ScreenShot
| Created | 2021.10.23 09:46 | Machine | s1_win7_x6401 |
| Filename | os.zip | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 47 detected (AIDetect, malware1, Swizzor, l8Pw, malicious, high confidence, score, Generic PWS, Unsafe, Save, GenericKD, confidence, Attribute, HighConfidence, Kryptik, HMUW, Bobik, ccmw, CrypterX, Generic@ML, RDMK, 6vwUYEhpGEvMId2uu2lEqQ, R002C0WJI21, Fsysna, Fraud, Gen8, ai score=84, kcloud, Phonzy, TTUNZ7, R445985, BScope, Gencirc, 0JPmqTA7D64, ZexaF, zq0@autzNPdi, GdSda, susgen) | ||
| md5 | 07f5f3b04b3997354115cc715febc848 | ||
| sha256 | 7a7a128a51a5e153c55481518bdffe67093e94d99845531918ff50875a13e5fe | ||
| ssdeep | 6144:R5VybgaUV4kgV4YHRBduhafN7FY7WXGNJ:JybgvAxHweFY7WXm | ||
| imphash | b90ad766f05a0095e6c521f56485a931 | ||
| impfuzzy | 48:oFjfb4fltb/BECKjIloKX0Wxks+/KALnBSYn6gyS5kz+HZAEFnLJGGdF1xhv2:oFjfbWltbZECWNLtdVDR2 | ||
Network IP location
Signature (15cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 47 AntiVirus engines on VirusTotal as malicious |
| watch | Attempts to identify installed AV products by installation directory |
| watch | Installs itself for autorun at Windows startup |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates a suspicious process |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Sends data using the HTTP POST Method |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Command line console output was observed |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable uses a known packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | JPEG_Format_Zero | JPEG Format | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Suricata ids
ET MALWARE Amadey CnC Check-In
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x409000 RegCloseKey
0x409004 RegOpenKeyExW
KERNEL32.dll
0x40900c RtlUnwind
0x409010 GetLastError
0x409014 GetVersion
0x409018 VirtualFree
0x40901c LeaveCriticalSection
0x409020 InterlockedIncrement
0x409024 HeapFree
0x409028 GetACP
0x40902c TlsAlloc
0x409030 GetProcessHeap
0x409034 InitializeCriticalSection
0x409038 EnterCriticalSection
0x40903c GetCPInfo
0x409040 GetEnvironmentStrings
0x409044 HeapReAlloc
0x409048 UnhandledExceptionFilter
0x40904c GetStringTypeA
0x409050 GetModuleFileNameA
0x409054 GetVersionExA
0x409058 GetSystemTimeAsFileTime
0x40905c LCMapStringW
0x409060 CloseHandle
0x409064 GetFileType
0x409068 SetStdHandle
0x40906c GetStdHandle
0x409070 GetOEMCP
0x409074 TlsFree
0x409078 TerminateProcess
0x40907c TlsSetValue
0x409080 TlsGetValue
0x409084 WideCharToMultiByte
0x409088 ExitProcess
0x40908c FreeEnvironmentStringsW
0x409090 GetCurrentThreadId
0x409094 InterlockedDecrement
0x409098 WriteFile
0x40909c HeapCreate
0x4090a0 IsBadCodePtr
0x4090a4 SetUnhandledExceptionFilter
0x4090a8 GetStartupInfoA
0x4090ac GetEnvironmentStringsW
0x4090b0 GetTickCount
0x4090b4 GetStringTypeW
0x4090b8 FreeEnvironmentStringsA
0x4090bc GetModuleHandleA
0x4090c0 FlushFileBuffers
0x4090c4 SetLastError
0x4090c8 SetHandleCount
0x4090cc GetCommandLineA
0x4090d0 DeleteCriticalSection
0x4090d4 HeapDestroy
0x4090d8 SetFilePointer
0x4090dc MultiByteToWideChar
0x4090e0 GetCurrentProcess
0x4090e4 IsBadReadPtr
0x4090e8 LCMapStringA
0x4090ec GetEnvironmentVariableA
0x4090f0 HeapAlloc
user32.dll
0x4090f8 LoadStringW
0x4090fc KillTimer
0x409100 SetWindowPos
0x409104 SetWindowRgn
0x409108 ShowWindow
0x40910c CreateWindowExW
0x409110 RegisterClassW
0x409114 GetMonitorInfoW
0x409118 LoadAcceleratorsW
0x40911c LoadCursorW
0x409120 DefWindowProcW
0x409124 GetWindowRect
0x409128 PostQuitMessage
0x40912c LoadIconW
0x409130 PostMessageW
0x409134 OffsetRect
0x409138 EndPaint
0x40913c GetWindowLongW
0x409140 TranslateAcceleratorW
0x409144 AnimateWindow
0x409148 IsIconic
0x40914c BeginPaint
0x409150 GetMessageW
0x409154 MonitorFromWindow
0x409158 DispatchMessageW
0x40915c TranslateMessage
0x409160 SetTimer
GDI32.dll
0x409168 BitBlt
0x40916c CreateCompatibleDC
0x409170 DeleteObject
0x409174 CreateRoundRectRgn
IMM32.dll
0x40917c ImmGetContext
0x409180 ImmReleaseContext
MSIMG32.dll
0x409188 GradientFill
0x40918c AlphaBlend
ole32.dll
0x409194 DoDragDrop
SHELL32.dll
0x40919c DragFinish
0x4091a0 DragAcceptFiles
WINMM.dll
0x4091a8 PlaySoundW
WInspoOl.drV
0x4091b0 DocumentPropertiesW
EAT(Export Address Table) is none
ADVAPI32.dll
0x409000 RegCloseKey
0x409004 RegOpenKeyExW
KERNEL32.dll
0x40900c RtlUnwind
0x409010 GetLastError
0x409014 GetVersion
0x409018 VirtualFree
0x40901c LeaveCriticalSection
0x409020 InterlockedIncrement
0x409024 HeapFree
0x409028 GetACP
0x40902c TlsAlloc
0x409030 GetProcessHeap
0x409034 InitializeCriticalSection
0x409038 EnterCriticalSection
0x40903c GetCPInfo
0x409040 GetEnvironmentStrings
0x409044 HeapReAlloc
0x409048 UnhandledExceptionFilter
0x40904c GetStringTypeA
0x409050 GetModuleFileNameA
0x409054 GetVersionExA
0x409058 GetSystemTimeAsFileTime
0x40905c LCMapStringW
0x409060 CloseHandle
0x409064 GetFileType
0x409068 SetStdHandle
0x40906c GetStdHandle
0x409070 GetOEMCP
0x409074 TlsFree
0x409078 TerminateProcess
0x40907c TlsSetValue
0x409080 TlsGetValue
0x409084 WideCharToMultiByte
0x409088 ExitProcess
0x40908c FreeEnvironmentStringsW
0x409090 GetCurrentThreadId
0x409094 InterlockedDecrement
0x409098 WriteFile
0x40909c HeapCreate
0x4090a0 IsBadCodePtr
0x4090a4 SetUnhandledExceptionFilter
0x4090a8 GetStartupInfoA
0x4090ac GetEnvironmentStringsW
0x4090b0 GetTickCount
0x4090b4 GetStringTypeW
0x4090b8 FreeEnvironmentStringsA
0x4090bc GetModuleHandleA
0x4090c0 FlushFileBuffers
0x4090c4 SetLastError
0x4090c8 SetHandleCount
0x4090cc GetCommandLineA
0x4090d0 DeleteCriticalSection
0x4090d4 HeapDestroy
0x4090d8 SetFilePointer
0x4090dc MultiByteToWideChar
0x4090e0 GetCurrentProcess
0x4090e4 IsBadReadPtr
0x4090e8 LCMapStringA
0x4090ec GetEnvironmentVariableA
0x4090f0 HeapAlloc
user32.dll
0x4090f8 LoadStringW
0x4090fc KillTimer
0x409100 SetWindowPos
0x409104 SetWindowRgn
0x409108 ShowWindow
0x40910c CreateWindowExW
0x409110 RegisterClassW
0x409114 GetMonitorInfoW
0x409118 LoadAcceleratorsW
0x40911c LoadCursorW
0x409120 DefWindowProcW
0x409124 GetWindowRect
0x409128 PostQuitMessage
0x40912c LoadIconW
0x409130 PostMessageW
0x409134 OffsetRect
0x409138 EndPaint
0x40913c GetWindowLongW
0x409140 TranslateAcceleratorW
0x409144 AnimateWindow
0x409148 IsIconic
0x40914c BeginPaint
0x409150 GetMessageW
0x409154 MonitorFromWindow
0x409158 DispatchMessageW
0x40915c TranslateMessage
0x409160 SetTimer
GDI32.dll
0x409168 BitBlt
0x40916c CreateCompatibleDC
0x409170 DeleteObject
0x409174 CreateRoundRectRgn
IMM32.dll
0x40917c ImmGetContext
0x409180 ImmReleaseContext
MSIMG32.dll
0x409188 GradientFill
0x40918c AlphaBlend
ole32.dll
0x409194 DoDragDrop
SHELL32.dll
0x40919c DragFinish
0x4091a0 DragAcceptFiles
WINMM.dll
0x4091a8 PlaySoundW
WInspoOl.drV
0x4091b0 DocumentPropertiesW
EAT(Export Address Table) is none