popup

Report - 11111.exe

Malicious Library PE File OS Processor Check PE32
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.08.31 12:50 Machine s1_win7_x6401
Filename 11111.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
10
 Behavior Score
6.4
ZERO API file : malware
VT API (file) 57 detected (AIDetect, malware2, Lotok, malicious, high confidence, GenericKD, ZegostRI, S13133422, Unsafe, GenKryptik, Zegost, Eldorado, Attribute, HighConfidence, Farfli, Gh0stRAT, hjbzvv, BackdoorX, Gencirc, Aebot, EF@4ye0hx, DownLoader33, Emotet, A + Troj, AutoG, gsmfx, kkgpz, ASMalwS, kcloud, score, R334775, GenericRXAA, ai score=85, BScope, Generic@ML, RDML, Ee49Oab2SY7z1oqJK14JCg, WAPNYvv1A, Static AI, Suspicious PE, EGBG, ZexaF, Jq0@aOXYz4jb, Genetic, confidence, 100%, susgen)
md5 6d99db65a28ca2dcf725a966678ad30e
sha256 453196885b342bd95497c0a04f0fd781bd7015c2245aec1ec07e32e80b55b997
ssdeep 6144:iV+u0bUDMT2EDFjj4bflswu/jtLFVgT/WOfrtNswrEH7fYP7MQKO+3Y1tMmbWs:Ob3MKbflsw0t5VgLWYtHraOz+3Y12wW
imphash 8bd80946f485d704bb1a70a7c2516e7d
impfuzzy 192:F5v/nm3IF4qc7Q/oUhxwBpW5aBctcnc4VjDkP7Q3Ogpk55rrz8:rm3IKKoBpHua07Q3O1Lrz8
  Network IP location

Signature (15cnts)

Level Description
danger File has been identified by 57 AntiVirus engines on VirusTotal as malicious
watch Communicates with host for which no DNS query was performed
notice Allocates read-write-execute memory (usually to unpack itself)
notice An executable file was downloaded by the process 11111.exe
notice Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice Creates executable files on the filesystem
notice Foreign language identified in PE resource
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice Performs some HTTP requests
notice Repeatedly searches for a not-found process
notice Searches running processes potentially to identify processes for sandbox evasion
notice The binary likely contains encrypted or compressed data indicative of a packer
info Checks amount of memory in system
info The executable uses a known packer
info The file contains an unknown PE resource name possibly indicative of a packer

Rules (4cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (2cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://103.45.140.175/11111.exe
whois
Unknown 103.45.140.175 malware
103.45.140.175
whois
Unknown 103.45.140.175 malware

Suricata ids

ET INFO Executable Download from dotted-quad Host
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x455180 SetStdHandle
 0x455184 CompareStringA
 0x455188 CompareStringW
 0x45518c IsBadCodePtr
 0x455190 GetStringTypeW
 0x455194 GetStringTypeA
 0x455198 IsBadWritePtr
 0x45519c HeapCreate
 0x4551a0 HeapDestroy
 0x4551a4 GetEnvironmentVariableA
 0x4551a8 GetFileType
 0x4551ac GetStdHandle
 0x4551b0 SetHandleCount
 0x4551b4 GetEnvironmentStringsW
 0x4551b8 GetEnvironmentStrings
 0x4551bc FreeEnvironmentStringsW
 0x4551c0 FreeEnvironmentStringsA
 0x4551c4 UnhandledExceptionFilter
 0x4551c8 LCMapStringW
 0x4551cc LCMapStringA
 0x4551d0 SetUnhandledExceptionFilter
 0x4551d4 GetTimeZoneInformation
 0x4551d8 GetACP
 0x4551dc HeapSize
 0x4551e0 GetCommandLineA
 0x4551e4 GetStartupInfoA
 0x4551e8 TerminateProcess
 0x4551ec RaiseException
 0x4551f0 RtlUnwind
 0x4551f4 CloseHandle
 0x4551f8 GetFileTime
 0x4551fc GetFileSize
 0x455200 GetFileAttributesA
 0x455204 GetTickCount
 0x455208 FileTimeToLocalFileTime
 0x45520c FileTimeToSystemTime
 0x455210 GetFullPathNameA
 0x455214 GetVolumeInformationA
 0x455218 FindFirstFileA
 0x45521c FindClose
 0x455220 SetEndOfFile
 0x455224 UnlockFile
 0x455228 LockFile
 0x45522c FlushFileBuffers
 0x455230 SetFilePointer
 0x455234 ReadFile
 0x455238 GetCurrentProcess
 0x45523c DuplicateHandle
 0x455240 SetErrorMode
 0x455244 GetThreadLocale
 0x455248 WritePrivateProfileStringA
 0x45524c GetOEMCP
 0x455250 GetCPInfo
 0x455254 GetProcessVersion
 0x455258 GlobalFlags
 0x45525c TlsGetValue
 0x455260 LocalReAlloc
 0x455264 TlsSetValue
 0x455268 GlobalReAlloc
 0x45526c TlsFree
 0x455270 GlobalHandle
 0x455274 TlsAlloc
 0x455278 LocalAlloc
 0x45527c FormatMessageA
 0x455280 LocalFree
 0x455284 GlobalFree
 0x455288 GetCurrentThread
 0x45528c MultiByteToWideChar
 0x455290 WideCharToMultiByte
 0x455294 InterlockedIncrement
 0x455298 SetLastError
 0x45529c InterlockedDecrement
 0x4552a0 lstrcatA
 0x4552a4 GlobalGetAtomNameA
 0x4552a8 GlobalAddAtomA
 0x4552ac GlobalFindAtomA
 0x4552b0 GlobalDeleteAtom
 0x4552b4 GetProfileStringA
 0x4552b8 FlushInstructionCache
 0x4552bc lstrlenA
 0x4552c0 GlobalAlloc
 0x4552c4 GlobalLock
 0x4552c8 GlobalUnlock
 0x4552cc HeapFree
 0x4552d0 GetVersionExA
 0x4552d4 FindResourceA
 0x4552d8 LoadResource
 0x4552dc LockResource
 0x4552e0 SizeofResource
 0x4552e4 lstrcpynA
 0x4552e8 DeleteCriticalSection
 0x4552ec LeaveCriticalSection
 0x4552f0 EnterCriticalSection
 0x4552f4 InitializeCriticalSection
 0x4552f8 GetModuleHandleA
 0x4552fc GetVersion
 0x455300 MulDiv
 0x455304 lstrcpyA
 0x455308 lstrcmpiA
 0x45530c GetCurrentThreadId
 0x455310 lstrcmpA
 0x455314 GetModuleFileNameA
 0x455318 CreateMutexA
 0x45531c GetLastError
 0x455320 ExitProcess
 0x455324 IsBadReadPtr
 0x455328 VirtualProtect
 0x45532c VirtualAlloc
 0x455330 FreeLibrary
 0x455334 VirtualFree
 0x455338 GetProcessHeap
 0x45533c HeapReAlloc
 0x455340 HeapAlloc
 0x455344 LoadLibraryA
 0x455348 GetProcAddress
 0x45534c CreateFileA
 0x455350 WriteFile
 0x455354 SetEnvironmentVariableA
USER32.dll
 0x4553f4 MessageBeep
 0x4553f8 GetNextDlgGroupItem
 0x4553fc CopyAcceleratorTableA
 0x455400 CharNextA
 0x455404 GetDesktopWindow
 0x455408 LoadStringA
 0x45540c MapDialogRect
 0x455410 SetWindowContextHelpId
 0x455414 EndDialog
 0x455418 CreateDialogIndirectParamA
 0x45541c TranslateMessage
 0x455420 PostQuitMessage
 0x455424 GrayStringA
 0x455428 TabbedTextOutA
 0x45542c GetMenuCheckMarkDimensions
 0x455430 LoadBitmapA
 0x455434 ModifyMenuA
 0x455438 SetMenuItemBitmaps
 0x45543c CheckMenuItem
 0x455440 EnableMenuItem
 0x455444 GetNextDlgTabItem
 0x455448 SetWindowTextA
 0x45544c IsDialogMessageA
 0x455450 SendDlgItemMessageA
 0x455454 SetActiveWindow
 0x455458 SetFocus
 0x45545c MessageBoxA
 0x455460 IsChild
 0x455464 WinHelpA
 0x455468 wsprintfA
 0x45546c GetDlgItem
 0x455470 GetWindowTextLengthA
 0x455474 GetDlgCtrlID
 0x455478 GetKeyState
 0x45547c GetClassLongA
 0x455480 GetMessageTime
 0x455484 GetLastActivePopup
 0x455488 GetForegroundWindow
 0x45548c RegisterWindowMessageA
 0x455490 IntersectRect
 0x455494 SetCursor
 0x455498 GetMessagePos
 0x45549c FrameRect
 0x4554a0 MapWindowPoints
 0x4554a4 GetSysColorBrush
 0x4554a8 PeekMessageA
 0x4554ac GetMenuItemCount
 0x4554b0 GetMenuItemID
 0x4554b4 PostThreadMessageA
 0x4554b8 GetSubMenu
 0x4554bc ShowCaret
 0x4554c0 ExcludeUpdateRgn
 0x4554c4 DefDlgProcA
 0x4554c8 IsWindowUnicode
 0x4554cc GetWindowPlacement
 0x4554d0 GetMenu
 0x4554d4 GetWindowTextA
 0x4554d8 DrawIconEx
 0x4554dc ValidateRect
 0x4554e0 DrawFrameControl
 0x4554e4 RemovePropA
 0x4554e8 SetCapture
 0x4554ec ReleaseCapture
 0x4554f0 DestroyWindow
 0x4554f4 DrawEdge
 0x4554f8 CharUpperA
 0x4554fc RegisterClipboardFormatA
 0x455500 DrawTextA
 0x455504 BeginPaint
 0x455508 EndPaint
 0x45550c SetForegroundWindow
 0x455510 UnregisterClassA
 0x455514 RegisterClassA
 0x455518 CreateWindowExA
 0x45551c SetPropA
 0x455520 GetPropA
 0x455524 CreatePopupMenu
 0x455528 DestroyMenu
 0x45552c GetMenuItemInfoA
 0x455530 DispatchMessageA
 0x455534 GetMessageA
 0x455538 ShowScrollBar
 0x45553c SetScrollRange
 0x455540 SetScrollPos
 0x455544 SetScrollInfo
 0x455548 GetScrollRange
 0x45554c GetScrollPos
 0x455550 EnableScrollBar
 0x455554 GetWindowInfo
 0x455558 IsZoomed
 0x45555c MoveWindow
 0x455560 ShowWindow
 0x455564 PostMessageA
 0x455568 SetWindowPos
 0x45556c RedrawWindow
 0x455570 IsWindowVisible
 0x455574 IsRectEmpty
 0x455578 ChildWindowFromPointEx
 0x45557c DestroyIcon
 0x455580 SystemParametersInfoA
 0x455584 SetWindowRgn
 0x455588 GetActiveWindow
 0x45558c IsWindow
 0x455590 GetClassInfoA
 0x455594 LoadCursorA
 0x455598 FillRect
 0x45559c SetRect
 0x4555a0 SetRectEmpty
 0x4555a4 ScreenToClient
 0x4555a8 PtInRect
 0x4555ac GetDC
 0x4555b0 GetFocus
 0x4555b4 GetScrollInfo
 0x4555b8 IsWindowEnabled
 0x4555bc CallWindowProcA
 0x4555c0 SetWindowLongA
 0x4555c4 WindowFromDC
 0x4555c8 ReleaseDC
 0x4555cc GetWindowRect
 0x4555d0 GetMenuState
 0x4555d4 GetWindowDC
 0x4555d8 DefWindowProcA
 0x4555dc GetCapture
 0x4555e0 GetCursorPos
 0x4555e4 SetTimer
 0x4555e8 GetTopWindow
 0x4555ec GetWindow
 0x4555f0 UnhookWindowsHookEx
 0x4555f4 KillTimer
 0x4555f8 SetWindowsHookExA
 0x4555fc GetClassNameA
 0x455600 CallNextHookEx
 0x455604 UpdateWindow
 0x455608 IsIconic
 0x45560c GetSystemMetrics
 0x455610 GetClientRect
 0x455614 DrawIcon
 0x455618 GetSystemMenu
 0x45561c AppendMenuA
 0x455620 EnableWindow
 0x455624 GetParent
 0x455628 SendMessageA
 0x45562c ClientToScreen
 0x455630 WindowFromPoint
 0x455634 CopyRect
 0x455638 GetSysColor
 0x45563c InflateRect
 0x455640 DrawFocusRect
 0x455644 OffsetRect
 0x455648 DrawStateA
 0x45564c GetWindowLongA
 0x455650 GetIconInfo
 0x455654 LoadImageA
 0x455658 LoadIconA
 0x45565c InvalidateRect
 0x455660 AdjustWindowRectEx
 0x455664 HideCaret
GDI32.dll
 0x455040 PtVisible
 0x455044 TextOutA
 0x455048 Escape
 0x45504c GetMapMode
 0x455050 GetBkColor
 0x455054 LPtoDP
 0x455058 SetMapMode
 0x45505c GetWindowExtEx
 0x455060 GetViewportExtEx
 0x455064 SetViewportOrgEx
 0x455068 ScaleWindowExtEx
 0x45506c SetWindowExtEx
 0x455070 ScaleViewportExtEx
 0x455074 SetViewportExtEx
 0x455078 DPtoLP
 0x45507c GetDeviceCaps
 0x455080 RestoreDC
 0x455084 SaveDC
 0x455088 SetWindowOrgEx
 0x45508c PlayEnhMetaFile
 0x455090 SelectClipRgn
 0x455094 CreatePatternBrush
 0x455098 SetBrushOrgEx
 0x45509c PatBlt
 0x4550a0 UnrealizeObject
 0x4550a4 SetROP2
 0x4550a8 IntersectClipRect
 0x4550ac GetClipBox
 0x4550b0 ExcludeClipRect
 0x4550b4 SetStretchBltMode
 0x4550b8 StretchDIBits
 0x4550bc RectVisible
 0x4550c0 CreateDIBitmap
 0x4550c4 GetTextExtentPointA
 0x4550c8 SetBkMode
 0x4550cc ExtFloodFill
 0x4550d0 GetStockObject
 0x4550d4 SelectPalette
 0x4550d8 RealizePalette
 0x4550dc CreateBitmap
 0x4550e0 SetTextColor
 0x4550e4 CreateICA
 0x4550e8 GetDIBits
 0x4550ec GetRegionData
 0x4550f0 ExtCreateRegion
 0x4550f4 CreateRectRgnIndirect
 0x4550f8 CreateEllipticRgn
 0x4550fc CreateFontA
 0x455100 Polygon
 0x455104 GetTextColor
 0x455108 GetObjectA
 0x45510c StretchBlt
 0x455110 CreateFontIndirectA
 0x455114 GetTextMetricsA
 0x455118 GetTextExtentPoint32A
 0x45511c DeleteObject
 0x455120 Ellipse
 0x455124 CreatePen
 0x455128 CreateSolidBrush
 0x45512c DeleteDC
 0x455130 BitBlt
 0x455134 SelectObject
 0x455138 CreateCompatibleDC
 0x45513c CreateDIBSection
 0x455140 SetPixel
 0x455144 LineTo
 0x455148 MoveToEx
 0x45514c ExtTextOutA
 0x455150 SetBkColor
 0x455154 Arc
 0x455158 CreateRectRgn
 0x45515c CreateCompatibleBitmap
 0x455160 FrameRgn
 0x455164 FillRgn
 0x455168 OffsetRgn
 0x45516c CombineRgn
 0x455170 CreatePolygonRgn
 0x455174 CreateRoundRectRgn
 0x455178 OffsetViewportOrgEx
comdlg32.dll
 0x45567c GetFileTitleA
WINSPOOL.DRV
 0x45566c ClosePrinter
 0x455670 DocumentPropertiesA
 0x455674 OpenPrinterA
ADVAPI32.dll
 0x455000 RegCloseKey
 0x455004 RegOpenKeyExA
 0x455008 RegSetValueExA
 0x45500c RegCreateKeyExA
COMCTL32.dll
 0x455014 ImageList_GetIcon
 0x455018 ImageList_GetImageCount
 0x45501c _TrackMouseEvent
 0x455020 InitCommonControlsEx
 0x455024 ImageList_Draw
 0x455028 ImageList_GetIconSize
 0x45502c None
 0x455030 ImageList_Destroy
 0x455034 ImageList_Create
 0x455038 ImageList_AddMasked
oledlg.dll
 0x4556c4 None
ole32.dll
 0x455684 CoFreeUnusedLibraries
 0x455688 OleInitialize
 0x45568c CoTaskMemAlloc
 0x455690 CoTaskMemFree
 0x455694 CreateILockBytesOnHGlobal
 0x455698 StgCreateDocfileOnILockBytes
 0x45569c StgOpenStorageOnILockBytes
 0x4556a0 CoGetClassObject
 0x4556a4 CLSIDFromString
 0x4556a8 CLSIDFromProgID
 0x4556ac CoRegisterMessageFilter
 0x4556b0 CoRevokeClassObject
 0x4556b4 OleFlushClipboard
 0x4556b8 OleIsCurrentClipboard
 0x4556bc OleUninitialize
OLEPRO32.DLL
 0x4553ec None
OLEAUT32.dll
 0x4553c4 SysFreeString
 0x4553c8 VariantClear
 0x4553cc VariantTimeToSystemTime
 0x4553d0 VariantCopy
 0x4553d4 VariantChangeType
 0x4553d8 SysAllocString
 0x4553dc SysAllocStringByteLen
 0x4553e0 SysStringLen
 0x4553e4 SysAllocStringLen
MSVCP60.dll
 0x45535c ??1_Lockit@std@@QAE@XZ
 0x455360 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
 0x455364 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
 0x455368 ?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
 0x45536c ??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
 0x455370 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
 0x455374 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
 0x455378 ?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
 0x45537c ?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
 0x455380 ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
 0x455384 ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
 0x455388 ??0_Lockit@std@@QAE@XZ
MSVCRT.dll
 0x455390 fopen
 0x455394 fclose
 0x455398 realloc
 0x45539c fread
 0x4553a0 malloc
 0x4553a4 free
 0x4553a8 strncpy
 0x4553ac ftell
 0x4553b0 fseek
 0x4553b4 floor
 0x4553b8 calloc
 0x4553bc strncmp

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure