ScreenShot
| Created | 2022.01.20 10:41 | Machine | s1_win7_x6403 |
| Filename | images.pdf | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 23 detected (Malicious, score, IcedID, Sabsik, confidence, Kryptik, Eldorado, GenericKD, TrojanX, BAZARLOADER, YXCASZ, Malgent, ai score=88, Static AI, Suspicious PE, susgen, Behavior) | ||
| md5 | e28ae2f26a165ab891248f17b064f2e7 | ||
| sha256 | 0b7eafb0e73e2bf0e0c6263824ffacbf4869f9121502264e5dc08d09183ae301 | ||
| ssdeep | 6144:lCyhivbmvCsJY0SsBGUQIhUAZKlmRaHYEBB4HFUXL06Sh:l085JYN+DhUACEubBuHFg | ||
| imphash | 7c74df63a1dba2dccee9dead9673e4b7 | ||
| impfuzzy | 48:XcwBr9n1QrUK+3+4Yo9g4iS4tSEc+pfE5QFjF/KA/XSv09sjKJuzGSY+nB6UyCEy:XTr91QrgObgg4iS4tSEc+p+eJNg2r0V | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14001d010 GetLogicalDrives
0x14001d018 GetOEMCP
0x14001d020 GetCommandLineW
0x14001d028 GetCurrentProcess
0x14001d030 GetThreadErrorMode
0x14001d038 GetSystemDefaultUILanguage
0x14001d040 GetUserDefaultLangID
0x14001d048 GetThreadLocale
0x14001d050 GetUserDefaultUILanguage
0x14001d058 GetCurrentThreadId
0x14001d060 UnregisterApplicationRecoveryCallback
0x14001d068 GetSystemDefaultLangID
0x14001d070 GetACP
0x14001d078 GetCommandLineA
0x14001d080 GetTickCount64
0x14001d088 GetLastError
0x14001d090 GetThreadUILanguage
0x14001d098 GetCurrentThread
0x14001d0a0 TlsAlloc
0x14001d0a8 SwitchToThread
0x14001d0b0 GetErrorMode
0x14001d0b8 UnregisterApplicationRestart
0x14001d0c0 SetFileApisToOEM
0x14001d0c8 GetEnvironmentStringsW
0x14001d0d0 IsDebuggerPresent
0x14001d0d8 FlushProcessWriteBuffers
0x14001d0e0 GetLargePageMinimum
0x14001d0e8 IsSystemResumeAutomatic
0x14001d0f0 GetCurrentProcessorNumber
0x14001d0f8 GetTickCount
0x14001d100 VirtualAlloc
0x14001d108 ExitProcess
0x14001d110 WriteConsoleW
0x14001d118 CloseHandle
0x14001d120 CreateFileW
0x14001d128 SetFilePointerEx
0x14001d130 AreFileApisANSI
0x14001d138 GetConsoleOutputCP
0x14001d140 FlushFileBuffers
0x14001d148 HeapReAlloc
0x14001d150 HeapSize
0x14001d158 GetProcessHeap
0x14001d160 LCMapStringW
0x14001d168 FlsFree
0x14001d170 FlsSetValue
0x14001d178 FlsGetValue
0x14001d180 FlsAlloc
0x14001d188 GetStringTypeW
0x14001d190 GetFileType
0x14001d198 SetStdHandle
0x14001d1a0 FreeEnvironmentStringsW
0x14001d1a8 WideCharToMultiByte
0x14001d1b0 MultiByteToWideChar
0x14001d1b8 GetCPInfo
0x14001d1c0 IsValidCodePage
0x14001d1c8 FindNextFileW
0x14001d1d0 FindFirstFileExW
0x14001d1d8 FindClose
0x14001d1e0 HeapFree
0x14001d1e8 HeapAlloc
0x14001d1f0 GetModuleHandleExW
0x14001d1f8 TerminateProcess
0x14001d200 GetModuleFileNameW
0x14001d208 WriteFile
0x14001d210 GetStdHandle
0x14001d218 RtlPcToFileHeader
0x14001d220 RaiseException
0x14001d228 GetConsoleMode
0x14001d230 EncodePointer
0x14001d238 LoadLibraryExW
0x14001d240 GetProcAddress
0x14001d248 FreeLibrary
0x14001d250 TlsFree
0x14001d258 TlsSetValue
0x14001d260 QueryPerformanceCounter
0x14001d268 GetCurrentProcessId
0x14001d270 GetSystemTimeAsFileTime
0x14001d278 InitializeSListHead
0x14001d280 RtlCaptureContext
0x14001d288 RtlLookupFunctionEntry
0x14001d290 RtlVirtualUnwind
0x14001d298 UnhandledExceptionFilter
0x14001d2a0 SetUnhandledExceptionFilter
0x14001d2a8 GetStartupInfoW
0x14001d2b0 IsProcessorFeaturePresent
0x14001d2b8 GetModuleHandleW
0x14001d2c0 RtlUnwindEx
0x14001d2c8 SetLastError
0x14001d2d0 EnterCriticalSection
0x14001d2d8 LeaveCriticalSection
0x14001d2e0 DeleteCriticalSection
0x14001d2e8 InitializeCriticalSectionAndSpinCount
0x14001d2f0 TlsGetValue
USER32.dll
0x14001d310 CreateMenu
0x14001d318 GetProcessWindowStation
0x14001d320 GetClipboardSequenceNumber
0x14001d328 GetMessageW
0x14001d330 DefWindowProcW
0x14001d338 DestroyWindow
0x14001d340 CreateWindowExW
0x14001d348 EndDialog
0x14001d350 RegisterClassExW
0x14001d358 LoadAcceleratorsW
0x14001d360 LoadStringW
0x14001d368 ShowWindow
0x14001d370 DispatchMessageW
0x14001d378 MessageBoxA
0x14001d380 TranslateAcceleratorW
0x14001d388 TranslateMessage
0x14001d390 LoadIconW
0x14001d398 LoadCursorW
0x14001d3a0 PostQuitMessage
0x14001d3a8 DialogBoxParamW
0x14001d3b0 UpdateWindow
0x14001d3b8 BeginPaint
0x14001d3c0 EndPaint
0x14001d3c8 GetMenuCheckMarkDimensions
0x14001d3d0 GetDesktopWindow
0x14001d3d8 SetProcessDPIAware
0x14001d3e0 GetMessageExtraInfo
0x14001d3e8 GetFocus
0x14001d3f0 GetClipboardViewer
0x14001d3f8 GetOpenClipboardWindow
0x14001d400 GetCursor
0x14001d408 GetShellWindow
0x14001d410 GetActiveWindow
0x14001d418 AnyPopup
0x14001d420 InSendMessage
0x14001d428 GetCapture
0x14001d430 CloseClipboard
0x14001d438 EmptyClipboard
0x14001d440 CountClipboardFormats
0x14001d448 GetKBCodePage
0x14001d450 IsProcessDPIAware
0x14001d458 GetForegroundWindow
0x14001d460 GetDialogBaseUnits
0x14001d468 GetMessageTime
0x14001d470 IsWow64Message
0x14001d478 DestroyCaret
GDI32.dll
0x14001d000 GdiFlush
SHELL32.dll
0x14001d300 InitNetworkAddressControl
ole32.dll
0x14001d488 CoFreeUnusedLibraries
0x14001d490 OleUninitialize
0x14001d498 CoUninitialize
EAT(Export Address Table) is none
KERNEL32.dll
0x14001d010 GetLogicalDrives
0x14001d018 GetOEMCP
0x14001d020 GetCommandLineW
0x14001d028 GetCurrentProcess
0x14001d030 GetThreadErrorMode
0x14001d038 GetSystemDefaultUILanguage
0x14001d040 GetUserDefaultLangID
0x14001d048 GetThreadLocale
0x14001d050 GetUserDefaultUILanguage
0x14001d058 GetCurrentThreadId
0x14001d060 UnregisterApplicationRecoveryCallback
0x14001d068 GetSystemDefaultLangID
0x14001d070 GetACP
0x14001d078 GetCommandLineA
0x14001d080 GetTickCount64
0x14001d088 GetLastError
0x14001d090 GetThreadUILanguage
0x14001d098 GetCurrentThread
0x14001d0a0 TlsAlloc
0x14001d0a8 SwitchToThread
0x14001d0b0 GetErrorMode
0x14001d0b8 UnregisterApplicationRestart
0x14001d0c0 SetFileApisToOEM
0x14001d0c8 GetEnvironmentStringsW
0x14001d0d0 IsDebuggerPresent
0x14001d0d8 FlushProcessWriteBuffers
0x14001d0e0 GetLargePageMinimum
0x14001d0e8 IsSystemResumeAutomatic
0x14001d0f0 GetCurrentProcessorNumber
0x14001d0f8 GetTickCount
0x14001d100 VirtualAlloc
0x14001d108 ExitProcess
0x14001d110 WriteConsoleW
0x14001d118 CloseHandle
0x14001d120 CreateFileW
0x14001d128 SetFilePointerEx
0x14001d130 AreFileApisANSI
0x14001d138 GetConsoleOutputCP
0x14001d140 FlushFileBuffers
0x14001d148 HeapReAlloc
0x14001d150 HeapSize
0x14001d158 GetProcessHeap
0x14001d160 LCMapStringW
0x14001d168 FlsFree
0x14001d170 FlsSetValue
0x14001d178 FlsGetValue
0x14001d180 FlsAlloc
0x14001d188 GetStringTypeW
0x14001d190 GetFileType
0x14001d198 SetStdHandle
0x14001d1a0 FreeEnvironmentStringsW
0x14001d1a8 WideCharToMultiByte
0x14001d1b0 MultiByteToWideChar
0x14001d1b8 GetCPInfo
0x14001d1c0 IsValidCodePage
0x14001d1c8 FindNextFileW
0x14001d1d0 FindFirstFileExW
0x14001d1d8 FindClose
0x14001d1e0 HeapFree
0x14001d1e8 HeapAlloc
0x14001d1f0 GetModuleHandleExW
0x14001d1f8 TerminateProcess
0x14001d200 GetModuleFileNameW
0x14001d208 WriteFile
0x14001d210 GetStdHandle
0x14001d218 RtlPcToFileHeader
0x14001d220 RaiseException
0x14001d228 GetConsoleMode
0x14001d230 EncodePointer
0x14001d238 LoadLibraryExW
0x14001d240 GetProcAddress
0x14001d248 FreeLibrary
0x14001d250 TlsFree
0x14001d258 TlsSetValue
0x14001d260 QueryPerformanceCounter
0x14001d268 GetCurrentProcessId
0x14001d270 GetSystemTimeAsFileTime
0x14001d278 InitializeSListHead
0x14001d280 RtlCaptureContext
0x14001d288 RtlLookupFunctionEntry
0x14001d290 RtlVirtualUnwind
0x14001d298 UnhandledExceptionFilter
0x14001d2a0 SetUnhandledExceptionFilter
0x14001d2a8 GetStartupInfoW
0x14001d2b0 IsProcessorFeaturePresent
0x14001d2b8 GetModuleHandleW
0x14001d2c0 RtlUnwindEx
0x14001d2c8 SetLastError
0x14001d2d0 EnterCriticalSection
0x14001d2d8 LeaveCriticalSection
0x14001d2e0 DeleteCriticalSection
0x14001d2e8 InitializeCriticalSectionAndSpinCount
0x14001d2f0 TlsGetValue
USER32.dll
0x14001d310 CreateMenu
0x14001d318 GetProcessWindowStation
0x14001d320 GetClipboardSequenceNumber
0x14001d328 GetMessageW
0x14001d330 DefWindowProcW
0x14001d338 DestroyWindow
0x14001d340 CreateWindowExW
0x14001d348 EndDialog
0x14001d350 RegisterClassExW
0x14001d358 LoadAcceleratorsW
0x14001d360 LoadStringW
0x14001d368 ShowWindow
0x14001d370 DispatchMessageW
0x14001d378 MessageBoxA
0x14001d380 TranslateAcceleratorW
0x14001d388 TranslateMessage
0x14001d390 LoadIconW
0x14001d398 LoadCursorW
0x14001d3a0 PostQuitMessage
0x14001d3a8 DialogBoxParamW
0x14001d3b0 UpdateWindow
0x14001d3b8 BeginPaint
0x14001d3c0 EndPaint
0x14001d3c8 GetMenuCheckMarkDimensions
0x14001d3d0 GetDesktopWindow
0x14001d3d8 SetProcessDPIAware
0x14001d3e0 GetMessageExtraInfo
0x14001d3e8 GetFocus
0x14001d3f0 GetClipboardViewer
0x14001d3f8 GetOpenClipboardWindow
0x14001d400 GetCursor
0x14001d408 GetShellWindow
0x14001d410 GetActiveWindow
0x14001d418 AnyPopup
0x14001d420 InSendMessage
0x14001d428 GetCapture
0x14001d430 CloseClipboard
0x14001d438 EmptyClipboard
0x14001d440 CountClipboardFormats
0x14001d448 GetKBCodePage
0x14001d450 IsProcessDPIAware
0x14001d458 GetForegroundWindow
0x14001d460 GetDialogBaseUnits
0x14001d468 GetMessageTime
0x14001d470 IsWow64Message
0x14001d478 DestroyCaret
GDI32.dll
0x14001d000 GdiFlush
SHELL32.dll
0x14001d300 InitNetworkAddressControl
ole32.dll
0x14001d488 CoFreeUnusedLibraries
0x14001d490 OleUninitialize
0x14001d498 CoUninitialize
EAT(Export Address Table) is none