ScreenShot
Created | 2021.10.28 11:17 | Machine | s1_win7_x6401 |
Filename | 126808361.exe | ||
Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | 28 detected (malicious, high confidence, Fragtor, Unsafe, Save, Kryptik, HNCG, FileRepMalware, MultiPlug, BadFile, Generic ML PUA, ai score=81, kcloud, RedLine, score, Artemis, MachineLearning, Anomalous, 100%, Static AI, Malicious PE, ZexaF, 5KW@aSVbJHd, susgen) | ||
md5 | 8c957f8e5cc91f649891254901d6293c | ||
sha256 | c420ffaab541b742acd48873edeabb1c6eb77da5d6f681a5b0cde5f8a05ca05f | ||
ssdeep | 12288:S9ZYr+ZqaSl92B8pIvJkKPGUiPe+TulJb8HycygMN8W7s1gEPcJkI09y//Ccemta:SX6iqrWkKeUiPekogN2s7fI09y//cmg | ||
imphash | 835da68f7e7e29ef9a08f899d20e0925 | ||
impfuzzy | 24:8fCejrOov1lDIcLVr+X53XZxr9WNOqz2GMZO:8fCCaVc5KXlJeNOqz2GJ |
Network IP location
Signature (16cnts)
Level | Description |
---|---|
warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
watch | Collects information about installed applications |
watch | Communicates with host for which no DNS query was performed |
watch | Harvests credentials from local FTP client softwares |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
notice | One or more potentially interesting buffers were extracted |
notice | Queries for potentially installed applications |
notice | Steals private information from local Internet browsers |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
info | Checks amount of memory in system |
info | Checks if process is being debugged by a debugger |
info | One or more processes crashed |
info | Queries for the computername |
info | Tries to locate where the browsers are installed |
info | Uses Windows APIs to generate a cryptographic key |
Rules (2cnts)
Level | Name | Description | Collection |
---|---|---|---|
info | IsPE32 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x744130 DeleteCriticalSection
0x744134 EnterCriticalSection
0x744138 ExitProcess
0x74413c FindClose
0x744140 FindFirstFileA
0x744144 FindNextFileA
0x744148 FreeLibrary
0x74414c GetCommandLineA
0x744150 GetLastError
0x744154 GetModuleHandleA
0x744158 GetProcAddress
0x74415c InitializeCriticalSection
0x744160 LeaveCriticalSection
0x744164 LoadLibraryA
0x744168 SetUnhandledExceptionFilter
0x74416c TlsGetValue
0x744170 VirtualProtect
0x744174 VirtualQuery
msvcrt.dll
0x74417c _strdup
0x744180 _stricoll
msvcrt.dll
0x744188 __getmainargs
0x74418c __mb_cur_max
0x744190 __p__environ
0x744194 __p__fmode
0x744198 __set_app_type
0x74419c _cexit
0x7441a0 _errno
0x7441a4 _fmode
0x7441a8 _fpreset
0x7441ac _fullpath
0x7441b0 _iob
0x7441b4 _isctype
0x7441b8 _onexit
0x7441bc _pctype
0x7441c0 _setmode
0x7441c4 abort
0x7441c8 atexit
0x7441cc calloc
0x7441d0 free
0x7441d4 fwrite
0x7441d8 malloc
0x7441dc mbstowcs
0x7441e0 memcpy
0x7441e4 memset
0x7441e8 realloc
0x7441ec setlocale
0x7441f0 signal
0x7441f4 strcoll
0x7441f8 strcpy
0x7441fc strlen
0x744200 tolower
0x744204 vfprintf
0x744208 wcstombs
EAT(Export Address Table) is none
KERNEL32.dll
0x744130 DeleteCriticalSection
0x744134 EnterCriticalSection
0x744138 ExitProcess
0x74413c FindClose
0x744140 FindFirstFileA
0x744144 FindNextFileA
0x744148 FreeLibrary
0x74414c GetCommandLineA
0x744150 GetLastError
0x744154 GetModuleHandleA
0x744158 GetProcAddress
0x74415c InitializeCriticalSection
0x744160 LeaveCriticalSection
0x744164 LoadLibraryA
0x744168 SetUnhandledExceptionFilter
0x74416c TlsGetValue
0x744170 VirtualProtect
0x744174 VirtualQuery
msvcrt.dll
0x74417c _strdup
0x744180 _stricoll
msvcrt.dll
0x744188 __getmainargs
0x74418c __mb_cur_max
0x744190 __p__environ
0x744194 __p__fmode
0x744198 __set_app_type
0x74419c _cexit
0x7441a0 _errno
0x7441a4 _fmode
0x7441a8 _fpreset
0x7441ac _fullpath
0x7441b0 _iob
0x7441b4 _isctype
0x7441b8 _onexit
0x7441bc _pctype
0x7441c0 _setmode
0x7441c4 abort
0x7441c8 atexit
0x7441cc calloc
0x7441d0 free
0x7441d4 fwrite
0x7441d8 malloc
0x7441dc mbstowcs
0x7441e0 memcpy
0x7441e4 memset
0x7441e8 realloc
0x7441ec setlocale
0x7441f0 signal
0x7441f4 strcoll
0x7441f8 strcpy
0x7441fc strlen
0x744200 tolower
0x744204 vfprintf
0x744208 wcstombs
EAT(Export Address Table) is none