ScreenShot
| Created | 2021.09.08 17:33 | Machine | s1_win7_x6402 |
| Filename | baz.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 40 detected (Injects, malicious, high confidence, GenericKD, Unsafe, Save, Remcos, ZexaF, auW@aOI8CDei, Eldorado, Attribute, HighConfidence, ccmw, Sirefef, Static AI, Malicious PE, mrubr, 1TJHEHQ, score, ai score=82, BScope, Generic@ML, RDML, 5iox6IYKq7CLRpG4bGSMA, PossibleThreat, PALLAS, MalwareX, confidence) | ||
| md5 | 43c4cf6c6e519b98937786ac167bdee5 | ||
| sha256 | 45aefd4b9644a6d9ecf4b703ed2601e50bb874998a7e07163bc65ca27d862b4e | ||
| ssdeep | 192:3vH0JH08lBH0yH08lg0pH08l3MXssGfvcQaKHmR2/Iv:fCvBNvdv3xnvcQP82/I | ||
| imphash | 63393299977e5acc51eaba5bf320ad3d | ||
| impfuzzy | 24:IV4WX+1MfwkgVcQ0CRgc7FKq+a9nQuMTlD4wlq+HRL+W+w6EpE7QDj:DCf/gVcQ0CRgc5v+qnk4wlrHLPr274 | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 40 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Dimnie_IN | Dimnie | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x402034 VirtualProtect
0x402038 GetAtomNameA
0x40203c GetFileAttributesW
0x402040 SetLocaleInfoW
0x402044 PurgeComm
0x402048 WritePrivateProfileStringW
0x40204c SetMailslotInfo
0x402050 RegisterWaitForInputIdle
0x402054 LoadLibraryA
0x402058 GetVolumePathNameW
0x40205c GetDateFormatW
USER32.dll
0x4020bc MessageBoxW
0x4020c0 VkKeyScanA
0x4020c4 CharToOemBuffA
0x4020c8 IMPSetIMEA
0x4020cc CharNextExA
0x4020d0 GetWindowRgn
0x4020d4 ChildWindowFromPoint
WININET.dll
0x4020dc FtpOpenFileW
0x4020e0 InternetCheckConnectionW
0x4020e4 InternetReadFile
0x4020e8 RetrieveUrlCacheEntryFileA
0x4020ec InternetHangUp
0x4020f0 ReadUrlCacheEntryStream
0x4020f4 InternetCreateUrlW
OLEAUT32.dll
0x4020a0 VarParseNumFromStr
0x4020a4 BSTR_UserUnmarshal
0x4020a8 VarR8FromDate
0x4020ac SysReAllocString
0x4020b0 VarEqv
0x4020b4 VarI4FromDisp
MSWSOCK.dll
0x402080 GetAddressByNameA
0x402084 GetAddressByNameW
0x402088 SetServiceW
0x40208c rexec
0x402090 GetNameByTypeW
0x402094 MigrateWinsockConfiguration
0x402098 sethostname
AVICAP32.dll
0x402000 capCreateCaptureWindowA
MSVFW32.dll
0x402064 GetOpenFileNamePreviewA
0x402068 ICSendMessage
0x40206c ICImageDecompress
0x402070 ICSeqCompressFrame
0x402074 ICOpen
0x402078 MCIWndCreate
AVIFIL32.dll
0x402008 AVIStreamGetFrame
0x40200c EditStreamSetNameW
0x402010 AVIStreamOpenFromFileW
CRYPT32.dll
0x402018 CryptSIPRetrieveSubjectGuid
0x40201c CertDeleteCertificateFromStore
0x402020 CertSerializeCertificateStoreElement
0x402024 CertFindExtension
0x402028 CertEnumCertificateContextProperties
0x40202c CertSaveStore
EAT(Export Address Table) is none
KERNEL32.dll
0x402034 VirtualProtect
0x402038 GetAtomNameA
0x40203c GetFileAttributesW
0x402040 SetLocaleInfoW
0x402044 PurgeComm
0x402048 WritePrivateProfileStringW
0x40204c SetMailslotInfo
0x402050 RegisterWaitForInputIdle
0x402054 LoadLibraryA
0x402058 GetVolumePathNameW
0x40205c GetDateFormatW
USER32.dll
0x4020bc MessageBoxW
0x4020c0 VkKeyScanA
0x4020c4 CharToOemBuffA
0x4020c8 IMPSetIMEA
0x4020cc CharNextExA
0x4020d0 GetWindowRgn
0x4020d4 ChildWindowFromPoint
WININET.dll
0x4020dc FtpOpenFileW
0x4020e0 InternetCheckConnectionW
0x4020e4 InternetReadFile
0x4020e8 RetrieveUrlCacheEntryFileA
0x4020ec InternetHangUp
0x4020f0 ReadUrlCacheEntryStream
0x4020f4 InternetCreateUrlW
OLEAUT32.dll
0x4020a0 VarParseNumFromStr
0x4020a4 BSTR_UserUnmarshal
0x4020a8 VarR8FromDate
0x4020ac SysReAllocString
0x4020b0 VarEqv
0x4020b4 VarI4FromDisp
MSWSOCK.dll
0x402080 GetAddressByNameA
0x402084 GetAddressByNameW
0x402088 SetServiceW
0x40208c rexec
0x402090 GetNameByTypeW
0x402094 MigrateWinsockConfiguration
0x402098 sethostname
AVICAP32.dll
0x402000 capCreateCaptureWindowA
MSVFW32.dll
0x402064 GetOpenFileNamePreviewA
0x402068 ICSendMessage
0x40206c ICImageDecompress
0x402070 ICSeqCompressFrame
0x402074 ICOpen
0x402078 MCIWndCreate
AVIFIL32.dll
0x402008 AVIStreamGetFrame
0x40200c EditStreamSetNameW
0x402010 AVIStreamOpenFromFileW
CRYPT32.dll
0x402018 CryptSIPRetrieveSubjectGuid
0x40201c CertDeleteCertificateFromStore
0x402020 CertSerializeCertificateStoreElement
0x402024 CertFindExtension
0x402028 CertEnumCertificateContextProperties
0x40202c CertSaveStore
EAT(Export Address Table) is none