ScreenShot
| Created | 2021.10.29 10:04 | Machine | s1_win7_x6403 |
| Filename | SilentClient.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 45 detected (malicious, high confidence, score, eyW@a4gRvybi, Tinukebot, Save, confidence, 100%, Attribute, HighConfidence, imioxc, zxgsr, Ymacco, Artemis, ai score=89, BScope, Unsafe, Hqcb, rL7QNc5YA, Static AI, Malicious PE, susgen, GdSda) | ||
| md5 | 2b0d06e1d3523e021ae6df87589d564c | ||
| sha256 | cb84a35408acc14d0f8f7bc08355938e79bd7f4c75c670d8a69ba33cdcdc5a3a | ||
| ssdeep | 1536:STD7B5Qk8cm22UofK84I9HuPX/32UYGeT7ebwlKQJJOIsWHKcdAblzC7Knj:KDYtUogIpuPvGUYGU7R8wTAblzAKj | ||
| imphash | a6694ce86cb966d240d1b48dd3372cc1 | ||
| impfuzzy | 48:UTCX2bS1jtulc+ppFRSCHjrzvzRLU4Ln6G5uIxXpKQwt8tsyziX4TEpjkLABq:ibS1jtulc+ppFVPFXACahsN | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40d03c lstrcpyA
0x40d040 CloseHandle
0x40d044 CreateThread
0x40d048 GetWindowsDirectoryA
0x40d04c HeapAlloc
0x40d050 GetProcAddress
0x40d054 GetFileSize
0x40d058 GetProcessHeap
0x40d05c CreateProcessA
0x40d060 CreateDirectoryA
0x40d064 CreateFileW
0x40d068 DecodePointer
0x40d06c WriteConsoleW
0x40d070 SetFilePointerEx
0x40d074 GetConsoleMode
0x40d078 GetConsoleCP
0x40d07c GetVersionExA
0x40d080 HeapReAlloc
0x40d084 HeapSize
0x40d088 GetStringTypeW
0x40d08c GetFileType
0x40d090 SetStdHandle
0x40d094 LCMapStringW
0x40d098 FreeEnvironmentStringsW
0x40d09c GetEnvironmentStringsW
0x40d0a0 GetCommandLineW
0x40d0a4 LoadLibraryA
0x40d0a8 TerminateThread
0x40d0ac CreateFileA
0x40d0b0 GetLastError
0x40d0b4 CopyFileA
0x40d0b8 Sleep
0x40d0bc lstrcatA
0x40d0c0 lstrcmpA
0x40d0c4 GetVolumeInformationA
0x40d0c8 WaitForSingleObject
0x40d0cc FindNextFileA
0x40d0d0 HeapFree
0x40d0d4 FindFirstFileA
0x40d0d8 FlushFileBuffers
0x40d0dc ReadFile
0x40d0e0 GetCommandLineA
0x40d0e4 GetCPInfo
0x40d0e8 GetOEMCP
0x40d0ec IsValidCodePage
0x40d0f0 FindFirstFileExA
0x40d0f4 FindClose
0x40d0f8 RaiseException
0x40d0fc QueryPerformanceCounter
0x40d100 GetCurrentProcessId
0x40d104 GetCurrentThreadId
0x40d108 GetSystemTimeAsFileTime
0x40d10c InitializeSListHead
0x40d110 IsDebuggerPresent
0x40d114 UnhandledExceptionFilter
0x40d118 SetUnhandledExceptionFilter
0x40d11c GetStartupInfoW
0x40d120 IsProcessorFeaturePresent
0x40d124 GetModuleHandleW
0x40d128 GetCurrentProcess
0x40d12c TerminateProcess
0x40d130 RtlUnwind
0x40d134 SetLastError
0x40d138 EnterCriticalSection
0x40d13c LeaveCriticalSection
0x40d140 DeleteCriticalSection
0x40d144 InitializeCriticalSectionAndSpinCount
0x40d148 TlsAlloc
0x40d14c TlsGetValue
0x40d150 TlsSetValue
0x40d154 TlsFree
0x40d158 FreeLibrary
0x40d15c LoadLibraryExW
0x40d160 GetStdHandle
0x40d164 WriteFile
0x40d168 GetModuleFileNameA
0x40d16c MultiByteToWideChar
0x40d170 WideCharToMultiByte
0x40d174 ExitProcess
0x40d178 GetModuleHandleExW
0x40d17c GetACP
USER32.dll
0x40d198 RealGetWindowClassA
0x40d19c PtInRect
0x40d1a0 MenuItemFromPoint
0x40d1a4 ChildWindowFromPoint
0x40d1a8 GetDesktopWindow
0x40d1ac FindWindowA
0x40d1b0 WindowFromPoint
0x40d1b4 GetWindow
0x40d1b8 GetWindowRect
0x40d1bc GetMenuItemID
0x40d1c0 GetDC
0x40d1c4 IsWindowVisible
0x40d1c8 PostMessageA
0x40d1cc ScreenToClient
0x40d1d0 PrintWindow
0x40d1d4 GetWindowPlacement
0x40d1d8 SetThreadDesktop
0x40d1dc wsprintfA
0x40d1e0 SetWindowLongA
0x40d1e4 GetWindowLongA
0x40d1e8 OpenDesktopA
0x40d1ec GetTopWindow
0x40d1f0 MoveWindow
0x40d1f4 SendMessageA
0x40d1f8 CreateDesktopA
0x40d1fc ReleaseDC
GDI32.dll
0x40d014 CreateCompatibleBitmap
0x40d018 SelectObject
0x40d01c CreateCompatibleDC
0x40d020 StretchBlt
0x40d024 GetDIBits
0x40d028 DeleteDC
0x40d02c SetStretchBltMode
0x40d030 DeleteObject
0x40d034 BitBlt
ADVAPI32.dll
0x40d000 RegQueryValueExA
0x40d004 RegSetValueExA
0x40d008 RegOpenKeyExA
0x40d00c RegCloseKey
SHELL32.dll
0x40d184 SHAppBarMessage
0x40d188 SHGetFolderPathA
SHLWAPI.dll
0x40d190 StrStrA
WS2_32.dll
0x40d204 recv
0x40d208 connect
0x40d20c socket
0x40d210 send
0x40d214 gethostbyname
0x40d218 htons
0x40d21c WSAStartup
EAT(Export Address Table) is none
KERNEL32.dll
0x40d03c lstrcpyA
0x40d040 CloseHandle
0x40d044 CreateThread
0x40d048 GetWindowsDirectoryA
0x40d04c HeapAlloc
0x40d050 GetProcAddress
0x40d054 GetFileSize
0x40d058 GetProcessHeap
0x40d05c CreateProcessA
0x40d060 CreateDirectoryA
0x40d064 CreateFileW
0x40d068 DecodePointer
0x40d06c WriteConsoleW
0x40d070 SetFilePointerEx
0x40d074 GetConsoleMode
0x40d078 GetConsoleCP
0x40d07c GetVersionExA
0x40d080 HeapReAlloc
0x40d084 HeapSize
0x40d088 GetStringTypeW
0x40d08c GetFileType
0x40d090 SetStdHandle
0x40d094 LCMapStringW
0x40d098 FreeEnvironmentStringsW
0x40d09c GetEnvironmentStringsW
0x40d0a0 GetCommandLineW
0x40d0a4 LoadLibraryA
0x40d0a8 TerminateThread
0x40d0ac CreateFileA
0x40d0b0 GetLastError
0x40d0b4 CopyFileA
0x40d0b8 Sleep
0x40d0bc lstrcatA
0x40d0c0 lstrcmpA
0x40d0c4 GetVolumeInformationA
0x40d0c8 WaitForSingleObject
0x40d0cc FindNextFileA
0x40d0d0 HeapFree
0x40d0d4 FindFirstFileA
0x40d0d8 FlushFileBuffers
0x40d0dc ReadFile
0x40d0e0 GetCommandLineA
0x40d0e4 GetCPInfo
0x40d0e8 GetOEMCP
0x40d0ec IsValidCodePage
0x40d0f0 FindFirstFileExA
0x40d0f4 FindClose
0x40d0f8 RaiseException
0x40d0fc QueryPerformanceCounter
0x40d100 GetCurrentProcessId
0x40d104 GetCurrentThreadId
0x40d108 GetSystemTimeAsFileTime
0x40d10c InitializeSListHead
0x40d110 IsDebuggerPresent
0x40d114 UnhandledExceptionFilter
0x40d118 SetUnhandledExceptionFilter
0x40d11c GetStartupInfoW
0x40d120 IsProcessorFeaturePresent
0x40d124 GetModuleHandleW
0x40d128 GetCurrentProcess
0x40d12c TerminateProcess
0x40d130 RtlUnwind
0x40d134 SetLastError
0x40d138 EnterCriticalSection
0x40d13c LeaveCriticalSection
0x40d140 DeleteCriticalSection
0x40d144 InitializeCriticalSectionAndSpinCount
0x40d148 TlsAlloc
0x40d14c TlsGetValue
0x40d150 TlsSetValue
0x40d154 TlsFree
0x40d158 FreeLibrary
0x40d15c LoadLibraryExW
0x40d160 GetStdHandle
0x40d164 WriteFile
0x40d168 GetModuleFileNameA
0x40d16c MultiByteToWideChar
0x40d170 WideCharToMultiByte
0x40d174 ExitProcess
0x40d178 GetModuleHandleExW
0x40d17c GetACP
USER32.dll
0x40d198 RealGetWindowClassA
0x40d19c PtInRect
0x40d1a0 MenuItemFromPoint
0x40d1a4 ChildWindowFromPoint
0x40d1a8 GetDesktopWindow
0x40d1ac FindWindowA
0x40d1b0 WindowFromPoint
0x40d1b4 GetWindow
0x40d1b8 GetWindowRect
0x40d1bc GetMenuItemID
0x40d1c0 GetDC
0x40d1c4 IsWindowVisible
0x40d1c8 PostMessageA
0x40d1cc ScreenToClient
0x40d1d0 PrintWindow
0x40d1d4 GetWindowPlacement
0x40d1d8 SetThreadDesktop
0x40d1dc wsprintfA
0x40d1e0 SetWindowLongA
0x40d1e4 GetWindowLongA
0x40d1e8 OpenDesktopA
0x40d1ec GetTopWindow
0x40d1f0 MoveWindow
0x40d1f4 SendMessageA
0x40d1f8 CreateDesktopA
0x40d1fc ReleaseDC
GDI32.dll
0x40d014 CreateCompatibleBitmap
0x40d018 SelectObject
0x40d01c CreateCompatibleDC
0x40d020 StretchBlt
0x40d024 GetDIBits
0x40d028 DeleteDC
0x40d02c SetStretchBltMode
0x40d030 DeleteObject
0x40d034 BitBlt
ADVAPI32.dll
0x40d000 RegQueryValueExA
0x40d004 RegSetValueExA
0x40d008 RegOpenKeyExA
0x40d00c RegCloseKey
SHELL32.dll
0x40d184 SHAppBarMessage
0x40d188 SHGetFolderPathA
SHLWAPI.dll
0x40d190 StrStrA
WS2_32.dll
0x40d204 recv
0x40d208 connect
0x40d20c socket
0x40d210 send
0x40d214 gethostbyname
0x40d218 htons
0x40d21c WSAStartup
EAT(Export Address Table) is none