ScreenShot
| Created | 2021.09.25 11:20 | Machine | s1_win7_x6402 |
| Filename | 1NEW.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 56 detected (Solmyr, malicious, high confidence, Midie, GenericRI, S20702303, Unsafe, confidence, 100%, ParalaxRat, Eldorado, Attribute, HighConfidence, ACBZ, Mikey, ixdyob, RATX, Generic@ML, RDML, 49oWZvJELwx, zzWFOaZig, Siggen14, AGEN, ASMalwS, KVMH017, kcloud, 13TZGC, score, R374951, GenericRXNE, ai score=80, R002C0DIG21, Gencirc, mpJSPmzsnqA, Static AI, Malicious PE, susgen, GdSda) | ||
| md5 | 753e9e39697b50fba8a7d8d9d1fed16d | ||
| sha256 | 287f7c874f31dee5fca98794529da009bec348309a6e47d02d3b6f776a055a42 | ||
| ssdeep | 98304:877Pmq33rE/JDLPWZADUGer7B6iY74M/kmlwXVZaFB:K+R/eZADUXR | ||
| imphash | 71955ccbbcbb24efa9f89785e7cce225 | ||
| impfuzzy | 96:/cpg79YERhawKek5fJWMDXIB/GpmMoG5ig1e51lX17bysXrIth7AI:tCERfKxLYB85iGepF7bHbw | ||
Network IP location
Signature (10cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 56 AntiVirus engines on VirusTotal as malicious |
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | A process attempted to delay the analysis task. |
| watch | Communicates with host for which no DNS query was performed |
| watch | Creates a windows hook that monitors keyboard input (keylogger) |
| watch | Installs an hook procedure to monitor for mouse events |
| watch | Looks for the Windows Idle Time to determine the uptime |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x6e0000 HeapFree
0x6e0004 EnterCriticalSection
0x6e0008 LeaveCriticalSection
0x6e000c InitializeCriticalSectionEx
0x6e0010 HeapSize
0x6e0014 PostQueuedCompletionStatus
0x6e0018 FormatMessageW
0x6e001c GetLastError
0x6e0020 SetEvent
0x6e0024 TlsAlloc
0x6e0028 HeapReAlloc
0x6e002c CloseHandle
0x6e0030 RaiseException
0x6e0034 HeapAlloc
0x6e0038 DecodePointer
0x6e003c HeapDestroy
0x6e0040 LocalFree
0x6e0044 DeleteCriticalSection
0x6e0048 GetProcessHeap
0x6e004c WideCharToMultiByte
0x6e0050 TlsFree
0x6e0054 FormatMessageA
0x6e0058 CreateEventA
0x6e005c GetCurrentProcess
0x6e0060 GetSystemTimes
0x6e0064 GetTickCount64
0x6e0068 GetProcessTimes
0x6e006c SetWaitableTimer
0x6e0070 TlsSetValue
0x6e0074 SetLastError
0x6e0078 CreateWaitableTimerW
0x6e007c WaitForMultipleObjects
0x6e0080 InitializeCriticalSectionAndSpinCount
0x6e0084 GetQueuedCompletionStatus
0x6e0088 WaitForSingleObject
0x6e008c GetModuleHandleA
0x6e0090 CreateEventW
0x6e0094 MultiByteToWideChar
0x6e0098 TerminateThread
0x6e009c QueueUserAPC
0x6e00a0 GetProcAddress
0x6e00a4 VerSetConditionMask
0x6e00a8 SleepEx
0x6e00ac VerifyVersionInfoW
0x6e00b0 TlsGetValue
0x6e00b4 GetSystemTimeAsFileTime
0x6e00b8 CreateIoCompletionPort
0x6e00bc CreateDirectoryW
0x6e00c0 ReadFile
0x6e00c4 SizeofResource
0x6e00c8 QueryDosDeviceW
0x6e00cc GetVolumeInformationW
0x6e00d0 FindFirstFileW
0x6e00d4 WriteProcessMemory
0x6e00d8 FindFirstFileExW
0x6e00dc SetPriorityClass
0x6e00e0 VirtualFree
0x6e00e4 GetFullPathNameW
0x6e00e8 FindNextFileW
0x6e00ec lstrlenW
0x6e00f0 WriteFile
0x6e00f4 Wow64DisableWow64FsRedirection
0x6e00f8 GetSystemDefaultUILanguage
0x6e00fc GetDiskFreeSpaceW
0x6e0100 VirtualAlloc
0x6e0104 TerminateProcess
0x6e0108 GetDriveTypeA
0x6e010c GetModuleFileNameW
0x6e0110 GetUserDefaultLocaleName
0x6e0114 GetProcessId
0x6e0118 K32GetModuleFileNameExW
0x6e011c GetProductInfo
0x6e0120 Thread32Next
0x6e0124 GetTempPathW
0x6e0128 CreateMutexW
0x6e012c Thread32First
0x6e0130 FindClose
0x6e0134 GetLocaleInfoW
0x6e0138 CreateFileW
0x6e013c GetFileAttributesW
0x6e0140 GetCurrentThreadId
0x6e0144 GetVersionExW
0x6e0148 K32GetProcessImageFileNameW
0x6e014c SuspendThread
0x6e0150 GetSystemDirectoryW
0x6e0154 ResumeThread
0x6e0158 lstrcatA
0x6e015c OpenProcess
0x6e0160 SetFileAttributesW
0x6e0164 GetLogicalDriveStringsW
0x6e0168 CreateToolhelp32Snapshot
0x6e016c Sleep
0x6e0170 CopyFileA
0x6e0174 Process32NextW
0x6e0178 K32GetProcessMemoryInfo
0x6e017c CreateFileA
0x6e0180 GetCurrentThread
0x6e0184 LoadLibraryA
0x6e0188 LockResource
0x6e018c GlobalAlloc
0x6e0190 Process32FirstW
0x6e0194 GlobalFree
0x6e0198 GetNativeSystemInfo
0x6e019c GetSystemInfo
0x6e01a0 LoadLibraryW
0x6e01a4 FindResourceExW
0x6e01a8 LoadResource
0x6e01ac FindResourceW
0x6e01b0 SetFileAttributesA
0x6e01b4 GetThreadContext
0x6e01b8 GetPriorityClass
0x6e01bc GlobalLock
0x6e01c0 VirtualAllocEx
0x6e01c4 MoveFileExW
0x6e01c8 GetFileSize
0x6e01cc ExitProcess
0x6e01d0 ReadProcessMemory
0x6e01d4 GetComputerNameW
0x6e01d8 FindFirstStreamW
0x6e01dc GetCurrentProcessId
0x6e01e0 SystemTimeToFileTime
0x6e01e4 GlobalMemoryStatusEx
0x6e01e8 CreateProcessW
0x6e01ec GetModuleHandleW
0x6e01f0 WinExec
0x6e01f4 CreateRemoteThread
0x6e01f8 QueryFullProcessImageNameW
0x6e01fc CreateProcessA
0x6e0200 DebugBreak
0x6e0204 SetThreadContext
0x6e0208 FindNextStreamW
0x6e020c GetTickCount
0x6e0210 GlobalUnlock
0x6e0214 GetDriveTypeW
0x6e0218 GetFileTime
0x6e021c OpenThread
0x6e0220 GetExitCodeProcess
0x6e0224 Beep
0x6e0228 CreatePipe
0x6e022c PeekNamedPipe
0x6e0230 GetStartupInfoA
0x6e0234 lstrcpyA
0x6e0238 CreateThread
0x6e023c CreateTimerQueueTimer
0x6e0240 VirtualProtect
0x6e0244 GetCommandLineW
0x6e0248 DeviceIoControl
0x6e024c GetEnvironmentVariableW
0x6e0250 GetExitCodeThread
0x6e0254 FreeLibrary
0x6e0258 IsDebuggerPresent
0x6e025c CreateTimerQueue
0x6e0260 EncodePointer
0x6e0264 TryEnterCriticalSection
0x6e0268 DuplicateHandle
0x6e026c WaitForSingleObjectEx
0x6e0270 QueryPerformanceCounter
0x6e0274 GetFileAttributesExW
0x6e0278 GetFileInformationByHandle
0x6e027c SetEndOfFile
0x6e0280 SetFilePointerEx
0x6e0284 AreFileApisANSI
0x6e0288 GetStringTypeW
0x6e028c GetCPInfo
0x6e0290 CompareStringW
0x6e0294 LCMapStringW
0x6e0298 OutputDebugStringW
0x6e029c InitializeCriticalSection
0x6e02a0 GetSystemDirectoryA
0x6e02a4 VerifyVersionInfoA
0x6e02a8 ExpandEnvironmentStringsA
0x6e02ac GetStdHandle
0x6e02b0 GetFileType
0x6e02b4 ResetEvent
0x6e02b8 ReleaseSemaphore
0x6e02bc OpenEventA
0x6e02c0 GetLogicalProcessorInformation
0x6e02c4 GetCurrentDirectoryW
0x6e02c8 DeleteFileW
0x6e02cc RemoveDirectoryW
0x6e02d0 CreateDirectoryExW
0x6e02d4 GetFileSizeEx
0x6e02d8 SwitchToFiber
0x6e02dc DeleteFiber
0x6e02e0 CreateFiber
0x6e02e4 ConvertFiberToThread
0x6e02e8 ConvertThreadToFiber
0x6e02ec GetConsoleMode
0x6e02f0 SetConsoleMode
0x6e02f4 ReadConsoleA
0x6e02f8 ReadConsoleW
0x6e02fc GetSystemTime
0x6e0300 InitializeSListHead
0x6e0304 InterlockedPopEntrySList
0x6e0308 InterlockedPushEntrySList
0x6e030c InterlockedFlushSList
0x6e0310 QueryDepthSList
0x6e0314 UnregisterWaitEx
0x6e0318 RegisterWaitForSingleObject
0x6e031c GetThreadTimes
0x6e0320 FreeLibraryAndExitThread
0x6e0324 LoadLibraryExW
0x6e0328 SignalObjectAndWait
0x6e032c SwitchToThread
0x6e0330 SetThreadPriority
0x6e0334 GetThreadPriority
0x6e0338 ChangeTimerQueueTimer
0x6e033c DeleteTimerQueueTimer
0x6e0340 GetNumaHighestNodeNumber
0x6e0344 GetProcessAffinityMask
0x6e0348 SetThreadAffinityMask
0x6e034c UnregisterWait
0x6e0350 UnhandledExceptionFilter
0x6e0354 SetUnhandledExceptionFilter
0x6e0358 IsProcessorFeaturePresent
0x6e035c GetStartupInfoW
0x6e0360 RtlUnwind
0x6e0364 SetConsoleCtrlHandler
0x6e0368 ExitThread
0x6e036c GetModuleHandleExW
0x6e0370 SystemTimeToTzSpecificLocalTime
0x6e0374 FileTimeToSystemTime
0x6e0378 GetModuleFileNameA
0x6e037c WriteConsoleW
0x6e0380 SetEnvironmentVariableA
0x6e0384 GetACP
0x6e0388 GetConsoleCP
0x6e038c GetDateFormatW
0x6e0390 GetTimeFormatW
0x6e0394 IsValidLocale
0x6e0398 GetUserDefaultLCID
0x6e039c EnumSystemLocalesW
0x6e03a0 FlushFileBuffers
0x6e03a4 SetStdHandle
0x6e03a8 GetTimeZoneInformation
0x6e03ac FindFirstFileExA
0x6e03b0 FindNextFileA
0x6e03b4 IsValidCodePage
0x6e03b8 GetOEMCP
0x6e03bc GetCommandLineA
0x6e03c0 GetEnvironmentStringsW
0x6e03c4 FreeEnvironmentStringsW
0x6e03c8 VirtualQuery
0x6e03cc LoadLibraryExA
EAT(Export Address Table) is none
KERNEL32.dll
0x6e0000 HeapFree
0x6e0004 EnterCriticalSection
0x6e0008 LeaveCriticalSection
0x6e000c InitializeCriticalSectionEx
0x6e0010 HeapSize
0x6e0014 PostQueuedCompletionStatus
0x6e0018 FormatMessageW
0x6e001c GetLastError
0x6e0020 SetEvent
0x6e0024 TlsAlloc
0x6e0028 HeapReAlloc
0x6e002c CloseHandle
0x6e0030 RaiseException
0x6e0034 HeapAlloc
0x6e0038 DecodePointer
0x6e003c HeapDestroy
0x6e0040 LocalFree
0x6e0044 DeleteCriticalSection
0x6e0048 GetProcessHeap
0x6e004c WideCharToMultiByte
0x6e0050 TlsFree
0x6e0054 FormatMessageA
0x6e0058 CreateEventA
0x6e005c GetCurrentProcess
0x6e0060 GetSystemTimes
0x6e0064 GetTickCount64
0x6e0068 GetProcessTimes
0x6e006c SetWaitableTimer
0x6e0070 TlsSetValue
0x6e0074 SetLastError
0x6e0078 CreateWaitableTimerW
0x6e007c WaitForMultipleObjects
0x6e0080 InitializeCriticalSectionAndSpinCount
0x6e0084 GetQueuedCompletionStatus
0x6e0088 WaitForSingleObject
0x6e008c GetModuleHandleA
0x6e0090 CreateEventW
0x6e0094 MultiByteToWideChar
0x6e0098 TerminateThread
0x6e009c QueueUserAPC
0x6e00a0 GetProcAddress
0x6e00a4 VerSetConditionMask
0x6e00a8 SleepEx
0x6e00ac VerifyVersionInfoW
0x6e00b0 TlsGetValue
0x6e00b4 GetSystemTimeAsFileTime
0x6e00b8 CreateIoCompletionPort
0x6e00bc CreateDirectoryW
0x6e00c0 ReadFile
0x6e00c4 SizeofResource
0x6e00c8 QueryDosDeviceW
0x6e00cc GetVolumeInformationW
0x6e00d0 FindFirstFileW
0x6e00d4 WriteProcessMemory
0x6e00d8 FindFirstFileExW
0x6e00dc SetPriorityClass
0x6e00e0 VirtualFree
0x6e00e4 GetFullPathNameW
0x6e00e8 FindNextFileW
0x6e00ec lstrlenW
0x6e00f0 WriteFile
0x6e00f4 Wow64DisableWow64FsRedirection
0x6e00f8 GetSystemDefaultUILanguage
0x6e00fc GetDiskFreeSpaceW
0x6e0100 VirtualAlloc
0x6e0104 TerminateProcess
0x6e0108 GetDriveTypeA
0x6e010c GetModuleFileNameW
0x6e0110 GetUserDefaultLocaleName
0x6e0114 GetProcessId
0x6e0118 K32GetModuleFileNameExW
0x6e011c GetProductInfo
0x6e0120 Thread32Next
0x6e0124 GetTempPathW
0x6e0128 CreateMutexW
0x6e012c Thread32First
0x6e0130 FindClose
0x6e0134 GetLocaleInfoW
0x6e0138 CreateFileW
0x6e013c GetFileAttributesW
0x6e0140 GetCurrentThreadId
0x6e0144 GetVersionExW
0x6e0148 K32GetProcessImageFileNameW
0x6e014c SuspendThread
0x6e0150 GetSystemDirectoryW
0x6e0154 ResumeThread
0x6e0158 lstrcatA
0x6e015c OpenProcess
0x6e0160 SetFileAttributesW
0x6e0164 GetLogicalDriveStringsW
0x6e0168 CreateToolhelp32Snapshot
0x6e016c Sleep
0x6e0170 CopyFileA
0x6e0174 Process32NextW
0x6e0178 K32GetProcessMemoryInfo
0x6e017c CreateFileA
0x6e0180 GetCurrentThread
0x6e0184 LoadLibraryA
0x6e0188 LockResource
0x6e018c GlobalAlloc
0x6e0190 Process32FirstW
0x6e0194 GlobalFree
0x6e0198 GetNativeSystemInfo
0x6e019c GetSystemInfo
0x6e01a0 LoadLibraryW
0x6e01a4 FindResourceExW
0x6e01a8 LoadResource
0x6e01ac FindResourceW
0x6e01b0 SetFileAttributesA
0x6e01b4 GetThreadContext
0x6e01b8 GetPriorityClass
0x6e01bc GlobalLock
0x6e01c0 VirtualAllocEx
0x6e01c4 MoveFileExW
0x6e01c8 GetFileSize
0x6e01cc ExitProcess
0x6e01d0 ReadProcessMemory
0x6e01d4 GetComputerNameW
0x6e01d8 FindFirstStreamW
0x6e01dc GetCurrentProcessId
0x6e01e0 SystemTimeToFileTime
0x6e01e4 GlobalMemoryStatusEx
0x6e01e8 CreateProcessW
0x6e01ec GetModuleHandleW
0x6e01f0 WinExec
0x6e01f4 CreateRemoteThread
0x6e01f8 QueryFullProcessImageNameW
0x6e01fc CreateProcessA
0x6e0200 DebugBreak
0x6e0204 SetThreadContext
0x6e0208 FindNextStreamW
0x6e020c GetTickCount
0x6e0210 GlobalUnlock
0x6e0214 GetDriveTypeW
0x6e0218 GetFileTime
0x6e021c OpenThread
0x6e0220 GetExitCodeProcess
0x6e0224 Beep
0x6e0228 CreatePipe
0x6e022c PeekNamedPipe
0x6e0230 GetStartupInfoA
0x6e0234 lstrcpyA
0x6e0238 CreateThread
0x6e023c CreateTimerQueueTimer
0x6e0240 VirtualProtect
0x6e0244 GetCommandLineW
0x6e0248 DeviceIoControl
0x6e024c GetEnvironmentVariableW
0x6e0250 GetExitCodeThread
0x6e0254 FreeLibrary
0x6e0258 IsDebuggerPresent
0x6e025c CreateTimerQueue
0x6e0260 EncodePointer
0x6e0264 TryEnterCriticalSection
0x6e0268 DuplicateHandle
0x6e026c WaitForSingleObjectEx
0x6e0270 QueryPerformanceCounter
0x6e0274 GetFileAttributesExW
0x6e0278 GetFileInformationByHandle
0x6e027c SetEndOfFile
0x6e0280 SetFilePointerEx
0x6e0284 AreFileApisANSI
0x6e0288 GetStringTypeW
0x6e028c GetCPInfo
0x6e0290 CompareStringW
0x6e0294 LCMapStringW
0x6e0298 OutputDebugStringW
0x6e029c InitializeCriticalSection
0x6e02a0 GetSystemDirectoryA
0x6e02a4 VerifyVersionInfoA
0x6e02a8 ExpandEnvironmentStringsA
0x6e02ac GetStdHandle
0x6e02b0 GetFileType
0x6e02b4 ResetEvent
0x6e02b8 ReleaseSemaphore
0x6e02bc OpenEventA
0x6e02c0 GetLogicalProcessorInformation
0x6e02c4 GetCurrentDirectoryW
0x6e02c8 DeleteFileW
0x6e02cc RemoveDirectoryW
0x6e02d0 CreateDirectoryExW
0x6e02d4 GetFileSizeEx
0x6e02d8 SwitchToFiber
0x6e02dc DeleteFiber
0x6e02e0 CreateFiber
0x6e02e4 ConvertFiberToThread
0x6e02e8 ConvertThreadToFiber
0x6e02ec GetConsoleMode
0x6e02f0 SetConsoleMode
0x6e02f4 ReadConsoleA
0x6e02f8 ReadConsoleW
0x6e02fc GetSystemTime
0x6e0300 InitializeSListHead
0x6e0304 InterlockedPopEntrySList
0x6e0308 InterlockedPushEntrySList
0x6e030c InterlockedFlushSList
0x6e0310 QueryDepthSList
0x6e0314 UnregisterWaitEx
0x6e0318 RegisterWaitForSingleObject
0x6e031c GetThreadTimes
0x6e0320 FreeLibraryAndExitThread
0x6e0324 LoadLibraryExW
0x6e0328 SignalObjectAndWait
0x6e032c SwitchToThread
0x6e0330 SetThreadPriority
0x6e0334 GetThreadPriority
0x6e0338 ChangeTimerQueueTimer
0x6e033c DeleteTimerQueueTimer
0x6e0340 GetNumaHighestNodeNumber
0x6e0344 GetProcessAffinityMask
0x6e0348 SetThreadAffinityMask
0x6e034c UnregisterWait
0x6e0350 UnhandledExceptionFilter
0x6e0354 SetUnhandledExceptionFilter
0x6e0358 IsProcessorFeaturePresent
0x6e035c GetStartupInfoW
0x6e0360 RtlUnwind
0x6e0364 SetConsoleCtrlHandler
0x6e0368 ExitThread
0x6e036c GetModuleHandleExW
0x6e0370 SystemTimeToTzSpecificLocalTime
0x6e0374 FileTimeToSystemTime
0x6e0378 GetModuleFileNameA
0x6e037c WriteConsoleW
0x6e0380 SetEnvironmentVariableA
0x6e0384 GetACP
0x6e0388 GetConsoleCP
0x6e038c GetDateFormatW
0x6e0390 GetTimeFormatW
0x6e0394 IsValidLocale
0x6e0398 GetUserDefaultLCID
0x6e039c EnumSystemLocalesW
0x6e03a0 FlushFileBuffers
0x6e03a4 SetStdHandle
0x6e03a8 GetTimeZoneInformation
0x6e03ac FindFirstFileExA
0x6e03b0 FindNextFileA
0x6e03b4 IsValidCodePage
0x6e03b8 GetOEMCP
0x6e03bc GetCommandLineA
0x6e03c0 GetEnvironmentStringsW
0x6e03c4 FreeEnvironmentStringsW
0x6e03c8 VirtualQuery
0x6e03cc LoadLibraryExA
EAT(Export Address Table) is none