Report - cd20abfd34fb6042d0c7450da9e61a77.exe

UPX Malicious Library PE File PE32
ScreenShot
Created 2021.08.12 09:49 Machine s1_win7_x6402
Filename cd20abfd34fb6042d0c7450da9e61a77.exe
Type PE32 executable (console) Intel 80386, for MS Windows
AI Score
8
Behavior Score
2.2
ZERO API file : malware
VT API (file) 39 detected (Midie, Unsafe, Malgent, DropperX, Eldorado, Malicious, Malware@#3r3edvcx6w8q0, DownLoader41, frogz, score, R436113, ai score=84, R002H09H521, GdSda, HgIASZwA)
md5 067c339dcdcb526383f64a591eca6d97
sha256 6647ec66a0bc49efe7b873499aeb5feb9abe8c18e0ab078e40d6eb7f00654244
ssdeep 768:POI8YVeUvnXH9+msT0k7U96PgXUNmTU9NEeelt5:GfOeA+msT+6Rw4HKlt5
imphash de794eaa348bcab90828044bdaf70bdd
impfuzzy 24:mDozu4vXHOovux7JHlkiv8ERRv6ukdA/Jzfci8KmE1EnXEQ05X:m4PuhxYWEA/Jzfci8KzOnU/
  Network IP location

Signature (5cnts)

Level Description
danger File has been identified by 39 AntiVirus engines on VirusTotal as malicious
watch Tries to unhook Windows functions monitored by Cuckoo
info Checks amount of memory in system
info One or more processes crashed
info The executable uses a known packer

Rules (4cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x409000 GetProcAddress
 0x409004 LoadLibraryA
 0x409008 lstrlenW
 0x40900c InterlockedDecrement
 0x409010 CloseHandle
 0x409014 WriteFile
 0x409018 CreateFileW
 0x40901c lstrcatW
 0x409020 RaiseException
 0x409024 LocalFree
 0x409028 lstrlenA
 0x40902c InterlockedIncrement
 0x409030 GetStringTypeW
 0x409034 GetStringTypeA
 0x409038 LCMapStringW
 0x40903c RtlUnwind
 0x409040 GetCommandLineA
 0x409044 GetVersion
 0x409048 ExitProcess
 0x40904c GetCurrentThreadId
 0x409050 TlsSetValue
 0x409054 TlsAlloc
 0x409058 SetLastError
 0x40905c TlsGetValue
 0x409060 GetLastError
 0x409064 HeapFree
 0x409068 HeapAlloc
 0x40906c TerminateProcess
 0x409070 GetCurrentProcess
 0x409074 UnhandledExceptionFilter
 0x409078 GetModuleFileNameA
 0x40907c FreeEnvironmentStringsA
 0x409080 FreeEnvironmentStringsW
 0x409084 WideCharToMultiByte
 0x409088 GetEnvironmentStrings
 0x40908c GetEnvironmentStringsW
 0x409090 SetHandleCount
 0x409094 GetStdHandle
 0x409098 GetFileType
 0x40909c GetStartupInfoA
 0x4090a0 GetModuleHandleA
 0x4090a4 GetEnvironmentVariableA
 0x4090a8 GetVersionExA
 0x4090ac HeapDestroy
 0x4090b0 HeapCreate
 0x4090b4 VirtualFree
 0x4090b8 SetUnhandledExceptionFilter
 0x4090bc IsBadReadPtr
 0x4090c0 IsBadWritePtr
 0x4090c4 IsBadCodePtr
 0x4090c8 InitializeCriticalSection
 0x4090cc EnterCriticalSection
 0x4090d0 LeaveCriticalSection
 0x4090d4 VirtualAlloc
 0x4090d8 HeapReAlloc
 0x4090dc GetCPInfo
 0x4090e0 GetACP
 0x4090e4 GetOEMCP
 0x4090e8 MultiByteToWideChar
 0x4090ec LCMapStringA
 0x4090f0 HeapSize
USER32.dll
 0x409130 wsprintfW
ole32.dll
 0x409138 CoInitialize
 0x40913c CoUninitialize
OLEAUT32.dll
 0x4090f8 VariantCopy
 0x4090fc VariantInit
 0x409100 SafeArrayGetDim
 0x409104 SafeArrayGetLBound
 0x409108 SafeArrayGetUBound
 0x40910c SafeArrayAccessData
 0x409110 SafeArrayUnaccessData
 0x409114 VariantClear
 0x409118 SysStringLen
 0x40911c SysAllocStringLen
 0x409120 SysFreeString
 0x409124 SysAllocString
 0x409128 GetErrorInfo

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure