ScreenShot
| Created | 2021.10.27 09:28 | Machine | s1_win7_x6401 |
| Filename | cross2007.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 39 detected (Mikey, malicious, high confidence, Unsafe, confidence, Attribute, HighConfidence, Cryptoload, GenericRXJO, AGEN, ai score=84, Sabsik, score, R445611, BScope, Gasti, TechSupportScam, R002H0CJQ21, ZexaF, Jy0@a85p6Ypi, Genetic) | ||
| md5 | 2626a621fab10eec02e1c3dc2ab29361 | ||
| sha256 | 33c72f7177a297ca3c396a50c7ad4bb85d20693d8cdc2fbc26b979d1cf0bddd4 | ||
| ssdeep | 12288:GY7Lwe5zzrtK6HOWUGmuulkI7o8XEqxcAMR3D0oil4bUEpRzW3rd6b1PXpfQE8r1:G0Lwu3InErq3+P5IEj4D | ||
| imphash | 7276786446dd386310f1928814c93495 | ||
| impfuzzy | 96:9/DHyJs8vFjSLOa51tcUg9zPTwEfTMlqJNR:9Sm509TTwCTOcR | ||
Network IP location
Signature (17cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 39 AntiVirus engines on VirusTotal as malicious |
| watch | Created a process named as a common system process |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a suspicious process |
| notice | Executes one or more WMI queries |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Queries for potentially installed applications |
| notice | Terminates another process |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (8cnts) ?
Suricata ids
ET MALWARE CrownAdPro CnC Activity M3
ET MALWARE CrownAdPro CnC Activity M4
ET MALWARE CrownAdPro CnC Activity M1
ET MALWARE CrownAdPro CnC Activity M2
ET MALWARE CrownAdPro CnC Activity M5
ET MALWARE CrownAdPro CnC Activity M4
ET MALWARE CrownAdPro CnC Activity M1
ET MALWARE CrownAdPro CnC Activity M2
ET MALWARE CrownAdPro CnC Activity M5
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x46f084 GetCommandLineW
0x46f088 GetCommandLineA
0x46f08c SetEnvironmentVariableA
0x46f090 FreeEnvironmentStringsW
0x46f094 GetEnvironmentStringsW
0x46f098 GetOEMCP
0x46f09c IsValidCodePage
0x46f0a0 GetFullPathNameW
0x46f0a4 GetCurrentDirectoryW
0x46f0a8 SetStdHandle
0x46f0ac FlushFileBuffers
0x46f0b0 GetTimeZoneInformation
0x46f0b4 EnumSystemLocalesW
0x46f0b8 GetUserDefaultLCID
0x46f0bc IsValidLocale
0x46f0c0 GetFileAttributesExW
0x46f0c4 CreateProcessA
0x46f0c8 FindClose
0x46f0cc FindFirstFileExA
0x46f0d0 FindNextFileA
0x46f0d4 GetProcAddress
0x46f0d8 WriteConsoleW
0x46f0dc SetEndOfFile
0x46f0e0 VerifyVersionInfoW
0x46f0e4 WideCharToMultiByte
0x46f0e8 GetModuleHandleW
0x46f0ec GetProcessHeap
0x46f0f0 VerSetConditionMask
0x46f0f4 FindResourceW
0x46f0f8 LoadResource
0x46f0fc FindResourceExW
0x46f100 GetSystemInfo
0x46f104 GetExitCodeProcess
0x46f108 WaitForSingleObject
0x46f10c GetConsoleCP
0x46f110 ReadConsoleW
0x46f114 GetConsoleMode
0x46f118 GetACP
0x46f11c GetModuleFileNameA
0x46f120 WriteFile
0x46f124 HeapDestroy
0x46f128 DecodePointer
0x46f12c ExitProcess
0x46f130 FileTimeToSystemTime
0x46f134 SystemTimeToTzSpecificLocalTime
0x46f138 GetDriveTypeW
0x46f13c CreateFileW
0x46f140 SetFilePointerEx
0x46f144 GetModuleHandleExW
0x46f148 FreeLibraryAndExitThread
0x46f14c ExitThread
0x46f150 CreateThread
0x46f154 GetModuleFileNameW
0x46f158 LoadLibraryExW
0x46f15c RtlUnwind
0x46f160 InitializeSListHead
0x46f164 GetCurrentThreadId
0x46f168 GetCurrentProcessId
0x46f16c QueryPerformanceCounter
0x46f170 GetStartupInfoW
0x46f174 IsProcessorFeaturePresent
0x46f178 RaiseException
0x46f17c HeapReAlloc
0x46f180 LockResource
0x46f184 DeleteCriticalSection
0x46f188 GetLastError
0x46f18c Sleep
0x46f190 MultiByteToWideChar
0x46f194 HeapSize
0x46f198 TerminateProcess
0x46f19c GetCurrentProcess
0x46f1a0 SetUnhandledExceptionFilter
0x46f1a4 UnhandledExceptionFilter
0x46f1a8 ResetEvent
0x46f1ac SetEvent
0x46f1b0 ExpandEnvironmentStringsA
0x46f1b4 WaitForMultipleObjects
0x46f1b8 PeekNamedPipe
0x46f1bc ReadFile
0x46f1c0 SizeofResource
0x46f1c4 GetFileType
0x46f1c8 GetStdHandle
0x46f1cc WaitForSingleObjectEx
0x46f1d0 CloseHandle
0x46f1d4 FormatMessageA
0x46f1d8 VerifyVersionInfoA
0x46f1dc LoadLibraryA
0x46f1e0 GetModuleHandleA
0x46f1e4 GetSystemDirectoryA
0x46f1e8 SleepEx
0x46f1ec GetTickCount64
0x46f1f0 FreeLibrary
0x46f1f4 GetVersionExW
0x46f1f8 InitializeCriticalSectionEx
0x46f1fc HeapFree
0x46f200 OutputDebugStringW
0x46f204 HeapAlloc
0x46f208 IsDebuggerPresent
0x46f20c GetCPInfo
0x46f210 GetStringTypeW
0x46f214 GetLocaleInfoW
0x46f218 EnterCriticalSection
0x46f21c LeaveCriticalSection
0x46f220 EncodePointer
0x46f224 SetLastError
0x46f228 InitializeCriticalSectionAndSpinCount
0x46f22c CreateEventW
0x46f230 TlsAlloc
0x46f234 TlsGetValue
0x46f238 TlsSetValue
0x46f23c TlsFree
0x46f240 GetSystemTimeAsFileTime
0x46f244 CompareStringW
0x46f248 LCMapStringW
USER32.dll
0x46f274 LoadImageW
0x46f278 EndPaint
0x46f27c BeginPaint
0x46f280 GetWindowTextW
0x46f284 GetWindowTextLengthW
0x46f288 DefWindowProcW
0x46f28c GetSystemMenu
0x46f290 GetKeyState
0x46f294 PostMessageW
0x46f298 GetWindowRect
0x46f29c SetWindowPos
0x46f2a0 MessageBoxW
0x46f2a4 EnableMenuItem
0x46f2a8 GetDesktopWindow
0x46f2ac PostQuitMessage
0x46f2b0 GetClientRect
0x46f2b4 SetWindowLongW
0x46f2b8 LoadCursorW
0x46f2bc LoadIconW
0x46f2c0 TranslateMessage
0x46f2c4 MessageBoxA
0x46f2c8 RedrawWindow
0x46f2cc SetTimer
0x46f2d0 DispatchMessageW
0x46f2d4 ShowWindow
0x46f2d8 RegisterClassExW
0x46f2dc SetWindowTextW
0x46f2e0 SendMessageW
0x46f2e4 CreateWindowExW
0x46f2e8 GetMessageW
GDI32.dll
0x46f04c GetStockObject
0x46f050 BitBlt
0x46f054 SelectObject
0x46f058 CreateCompatibleDC
0x46f05c CreateFontW
0x46f060 SetTextColor
0x46f064 DeleteDC
0x46f068 TextOutA
0x46f06c SetBkMode
0x46f070 GetObjectW
0x46f074 SetBkColor
0x46f078 DeleteObject
0x46f07c ExtTextOutW
ADVAPI32.dll
0x46f000 SystemFunction036
0x46f004 CryptEncrypt
0x46f008 CryptImportKey
0x46f00c CryptDestroyKey
0x46f010 CryptDestroyHash
0x46f014 CryptHashData
0x46f018 CryptCreateHash
0x46f01c CryptGetHashParam
0x46f020 CryptGenRandom
0x46f024 CryptReleaseContext
0x46f028 CryptAcquireContextA
0x46f02c RegCloseKey
0x46f030 RegOpenKeyExW
0x46f034 RegQueryValueExW
SHELL32.dll
0x46f26c ShellExecuteW
RPCRT4.dll
0x46f264 UuidCreateSequential
NETAPI32.dll
0x46f250 NetApiBufferFree
0x46f254 NetWkstaGetInfo
WINMM.dll
0x46f2f0 PlaySoundW
COMCTL32.dll
0x46f03c InitCommonControlsEx
WS2_32.dll
0x46f33c WSAStartup
0x46f340 WSACleanup
0x46f344 WSAGetLastError
0x46f348 __WSAFDIsSet
0x46f34c select
0x46f350 WSASetLastError
0x46f354 recv
0x46f358 send
0x46f35c ind
0x46f360 closesocket
0x46f364 connect
0x46f368 getpeername
0x46f36c getsockname
0x46f370 getsockopt
0x46f374 htons
0x46f378 ntohs
0x46f37c setsockopt
0x46f380 WSAIoctl
0x46f384 getaddrinfo
0x46f388 freeaddrinfo
0x46f38c accept
0x46f390 listen
0x46f394 recvfrom
0x46f398 sendto
0x46f39c ioctlsocket
0x46f3a0 gethostname
0x46f3a4 htonl
0x46f3a8 ntohl
0x46f3ac socket
CRYPT32.dll
0x46f044 CertFreeCertificateContext
WLDAP32.dll
0x46f2f8 None
0x46f2fc None
0x46f300 None
0x46f304 None
0x46f308 None
0x46f30c None
0x46f310 None
0x46f314 None
0x46f318 None
0x46f31c None
0x46f320 None
0x46f324 None
0x46f328 None
0x46f32c None
0x46f330 None
0x46f334 None
Normaliz.dll
0x46f25c IdnToAscii
EAT(Export Address Table) is none
KERNEL32.dll
0x46f084 GetCommandLineW
0x46f088 GetCommandLineA
0x46f08c SetEnvironmentVariableA
0x46f090 FreeEnvironmentStringsW
0x46f094 GetEnvironmentStringsW
0x46f098 GetOEMCP
0x46f09c IsValidCodePage
0x46f0a0 GetFullPathNameW
0x46f0a4 GetCurrentDirectoryW
0x46f0a8 SetStdHandle
0x46f0ac FlushFileBuffers
0x46f0b0 GetTimeZoneInformation
0x46f0b4 EnumSystemLocalesW
0x46f0b8 GetUserDefaultLCID
0x46f0bc IsValidLocale
0x46f0c0 GetFileAttributesExW
0x46f0c4 CreateProcessA
0x46f0c8 FindClose
0x46f0cc FindFirstFileExA
0x46f0d0 FindNextFileA
0x46f0d4 GetProcAddress
0x46f0d8 WriteConsoleW
0x46f0dc SetEndOfFile
0x46f0e0 VerifyVersionInfoW
0x46f0e4 WideCharToMultiByte
0x46f0e8 GetModuleHandleW
0x46f0ec GetProcessHeap
0x46f0f0 VerSetConditionMask
0x46f0f4 FindResourceW
0x46f0f8 LoadResource
0x46f0fc FindResourceExW
0x46f100 GetSystemInfo
0x46f104 GetExitCodeProcess
0x46f108 WaitForSingleObject
0x46f10c GetConsoleCP
0x46f110 ReadConsoleW
0x46f114 GetConsoleMode
0x46f118 GetACP
0x46f11c GetModuleFileNameA
0x46f120 WriteFile
0x46f124 HeapDestroy
0x46f128 DecodePointer
0x46f12c ExitProcess
0x46f130 FileTimeToSystemTime
0x46f134 SystemTimeToTzSpecificLocalTime
0x46f138 GetDriveTypeW
0x46f13c CreateFileW
0x46f140 SetFilePointerEx
0x46f144 GetModuleHandleExW
0x46f148 FreeLibraryAndExitThread
0x46f14c ExitThread
0x46f150 CreateThread
0x46f154 GetModuleFileNameW
0x46f158 LoadLibraryExW
0x46f15c RtlUnwind
0x46f160 InitializeSListHead
0x46f164 GetCurrentThreadId
0x46f168 GetCurrentProcessId
0x46f16c QueryPerformanceCounter
0x46f170 GetStartupInfoW
0x46f174 IsProcessorFeaturePresent
0x46f178 RaiseException
0x46f17c HeapReAlloc
0x46f180 LockResource
0x46f184 DeleteCriticalSection
0x46f188 GetLastError
0x46f18c Sleep
0x46f190 MultiByteToWideChar
0x46f194 HeapSize
0x46f198 TerminateProcess
0x46f19c GetCurrentProcess
0x46f1a0 SetUnhandledExceptionFilter
0x46f1a4 UnhandledExceptionFilter
0x46f1a8 ResetEvent
0x46f1ac SetEvent
0x46f1b0 ExpandEnvironmentStringsA
0x46f1b4 WaitForMultipleObjects
0x46f1b8 PeekNamedPipe
0x46f1bc ReadFile
0x46f1c0 SizeofResource
0x46f1c4 GetFileType
0x46f1c8 GetStdHandle
0x46f1cc WaitForSingleObjectEx
0x46f1d0 CloseHandle
0x46f1d4 FormatMessageA
0x46f1d8 VerifyVersionInfoA
0x46f1dc LoadLibraryA
0x46f1e0 GetModuleHandleA
0x46f1e4 GetSystemDirectoryA
0x46f1e8 SleepEx
0x46f1ec GetTickCount64
0x46f1f0 FreeLibrary
0x46f1f4 GetVersionExW
0x46f1f8 InitializeCriticalSectionEx
0x46f1fc HeapFree
0x46f200 OutputDebugStringW
0x46f204 HeapAlloc
0x46f208 IsDebuggerPresent
0x46f20c GetCPInfo
0x46f210 GetStringTypeW
0x46f214 GetLocaleInfoW
0x46f218 EnterCriticalSection
0x46f21c LeaveCriticalSection
0x46f220 EncodePointer
0x46f224 SetLastError
0x46f228 InitializeCriticalSectionAndSpinCount
0x46f22c CreateEventW
0x46f230 TlsAlloc
0x46f234 TlsGetValue
0x46f238 TlsSetValue
0x46f23c TlsFree
0x46f240 GetSystemTimeAsFileTime
0x46f244 CompareStringW
0x46f248 LCMapStringW
USER32.dll
0x46f274 LoadImageW
0x46f278 EndPaint
0x46f27c BeginPaint
0x46f280 GetWindowTextW
0x46f284 GetWindowTextLengthW
0x46f288 DefWindowProcW
0x46f28c GetSystemMenu
0x46f290 GetKeyState
0x46f294 PostMessageW
0x46f298 GetWindowRect
0x46f29c SetWindowPos
0x46f2a0 MessageBoxW
0x46f2a4 EnableMenuItem
0x46f2a8 GetDesktopWindow
0x46f2ac PostQuitMessage
0x46f2b0 GetClientRect
0x46f2b4 SetWindowLongW
0x46f2b8 LoadCursorW
0x46f2bc LoadIconW
0x46f2c0 TranslateMessage
0x46f2c4 MessageBoxA
0x46f2c8 RedrawWindow
0x46f2cc SetTimer
0x46f2d0 DispatchMessageW
0x46f2d4 ShowWindow
0x46f2d8 RegisterClassExW
0x46f2dc SetWindowTextW
0x46f2e0 SendMessageW
0x46f2e4 CreateWindowExW
0x46f2e8 GetMessageW
GDI32.dll
0x46f04c GetStockObject
0x46f050 BitBlt
0x46f054 SelectObject
0x46f058 CreateCompatibleDC
0x46f05c CreateFontW
0x46f060 SetTextColor
0x46f064 DeleteDC
0x46f068 TextOutA
0x46f06c SetBkMode
0x46f070 GetObjectW
0x46f074 SetBkColor
0x46f078 DeleteObject
0x46f07c ExtTextOutW
ADVAPI32.dll
0x46f000 SystemFunction036
0x46f004 CryptEncrypt
0x46f008 CryptImportKey
0x46f00c CryptDestroyKey
0x46f010 CryptDestroyHash
0x46f014 CryptHashData
0x46f018 CryptCreateHash
0x46f01c CryptGetHashParam
0x46f020 CryptGenRandom
0x46f024 CryptReleaseContext
0x46f028 CryptAcquireContextA
0x46f02c RegCloseKey
0x46f030 RegOpenKeyExW
0x46f034 RegQueryValueExW
SHELL32.dll
0x46f26c ShellExecuteW
RPCRT4.dll
0x46f264 UuidCreateSequential
NETAPI32.dll
0x46f250 NetApiBufferFree
0x46f254 NetWkstaGetInfo
WINMM.dll
0x46f2f0 PlaySoundW
COMCTL32.dll
0x46f03c InitCommonControlsEx
WS2_32.dll
0x46f33c WSAStartup
0x46f340 WSACleanup
0x46f344 WSAGetLastError
0x46f348 __WSAFDIsSet
0x46f34c select
0x46f350 WSASetLastError
0x46f354 recv
0x46f358 send
0x46f35c ind
0x46f360 closesocket
0x46f364 connect
0x46f368 getpeername
0x46f36c getsockname
0x46f370 getsockopt
0x46f374 htons
0x46f378 ntohs
0x46f37c setsockopt
0x46f380 WSAIoctl
0x46f384 getaddrinfo
0x46f388 freeaddrinfo
0x46f38c accept
0x46f390 listen
0x46f394 recvfrom
0x46f398 sendto
0x46f39c ioctlsocket
0x46f3a0 gethostname
0x46f3a4 htonl
0x46f3a8 ntohl
0x46f3ac socket
CRYPT32.dll
0x46f044 CertFreeCertificateContext
WLDAP32.dll
0x46f2f8 None
0x46f2fc None
0x46f300 None
0x46f304 None
0x46f308 None
0x46f30c None
0x46f310 None
0x46f314 None
0x46f318 None
0x46f31c None
0x46f320 None
0x46f324 None
0x46f328 None
0x46f32c None
0x46f330 None
0x46f334 None
Normaliz.dll
0x46f25c IdnToAscii
EAT(Export Address Table) is none