ScreenShot
| Created | 2022.01.19 17:29 | Machine | s1_win7_x6401 |
| Filename | beerpeer.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 9 detected (Unsafe, Malicious, score, Artemis, Sabsik, InvalidSig) | ||
| md5 | e7de72de8a439bab253a17638878f7d7 | ||
| sha256 | 8358b461769de91ad1414c00f051b9a8e05e4b8d2cf8e7dce082ce83210954e6 | ||
| ssdeep | 12288:lJETeg97VTD2RRaH+SYBXOukiOZODBxgTiXh29RWDO0iBkfeeoUP5HgNc:DETeg97VTyR20XrkiO8NK9ilRFrP5ANc | ||
| imphash | b9a369a0a99cf23534a5c6de0d57184d | ||
| impfuzzy | 48:etlOIy4BQ7OKZ0mTWJcgPL+ZrLt04Bht+x94FNkLK4:etlOPFjRWJcgPL+xLt04B72RLL | ||
Network IP location
Signature (18cnts)
| Level | Description |
|---|---|
| watch | A process attempted to delay the analysis task. |
| watch | Communicates with host for which no DNS query was performed |
| watch | Executes one or more WMI queries |
| watch | Installs itself for autorun at Windows startup |
| watch | The process powershell.exe wrote an executable file to disk |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a shortcut to an executable file |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | File has been identified by 9 AntiVirus engines on VirusTotal as malicious |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Collects information to fingerprint the system (MachineGuid |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | Lnk_Format_Zero | LNK Format | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1400da010 HeapSize
0x1400da018 MultiByteToWideChar
0x1400da020 Sleep
0x1400da028 GetTempPathA
0x1400da030 GetLastError
0x1400da038 CreateFileA
0x1400da040 LoadLibraryA
0x1400da048 HeapReAlloc
0x1400da050 CloseHandle
0x1400da058 RaiseException
0x1400da060 HeapAlloc
0x1400da068 DecodePointer
0x1400da070 GetProcAddress
0x1400da078 GetModuleHandleA
0x1400da080 GetCurrentProcessId
0x1400da088 GetProcessHeap
0x1400da090 FreeLibrary
0x1400da098 WideCharToMultiByte
0x1400da0a0 CreateProcessA
0x1400da0a8 Process32First
0x1400da0b0 CreateToolhelp32Snapshot
0x1400da0b8 Process32Next
0x1400da0c0 VirtualQuery
0x1400da0c8 SetEndOfFile
0x1400da0d0 CreateFileW
0x1400da0d8 SetStdHandle
0x1400da0e0 SetEnvironmentVariableW
0x1400da0e8 FreeEnvironmentStringsW
0x1400da0f0 CreateMutexA
0x1400da0f8 InitializeCriticalSectionEx
0x1400da100 PeekNamedPipe
0x1400da108 CreatePipe
0x1400da110 GetCurrentProcess
0x1400da118 SetLastError
0x1400da120 HeapFree
0x1400da128 DeleteCriticalSection
0x1400da130 ReadFile
0x1400da138 GetEnvironmentStringsW
0x1400da140 GetCommandLineW
0x1400da148 GetCommandLineA
0x1400da150 GetOEMCP
0x1400da158 GetACP
0x1400da160 IsValidCodePage
0x1400da168 FindNextFileW
0x1400da170 FindFirstFileExW
0x1400da178 FindClose
0x1400da180 GetTimeZoneInformation
0x1400da188 HeapQueryInformation
0x1400da190 GetFileAttributesExW
0x1400da198 CreateProcessW
0x1400da1a0 GetExitCodeProcess
0x1400da1a8 WaitForSingleObject
0x1400da1b0 DeleteFileW
0x1400da1b8 EnumSystemLocalesW
0x1400da1c0 GetUserDefaultLCID
0x1400da1c8 IsValidLocale
0x1400da1d0 GetLocaleInfoW
0x1400da1d8 LCMapStringW
0x1400da1e0 CompareStringW
0x1400da1e8 GetTimeFormatW
0x1400da1f0 GetDateFormatW
0x1400da1f8 GetConsoleOutputCP
0x1400da200 FlushFileBuffers
0x1400da208 GetFileSizeEx
0x1400da210 ReadConsoleW
0x1400da218 GetConsoleMode
0x1400da220 SetFilePointerEx
0x1400da228 WriteConsoleW
0x1400da230 GetStringTypeW
0x1400da238 InitializeSRWLock
0x1400da240 ReleaseSRWLockExclusive
0x1400da248 AcquireSRWLockExclusive
0x1400da250 EnterCriticalSection
0x1400da258 LeaveCriticalSection
0x1400da260 TryEnterCriticalSection
0x1400da268 GetCurrentThreadId
0x1400da270 EncodePointer
0x1400da278 LocalFree
0x1400da280 QueryPerformanceCounter
0x1400da288 GetSystemTimeAsFileTime
0x1400da290 GetModuleHandleW
0x1400da298 LCMapStringEx
0x1400da2a0 GetLocaleInfoEx
0x1400da2a8 CompareStringEx
0x1400da2b0 GetCPInfo
0x1400da2b8 RtlCaptureContext
0x1400da2c0 RtlLookupFunctionEntry
0x1400da2c8 RtlVirtualUnwind
0x1400da2d0 UnhandledExceptionFilter
0x1400da2d8 SetUnhandledExceptionFilter
0x1400da2e0 TerminateProcess
0x1400da2e8 IsProcessorFeaturePresent
0x1400da2f0 InitializeCriticalSectionAndSpinCount
0x1400da2f8 CreateEventW
0x1400da300 IsDebuggerPresent
0x1400da308 GetStartupInfoW
0x1400da310 InitializeSListHead
0x1400da318 OutputDebugStringW
0x1400da320 RtlUnwindEx
0x1400da328 RtlPcToFileHeader
0x1400da330 TlsAlloc
0x1400da338 TlsGetValue
0x1400da340 TlsSetValue
0x1400da348 TlsFree
0x1400da350 LoadLibraryExW
0x1400da358 GetModuleFileNameW
0x1400da360 GetModuleHandleExW
0x1400da368 CreateThread
0x1400da370 ExitThread
0x1400da378 FreeLibraryAndExitThread
0x1400da380 HeapValidate
0x1400da388 GetSystemInfo
0x1400da390 ExitProcess
0x1400da398 GetStdHandle
0x1400da3a0 WriteFile
0x1400da3a8 GetFileType
0x1400da3b0 RtlUnwind
USER32.dll
0x1400da3f0 GetDC
0x1400da3f8 GetSystemMetrics
0x1400da400 ReleaseDC
ADVAPI32.dll
0x1400da000 GetCurrentHwProfileA
ole32.dll
0x1400da4b8 CoInitializeEx
0x1400da4c0 CoInitializeSecurity
0x1400da4c8 CoCreateInstance
OLEAUT32.dll
0x1400da3c0 SysAllocStringByteLen
0x1400da3c8 SysFreeString
0x1400da3d0 VariantClear
0x1400da3d8 SysAllocString
0x1400da3e0 SysStringLen
gdiplus.dll
0x1400da460 GdipGetImageEncodersSize
0x1400da468 GdiplusStartup
0x1400da470 GdiplusShutdown
0x1400da478 GdipGetImageEncoders
0x1400da480 GdipCloneImage
0x1400da488 GdipFree
0x1400da490 GdipDisposeImage
0x1400da498 GdipCreateBitmapFromHBITMAP
0x1400da4a0 GdipAlloc
0x1400da4a8 GdipSaveImageToFile
WS2_32.dll
0x1400da410 gethostname
0x1400da418 connect
0x1400da420 socket
0x1400da428 send
0x1400da430 htons
0x1400da438 recv
0x1400da440 inet_addr
0x1400da448 WSAStartup
0x1400da450 closesocket
EAT(Export Address Table) is none
KERNEL32.dll
0x1400da010 HeapSize
0x1400da018 MultiByteToWideChar
0x1400da020 Sleep
0x1400da028 GetTempPathA
0x1400da030 GetLastError
0x1400da038 CreateFileA
0x1400da040 LoadLibraryA
0x1400da048 HeapReAlloc
0x1400da050 CloseHandle
0x1400da058 RaiseException
0x1400da060 HeapAlloc
0x1400da068 DecodePointer
0x1400da070 GetProcAddress
0x1400da078 GetModuleHandleA
0x1400da080 GetCurrentProcessId
0x1400da088 GetProcessHeap
0x1400da090 FreeLibrary
0x1400da098 WideCharToMultiByte
0x1400da0a0 CreateProcessA
0x1400da0a8 Process32First
0x1400da0b0 CreateToolhelp32Snapshot
0x1400da0b8 Process32Next
0x1400da0c0 VirtualQuery
0x1400da0c8 SetEndOfFile
0x1400da0d0 CreateFileW
0x1400da0d8 SetStdHandle
0x1400da0e0 SetEnvironmentVariableW
0x1400da0e8 FreeEnvironmentStringsW
0x1400da0f0 CreateMutexA
0x1400da0f8 InitializeCriticalSectionEx
0x1400da100 PeekNamedPipe
0x1400da108 CreatePipe
0x1400da110 GetCurrentProcess
0x1400da118 SetLastError
0x1400da120 HeapFree
0x1400da128 DeleteCriticalSection
0x1400da130 ReadFile
0x1400da138 GetEnvironmentStringsW
0x1400da140 GetCommandLineW
0x1400da148 GetCommandLineA
0x1400da150 GetOEMCP
0x1400da158 GetACP
0x1400da160 IsValidCodePage
0x1400da168 FindNextFileW
0x1400da170 FindFirstFileExW
0x1400da178 FindClose
0x1400da180 GetTimeZoneInformation
0x1400da188 HeapQueryInformation
0x1400da190 GetFileAttributesExW
0x1400da198 CreateProcessW
0x1400da1a0 GetExitCodeProcess
0x1400da1a8 WaitForSingleObject
0x1400da1b0 DeleteFileW
0x1400da1b8 EnumSystemLocalesW
0x1400da1c0 GetUserDefaultLCID
0x1400da1c8 IsValidLocale
0x1400da1d0 GetLocaleInfoW
0x1400da1d8 LCMapStringW
0x1400da1e0 CompareStringW
0x1400da1e8 GetTimeFormatW
0x1400da1f0 GetDateFormatW
0x1400da1f8 GetConsoleOutputCP
0x1400da200 FlushFileBuffers
0x1400da208 GetFileSizeEx
0x1400da210 ReadConsoleW
0x1400da218 GetConsoleMode
0x1400da220 SetFilePointerEx
0x1400da228 WriteConsoleW
0x1400da230 GetStringTypeW
0x1400da238 InitializeSRWLock
0x1400da240 ReleaseSRWLockExclusive
0x1400da248 AcquireSRWLockExclusive
0x1400da250 EnterCriticalSection
0x1400da258 LeaveCriticalSection
0x1400da260 TryEnterCriticalSection
0x1400da268 GetCurrentThreadId
0x1400da270 EncodePointer
0x1400da278 LocalFree
0x1400da280 QueryPerformanceCounter
0x1400da288 GetSystemTimeAsFileTime
0x1400da290 GetModuleHandleW
0x1400da298 LCMapStringEx
0x1400da2a0 GetLocaleInfoEx
0x1400da2a8 CompareStringEx
0x1400da2b0 GetCPInfo
0x1400da2b8 RtlCaptureContext
0x1400da2c0 RtlLookupFunctionEntry
0x1400da2c8 RtlVirtualUnwind
0x1400da2d0 UnhandledExceptionFilter
0x1400da2d8 SetUnhandledExceptionFilter
0x1400da2e0 TerminateProcess
0x1400da2e8 IsProcessorFeaturePresent
0x1400da2f0 InitializeCriticalSectionAndSpinCount
0x1400da2f8 CreateEventW
0x1400da300 IsDebuggerPresent
0x1400da308 GetStartupInfoW
0x1400da310 InitializeSListHead
0x1400da318 OutputDebugStringW
0x1400da320 RtlUnwindEx
0x1400da328 RtlPcToFileHeader
0x1400da330 TlsAlloc
0x1400da338 TlsGetValue
0x1400da340 TlsSetValue
0x1400da348 TlsFree
0x1400da350 LoadLibraryExW
0x1400da358 GetModuleFileNameW
0x1400da360 GetModuleHandleExW
0x1400da368 CreateThread
0x1400da370 ExitThread
0x1400da378 FreeLibraryAndExitThread
0x1400da380 HeapValidate
0x1400da388 GetSystemInfo
0x1400da390 ExitProcess
0x1400da398 GetStdHandle
0x1400da3a0 WriteFile
0x1400da3a8 GetFileType
0x1400da3b0 RtlUnwind
USER32.dll
0x1400da3f0 GetDC
0x1400da3f8 GetSystemMetrics
0x1400da400 ReleaseDC
ADVAPI32.dll
0x1400da000 GetCurrentHwProfileA
ole32.dll
0x1400da4b8 CoInitializeEx
0x1400da4c0 CoInitializeSecurity
0x1400da4c8 CoCreateInstance
OLEAUT32.dll
0x1400da3c0 SysAllocStringByteLen
0x1400da3c8 SysFreeString
0x1400da3d0 VariantClear
0x1400da3d8 SysAllocString
0x1400da3e0 SysStringLen
gdiplus.dll
0x1400da460 GdipGetImageEncodersSize
0x1400da468 GdiplusStartup
0x1400da470 GdiplusShutdown
0x1400da478 GdipGetImageEncoders
0x1400da480 GdipCloneImage
0x1400da488 GdipFree
0x1400da490 GdipDisposeImage
0x1400da498 GdipCreateBitmapFromHBITMAP
0x1400da4a0 GdipAlloc
0x1400da4a8 GdipSaveImageToFile
WS2_32.dll
0x1400da410 gethostname
0x1400da418 connect
0x1400da420 socket
0x1400da428 send
0x1400da430 htons
0x1400da438 recv
0x1400da440 inet_addr
0x1400da448 WSAStartup
0x1400da450 closesocket
EAT(Export Address Table) is none