ScreenShot
| Created | 2022.12.08 16:27 | Machine | s1_win7_x6401 |
| Filename | 2.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 20 detected (AIDetect, malware2, malicious, high confidence, Unsafe, confidence, Attribute, HighConfidence, GenKryptik, GDHX, Convagent, moderate, score, Sabsik, Detected, Generic@AI, RDML, HKF7F4Jwlm2gDGMH, VXOlg, Kryptik, HRQA, ZexaE, qu0@aKpT) | ||
| md5 | 8f5b26c2678fb0f0e3f0e1775e231c57 | ||
| sha256 | af9c78860452c715f59b6eaaf76f79b7dc7413317fa4427114c52c58ed0c467b | ||
| ssdeep | 3072:UQXhD+mVVfVokZ1yUzlCtsBV+GZNH10HlpDmrYVhjNyB2dVL:Uihpjto4pb+GZNVaD22h | ||
| imphash | 08701f94fa31ac596c23d4d2c8811b2d | ||
| impfuzzy | 48:Te+sCYjfiAAEOLDjhc7mLpNR8tEQlvAECEFHhO1QzGAEacI08HhZJ3S:Te+sBLiAfOfjhc7mHg2UfC | ||
Network IP location
Signature (22cnts)
| Level | Description |
|---|---|
| danger | Executed a process and injected code into it |
| warning | File has been identified by 20 AntiVirus engines on VirusTotal as malicious |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Collects information about installed applications |
| watch | Communicates with host for which no DNS query was performed |
| watch | Harvests credentials from local FTP client softwares |
| watch | One or more of the buffers contains an embedded PE file |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | Used NtSetContextThread to modify a thread in a remote process indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | One or more potentially interesting buffers were extracted |
| notice | Queries for potentially installed applications |
| notice | Steals private information from local Internet browsers |
| notice | Yara rule detected in process memory |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | Tries to locate where the browsers are installed |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (15cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | RedLine_Stealer_m_Zero | RedLine stealer | memory |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | anti_dbg | Checks if being debugged | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x413048 HeapSize
0x41304c GetLocaleInfoA
0x413050 EnterCriticalSection
0x413054 GetStringTypeW
0x413058 GetStringTypeA
0x41305c LCMapStringW
0x413060 MultiByteToWideChar
0x413064 LCMapStringA
0x413068 RtlUnwind
0x41306c HeapReAlloc
0x413070 AddAtomW
0x413074 DeleteAtom
0x413078 InitializeCriticalSection
0x41307c GetProcessHeap
0x413080 CreateFileW
0x413084 AreFileApisANSI
0x413088 SetFileValidData
0x41308c VirtualAlloc
0x413090 HeapAlloc
0x413094 AssignProcessToJobObject
0x413098 SetMailslotInfo
0x41309c SetMessageWaitingIndicator
0x4130a0 FreeConsole
0x4130a4 OutputDebugStringA
0x4130a8 GetModuleHandleA
0x4130ac GetProcAddress
0x4130b0 InitializeCriticalSectionAndSpinCount
0x4130b4 LoadLibraryA
0x4130b8 GetCommandLineA
0x4130bc SetUnhandledExceptionFilter
0x4130c0 GetModuleHandleW
0x4130c4 Sleep
0x4130c8 ExitProcess
0x4130cc WriteFile
0x4130d0 GetStdHandle
0x4130d4 GetModuleFileNameA
0x4130d8 FreeEnvironmentStringsA
0x4130dc GetEnvironmentStrings
0x4130e0 FreeEnvironmentStringsW
0x4130e4 WideCharToMultiByte
0x4130e8 GetLastError
0x4130ec GetEnvironmentStringsW
0x4130f0 SetHandleCount
0x4130f4 GetFileType
0x4130f8 GetStartupInfoA
0x4130fc DeleteCriticalSection
0x413100 TlsGetValue
0x413104 TlsAlloc
0x413108 TlsSetValue
0x41310c TlsFree
0x413110 InterlockedIncrement
0x413114 SetLastError
0x413118 GetCurrentThreadId
0x41311c InterlockedDecrement
0x413120 HeapCreate
0x413124 VirtualFree
0x413128 HeapFree
0x41312c QueryPerformanceCounter
0x413130 GetTickCount
0x413134 GetCurrentProcessId
0x413138 GetSystemTimeAsFileTime
0x41313c GetCPInfo
0x413140 GetACP
0x413144 GetOEMCP
0x413148 IsValidCodePage
0x41314c TerminateProcess
0x413150 GetCurrentProcess
0x413154 UnhandledExceptionFilter
0x413158 IsDebuggerPresent
0x41315c LeaveCriticalSection
USER32.dll
0x41316c SendDlgItemMessageA
0x413170 GetDlgItem
0x413174 GetWindowLongA
0x413178 wvsprintfA
0x41317c SetWindowPos
0x413180 FindWindowA
0x413184 RedrawWindow
0x413188 GetWindowTextA
0x41318c EnableWindow
0x413190 GetSystemMetrics
0x413194 IsWindow
0x413198 CheckRadioButton
0x41319c UnregisterClassA
0x4131a0 SetCursor
0x4131a4 GetSysColorBrush
0x4131a8 CreatePopupMenu
0x4131ac AppendMenuA
GDI32.dll
0x413028 GetStockObject
0x41302c DeleteObject
0x413030 SetBkMode
0x413034 SetTextColor
0x413038 CreateFontIndirectA
0x41303c SelectObject
0x413040 GetObjectA
COMDLG32.dll
0x413020 GetSaveFileNameA
OLEAUT32.dll
0x413164 OleIconToCursor
COMCTL32.dll
0x413000 ImageList_Remove
0x413004 ImageList_ReplaceIcon
0x413008 InitCommonControlsEx
0x41300c ImageList_Destroy
0x413010 ImageList_Create
0x413014 ImageList_SetBkColor
0x413018 CreateToolbarEx
USERENV.dll
0x4131b4 GetUserProfileDirectoryW
0x4131b8 GetProfilesDirectoryW
EAT(Export Address Table) is none
KERNEL32.dll
0x413048 HeapSize
0x41304c GetLocaleInfoA
0x413050 EnterCriticalSection
0x413054 GetStringTypeW
0x413058 GetStringTypeA
0x41305c LCMapStringW
0x413060 MultiByteToWideChar
0x413064 LCMapStringA
0x413068 RtlUnwind
0x41306c HeapReAlloc
0x413070 AddAtomW
0x413074 DeleteAtom
0x413078 InitializeCriticalSection
0x41307c GetProcessHeap
0x413080 CreateFileW
0x413084 AreFileApisANSI
0x413088 SetFileValidData
0x41308c VirtualAlloc
0x413090 HeapAlloc
0x413094 AssignProcessToJobObject
0x413098 SetMailslotInfo
0x41309c SetMessageWaitingIndicator
0x4130a0 FreeConsole
0x4130a4 OutputDebugStringA
0x4130a8 GetModuleHandleA
0x4130ac GetProcAddress
0x4130b0 InitializeCriticalSectionAndSpinCount
0x4130b4 LoadLibraryA
0x4130b8 GetCommandLineA
0x4130bc SetUnhandledExceptionFilter
0x4130c0 GetModuleHandleW
0x4130c4 Sleep
0x4130c8 ExitProcess
0x4130cc WriteFile
0x4130d0 GetStdHandle
0x4130d4 GetModuleFileNameA
0x4130d8 FreeEnvironmentStringsA
0x4130dc GetEnvironmentStrings
0x4130e0 FreeEnvironmentStringsW
0x4130e4 WideCharToMultiByte
0x4130e8 GetLastError
0x4130ec GetEnvironmentStringsW
0x4130f0 SetHandleCount
0x4130f4 GetFileType
0x4130f8 GetStartupInfoA
0x4130fc DeleteCriticalSection
0x413100 TlsGetValue
0x413104 TlsAlloc
0x413108 TlsSetValue
0x41310c TlsFree
0x413110 InterlockedIncrement
0x413114 SetLastError
0x413118 GetCurrentThreadId
0x41311c InterlockedDecrement
0x413120 HeapCreate
0x413124 VirtualFree
0x413128 HeapFree
0x41312c QueryPerformanceCounter
0x413130 GetTickCount
0x413134 GetCurrentProcessId
0x413138 GetSystemTimeAsFileTime
0x41313c GetCPInfo
0x413140 GetACP
0x413144 GetOEMCP
0x413148 IsValidCodePage
0x41314c TerminateProcess
0x413150 GetCurrentProcess
0x413154 UnhandledExceptionFilter
0x413158 IsDebuggerPresent
0x41315c LeaveCriticalSection
USER32.dll
0x41316c SendDlgItemMessageA
0x413170 GetDlgItem
0x413174 GetWindowLongA
0x413178 wvsprintfA
0x41317c SetWindowPos
0x413180 FindWindowA
0x413184 RedrawWindow
0x413188 GetWindowTextA
0x41318c EnableWindow
0x413190 GetSystemMetrics
0x413194 IsWindow
0x413198 CheckRadioButton
0x41319c UnregisterClassA
0x4131a0 SetCursor
0x4131a4 GetSysColorBrush
0x4131a8 CreatePopupMenu
0x4131ac AppendMenuA
GDI32.dll
0x413028 GetStockObject
0x41302c DeleteObject
0x413030 SetBkMode
0x413034 SetTextColor
0x413038 CreateFontIndirectA
0x41303c SelectObject
0x413040 GetObjectA
COMDLG32.dll
0x413020 GetSaveFileNameA
OLEAUT32.dll
0x413164 OleIconToCursor
COMCTL32.dll
0x413000 ImageList_Remove
0x413004 ImageList_ReplaceIcon
0x413008 InitCommonControlsEx
0x41300c ImageList_Destroy
0x413010 ImageList_Create
0x413014 ImageList_SetBkColor
0x413018 CreateToolbarEx
USERENV.dll
0x4131b4 GetUserProfileDirectoryW
0x4131b8 GetProfilesDirectoryW
EAT(Export Address Table) is none