ScreenShot
| Created | 2021.10.18 09:36 | Machine | s1_win7_x6402 |
| Filename | 2103609787.exe | ||
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 45 detected (Reline, Fragtor, Trojanpws, Generic PWS, Unsafe, MultiPlug, Save, malicious, confidence, 100%, TrojanPSW, ZexaF, XK0@a0G5nlmi, Eldorado, Rozena, R002C0WJE21, Ozsa, Malware@#356oecm15wexy, GenSteal, icukk, PSWTroj, kcloud, RedLine, score, Static AI, Malicious PE, Genetic) | ||
| md5 | 4058a27cf325710ab5a9020fe95e57f7 | ||
| sha256 | 9f5f9e5ba636fdea5ddece4718c97ac619d0e4f135ae2a1e3da0a8886aa8efc2 | ||
| ssdeep | 12288:eVIe9Zi0jqM40MWGjTs1285kXzl96n4m7jS6F3xpUZ6xy4+PfCzObOZQC:eJ/PBexZ8r7NR7hx/+3CzmOZD | ||
| imphash | 5d0d43282eff6279781d6c7c809bf649 | ||
| impfuzzy | 96:zKN2Sm6fCCOc5Xl3Oqz2e0b11txPB3OxfUv6N:zJCp3Vz2e411txPB3OxfUv6N | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.DLL
0x4ad3b0 AllocateAndInitializeSid
0x4ad3b4 CopySid
0x4ad3b8 EqualSid
0x4ad3bc GetLengthSid
0x4ad3c0 GetUserNameA
0x4ad3c4 InitializeSecurityDescriptor
0x4ad3c8 RegCloseKey
0x4ad3cc RegCreateKeyA
0x4ad3d0 RegCreateKeyExA
0x4ad3d4 RegDeleteKeyA
0x4ad3d8 RegDeleteValueA
0x4ad3dc RegEnumKeyA
0x4ad3e0 RegOpenKeyA
0x4ad3e4 RegQueryValueExA
0x4ad3e8 RegSetValueExA
0x4ad3ec SetSecurityDescriptorDacl
0x4ad3f0 SetSecurityDescriptorOwner
GDI32.dll
0x4ad3f8 CreateFontIndirectW
0x4ad3fc DeleteObject
0x4ad400 GetObjectW
0x4ad404 GetStockObject
0x4ad408 SelectObject
0x4ad40c SetBkMode
0x4ad410 SetTextColor
KERNEL32.dll
0x4ad418 CreateThread
0x4ad41c DeleteCriticalSection
0x4ad420 EnterCriticalSection
0x4ad424 ExitProcess
0x4ad428 FindClose
0x4ad42c FindFirstFileA
0x4ad430 FindNextFileA
0x4ad434 FreeLibrary
0x4ad438 GetCommandLineA
0x4ad43c GetLastError
0x4ad440 GetModuleHandleA
0x4ad444 GetProcAddress
0x4ad448 InitializeCriticalSection
0x4ad44c LeaveCriticalSection
0x4ad450 LoadLibraryA
0x4ad454 SetUnhandledExceptionFilter
0x4ad458 TlsGetValue
0x4ad45c VirtualAlloc
0x4ad460 VirtualProtect
0x4ad464 VirtualQuery
0x4ad468 WaitForSingleObject
msvcrt.dll
0x4ad470 _strdup
0x4ad474 _stricoll
msvcrt.dll
0x4ad47c __getmainargs
0x4ad480 __mb_cur_max
0x4ad484 __p__environ
0x4ad488 __p__fmode
0x4ad48c __set_app_type
0x4ad490 _cexit
0x4ad494 _errno
0x4ad498 _fpreset
0x4ad49c _fullpath
0x4ad4a0 _iob
0x4ad4a4 _isctype
0x4ad4a8 _onexit
0x4ad4ac _pctype
0x4ad4b0 _setmode
0x4ad4b4 abort
0x4ad4b8 atexit
0x4ad4bc calloc
0x4ad4c0 free
0x4ad4c4 fwrite
0x4ad4c8 malloc
0x4ad4cc mbstowcs
0x4ad4d0 memcpy
0x4ad4d4 memset
0x4ad4d8 realloc
0x4ad4dc setlocale
0x4ad4e0 signal
0x4ad4e4 strcoll
0x4ad4e8 strcpy
0x4ad4ec strlen
0x4ad4f0 tolower
0x4ad4f4 vfprintf
0x4ad4f8 wcstombs
USER32.dll
0x4ad500 AppendMenuA
0x4ad504 BeginPaint
0x4ad508 CheckDlgButton
0x4ad50c CheckMenuItem
0x4ad510 CheckRadioButton
0x4ad514 CloseClipboard
0x4ad518 CreateCaret
0x4ad51c CreateDialogParamA
0x4ad520 CreateMenu
0x4ad524 CreatePopupMenu
0x4ad528 CreateWindowExA
0x4ad52c CreateWindowExW
0x4ad530 DefDlgProcA
0x4ad534 DefWindowProcA
0x4ad538 DefWindowProcW
0x4ad53c DeleteMenu
0x4ad540 DestroyCaret
0x4ad544 DestroyIcon
0x4ad548 DestroyWindow
0x4ad54c DialogBoxParamA
0x4ad550 DispatchMessageA
0x4ad554 DispatchMessageW
0x4ad558 DrawEdge
0x4ad55c DrawIconEx
0x4ad560 EmptyClipboard
0x4ad564 EnableMenuItem
0x4ad568 EnableWindow
0x4ad56c EndDialog
0x4ad570 EndPaint
0x4ad574 FindWindowA
0x4ad578 FlashWindow
0x4ad57c GetCapture
0x4ad580 GetCaretBlinkTime
0x4ad584 GetClientRect
0x4ad588 GetClipboardData
0x4ad58c GetClipboardOwner
0x4ad590 GetCursorPos
0x4ad594 GetDC
0x4ad598 GetDesktopWindow
0x4ad59c GetDlgItem
0x4ad5a0 GetDlgItemTextA
0x4ad5a4 GetDoubleClickTime
0x4ad5a8 GetForegroundWindow
0x4ad5ac GetKeyboardLayout
0x4ad5b0 GetKeyboardState
0x4ad5b4 GetMessageA
0x4ad5b8 GetMessageTime
0x4ad5bc GetParent
0x4ad5c0 GetQueueStatus
0x4ad5c4 GetScrollInfo
0x4ad5c8 GetSysColor
0x4ad5cc GetSysColorBrush
0x4ad5d0 GetSystemMenu
0x4ad5d4 GetSystemMetrics
0x4ad5d8 GetWindowLongA
0x4ad5dc GetWindowPlacement
0x4ad5e0 GetWindowRect
0x4ad5e4 GetWindowTextA
0x4ad5e8 GetWindowTextLengthA
0x4ad5ec HideCaret
0x4ad5f0 InsertMenuA
0x4ad5f4 InvalidateRect
0x4ad5f8 IsDialogMessageA
0x4ad5fc IsDlgButtonChecked
0x4ad600 IsIconic
0x4ad604 IsWindow
0x4ad608 IsZoomed
0x4ad60c KillTimer
0x4ad610 LoadCursorA
0x4ad614 LoadIconA
0x4ad618 LoadImageA
0x4ad61c MapDialogRect
0x4ad620 MessageBeep
0x4ad624 MessageBoxA
0x4ad628 MessageBoxIndirectA
0x4ad62c MoveWindow
0x4ad630 MsgWaitForMultipleObjects
0x4ad634 OffsetRect
0x4ad638 OpenClipboard
0x4ad63c PeekMessageA
0x4ad640 PeekMessageW
0x4ad644 PostMessageA
0x4ad648 PostQuitMessage
0x4ad64c RegisterClassA
0x4ad650 RegisterClassW
0x4ad654 RegisterClipboardFormatA
0x4ad658 RegisterWindowMessageA
0x4ad65c ReleaseCapture
0x4ad660 ReleaseDC
0x4ad664 ScreenToClient
0x4ad668 SendDlgItemMessageA
0x4ad66c SendMessageA
0x4ad670 SetActiveWindow
0x4ad674 SetCapture
0x4ad678 SetCaretPos
0x4ad67c SetClassLongA
0x4ad680 SetClipboardData
0x4ad684 SetCursor
0x4ad688 SetDlgItemTextA
0x4ad68c SetFocus
0x4ad690 SetForegroundWindow
0x4ad694 SetKeyboardState
0x4ad698 SetScrollInfo
0x4ad69c SetTimer
0x4ad6a0 SetWindowLongA
0x4ad6a4 SetWindowPlacement
0x4ad6a8 SetWindowPos
0x4ad6ac SetWindowTextA
0x4ad6b0 ShowCaret
0x4ad6b4 ShowCursor
0x4ad6b8 ShowWindow
0x4ad6bc SystemParametersInfoA
0x4ad6c0 ToAsciiEx
0x4ad6c4 TrackPopupMenu
0x4ad6c8 TranslateMessage
0x4ad6cc UpdateWindow
EAT(Export Address Table) is none
ADVAPI32.DLL
0x4ad3b0 AllocateAndInitializeSid
0x4ad3b4 CopySid
0x4ad3b8 EqualSid
0x4ad3bc GetLengthSid
0x4ad3c0 GetUserNameA
0x4ad3c4 InitializeSecurityDescriptor
0x4ad3c8 RegCloseKey
0x4ad3cc RegCreateKeyA
0x4ad3d0 RegCreateKeyExA
0x4ad3d4 RegDeleteKeyA
0x4ad3d8 RegDeleteValueA
0x4ad3dc RegEnumKeyA
0x4ad3e0 RegOpenKeyA
0x4ad3e4 RegQueryValueExA
0x4ad3e8 RegSetValueExA
0x4ad3ec SetSecurityDescriptorDacl
0x4ad3f0 SetSecurityDescriptorOwner
GDI32.dll
0x4ad3f8 CreateFontIndirectW
0x4ad3fc DeleteObject
0x4ad400 GetObjectW
0x4ad404 GetStockObject
0x4ad408 SelectObject
0x4ad40c SetBkMode
0x4ad410 SetTextColor
KERNEL32.dll
0x4ad418 CreateThread
0x4ad41c DeleteCriticalSection
0x4ad420 EnterCriticalSection
0x4ad424 ExitProcess
0x4ad428 FindClose
0x4ad42c FindFirstFileA
0x4ad430 FindNextFileA
0x4ad434 FreeLibrary
0x4ad438 GetCommandLineA
0x4ad43c GetLastError
0x4ad440 GetModuleHandleA
0x4ad444 GetProcAddress
0x4ad448 InitializeCriticalSection
0x4ad44c LeaveCriticalSection
0x4ad450 LoadLibraryA
0x4ad454 SetUnhandledExceptionFilter
0x4ad458 TlsGetValue
0x4ad45c VirtualAlloc
0x4ad460 VirtualProtect
0x4ad464 VirtualQuery
0x4ad468 WaitForSingleObject
msvcrt.dll
0x4ad470 _strdup
0x4ad474 _stricoll
msvcrt.dll
0x4ad47c __getmainargs
0x4ad480 __mb_cur_max
0x4ad484 __p__environ
0x4ad488 __p__fmode
0x4ad48c __set_app_type
0x4ad490 _cexit
0x4ad494 _errno
0x4ad498 _fpreset
0x4ad49c _fullpath
0x4ad4a0 _iob
0x4ad4a4 _isctype
0x4ad4a8 _onexit
0x4ad4ac _pctype
0x4ad4b0 _setmode
0x4ad4b4 abort
0x4ad4b8 atexit
0x4ad4bc calloc
0x4ad4c0 free
0x4ad4c4 fwrite
0x4ad4c8 malloc
0x4ad4cc mbstowcs
0x4ad4d0 memcpy
0x4ad4d4 memset
0x4ad4d8 realloc
0x4ad4dc setlocale
0x4ad4e0 signal
0x4ad4e4 strcoll
0x4ad4e8 strcpy
0x4ad4ec strlen
0x4ad4f0 tolower
0x4ad4f4 vfprintf
0x4ad4f8 wcstombs
USER32.dll
0x4ad500 AppendMenuA
0x4ad504 BeginPaint
0x4ad508 CheckDlgButton
0x4ad50c CheckMenuItem
0x4ad510 CheckRadioButton
0x4ad514 CloseClipboard
0x4ad518 CreateCaret
0x4ad51c CreateDialogParamA
0x4ad520 CreateMenu
0x4ad524 CreatePopupMenu
0x4ad528 CreateWindowExA
0x4ad52c CreateWindowExW
0x4ad530 DefDlgProcA
0x4ad534 DefWindowProcA
0x4ad538 DefWindowProcW
0x4ad53c DeleteMenu
0x4ad540 DestroyCaret
0x4ad544 DestroyIcon
0x4ad548 DestroyWindow
0x4ad54c DialogBoxParamA
0x4ad550 DispatchMessageA
0x4ad554 DispatchMessageW
0x4ad558 DrawEdge
0x4ad55c DrawIconEx
0x4ad560 EmptyClipboard
0x4ad564 EnableMenuItem
0x4ad568 EnableWindow
0x4ad56c EndDialog
0x4ad570 EndPaint
0x4ad574 FindWindowA
0x4ad578 FlashWindow
0x4ad57c GetCapture
0x4ad580 GetCaretBlinkTime
0x4ad584 GetClientRect
0x4ad588 GetClipboardData
0x4ad58c GetClipboardOwner
0x4ad590 GetCursorPos
0x4ad594 GetDC
0x4ad598 GetDesktopWindow
0x4ad59c GetDlgItem
0x4ad5a0 GetDlgItemTextA
0x4ad5a4 GetDoubleClickTime
0x4ad5a8 GetForegroundWindow
0x4ad5ac GetKeyboardLayout
0x4ad5b0 GetKeyboardState
0x4ad5b4 GetMessageA
0x4ad5b8 GetMessageTime
0x4ad5bc GetParent
0x4ad5c0 GetQueueStatus
0x4ad5c4 GetScrollInfo
0x4ad5c8 GetSysColor
0x4ad5cc GetSysColorBrush
0x4ad5d0 GetSystemMenu
0x4ad5d4 GetSystemMetrics
0x4ad5d8 GetWindowLongA
0x4ad5dc GetWindowPlacement
0x4ad5e0 GetWindowRect
0x4ad5e4 GetWindowTextA
0x4ad5e8 GetWindowTextLengthA
0x4ad5ec HideCaret
0x4ad5f0 InsertMenuA
0x4ad5f4 InvalidateRect
0x4ad5f8 IsDialogMessageA
0x4ad5fc IsDlgButtonChecked
0x4ad600 IsIconic
0x4ad604 IsWindow
0x4ad608 IsZoomed
0x4ad60c KillTimer
0x4ad610 LoadCursorA
0x4ad614 LoadIconA
0x4ad618 LoadImageA
0x4ad61c MapDialogRect
0x4ad620 MessageBeep
0x4ad624 MessageBoxA
0x4ad628 MessageBoxIndirectA
0x4ad62c MoveWindow
0x4ad630 MsgWaitForMultipleObjects
0x4ad634 OffsetRect
0x4ad638 OpenClipboard
0x4ad63c PeekMessageA
0x4ad640 PeekMessageW
0x4ad644 PostMessageA
0x4ad648 PostQuitMessage
0x4ad64c RegisterClassA
0x4ad650 RegisterClassW
0x4ad654 RegisterClipboardFormatA
0x4ad658 RegisterWindowMessageA
0x4ad65c ReleaseCapture
0x4ad660 ReleaseDC
0x4ad664 ScreenToClient
0x4ad668 SendDlgItemMessageA
0x4ad66c SendMessageA
0x4ad670 SetActiveWindow
0x4ad674 SetCapture
0x4ad678 SetCaretPos
0x4ad67c SetClassLongA
0x4ad680 SetClipboardData
0x4ad684 SetCursor
0x4ad688 SetDlgItemTextA
0x4ad68c SetFocus
0x4ad690 SetForegroundWindow
0x4ad694 SetKeyboardState
0x4ad698 SetScrollInfo
0x4ad69c SetTimer
0x4ad6a0 SetWindowLongA
0x4ad6a4 SetWindowPlacement
0x4ad6a8 SetWindowPos
0x4ad6ac SetWindowTextA
0x4ad6b0 ShowCaret
0x4ad6b4 ShowCursor
0x4ad6b8 ShowWindow
0x4ad6bc SystemParametersInfoA
0x4ad6c0 ToAsciiEx
0x4ad6c4 TrackPopupMenu
0x4ad6c8 TranslateMessage
0x4ad6cc UpdateWindow
EAT(Export Address Table) is none