ScreenShot
| Created | 2021.09.12 14:49 | Machine | s1_win7_x6402 |
| Filename | studio.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 58 detected (AIDetect, malware1, malicious, high confidence, Zusy, Mauvaise, Unsafe, Save, Farfli, OIMS, Attribute, HighConfidence, Delf, erhebd, Gencirc, A + Mal, Behav, Siggen7, Redosdru, ZEGOST, SM37, Static AI, Malicious PE, beksk, ZPACK, ai score=83, ASMalwS, kcloud, score, R371173, GenericRXFT, BScope, TrojanPSW, Cimuz, Lamer, FileInfector, CLASSIC, GenAsa, xb8WV9Ep0Go, 100%, confidence, susgen) | ||
| md5 | 59b759497a138c44698bdbfeaa855e46 | ||
| sha256 | cc03cd3db24427db4274995198377ae945966c27bd5b74bc52e4547481b93553 | ||
| ssdeep | 12288:sXrSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9DJtXtj:sXWsJ39LyjbJkQFMhmC+6GD9XXV | ||
| imphash | 50f2914c55696a01c19cbfb70bca752f | ||
| impfuzzy | 24:UeDoEjmXfM9IdGq/ZwuKeBvBLBmdudWcHFCJMEcvL2TXCWmIBJOFOTBao/XBdG3n:UP/dN/OettHxvLUXCj6J8aaAXnGrTXH | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 58 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Installs itself for autorun at Windows startup |
| notice | Creates a service |
| info | Checks amount of memory in system |
| info | The executable uses a known packer |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40703c FreeLibrary
0x407040 GetProcAddress
0x407044 LoadLibraryA
0x407048 GetModuleFileNameA
0x40704c CloseHandle
0x407050 WaitForSingleObject
0x407054 GetVersionExA
0x407058 GetCurrentProcess
0x40705c GetModuleHandleA
0x407060 CopyFileA
0x407064 GetLastError
0x407068 HeapAlloc
0x40706c GetProcessHeap
0x407070 VirtualProtect
0x407074 HeapFree
0x407078 SetEvent
0x40707c CreateEventA
0x407080 lstrcmpiA
0x407084 GetStartupInfoA
0x407088 GetLocalTime
0x40708c lstrlenA
0x407090 CreateFileA
0x407094 WriteFile
0x407098 lstrcatA
0x40709c GetTickCount
0x4070a0 LocalAlloc
0x4070a4 LocalSize
0x4070a8 LocalFree
0x4070ac lstrcpyA
0x4070b0 Sleep
0x4070b4 InterlockedExchange
0x4070b8 VirtualAlloc
0x4070bc VirtualFree
0x4070c0 GlobalMemoryStatusEx
USER32.dll
0x407178 wsprintfA
ADVAPI32.dll
0x407000 RegisterServiceCtrlHandlerA
0x407004 SetServiceStatus
0x407008 OpenSCManagerA
0x40700c CreateServiceA
0x407010 OpenServiceA
0x407014 StartServiceA
0x407018 RegOpenKeyA
0x40701c RegSetValueExA
0x407020 RegCloseKey
0x407024 CloseServiceHandle
0x407028 OpenEventLogA
0x40702c ClearEventLogA
0x407030 CloseEventLog
0x407034 StartServiceCtrlDispatcherA
MSVCRT.dll
0x4070c8 fclose
0x4070cc ??3@YAXPAX@Z
0x4070d0 memcpy
0x4070d4 ceil
0x4070d8 _ftol
0x4070dc __CxxFrameHandler
0x4070e0 _CxxThrowException
0x4070e4 memset
0x4070e8 ??2@YAPAXI@Z
0x4070ec memcmp
0x4070f0 strlen
0x4070f4 strstr
0x4070f8 strcpy
0x4070fc strncpy
0x407100 strrchr
0x407104 atoi
0x407108 strcspn
0x40710c rand
0x407110 sprintf
0x407114 realloc
0x407118 free
0x40711c _beginthreadex
0x407120 _except_handler3
0x407124 _stricmp
0x407128 fprintf
0x40712c fopen
0x407130 strchr
0x407134 ??1type_info@@UAE@XZ
0x407138 __dllonexit
0x40713c _onexit
0x407140 _exit
0x407144 _XcptFilter
0x407148 exit
0x40714c _acmdln
0x407150 __getmainargs
0x407154 _initterm
0x407158 __setusermatherr
0x40715c _adjust_fdiv
0x407160 __p__commode
0x407164 __p__fmode
0x407168 __set_app_type
0x40716c _controlfp
0x407170 _strupr
EAT(Export Address Table) is none
KERNEL32.dll
0x40703c FreeLibrary
0x407040 GetProcAddress
0x407044 LoadLibraryA
0x407048 GetModuleFileNameA
0x40704c CloseHandle
0x407050 WaitForSingleObject
0x407054 GetVersionExA
0x407058 GetCurrentProcess
0x40705c GetModuleHandleA
0x407060 CopyFileA
0x407064 GetLastError
0x407068 HeapAlloc
0x40706c GetProcessHeap
0x407070 VirtualProtect
0x407074 HeapFree
0x407078 SetEvent
0x40707c CreateEventA
0x407080 lstrcmpiA
0x407084 GetStartupInfoA
0x407088 GetLocalTime
0x40708c lstrlenA
0x407090 CreateFileA
0x407094 WriteFile
0x407098 lstrcatA
0x40709c GetTickCount
0x4070a0 LocalAlloc
0x4070a4 LocalSize
0x4070a8 LocalFree
0x4070ac lstrcpyA
0x4070b0 Sleep
0x4070b4 InterlockedExchange
0x4070b8 VirtualAlloc
0x4070bc VirtualFree
0x4070c0 GlobalMemoryStatusEx
USER32.dll
0x407178 wsprintfA
ADVAPI32.dll
0x407000 RegisterServiceCtrlHandlerA
0x407004 SetServiceStatus
0x407008 OpenSCManagerA
0x40700c CreateServiceA
0x407010 OpenServiceA
0x407014 StartServiceA
0x407018 RegOpenKeyA
0x40701c RegSetValueExA
0x407020 RegCloseKey
0x407024 CloseServiceHandle
0x407028 OpenEventLogA
0x40702c ClearEventLogA
0x407030 CloseEventLog
0x407034 StartServiceCtrlDispatcherA
MSVCRT.dll
0x4070c8 fclose
0x4070cc ??3@YAXPAX@Z
0x4070d0 memcpy
0x4070d4 ceil
0x4070d8 _ftol
0x4070dc __CxxFrameHandler
0x4070e0 _CxxThrowException
0x4070e4 memset
0x4070e8 ??2@YAPAXI@Z
0x4070ec memcmp
0x4070f0 strlen
0x4070f4 strstr
0x4070f8 strcpy
0x4070fc strncpy
0x407100 strrchr
0x407104 atoi
0x407108 strcspn
0x40710c rand
0x407110 sprintf
0x407114 realloc
0x407118 free
0x40711c _beginthreadex
0x407120 _except_handler3
0x407124 _stricmp
0x407128 fprintf
0x40712c fopen
0x407130 strchr
0x407134 ??1type_info@@UAE@XZ
0x407138 __dllonexit
0x40713c _onexit
0x407140 _exit
0x407144 _XcptFilter
0x407148 exit
0x40714c _acmdln
0x407150 __getmainargs
0x407154 _initterm
0x407158 __setusermatherr
0x40715c _adjust_fdiv
0x407160 __p__commode
0x407164 __p__fmode
0x407168 __set_app_type
0x40716c _controlfp
0x407170 _strupr
EAT(Export Address Table) is none