ScreenShot
| Created | 2021.11.03 17:07 | Machine | s1_win7_x6403 |
| Filename | autosubplayer.exe | ||
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer sel | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 22 detected (malicious, high confidence, Wdfload, Bundler, NSIS, Bitser, Eldorado, PSRunner, CLASSIC, aguec, AGEN, Sabsik, ai score=85, Static AI, Malicious PE, DropperX) | ||
| md5 | f4519ce450e18f453ace6c4b565cae94 | ||
| sha256 | 2d71096d187e669f6e659ac8cd282d169c24398674ab18dbd1d0830d7064a923 | ||
| ssdeep | 393216:tH2K8pmN67Uy1HtliElBA2Ha+bNmaSq6h8d:tH2K8pmN67UGNlXle5+bM+ | ||
| imphash | ffe3cc63e5a1efb4d2f4cc004c584646 | ||
| impfuzzy | 48:vWjfE8uNOTtgaJ2pj4kOBXEG9del1xEl/1/6U0Tha8ESvS55w4yo4RVOtrF8tLQ5:vEQetgy2pjl6/7Ow | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x42d320 RegCloseKey
0x42d324 RegCreateKeyExA
0x42d328 RegDeleteKeyA
0x42d32c RegDeleteValueA
0x42d330 RegEnumKeyA
0x42d334 RegEnumValueA
0x42d338 RegOpenKeyExA
0x42d33c RegQueryValueExA
0x42d340 RegSetValueExA
0x42d344 SetFileSecurityA
COMCTL32.DLL
0x42d34c ImageList_AddMasked
0x42d350 ImageList_Create
0x42d354 ImageList_Destroy
0x42d358 InitCommonControls
GDI32.dll
0x42d360 CreateBrushIndirect
0x42d364 CreateFontIndirectA
0x42d368 DeleteObject
0x42d36c GetDeviceCaps
0x42d370 SelectObject
0x42d374 SetBkColor
0x42d378 SetBkMode
0x42d37c SetTextColor
KERNEL32.dll
0x42d384 CloseHandle
0x42d388 CompareFileTime
0x42d38c CopyFileA
0x42d390 CreateDirectoryA
0x42d394 CreateFileA
0x42d398 CreateProcessA
0x42d39c CreateThread
0x42d3a0 DeleteFileA
0x42d3a4 ExitProcess
0x42d3a8 ExpandEnvironmentStringsA
0x42d3ac FindClose
0x42d3b0 FindFirstFileA
0x42d3b4 FindNextFileA
0x42d3b8 FreeLibrary
0x42d3bc GetCommandLineA
0x42d3c0 GetCurrentProcess
0x42d3c4 GetDiskFreeSpaceA
0x42d3c8 GetExitCodeProcess
0x42d3cc GetFileAttributesA
0x42d3d0 GetFileSize
0x42d3d4 GetFullPathNameA
0x42d3d8 GetLastError
0x42d3dc GetModuleFileNameA
0x42d3e0 GetModuleHandleA
0x42d3e4 GetPrivateProfileStringA
0x42d3e8 GetProcAddress
0x42d3ec GetShortPathNameA
0x42d3f0 GetSystemDirectoryA
0x42d3f4 GetTempFileNameA
0x42d3f8 GetTempPathA
0x42d3fc GetTickCount
0x42d400 GetVersion
0x42d404 GetWindowsDirectoryA
0x42d408 GlobalAlloc
0x42d40c GlobalFree
0x42d410 GlobalLock
0x42d414 GlobalUnlock
0x42d418 LoadLibraryA
0x42d41c LoadLibraryExA
0x42d420 MoveFileA
0x42d424 MulDiv
0x42d428 MultiByteToWideChar
0x42d42c ReadFile
0x42d430 RemoveDirectoryA
0x42d434 SearchPathA
0x42d438 SetCurrentDirectoryA
0x42d43c SetErrorMode
0x42d440 SetFileAttributesA
0x42d444 SetFilePointer
0x42d448 SetFileTime
0x42d44c Sleep
0x42d450 WaitForSingleObject
0x42d454 WriteFile
0x42d458 WritePrivateProfileStringA
0x42d45c lstrcatA
0x42d460 lstrcmpA
0x42d464 lstrcmpiA
0x42d468 lstrcpynA
0x42d46c lstrlenA
ole32.dll
0x42d474 CoCreateInstance
0x42d478 CoTaskMemFree
0x42d47c OleInitialize
0x42d480 OleUninitialize
SHELL32.dll
0x42d488 SHBrowseForFolderA
0x42d48c SHFileOperationA
0x42d490 SHGetFileInfoA
0x42d494 SHGetPathFromIDListA
0x42d498 SHGetSpecialFolderLocation
0x42d49c ShellExecuteA
USER32.dll
0x42d4a4 AppendMenuA
0x42d4a8 BeginPaint
0x42d4ac CallWindowProcA
0x42d4b0 CharNextA
0x42d4b4 CharPrevA
0x42d4b8 CheckDlgButton
0x42d4bc CloseClipboard
0x42d4c0 CreateDialogParamA
0x42d4c4 CreatePopupMenu
0x42d4c8 CreateWindowExA
0x42d4cc DefWindowProcA
0x42d4d0 DestroyWindow
0x42d4d4 DialogBoxParamA
0x42d4d8 DispatchMessageA
0x42d4dc DrawTextA
0x42d4e0 EmptyClipboard
0x42d4e4 EnableMenuItem
0x42d4e8 EnableWindow
0x42d4ec EndDialog
0x42d4f0 EndPaint
0x42d4f4 ExitWindowsEx
0x42d4f8 FillRect
0x42d4fc FindWindowExA
0x42d500 GetClassInfoA
0x42d504 GetClientRect
0x42d508 GetDC
0x42d50c GetDlgItem
0x42d510 GetDlgItemTextA
0x42d514 GetMessagePos
0x42d518 GetSysColor
0x42d51c GetSystemMenu
0x42d520 GetSystemMetrics
0x42d524 GetWindowLongA
0x42d528 GetWindowRect
0x42d52c InvalidateRect
0x42d530 IsWindow
0x42d534 IsWindowEnabled
0x42d538 IsWindowVisible
0x42d53c LoadBitmapA
0x42d540 LoadCursorA
0x42d544 LoadImageA
0x42d548 MessageBoxIndirectA
0x42d54c OpenClipboard
0x42d550 PeekMessageA
0x42d554 PostQuitMessage
0x42d558 RegisterClassA
0x42d55c ScreenToClient
0x42d560 SendMessageA
0x42d564 SendMessageTimeoutA
0x42d568 SetClassLongA
0x42d56c SetClipboardData
0x42d570 SetCursor
0x42d574 SetDlgItemTextA
0x42d578 SetForegroundWindow
0x42d57c SetTimer
0x42d580 SetWindowLongA
0x42d584 SetWindowPos
0x42d588 SetWindowTextA
0x42d58c ShowWindow
0x42d590 SystemParametersInfoA
0x42d594 TrackPopupMenu
0x42d598 wsprintfA
EAT(Export Address Table) is none
ADVAPI32.dll
0x42d320 RegCloseKey
0x42d324 RegCreateKeyExA
0x42d328 RegDeleteKeyA
0x42d32c RegDeleteValueA
0x42d330 RegEnumKeyA
0x42d334 RegEnumValueA
0x42d338 RegOpenKeyExA
0x42d33c RegQueryValueExA
0x42d340 RegSetValueExA
0x42d344 SetFileSecurityA
COMCTL32.DLL
0x42d34c ImageList_AddMasked
0x42d350 ImageList_Create
0x42d354 ImageList_Destroy
0x42d358 InitCommonControls
GDI32.dll
0x42d360 CreateBrushIndirect
0x42d364 CreateFontIndirectA
0x42d368 DeleteObject
0x42d36c GetDeviceCaps
0x42d370 SelectObject
0x42d374 SetBkColor
0x42d378 SetBkMode
0x42d37c SetTextColor
KERNEL32.dll
0x42d384 CloseHandle
0x42d388 CompareFileTime
0x42d38c CopyFileA
0x42d390 CreateDirectoryA
0x42d394 CreateFileA
0x42d398 CreateProcessA
0x42d39c CreateThread
0x42d3a0 DeleteFileA
0x42d3a4 ExitProcess
0x42d3a8 ExpandEnvironmentStringsA
0x42d3ac FindClose
0x42d3b0 FindFirstFileA
0x42d3b4 FindNextFileA
0x42d3b8 FreeLibrary
0x42d3bc GetCommandLineA
0x42d3c0 GetCurrentProcess
0x42d3c4 GetDiskFreeSpaceA
0x42d3c8 GetExitCodeProcess
0x42d3cc GetFileAttributesA
0x42d3d0 GetFileSize
0x42d3d4 GetFullPathNameA
0x42d3d8 GetLastError
0x42d3dc GetModuleFileNameA
0x42d3e0 GetModuleHandleA
0x42d3e4 GetPrivateProfileStringA
0x42d3e8 GetProcAddress
0x42d3ec GetShortPathNameA
0x42d3f0 GetSystemDirectoryA
0x42d3f4 GetTempFileNameA
0x42d3f8 GetTempPathA
0x42d3fc GetTickCount
0x42d400 GetVersion
0x42d404 GetWindowsDirectoryA
0x42d408 GlobalAlloc
0x42d40c GlobalFree
0x42d410 GlobalLock
0x42d414 GlobalUnlock
0x42d418 LoadLibraryA
0x42d41c LoadLibraryExA
0x42d420 MoveFileA
0x42d424 MulDiv
0x42d428 MultiByteToWideChar
0x42d42c ReadFile
0x42d430 RemoveDirectoryA
0x42d434 SearchPathA
0x42d438 SetCurrentDirectoryA
0x42d43c SetErrorMode
0x42d440 SetFileAttributesA
0x42d444 SetFilePointer
0x42d448 SetFileTime
0x42d44c Sleep
0x42d450 WaitForSingleObject
0x42d454 WriteFile
0x42d458 WritePrivateProfileStringA
0x42d45c lstrcatA
0x42d460 lstrcmpA
0x42d464 lstrcmpiA
0x42d468 lstrcpynA
0x42d46c lstrlenA
ole32.dll
0x42d474 CoCreateInstance
0x42d478 CoTaskMemFree
0x42d47c OleInitialize
0x42d480 OleUninitialize
SHELL32.dll
0x42d488 SHBrowseForFolderA
0x42d48c SHFileOperationA
0x42d490 SHGetFileInfoA
0x42d494 SHGetPathFromIDListA
0x42d498 SHGetSpecialFolderLocation
0x42d49c ShellExecuteA
USER32.dll
0x42d4a4 AppendMenuA
0x42d4a8 BeginPaint
0x42d4ac CallWindowProcA
0x42d4b0 CharNextA
0x42d4b4 CharPrevA
0x42d4b8 CheckDlgButton
0x42d4bc CloseClipboard
0x42d4c0 CreateDialogParamA
0x42d4c4 CreatePopupMenu
0x42d4c8 CreateWindowExA
0x42d4cc DefWindowProcA
0x42d4d0 DestroyWindow
0x42d4d4 DialogBoxParamA
0x42d4d8 DispatchMessageA
0x42d4dc DrawTextA
0x42d4e0 EmptyClipboard
0x42d4e4 EnableMenuItem
0x42d4e8 EnableWindow
0x42d4ec EndDialog
0x42d4f0 EndPaint
0x42d4f4 ExitWindowsEx
0x42d4f8 FillRect
0x42d4fc FindWindowExA
0x42d500 GetClassInfoA
0x42d504 GetClientRect
0x42d508 GetDC
0x42d50c GetDlgItem
0x42d510 GetDlgItemTextA
0x42d514 GetMessagePos
0x42d518 GetSysColor
0x42d51c GetSystemMenu
0x42d520 GetSystemMetrics
0x42d524 GetWindowLongA
0x42d528 GetWindowRect
0x42d52c InvalidateRect
0x42d530 IsWindow
0x42d534 IsWindowEnabled
0x42d538 IsWindowVisible
0x42d53c LoadBitmapA
0x42d540 LoadCursorA
0x42d544 LoadImageA
0x42d548 MessageBoxIndirectA
0x42d54c OpenClipboard
0x42d550 PeekMessageA
0x42d554 PostQuitMessage
0x42d558 RegisterClassA
0x42d55c ScreenToClient
0x42d560 SendMessageA
0x42d564 SendMessageTimeoutA
0x42d568 SetClassLongA
0x42d56c SetClipboardData
0x42d570 SetCursor
0x42d574 SetDlgItemTextA
0x42d578 SetForegroundWindow
0x42d57c SetTimer
0x42d580 SetWindowLongA
0x42d584 SetWindowPos
0x42d588 SetWindowTextA
0x42d58c ShowWindow
0x42d590 SystemParametersInfoA
0x42d594 TrackPopupMenu
0x42d598 wsprintfA
EAT(Export Address Table) is none