ScreenShot
| Created | 2021.09.08 09:31 | Machine | s1_win7_x6403 |
| Filename | PAYMENT.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 18 detected (malicious, high confidence, Unsafe, Save, Injects, MalwareX, Generic@ML, RDML, QitSBVLx5WW+JL7snoY5eA, Sirefef, Static AI, Malicious PE, Woreflint, ZexaF, auW@aOt23Bhi, susgen, confidence) | ||
| md5 | d16088a5dce52983fccd16363d805cf7 | ||
| sha256 | bbe5f86a8063e4604f53e8c73e2303a83d50a27b58d4cade475ac8a99d1ff80d | ||
| ssdeep | 96:l/v0pXbZZ8gnCsvb209jNJPD9FWVEFrjhx:l+LbJnjjNBDiV | ||
| imphash | fa91405d30e4548924d9a2da4a39197c | ||
| impfuzzy | 12:Gpufi2LDX71l3R6T17SE/XSE3ApSEcuCDSDSncU/jJtXMuvRIny4OSoa3BbTKbvs:sCLhE/iEwEEDMn3/11MMBsJKbfpwd | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 18 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x402014 VirtualAlloc
0x402018 VirtualProtect
MPR.dll
0x402034 WNetConnectionDialog
0x402038 WNetGetNetworkInformationA
0x40203c WNetAddConnection3A
0x402040 WNetCancelConnection2W
0x402044 WNetGetResourceInformationA
0x402048 WNetAddConnection2W
MSVFW32.dll
0x402078 DrawDibRealize
0x40207c ICImageDecompress
0x402080 DrawDibEnd
AVIFIL32.dll
0x402000 AVIStreamSampleToTime
0x402004 AVIStreamFindSample
0x402008 AVIStreamRelease
0x40200c EditStreamClone
SHELL32.dll
0x402098 SHGetDesktopFolder
0x40209c ShellExecuteW
0x4020a0 ExtractIconEx
MSACM32.dll
0x402050 acmDriverAddA
0x402054 acmFormatSuggest
0x402058 acmFormatEnumA
0x40205c acmDriverDetailsA
0x402060 acmFormatDetailsW
0x402064 XRegThunkEntry
0x402068 acmFormatTagEnumA
0x40206c acmStreamMessage
0x402070 acmFormatDetailsA
mscms.dll
0x4020b0 TranslateBitmapBits
0x4020b4 GetCMMInfo
0x4020b8 GetColorProfileHeader
msi.dll
0x4020c0 None
0x4020c4 None
0x4020c8 None
0x4020cc None
0x4020d0 None
0x4020d4 None
MAPI32.dll
0x402020 None
0x402024 None
0x402028 None
0x40202c None
SETUPAPI.dll
0x402088 SetupDiRemoveDeviceInterface
0x40208c SetupQueueDeleteSectionW
0x402090 SetupDiGetHwProfileFriendlyNameExA
USER32.dll
0x4020a8 MessageBoxW
EAT(Export Address Table) is none
KERNEL32.dll
0x402014 VirtualAlloc
0x402018 VirtualProtect
MPR.dll
0x402034 WNetConnectionDialog
0x402038 WNetGetNetworkInformationA
0x40203c WNetAddConnection3A
0x402040 WNetCancelConnection2W
0x402044 WNetGetResourceInformationA
0x402048 WNetAddConnection2W
MSVFW32.dll
0x402078 DrawDibRealize
0x40207c ICImageDecompress
0x402080 DrawDibEnd
AVIFIL32.dll
0x402000 AVIStreamSampleToTime
0x402004 AVIStreamFindSample
0x402008 AVIStreamRelease
0x40200c EditStreamClone
SHELL32.dll
0x402098 SHGetDesktopFolder
0x40209c ShellExecuteW
0x4020a0 ExtractIconEx
MSACM32.dll
0x402050 acmDriverAddA
0x402054 acmFormatSuggest
0x402058 acmFormatEnumA
0x40205c acmDriverDetailsA
0x402060 acmFormatDetailsW
0x402064 XRegThunkEntry
0x402068 acmFormatTagEnumA
0x40206c acmStreamMessage
0x402070 acmFormatDetailsA
mscms.dll
0x4020b0 TranslateBitmapBits
0x4020b4 GetCMMInfo
0x4020b8 GetColorProfileHeader
msi.dll
0x4020c0 None
0x4020c4 None
0x4020c8 None
0x4020cc None
0x4020d0 None
0x4020d4 None
MAPI32.dll
0x402020 None
0x402024 None
0x402028 None
0x40202c None
SETUPAPI.dll
0x402088 SetupDiRemoveDeviceInterface
0x40208c SetupQueueDeleteSectionW
0x402090 SetupDiGetHwProfileFriendlyNameExA
USER32.dll
0x4020a8 MessageBoxW
EAT(Export Address Table) is none