ScreenShot
| Created | 2021.10.19 16:34 | Machine | s1_win7_x6402 |
| Filename | RemoteCMD - 3.0.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 10 detected (Unsafe, Malicious, Startpage, Static AI, Malicious PE, susgen, Qhost, Generic@ML, RDML, fH0Z+nop2, TfTUzyz6Lqzw, GenAsa, hKRyaSzRsss) | ||
| md5 | 70ca048c47aa97e95e1ea36ce2514ac3 | ||
| sha256 | db68cb9d5b34c56286f68eb5e15966b5007d31de8f35b707e1ecfcee2bad4ca5 | ||
| ssdeep | 6144:cQB8OWua/aK/sFf9aTlSNbaBm/skZfNr4vbQ5:TB854K/XlS9aY/smfNr4TQ5 | ||
| imphash | 13e953e43b1ead41787b74c3178fc208 | ||
| impfuzzy | 48:tWIjNQZdhkOqXvprzDvh6U04u0Lkyl5pRvVSv//25Q30LzZLd:tWIpw/kfXd4n0LzZLd | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 10 AntiVirus engines on VirusTotal as malicious |
| notice | Creates executable files on the filesystem |
| info | Command line console output was observed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (12cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | ASPack_Zero | ASPack packed file | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (download) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
SHLWAPI.dll
0x41114c StrStrA
0x411150 StrStrIA
0x411154 StrChrA
KERNEL32.dll
0x411018 lstrcmpA
0x41101c AllocConsole
0x411020 GetStdHandle
0x411024 WriteFile
0x411028 WriteConsoleA
0x41102c ReadFile
0x411030 ReadConsoleA
0x411034 MultiByteToWideChar
0x411038 HeapFree
0x41103c lstrcmpiA
0x411040 WideCharToMultiByte
0x411044 HeapAlloc
0x411048 SetConsoleMode
0x41104c GetConsoleMode
0x411050 GetLastError
0x411054 GetModuleFileNameA
0x411058 ExitProcess
0x41105c Sleep
0x411060 CreateThread
0x411064 GetTimeFormatA
0x411068 CloseHandle
0x41106c CreateFileA
0x411070 SizeofResource
0x411074 LockResource
0x411078 LoadResource
0x41107c FindResourceA
0x411080 lstrlenA
0x411084 GetFileAttributesA
0x411088 GetSystemDefaultLCID
0x41108c GetModuleHandleA
0x411090 ReadConsoleInputA
0x411094 lstrcatA
0x411098 WaitForSingleObject
0x41109c SetConsoleCursorPosition
0x4110a0 FillConsoleOutputCharacterA
0x4110a4 GetConsoleScreenBufferInfo
0x4110a8 PeekNamedPipe
0x4110ac lstrlenW
0x4110b0 CreateProcessA
0x4110b4 DuplicateHandle
0x4110b8 GetCurrentProcess
0x4110bc CreatePipe
0x4110c0 GetVersion
0x4110c4 GetExitCodeProcess
0x4110c8 TerminateProcess
0x4110cc GetTickCount
0x4110d0 SetCurrentDirectoryA
0x4110d4 DeleteFileA
0x4110d8 ExpandEnvironmentStringsA
0x4110dc GetCurrentDirectoryA
0x4110e0 lstrcpyA
0x4110e4 lstrcmpW
0x4110e8 GetCommandLineA
0x4110ec GetProcessHeap
0x4110f0 RemoveDirectoryA
0x4110f4 lstrcatW
0x4110f8 CreateDirectoryA
0x4110fc GetTempPathA
USER32.dll
0x41115c GetDesktopWindow
0x411160 CharLowerA
0x411164 IsCharAlphaNumericA
0x411168 GetParent
0x41116c DialogBoxParamA
0x411170 CharToOemA
0x411174 MessageBoxA
0x411178 GetForegroundWindow
0x41117c GetWindowRect
0x411180 CopyRect
0x411184 OffsetRect
0x411188 SetWindowPos
0x41118c LoadStringA
0x411190 SetDlgItemTextA
0x411194 GetDlgItem
0x411198 SetFocus
0x41119c GetDlgItemTextA
0x4111a0 EndDialog
0x4111a4 wsprintfA
ADVAPI32.dll
0x411000 RegQueryValueExA
0x411004 RegCloseKey
0x411008 RegEnumKeyExA
0x41100c RegOpenKeyExA
0x411010 RegQueryValueExW
ole32.dll
0x4111ac CoUninitialize
0x4111b0 CoGetObject
0x4111b4 CLSIDFromProgID
0x4111b8 CoCreateInstance
0x4111bc CoInitialize
OLEAUT32.dll
0x411104 VariantTimeToSystemTime
0x411108 VarBstrFromCy
0x41110c VarBstrFromR4
0x411110 VarBstrFromR8
0x411114 VarBstrFromDec
0x411118 SafeArrayUnaccessData
0x41111c LoadTypeLib
0x411120 SysFreeString
0x411124 VariantInit
0x411128 SysAllocString
0x41112c DispInvoke
0x411130 DispGetIDsOfNames
0x411134 SafeArrayGetUBound
0x411138 SafeArrayGetLBound
0x41113c SafeArrayGetDim
0x411140 SysStringLen
0x411144 SafeArrayAccessData
EAT(Export Address Table) is none
SHLWAPI.dll
0x41114c StrStrA
0x411150 StrStrIA
0x411154 StrChrA
KERNEL32.dll
0x411018 lstrcmpA
0x41101c AllocConsole
0x411020 GetStdHandle
0x411024 WriteFile
0x411028 WriteConsoleA
0x41102c ReadFile
0x411030 ReadConsoleA
0x411034 MultiByteToWideChar
0x411038 HeapFree
0x41103c lstrcmpiA
0x411040 WideCharToMultiByte
0x411044 HeapAlloc
0x411048 SetConsoleMode
0x41104c GetConsoleMode
0x411050 GetLastError
0x411054 GetModuleFileNameA
0x411058 ExitProcess
0x41105c Sleep
0x411060 CreateThread
0x411064 GetTimeFormatA
0x411068 CloseHandle
0x41106c CreateFileA
0x411070 SizeofResource
0x411074 LockResource
0x411078 LoadResource
0x41107c FindResourceA
0x411080 lstrlenA
0x411084 GetFileAttributesA
0x411088 GetSystemDefaultLCID
0x41108c GetModuleHandleA
0x411090 ReadConsoleInputA
0x411094 lstrcatA
0x411098 WaitForSingleObject
0x41109c SetConsoleCursorPosition
0x4110a0 FillConsoleOutputCharacterA
0x4110a4 GetConsoleScreenBufferInfo
0x4110a8 PeekNamedPipe
0x4110ac lstrlenW
0x4110b0 CreateProcessA
0x4110b4 DuplicateHandle
0x4110b8 GetCurrentProcess
0x4110bc CreatePipe
0x4110c0 GetVersion
0x4110c4 GetExitCodeProcess
0x4110c8 TerminateProcess
0x4110cc GetTickCount
0x4110d0 SetCurrentDirectoryA
0x4110d4 DeleteFileA
0x4110d8 ExpandEnvironmentStringsA
0x4110dc GetCurrentDirectoryA
0x4110e0 lstrcpyA
0x4110e4 lstrcmpW
0x4110e8 GetCommandLineA
0x4110ec GetProcessHeap
0x4110f0 RemoveDirectoryA
0x4110f4 lstrcatW
0x4110f8 CreateDirectoryA
0x4110fc GetTempPathA
USER32.dll
0x41115c GetDesktopWindow
0x411160 CharLowerA
0x411164 IsCharAlphaNumericA
0x411168 GetParent
0x41116c DialogBoxParamA
0x411170 CharToOemA
0x411174 MessageBoxA
0x411178 GetForegroundWindow
0x41117c GetWindowRect
0x411180 CopyRect
0x411184 OffsetRect
0x411188 SetWindowPos
0x41118c LoadStringA
0x411190 SetDlgItemTextA
0x411194 GetDlgItem
0x411198 SetFocus
0x41119c GetDlgItemTextA
0x4111a0 EndDialog
0x4111a4 wsprintfA
ADVAPI32.dll
0x411000 RegQueryValueExA
0x411004 RegCloseKey
0x411008 RegEnumKeyExA
0x41100c RegOpenKeyExA
0x411010 RegQueryValueExW
ole32.dll
0x4111ac CoUninitialize
0x4111b0 CoGetObject
0x4111b4 CLSIDFromProgID
0x4111b8 CoCreateInstance
0x4111bc CoInitialize
OLEAUT32.dll
0x411104 VariantTimeToSystemTime
0x411108 VarBstrFromCy
0x41110c VarBstrFromR4
0x411110 VarBstrFromR8
0x411114 VarBstrFromDec
0x411118 SafeArrayUnaccessData
0x41111c LoadTypeLib
0x411120 SysFreeString
0x411124 VariantInit
0x411128 SysAllocString
0x41112c DispInvoke
0x411130 DispGetIDsOfNames
0x411134 SafeArrayGetUBound
0x411138 SafeArrayGetLBound
0x41113c SafeArrayGetDim
0x411140 SysStringLen
0x411144 SafeArrayAccessData
EAT(Export Address Table) is none