ScreenShot
| Created | 2022.05.25 09:46 | Machine | s1_win7_x6403 |
| Filename | ideainv.sfx.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, RAR self-extracting archive | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 16 detected (AIDetect, malware2, GenericKD, Artemis, malicious, moderate confidence, Bicololo, R002H09EO22, ai score=85) | ||
| md5 | fa47b24566cb07aa26b215f121cb8758 | ||
| sha256 | 8b0026b4196e9fc3c5b7e653d44aa5c1fc5b81af77eb3e9810722189349f0b90 | ||
| ssdeep | 98304:JSIRAP7cX2bwkJJMNKd76KbCZfFBye+L4VJPxFbu:M/P7dMiJbCV4Lgbhu | ||
| imphash | 3eaa732d4dae53340f9646bdd85dac41 | ||
| impfuzzy | 96:dQ8NTcLJX1Pq5p/iOL5EORIRRHdZq61NuKkGD:6HFMi0qHdI61NZFD | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | File has been identified by 16 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Creates (office) documents on the filesystem |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| info | Checks amount of memory in system |
| info | This executable has a PDB path |
Rules (13cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_RL_Gen_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Contains_VBA_macro_code | Detect a MS Office document with embedded VBA macro code [binaries] | binaries (download) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | Microsoft_Office_File_Zero | Microsoft Office File | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
COMCTL32.dll
0x427028 InitCommonControlsEx
SHLWAPI.dll
0x427288 SHAutoComplete
KERNEL32.dll
0x427064 ReadFile
0x427068 GetFileAttributesW
0x42706c SetFileAttributesW
0x427070 FindNextFileW
0x427074 GetFullPathNameW
0x427078 GetModuleFileNameW
0x42707c FindResourceW
0x427080 GetModuleHandleW
0x427084 FreeLibrary
0x427088 GetProcAddress
0x42708c LoadLibraryW
0x427090 GetCurrentProcessId
0x427094 GetLocaleInfoW
0x427098 GetNumberFormatW
0x42709c ExpandEnvironmentStringsW
0x4270a0 WaitForSingleObject
0x4270a4 DosDateTimeToFileTime
0x4270a8 GetDateFormatW
0x4270ac GetTimeFormatW
0x4270b0 FileTimeToSystemTime
0x4270b4 FileTimeToLocalFileTime
0x4270b8 GetExitCodeProcess
0x4270bc GetTempPathW
0x4270c0 MoveFileExW
0x4270c4 Sleep
0x4270c8 UnmapViewOfFile
0x4270cc MapViewOfFile
0x4270d0 GetCommandLineW
0x4270d4 CreateFileMappingW
0x4270d8 GetTickCount
0x4270dc SetEnvironmentVariableW
0x4270e0 OpenFileMappingW
0x4270e4 CreateThread
0x4270e8 EnterCriticalSection
0x4270ec LeaveCriticalSection
0x4270f0 GetProcessAffinityMask
0x4270f4 ReleaseSemaphore
0x4270f8 ResetEvent
0x4270fc DeleteCriticalSection
0x427100 SetEvent
0x427104 SetThreadPriority
0x427108 InitializeCriticalSection
0x42710c CreateEventW
0x427110 CreateSemaphoreW
0x427114 SystemTimeToFileTime
0x427118 GetSystemTime
0x42711c LocalFileTimeToFileTime
0x427120 WideCharToMultiByte
0x427124 MultiByteToWideChar
0x427128 CompareStringW
0x42712c IsDBCSLeadByte
0x427130 FindFirstFileW
0x427134 GetFileType
0x427138 SetCurrentDirectoryW
0x42713c WriteConsoleW
0x427140 GetConsoleOutputCP
0x427144 WriteConsoleA
0x427148 SetStdHandle
0x42714c GetLocaleInfoA
0x427150 GetStringTypeW
0x427154 GetStringTypeA
0x427158 LoadLibraryA
0x42715c GetConsoleMode
0x427160 GetConsoleCP
0x427164 InitializeCriticalSectionAndSpinCount
0x427168 QueryPerformanceCounter
0x42716c SetHandleCount
0x427170 GetEnvironmentStringsW
0x427174 FreeEnvironmentStringsW
0x427178 GetEnvironmentStrings
0x42717c FreeEnvironmentStringsA
0x427180 LCMapStringW
0x427184 LCMapStringA
0x427188 IsValidCodePage
0x42718c GetOEMCP
0x427190 GetACP
0x427194 GetModuleFileNameA
0x427198 ExitProcess
0x42719c HeapSize
0x4271a0 IsDebuggerPresent
0x4271a4 SetUnhandledExceptionFilter
0x4271a8 UnhandledExceptionFilter
0x4271ac TerminateProcess
0x4271b0 VirtualAlloc
0x4271b4 VirtualFree
0x4271b8 HeapCreate
0x4271bc InterlockedDecrement
0x4271c0 GetCurrentThreadId
0x4271c4 InterlockedIncrement
0x4271c8 TlsFree
0x4271cc TlsSetValue
0x4271d0 TlsAlloc
0x4271d4 TlsGetValue
0x4271d8 GetStartupInfoA
0x4271dc GetCommandLineA
0x4271e0 RaiseException
0x4271e4 GetSystemTimeAsFileTime
0x4271e8 SetEndOfFile
0x4271ec SetFilePointer
0x4271f0 GetStdHandle
0x4271f4 WriteFile
0x4271f8 FlushFileBuffers
0x4271fc GetLongPathNameW
0x427200 MoveFileW
0x427204 GetShortPathNameW
0x427208 CreateDirectoryW
0x42720c RemoveDirectoryW
0x427210 GlobalAlloc
0x427214 DeleteFileW
0x427218 FindClose
0x42721c CreateFileW
0x427220 DeviceIoControl
0x427224 SetFileTime
0x427228 GetCurrentProcess
0x42722c CloseHandle
0x427230 CreateHardLinkW
0x427234 SetLastError
0x427238 GetLastError
0x42723c GetCurrentDirectoryW
0x427240 CreateFileA
0x427244 GetCPInfo
0x427248 HeapAlloc
0x42724c HeapReAlloc
0x427250 HeapFree
0x427254 RtlUnwind
USER32.dll
0x427290 EnableWindow
0x427294 ShowWindow
0x427298 GetDlgItem
0x42729c MessageBoxW
0x4272a0 FindWindowExW
0x4272a4 GetParent
0x4272a8 MapWindowPoints
0x4272ac CreateWindowExW
0x4272b0 UpdateWindow
0x4272b4 LoadCursorW
0x4272b8 RegisterClassExW
0x4272bc DefWindowProcW
0x4272c0 DestroyWindow
0x4272c4 CopyRect
0x4272c8 IsWindow
0x4272cc CharUpperW
0x4272d0 OemToCharBuffA
0x4272d4 LoadIconW
0x4272d8 PostMessageW
0x4272dc GetSysColor
0x4272e0 SetForegroundWindow
0x4272e4 WaitForInputIdle
0x4272e8 IsWindowVisible
0x4272ec DialogBoxParamW
0x4272f0 DestroyIcon
0x4272f4 SetFocus
0x4272f8 GetClassNameW
0x4272fc SendDlgItemMessageW
0x427300 EndDialog
0x427304 GetDlgItemTextW
0x427308 SetDlgItemTextW
0x42730c wvsprintfW
0x427310 SendMessageW
0x427314 GetDC
0x427318 ReleaseDC
0x42731c PeekMessageW
0x427320 GetMessageW
0x427324 TranslateMessage
0x427328 DispatchMessageW
0x42732c LoadStringW
0x427330 GetWindowRect
0x427334 GetClientRect
0x427338 SetWindowPos
0x42733c GetWindowTextW
0x427340 SetWindowTextW
0x427344 GetSystemMetrics
0x427348 GetWindow
0x42734c GetWindowLongW
0x427350 SetWindowLongW
0x427354 LoadBitmapW
GDI32.dll
0x427040 GetDeviceCaps
0x427044 CreateCompatibleDC
0x427048 GetObjectW
0x42704c CreateCompatibleBitmap
0x427050 SelectObject
0x427054 StretchBlt
0x427058 DeleteDC
0x42705c DeleteObject
COMDLG32.dll
0x427030 GetSaveFileNameW
0x427034 CommDlgExtendedError
0x427038 GetOpenFileNameW
ADVAPI32.dll
0x427000 RegOpenKeyExW
0x427004 RegQueryValueExW
0x427008 RegCreateKeyExW
0x42700c RegSetValueExW
0x427010 RegCloseKey
0x427014 SetFileSecurityW
0x427018 OpenProcessToken
0x42701c LookupPrivilegeValueW
0x427020 AdjustTokenPrivileges
SHELL32.dll
0x427264 SHChangeNotify
0x427268 SHGetFileInfoW
0x42726c SHGetMalloc
0x427270 SHGetSpecialFolderLocation
0x427274 SHGetPathFromIDListW
0x427278 SHBrowseForFolderW
0x42727c ShellExecuteExW
0x427280 SHFileOperationW
ole32.dll
0x42735c CLSIDFromString
0x427360 CoCreateInstance
0x427364 OleInitialize
0x427368 OleUninitialize
0x42736c CreateStreamOnHGlobal
OLEAUT32.dll
0x42725c VariantInit
EAT(Export Address Table) Library
COMCTL32.dll
0x427028 InitCommonControlsEx
SHLWAPI.dll
0x427288 SHAutoComplete
KERNEL32.dll
0x427064 ReadFile
0x427068 GetFileAttributesW
0x42706c SetFileAttributesW
0x427070 FindNextFileW
0x427074 GetFullPathNameW
0x427078 GetModuleFileNameW
0x42707c FindResourceW
0x427080 GetModuleHandleW
0x427084 FreeLibrary
0x427088 GetProcAddress
0x42708c LoadLibraryW
0x427090 GetCurrentProcessId
0x427094 GetLocaleInfoW
0x427098 GetNumberFormatW
0x42709c ExpandEnvironmentStringsW
0x4270a0 WaitForSingleObject
0x4270a4 DosDateTimeToFileTime
0x4270a8 GetDateFormatW
0x4270ac GetTimeFormatW
0x4270b0 FileTimeToSystemTime
0x4270b4 FileTimeToLocalFileTime
0x4270b8 GetExitCodeProcess
0x4270bc GetTempPathW
0x4270c0 MoveFileExW
0x4270c4 Sleep
0x4270c8 UnmapViewOfFile
0x4270cc MapViewOfFile
0x4270d0 GetCommandLineW
0x4270d4 CreateFileMappingW
0x4270d8 GetTickCount
0x4270dc SetEnvironmentVariableW
0x4270e0 OpenFileMappingW
0x4270e4 CreateThread
0x4270e8 EnterCriticalSection
0x4270ec LeaveCriticalSection
0x4270f0 GetProcessAffinityMask
0x4270f4 ReleaseSemaphore
0x4270f8 ResetEvent
0x4270fc DeleteCriticalSection
0x427100 SetEvent
0x427104 SetThreadPriority
0x427108 InitializeCriticalSection
0x42710c CreateEventW
0x427110 CreateSemaphoreW
0x427114 SystemTimeToFileTime
0x427118 GetSystemTime
0x42711c LocalFileTimeToFileTime
0x427120 WideCharToMultiByte
0x427124 MultiByteToWideChar
0x427128 CompareStringW
0x42712c IsDBCSLeadByte
0x427130 FindFirstFileW
0x427134 GetFileType
0x427138 SetCurrentDirectoryW
0x42713c WriteConsoleW
0x427140 GetConsoleOutputCP
0x427144 WriteConsoleA
0x427148 SetStdHandle
0x42714c GetLocaleInfoA
0x427150 GetStringTypeW
0x427154 GetStringTypeA
0x427158 LoadLibraryA
0x42715c GetConsoleMode
0x427160 GetConsoleCP
0x427164 InitializeCriticalSectionAndSpinCount
0x427168 QueryPerformanceCounter
0x42716c SetHandleCount
0x427170 GetEnvironmentStringsW
0x427174 FreeEnvironmentStringsW
0x427178 GetEnvironmentStrings
0x42717c FreeEnvironmentStringsA
0x427180 LCMapStringW
0x427184 LCMapStringA
0x427188 IsValidCodePage
0x42718c GetOEMCP
0x427190 GetACP
0x427194 GetModuleFileNameA
0x427198 ExitProcess
0x42719c HeapSize
0x4271a0 IsDebuggerPresent
0x4271a4 SetUnhandledExceptionFilter
0x4271a8 UnhandledExceptionFilter
0x4271ac TerminateProcess
0x4271b0 VirtualAlloc
0x4271b4 VirtualFree
0x4271b8 HeapCreate
0x4271bc InterlockedDecrement
0x4271c0 GetCurrentThreadId
0x4271c4 InterlockedIncrement
0x4271c8 TlsFree
0x4271cc TlsSetValue
0x4271d0 TlsAlloc
0x4271d4 TlsGetValue
0x4271d8 GetStartupInfoA
0x4271dc GetCommandLineA
0x4271e0 RaiseException
0x4271e4 GetSystemTimeAsFileTime
0x4271e8 SetEndOfFile
0x4271ec SetFilePointer
0x4271f0 GetStdHandle
0x4271f4 WriteFile
0x4271f8 FlushFileBuffers
0x4271fc GetLongPathNameW
0x427200 MoveFileW
0x427204 GetShortPathNameW
0x427208 CreateDirectoryW
0x42720c RemoveDirectoryW
0x427210 GlobalAlloc
0x427214 DeleteFileW
0x427218 FindClose
0x42721c CreateFileW
0x427220 DeviceIoControl
0x427224 SetFileTime
0x427228 GetCurrentProcess
0x42722c CloseHandle
0x427230 CreateHardLinkW
0x427234 SetLastError
0x427238 GetLastError
0x42723c GetCurrentDirectoryW
0x427240 CreateFileA
0x427244 GetCPInfo
0x427248 HeapAlloc
0x42724c HeapReAlloc
0x427250 HeapFree
0x427254 RtlUnwind
USER32.dll
0x427290 EnableWindow
0x427294 ShowWindow
0x427298 GetDlgItem
0x42729c MessageBoxW
0x4272a0 FindWindowExW
0x4272a4 GetParent
0x4272a8 MapWindowPoints
0x4272ac CreateWindowExW
0x4272b0 UpdateWindow
0x4272b4 LoadCursorW
0x4272b8 RegisterClassExW
0x4272bc DefWindowProcW
0x4272c0 DestroyWindow
0x4272c4 CopyRect
0x4272c8 IsWindow
0x4272cc CharUpperW
0x4272d0 OemToCharBuffA
0x4272d4 LoadIconW
0x4272d8 PostMessageW
0x4272dc GetSysColor
0x4272e0 SetForegroundWindow
0x4272e4 WaitForInputIdle
0x4272e8 IsWindowVisible
0x4272ec DialogBoxParamW
0x4272f0 DestroyIcon
0x4272f4 SetFocus
0x4272f8 GetClassNameW
0x4272fc SendDlgItemMessageW
0x427300 EndDialog
0x427304 GetDlgItemTextW
0x427308 SetDlgItemTextW
0x42730c wvsprintfW
0x427310 SendMessageW
0x427314 GetDC
0x427318 ReleaseDC
0x42731c PeekMessageW
0x427320 GetMessageW
0x427324 TranslateMessage
0x427328 DispatchMessageW
0x42732c LoadStringW
0x427330 GetWindowRect
0x427334 GetClientRect
0x427338 SetWindowPos
0x42733c GetWindowTextW
0x427340 SetWindowTextW
0x427344 GetSystemMetrics
0x427348 GetWindow
0x42734c GetWindowLongW
0x427350 SetWindowLongW
0x427354 LoadBitmapW
GDI32.dll
0x427040 GetDeviceCaps
0x427044 CreateCompatibleDC
0x427048 GetObjectW
0x42704c CreateCompatibleBitmap
0x427050 SelectObject
0x427054 StretchBlt
0x427058 DeleteDC
0x42705c DeleteObject
COMDLG32.dll
0x427030 GetSaveFileNameW
0x427034 CommDlgExtendedError
0x427038 GetOpenFileNameW
ADVAPI32.dll
0x427000 RegOpenKeyExW
0x427004 RegQueryValueExW
0x427008 RegCreateKeyExW
0x42700c RegSetValueExW
0x427010 RegCloseKey
0x427014 SetFileSecurityW
0x427018 OpenProcessToken
0x42701c LookupPrivilegeValueW
0x427020 AdjustTokenPrivileges
SHELL32.dll
0x427264 SHChangeNotify
0x427268 SHGetFileInfoW
0x42726c SHGetMalloc
0x427270 SHGetSpecialFolderLocation
0x427274 SHGetPathFromIDListW
0x427278 SHBrowseForFolderW
0x42727c ShellExecuteExW
0x427280 SHFileOperationW
ole32.dll
0x42735c CLSIDFromString
0x427360 CoCreateInstance
0x427364 OleInitialize
0x427368 OleUninitialize
0x42736c CreateStreamOnHGlobal
OLEAUT32.dll
0x42725c VariantInit
EAT(Export Address Table) Library