ScreenShot
| Created | 2021.10.19 09:36 | Machine | s1_win7_x6401 |
| Filename | nett.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 10 detected (Artemis, ZexaCO, @F1@aqMBpgei, Malicious, none, Sabsik, score) | ||
| md5 | 400fba5ba55de726ed484ba680e74500 | ||
| sha256 | 5d91391caa4520c281f6b5cab65914417fed0445d836067c7f70c77795417af6 | ||
| ssdeep | 98304:74AqGkgAo0Gkuv0VrN2OVDv4j24lilj1qn:74vlPqsrNAi9Un | ||
| imphash | 444a63419f2dc4d9905ad6a923b878cf | ||
| impfuzzy | 48:rwuVBL22O4wBzxyYxfXCc+6/kQabTZXcgOS3WPZox/aVyjvXKQKxCE54alZ/9nLc:rVL22CzxNxfXCc+687vZXczfK2P/TW | ||
Network IP location
Signature (13cnts)
| Level | Description |
|---|---|
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| warning | Generates some ICMP traffic |
| watch | Attempts to remove evidence of file being downloaded from the Internet |
| watch | Communicates with host for which no DNS query was performed |
| watch | File has been identified by 10 AntiVirus engines on VirusTotal as malicious |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Repeatedly searches for a not-found process |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x76103c GlobalFree
0x761040 MultiByteToWideChar
0x761044 GetConsoleOutputCP
0x761048 VerSetConditionMask
0x76104c FreeLibrary
0x761050 GetProcAddress
0x761054 LoadLibraryA
0x761058 VerifyVersionInfoW
0x76105c GetStdHandle
0x761060 Beep
0x761064 CloseHandle
0x761068 GetVersion
0x76106c GetConsoleMode
0x761070 SetConsoleMode
0x761074 ReadConsoleInputA
0x761078 CopyFileA
0x76107c GlobalLock
0x761080 FillConsoleOutputAttribute
0x761084 FlushConsoleInputBuffer
0x761088 SetConsoleOutputCP
0x76108c GetConsoleScreenBufferInfo
0x761090 SetConsoleScreenBufferSize
0x761094 SetConsoleCursorPosition
0x761098 WriteConsoleOutputCharacterA
0x76109c WriteConsoleOutputCharacterW
0x7610a0 WriteConsoleOutputAttribute
0x7610a4 GetConsoleTitleA
0x7610a8 SetConsoleTitleA
0x7610ac GetCurrentConsoleFontEx
0x7610b0 SetCurrentConsoleFontEx
0x7610b4 GetConsoleWindow
0x7610b8 GetModuleFileNameA
0x7610bc GetCurrentProcessId
0x7610c0 GlobalUnlock
0x7610c4 GlobalAlloc
0x7610c8 Sleep
0x7610cc OutputDebugStringA
0x7610d0 DebugBreak
0x7610d4 GetDiskFreeSpaceA
0x7610d8 FindNextFileA
0x7610dc FindFirstFileA
0x7610e0 FillConsoleOutputCharacterA
0x7610e4 FindClose
0x7610e8 IsDebuggerPresent
0x7610ec SetConsoleCtrlHandler
0x7610f0 CreateDirectoryA
0x7610f4 GetFileSizeEx
0x7610f8 GetFileAttributesExW
0x7610fc SetEndOfFile
0x761100 DeleteFileW
0x761104 SetEnvironmentVariableW
0x761108 FreeEnvironmentStringsW
0x76110c GetEnvironmentStringsW
0x761110 GetOEMCP
0x761114 GetACP
0x761118 IsValidCodePage
0x76111c FindNextFileW
0x761120 FindFirstFileExW
0x761124 HeapQueryInformation
0x761128 HeapSize
0x76112c HeapReAlloc
0x761130 GetTimeZoneInformation
0x761134 MoveFileExW
0x761138 GetTickCount
0x76113c GetConsoleCursorInfo
0x761140 SetConsoleCursorInfo
0x761144 WriteConsoleA
0x761148 WriteConsoleOutputA
0x76114c GetFileType
0x761150 DuplicateHandle
0x761154 SetUnhandledExceptionFilter
0x761158 GetCurrentProcess
0x76115c OpenProcess
0x761160 MapViewOfFile
0x761164 UnmapViewOfFile
0x761168 GetModuleHandleA
0x76116c CreateFileMappingA
0x761170 CreateConsoleScreenBuffer
0x761174 SetConsoleActiveScreenBuffer
0x761178 GetLargestConsoleWindowSize
0x76117c SetConsoleTextAttribute
0x761180 SetConsoleWindowInfo
0x761184 GetNumberOfConsoleInputEvents
0x761188 PeekConsoleInputA
0x76118c UnhandledExceptionFilter
0x761190 TerminateProcess
0x761194 IsProcessorFeaturePresent
0x761198 RaiseException
0x76119c WideCharToMultiByte
0x7611a0 GetLastError
0x7611a4 HeapAlloc
0x7611a8 HeapFree
0x7611ac GetProcessHeap
0x7611b0 VirtualQuery
0x7611b4 QueryPerformanceCounter
0x7611b8 GetCurrentThreadId
0x7611bc GetSystemTimeAsFileTime
0x7611c0 InitializeSListHead
0x7611c4 GetStartupInfoW
0x7611c8 GetModuleHandleW
0x7611cc EnterCriticalSection
0x7611d0 LeaveCriticalSection
0x7611d4 DeleteCriticalSection
0x7611d8 EncodePointer
0x7611dc DecodePointer
0x7611e0 GetCPInfo
0x7611e4 SetLastError
0x7611e8 InitializeCriticalSectionAndSpinCount
0x7611ec CreateEventW
0x7611f0 SwitchToThread
0x7611f4 TlsAlloc
0x7611f8 TlsGetValue
0x7611fc TlsSetValue
0x761200 TlsFree
0x761204 CompareStringW
0x761208 LCMapStringW
0x76120c GetLocaleInfoW
0x761210 GetStringTypeW
0x761214 RtlUnwind
0x761218 GetModuleFileNameW
0x76121c LoadLibraryExW
0x761220 InterlockedPushEntrySList
0x761224 InterlockedFlushSList
0x761228 CreateFileW
0x76122c GetDriveTypeW
0x761230 GetFileInformationByHandle
0x761234 PeekNamedPipe
0x761238 SystemTimeToTzSpecificLocalTime
0x76123c FileTimeToSystemTime
0x761240 WriteFile
0x761244 OutputDebugStringW
0x761248 WriteConsoleW
0x76124c ExitProcess
0x761250 GetModuleHandleExW
0x761254 SetCurrentDirectoryW
0x761258 GetCurrentDirectoryW
0x76125c GetConsoleCP
0x761260 ReadFile
0x761264 HeapValidate
0x761268 GetSystemInfo
0x76126c QueryPerformanceFrequency
0x761270 GetCommandLineA
0x761274 GetCommandLineW
0x761278 SetFilePointerEx
0x76127c ReadConsoleW
0x761280 GetCurrentThread
0x761284 GetDateFormatW
0x761288 GetTimeFormatW
0x76128c IsValidLocale
0x761290 GetUserDefaultLCID
0x761294 EnumSystemLocalesW
0x761298 GetFullPathNameW
0x76129c SetStdHandle
0x7612a0 ReadConsoleInputW
0x7612a4 FlushFileBuffers
ADVAPI32.dll
0x761000 RegCloseKey
0x761004 RegQueryValueExA
0x761008 GetUserNameA
0x76100c RegQueryValueExW
0x761010 RegOpenKeyExA
GDI32.dll
0x761018 GetCharABCWidthsW
0x76101c GetCharWidthW
0x761020 EnumFontFamiliesExW
0x761024 DeleteObject
0x761028 CreateFontIndirectW
0x76102c SelectObject
0x761030 GetFontUnicodeRanges
0x761034 GetTextMetricsA
ole32.dll
0x761314 CoTaskMemFree
SHELL32.dll
0x7612ac SHGetKnownFolderPath
USER32.dll
0x7612b4 GetWindowThreadProcessId
0x7612b8 FindWindowA
0x7612bc SendMessageA
0x7612c0 wsprintfA
0x7612c4 GetKeyboardLayout
0x7612c8 GetMonitorInfoA
0x7612cc MapVirtualKeyA
0x7612d0 ReleaseDC
0x7612d4 GetDC
0x7612d8 EmptyClipboard
0x7612dc SetClipboardData
0x7612e0 GetClipboardData
0x7612e4 OpenClipboard
0x7612e8 GetKeyState
0x7612ec MonitorFromWindow
0x7612f0 MessageBeep
0x7612f4 CloseClipboard
WINMM.dll
0x7612fc sndPlaySoundA
crypt.dll
0x761304 BCryptCloseAlgorithmProvider
0x761308 BCryptOpenAlgorithmProvider
0x76130c BCryptGenRandom
EAT(Export Address Table) is none
KERNEL32.dll
0x76103c GlobalFree
0x761040 MultiByteToWideChar
0x761044 GetConsoleOutputCP
0x761048 VerSetConditionMask
0x76104c FreeLibrary
0x761050 GetProcAddress
0x761054 LoadLibraryA
0x761058 VerifyVersionInfoW
0x76105c GetStdHandle
0x761060 Beep
0x761064 CloseHandle
0x761068 GetVersion
0x76106c GetConsoleMode
0x761070 SetConsoleMode
0x761074 ReadConsoleInputA
0x761078 CopyFileA
0x76107c GlobalLock
0x761080 FillConsoleOutputAttribute
0x761084 FlushConsoleInputBuffer
0x761088 SetConsoleOutputCP
0x76108c GetConsoleScreenBufferInfo
0x761090 SetConsoleScreenBufferSize
0x761094 SetConsoleCursorPosition
0x761098 WriteConsoleOutputCharacterA
0x76109c WriteConsoleOutputCharacterW
0x7610a0 WriteConsoleOutputAttribute
0x7610a4 GetConsoleTitleA
0x7610a8 SetConsoleTitleA
0x7610ac GetCurrentConsoleFontEx
0x7610b0 SetCurrentConsoleFontEx
0x7610b4 GetConsoleWindow
0x7610b8 GetModuleFileNameA
0x7610bc GetCurrentProcessId
0x7610c0 GlobalUnlock
0x7610c4 GlobalAlloc
0x7610c8 Sleep
0x7610cc OutputDebugStringA
0x7610d0 DebugBreak
0x7610d4 GetDiskFreeSpaceA
0x7610d8 FindNextFileA
0x7610dc FindFirstFileA
0x7610e0 FillConsoleOutputCharacterA
0x7610e4 FindClose
0x7610e8 IsDebuggerPresent
0x7610ec SetConsoleCtrlHandler
0x7610f0 CreateDirectoryA
0x7610f4 GetFileSizeEx
0x7610f8 GetFileAttributesExW
0x7610fc SetEndOfFile
0x761100 DeleteFileW
0x761104 SetEnvironmentVariableW
0x761108 FreeEnvironmentStringsW
0x76110c GetEnvironmentStringsW
0x761110 GetOEMCP
0x761114 GetACP
0x761118 IsValidCodePage
0x76111c FindNextFileW
0x761120 FindFirstFileExW
0x761124 HeapQueryInformation
0x761128 HeapSize
0x76112c HeapReAlloc
0x761130 GetTimeZoneInformation
0x761134 MoveFileExW
0x761138 GetTickCount
0x76113c GetConsoleCursorInfo
0x761140 SetConsoleCursorInfo
0x761144 WriteConsoleA
0x761148 WriteConsoleOutputA
0x76114c GetFileType
0x761150 DuplicateHandle
0x761154 SetUnhandledExceptionFilter
0x761158 GetCurrentProcess
0x76115c OpenProcess
0x761160 MapViewOfFile
0x761164 UnmapViewOfFile
0x761168 GetModuleHandleA
0x76116c CreateFileMappingA
0x761170 CreateConsoleScreenBuffer
0x761174 SetConsoleActiveScreenBuffer
0x761178 GetLargestConsoleWindowSize
0x76117c SetConsoleTextAttribute
0x761180 SetConsoleWindowInfo
0x761184 GetNumberOfConsoleInputEvents
0x761188 PeekConsoleInputA
0x76118c UnhandledExceptionFilter
0x761190 TerminateProcess
0x761194 IsProcessorFeaturePresent
0x761198 RaiseException
0x76119c WideCharToMultiByte
0x7611a0 GetLastError
0x7611a4 HeapAlloc
0x7611a8 HeapFree
0x7611ac GetProcessHeap
0x7611b0 VirtualQuery
0x7611b4 QueryPerformanceCounter
0x7611b8 GetCurrentThreadId
0x7611bc GetSystemTimeAsFileTime
0x7611c0 InitializeSListHead
0x7611c4 GetStartupInfoW
0x7611c8 GetModuleHandleW
0x7611cc EnterCriticalSection
0x7611d0 LeaveCriticalSection
0x7611d4 DeleteCriticalSection
0x7611d8 EncodePointer
0x7611dc DecodePointer
0x7611e0 GetCPInfo
0x7611e4 SetLastError
0x7611e8 InitializeCriticalSectionAndSpinCount
0x7611ec CreateEventW
0x7611f0 SwitchToThread
0x7611f4 TlsAlloc
0x7611f8 TlsGetValue
0x7611fc TlsSetValue
0x761200 TlsFree
0x761204 CompareStringW
0x761208 LCMapStringW
0x76120c GetLocaleInfoW
0x761210 GetStringTypeW
0x761214 RtlUnwind
0x761218 GetModuleFileNameW
0x76121c LoadLibraryExW
0x761220 InterlockedPushEntrySList
0x761224 InterlockedFlushSList
0x761228 CreateFileW
0x76122c GetDriveTypeW
0x761230 GetFileInformationByHandle
0x761234 PeekNamedPipe
0x761238 SystemTimeToTzSpecificLocalTime
0x76123c FileTimeToSystemTime
0x761240 WriteFile
0x761244 OutputDebugStringW
0x761248 WriteConsoleW
0x76124c ExitProcess
0x761250 GetModuleHandleExW
0x761254 SetCurrentDirectoryW
0x761258 GetCurrentDirectoryW
0x76125c GetConsoleCP
0x761260 ReadFile
0x761264 HeapValidate
0x761268 GetSystemInfo
0x76126c QueryPerformanceFrequency
0x761270 GetCommandLineA
0x761274 GetCommandLineW
0x761278 SetFilePointerEx
0x76127c ReadConsoleW
0x761280 GetCurrentThread
0x761284 GetDateFormatW
0x761288 GetTimeFormatW
0x76128c IsValidLocale
0x761290 GetUserDefaultLCID
0x761294 EnumSystemLocalesW
0x761298 GetFullPathNameW
0x76129c SetStdHandle
0x7612a0 ReadConsoleInputW
0x7612a4 FlushFileBuffers
ADVAPI32.dll
0x761000 RegCloseKey
0x761004 RegQueryValueExA
0x761008 GetUserNameA
0x76100c RegQueryValueExW
0x761010 RegOpenKeyExA
GDI32.dll
0x761018 GetCharABCWidthsW
0x76101c GetCharWidthW
0x761020 EnumFontFamiliesExW
0x761024 DeleteObject
0x761028 CreateFontIndirectW
0x76102c SelectObject
0x761030 GetFontUnicodeRanges
0x761034 GetTextMetricsA
ole32.dll
0x761314 CoTaskMemFree
SHELL32.dll
0x7612ac SHGetKnownFolderPath
USER32.dll
0x7612b4 GetWindowThreadProcessId
0x7612b8 FindWindowA
0x7612bc SendMessageA
0x7612c0 wsprintfA
0x7612c4 GetKeyboardLayout
0x7612c8 GetMonitorInfoA
0x7612cc MapVirtualKeyA
0x7612d0 ReleaseDC
0x7612d4 GetDC
0x7612d8 EmptyClipboard
0x7612dc SetClipboardData
0x7612e0 GetClipboardData
0x7612e4 OpenClipboard
0x7612e8 GetKeyState
0x7612ec MonitorFromWindow
0x7612f0 MessageBeep
0x7612f4 CloseClipboard
WINMM.dll
0x7612fc sndPlaySoundA
crypt.dll
0x761304 BCryptCloseAlgorithmProvider
0x761308 BCryptOpenAlgorithmProvider
0x76130c BCryptGenRandom
EAT(Export Address Table) is none