Report - ZeroBOX

ScreenShot

Info
Location map


Created	2022.05.15 05:08	Machine	s1_win7_x6401
Filename	Gnwpizngkfaxnrdperkromddykwmeaazkg.exe
Type	PE32 executable (GUI) Intel 80386, for MS Windows
AI Score	6	Behavior Score	3.6
ZERO API	file : malware
VT API (file)	56 detected (AIDetect, malware2, malicious, high confidence, Inject4, score, LokiBot, Unsafe, Noon, Save, DelfInject, ZelphiF, MGW@aaWp9Xni, Delf, TXVA, Attribute, HighConfidence, R01FC0DGM21, GenericKD, ixsjfd, InjectorX, Gencirc, Delphi, oilby, R + Troj, Fareit, susgen, FCVN, ai score=89, TScope, Remcos, Generic@ML, RDMK, x0zfXrhg9pjBhAiVL0nnzA, 081ev, Static AI, Malicious PE, EQEQ, confidence, 100%)
md5	6331736d5de348e92aa8ac377de8275d
sha256	4846f21cf2c561b1885e52c29c1cae87863fb6b1a02b57980c5860bb4f5f9150
ssdeep	12288:JV0wOEyuOv3iii4DMXqsYLbRSsq7/Ssdpk6dz:JyFuOt3WOLNSv764z
imphash	b626bb107e2a13327eafb21c1e74d47c
impfuzzy	96:8cfpHYo3O5c/4IXhp4U8zS10+YBbuu2RrSUvK9LVqo1GqE6nDwPOQR8I:P3hkk1QBbuuArSUvK9RqooqE6EPOQRN

Network IP location

Signature (8cnts)

Level	Description
danger	File has been identified by 56 AntiVirus engines on VirusTotal as malicious
watch	Network activity contains more than one unique useragent
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Performs some HTTP requests
notice	The binary likely contains encrypted or compressed data indicative of a packer
info	One or more processes crashed
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)
info	The executable uses a known packer

Rules (5cnts)

Level	Name	Description	Collection
watch	Admin_Tool_IN_Zero	Admin Tool Sysinternals	binaries (upload)
watch	Malicious_Library_Zero	Malicious_Library	binaries (upload)
watch	UPX_Zero	UPX packed file	binaries (upload)
info	IsPE32	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (7cnts) ?

Request	ASN Co	IP4	ZERO ?
https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1652558890&rver=7.3.6962.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fonedrive.live.com%2Fdownload%3Fcid%3DDCD4F5588DB45110%26resid%3DDCD4F5588DB45110%2521117%26authkey%3DABNcDCFEJJwt5GE&lc=1033&id=2502 whois	MICROSOFT-CORP-MSN-AS-BLOCK	20.190.163.18	clean
https://onedrive.live.com/download?cid=DCD4F5588DB45110&resid=DCD4F5588DB45110%21117&authkey=ABNcDCFEJJwt5GE whois	MICROSOFT-CORP-MSN-AS-BLOCK	13.107.42.13	mailcious
https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1652558891&rver=7.3.6962.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fonedrive.live.com%2Fdownload%3Fcid%3DDCD4F5588DB45110%26resid%3DDCD4F5588DB45110%2521117%26authkey%3DABNcDCFEJJwt5GE&lc=1033&id=2502 whois	MICROSOFT-CORP-MSN-AS-BLOCK	20.190.163.18	clean
login.live.com whois	MICROSOFT-CORP-MSN-AS-BLOCK	20.190.141.39	clean
onedrive.live.com whois	MICROSOFT-CORP-MSN-AS-BLOCK	13.107.42.13	mailcious
20.190.163.18 whois	MICROSOFT-CORP-MSN-AS-BLOCK	20.190.163.18	clean
13.107.42.13 whois	MICROSOFT-CORP-MSN-AS-BLOCK	13.107.42.13	mailcious

Suricata ids

PE API

IAT(Import Address Table) Library

kernel32.dll
0x454118 DeleteCriticalSection
0x45411c LeaveCriticalSection
0x454120 EnterCriticalSection
0x454124 InitializeCriticalSection
0x454128 VirtualFree
0x45412c VirtualAlloc
0x454130 LocalFree
0x454134 LocalAlloc
0x454138 GetVersion
0x45413c GetCurrentThreadId
0x454140 InterlockedDecrement
0x454144 InterlockedIncrement
0x454148 VirtualQuery
0x45414c WideCharToMultiByte
0x454150 MultiByteToWideChar
0x454154 lstrlenA
0x454158 lstrcpynA
0x45415c LoadLibraryExA
0x454160 GetThreadLocale
0x454164 GetStartupInfoA
0x454168 GetProcAddress
0x45416c GetModuleHandleA
0x454170 GetModuleFileNameA
0x454174 GetLocaleInfoA
0x454178 GetLastError
0x45417c GetCommandLineA
0x454180 FreeLibrary
0x454184 FindFirstFileA
0x454188 FindClose
0x45418c ExitProcess
0x454190 WriteFile
0x454194 UnhandledExceptionFilter
0x454198 SetFilePointer
0x45419c SetEndOfFile
0x4541a0 RtlUnwind
0x4541a4 ReadFile
0x4541a8 RaiseException
0x4541ac GetStdHandle
0x4541b0 GetFileSize
0x4541b4 GetFileType
0x4541b8 CreateFileA
0x4541bc CloseHandle
user32.dll
0x4541c4 GetKeyboardType
0x4541c8 LoadStringA
0x4541cc MessageBoxA
0x4541d0 CharNextA
advapi32.dll
0x4541d8 RegQueryValueExA
0x4541dc RegOpenKeyExA
0x4541e0 RegCloseKey
oleaut32.dll
0x4541e8 SysFreeString
0x4541ec SysReAllocStringLen
0x4541f0 SysAllocStringLen
kernel32.dll
0x4541f8 TlsSetValue
0x4541fc TlsGetValue
0x454200 LocalAlloc
0x454204 GetModuleHandleA
advapi32.dll
0x45420c RegQueryValueExA
0x454210 RegOpenKeyExA
0x454214 RegCloseKey
kernel32.dll
0x45421c lstrcpyA
0x454220 WriteFile
0x454224 WaitForSingleObject
0x454228 VirtualQuery
0x45422c VirtualProtect
0x454230 VirtualAlloc
0x454234 Sleep
0x454238 SizeofResource
0x45423c SetThreadLocale
0x454240 SetFilePointer
0x454244 SetEvent
0x454248 SetErrorMode
0x45424c SetEndOfFile
0x454250 ResetEvent
0x454254 ReadFile
0x454258 MulDiv
0x45425c LockResource
0x454260 LoadResource
0x454264 LoadLibraryA
0x454268 LeaveCriticalSection
0x45426c InitializeCriticalSection
0x454270 GlobalUnlock
0x454274 GlobalReAlloc
0x454278 GlobalHandle
0x45427c GlobalLock
0x454280 GlobalFree
0x454284 GlobalFindAtomA
0x454288 GlobalDeleteAtom
0x45428c GlobalAlloc
0x454290 GlobalAddAtomA
0x454294 GetVersionExA
0x454298 GetVersion
0x45429c GetTickCount
0x4542a0 GetThreadLocale
0x4542a4 GetSystemInfo
0x4542a8 GetStringTypeExA
0x4542ac GetStdHandle
0x4542b0 GetProcAddress
0x4542b4 GetModuleHandleA
0x4542b8 GetModuleFileNameA
0x4542bc GetLocaleInfoA
0x4542c0 GetLocalTime
0x4542c4 GetLastError
0x4542c8 GetFullPathNameA
0x4542cc GetDiskFreeSpaceA
0x4542d0 GetDateFormatA
0x4542d4 GetCurrentThreadId
0x4542d8 GetCurrentProcessId
0x4542dc GetCPInfo
0x4542e0 GetACP
0x4542e4 FreeResource
0x4542e8 InterlockedExchange
0x4542ec FreeLibrary
0x4542f0 FormatMessageA
0x4542f4 FindResourceA
0x4542f8 EnumCalendarInfoA
0x4542fc EnterCriticalSection
0x454300 DeleteCriticalSection
0x454304 CreateThread
0x454308 CreateFileA
0x45430c CreateEventA
0x454310 CompareStringA
0x454314 CloseHandle
version.dll
0x45431c VerQueryValueA
0x454320 GetFileVersionInfoSizeA
0x454324 GetFileVersionInfoA
gdi32.dll
0x45432c UnrealizeObject
0x454330 StretchBlt
0x454334 SetWindowOrgEx
0x454338 SetViewportOrgEx
0x45433c SetTextColor
0x454340 SetStretchBltMode
0x454344 SetROP2
0x454348 SetPixel
0x45434c SetDIBColorTable
0x454350 SetBrushOrgEx
0x454354 SetBkMode
0x454358 SetBkColor
0x45435c SelectPalette
0x454360 SelectObject
0x454364 SaveDC
0x454368 RestoreDC
0x45436c RectVisible
0x454370 RealizePalette
0x454374 PatBlt
0x454378 MoveToEx
0x45437c MaskBlt
0x454380 LineTo
0x454384 IntersectClipRect
0x454388 GetWindowOrgEx
0x45438c GetTextMetricsA
0x454390 GetTextExtentPoint32A
0x454394 GetSystemPaletteEntries
0x454398 GetStockObject
0x45439c GetPixel
0x4543a0 GetPaletteEntries
0x4543a4 GetObjectA
0x4543a8 GetDeviceCaps
0x4543ac GetDIBits
0x4543b0 GetDIBColorTable
0x4543b4 GetDCOrgEx
0x4543b8 GetCurrentPositionEx
0x4543bc GetClipBox
0x4543c0 GetBrushOrgEx
0x4543c4 GetBitmapBits
0x4543c8 ExcludeClipRect
0x4543cc DeleteObject
0x4543d0 DeleteDC
0x4543d4 CreateSolidBrush
0x4543d8 CreatePenIndirect
0x4543dc CreatePalette
0x4543e0 CreateHalftonePalette
0x4543e4 CreateFontIndirectA
0x4543e8 CreateDIBitmap
0x4543ec CreateDIBSection
0x4543f0 CreateCompatibleDC
0x4543f4 CreateCompatibleBitmap
0x4543f8 CreateBrushIndirect
0x4543fc CreateBitmap
0x454400 BitBlt
user32.dll
0x454408 CreateWindowExA
0x45440c WindowFromPoint
0x454410 WinHelpA
0x454414 WaitMessage
0x454418 UpdateWindow
0x45441c UnregisterClassA
0x454420 UnhookWindowsHookEx
0x454424 TranslateMessage
0x454428 TranslateMDISysAccel
0x45442c TrackPopupMenu
0x454430 SystemParametersInfoA
0x454434 ShowWindow
0x454438 ShowScrollBar
0x45443c ShowOwnedPopups
0x454440 ShowCursor
0x454444 SetWindowsHookExA
0x454448 SetWindowTextA
0x45444c SetWindowPos
0x454450 SetWindowPlacement
0x454454 SetWindowLongA
0x454458 SetTimer
0x45445c SetScrollRange
0x454460 SetScrollPos
0x454464 SetScrollInfo
0x454468 SetRect
0x45446c SetPropA
0x454470 SetParent
0x454474 SetMenuItemInfoA
0x454478 SetMenu
0x45447c SetForegroundWindow
0x454480 SetFocus
0x454484 SetCursor
0x454488 SetClassLongA
0x45448c SetCapture
0x454490 SetActiveWindow
0x454494 SendMessageA
0x454498 ScrollWindow
0x45449c ScreenToClient
0x4544a0 RemovePropA
0x4544a4 RemoveMenu
0x4544a8 ReleaseDC
0x4544ac ReleaseCapture
0x4544b0 RegisterWindowMessageA
0x4544b4 RegisterClipboardFormatA
0x4544b8 RegisterClassA
0x4544bc RedrawWindow
0x4544c0 PtInRect
0x4544c4 PostQuitMessage
0x4544c8 PostMessageA
0x4544cc PeekMessageA
0x4544d0 OffsetRect
0x4544d4 OemToCharA
0x4544d8 MessageBoxA
0x4544dc MapWindowPoints
0x4544e0 MapVirtualKeyA
0x4544e4 LoadStringA
0x4544e8 LoadKeyboardLayoutA
0x4544ec LoadIconA
0x4544f0 LoadCursorA
0x4544f4 LoadBitmapA
0x4544f8 KillTimer
0x4544fc IsZoomed
0x454500 IsWindowVisible
0x454504 IsWindowEnabled
0x454508 IsWindow
0x45450c IsRectEmpty
0x454510 IsIconic
0x454514 IsDialogMessageA
0x454518 IsChild
0x45451c InvalidateRect
0x454520 IntersectRect
0x454524 InsertMenuItemA
0x454528 InsertMenuA
0x45452c InflateRect
0x454530 GetWindowThreadProcessId
0x454534 GetWindowTextA
0x454538 GetWindowRect
0x45453c GetWindowPlacement
0x454540 GetWindowLongA
0x454544 GetWindowDC
0x454548 GetTopWindow
0x45454c GetSystemMetrics
0x454550 GetSystemMenu
0x454554 GetSysColorBrush
0x454558 GetSysColor
0x45455c GetSubMenu
0x454560 GetScrollRange
0x454564 GetScrollPos
0x454568 GetScrollInfo
0x45456c GetPropA
0x454570 GetParent
0x454574 GetWindow
0x454578 GetMenuStringA
0x45457c GetMenuState
0x454580 GetMenuItemInfoA
0x454584 GetMenuItemID
0x454588 GetMenuItemCount
0x45458c GetMenu
0x454590 GetLastActivePopup
0x454594 GetKeyboardState
0x454598 GetKeyboardLayoutList
0x45459c GetKeyboardLayout
0x4545a0 GetKeyState
0x4545a4 GetKeyNameTextA
0x4545a8 GetIconInfo
0x4545ac GetForegroundWindow
0x4545b0 GetFocus
0x4545b4 GetDesktopWindow
0x4545b8 GetDCEx
0x4545bc GetDC
0x4545c0 GetCursorPos
0x4545c4 GetCursor
0x4545c8 GetClientRect
0x4545cc GetClassNameA
0x4545d0 GetClassInfoA
0x4545d4 GetCapture
0x4545d8 GetActiveWindow
0x4545dc FrameRect
0x4545e0 FindWindowA
0x4545e4 FillRect
0x4545e8 EqualRect
0x4545ec EnumWindows
0x4545f0 EnumThreadWindows
0x4545f4 EndPaint
0x4545f8 EnableWindow
0x4545fc EnableScrollBar
0x454600 EnableMenuItem
0x454604 DrawTextA
0x454608 DrawMenuBar
0x45460c DrawIconEx
0x454610 DrawIcon
0x454614 DrawFrameControl
0x454618 DrawEdge
0x45461c DispatchMessageA
0x454620 DestroyWindow
0x454624 DestroyMenu
0x454628 DestroyIcon
0x45462c DestroyCursor
0x454630 DeleteMenu
0x454634 DefWindowProcA
0x454638 DefMDIChildProcA
0x45463c DefFrameProcA
0x454640 CreatePopupMenu
0x454644 CreateMenu
0x454648 CreateIcon
0x45464c ClientToScreen
0x454650 CheckMenuItem
0x454654 CallWindowProcA
0x454658 CallNextHookEx
0x45465c BeginPaint
0x454660 CharNextA
0x454664 CharLowerA
0x454668 CharToOemA
0x45466c AdjustWindowRectEx
0x454670 ActivateKeyboardLayout
kernel32.dll
0x454678 Sleep
oleaut32.dll
0x454680 SafeArrayPtrOfIndex
0x454684 SafeArrayGetUBound
0x454688 SafeArrayGetLBound
0x45468c SafeArrayCreate
0x454690 VariantChangeType
0x454694 VariantCopy
0x454698 VariantClear
0x45469c VariantInit
comctl32.dll
0x4546a4 ImageList_SetIconSize
0x4546a8 ImageList_GetIconSize
0x4546ac ImageList_Write
0x4546b0 ImageList_Read
0x4546b4 ImageList_GetDragImage
0x4546b8 ImageList_DragShowNolock
0x4546bc ImageList_SetDragCursorImage
0x4546c0 ImageList_DragMove
0x4546c4 ImageList_DragLeave
0x4546c8 ImageList_DragEnter
0x4546cc ImageList_EndDrag
0x4546d0 ImageList_BeginDrag
0x4546d4 ImageList_Remove
0x4546d8 ImageList_DrawEx
0x4546dc ImageList_Draw
0x4546e0 ImageList_GetBkColor
0x4546e4 ImageList_SetBkColor
0x4546e8 ImageList_ReplaceIcon
0x4546ec ImageList_Add
0x4546f0 ImageList_SetImageCount
0x4546f4 ImageList_GetImageCount
0x4546f8 ImageList_Destroy
0x4546fc ImageList_Create

EAT(Export Address Table) is none

Report - Gnwpizngkfaxnrdperkromddykwmeaazkg.exe

Signature (8cnts)

Rules (5cnts)

Network (7cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure