
0x430170 ReadFile
0x430174 LockResource
0x430178 GetModuleFileNameW
0x43017c GetCurrentProcess
0x430180 ReadProcessMemory
0x430184 GetCurrentProcessId
0x430188 ExitProcess
0x43018c SetErrorMode
USER32.dll
0x4301b0 GetMessageW
0x4301b4 PostQuitMessage
0x4301b8 TrackPopupMenu
0x4301bc BeginDeferWindowPos
0x4301c0 RegisterWindowMessageW
0x4301c4 EndDeferWindowPos
0x4301c8 DispatchMessageW
0x4301cc DrawTextExW
0x4301d0 TranslateMessage
0x4301d4 IsDialogMessageW
0x4301d8 GetCursorPos
0x4301dc CheckMenuItem
0x4301e0 MoveWindow
0x4301e4 CloseClipboard
0x4301e8 GetMenuStringW
0x4301ec OpenClipboard
0x4301f0 LoadCursorW
0x4301f4 GetSysColorBrush
0x4301f8 ShowWindow
0x4301fc SetCursor
0x430200 ChildWindowFromPoint
0x430204 SetWindowTextW
0x430208 GetClientRect
0x43020c UpdateWindow
0x430210 SetDlgItemTextW
0x430214 GetDlgItemTextW
0x430218 GetSystemMetrics
0x43021c DeferWindowPos
0x430220 CreateWindowExW
0x430224 GetWindowRect
0x430228 GetDlgItemInt
0x43022c SendDlgItemMessageW
0x430230 EndDialog
0x430234 GetDlgItem
0x430238 InvalidateRect
0x43023c SetDlgItemInt
0x430240 LoadIconW
0x430244 SendMessageW
0x430248 MessageBoxW
0x43024c LoadImageW
0x430250 SetWindowPos
0x430254 GetWindowPlacement
0x430258 LoadAcceleratorsW
0x43025c PostMessageW
0x430260 DefWindowProcW
0x430264 TranslateAcceleratorW
0x430268 RegisterClassW
0x43026c SetMenu
0x430270 SetWindowLongW
0x430274 GetWindowLongW
0x430278 SetFocus
0x43027c GetMenuItemCount
0x430280 CreateDialogParamW
0x430284 EnumChildWindows
0x430288 LoadStringW
0x43028c DestroyWindow
0x430290 GetClassNameW
0x430294 GetWindowTextW
0x430298 LoadMenuW
0x43029c ModifyMenuW
0x4302a0 GetMenuItemInfoW
0x4302a4 GetDlgCtrlID
0x4302a8 DestroyMenu
0x4302ac GetParent
0x4302b0 DialogBoxParamW
0x4302b4 GetSysColor
0x4302b8 GetMenu
0x4302bc GetSubMenu
0x4302c0 SetClipboardData
0x4302c4 EnableWindow
0x4302c8 MapWindowPoints
0x4302cc GetDC
0x4302d0 EmptyClipboard
0x4302d4 EnableMenuItem
0x4302d8 ReleaseDC
GDI32.dll
0x430030 SetBkColor
0x430034 GetDeviceCaps
0x430038 SelectObject
0x43003c SetTextColor
0x430040 CreateFontIndirectW
0x430044 SetBkMode
0x430048 DeleteObject
0x43004c GetStockObject
0x430050 GetTextExtentPoint32W
comdlg32.dll
0x4302e0 GetSaveFileNameW
0x4302e4 FindTextW
ADVAPI32.dll
0x430000 RegCloseKey
0x430004 RegOpenKeyExW
0x430008 RegQueryValueExW
SHELL32.dll
0x430194 SHGetPathFromIDListW
0x430198 SHGetMalloc
0x43019c ShellExecuteExW
0x4301a0 SHBrowseForFolderW
0x4301a4 SHGetFileInfoW
0x4301a8 ShellExecuteW
ole32.dll
0x4303cc CoUninitialize
0x4303d0 CoInitialize
EAT(Export Address Table) is none
msvcrt.dll
0x4302ec _purecall
0x4302f0 atoi
0x4302f4 toupper
0x4302f8 realloc
0x4302fc isalnum
0x430300 _gmtime64
0x430304 isxdigit
0x430308 tolower
0x43030c isspace
0x430310 isdigit
0x430314 strftime
0x430318 __dllonexit
0x43031c _onexit
0x430320 _c_exit
0x430324 _exit
0x430328 _XcptFilter
0x43032c _cexit
0x430330 _wcslwr
0x430334 _wcmdln
0x430338 __wgetmainargs
0x43033c free
0x430340 modf
0x430344 _wtoi
0x430348 wcstoul
0x43034c _itow
0x430350 strcmp
0x430354 memcmp
0x430358 memmove
0x43035c _memicmp
0x430360 ??2@YAPAXI@Z
0x430364 ??3@YAXPAX@Z
0x430368 memcpy
0x43036c wcscpy
0x430370 wcsrchr
0x430374 malloc
0x430378 exit
0x43037c log
0x430380 abs
0x430384 _wcsicmp
0x430388 wcscmp
0x43038c wcschr
0x430390 wcslen
0x430394 strlen
0x430398 memset
0x43039c wcsncat
0x4303a0 _snwprintf
0x4303a4 wcscat
0x4303a8 _initterm
0x4303ac __setusermatherr
0x4303b0 _adjust_fdiv
0x4303b4 __p__commode
0x4303b8 __p__fmode
0x4303bc __set_app_type
0x4303c0 _controlfp
0x4303c4 _except_handler3
COMCTL32.dll
0x430010 CreateToolbarEx
0x430014 ImageList_AddMasked
0x430018 ImageList_SetImageCount
0x43001c ImageList_Create
0x430020 None
0x430024 ImageList_ReplaceIcon
0x430028 CreateStatusWindowW
KERNEL32.dll
0x430058 AreFileApisANSI
0x43005c QueryPerformanceCounter
0x430060 GetSystemTime
0x430064 GetTempPathA
0x430068 InterlockedIncrement
0x43006c SetEndOfFile
0x430070 GetFileAttributesA
0x430074 LeaveCriticalSection
0x430078 UnlockFile
0x43007c CreateFileA
0x430080 DeleteCriticalSection
0x430084 Sleep
0x430088 GetFullPathNameA
0x43008c GetFullPathNameW
0x430090 InitializeCriticalSection
0x430094 GetSystemTimeAsFileTime
0x430098 EnterCriticalSection
0x43009c LockFileEx
0x4300a0 GetTickCount
0x4300a4 LocalAlloc
0x4300a8 EnumResourceTypesW
0x4300ac OpenProcess
0x4300b0 DeleteFileW
0x4300b4 LockFile
0x4300b8 CopyFileW
0x4300bc GetModuleHandleA
0x4300c0 GetStartupInfoW
0x4300c4 GetCurrentThreadId
0x4300c8 DeleteFileA
0x4300cc FlushFileBuffers
0x4300d0 CompareFileTime
0x4300d4 WriteFile
0x4300d8 FileTimeToLocalFileTime
0x4300dc WideCharToMultiByte
0x4300e0 SystemTimeToFileTime
0x4300e4 GetModuleHandleW
0x4300e8 LoadLibraryW
0x4300ec FileTimeToSystemTime
0x4300f0 GetProcAddress
0x4300f4 FindClose
0x4300f8 FindNextFileW
0x4300fc CloseHandle
0x430100 GetFileSize
0x430104 FindFirstFileW
0x430108 MultiByteToWideChar
0x43010c GetLastError
0x430110 GetPrivateProfileStringW
0x430114 WritePrivateProfileStringW
0x430118 GetPrivateProfileIntW
0x43011c EnumResourceNamesW
0x430120 FreeLibrary
0x430124 SetFilePointer
0x430128 CreateFileW
0x43012c GlobalAlloc
0x430130 GlobalUnlock
0x430134 FindResourceW
0x430138 GetSystemDirectoryW
0x43013c GetTempPathW
0x430140 LoadResource
0x430144 LoadLibraryExW
0x430148 SizeofResource
0x43014c FormatMessageW
0x430150 GlobalLock
0x430154 GetVersionExW
0x430158 GetWindowsDirectoryW
0x43015c GetTimeFormatW
0x430160 GetDateFormatW
0x430164 GetFileAttributesW
0x430168 LocalFree
0x43016c GetTempFileNameW
0x430170 ReadFile
0x430174 LockResource
0x430178 GetModuleFileNameW
0x43017c GetCurrentProcess
0x430180 ReadProcessMemory
0x430184 GetCurrentProcessId
0x430188 ExitProcess
0x43018c SetErrorMode
USER32.dll
0x4301b0 GetMessageW
0x4301b4 PostQuitMessage
0x4301b8 TrackPopupMenu
0x4301bc BeginDeferWindowPos
0x4301c0 RegisterWindowMessageW
0x4301c4 EndDeferWindowPos
0x4301c8 DispatchMessageW
0x4301cc DrawTextExW
0x4301d0 TranslateMessage
0x4301d4 IsDialogMessageW
0x4301d8 GetCursorPos
0x4301dc CheckMenuItem
0x4301e0 MoveWindow
0x4301e4 CloseClipboard
0x4301e8 GetMenuStringW
0x4301ec OpenClipboard
0x4301f0 LoadCursorW
0x4301f4 GetSysColorBrush
0x4301f8 ShowWindow
0x4301fc SetCursor
0x430200 ChildWindowFromPoint
0x430204 SetWindowTextW
0x430208 GetClientRect
0x43020c UpdateWindow
0x430210 SetDlgItemTextW
0x430214 GetDlgItemTextW
0x430218 GetSystemMetrics
0x43021c DeferWindowPos
0x430220 CreateWindowExW
0x430224 GetWindowRect
0x430228 GetDlgItemInt
0x43022c SendDlgItemMessageW
0x430230 EndDialog
0x430234 GetDlgItem
0x430238 InvalidateRect
0x43023c SetDlgItemInt
0x430240 LoadIconW
0x430244 SendMessageW
0x430248 MessageBoxW
0x43024c LoadImageW
0x430250 SetWindowPos
0x430254 GetWindowPlacement
0x430258 LoadAcceleratorsW
0x43025c PostMessageW
0x430260 DefWindowProcW
0x430264 TranslateAcceleratorW
0x430268 RegisterClassW
0x43026c SetMenu
0x430270 SetWindowLongW
0x430274 GetWindowLongW
0x430278 SetFocus
0x43027c GetMenuItemCount
0x430280 CreateDialogParamW
0x430284 EnumChildWindows
0x430288 LoadStringW
0x43028c DestroyWindow
0x430290 GetClassNameW
0x430294 GetWindowTextW
0x430298 LoadMenuW
0x43029c ModifyMenuW
0x4302a0 GetMenuItemInfoW
0x4302a4 GetDlgCtrlID
0x4302a8 DestroyMenu
0x4302ac GetParent
0x4302b0 DialogBoxParamW
0x4302b4 GetSysColor
0x4302b8 GetMenu
0x4302bc GetSubMenu
0x4302c0 SetClipboardData
0x4302c4 EnableWindow
0x4302c8 MapWindowPoints
0x4302cc GetDC
0x4302d0 EmptyClipboard
0x4302d4 EnableMenuItem
0x4302d8 ReleaseDC
GDI32.dll
0x430030 SetBkColor
0x430034 GetDeviceCaps
0x430038 SelectObject
0x43003c SetTextColor
0x430040 CreateFontIndirectW
0x430044 SetBkMode
0x430048 DeleteObject
0x43004c GetStockObject
0x430050 GetTextExtentPoint32W
comdlg32.dll
0x4302e0 GetSaveFileNameW
0x4302e4 FindTextW
ADVAPI32.dll
0x430000 RegCloseKey
0x430004 RegOpenKeyExW
0x430008 RegQueryValueExW
SHELL32.dll
0x430194 SHGetPathFromIDListW
0x430198 SHGetMalloc
0x43019c ShellExecuteExW
0x4301a0 SHBrowseForFolderW
0x4301a4 SHGetFileInfoW
0x4301a8 ShellExecuteW
ole32.dll
0x4303cc CoUninitialize
0x4303d0 CoInitialize
EAT(Export Address Table) is none