ScreenShot
Created | 2021.09.08 18:17 | Machine | s1_win7_x6401 |
Filename | nd.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 42 detected (AIDetect, malware2, malicious, high confidence, GenericKD, Unsafe, AgentTesla, confidence, Razy, Eldorado, Attribute, HighConfidence, ccmw, MalwareX, Wmis, ayahm, DownLoader42, Sirefef, Outbreak, score, ai score=83, BScope, Injects, Generic@ML, RDML, jPZdi1CGbiAOp4e+nWK+bg, Static AI, Malicious PE, ZexaF, auW@aGIIHspi, susgen) | ||
md5 | 63425ec377156298620b9a0c79554172 | ||
sha256 | e43ec9407a6a31c49b922d31be4a34dc590c29aab4b4ad3c074b60c54baa4570 | ||
ssdeep | 192:GH0JH08lBH0yH08lg0pH08lUrvn3j/Tk:GCvBNvdv8j/Tk | ||
imphash | c954d787ed83e16e93cd194e921d4d5c | ||
impfuzzy | 12:cpufi2LDX71l3R6T17SE/XSE3ApSEcuCDSDSncU/jJtXMuvRIny4OSoa3BbTKbvs:yCLhE/iEwEEDMn3/11MMBsJKbfpwd |
Network IP location
Signature (3cnts)
Level | Description |
---|---|
danger | File has been identified by 42 AntiVirus engines on VirusTotal as malicious |
notice | Allocates read-write-execute memory (usually to unpack itself) |
info | One or more processes crashed |
Rules (3cnts)
Level | Name | Description | Collection |
---|---|---|---|
warning | Buhtrap_Group_IN | Buhtrap Group | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x402014 VirtualProtect
MPR.dll
0x402030 WNetConnectionDialog
0x402034 WNetGetNetworkInformationA
0x402038 WNetAddConnection3A
0x40203c WNetCancelConnection2W
0x402040 WNetGetResourceInformationA
0x402044 WNetAddConnection2W
MSVFW32.dll
0x402074 DrawDibRealize
0x402078 ICImageDecompress
0x40207c DrawDibEnd
AVIFIL32.dll
0x402000 AVIStreamSampleToTime
0x402004 AVIStreamFindSample
0x402008 AVIStreamRelease
0x40200c EditStreamClone
SHELL32.dll
0x402094 SHGetDesktopFolder
0x402098 ShellExecuteW
0x40209c ExtractIconEx
MSACM32.dll
0x40204c acmDriverAddA
0x402050 acmFormatSuggest
0x402054 acmFormatEnumA
0x402058 acmDriverDetailsA
0x40205c acmFormatDetailsW
0x402060 XRegThunkEntry
0x402064 acmFormatTagEnumA
0x402068 acmStreamMessage
0x40206c acmFormatDetailsA
mscms.dll
0x4020ac TranslateBitmapBits
0x4020b0 GetCMMInfo
0x4020b4 GetColorProfileHeader
msi.dll
0x4020bc None
0x4020c0 None
0x4020c4 None
0x4020c8 None
0x4020cc None
0x4020d0 None
MAPI32.dll
0x40201c None
0x402020 None
0x402024 None
0x402028 None
SETUPAPI.dll
0x402084 SetupDiRemoveDeviceInterface
0x402088 SetupQueueDeleteSectionW
0x40208c SetupDiGetHwProfileFriendlyNameExA
USER32.dll
0x4020a4 MessageBoxW
EAT(Export Address Table) is none
KERNEL32.dll
0x402014 VirtualProtect
MPR.dll
0x402030 WNetConnectionDialog
0x402034 WNetGetNetworkInformationA
0x402038 WNetAddConnection3A
0x40203c WNetCancelConnection2W
0x402040 WNetGetResourceInformationA
0x402044 WNetAddConnection2W
MSVFW32.dll
0x402074 DrawDibRealize
0x402078 ICImageDecompress
0x40207c DrawDibEnd
AVIFIL32.dll
0x402000 AVIStreamSampleToTime
0x402004 AVIStreamFindSample
0x402008 AVIStreamRelease
0x40200c EditStreamClone
SHELL32.dll
0x402094 SHGetDesktopFolder
0x402098 ShellExecuteW
0x40209c ExtractIconEx
MSACM32.dll
0x40204c acmDriverAddA
0x402050 acmFormatSuggest
0x402054 acmFormatEnumA
0x402058 acmDriverDetailsA
0x40205c acmFormatDetailsW
0x402060 XRegThunkEntry
0x402064 acmFormatTagEnumA
0x402068 acmStreamMessage
0x40206c acmFormatDetailsA
mscms.dll
0x4020ac TranslateBitmapBits
0x4020b0 GetCMMInfo
0x4020b4 GetColorProfileHeader
msi.dll
0x4020bc None
0x4020c0 None
0x4020c4 None
0x4020c8 None
0x4020cc None
0x4020d0 None
MAPI32.dll
0x40201c None
0x402020 None
0x402024 None
0x402028 None
SETUPAPI.dll
0x402084 SetupDiRemoveDeviceInterface
0x402088 SetupQueueDeleteSectionW
0x40208c SetupDiGetHwProfileFriendlyNameExA
USER32.dll
0x4020a4 MessageBoxW
EAT(Export Address Table) is none