ScreenShot
| Created | 2021.09.20 09:43 | Machine | s1_win7_x6402 |
| Filename | customer2.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | dc70792e3bec9dbfd00abcceee8d849e | ||
| sha256 | ba15278f7ee4ca3519f945f491abaf7234a48bcdb1baec7f471e59d6ee19fc91 | ||
| ssdeep | 24576:HAFnWzNUe3a9nvOvk+/QBNFjmDWTe2c6Ek:yWzmeK9n2FQbFBTq4 | ||
| imphash | 0e0b1327b851d652046461e0a8be7593 | ||
| impfuzzy | 96:PQJd+pvvu7Z36BF1Hyvt8V/cgPqr+VKlMoCjc:2uu7ZoFNe0ApRCjc | ||
Network IP location
Signature (10cnts)
| Level | Description |
|---|---|
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Looks up the external IP address |
| notice | Performs some HTTP requests |
| notice | Sends data using the HTTP POST Method |
| notice | Steals private information from local Internet browsers |
| info | Checks amount of memory in system |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | ASPack_Zero | ASPack packed file | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (7cnts) ?
Suricata ids
ET POLICY External IP Lookup ip-api.com
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140106038 AreFileApisANSI
0x140106040 ReadFile
0x140106048 TryEnterCriticalSection
0x140106050 HeapCreate
0x140106058 HeapFree
0x140106060 EnterCriticalSection
0x140106068 GetFullPathNameW
0x140106070 WriteFile
0x140106078 GetDiskFreeSpaceW
0x140106080 LockFile
0x140106088 LeaveCriticalSection
0x140106090 InitializeCriticalSection
0x140106098 SetFilePointer
0x1401060a0 GetFullPathNameA
0x1401060a8 SetEndOfFile
0x1401060b0 UnlockFileEx
0x1401060b8 GetTempPathW
0x1401060c0 CreateMutexW
0x1401060c8 WaitForSingleObject
0x1401060d0 CreateFileW
0x1401060d8 GetFileAttributesW
0x1401060e0 GetCurrentThreadId
0x1401060e8 UnmapViewOfFile
0x1401060f0 HeapValidate
0x1401060f8 HeapSize
0x140106100 MultiByteToWideChar
0x140106108 GetTempPathA
0x140106110 GetDiskFreeSpaceA
0x140106118 GetFileAttributesA
0x140106120 GetFileAttributesExW
0x140106128 OutputDebugStringW
0x140106130 CreateFileA
0x140106138 LoadLibraryA
0x140106140 WaitForSingleObjectEx
0x140106148 DeleteFileA
0x140106150 DeleteFileW
0x140106158 HeapReAlloc
0x140106160 CloseHandle
0x140106168 GetSystemInfo
0x140106170 LoadLibraryW
0x140106178 HeapAlloc
0x140106180 HeapCompact
0x140106188 HeapDestroy
0x140106190 UnlockFile
0x140106198 GetProcAddress
0x1401061a0 CreateFileMappingA
0x1401061a8 LockFileEx
0x1401061b0 GetFileSize
0x1401061b8 DeleteCriticalSection
0x1401061c0 GetCurrentProcessId
0x1401061c8 GetProcessHeap
0x1401061d0 SystemTimeToFileTime
0x1401061d8 FreeLibrary
0x1401061e0 WideCharToMultiByte
0x1401061e8 GetSystemTimeAsFileTime
0x1401061f0 GetSystemTime
0x1401061f8 FormatMessageA
0x140106200 CreateFileMappingW
0x140106208 MapViewOfFile
0x140106210 QueryPerformanceCounter
0x140106218 GetTickCount
0x140106220 FlushFileBuffers
0x140106228 LocalFree
0x140106230 GetLastError
0x140106238 FormatMessageW
0x140106240 lstrlenW
0x140106248 FindResourceW
0x140106250 LoadResource
0x140106258 LockResource
0x140106260 SizeofResource
0x140106268 GetStringTypeW
0x140106270 EncodePointer
0x140106278 DecodePointer
0x140106280 GetCPInfo
0x140106288 CompareStringW
0x140106290 LCMapStringW
0x140106298 GetLocaleInfoW
0x1401062a0 SetLastError
0x1401062a8 InitializeCriticalSectionAndSpinCount
0x1401062b0 CreateEventW
0x1401062b8 TlsAlloc
0x1401062c0 TlsGetValue
0x1401062c8 TlsSetValue
0x1401062d0 TlsFree
0x1401062d8 GetModuleHandleW
0x1401062e0 SetEvent
0x1401062e8 ResetEvent
0x1401062f0 InitializeSListHead
0x1401062f8 RtlCaptureContext
0x140106300 RtlLookupFunctionEntry
0x140106308 RtlVirtualUnwind
0x140106310 IsDebuggerPresent
0x140106318 UnhandledExceptionFilter
0x140106320 SetUnhandledExceptionFilter
0x140106328 GetStartupInfoW
0x140106330 IsProcessorFeaturePresent
0x140106338 GetCurrentProcess
0x140106340 TerminateProcess
0x140106348 QueryPerformanceFrequency
0x140106350 GetCurrentThread
0x140106358 GetThreadTimes
0x140106360 RtlUnwindEx
0x140106368 InterlockedPushEntrySList
0x140106370 RtlPcToFileHeader
0x140106378 RaiseException
0x140106380 LoadLibraryExW
0x140106388 CreateThread
0x140106390 ExitThread
0x140106398 FreeLibraryAndExitThread
0x1401063a0 GetModuleHandleExW
0x1401063a8 ExitProcess
0x1401063b0 GetModuleFileNameW
0x1401063b8 GetStdHandle
0x1401063c0 IsValidLocale
0x1401063c8 GetUserDefaultLCID
0x1401063d0 EnumSystemLocalesW
0x1401063d8 GetFileType
0x1401063e0 GetTimeZoneInformation
0x1401063e8 GetConsoleOutputCP
0x1401063f0 GetConsoleMode
0x1401063f8 GetFileSizeEx
0x140106400 SetFilePointerEx
0x140106408 ReadConsoleW
0x140106410 FindClose
0x140106418 FindFirstFileExW
0x140106420 FindNextFileW
0x140106428 IsValidCodePage
0x140106430 GetACP
0x140106438 GetOEMCP
0x140106440 GetCommandLineA
0x140106448 GetCommandLineW
0x140106450 GetEnvironmentStringsW
0x140106458 FreeEnvironmentStringsW
0x140106460 SetEnvironmentVariableW
0x140106468 SetStdHandle
0x140106470 WriteConsoleW
0x140106478 Sleep
0x140106480 OutputDebugStringA
0x140106488 RtlUnwind
ADVAPI32.dll
0x140106000 RegOpenKeyExW
0x140106008 RegSetValueExW
0x140106010 RegCreateKeyW
0x140106018 RegCloseKey
SHELL32.dll
0x140106498 SHGetFolderPathW
WINHTTP.dll
0x1401064a8 WinHttpQueryDataAvailable
0x1401064b0 WinHttpConnect
0x1401064b8 WinHttpReceiveResponse
0x1401064c0 WinHttpOpen
0x1401064c8 WinHttpAddRequestHeaders
0x1401064d0 WinHttpQueryHeaders
0x1401064d8 WinHttpReadData
0x1401064e0 WinHttpOpenRequest
0x1401064e8 WinHttpSetOption
0x1401064f0 WinHttpCloseHandle
0x1401064f8 WinHttpGetIEProxyConfigForCurrentUser
0x140106500 WinHttpQueryAuthSchemes
0x140106508 WinHttpGetProxyForUrl
0x140106510 WinHttpSendRequest
0x140106518 WinHttpSetCredentials
CRYPT32.dll
0x140106028 CryptUnprotectData
EAT(Export Address Table) is none
KERNEL32.dll
0x140106038 AreFileApisANSI
0x140106040 ReadFile
0x140106048 TryEnterCriticalSection
0x140106050 HeapCreate
0x140106058 HeapFree
0x140106060 EnterCriticalSection
0x140106068 GetFullPathNameW
0x140106070 WriteFile
0x140106078 GetDiskFreeSpaceW
0x140106080 LockFile
0x140106088 LeaveCriticalSection
0x140106090 InitializeCriticalSection
0x140106098 SetFilePointer
0x1401060a0 GetFullPathNameA
0x1401060a8 SetEndOfFile
0x1401060b0 UnlockFileEx
0x1401060b8 GetTempPathW
0x1401060c0 CreateMutexW
0x1401060c8 WaitForSingleObject
0x1401060d0 CreateFileW
0x1401060d8 GetFileAttributesW
0x1401060e0 GetCurrentThreadId
0x1401060e8 UnmapViewOfFile
0x1401060f0 HeapValidate
0x1401060f8 HeapSize
0x140106100 MultiByteToWideChar
0x140106108 GetTempPathA
0x140106110 GetDiskFreeSpaceA
0x140106118 GetFileAttributesA
0x140106120 GetFileAttributesExW
0x140106128 OutputDebugStringW
0x140106130 CreateFileA
0x140106138 LoadLibraryA
0x140106140 WaitForSingleObjectEx
0x140106148 DeleteFileA
0x140106150 DeleteFileW
0x140106158 HeapReAlloc
0x140106160 CloseHandle
0x140106168 GetSystemInfo
0x140106170 LoadLibraryW
0x140106178 HeapAlloc
0x140106180 HeapCompact
0x140106188 HeapDestroy
0x140106190 UnlockFile
0x140106198 GetProcAddress
0x1401061a0 CreateFileMappingA
0x1401061a8 LockFileEx
0x1401061b0 GetFileSize
0x1401061b8 DeleteCriticalSection
0x1401061c0 GetCurrentProcessId
0x1401061c8 GetProcessHeap
0x1401061d0 SystemTimeToFileTime
0x1401061d8 FreeLibrary
0x1401061e0 WideCharToMultiByte
0x1401061e8 GetSystemTimeAsFileTime
0x1401061f0 GetSystemTime
0x1401061f8 FormatMessageA
0x140106200 CreateFileMappingW
0x140106208 MapViewOfFile
0x140106210 QueryPerformanceCounter
0x140106218 GetTickCount
0x140106220 FlushFileBuffers
0x140106228 LocalFree
0x140106230 GetLastError
0x140106238 FormatMessageW
0x140106240 lstrlenW
0x140106248 FindResourceW
0x140106250 LoadResource
0x140106258 LockResource
0x140106260 SizeofResource
0x140106268 GetStringTypeW
0x140106270 EncodePointer
0x140106278 DecodePointer
0x140106280 GetCPInfo
0x140106288 CompareStringW
0x140106290 LCMapStringW
0x140106298 GetLocaleInfoW
0x1401062a0 SetLastError
0x1401062a8 InitializeCriticalSectionAndSpinCount
0x1401062b0 CreateEventW
0x1401062b8 TlsAlloc
0x1401062c0 TlsGetValue
0x1401062c8 TlsSetValue
0x1401062d0 TlsFree
0x1401062d8 GetModuleHandleW
0x1401062e0 SetEvent
0x1401062e8 ResetEvent
0x1401062f0 InitializeSListHead
0x1401062f8 RtlCaptureContext
0x140106300 RtlLookupFunctionEntry
0x140106308 RtlVirtualUnwind
0x140106310 IsDebuggerPresent
0x140106318 UnhandledExceptionFilter
0x140106320 SetUnhandledExceptionFilter
0x140106328 GetStartupInfoW
0x140106330 IsProcessorFeaturePresent
0x140106338 GetCurrentProcess
0x140106340 TerminateProcess
0x140106348 QueryPerformanceFrequency
0x140106350 GetCurrentThread
0x140106358 GetThreadTimes
0x140106360 RtlUnwindEx
0x140106368 InterlockedPushEntrySList
0x140106370 RtlPcToFileHeader
0x140106378 RaiseException
0x140106380 LoadLibraryExW
0x140106388 CreateThread
0x140106390 ExitThread
0x140106398 FreeLibraryAndExitThread
0x1401063a0 GetModuleHandleExW
0x1401063a8 ExitProcess
0x1401063b0 GetModuleFileNameW
0x1401063b8 GetStdHandle
0x1401063c0 IsValidLocale
0x1401063c8 GetUserDefaultLCID
0x1401063d0 EnumSystemLocalesW
0x1401063d8 GetFileType
0x1401063e0 GetTimeZoneInformation
0x1401063e8 GetConsoleOutputCP
0x1401063f0 GetConsoleMode
0x1401063f8 GetFileSizeEx
0x140106400 SetFilePointerEx
0x140106408 ReadConsoleW
0x140106410 FindClose
0x140106418 FindFirstFileExW
0x140106420 FindNextFileW
0x140106428 IsValidCodePage
0x140106430 GetACP
0x140106438 GetOEMCP
0x140106440 GetCommandLineA
0x140106448 GetCommandLineW
0x140106450 GetEnvironmentStringsW
0x140106458 FreeEnvironmentStringsW
0x140106460 SetEnvironmentVariableW
0x140106468 SetStdHandle
0x140106470 WriteConsoleW
0x140106478 Sleep
0x140106480 OutputDebugStringA
0x140106488 RtlUnwind
ADVAPI32.dll
0x140106000 RegOpenKeyExW
0x140106008 RegSetValueExW
0x140106010 RegCreateKeyW
0x140106018 RegCloseKey
SHELL32.dll
0x140106498 SHGetFolderPathW
WINHTTP.dll
0x1401064a8 WinHttpQueryDataAvailable
0x1401064b0 WinHttpConnect
0x1401064b8 WinHttpReceiveResponse
0x1401064c0 WinHttpOpen
0x1401064c8 WinHttpAddRequestHeaders
0x1401064d0 WinHttpQueryHeaders
0x1401064d8 WinHttpReadData
0x1401064e0 WinHttpOpenRequest
0x1401064e8 WinHttpSetOption
0x1401064f0 WinHttpCloseHandle
0x1401064f8 WinHttpGetIEProxyConfigForCurrentUser
0x140106500 WinHttpQueryAuthSchemes
0x140106508 WinHttpGetProxyForUrl
0x140106510 WinHttpSendRequest
0x140106518 WinHttpSetCredentials
CRYPT32.dll
0x140106028 CryptUnprotectData
EAT(Export Address Table) is none