ScreenShot
| Created | 2022.12.08 10:49 | Machine | s1_win7_x6403 |
| Filename | 1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 31 detected (AIDetect, malware2, Fragtor, Unsafe, Save, Strab, Attribute, HighConfidence, malicious, high confidence, GenCBL, score, TrojanX, FalseSign, Oqil, Artemis, ai score=82, kcloud, Woreflint, BScope, Zlob, PasswordStealer, CLOUD, ZexaF, yvX@aalQcffO, confidence) | ||
| md5 | ff8b52645b3eb0b891935435db2621a2 | ||
| sha256 | 4fcbc17fc12ecf413b664e52177e48ea66e0e25581f144b4d1c4cac51c8346cf | ||
| ssdeep | 24576:cx0M2zdGz97lh4eb1DXNJ4X6Pi3hlIT6mN1+vjCFHnbfG:cZ1pDXzi3h66mN1+rSbf | ||
| imphash | ea99070f73acd93ad4801f9c4cb273d7 | ||
| impfuzzy | 24:jOk2whPk9VXlzkJcDiDHrdt2HRnlyv9WwIjT4RfdR9L0hizHwWE:C8SJkHrdtOK9zMcRfL9L0h0H+ | ||
Network IP location
Signature (13cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 31 AntiVirus engines on VirusTotal as malicious |
| watch | One or more of the buffers contains an embedded PE file |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Drops an executable to the user AppData folder |
| notice | One or more potentially interesting buffers were extracted |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (10cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x537008 GetCommandLineW
0x53700c lstrcmpA
0x537010 TlsGetValue
0x537014 HeapAlloc
0x537018 ClearCommError
0x53701c InterlockedIncrement
0x537020 GetCurrentProcess
0x537024 OutputDebugStringW
0x537028 IsBadReadPtr
0x53702c GetConsoleAliasExesW
0x537030 GetConsoleCP
0x537034 LoadLibraryW
0x537038 Sleep
0x53703c HeapCreate
0x537040 ExitProcess
0x537044 GetLastError
0x537048 GetCurrentDirectoryW
0x53704c SetLastError
0x537050 GetProcAddress
0x537054 IsValidCodePage
0x537058 FoldStringW
0x53705c RaiseException
0x537060 GetStringTypeW
0x537064 MultiByteToWideChar
0x537068 LCMapStringW
0x53706c IsProcessorFeaturePresent
0x537070 GetACP
0x537074 GetSystemDefaultLangID
0x537078 HeapReAlloc
0x53707c HeapSize
0x537080 WideCharToMultiByte
0x537084 HeapSetInformation
0x537088 GetStartupInfoW
0x53708c TerminateProcess
0x537090 UnhandledExceptionFilter
0x537094 SetUnhandledExceptionFilter
0x537098 IsDebuggerPresent
0x53709c GetModuleHandleW
0x5370a0 DecodePointer
0x5370a4 WriteFile
0x5370a8 GetStdHandle
0x5370ac GetModuleFileNameW
0x5370b0 FreeEnvironmentStringsW
0x5370b4 GetEnvironmentStringsW
0x5370b8 SetHandleCount
0x5370bc InitializeCriticalSectionAndSpinCount
0x5370c0 GetFileType
0x5370c4 DeleteCriticalSection
0x5370c8 EncodePointer
0x5370cc TlsAlloc
0x5370d0 TlsSetValue
0x5370d4 TlsFree
0x5370d8 GetCurrentThreadId
0x5370dc InterlockedDecrement
0x5370e0 QueryPerformanceCounter
0x5370e4 GetTickCount
0x5370e8 GetCurrentProcessId
0x5370ec GetSystemTimeAsFileTime
0x5370f0 LeaveCriticalSection
0x5370f4 EnterCriticalSection
0x5370f8 HeapFree
0x5370fc GetCPInfo
0x537100 GetOEMCP
0x537104 RtlUnwind
USER32.dll
0x53710c IsWindowVisible
0x537110 EnumDisplayDevicesW
0x537114 GetParent
0x537118 GetForegroundWindow
0x53711c IsWindow
0x537120 MessageBoxW
GDI32.dll
0x537000 GetEnhMetaFileBits
ole32.dll
0x537128 CoInitialize
0x53712c CoUninitialize
EAT(Export Address Table) is none
KERNEL32.dll
0x537008 GetCommandLineW
0x53700c lstrcmpA
0x537010 TlsGetValue
0x537014 HeapAlloc
0x537018 ClearCommError
0x53701c InterlockedIncrement
0x537020 GetCurrentProcess
0x537024 OutputDebugStringW
0x537028 IsBadReadPtr
0x53702c GetConsoleAliasExesW
0x537030 GetConsoleCP
0x537034 LoadLibraryW
0x537038 Sleep
0x53703c HeapCreate
0x537040 ExitProcess
0x537044 GetLastError
0x537048 GetCurrentDirectoryW
0x53704c SetLastError
0x537050 GetProcAddress
0x537054 IsValidCodePage
0x537058 FoldStringW
0x53705c RaiseException
0x537060 GetStringTypeW
0x537064 MultiByteToWideChar
0x537068 LCMapStringW
0x53706c IsProcessorFeaturePresent
0x537070 GetACP
0x537074 GetSystemDefaultLangID
0x537078 HeapReAlloc
0x53707c HeapSize
0x537080 WideCharToMultiByte
0x537084 HeapSetInformation
0x537088 GetStartupInfoW
0x53708c TerminateProcess
0x537090 UnhandledExceptionFilter
0x537094 SetUnhandledExceptionFilter
0x537098 IsDebuggerPresent
0x53709c GetModuleHandleW
0x5370a0 DecodePointer
0x5370a4 WriteFile
0x5370a8 GetStdHandle
0x5370ac GetModuleFileNameW
0x5370b0 FreeEnvironmentStringsW
0x5370b4 GetEnvironmentStringsW
0x5370b8 SetHandleCount
0x5370bc InitializeCriticalSectionAndSpinCount
0x5370c0 GetFileType
0x5370c4 DeleteCriticalSection
0x5370c8 EncodePointer
0x5370cc TlsAlloc
0x5370d0 TlsSetValue
0x5370d4 TlsFree
0x5370d8 GetCurrentThreadId
0x5370dc InterlockedDecrement
0x5370e0 QueryPerformanceCounter
0x5370e4 GetTickCount
0x5370e8 GetCurrentProcessId
0x5370ec GetSystemTimeAsFileTime
0x5370f0 LeaveCriticalSection
0x5370f4 EnterCriticalSection
0x5370f8 HeapFree
0x5370fc GetCPInfo
0x537100 GetOEMCP
0x537104 RtlUnwind
USER32.dll
0x53710c IsWindowVisible
0x537110 EnumDisplayDevicesW
0x537114 GetParent
0x537118 GetForegroundWindow
0x53711c IsWindow
0x537120 MessageBoxW
GDI32.dll
0x537000 GetEnhMetaFileBits
ole32.dll
0x537128 CoInitialize
0x53712c CoUninitialize
EAT(Export Address Table) is none