ScreenShot
| Created | 2022.12.08 10:46 | Machine | s1_win7_x6403 |
| Filename | .win32.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 44 detected (AIDetect, malware1, Androm, GenericKD, Unsafe, Jaik, Save, Lockbit, Eldorado, Attribute, HighConfidence, malicious, high confidence, Kryptik, HRWD, score, Majl, S + Troj, Krypt, kcloud, AzorUlt, SmokeLoader, Detected, R538656, Generic PWS, ai score=89, Delphi, R002H07L722, Generic@AI, RDML, Je5X, zM17zOZ6dCgJjtm7A, susgen, PossibleThreat) | ||
| md5 | 4be31e244804fd6d2e0a8ba49447352a | ||
| sha256 | 889744bd9c2ef0b7099a43912e3159dc0071d04e903039c768953b11b48bf6bc | ||
| ssdeep | 6144:G3CMLVAC4K/Mn0gVpjEEQoef9WcoBlC/1aVe:GDhAC4KknxzDcWC/13 | ||
| imphash | a56934040bb7998eb09f75c554f918ec | ||
| impfuzzy | 24:lv9ZK2/2S9hf3X1waKcDMGCCIBkr4YQ2cf6jMDtqiyvr/J3IXluHuO2Snjxs1S:PZdOSTf3X1FIe9Fcf9tqblm02SndP | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 44 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x401008 GetCPInfo
0x40100c GetProfileIntW
0x401010 GetSystemDefaultLCID
0x401014 GetModuleHandleW
0x401018 GetTickCount
0x40101c WaitNamedPipeW
0x401020 TlsSetValue
0x401024 GetVolumePathNameW
0x401028 GetVolumeInformationA
0x40102c LoadLibraryW
0x401030 IsProcessInJob
0x401034 AssignProcessToJobObject
0x401038 GetCalendarInfoA
0x40103c GetFileAttributesA
0x401040 WriteConsoleW
0x401044 SetThreadPriority
0x401048 DisconnectNamedPipe
0x40104c CreateJobObjectA
0x401050 GetVolumeNameForVolumeMountPointA
0x401054 FillConsoleOutputCharacterW
0x401058 GetLastError
0x40105c GetProcAddress
0x401060 VirtualAlloc
0x401064 EnumSystemCodePagesW
0x401068 SetFileAttributesA
0x40106c LoadLibraryA
0x401070 WriteConsoleA
0x401074 GetProcessWorkingSetSize
0x401078 LocalAlloc
0x40107c OpenJobObjectW
0x401080 FoldStringW
0x401084 FoldStringA
0x401088 FindFirstChangeNotificationA
0x40108c GetFileInformationByHandle
0x401090 LCMapStringW
0x401094 GetConsoleAliasesW
0x401098 GetFullPathNameW
0x40109c HeapFree
0x4010a0 HeapAlloc
0x4010a4 Sleep
0x4010a8 ExitProcess
0x4010ac GetStartupInfoW
0x4010b0 HeapCreate
0x4010b4 VirtualFree
0x4010b8 DeleteCriticalSection
0x4010bc LeaveCriticalSection
0x4010c0 EnterCriticalSection
0x4010c4 HeapReAlloc
0x4010c8 WriteFile
0x4010cc GetStdHandle
0x4010d0 GetModuleFileNameA
0x4010d4 WideCharToMultiByte
0x4010d8 GetConsoleCP
0x4010dc GetConsoleMode
0x4010e0 FlushFileBuffers
0x4010e4 TerminateProcess
0x4010e8 GetCurrentProcess
0x4010ec UnhandledExceptionFilter
0x4010f0 SetUnhandledExceptionFilter
0x4010f4 IsDebuggerPresent
0x4010f8 RtlUnwind
0x4010fc SetHandleCount
0x401100 GetFileType
0x401104 GetStartupInfoA
0x401108 SetFilePointer
0x40110c TlsGetValue
0x401110 TlsAlloc
0x401114 TlsFree
0x401118 InterlockedIncrement
0x40111c SetLastError
0x401120 GetCurrentThreadId
0x401124 InterlockedDecrement
0x401128 InitializeCriticalSectionAndSpinCount
0x40112c GetModuleFileNameW
0x401130 FreeEnvironmentStringsW
0x401134 GetEnvironmentStringsW
0x401138 GetCommandLineW
0x40113c QueryPerformanceCounter
0x401140 GetCurrentProcessId
0x401144 GetSystemTimeAsFileTime
0x401148 RaiseException
0x40114c GetConsoleOutputCP
0x401150 MultiByteToWideChar
0x401154 SetStdHandle
0x401158 GetACP
0x40115c GetOEMCP
0x401160 IsValidCodePage
0x401164 CloseHandle
0x401168 CreateFileA
0x40116c GetModuleHandleA
0x401170 HeapSize
0x401174 GetLocaleInfoA
0x401178 LCMapStringA
0x40117c GetStringTypeA
0x401180 GetStringTypeW
0x401184 SetEndOfFile
0x401188 GetProcessHeap
0x40118c ReadFile
ADVAPI32.dll
0x401000 BackupEventLogW
EAT(Export Address Table) is none
KERNEL32.dll
0x401008 GetCPInfo
0x40100c GetProfileIntW
0x401010 GetSystemDefaultLCID
0x401014 GetModuleHandleW
0x401018 GetTickCount
0x40101c WaitNamedPipeW
0x401020 TlsSetValue
0x401024 GetVolumePathNameW
0x401028 GetVolumeInformationA
0x40102c LoadLibraryW
0x401030 IsProcessInJob
0x401034 AssignProcessToJobObject
0x401038 GetCalendarInfoA
0x40103c GetFileAttributesA
0x401040 WriteConsoleW
0x401044 SetThreadPriority
0x401048 DisconnectNamedPipe
0x40104c CreateJobObjectA
0x401050 GetVolumeNameForVolumeMountPointA
0x401054 FillConsoleOutputCharacterW
0x401058 GetLastError
0x40105c GetProcAddress
0x401060 VirtualAlloc
0x401064 EnumSystemCodePagesW
0x401068 SetFileAttributesA
0x40106c LoadLibraryA
0x401070 WriteConsoleA
0x401074 GetProcessWorkingSetSize
0x401078 LocalAlloc
0x40107c OpenJobObjectW
0x401080 FoldStringW
0x401084 FoldStringA
0x401088 FindFirstChangeNotificationA
0x40108c GetFileInformationByHandle
0x401090 LCMapStringW
0x401094 GetConsoleAliasesW
0x401098 GetFullPathNameW
0x40109c HeapFree
0x4010a0 HeapAlloc
0x4010a4 Sleep
0x4010a8 ExitProcess
0x4010ac GetStartupInfoW
0x4010b0 HeapCreate
0x4010b4 VirtualFree
0x4010b8 DeleteCriticalSection
0x4010bc LeaveCriticalSection
0x4010c0 EnterCriticalSection
0x4010c4 HeapReAlloc
0x4010c8 WriteFile
0x4010cc GetStdHandle
0x4010d0 GetModuleFileNameA
0x4010d4 WideCharToMultiByte
0x4010d8 GetConsoleCP
0x4010dc GetConsoleMode
0x4010e0 FlushFileBuffers
0x4010e4 TerminateProcess
0x4010e8 GetCurrentProcess
0x4010ec UnhandledExceptionFilter
0x4010f0 SetUnhandledExceptionFilter
0x4010f4 IsDebuggerPresent
0x4010f8 RtlUnwind
0x4010fc SetHandleCount
0x401100 GetFileType
0x401104 GetStartupInfoA
0x401108 SetFilePointer
0x40110c TlsGetValue
0x401110 TlsAlloc
0x401114 TlsFree
0x401118 InterlockedIncrement
0x40111c SetLastError
0x401120 GetCurrentThreadId
0x401124 InterlockedDecrement
0x401128 InitializeCriticalSectionAndSpinCount
0x40112c GetModuleFileNameW
0x401130 FreeEnvironmentStringsW
0x401134 GetEnvironmentStringsW
0x401138 GetCommandLineW
0x40113c QueryPerformanceCounter
0x401140 GetCurrentProcessId
0x401144 GetSystemTimeAsFileTime
0x401148 RaiseException
0x40114c GetConsoleOutputCP
0x401150 MultiByteToWideChar
0x401154 SetStdHandle
0x401158 GetACP
0x40115c GetOEMCP
0x401160 IsValidCodePage
0x401164 CloseHandle
0x401168 CreateFileA
0x40116c GetModuleHandleA
0x401170 HeapSize
0x401174 GetLocaleInfoA
0x401178 LCMapStringA
0x40117c GetStringTypeA
0x401180 GetStringTypeW
0x401184 SetEndOfFile
0x401188 GetProcessHeap
0x40118c ReadFile
ADVAPI32.dll
0x401000 BackupEventLogW
EAT(Export Address Table) is none