ScreenShot
| Created | 2021.10.18 09:36 | Machine | s1_win7_x6401 |
| Filename | customer50.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 39 detected (malicious, high confidence, Cerbu, Fabookie, Artemis, Unsafe, Spyagent, Tazd, noname@0, wqvta, ai score=100, kcloud, score, R445766, R002C0DJG21, FBAdsCard, CLASSIC) | ||
| md5 | 5fc5f085acfa0071db7d7ecaca696650 | ||
| sha256 | 9d35a2153846ecea71060d69014279cb526f8b432913d02759c5023a81c62d59 | ||
| ssdeep | 24576:nkg6rJg7+sAKWHUUuxRfAmBJOQEhP4v4qLq/nbFtU+a1Svk7t:nulgSsAtHUdTzOQoP0Lq/xh9vkZ | ||
| imphash | a760781485268ad462242975d68411d5 | ||
| impfuzzy | 96:PQJd+pvvu7n6BF1UFpXlmWtQWcg0v+05K3MoCjc:2uu7YFaF+5mzzCjc | ||
Network IP location
Signature (11cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 39 AntiVirus engines on VirusTotal as malicious |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Looks up the external IP address |
| notice | Performs some HTTP requests |
| notice | Sends data using the HTTP POST Method |
| notice | Steals private information from local Internet browsers |
| info | Checks amount of memory in system |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | ASPack_Zero | ASPack packed file | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (7cnts) ?
Suricata ids
ET POLICY External IP Lookup ip-api.com
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140106038 AreFileApisANSI
0x140106040 ReadFile
0x140106048 TryEnterCriticalSection
0x140106050 HeapCreate
0x140106058 HeapFree
0x140106060 EnterCriticalSection
0x140106068 GetFullPathNameW
0x140106070 WriteFile
0x140106078 GetDiskFreeSpaceW
0x140106080 LockFile
0x140106088 LeaveCriticalSection
0x140106090 InitializeCriticalSection
0x140106098 SetFilePointer
0x1401060a0 GetFullPathNameA
0x1401060a8 SetEndOfFile
0x1401060b0 UnlockFileEx
0x1401060b8 GetTempPathW
0x1401060c0 CreateMutexW
0x1401060c8 WaitForSingleObject
0x1401060d0 CreateFileW
0x1401060d8 GetFileAttributesW
0x1401060e0 GetCurrentThreadId
0x1401060e8 UnmapViewOfFile
0x1401060f0 HeapValidate
0x1401060f8 HeapSize
0x140106100 MultiByteToWideChar
0x140106108 GetTempPathA
0x140106110 GetDiskFreeSpaceA
0x140106118 GetFileAttributesA
0x140106120 GetFileAttributesExW
0x140106128 OutputDebugStringW
0x140106130 CreateFileA
0x140106138 LoadLibraryA
0x140106140 WaitForSingleObjectEx
0x140106148 DeleteFileA
0x140106150 DeleteFileW
0x140106158 HeapReAlloc
0x140106160 CloseHandle
0x140106168 GetSystemInfo
0x140106170 LoadLibraryW
0x140106178 HeapAlloc
0x140106180 HeapCompact
0x140106188 HeapDestroy
0x140106190 UnlockFile
0x140106198 GetProcAddress
0x1401061a0 LocalFree
0x1401061a8 LockFileEx
0x1401061b0 GetFileSize
0x1401061b8 DeleteCriticalSection
0x1401061c0 GetCurrentProcessId
0x1401061c8 GetProcessHeap
0x1401061d0 SystemTimeToFileTime
0x1401061d8 FreeLibrary
0x1401061e0 WideCharToMultiByte
0x1401061e8 GetSystemTimeAsFileTime
0x1401061f0 GetSystemTime
0x1401061f8 FormatMessageA
0x140106200 CreateFileMappingW
0x140106208 MapViewOfFile
0x140106210 QueryPerformanceCounter
0x140106218 GetTickCount
0x140106220 FlushFileBuffers
0x140106228 lstrlenW
0x140106230 FindResourceW
0x140106238 LoadResource
0x140106240 LockResource
0x140106248 GetLastError
0x140106250 Sleep
0x140106258 CreateFileMappingA
0x140106260 FormatMessageW
0x140106268 GetStringTypeW
0x140106270 CompareStringEx
0x140106278 InitializeCriticalSectionEx
0x140106280 EncodePointer
0x140106288 DecodePointer
0x140106290 LCMapStringEx
0x140106298 GetCPInfo
0x1401062a0 InitializeCriticalSectionAndSpinCount
0x1401062a8 SetEvent
0x1401062b0 ResetEvent
0x1401062b8 CreateEventW
0x1401062c0 GetModuleHandleW
0x1401062c8 InitializeSListHead
0x1401062d0 RtlCaptureContext
0x1401062d8 RtlLookupFunctionEntry
0x1401062e0 RtlVirtualUnwind
0x1401062e8 IsDebuggerPresent
0x1401062f0 UnhandledExceptionFilter
0x1401062f8 SetUnhandledExceptionFilter
0x140106300 GetStartupInfoW
0x140106308 IsProcessorFeaturePresent
0x140106310 GetCurrentProcess
0x140106318 TerminateProcess
0x140106320 SetLastError
0x140106328 QueryPerformanceFrequency
0x140106330 RtlUnwindEx
0x140106338 InterlockedPushEntrySList
0x140106340 RtlPcToFileHeader
0x140106348 RaiseException
0x140106350 TlsAlloc
0x140106358 TlsGetValue
0x140106360 TlsSetValue
0x140106368 TlsFree
0x140106370 LoadLibraryExW
0x140106378 CreateThread
0x140106380 ExitThread
0x140106388 FreeLibraryAndExitThread
0x140106390 GetModuleHandleExW
0x140106398 ExitProcess
0x1401063a0 GetModuleFileNameW
0x1401063a8 GetStdHandle
0x1401063b0 CompareStringW
0x1401063b8 LCMapStringW
0x1401063c0 GetLocaleInfoW
0x1401063c8 IsValidLocale
0x1401063d0 GetUserDefaultLCID
0x1401063d8 EnumSystemLocalesW
0x1401063e0 GetFileType
0x1401063e8 GetTimeZoneInformation
0x1401063f0 GetConsoleOutputCP
0x1401063f8 GetConsoleMode
0x140106400 GetFileSizeEx
0x140106408 SetFilePointerEx
0x140106410 ReadConsoleW
0x140106418 FindClose
0x140106420 FindFirstFileExW
0x140106428 FindNextFileW
0x140106430 IsValidCodePage
0x140106438 GetACP
0x140106440 GetOEMCP
0x140106448 GetCommandLineA
0x140106450 GetCommandLineW
0x140106458 GetEnvironmentStringsW
0x140106460 FreeEnvironmentStringsW
0x140106468 SetEnvironmentVariableW
0x140106470 SetStdHandle
0x140106478 WriteConsoleW
0x140106480 OutputDebugStringA
0x140106488 SizeofResource
0x140106490 RtlUnwind
ADVAPI32.dll
0x140106000 RegCloseKey
0x140106008 RegSetValueExW
0x140106010 RegOpenKeyExW
0x140106018 RegCreateKeyW
SHELL32.dll
0x1401064a0 SHGetFolderPathW
WINHTTP.dll
0x1401064b0 WinHttpQueryDataAvailable
0x1401064b8 WinHttpConnect
0x1401064c0 WinHttpReceiveResponse
0x1401064c8 WinHttpOpen
0x1401064d0 WinHttpAddRequestHeaders
0x1401064d8 WinHttpQueryHeaders
0x1401064e0 WinHttpReadData
0x1401064e8 WinHttpOpenRequest
0x1401064f0 WinHttpSetOption
0x1401064f8 WinHttpCloseHandle
0x140106500 WinHttpGetIEProxyConfigForCurrentUser
0x140106508 WinHttpQueryAuthSchemes
0x140106510 WinHttpGetProxyForUrl
0x140106518 WinHttpSendRequest
0x140106520 WinHttpSetCredentials
CRYPT32.dll
0x140106028 CryptUnprotectData
EAT(Export Address Table) is none
KERNEL32.dll
0x140106038 AreFileApisANSI
0x140106040 ReadFile
0x140106048 TryEnterCriticalSection
0x140106050 HeapCreate
0x140106058 HeapFree
0x140106060 EnterCriticalSection
0x140106068 GetFullPathNameW
0x140106070 WriteFile
0x140106078 GetDiskFreeSpaceW
0x140106080 LockFile
0x140106088 LeaveCriticalSection
0x140106090 InitializeCriticalSection
0x140106098 SetFilePointer
0x1401060a0 GetFullPathNameA
0x1401060a8 SetEndOfFile
0x1401060b0 UnlockFileEx
0x1401060b8 GetTempPathW
0x1401060c0 CreateMutexW
0x1401060c8 WaitForSingleObject
0x1401060d0 CreateFileW
0x1401060d8 GetFileAttributesW
0x1401060e0 GetCurrentThreadId
0x1401060e8 UnmapViewOfFile
0x1401060f0 HeapValidate
0x1401060f8 HeapSize
0x140106100 MultiByteToWideChar
0x140106108 GetTempPathA
0x140106110 GetDiskFreeSpaceA
0x140106118 GetFileAttributesA
0x140106120 GetFileAttributesExW
0x140106128 OutputDebugStringW
0x140106130 CreateFileA
0x140106138 LoadLibraryA
0x140106140 WaitForSingleObjectEx
0x140106148 DeleteFileA
0x140106150 DeleteFileW
0x140106158 HeapReAlloc
0x140106160 CloseHandle
0x140106168 GetSystemInfo
0x140106170 LoadLibraryW
0x140106178 HeapAlloc
0x140106180 HeapCompact
0x140106188 HeapDestroy
0x140106190 UnlockFile
0x140106198 GetProcAddress
0x1401061a0 LocalFree
0x1401061a8 LockFileEx
0x1401061b0 GetFileSize
0x1401061b8 DeleteCriticalSection
0x1401061c0 GetCurrentProcessId
0x1401061c8 GetProcessHeap
0x1401061d0 SystemTimeToFileTime
0x1401061d8 FreeLibrary
0x1401061e0 WideCharToMultiByte
0x1401061e8 GetSystemTimeAsFileTime
0x1401061f0 GetSystemTime
0x1401061f8 FormatMessageA
0x140106200 CreateFileMappingW
0x140106208 MapViewOfFile
0x140106210 QueryPerformanceCounter
0x140106218 GetTickCount
0x140106220 FlushFileBuffers
0x140106228 lstrlenW
0x140106230 FindResourceW
0x140106238 LoadResource
0x140106240 LockResource
0x140106248 GetLastError
0x140106250 Sleep
0x140106258 CreateFileMappingA
0x140106260 FormatMessageW
0x140106268 GetStringTypeW
0x140106270 CompareStringEx
0x140106278 InitializeCriticalSectionEx
0x140106280 EncodePointer
0x140106288 DecodePointer
0x140106290 LCMapStringEx
0x140106298 GetCPInfo
0x1401062a0 InitializeCriticalSectionAndSpinCount
0x1401062a8 SetEvent
0x1401062b0 ResetEvent
0x1401062b8 CreateEventW
0x1401062c0 GetModuleHandleW
0x1401062c8 InitializeSListHead
0x1401062d0 RtlCaptureContext
0x1401062d8 RtlLookupFunctionEntry
0x1401062e0 RtlVirtualUnwind
0x1401062e8 IsDebuggerPresent
0x1401062f0 UnhandledExceptionFilter
0x1401062f8 SetUnhandledExceptionFilter
0x140106300 GetStartupInfoW
0x140106308 IsProcessorFeaturePresent
0x140106310 GetCurrentProcess
0x140106318 TerminateProcess
0x140106320 SetLastError
0x140106328 QueryPerformanceFrequency
0x140106330 RtlUnwindEx
0x140106338 InterlockedPushEntrySList
0x140106340 RtlPcToFileHeader
0x140106348 RaiseException
0x140106350 TlsAlloc
0x140106358 TlsGetValue
0x140106360 TlsSetValue
0x140106368 TlsFree
0x140106370 LoadLibraryExW
0x140106378 CreateThread
0x140106380 ExitThread
0x140106388 FreeLibraryAndExitThread
0x140106390 GetModuleHandleExW
0x140106398 ExitProcess
0x1401063a0 GetModuleFileNameW
0x1401063a8 GetStdHandle
0x1401063b0 CompareStringW
0x1401063b8 LCMapStringW
0x1401063c0 GetLocaleInfoW
0x1401063c8 IsValidLocale
0x1401063d0 GetUserDefaultLCID
0x1401063d8 EnumSystemLocalesW
0x1401063e0 GetFileType
0x1401063e8 GetTimeZoneInformation
0x1401063f0 GetConsoleOutputCP
0x1401063f8 GetConsoleMode
0x140106400 GetFileSizeEx
0x140106408 SetFilePointerEx
0x140106410 ReadConsoleW
0x140106418 FindClose
0x140106420 FindFirstFileExW
0x140106428 FindNextFileW
0x140106430 IsValidCodePage
0x140106438 GetACP
0x140106440 GetOEMCP
0x140106448 GetCommandLineA
0x140106450 GetCommandLineW
0x140106458 GetEnvironmentStringsW
0x140106460 FreeEnvironmentStringsW
0x140106468 SetEnvironmentVariableW
0x140106470 SetStdHandle
0x140106478 WriteConsoleW
0x140106480 OutputDebugStringA
0x140106488 SizeofResource
0x140106490 RtlUnwind
ADVAPI32.dll
0x140106000 RegCloseKey
0x140106008 RegSetValueExW
0x140106010 RegOpenKeyExW
0x140106018 RegCreateKeyW
SHELL32.dll
0x1401064a0 SHGetFolderPathW
WINHTTP.dll
0x1401064b0 WinHttpQueryDataAvailable
0x1401064b8 WinHttpConnect
0x1401064c0 WinHttpReceiveResponse
0x1401064c8 WinHttpOpen
0x1401064d0 WinHttpAddRequestHeaders
0x1401064d8 WinHttpQueryHeaders
0x1401064e0 WinHttpReadData
0x1401064e8 WinHttpOpenRequest
0x1401064f0 WinHttpSetOption
0x1401064f8 WinHttpCloseHandle
0x140106500 WinHttpGetIEProxyConfigForCurrentUser
0x140106508 WinHttpQueryAuthSchemes
0x140106510 WinHttpGetProxyForUrl
0x140106518 WinHttpSendRequest
0x140106520 WinHttpSetCredentials
CRYPT32.dll
0x140106028 CryptUnprotectData
EAT(Export Address Table) is none