popup

Report - abb01.exe

Malicious Library UPX PE File OS Processor Check PE32
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.10.27 10:09 Machine s1_win7_x6403
Filename abb01.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
9
 Behavior Score
3.6
ZERO API file : clean
VT API (file) 43 detected (AIDetect, malware1, Noon, malicious, high confidence, score, Unsafe, Kryptik, Babar, Eldorado, Formbook, R002C0WJP21, Static AI, Malicious PE, brhtk, Fareit, 175TO8, Sabsik, ai score=85, Generic@ML, RDMK, bh6KbND3bkNLJnt+W7ISrg, GSUC, ZexaF, JqW@aatoScd, GdSda, confidence, susgen)
md5 05c21bf3df38d5b8365db71d94dbca37
sha256 776df245d497af81c0e57fb7ef763c8b08a623ea044da9d79aa3b381192f70e2
ssdeep 12288:ZgdncS3vl2J8aN/EYA3lxI51aU0xLNoSrdhBWaCBKzfgE9AdORCjdza:Zgdnc6l+8m/ER7I51aU0RKSrdjWaqKzB
imphash 50fa96e8bee8392937d77d1999426e98
impfuzzy 96:Kar/jfpbg7JRRt1VnqFelw3JGj+GV5+9Pasg/38KucRcLAob0KwDeWX:/ryHRt/l6Js+45cPasg/38HcRccNJ
  Network IP location

Signature (8cnts)

Level Description
danger File has been identified by 43 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
notice Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice Performs some HTTP requests
notice The binary likely contains encrypted or compressed data indicative of a packer
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
info The executable uses a known packer

Rules (5cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (37cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://www.7looks-mocha-totalbeauty.com/xzes/?Kdvl=N6kvuAW+pCGZGgyc93Dxm1bATb9xJ8kGsAh+h2nj/e1BNDsoH7tPsC1FoxTYrwS+AS0aA/4N&ndidbP=U48Ho
whois
JP SAKURA Internet Inc. 183.90.231.50 clean
http://www.coalitionloop.com/xzes/?Kdvl=sVc4hg8Nb35a1Qv00Jvuyl/wkeTMhydkmRbldsgA1PWAcLBgfFlJh6yqTVpSuz5X8HcTsuQ7&ndidbP=U48Ho
whois
US GOOGLE 142.250.199.115 clean
http://www.bestplacementconsultancy.com/xzes/?Kdvl=LjnthlTuvRl4J+3EIJ9NP1/gRJUgaULyYZVaExJaoM7uisdc1HZlEM0fi29oNoOz30dzFEUW&ndidbP=U48Ho
whois
US GOOGLE 34.102.136.180 clean
http://www.alphaore.com/xzes/?Kdvl=4eNc2sSPq0I3hKWHlTSoHHBaaA6Q4rCJrKGoZ0/NjQeIUxPu2TRevZPQl0/5uQYKhlbicKS0&ndidbP=U48Ho
whois
US AMAZON-AES 3.223.115.185 clean
http://www.punkidz.com/xzes/?Kdvl=rzqcJvjlgSW5Q0DcIIC8xd++pVURv744ENb9aTZyPenicGvfgL24Ud0ynRSTOJQXBUt7w4JB&ndidbP=U48Ho
whois
HK ICIDC NETWORK 156.234.182.39 clean
http://www.distressedthenblessed.com/xzes/?Kdvl=qta2XgKQK0sYIuKkmdNCsYOZQAr8lLiHkRPEQ6p0qzzA/zCHqYc5ezSCSmHJ8lrWarA+AXEj&ndidbP=U48Ho
whois
US UNIFIEDLAYER-AS-1 162.241.218.205 clean
http://www.theravewizards.com/xzes/?Kdvl=hsby6OIGcqifg7QfYLSyJdZ7YeDc2IcIgsU+0vl3XqAOvbSXWpzKVJM6PZuB2eHAu9gllUpH&ndidbP=U48Ho
whois
US NAMECHEAP-NET 198.54.117.215 clean
http://www.printyourdays.com/xzes/?Kdvl=WvVdSYazqKi8GE8+azEVjLioWRcomDeCwGXpfuOsOesbk9wXqWr6PQqFFZj71fIVZO7r9iJc&ndidbP=U48Ho
whois
US CLOUDFLARENET 172.67.156.13 clean
http://www.captekbrasil.com/xzes/?Kdvl=nm3KboQC3LfSgL/zvgWiiAhLuySCjSAIrKPwMPaNYLQTgNUrE1tMoNUDfMG3u5xrJqSESYJN&ndidbP=U48Ho
whois
US GOOGLE 34.102.136.180 clean
http://www.publiccoins.online/xzes/?Kdvl=VW6AQLcnjxoI7jrxDei1g2cODa3ue2eSFsZ4Bvo9DMyQyK8UAjcUFoPJ8IfPQZF1RDPYIp/Z&ndidbP=U48Ho
whois
US NAMECHEAP-NET 198.187.31.159 clean
http://www.xn--80akukchh.xn--80asehdb/xzes/?Kdvl=CYE3a7bRRPoZ8oLCQIn7MUnG5eL5n4hmaAvMM6ZOb9duInsoaLpTWfgE2J3oFykNq7tVuO80&ndidbP=U48Ho
whois
RU Jsc ru-center 195.24.68.30 clean
http://www.joannhydeyoga.com/xzes/?Kdvl=M74vbXcjuii9CfP4+YoAkrjESC9Z5XZA/+idMnJLcA1l+40jQcdiWeACfFgfibc/BPlrFTVI&ndidbP=U48Ho
whois
US CLOUDFLARENET 66.235.200.145 clean
www.xn--80akukchh.xn--80asehdb
whois
RU Jsc ru-center 195.24.68.30 clean
www.punkidz.com
whois
HK ICIDC NETWORK 156.234.182.39 clean
www.elsist.online
whois
Unknown clean
www.bestplacementconsultancy.com
whois
US GOOGLE 34.102.136.180 clean
www.coalitionloop.com
whois
US GOOGLE 142.250.199.115 clean
www.captekbrasil.com
whois
US GOOGLE 34.102.136.180 clean
www.publiccoins.online
whois
US NAMECHEAP-NET 198.187.31.159 clean
www.joannhydeyoga.com
whois
US CLOUDFLARENET 66.235.200.145 clean
www.alphaore.com
whois
US AMAZON-AES 3.223.115.185 clean
www.printyourdays.com
whois
US CLOUDFLARENET 104.21.48.190 clean
www.distressedthenblessed.com
whois
US UNIFIEDLAYER-AS-1 162.241.218.205 clean
www.theravewizards.com
whois
US NAMECHEAP-NET 198.54.117.210 clean
www.hcbg.online
whois
Unknown clean
www.7looks-mocha-totalbeauty.com
whois
JP SAKURA Internet Inc. 183.90.231.50 clean
198.54.117.218
whois
US NAMECHEAP-NET 198.54.117.218 mailcious
66.235.200.145
whois
US CLOUDFLARENET 66.235.200.145 mailcious
172.217.31.243
whois
US GOOGLE 172.217.31.243 clean
162.241.218.205
whois
US UNIFIEDLAYER-AS-1 162.241.218.205 malware
104.21.48.190
whois
US CLOUDFLARENET 104.21.48.190 clean
34.102.136.180
whois
US GOOGLE 34.102.136.180 mailcious
195.24.68.30
whois
RU Jsc ru-center 195.24.68.30 clean
156.234.182.39
whois
HK ICIDC NETWORK 156.234.182.39 clean
3.223.115.185
whois
US AMAZON-AES 3.223.115.185 mailcious
198.187.31.159
whois
US NAMECHEAP-NET 198.187.31.159 malware
183.90.231.50
whois
JP SAKURA Internet Inc. 183.90.231.50 clean

Suricata ids

ET MALWARE FormBook CnC Checkin (GET)

PE API

IAT(Import Address Table) Library

OPENGL32.dll
 0x4492f8 glGenTextures
 0x4492fc glBindTexture
 0x449300 glTexParameteri
 0x449304 glTexImage2D
 0x449308 glBegin
 0x44930c glArrayElement
KERNEL32.dll
 0x449108 GetStartupInfoA
 0x44910c GetCommandLineA
 0x449110 ExitProcess
 0x449114 HeapAlloc
 0x449118 HeapFree
 0x44911c TerminateProcess
 0x449120 RaiseException
 0x449124 HeapReAlloc
 0x449128 HeapSize
 0x44912c GetACP
 0x449130 GetTimeZoneInformation
 0x449134 UnhandledExceptionFilter
 0x449138 FreeEnvironmentStringsA
 0x44913c FreeEnvironmentStringsW
 0x449140 GetEnvironmentStrings
 0x449144 GetEnvironmentStringsW
 0x449148 SetHandleCount
 0x44914c GetStdHandle
 0x449150 GetFileType
 0x449154 HeapDestroy
 0x449158 HeapCreate
 0x44915c RtlUnwind
 0x449160 VirtualAlloc
 0x449164 IsBadWritePtr
 0x449168 SetUnhandledExceptionFilter
 0x44916c LCMapStringA
 0x449170 LCMapStringW
 0x449174 GetStringTypeA
 0x449178 GetStringTypeW
 0x44917c IsBadReadPtr
 0x449180 IsBadCodePtr
 0x449184 SetStdHandle
 0x449188 CompareStringA
 0x44918c CompareStringW
 0x449190 SetEnvironmentVariableA
 0x449194 FileTimeToLocalFileTime
 0x449198 GetProfileStringA
 0x44919c FileTimeToSystemTime
 0x4491a0 SetErrorMode
 0x4491a4 SystemTimeToFileTime
 0x4491a8 LocalFileTimeToFileTime
 0x4491ac GetFileSize
 0x4491b0 GetShortPathNameA
 0x4491b4 GetThreadLocale
 0x4491b8 GetStringTypeExA
 0x4491bc GetVolumeInformationA
 0x4491c0 FindFirstFileA
 0x4491c4 FindClose
 0x4491c8 DeleteFileA
 0x4491cc MoveFileA
 0x4491d0 SetEndOfFile
 0x4491d4 UnlockFile
 0x4491d8 LockFile
 0x4491dc FlushFileBuffers
 0x4491e0 SetFilePointer
 0x4491e4 WriteFile
 0x4491e8 ReadFile
 0x4491ec CreateFileA
 0x4491f0 GetCurrentProcess
 0x4491f4 DuplicateHandle
 0x4491f8 GetOEMCP
 0x4491fc GetCPInfo
 0x449200 GetProcessVersion
 0x449204 GetCurrentDirectoryA
 0x449208 TlsGetValue
 0x44920c LocalReAlloc
 0x449210 TlsSetValue
 0x449214 EnterCriticalSection
 0x449218 GlobalReAlloc
 0x44921c LeaveCriticalSection
 0x449220 TlsFree
 0x449224 GlobalHandle
 0x449228 DeleteCriticalSection
 0x44922c TlsAlloc
 0x449230 InitializeCriticalSection
 0x449234 LocalFree
 0x449238 LocalAlloc
 0x44923c SizeofResource
 0x449240 GlobalFlags
 0x449244 WideCharToMultiByte
 0x449248 InterlockedDecrement
 0x44924c InterlockedIncrement
 0x449250 MulDiv
 0x449254 SetLastError
 0x449258 MultiByteToWideChar
 0x44925c GetLastError
 0x449260 GetDiskFreeSpaceA
 0x449264 GetFileTime
 0x449268 SetFileTime
 0x44926c GetFullPathNameA
 0x449270 GetTempFileNameA
 0x449274 lstrcpynA
 0x449278 GetFileAttributesA
 0x44927c LoadLibraryA
 0x449280 FreeLibrary
 0x449284 GetVersion
 0x449288 lstrcatA
 0x44928c GlobalGetAtomNameA
 0x449290 GlobalFindAtomA
 0x449294 VirtualProtect
 0x449298 lstrcpyA
 0x44929c GetModuleHandleA
 0x4492a0 GetProcAddress
 0x4492a4 lstrlenA
 0x4492a8 WritePrivateProfileStringA
 0x4492ac GetPrivateProfileStringA
 0x4492b0 GetPrivateProfileIntA
 0x4492b4 GlobalAddAtomA
 0x4492b8 CloseHandle
 0x4492bc GetModuleFileNameA
 0x4492c0 GlobalAlloc
 0x4492c4 GlobalDeleteAtom
 0x4492c8 lstrcmpA
 0x4492cc lstrcmpiA
 0x4492d0 GetCurrentThread
 0x4492d4 GetCurrentThreadId
 0x4492d8 GlobalLock
 0x4492dc GlobalUnlock
 0x4492e0 GlobalFree
 0x4492e4 LockResource
 0x4492e8 FindResourceA
 0x4492ec LoadResource
 0x4492f0 VirtualFree
USER32.dll
 0x449328 AdjustWindowRectEx
 0x44932c GetSysColor
 0x449330 MapWindowPoints
 0x449334 LoadIconA
 0x449338 InvalidateRect
 0x44933c SetRectEmpty
 0x449340 LoadAcceleratorsA
 0x449344 TranslateAcceleratorA
 0x449348 ReleaseCapture
 0x44934c GetDesktopWindow
 0x449350 DestroyMenu
 0x449354 LoadMenuA
 0x449358 SetMenu
 0x44935c ReuseDDElParam
 0x449360 UnpackDDElParam
 0x449364 BringWindowToTop
 0x449368 ClientToScreen
 0x44936c GetWindowDC
 0x449370 BeginPaint
 0x449374 EndPaint
 0x449378 TabbedTextOutA
 0x44937c DrawTextA
 0x449380 GrayStringA
 0x449384 IsZoomed
 0x449388 PtInRect
 0x44938c SetParent
 0x449390 IsRectEmpty
 0x449394 AppendMenuA
 0x449398 DeleteMenu
 0x44939c GetSystemMenu
 0x4493a0 GetClassNameA
 0x4493a4 InsertMenuA
 0x4493a8 GetMenuStringA
 0x4493ac LoadCursorA
 0x4493b0 GetSysColorBrush
 0x4493b4 LoadStringA
 0x4493b8 DestroyIcon
 0x4493bc CharUpperA
 0x4493c0 SetTimer
 0x4493c4 KillTimer
 0x4493c8 WindowFromPoint
 0x4493cc SetRect
 0x4493d0 InflateRect
 0x4493d4 SetCapture
 0x4493d8 InvertRect
 0x4493dc GetDCEx
 0x4493e0 LockWindowUpdate
 0x4493e4 GetTopWindow
 0x4493e8 IsChild
 0x4493ec GetCapture
 0x4493f0 WinHelpA
 0x4493f4 GetClassInfoA
 0x4493f8 RegisterClassA
 0x4493fc GetMenu
 0x449400 GetMenuItemCount
 0x449404 GetSubMenu
 0x449408 GetMenuItemID
 0x44940c DefWindowProcA
 0x449410 CreateWindowExA
 0x449414 GetClassLongA
 0x449418 SetPropA
 0x44941c UnhookWindowsHookEx
 0x449420 GetPropA
 0x449424 CallWindowProcA
 0x449428 ScreenToClient
 0x44942c GetMessageTime
 0x449430 GetMessagePos
 0x449434 GetForegroundWindow
 0x449438 SetForegroundWindow
 0x44943c GetWindow
 0x449440 RegisterWindowMessageA
 0x449444 OffsetRect
 0x449448 IntersectRect
 0x44944c IsIconic
 0x449450 GetWindowPlacement
 0x449454 GetWindowRect
 0x449458 wsprintfA
 0x44945c SetFocus
 0x449460 ShowWindow
 0x449464 SetWindowPos
 0x449468 SetWindowLongA
 0x44946c GetDlgCtrlID
 0x449470 GetWindowTextLengthA
 0x449474 GetWindowTextA
 0x449478 SetWindowTextA
 0x44947c IsDialogMessageA
 0x449480 SendDlgItemMessageA
 0x449484 GetMenuCheckMarkDimensions
 0x449488 LoadBitmapA
 0x44948c GetMenuState
 0x449490 ModifyMenuA
 0x449494 SetMenuItemBitmaps
 0x449498 CheckMenuItem
 0x44949c EnableMenuItem
 0x4494a0 GetFocus
 0x4494a4 GetMessageA
 0x4494a8 TranslateMessage
 0x4494ac DispatchMessageA
 0x4494b0 GetKeyState
 0x4494b4 CallNextHookEx
 0x4494b8 ValidateRect
 0x4494bc IsWindowVisible
 0x4494c0 PeekMessageA
 0x4494c4 GetCursorPos
 0x4494c8 SetWindowsHookExA
 0x4494cc GetLastActivePopup
 0x4494d0 MessageBoxA
 0x4494d4 SetCursor
 0x4494d8 ShowOwnedPopups
 0x4494dc PostMessageA
 0x4494e0 PostQuitMessage
 0x4494e4 UpdateWindow
 0x4494e8 UnregisterClassA
 0x4494ec HideCaret
 0x4494f0 ShowCaret
 0x4494f4 ExcludeUpdateRgn
 0x4494f8 DrawFocusRect
 0x4494fc DefDlgProcA
 0x449500 CharNextA
 0x449504 GetNextDlgTabItem
 0x449508 EndDialog
 0x44950c GetActiveWindow
 0x449510 SetActiveWindow
 0x449514 IsWindow
 0x449518 GetSystemMetrics
 0x44951c CreateDialogIndirectParamA
 0x449520 DestroyWindow
 0x449524 GetParent
 0x449528 GetWindowLongA
 0x44952c GetDlgItem
 0x449530 IsWindowEnabled
 0x449534 SendMessageA
 0x449538 ReleaseDC
 0x44953c GetDC
 0x449540 EqualRect
 0x449544 DeferWindowPos
 0x449548 BeginDeferWindowPos
 0x44954c CopyRect
 0x449550 RemovePropA
 0x449554 EndDeferWindowPos
 0x449558 GetClientRect
 0x44955c FillRect
 0x449560 EnableWindow
 0x449564 IsWindowUnicode
 0x449568 SystemParametersInfoA
GDI32.dll
 0x449044 SetBkMode
 0x449048 SetMapMode
 0x44904c SetViewportOrgEx
 0x449050 OffsetViewportOrgEx
 0x449054 SetViewportExtEx
 0x449058 ScaleViewportExtEx
 0x44905c SetWindowExtEx
 0x449060 ScaleWindowExtEx
 0x449064 SelectClipRgn
 0x449068 ExcludeClipRect
 0x44906c IntersectClipRect
 0x449070 SetTextAlign
 0x449074 RestoreDC
 0x449078 GetDeviceCaps
 0x44907c CreateSolidBrush
 0x449080 CreatePatternBrush
 0x449084 PtVisible
 0x449088 RectVisible
 0x44908c TextOutA
 0x449090 ExtTextOutA
 0x449094 Escape
 0x449098 GetTextExtentPoint32A
 0x44909c GetTextMetricsA
 0x4490a0 StretchDIBits
 0x4490a4 GetCharWidthA
 0x4490a8 CreateFontA
 0x4490ac CreateFontIndirectA
 0x4490b0 PatBlt
 0x4490b4 SetRectRgn
 0x4490b8 CombineRgn
 0x4490bc CreateRectRgnIndirect
 0x4490c0 SaveDC
 0x4490c4 GetObjectA
 0x4490c8 SetBkColor
 0x4490cc SetTextColor
 0x4490d0 GetClipBox
 0x4490d4 CreateCompatibleBitmap
 0x4490d8 GetStockObject
 0x4490dc LineDDA
 0x4490e0 CreateBitmap
 0x4490e4 CreateCompatibleDC
 0x4490e8 SelectObject
 0x4490ec BitBlt
 0x4490f0 DeleteDC
 0x4490f4 CreateRectRgn
 0x4490f8 CreateDIBitmap
 0x4490fc GetTextExtentPointA
 0x449100 DeleteObject
comdlg32.dll
 0x449580 GetSaveFileNameA
 0x449584 GetFileTitleA
 0x449588 GetOpenFileNameA
WINSPOOL.DRV
 0x449570 OpenPrinterA
 0x449574 DocumentPropertiesA
 0x449578 ClosePrinter
ADVAPI32.dll
 0x449000 RegQueryValueExA
 0x449004 RegSetValueA
 0x449008 RegCreateKeyA
 0x44900c GetFileSecurityA
 0x449010 SetFileSecurityA
 0x449014 RegDeleteValueA
 0x449018 RegSetValueExA
 0x44901c RegQueryValueA
 0x449020 RegOpenKeyExA
 0x449024 RegCreateKeyExA
 0x449028 RegDeleteKeyA
 0x44902c RegOpenKeyA
 0x449030 RegEnumKeyA
 0x449034 RegCloseKey
SHELL32.dll
 0x449314 ExtractIconA
 0x449318 DragQueryFileA
 0x44931c DragFinish
 0x449320 SHGetFileInfoA
COMCTL32.dll
 0x44903c None

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure