ScreenShot
Created | 2021.10.26 13:44 | Machine | s1_win7_x6403 |
Filename | vpn.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score | Not founds | Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | 2 detected (AdExpertsMedia) | ||
md5 | 4dd57eb8ea614ca43e679abeaf5351bf | ||
sha256 | 90344efa69152166a3f894cbd0a41640a6bbbe9053a80585d2e98906ff74f44b | ||
ssdeep | 393216:+fAlhvR8PZ5ECts3Rztsr5PSL0g7+Pgkt7/7xU5:rlhv2O1tfZi7/FG | ||
imphash | 483f0c4259a9148c34961abbda6146c1 | ||
impfuzzy | 96:oc94A5TNO0MHYIp1rLAS1GXg6ioDwPOQD:oc7NA/31wVsPOQD |
Network IP location
Signature (8cnts)
Level | Description |
---|---|
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
notice | Creates executable files on the filesystem |
notice | Drops an executable to the user AppData folder |
notice | File has been identified by 2 AntiVirus engines on VirusTotal as malicious |
notice | Queries for potentially installed applications |
info | Checks if process is being debugged by a debugger |
info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (16cnts)
Level | Name | Description | Collection |
---|---|---|---|
danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (download) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
watch | UPX_Zero | UPX packed file | binaries (download) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsDLL | (no description) | binaries (download) |
info | IsPE32 | (no description) | binaries (download) |
info | IsPE32 | (no description) | binaries (upload) |
info | IsPE64 | (no description) | binaries (download) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
info | PE_Header_Zero | PE File Signature | binaries (download) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
info | PNG_Format_Zero | PNG Format | binaries (download) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
oleaut32.dll
0x41e350 SysFreeString
0x41e354 SysReAllocStringLen
0x41e358 SysAllocStringLen
advapi32.dll
0x41e360 RegQueryValueExW
0x41e364 RegOpenKeyExW
0x41e368 RegCloseKey
user32.dll
0x41e370 GetKeyboardType
0x41e374 LoadStringW
0x41e378 MessageBoxA
0x41e37c CharNextW
kernel32.dll
0x41e384 GetACP
0x41e388 Sleep
0x41e38c VirtualFree
0x41e390 VirtualAlloc
0x41e394 GetSystemInfo
0x41e398 GetTickCount
0x41e39c QueryPerformanceCounter
0x41e3a0 GetVersion
0x41e3a4 GetCurrentThreadId
0x41e3a8 VirtualQuery
0x41e3ac WideCharToMultiByte
0x41e3b0 MultiByteToWideChar
0x41e3b4 lstrlenW
0x41e3b8 lstrcpynW
0x41e3bc LoadLibraryExW
0x41e3c0 GetThreadLocale
0x41e3c4 GetStartupInfoA
0x41e3c8 GetProcAddress
0x41e3cc GetModuleHandleW
0x41e3d0 GetModuleFileNameW
0x41e3d4 GetLocaleInfoW
0x41e3d8 GetCommandLineW
0x41e3dc FreeLibrary
0x41e3e0 FindFirstFileW
0x41e3e4 FindClose
0x41e3e8 ExitProcess
0x41e3ec WriteFile
0x41e3f0 UnhandledExceptionFilter
0x41e3f4 RtlUnwind
0x41e3f8 RaiseException
0x41e3fc GetStdHandle
0x41e400 CloseHandle
kernel32.dll
0x41e408 TlsSetValue
0x41e40c TlsGetValue
0x41e410 LocalAlloc
0x41e414 GetModuleHandleW
user32.dll
0x41e41c CreateWindowExW
0x41e420 TranslateMessage
0x41e424 SetWindowLongW
0x41e428 PeekMessageW
0x41e42c MsgWaitForMultipleObjects
0x41e430 MessageBoxW
0x41e434 LoadStringW
0x41e438 GetSystemMetrics
0x41e43c ExitWindowsEx
0x41e440 DispatchMessageW
0x41e444 DestroyWindow
0x41e448 CharUpperBuffW
0x41e44c CallWindowProcW
kernel32.dll
0x41e454 WriteFile
0x41e458 WideCharToMultiByte
0x41e45c WaitForSingleObject
0x41e460 VirtualQuery
0x41e464 VirtualProtect
0x41e468 VirtualFree
0x41e46c VirtualAlloc
0x41e470 SizeofResource
0x41e474 SignalObjectAndWait
0x41e478 SetLastError
0x41e47c SetFilePointer
0x41e480 SetEvent
0x41e484 SetErrorMode
0x41e488 SetEndOfFile
0x41e48c ResetEvent
0x41e490 RemoveDirectoryW
0x41e494 ReadFile
0x41e498 MultiByteToWideChar
0x41e49c LockResource
0x41e4a0 LoadResource
0x41e4a4 LoadLibraryW
0x41e4a8 LeaveCriticalSection
0x41e4ac InitializeCriticalSection
0x41e4b0 GetWindowsDirectoryW
0x41e4b4 GetVersionExW
0x41e4b8 GetUserDefaultLangID
0x41e4bc GetThreadLocale
0x41e4c0 GetSystemInfo
0x41e4c4 GetStdHandle
0x41e4c8 GetProcAddress
0x41e4cc GetModuleHandleW
0x41e4d0 GetModuleFileNameW
0x41e4d4 GetLocaleInfoW
0x41e4d8 GetLocalTime
0x41e4dc GetLastError
0x41e4e0 GetFullPathNameW
0x41e4e4 GetFileSize
0x41e4e8 GetFileAttributesW
0x41e4ec GetExitCodeProcess
0x41e4f0 GetEnvironmentVariableW
0x41e4f4 GetDiskFreeSpaceW
0x41e4f8 GetDateFormatW
0x41e4fc GetCurrentProcess
0x41e500 GetCommandLineW
0x41e504 GetCPInfo
0x41e508 InterlockedExchange
0x41e50c InterlockedCompareExchange
0x41e510 FreeLibrary
0x41e514 FormatMessageW
0x41e518 FindResourceW
0x41e51c EnumCalendarInfoW
0x41e520 EnterCriticalSection
0x41e524 DeleteFileW
0x41e528 DeleteCriticalSection
0x41e52c CreateProcessW
0x41e530 CreateFileW
0x41e534 CreateEventW
0x41e538 CreateDirectoryW
0x41e53c CompareStringW
0x41e540 CloseHandle
advapi32.dll
0x41e548 RegQueryValueExW
0x41e54c RegOpenKeyExW
0x41e550 RegCloseKey
0x41e554 OpenProcessToken
0x41e558 LookupPrivilegeValueW
comctl32.dll
0x41e560 InitCommonControls
kernel32.dll
0x41e568 Sleep
advapi32.dll
0x41e570 AdjustTokenPrivileges
oleaut32.dll
0x41e578 SafeArrayPtrOfIndex
0x41e57c SafeArrayGetUBound
0x41e580 SafeArrayGetLBound
0x41e584 SafeArrayCreate
0x41e588 VariantChangeType
0x41e58c VariantCopy
0x41e590 VariantClear
0x41e594 VariantInit
EAT(Export Address Table) is none
oleaut32.dll
0x41e350 SysFreeString
0x41e354 SysReAllocStringLen
0x41e358 SysAllocStringLen
advapi32.dll
0x41e360 RegQueryValueExW
0x41e364 RegOpenKeyExW
0x41e368 RegCloseKey
user32.dll
0x41e370 GetKeyboardType
0x41e374 LoadStringW
0x41e378 MessageBoxA
0x41e37c CharNextW
kernel32.dll
0x41e384 GetACP
0x41e388 Sleep
0x41e38c VirtualFree
0x41e390 VirtualAlloc
0x41e394 GetSystemInfo
0x41e398 GetTickCount
0x41e39c QueryPerformanceCounter
0x41e3a0 GetVersion
0x41e3a4 GetCurrentThreadId
0x41e3a8 VirtualQuery
0x41e3ac WideCharToMultiByte
0x41e3b0 MultiByteToWideChar
0x41e3b4 lstrlenW
0x41e3b8 lstrcpynW
0x41e3bc LoadLibraryExW
0x41e3c0 GetThreadLocale
0x41e3c4 GetStartupInfoA
0x41e3c8 GetProcAddress
0x41e3cc GetModuleHandleW
0x41e3d0 GetModuleFileNameW
0x41e3d4 GetLocaleInfoW
0x41e3d8 GetCommandLineW
0x41e3dc FreeLibrary
0x41e3e0 FindFirstFileW
0x41e3e4 FindClose
0x41e3e8 ExitProcess
0x41e3ec WriteFile
0x41e3f0 UnhandledExceptionFilter
0x41e3f4 RtlUnwind
0x41e3f8 RaiseException
0x41e3fc GetStdHandle
0x41e400 CloseHandle
kernel32.dll
0x41e408 TlsSetValue
0x41e40c TlsGetValue
0x41e410 LocalAlloc
0x41e414 GetModuleHandleW
user32.dll
0x41e41c CreateWindowExW
0x41e420 TranslateMessage
0x41e424 SetWindowLongW
0x41e428 PeekMessageW
0x41e42c MsgWaitForMultipleObjects
0x41e430 MessageBoxW
0x41e434 LoadStringW
0x41e438 GetSystemMetrics
0x41e43c ExitWindowsEx
0x41e440 DispatchMessageW
0x41e444 DestroyWindow
0x41e448 CharUpperBuffW
0x41e44c CallWindowProcW
kernel32.dll
0x41e454 WriteFile
0x41e458 WideCharToMultiByte
0x41e45c WaitForSingleObject
0x41e460 VirtualQuery
0x41e464 VirtualProtect
0x41e468 VirtualFree
0x41e46c VirtualAlloc
0x41e470 SizeofResource
0x41e474 SignalObjectAndWait
0x41e478 SetLastError
0x41e47c SetFilePointer
0x41e480 SetEvent
0x41e484 SetErrorMode
0x41e488 SetEndOfFile
0x41e48c ResetEvent
0x41e490 RemoveDirectoryW
0x41e494 ReadFile
0x41e498 MultiByteToWideChar
0x41e49c LockResource
0x41e4a0 LoadResource
0x41e4a4 LoadLibraryW
0x41e4a8 LeaveCriticalSection
0x41e4ac InitializeCriticalSection
0x41e4b0 GetWindowsDirectoryW
0x41e4b4 GetVersionExW
0x41e4b8 GetUserDefaultLangID
0x41e4bc GetThreadLocale
0x41e4c0 GetSystemInfo
0x41e4c4 GetStdHandle
0x41e4c8 GetProcAddress
0x41e4cc GetModuleHandleW
0x41e4d0 GetModuleFileNameW
0x41e4d4 GetLocaleInfoW
0x41e4d8 GetLocalTime
0x41e4dc GetLastError
0x41e4e0 GetFullPathNameW
0x41e4e4 GetFileSize
0x41e4e8 GetFileAttributesW
0x41e4ec GetExitCodeProcess
0x41e4f0 GetEnvironmentVariableW
0x41e4f4 GetDiskFreeSpaceW
0x41e4f8 GetDateFormatW
0x41e4fc GetCurrentProcess
0x41e500 GetCommandLineW
0x41e504 GetCPInfo
0x41e508 InterlockedExchange
0x41e50c InterlockedCompareExchange
0x41e510 FreeLibrary
0x41e514 FormatMessageW
0x41e518 FindResourceW
0x41e51c EnumCalendarInfoW
0x41e520 EnterCriticalSection
0x41e524 DeleteFileW
0x41e528 DeleteCriticalSection
0x41e52c CreateProcessW
0x41e530 CreateFileW
0x41e534 CreateEventW
0x41e538 CreateDirectoryW
0x41e53c CompareStringW
0x41e540 CloseHandle
advapi32.dll
0x41e548 RegQueryValueExW
0x41e54c RegOpenKeyExW
0x41e550 RegCloseKey
0x41e554 OpenProcessToken
0x41e558 LookupPrivilegeValueW
comctl32.dll
0x41e560 InitCommonControls
kernel32.dll
0x41e568 Sleep
advapi32.dll
0x41e570 AdjustTokenPrivileges
oleaut32.dll
0x41e578 SafeArrayPtrOfIndex
0x41e57c SafeArrayGetUBound
0x41e580 SafeArrayGetLBound
0x41e584 SafeArrayCreate
0x41e588 VariantChangeType
0x41e58c VariantCopy
0x41e590 VariantClear
0x41e594 VariantInit
EAT(Export Address Table) is none