ScreenShot
| Created | 2021.08.14 09:45 | Machine | s1_win7_x6403_us |
| Filename | services.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 57 detected (malicious, high confidence, GenericKD, MauvaiseRI, S5244871, FJYJ, Unsafe, Farfli, Save, Zlob, confidence, 100%, ZZJG, Zegost, akdq, BesysAd, eljjnl, Generic@ML, RDML, qpGP2, p3Blnakb5J5isA, Redosdru, FG@6j5x7c, SM17, Static AI, Malicious PE, Hupigon, ayjb, XPACK, Gen3, ASCommon, Tencent, 1NT5ZA2, score, R187699, ai score=83, Gencirc, GenAsa, rUmyptG9Mc4, Genetic, HwcB3JYA) | ||
| md5 | efc0f46f3fa314f232394e2cb781659f | ||
| sha256 | 56a4482d9b2138c32622fb4ab0b5ec599cdc881021628a7939a854778351edf1 | ||
| ssdeep | 1536:kOF6APNRdilNVyTnPAVfXGDpmdXn/OAY6TLcXKd1A:lFXPNbilNVyTPAVfWwV/FNU | ||
| imphash | 7ca35f2e334ab384d940a0b3696ed721 | ||
| impfuzzy | 48:PDGu1XWXbVrq30DAxI6nRE5+x02GcqA8bXIQUHBZALVCMyXSeQkFhHAr5XEow2FS:bG4WLQ30DKnRA+RGcqA8bXIQU | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 57 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Installs itself for autorun at Windows startup |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a service |
| notice | Creates executable files on the filesystem |
| notice | Foreign language identified in PE resource |
| info | The executable uses a known packer |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Suricata ids
ET INFO Dotted Quad Host DLL Request
PE API
IAT(Import Address Table) Library
MFC42.DLL
0x406078 None
0x40607c None
0x406080 None
0x406084 None
0x406088 None
0x40608c None
0x406090 None
0x406094 None
0x406098 None
0x40609c None
0x4060a0 None
0x4060a4 None
0x4060a8 None
0x4060ac None
0x4060b0 None
0x4060b4 None
0x4060b8 None
0x4060bc None
0x4060c0 None
0x4060c4 None
0x4060c8 None
0x4060cc None
0x4060d0 None
0x4060d4 None
0x4060d8 None
0x4060dc None
0x4060e0 None
0x4060e4 None
0x4060e8 None
0x4060ec None
0x4060f0 None
0x4060f4 None
0x4060f8 None
0x4060fc None
0x406100 None
0x406104 None
0x406108 None
0x40610c None
0x406110 None
0x406114 None
0x406118 None
0x40611c None
0x406120 None
0x406124 None
0x406128 None
0x40612c None
0x406130 None
0x406134 None
0x406138 None
0x40613c None
0x406140 None
0x406144 None
0x406148 None
0x40614c None
0x406150 None
0x406154 None
0x406158 None
0x40615c None
0x406160 None
0x406164 None
0x406168 None
0x40616c None
0x406170 None
0x406174 None
0x406178 None
0x40617c None
0x406180 None
0x406184 None
0x406188 None
0x40618c None
0x406190 None
0x406194 None
0x406198 None
0x40619c None
0x4061a0 None
0x4061a4 None
0x4061a8 None
0x4061ac None
0x4061b0 None
0x4061b4 None
0x4061b8 None
0x4061bc None
0x4061c0 None
0x4061c4 None
0x4061c8 None
0x4061cc None
0x4061d0 None
0x4061d4 None
0x4061d8 None
0x4061dc None
0x4061e0 None
0x4061e4 None
0x4061e8 None
0x4061ec None
0x4061f0 None
0x4061f4 None
0x4061f8 None
0x4061fc None
0x406200 None
0x406204 None
0x406208 None
0x40620c None
0x406210 None
0x406214 None
0x406218 None
0x40621c None
0x406220 None
0x406224 None
0x406228 None
0x40622c None
0x406230 None
0x406234 None
0x406238 None
0x40623c None
0x406240 None
0x406244 None
0x406248 None
0x40624c None
0x406250 None
0x406254 None
0x406258 None
0x40625c None
0x406260 None
0x406264 None
0x406268 None
0x40626c None
0x406270 None
0x406274 None
0x406278 None
0x40627c None
0x406280 None
0x406284 None
0x406288 None
0x40628c None
0x406290 None
0x406294 None
MSVCRT.dll
0x40629c _controlfp
0x4062a0 _except_handler3
0x4062a4 __set_app_type
0x4062a8 __p__fmode
0x4062ac __p__commode
0x4062b0 _adjust_fdiv
0x4062b4 __setusermatherr
0x4062b8 _initterm
0x4062bc __CxxFrameHandler
0x4062c0 malloc
0x4062c4 _CxxThrowException
0x4062c8 free
0x4062cc realloc
0x4062d0 __dllonexit
0x4062d4 _onexit
0x4062d8 ??1type_info@@UAE@XZ
0x4062dc _exit
0x4062e0 _XcptFilter
0x4062e4 exit
0x4062e8 _acmdln
0x4062ec __getmainargs
0x4062f0 _stricmp
KERNEL32.dll
0x406030 FreeLibrary
0x406034 HeapFree
0x406038 GetStartupInfoA
0x40603c IsBadReadPtr
0x406040 VirtualFree
0x406044 VirtualProtect
0x406048 VirtualAlloc
0x40604c CloseHandle
0x406050 CreateFileA
0x406054 GetProcAddress
0x406058 Sleep
0x40605c LoadLibraryA
0x406060 ReadFile
0x406064 GetFileSize
0x406068 GetModuleHandleA
0x40606c GetProcessHeap
0x406070 HeapAlloc
USER32.dll
0x406308 DrawIconEx
0x40630c IsIconic
0x406310 GetWindowRect
0x406314 IsZoomed
0x406318 PtInRect
0x40631c DrawIcon
0x406320 OffsetRect
0x406324 AppendMenuA
0x406328 LoadIconA
0x40632c InvalidateRect
0x406330 CopyRect
0x406334 GetSystemMetrics
0x406338 GetParent
0x40633c IsWindow
0x406340 GetWindowDC
0x406344 GetSystemMenu
0x406348 ReleaseDC
0x40634c SendMessageA
0x406350 EnableWindow
0x406354 GetClientRect
0x406358 FillRect
0x40635c LoadBitmapA
GDI32.dll
0x406010 BitBlt
0x406014 GetTextColor
0x406018 CreateFontA
0x40601c GetObjectA
0x406020 GetTextExtentPoint32A
0x406024 CreateSolidBrush
0x406028 CreateCompatibleDC
SHELL32.dll
0x4062f8 SHBrowseForFolderA
0x4062fc SHGetPathFromIDListA
0x406300 SHGetMalloc
COMCTL32.dll
0x406000 ImageList_GetImageInfo
0x406004 ImageList_Draw
0x406008 ImageList_ReplaceIcon
imagehlp.dll
0x406374 MakeSureDirectoryPathExists
WININET.dll
0x406364 InternetCloseHandle
0x406368 InternetReadFile
0x40636c InternetOpenUrlA
EAT(Export Address Table) is none
MFC42.DLL
0x406078 None
0x40607c None
0x406080 None
0x406084 None
0x406088 None
0x40608c None
0x406090 None
0x406094 None
0x406098 None
0x40609c None
0x4060a0 None
0x4060a4 None
0x4060a8 None
0x4060ac None
0x4060b0 None
0x4060b4 None
0x4060b8 None
0x4060bc None
0x4060c0 None
0x4060c4 None
0x4060c8 None
0x4060cc None
0x4060d0 None
0x4060d4 None
0x4060d8 None
0x4060dc None
0x4060e0 None
0x4060e4 None
0x4060e8 None
0x4060ec None
0x4060f0 None
0x4060f4 None
0x4060f8 None
0x4060fc None
0x406100 None
0x406104 None
0x406108 None
0x40610c None
0x406110 None
0x406114 None
0x406118 None
0x40611c None
0x406120 None
0x406124 None
0x406128 None
0x40612c None
0x406130 None
0x406134 None
0x406138 None
0x40613c None
0x406140 None
0x406144 None
0x406148 None
0x40614c None
0x406150 None
0x406154 None
0x406158 None
0x40615c None
0x406160 None
0x406164 None
0x406168 None
0x40616c None
0x406170 None
0x406174 None
0x406178 None
0x40617c None
0x406180 None
0x406184 None
0x406188 None
0x40618c None
0x406190 None
0x406194 None
0x406198 None
0x40619c None
0x4061a0 None
0x4061a4 None
0x4061a8 None
0x4061ac None
0x4061b0 None
0x4061b4 None
0x4061b8 None
0x4061bc None
0x4061c0 None
0x4061c4 None
0x4061c8 None
0x4061cc None
0x4061d0 None
0x4061d4 None
0x4061d8 None
0x4061dc None
0x4061e0 None
0x4061e4 None
0x4061e8 None
0x4061ec None
0x4061f0 None
0x4061f4 None
0x4061f8 None
0x4061fc None
0x406200 None
0x406204 None
0x406208 None
0x40620c None
0x406210 None
0x406214 None
0x406218 None
0x40621c None
0x406220 None
0x406224 None
0x406228 None
0x40622c None
0x406230 None
0x406234 None
0x406238 None
0x40623c None
0x406240 None
0x406244 None
0x406248 None
0x40624c None
0x406250 None
0x406254 None
0x406258 None
0x40625c None
0x406260 None
0x406264 None
0x406268 None
0x40626c None
0x406270 None
0x406274 None
0x406278 None
0x40627c None
0x406280 None
0x406284 None
0x406288 None
0x40628c None
0x406290 None
0x406294 None
MSVCRT.dll
0x40629c _controlfp
0x4062a0 _except_handler3
0x4062a4 __set_app_type
0x4062a8 __p__fmode
0x4062ac __p__commode
0x4062b0 _adjust_fdiv
0x4062b4 __setusermatherr
0x4062b8 _initterm
0x4062bc __CxxFrameHandler
0x4062c0 malloc
0x4062c4 _CxxThrowException
0x4062c8 free
0x4062cc realloc
0x4062d0 __dllonexit
0x4062d4 _onexit
0x4062d8 ??1type_info@@UAE@XZ
0x4062dc _exit
0x4062e0 _XcptFilter
0x4062e4 exit
0x4062e8 _acmdln
0x4062ec __getmainargs
0x4062f0 _stricmp
KERNEL32.dll
0x406030 FreeLibrary
0x406034 HeapFree
0x406038 GetStartupInfoA
0x40603c IsBadReadPtr
0x406040 VirtualFree
0x406044 VirtualProtect
0x406048 VirtualAlloc
0x40604c CloseHandle
0x406050 CreateFileA
0x406054 GetProcAddress
0x406058 Sleep
0x40605c LoadLibraryA
0x406060 ReadFile
0x406064 GetFileSize
0x406068 GetModuleHandleA
0x40606c GetProcessHeap
0x406070 HeapAlloc
USER32.dll
0x406308 DrawIconEx
0x40630c IsIconic
0x406310 GetWindowRect
0x406314 IsZoomed
0x406318 PtInRect
0x40631c DrawIcon
0x406320 OffsetRect
0x406324 AppendMenuA
0x406328 LoadIconA
0x40632c InvalidateRect
0x406330 CopyRect
0x406334 GetSystemMetrics
0x406338 GetParent
0x40633c IsWindow
0x406340 GetWindowDC
0x406344 GetSystemMenu
0x406348 ReleaseDC
0x40634c SendMessageA
0x406350 EnableWindow
0x406354 GetClientRect
0x406358 FillRect
0x40635c LoadBitmapA
GDI32.dll
0x406010 BitBlt
0x406014 GetTextColor
0x406018 CreateFontA
0x40601c GetObjectA
0x406020 GetTextExtentPoint32A
0x406024 CreateSolidBrush
0x406028 CreateCompatibleDC
SHELL32.dll
0x4062f8 SHBrowseForFolderA
0x4062fc SHGetPathFromIDListA
0x406300 SHGetMalloc
COMCTL32.dll
0x406000 ImageList_GetImageInfo
0x406004 ImageList_Draw
0x406008 ImageList_ReplaceIcon
imagehlp.dll
0x406374 MakeSureDirectoryPathExists
WININET.dll
0x406364 InternetCloseHandle
0x406368 InternetReadFile
0x40636c InternetOpenUrlA
EAT(Export Address Table) is none