ScreenShot
| Created | 2022.05.24 09:36 | Machine | s1_win7_x6403 |
| Filename | listbul.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 42 detected (IcedID, GenericKD, Artemis, Save, malicious, ABRisk, LXNS, high confidence, GenKryptik, FUUH, R002C0WEN22, BotX, tzzv, TrojanBanker, Meterpreter, CLOUD, ybsaw, kcloud, score, ai score=85, Ebqm, Static AI, Malicious PE, susgen, PossibleThreat, PALLASNET, confidence, 100%) | ||
| md5 | 8970a3db9f39923a4ef16fb39cd8acc5 | ||
| sha256 | 1e3d10c3c84d7617692174a1f9ae8a658eabb22c7122ef1c8f37f35641ccf7aa | ||
| ssdeep | 1536:cDG3b58g1Ax5QvHisR3yCmaWXRbkweWkCBbLyxsoUvMFMQiNTRhhmb0rBNliiU:MG3bni5mHGbcCBbLyxsgmRzmbkfU | ||
| imphash | 2ad26ca0e3350fdb59f713806c5776d6 | ||
| impfuzzy | 24:8fCq1JmncJ8a0meB0MC95XGDZ8kNJlkoDq6ZF4:8fCq1ccJLeSzJGV8kNJlkoql | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 42 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | MinGW | Used MinGW (Win GCC) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x408238 DeleteCriticalSection
0x408240 EnterCriticalSection
0x408248 ExitProcess
0x408250 GetCurrentProcess
0x408258 GetCurrentProcessId
0x408260 GetCurrentThreadId
0x408268 GetLastError
0x408270 GetStartupInfoA
0x408278 GetSystemTimeAsFileTime
0x408280 GetTickCount
0x408288 InitializeCriticalSection
0x408290 LeaveCriticalSection
0x408298 QueryPerformanceCounter
0x4082a0 RtlAddFunctionTable
0x4082a8 RtlCaptureContext
0x4082b0 RtlLookupFunctionEntry
0x4082b8 RtlVirtualUnwind
0x4082c0 SetUnhandledExceptionFilter
0x4082c8 Sleep
0x4082d0 TerminateProcess
0x4082d8 TlsGetValue
0x4082e0 UnhandledExceptionFilter
0x4082e8 VirtualAlloc
0x4082f0 VirtualProtect
0x4082f8 VirtualQuery
msvcrt.dll
0x408308 __C_specific_handler
0x408310 __dllonexit
0x408318 __getmainargs
0x408320 __initenv
0x408328 __iob_func
0x408330 __lconv_init
0x408338 __set_app_type
0x408340 __setusermatherr
0x408348 _acmdln
0x408350 _amsg_exit
0x408358 _cexit
0x408360 _fmode
0x408368 _initterm
0x408370 _lock
0x408378 _onexit
0x408380 _unlock
0x408388 abort
0x408390 atoi
0x408398 calloc
0x4083a0 exit
0x4083a8 fprintf
0x4083b0 free
0x4083b8 fwrite
0x4083c0 malloc
0x4083c8 memcpy
0x4083d0 memset
0x4083d8 signal
0x4083e0 strlen
0x4083e8 strncmp
0x4083f0 vfprintf
ole32.dll
0x408400 CoLoadLibrary
0x408408 CoTaskMemAlloc
0x408410 CoTaskMemFree
EAT(Export Address Table) is none
KERNEL32.dll
0x408238 DeleteCriticalSection
0x408240 EnterCriticalSection
0x408248 ExitProcess
0x408250 GetCurrentProcess
0x408258 GetCurrentProcessId
0x408260 GetCurrentThreadId
0x408268 GetLastError
0x408270 GetStartupInfoA
0x408278 GetSystemTimeAsFileTime
0x408280 GetTickCount
0x408288 InitializeCriticalSection
0x408290 LeaveCriticalSection
0x408298 QueryPerformanceCounter
0x4082a0 RtlAddFunctionTable
0x4082a8 RtlCaptureContext
0x4082b0 RtlLookupFunctionEntry
0x4082b8 RtlVirtualUnwind
0x4082c0 SetUnhandledExceptionFilter
0x4082c8 Sleep
0x4082d0 TerminateProcess
0x4082d8 TlsGetValue
0x4082e0 UnhandledExceptionFilter
0x4082e8 VirtualAlloc
0x4082f0 VirtualProtect
0x4082f8 VirtualQuery
msvcrt.dll
0x408308 __C_specific_handler
0x408310 __dllonexit
0x408318 __getmainargs
0x408320 __initenv
0x408328 __iob_func
0x408330 __lconv_init
0x408338 __set_app_type
0x408340 __setusermatherr
0x408348 _acmdln
0x408350 _amsg_exit
0x408358 _cexit
0x408360 _fmode
0x408368 _initterm
0x408370 _lock
0x408378 _onexit
0x408380 _unlock
0x408388 abort
0x408390 atoi
0x408398 calloc
0x4083a0 exit
0x4083a8 fprintf
0x4083b0 free
0x4083b8 fwrite
0x4083c0 malloc
0x4083c8 memcpy
0x4083d0 memset
0x4083d8 signal
0x4083e0 strlen
0x4083e8 strncmp
0x4083f0 vfprintf
ole32.dll
0x408400 CoLoadLibrary
0x408408 CoTaskMemAlloc
0x408410 CoTaskMemFree
EAT(Export Address Table) is none