ScreenShot
| Created | 2022.05.24 18:36 | Machine | s1_win7_x6403 |
| Filename | majMSPharm.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 25 detected (GenericKD, Artemis, Unsafe, AutoIt, Eldorado, malicious, moderate confidence, Sabsik, Wacapew, ai score=82, susgen, PossibleThreat) | ||
| md5 | 6c53f542fb4bf76bba5492fdcd68241b | ||
| sha256 | 352e50419b860d9f9066d2a1dc16b925c101027a1915be02f0a1fba09c5c22f5 | ||
| ssdeep | 49152:UO7+4VcSl7495jJVoHHXZiRm0IMeMlKxvLHkknZO/ygI2DRJRYRQDjcjOrnZioFK:UoplyMHHelWvPZOagRZzRRJeR | ||
| imphash | e41c25ab7824b3df73334188c40518ae | ||
| impfuzzy | 24:mcOovaVH9+Fo0DpYPYz6A4ES5GbnQnAxt/12JEUh5KlhkijSLCKQw350Q+WbvyzC:ar59M5eA4ES5QnBX/1olh5KlCySeKQuX | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 25 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Drops an executable to the user AppData folder |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| info | Checks if process is being debugged by a debugger |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40404c lstrcpyA
0x404050 GetCommandLineA
0x404054 SetErrorMode
0x404058 lstrlenA
0x40405c MulDiv
0x404060 GetTempFileNameA
0x404064 GetWindowsDirectoryA
0x404068 GetModuleFileNameA
0x40406c GetModuleHandleA
0x404070 FormatMessageA
0x404074 lstrcatA
0x404078 GetLastError
0x40407c _lwrite
0x404080 _llseek
0x404084 GlobalUnlock
0x404088 _lopen
0x40408c GlobalAlloc
0x404090 GlobalFree
0x404094 _lclose
0x404098 _lcreat
0x40409c LoadLibraryA
0x4040a0 GetProcAddress
0x4040a4 FreeLibrary
0x4040a8 OpenFile
0x4040ac GetVersionExA
0x4040b0 GetCurrentProcess
0x4040b4 WinExec
0x4040b8 ExitProcess
0x4040bc _lread
0x4040c0 LocalFree
0x4040c4 GetTempPathA
0x4040c8 GlobalLock
USER32.dll
0x4040d0 GetDC
0x4040d4 BeginPaint
0x4040d8 EndPaint
0x4040dc InvalidateRect
0x4040e0 PostQuitMessage
0x4040e4 SendMessageA
0x4040e8 DefWindowProcA
0x4040ec GetClientRect
0x4040f0 CreateWindowExA
0x4040f4 DrawTextA
0x4040f8 ReleaseDC
0x4040fc ShowWindow
0x404100 SetWindowPos
0x404104 UpdateWindow
0x404108 SetTimer
0x40410c LoadIconA
0x404110 wsprintfA
0x404114 MessageBoxA
0x404118 ExitWindowsEx
0x40411c RegisterClassA
0x404120 LoadCursorA
GDI32.dll
0x404010 DeleteObject
0x404014 GetStockObject
0x404018 GetDeviceCaps
0x40401c PatBlt
0x404020 CreateSolidBrush
0x404024 TextOutA
0x404028 SetTextColor
0x40402c SetBkMode
0x404030 SelectObject
0x404034 StretchDIBits
0x404038 CreateFontA
0x40403c RealizePalette
0x404040 SelectPalette
0x404044 CreatePalette
ADVAPI32.dll
0x404000 OpenProcessToken
0x404004 AdjustTokenPrivileges
0x404008 LookupPrivilegeValueA
EAT(Export Address Table) Library
0x402a80 _MainWndProc@16
0x403082 _StubFileWrite@12
KERNEL32.dll
0x40404c lstrcpyA
0x404050 GetCommandLineA
0x404054 SetErrorMode
0x404058 lstrlenA
0x40405c MulDiv
0x404060 GetTempFileNameA
0x404064 GetWindowsDirectoryA
0x404068 GetModuleFileNameA
0x40406c GetModuleHandleA
0x404070 FormatMessageA
0x404074 lstrcatA
0x404078 GetLastError
0x40407c _lwrite
0x404080 _llseek
0x404084 GlobalUnlock
0x404088 _lopen
0x40408c GlobalAlloc
0x404090 GlobalFree
0x404094 _lclose
0x404098 _lcreat
0x40409c LoadLibraryA
0x4040a0 GetProcAddress
0x4040a4 FreeLibrary
0x4040a8 OpenFile
0x4040ac GetVersionExA
0x4040b0 GetCurrentProcess
0x4040b4 WinExec
0x4040b8 ExitProcess
0x4040bc _lread
0x4040c0 LocalFree
0x4040c4 GetTempPathA
0x4040c8 GlobalLock
USER32.dll
0x4040d0 GetDC
0x4040d4 BeginPaint
0x4040d8 EndPaint
0x4040dc InvalidateRect
0x4040e0 PostQuitMessage
0x4040e4 SendMessageA
0x4040e8 DefWindowProcA
0x4040ec GetClientRect
0x4040f0 CreateWindowExA
0x4040f4 DrawTextA
0x4040f8 ReleaseDC
0x4040fc ShowWindow
0x404100 SetWindowPos
0x404104 UpdateWindow
0x404108 SetTimer
0x40410c LoadIconA
0x404110 wsprintfA
0x404114 MessageBoxA
0x404118 ExitWindowsEx
0x40411c RegisterClassA
0x404120 LoadCursorA
GDI32.dll
0x404010 DeleteObject
0x404014 GetStockObject
0x404018 GetDeviceCaps
0x40401c PatBlt
0x404020 CreateSolidBrush
0x404024 TextOutA
0x404028 SetTextColor
0x40402c SetBkMode
0x404030 SelectObject
0x404034 StretchDIBits
0x404038 CreateFontA
0x40403c RealizePalette
0x404040 SelectPalette
0x404044 CreatePalette
ADVAPI32.dll
0x404000 OpenProcessToken
0x404004 AdjustTokenPrivileges
0x404008 LookupPrivilegeValueA
EAT(Export Address Table) Library
0x402a80 _MainWndProc@16
0x403082 _StubFileWrite@12