Report - 2.exe

UPX Malicious Library PE File OS Processor Check PE32
ScreenShot
Created 2021.09.03 00:57 Machine s1_win7_x6401
Filename 2.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
3
Behavior Score
4.0
ZERO API file : malware
VT API (file) 56 detected (mxIB, malicious, high confidence, Redosdru, Unsafe, Farfli, Gencirc, CWO@7k0rzk, DownLoader36, ZEGOST, SM17, ajkp, AGEN, ASMalwS, score, R369242, ai score=86, BScope, CLASSIC, GenAsa, 6HyyeQhbdKM, Static AI, Suspicious PE, susgen, Kryptik, GHFL, ZexaF, Qq3@aGEzvJhb, Genetic, confidence, 100%, HwcBUJ4A)
md5 294fab1523dc3b50cbcc120e67946a5b
sha256 31a88f1273d29300652ece4ce7d5eeef39b404dd628c59c2c327b0333bf33c36
ssdeep 12288:veD27Sdt6DA+v7tdOmzsrFczvPE7QlSEvB:hSbsA+vuTFczvPeQlSEp
imphash 91076518487bb133a8d219f38936b9d9
impfuzzy 192:NIAYERkJxFvzU6w5kZggioiu99mB1rUcRc6c7aKFP2fcYiP1:NI04vI5kz9mvUENYYriP1
  Network IP location

Signature (5cnts)

Level Description
danger Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually)
danger File has been identified by 56 AntiVirus engines on VirusTotal as malicious
watch Communicates with host for which no DNS query was performed
notice Foreign language identified in PE resource
info The executable uses a known packer

Rules (5cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (1cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
139.196.224.137 CN Hangzhou Alibaba Advertising Co.,Ltd. 139.196.224.137 malware

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x43d190 FormatMessageA
 0x43d194 GlobalSize
 0x43d198 CopyFileA
 0x43d19c HeapReAlloc
 0x43d1a0 RtlUnwind
 0x43d1a4 GetStartupInfoA
 0x43d1a8 GetCommandLineA
 0x43d1ac ExitProcess
 0x43d1b0 TerminateProcess
 0x43d1b4 RaiseException
 0x43d1b8 HeapSize
 0x43d1bc GetACP
 0x43d1c0 GetTimeZoneInformation
 0x43d1c4 GetSystemTime
 0x43d1c8 GetLocalTime
 0x43d1cc IsBadWritePtr
 0x43d1d0 GetEnvironmentVariableA
 0x43d1d4 GetVersionExA
 0x43d1d8 HeapDestroy
 0x43d1dc HeapCreate
 0x43d1e0 SetFileAttributesA
 0x43d1e4 FreeEnvironmentStringsA
 0x43d1e8 FreeEnvironmentStringsW
 0x43d1ec GetEnvironmentStrings
 0x43d1f0 GetEnvironmentStringsW
 0x43d1f4 SetHandleCount
 0x43d1f8 GetStdHandle
 0x43d1fc GetFileType
 0x43d200 SetUnhandledExceptionFilter
 0x43d204 LCMapStringA
 0x43d208 LCMapStringW
 0x43d20c GetStringTypeA
 0x43d210 GetStringTypeW
 0x43d214 IsBadCodePtr
 0x43d218 SetConsoleCtrlHandler
 0x43d21c SetStdHandle
 0x43d220 CompareStringA
 0x43d224 CompareStringW
 0x43d228 SetEnvironmentVariableA
 0x43d22c SetFileTime
 0x43d230 SystemTimeToFileTime
 0x43d234 LocalFileTimeToFileTime
 0x43d238 GetProfileStringA
 0x43d23c GetFileTime
 0x43d240 GetFileAttributesA
 0x43d244 GetTickCount
 0x43d248 FileTimeToLocalFileTime
 0x43d24c FileTimeToSystemTime
 0x43d250 lstrlenW
 0x43d254 GetShortPathNameA
 0x43d258 GetStringTypeExA
 0x43d25c GetFullPathNameA
 0x43d260 GetVolumeInformationA
 0x43d264 FindFirstFileA
 0x43d268 FindClose
 0x43d26c DeleteFileA
 0x43d270 MoveFileA
 0x43d274 SetEndOfFile
 0x43d278 UnlockFile
 0x43d27c LockFile
 0x43d280 FlushFileBuffers
 0x43d284 SetFilePointer
 0x43d288 GetCurrentProcess
 0x43d28c DuplicateHandle
 0x43d290 SetErrorMode
 0x43d294 GetOEMCP
 0x43d298 GetCPInfo
 0x43d29c GetThreadLocale
 0x43d2a0 SizeofResource
 0x43d2a4 GetProcessVersion
 0x43d2a8 GetCurrentDirectoryA
 0x43d2ac WritePrivateProfileStringA
 0x43d2b0 GetPrivateProfileStringA
 0x43d2b4 GetPrivateProfileIntA
 0x43d2b8 GlobalFlags
 0x43d2bc TlsGetValue
 0x43d2c0 LocalReAlloc
 0x43d2c4 TlsSetValue
 0x43d2c8 EnterCriticalSection
 0x43d2cc GlobalReAlloc
 0x43d2d0 LeaveCriticalSection
 0x43d2d4 TlsFree
 0x43d2d8 GlobalHandle
 0x43d2dc DeleteCriticalSection
 0x43d2e0 TlsAlloc
 0x43d2e4 InitializeCriticalSection
 0x43d2e8 LocalFree
 0x43d2ec LocalAlloc
 0x43d2f0 lstrcpynA
 0x43d2f4 GetLastError
 0x43d2f8 MulDiv
 0x43d2fc SetLastError
 0x43d300 MultiByteToWideChar
 0x43d304 WideCharToMultiByte
 0x43d308 lstrlenA
 0x43d30c InterlockedIncrement
 0x43d310 InterlockedDecrement
 0x43d314 GetVersion
 0x43d318 lstrcatA
 0x43d31c GlobalGetAtomNameA
 0x43d320 GlobalAddAtomA
 0x43d324 GlobalFindAtomA
 0x43d328 lstrcpyA
 0x43d32c GetModuleHandleA
 0x43d330 GlobalUnlock
 0x43d334 GlobalFree
 0x43d338 LockResource
 0x43d33c FindResourceA
 0x43d340 LoadResource
 0x43d344 CreateEventA
 0x43d348 SuspendThread
 0x43d34c SetThreadPriority
 0x43d350 ResumeThread
 0x43d354 SetEvent
 0x43d358 WaitForSingleObject
 0x43d35c GetModuleFileNameA
 0x43d360 GlobalLock
 0x43d364 GlobalAlloc
 0x43d368 GlobalDeleteAtom
 0x43d36c lstrcmpA
 0x43d370 lstrcmpiA
 0x43d374 GetCurrentThread
 0x43d378 GetCurrentThreadId
 0x43d37c GetFileSize
 0x43d380 ReadFile
 0x43d384 Sleep
 0x43d388 CreateFileA
 0x43d38c WriteFile
 0x43d390 CloseHandle
 0x43d394 FreeLibrary
 0x43d398 HeapFree
 0x43d39c IsBadReadPtr
 0x43d3a0 LoadLibraryA
 0x43d3a4 GetProcAddress
 0x43d3a8 VirtualFree
 0x43d3ac VirtualProtect
 0x43d3b0 VirtualAlloc
 0x43d3b4 GetProcessHeap
 0x43d3b8 UnhandledExceptionFilter
 0x43d3bc HeapAlloc
USER32.dll
 0x43d480 LoadAcceleratorsA
 0x43d484 TranslateAcceleratorA
 0x43d488 LoadMenuA
 0x43d48c SetMenu
 0x43d490 ReuseDDElParam
 0x43d494 UnpackDDElParam
 0x43d498 InvalidateRect
 0x43d49c BringWindowToTop
 0x43d4a0 CharUpperA
 0x43d4a4 InflateRect
 0x43d4a8 RegisterClipboardFormatA
 0x43d4ac RemoveMenu
 0x43d4b0 wvsprintfA
 0x43d4b4 PostThreadMessageA
 0x43d4b8 DestroyIcon
 0x43d4bc GetSysColor
 0x43d4c0 SetFocus
 0x43d4c4 AdjustWindowRectEx
 0x43d4c8 ScreenToClient
 0x43d4cc EqualRect
 0x43d4d0 DeferWindowPos
 0x43d4d4 BeginDeferWindowPos
 0x43d4d8 CopyRect
 0x43d4dc EndDeferWindowPos
 0x43d4e0 ScrollWindow
 0x43d4e4 GetScrollInfo
 0x43d4e8 SetScrollInfo
 0x43d4ec ShowScrollBar
 0x43d4f0 GetScrollRange
 0x43d4f4 SetScrollRange
 0x43d4f8 GetScrollPos
 0x43d4fc SetScrollPos
 0x43d500 GetTopWindow
 0x43d504 IsChild
 0x43d508 GetCapture
 0x43d50c WinHelpA
 0x43d510 wsprintfA
 0x43d514 GetClassInfoA
 0x43d518 RegisterClassA
 0x43d51c GetMenu
 0x43d520 GetMenuItemCount
 0x43d524 GetSubMenu
 0x43d528 GetMenuItemID
 0x43d52c TrackPopupMenu
 0x43d530 SetWindowPlacement
 0x43d534 GetWindowTextLengthA
 0x43d538 GetWindowTextA
 0x43d53c GetDlgCtrlID
 0x43d540 CreateWindowExA
 0x43d544 GetClassLongA
 0x43d548 SetPropA
 0x43d54c UnhookWindowsHookEx
 0x43d550 GetPropA
 0x43d554 CallWindowProcA
 0x43d558 RemovePropA
 0x43d55c DefWindowProcA
 0x43d560 GetMessageTime
 0x43d564 SetRectEmpty
 0x43d568 GetForegroundWindow
 0x43d56c GetMenuStringA
 0x43d570 SetWindowLongA
 0x43d574 RegisterWindowMessageA
 0x43d578 OffsetRect
 0x43d57c IntersectRect
 0x43d580 SystemParametersInfoA
 0x43d584 GetWindowPlacement
 0x43d588 GetWindowRect
 0x43d58c MapDialogRect
 0x43d590 SetWindowPos
 0x43d594 GetWindow
 0x43d598 SetWindowContextHelpId
 0x43d59c EndDialog
 0x43d5a0 SetActiveWindow
 0x43d5a4 IsWindow
 0x43d5a8 CreateDialogIndirectParamA
 0x43d5ac DestroyWindow
 0x43d5b0 GetDialogBaseUnits
 0x43d5b4 GetMenuCheckMarkDimensions
 0x43d5b8 LoadBitmapA
 0x43d5bc GetMenuState
 0x43d5c0 ModifyMenuA
 0x43d5c4 SetMenuItemBitmaps
 0x43d5c8 CheckMenuItem
 0x43d5cc EnableMenuItem
 0x43d5d0 GetFocus
 0x43d5d4 GetNextDlgTabItem
 0x43d5d8 GetMessageA
 0x43d5dc TranslateMessage
 0x43d5e0 DispatchMessageA
 0x43d5e4 GetActiveWindow
 0x43d5e8 GetKeyState
 0x43d5ec CallNextHookEx
 0x43d5f0 ValidateRect
 0x43d5f4 IsWindowVisible
 0x43d5f8 PeekMessageA
 0x43d5fc GetCursorPos
 0x43d600 EnableWindow
 0x43d604 LoadIconA
 0x43d608 AppendMenuA
 0x43d60c HideCaret
 0x43d610 ShowCaret
 0x43d614 ExcludeUpdateRgn
 0x43d618 DrawFocusRect
 0x43d61c DefDlgProcA
 0x43d620 SetWindowsHookExA
 0x43d624 GetParent
 0x43d628 GetLastActivePopup
 0x43d62c IsWindowEnabled
 0x43d630 GetWindowLongA
 0x43d634 MessageBoxA
 0x43d638 SetCursor
 0x43d63c ShowOwnedPopups
 0x43d640 PostQuitMessage
 0x43d644 PostMessageA
 0x43d648 GetClientRect
 0x43d64c IsIconic
 0x43d650 DrawIcon
 0x43d654 MessageBeep
 0x43d658 GetNextDlgGroupItem
 0x43d65c SetRect
 0x43d660 CopyAcceleratorTableA
 0x43d664 GetMessagePos
 0x43d668 CharNextA
 0x43d66c GetSystemMetrics
 0x43d670 SendMessageA
 0x43d674 IsWindowUnicode
 0x43d678 GetSystemMenu
 0x43d67c DeleteMenu
 0x43d680 InsertMenuA
 0x43d684 PtInRect
 0x43d688 GetClassNameA
 0x43d68c WindowFromPoint
 0x43d690 GetWindowThreadProcessId
 0x43d694 GetDesktopWindow
 0x43d698 WaitMessage
 0x43d69c ReleaseCapture
 0x43d6a0 SetCapture
 0x43d6a4 LoadCursorA
 0x43d6a8 GrayStringA
 0x43d6ac DrawTextA
 0x43d6b0 TabbedTextOutA
 0x43d6b4 EndPaint
 0x43d6b8 BeginPaint
 0x43d6bc GetWindowDC
 0x43d6c0 ReleaseDC
 0x43d6c4 GetDC
 0x43d6c8 ClientToScreen
 0x43d6cc DestroyMenu
 0x43d6d0 LoadStringA
 0x43d6d4 OemToCharA
 0x43d6d8 CharToOemA
 0x43d6dc MapWindowPoints
 0x43d6e0 MoveWindow
 0x43d6e4 SetWindowTextA
 0x43d6e8 IsDialogMessageA
 0x43d6ec ScrollWindowEx
 0x43d6f0 IsDlgButtonChecked
 0x43d6f4 SetDlgItemTextA
 0x43d6f8 SetDlgItemInt
 0x43d6fc GetDlgItemTextA
 0x43d700 GetDlgItem
 0x43d704 GetSysColorBrush
 0x43d708 GetDlgItemInt
 0x43d70c CheckRadioButton
 0x43d710 CheckDlgButton
 0x43d714 UpdateWindow
 0x43d718 SetForegroundWindow
 0x43d71c SendDlgItemMessageA
 0x43d720 ShowWindow
GDI32.dll
 0x43d03c SetROP2
 0x43d040 SetStretchBltMode
 0x43d044 SetMapMode
 0x43d048 SetViewportOrgEx
 0x43d04c OffsetViewportOrgEx
 0x43d050 SetViewportExtEx
 0x43d054 ScaleViewportExtEx
 0x43d058 SetWindowOrgEx
 0x43d05c OffsetWindowOrgEx
 0x43d060 SetWindowExtEx
 0x43d064 ScaleWindowExtEx
 0x43d068 SelectClipRgn
 0x43d06c ExcludeClipRect
 0x43d070 IntersectClipRect
 0x43d074 OffsetClipRgn
 0x43d078 MoveToEx
 0x43d07c LineTo
 0x43d080 SetTextAlign
 0x43d084 SetTextJustification
 0x43d088 SetTextCharacterExtra
 0x43d08c SetMapperFlags
 0x43d090 GetCurrentPositionEx
 0x43d094 ArcTo
 0x43d098 SetArcDirection
 0x43d09c PolyDraw
 0x43d0a0 PolylineTo
 0x43d0a4 SetColorAdjustment
 0x43d0a8 PolyBezierTo
 0x43d0ac DeleteObject
 0x43d0b0 GetClipRgn
 0x43d0b4 CreateRectRgn
 0x43d0b8 SelectClipPath
 0x43d0bc SetPolyFillMode
 0x43d0c0 PlayMetaFileRecord
 0x43d0c4 GetObjectType
 0x43d0c8 EnumMetaFile
 0x43d0cc PlayMetaFile
 0x43d0d0 GetDeviceCaps
 0x43d0d4 GetViewportExtEx
 0x43d0d8 GetWindowExtEx
 0x43d0dc CreatePen
 0x43d0e0 ExtCreatePen
 0x43d0e4 CreateSolidBrush
 0x43d0e8 CreateHatchBrush
 0x43d0ec CreatePatternBrush
 0x43d0f0 CreateDIBPatternBrushPt
 0x43d0f4 PtVisible
 0x43d0f8 RectVisible
 0x43d0fc TextOutA
 0x43d100 ExtTextOutA
 0x43d104 Escape
 0x43d108 GetTextExtentPoint32A
 0x43d10c GetTextMetricsA
 0x43d110 CreateFontIndirectA
 0x43d114 GetTextColor
 0x43d118 GetBkColor
 0x43d11c DPtoLP
 0x43d120 LPtoDP
 0x43d124 GetMapMode
 0x43d128 PatBlt
 0x43d12c SetRectRgn
 0x43d130 CombineRgn
 0x43d134 CreateRectRgnIndirect
 0x43d138 CopyMetaFileA
 0x43d13c CreateDCA
 0x43d140 SetBkMode
 0x43d144 SelectPalette
 0x43d148 GetStockObject
 0x43d14c SelectObject
 0x43d150 RestoreDC
 0x43d154 SaveDC
 0x43d158 StartDocA
 0x43d15c DeleteDC
 0x43d160 GetObjectA
 0x43d164 SetBkColor
 0x43d168 SetTextColor
 0x43d16c GetClipBox
 0x43d170 GetDCOrgEx
 0x43d174 ExtSelectClipRgn
 0x43d178 CreateDIBitmap
 0x43d17c GetTextExtentPointA
 0x43d180 BitBlt
 0x43d184 CreateCompatibleDC
 0x43d188 CreateBitmap
comdlg32.dll
 0x43d74c GetSaveFileNameA
 0x43d750 GetFileTitleA
 0x43d754 GetOpenFileNameA
WINSPOOL.DRV
 0x43d73c ClosePrinter
 0x43d740 OpenPrinterA
 0x43d744 DocumentPropertiesA
ADVAPI32.dll
 0x43d000 RegDeleteKeyA
 0x43d004 RegCreateKeyA
 0x43d008 RegEnumKeyA
 0x43d00c RegQueryValueA
 0x43d010 RegSetValueA
 0x43d014 RegOpenKeyA
 0x43d018 RegCloseKey
 0x43d01c RegDeleteValueA
 0x43d020 RegSetValueExA
 0x43d024 RegQueryValueExA
 0x43d028 RegOpenKeyExA
 0x43d02c RegCreateKeyExA
SHELL32.dll
 0x43d468 SHGetFileInfoA
 0x43d46c DragQueryFileA
 0x43d470 DragFinish
 0x43d474 DragAcceptFiles
 0x43d478 ExtractIconA
COMCTL32.dll
 0x43d034 None
oledlg.dll
 0x43d7e8 None
ole32.dll
 0x43d764 SetConvertStg
 0x43d768 CreateBindCtx
 0x43d76c OleDuplicateData
 0x43d770 CoFreeUnusedLibraries
 0x43d774 OleUninitialize
 0x43d778 OleInitialize
 0x43d77c CoDisconnectObject
 0x43d780 OleRun
 0x43d784 WriteFmtUserTypeStg
 0x43d788 CoTaskMemAlloc
 0x43d78c CoTaskMemFree
 0x43d790 CreateILockBytesOnHGlobal
 0x43d794 StgCreateDocfileOnILockBytes
 0x43d798 StgOpenStorageOnILockBytes
 0x43d79c CoGetClassObject
 0x43d7a0 CLSIDFromString
 0x43d7a4 CLSIDFromProgID
 0x43d7a8 OleRegGetUserType
 0x43d7ac WriteClassStg
 0x43d7b0 ReadFmtUserTypeStg
 0x43d7b4 ReadClassStg
 0x43d7b8 StringFromCLSID
 0x43d7bc CoTreatAsClass
 0x43d7c0 ReleaseStgMedium
 0x43d7c4 CoRegisterMessageFilter
 0x43d7c8 CoRegisterClassObject
 0x43d7cc CoRevokeClassObject
 0x43d7d0 OleSetClipboard
 0x43d7d4 OleFlushClipboard
 0x43d7d8 OleIsCurrentClipboard
 0x43d7dc CreateStreamOnHGlobal
 0x43d7e0 CoCreateInstance
OLEPRO32.DLL
 0x43d460 None
OLEAUT32.dll
 0x43d3d0 SysAllocStringLen
 0x43d3d4 SysFreeString
 0x43d3d8 SysReAllocStringLen
 0x43d3dc SysAllocString
 0x43d3e0 SafeArrayUnaccessData
 0x43d3e4 SafeArrayAccessData
 0x43d3e8 SafeArrayGetUBound
 0x43d3ec SafeArrayGetLBound
 0x43d3f0 SafeArrayGetElemsize
 0x43d3f4 SafeArrayGetDim
 0x43d3f8 SafeArrayCreate
 0x43d3fc SafeArrayRedim
 0x43d400 SysAllocStringByteLen
 0x43d404 SysStringByteLen
 0x43d408 VarCyFromStr
 0x43d40c VariantClear
 0x43d410 VarDateFromStr
 0x43d414 VarBstrFromDate
 0x43d418 SafeArrayCopy
 0x43d41c SafeArrayAllocData
 0x43d420 SafeArrayAllocDescriptor
 0x43d424 SafeArrayGetElement
 0x43d428 SafeArrayPtrOfIndex
 0x43d42c SafeArrayPutElement
 0x43d430 SafeArrayLock
 0x43d434 SafeArrayUnlock
 0x43d438 SafeArrayDestroy
 0x43d43c SafeArrayDestroyData
 0x43d440 SafeArrayDestroyDescriptor
 0x43d444 SysStringLen
 0x43d448 LoadTypeLib
 0x43d44c VariantTimeToSystemTime
 0x43d450 VarBstrFromCy
 0x43d454 VariantChangeType
 0x43d458 VariantCopy
MSVCRT.dll
 0x43d3c4 _endthreadex
 0x43d3c8 _beginthreadex
imagehlp.dll
 0x43d75c MakeSureDirectoryPathExists
WININET.dll
 0x43d728 InternetReadFile
 0x43d72c InternetOpenUrlA
 0x43d730 InternetOpenA
 0x43d734 InternetCloseHandle

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure