ScreenShot
| Created | 2021.11.14 18:14 | Machine | s1_win7_x6401 |
| Filename | Client.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 39 detected (malicious, high confidence, score, Artemis, Save, Tinukebot, Eldorado, TinyNuke, Phqi, R002C0DKD21, Outbreak, djfco, ai score=84, R447462, BScope, Unsafe, CLASSIC, Static AI, Malicious PE, susgen, ZexaF, 3KW@aCf72Uni, TrojanX, confidence) | ||
| md5 | be5c1be0364b3ec5644e1ae66fb1438b | ||
| sha256 | 037a1190ff15e3ebf4a05b0bea403cf39a93209089894aa6d8cfb46e0e508cff | ||
| ssdeep | 12288:LiKrwWDNiieuuBDT/p0GrW5hnHh57Tkp1wRlZ+:n4zW5hnHh5nkp+RW | ||
| imphash | 30c6fecafd22fd830d6018c7ac5f43ea | ||
| impfuzzy | 24:mDoV+zbTnczNj7CJtZfEozSOK6bJ2plv27LOovbOQkv7rTezZHu9hZSuLjMqAM:03czwJtZ1zSl64pU63QulZSuxAM | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 39 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | One or more potentially interesting buffers were extracted |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x529000 GetProcAddress
0x529004 LoadLibraryA
0x529008 CreateFileA
0x52900c GetFileSize
0x529010 ReadFile
0x529014 CloseHandle
0x529018 Sleep
0x52901c TerminateProcess
0x529020 OpenProcess
0x529024 lstrcatA
0x529028 CreateToolhelp32Snapshot
0x52902c Process32First
0x529030 Process32Next
0x529034 EnterCriticalSection
0x529038 LeaveCriticalSection
0x52903c LocalAlloc
0x529040 lstrlenA
0x529044 WaitForSingleObject
0x529048 GetConsoleWindow
0x52904c ReadConsoleW
0x529050 DecodePointer
0x529054 FlushFileBuffers
0x529058 GetCurrentThreadId
0x52905c UnhandledExceptionFilter
0x529060 SetUnhandledExceptionFilter
0x529064 GetCurrentProcess
0x529068 IsProcessorFeaturePresent
0x52906c IsDebuggerPresent
0x529070 RaiseException
0x529074 MultiByteToWideChar
0x529078 WideCharToMultiByte
0x52907c GetLastError
0x529080 HeapAlloc
0x529084 HeapFree
0x529088 GetProcessHeap
0x52908c VirtualQuery
0x529090 FreeLibrary
0x529094 QueryPerformanceCounter
0x529098 GetCurrentProcessId
0x52909c GetSystemTimeAsFileTime
0x5290a0 InitializeSListHead
0x5290a4 GetStartupInfoW
0x5290a8 GetModuleHandleW
0x5290ac GetModuleFileNameW
0x5290b0 LoadLibraryExW
0x5290b4 InterlockedPushEntrySList
0x5290b8 InterlockedFlushSList
0x5290bc RtlUnwind
0x5290c0 SetLastError
0x5290c4 DeleteCriticalSection
0x5290c8 InitializeCriticalSectionAndSpinCount
0x5290cc TlsAlloc
0x5290d0 TlsGetValue
0x5290d4 TlsSetValue
0x5290d8 TlsFree
0x5290dc EncodePointer
0x5290e0 GetModuleHandleExW
0x5290e4 GetStdHandle
0x5290e8 WriteFile
0x5290ec ExitProcess
0x5290f0 GetCommandLineA
0x5290f4 GetCommandLineW
0x5290f8 HeapValidate
0x5290fc GetSystemInfo
0x529100 GetCurrentThread
0x529104 GetFileType
0x529108 OutputDebugStringW
0x52910c WriteConsoleW
0x529110 SetConsoleCtrlHandler
0x529114 FindClose
0x529118 FindFirstFileExW
0x52911c FindNextFileW
0x529120 IsValidCodePage
0x529124 GetACP
0x529128 GetOEMCP
0x52912c GetCPInfo
0x529130 GetEnvironmentStringsW
0x529134 FreeEnvironmentStringsW
0x529138 SetEnvironmentVariableW
0x52913c SetStdHandle
0x529140 GetStringTypeW
0x529144 GetLocaleInfoW
0x529148 IsValidLocale
0x52914c GetUserDefaultLCID
0x529150 EnumSystemLocalesW
0x529154 GetDateFormatW
0x529158 GetTimeFormatW
0x52915c CompareStringW
0x529160 LCMapStringW
0x529164 HeapReAlloc
0x529168 HeapSize
0x52916c HeapQueryInformation
0x529170 GetFileSizeEx
0x529174 SetFilePointerEx
0x529178 GetConsoleCP
0x52917c GetConsoleMode
0x529180 CreateFileW
USER32.dll
0x5291fc ShowWindow
EAT(Export Address Table) is none
KERNEL32.dll
0x529000 GetProcAddress
0x529004 LoadLibraryA
0x529008 CreateFileA
0x52900c GetFileSize
0x529010 ReadFile
0x529014 CloseHandle
0x529018 Sleep
0x52901c TerminateProcess
0x529020 OpenProcess
0x529024 lstrcatA
0x529028 CreateToolhelp32Snapshot
0x52902c Process32First
0x529030 Process32Next
0x529034 EnterCriticalSection
0x529038 LeaveCriticalSection
0x52903c LocalAlloc
0x529040 lstrlenA
0x529044 WaitForSingleObject
0x529048 GetConsoleWindow
0x52904c ReadConsoleW
0x529050 DecodePointer
0x529054 FlushFileBuffers
0x529058 GetCurrentThreadId
0x52905c UnhandledExceptionFilter
0x529060 SetUnhandledExceptionFilter
0x529064 GetCurrentProcess
0x529068 IsProcessorFeaturePresent
0x52906c IsDebuggerPresent
0x529070 RaiseException
0x529074 MultiByteToWideChar
0x529078 WideCharToMultiByte
0x52907c GetLastError
0x529080 HeapAlloc
0x529084 HeapFree
0x529088 GetProcessHeap
0x52908c VirtualQuery
0x529090 FreeLibrary
0x529094 QueryPerformanceCounter
0x529098 GetCurrentProcessId
0x52909c GetSystemTimeAsFileTime
0x5290a0 InitializeSListHead
0x5290a4 GetStartupInfoW
0x5290a8 GetModuleHandleW
0x5290ac GetModuleFileNameW
0x5290b0 LoadLibraryExW
0x5290b4 InterlockedPushEntrySList
0x5290b8 InterlockedFlushSList
0x5290bc RtlUnwind
0x5290c0 SetLastError
0x5290c4 DeleteCriticalSection
0x5290c8 InitializeCriticalSectionAndSpinCount
0x5290cc TlsAlloc
0x5290d0 TlsGetValue
0x5290d4 TlsSetValue
0x5290d8 TlsFree
0x5290dc EncodePointer
0x5290e0 GetModuleHandleExW
0x5290e4 GetStdHandle
0x5290e8 WriteFile
0x5290ec ExitProcess
0x5290f0 GetCommandLineA
0x5290f4 GetCommandLineW
0x5290f8 HeapValidate
0x5290fc GetSystemInfo
0x529100 GetCurrentThread
0x529104 GetFileType
0x529108 OutputDebugStringW
0x52910c WriteConsoleW
0x529110 SetConsoleCtrlHandler
0x529114 FindClose
0x529118 FindFirstFileExW
0x52911c FindNextFileW
0x529120 IsValidCodePage
0x529124 GetACP
0x529128 GetOEMCP
0x52912c GetCPInfo
0x529130 GetEnvironmentStringsW
0x529134 FreeEnvironmentStringsW
0x529138 SetEnvironmentVariableW
0x52913c SetStdHandle
0x529140 GetStringTypeW
0x529144 GetLocaleInfoW
0x529148 IsValidLocale
0x52914c GetUserDefaultLCID
0x529150 EnumSystemLocalesW
0x529154 GetDateFormatW
0x529158 GetTimeFormatW
0x52915c CompareStringW
0x529160 LCMapStringW
0x529164 HeapReAlloc
0x529168 HeapSize
0x52916c HeapQueryInformation
0x529170 GetFileSizeEx
0x529174 SetFilePointerEx
0x529178 GetConsoleCP
0x52917c GetConsoleMode
0x529180 CreateFileW
USER32.dll
0x5291fc ShowWindow
EAT(Export Address Table) is none