ScreenShot
| Created | 2022.12.09 10:57 | Machine | s1_win7_x6401 |
| Filename | 1.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 14 detected (Lazy, Malicious, score, TrojanX, Artemis) | ||
| md5 | fa6a302b0750f3eacef9f53dad70e1ac | ||
| sha256 | aca5df1c030674df2a2951643483c0eca05333dcb1392411f978ae625c269a7e | ||
| ssdeep | 24576:D+w4BJ9N1CnDSRZ7acaLaJafaFRQsQvUKgEh3ZOZ7VTVd/fXg0HsiNp+:6w4b9N1CnDST7acaLaJafaFRQsQvUKgs | ||
| imphash | e955f48ef59d3c4d0f818f537ef988b8 | ||
| impfuzzy | 48:Ovl/AQ1QHBRPQf/KAu4nQR4lhxX1Fh79ut57tMlBg2c+ptuFPNmA:OWsr0R4lhxX1Fh7AltMlBg2c+pEJ9 | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 14 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
USER32.dll
0x1400c13b8 RegisterClassExA
0x1400c13c0 CreateWindowExA
0x1400c13c8 DestroyWindow
0x1400c13d0 CharUpperBuffA
0x1400c13d8 UnregisterClassA
0x1400c13e0 DrawIconEx
0x1400c13e8 CharUpperBuffW
0x1400c13f0 GetCursorInfo
0x1400c13f8 GetIconInfo
0x1400c1400 CopyIcon
0x1400c1408 DefWindowProcW
0x1400c1410 MessageBoxA
0x1400c1418 GetDC
0x1400c1420 SetForegroundWindow
KERNEL32.dll
0x1400c1010 HeapReAlloc
0x1400c1018 HeapSize
0x1400c1020 SetFilePointerEx
0x1400c1028 GetFileSizeEx
0x1400c1030 GetConsoleMode
0x1400c1038 GetConsoleOutputCP
0x1400c1040 GetProcessHeap
0x1400c1048 GetStringTypeW
0x1400c1050 SetStdHandle
0x1400c1058 FreeEnvironmentStringsW
0x1400c1060 GetCommandLineW
0x1400c1068 GetCurrentDirectoryW
0x1400c1070 CreateDirectoryA
0x1400c1078 CreateFileA
0x1400c1080 FindFirstFileW
0x1400c1088 FindNextFileW
0x1400c1090 FlushFileBuffers
0x1400c1098 GetDriveTypeW
0x1400c10a0 GetFileAttributesW
0x1400c10a8 SetFileAttributesW
0x1400c10b0 SetFilePointer
0x1400c10b8 WriteFile
0x1400c10c0 OutputDebugStringA
0x1400c10c8 CloseHandle
0x1400c10d0 DuplicateHandle
0x1400c10d8 GetLastError
0x1400c10e0 DisconnectNamedPipe
0x1400c10e8 HeapCreate
0x1400c10f0 HeapAlloc
0x1400c10f8 HeapFree
0x1400c1100 CreateMutexW
0x1400c1108 GetCurrentProcessId
0x1400c1110 GetExitCodeProcess
0x1400c1118 CreateFileW
0x1400c1120 GetCurrentThread
0x1400c1128 GetCurrentThreadId
0x1400c1130 SetThreadPriority
0x1400c1138 GetProcessId
0x1400c1140 GetSystemInfo
0x1400c1148 GetSystemTimeAsFileTime
0x1400c1150 GetLocalTime
0x1400c1158 GetTickCount
0x1400c1160 GetWindowsDirectoryW
0x1400c1168 GetVersionExA
0x1400c1170 VirtualAlloc
0x1400c1178 VirtualProtect
0x1400c1180 FreeLibrary
0x1400c1188 GetModuleFileNameA
0x1400c1190 GetModuleHandleA
0x1400c1198 GetModuleHandleW
0x1400c11a0 GetProcAddress
0x1400c11a8 LoadLibraryA
0x1400c11b0 LoadLibraryW
0x1400c11b8 LocalAlloc
0x1400c11c0 FormatMessageA
0x1400c11c8 lstrcmpA
0x1400c11d0 lstrcmpiA
0x1400c11d8 lstrcmpiW
0x1400c11e0 lstrcpynA
0x1400c11e8 lstrcpynW
0x1400c11f0 lstrcpyW
0x1400c11f8 lstrcatA
0x1400c1200 lstrcatW
0x1400c1208 lstrlenA
0x1400c1210 lstrlenW
0x1400c1218 MoveFileW
0x1400c1220 MultiByteToWideChar
0x1400c1228 WideCharToMultiByte
0x1400c1230 GetOEMCP
0x1400c1238 SwitchToThread
0x1400c1240 GetEnvironmentStringsW
0x1400c1248 GetCommandLineA
0x1400c1250 GetCPInfo
0x1400c1258 GetACP
0x1400c1260 IsValidCodePage
0x1400c1268 FindFirstFileExW
0x1400c1270 FindClose
0x1400c1278 LCMapStringW
0x1400c1280 RtlCaptureContext
0x1400c1288 RtlLookupFunctionEntry
0x1400c1290 RtlVirtualUnwind
0x1400c1298 UnhandledExceptionFilter
0x1400c12a0 SetUnhandledExceptionFilter
0x1400c12a8 GetCurrentProcess
0x1400c12b0 TerminateProcess
0x1400c12b8 IsProcessorFeaturePresent
0x1400c12c0 QueryPerformanceCounter
0x1400c12c8 InitializeSListHead
0x1400c12d0 IsDebuggerPresent
0x1400c12d8 GetStartupInfoW
0x1400c12e0 RtlUnwindEx
0x1400c12e8 RtlPcToFileHeader
0x1400c12f0 RaiseException
0x1400c12f8 SetLastError
0x1400c1300 EncodePointer
0x1400c1308 EnterCriticalSection
0x1400c1310 LeaveCriticalSection
0x1400c1318 DeleteCriticalSection
0x1400c1320 InitializeCriticalSectionAndSpinCount
0x1400c1328 TlsAlloc
0x1400c1330 TlsGetValue
0x1400c1338 TlsSetValue
0x1400c1340 TlsFree
0x1400c1348 LoadLibraryExW
0x1400c1350 GetStdHandle
0x1400c1358 GetFileType
0x1400c1360 GetModuleFileNameW
0x1400c1368 GetModuleHandleExW
0x1400c1370 WriteConsoleW
0x1400c1378 ExitProcess
0x1400c1380 OutputDebugStringW
ADVAPI32.dll
0x1400c1000 CloseEventLog
SHELL32.dll
0x1400c13a0 CommandLineToArgvW
0x1400c13a8 SHCreateProcessAsUserW
ole32.dll
0x1400c1430 CoInitializeEx
0x1400c1438 CoInitializeSecurity
0x1400c1440 CoSetProxyBlanket
0x1400c1448 CoCreateInstance
0x1400c1450 HWND_UserMarshal
OLEAUT32.dll
0x1400c1390 BSTR_UserFree
EAT(Export Address Table) Library
USER32.dll
0x1400c13b8 RegisterClassExA
0x1400c13c0 CreateWindowExA
0x1400c13c8 DestroyWindow
0x1400c13d0 CharUpperBuffA
0x1400c13d8 UnregisterClassA
0x1400c13e0 DrawIconEx
0x1400c13e8 CharUpperBuffW
0x1400c13f0 GetCursorInfo
0x1400c13f8 GetIconInfo
0x1400c1400 CopyIcon
0x1400c1408 DefWindowProcW
0x1400c1410 MessageBoxA
0x1400c1418 GetDC
0x1400c1420 SetForegroundWindow
KERNEL32.dll
0x1400c1010 HeapReAlloc
0x1400c1018 HeapSize
0x1400c1020 SetFilePointerEx
0x1400c1028 GetFileSizeEx
0x1400c1030 GetConsoleMode
0x1400c1038 GetConsoleOutputCP
0x1400c1040 GetProcessHeap
0x1400c1048 GetStringTypeW
0x1400c1050 SetStdHandle
0x1400c1058 FreeEnvironmentStringsW
0x1400c1060 GetCommandLineW
0x1400c1068 GetCurrentDirectoryW
0x1400c1070 CreateDirectoryA
0x1400c1078 CreateFileA
0x1400c1080 FindFirstFileW
0x1400c1088 FindNextFileW
0x1400c1090 FlushFileBuffers
0x1400c1098 GetDriveTypeW
0x1400c10a0 GetFileAttributesW
0x1400c10a8 SetFileAttributesW
0x1400c10b0 SetFilePointer
0x1400c10b8 WriteFile
0x1400c10c0 OutputDebugStringA
0x1400c10c8 CloseHandle
0x1400c10d0 DuplicateHandle
0x1400c10d8 GetLastError
0x1400c10e0 DisconnectNamedPipe
0x1400c10e8 HeapCreate
0x1400c10f0 HeapAlloc
0x1400c10f8 HeapFree
0x1400c1100 CreateMutexW
0x1400c1108 GetCurrentProcessId
0x1400c1110 GetExitCodeProcess
0x1400c1118 CreateFileW
0x1400c1120 GetCurrentThread
0x1400c1128 GetCurrentThreadId
0x1400c1130 SetThreadPriority
0x1400c1138 GetProcessId
0x1400c1140 GetSystemInfo
0x1400c1148 GetSystemTimeAsFileTime
0x1400c1150 GetLocalTime
0x1400c1158 GetTickCount
0x1400c1160 GetWindowsDirectoryW
0x1400c1168 GetVersionExA
0x1400c1170 VirtualAlloc
0x1400c1178 VirtualProtect
0x1400c1180 FreeLibrary
0x1400c1188 GetModuleFileNameA
0x1400c1190 GetModuleHandleA
0x1400c1198 GetModuleHandleW
0x1400c11a0 GetProcAddress
0x1400c11a8 LoadLibraryA
0x1400c11b0 LoadLibraryW
0x1400c11b8 LocalAlloc
0x1400c11c0 FormatMessageA
0x1400c11c8 lstrcmpA
0x1400c11d0 lstrcmpiA
0x1400c11d8 lstrcmpiW
0x1400c11e0 lstrcpynA
0x1400c11e8 lstrcpynW
0x1400c11f0 lstrcpyW
0x1400c11f8 lstrcatA
0x1400c1200 lstrcatW
0x1400c1208 lstrlenA
0x1400c1210 lstrlenW
0x1400c1218 MoveFileW
0x1400c1220 MultiByteToWideChar
0x1400c1228 WideCharToMultiByte
0x1400c1230 GetOEMCP
0x1400c1238 SwitchToThread
0x1400c1240 GetEnvironmentStringsW
0x1400c1248 GetCommandLineA
0x1400c1250 GetCPInfo
0x1400c1258 GetACP
0x1400c1260 IsValidCodePage
0x1400c1268 FindFirstFileExW
0x1400c1270 FindClose
0x1400c1278 LCMapStringW
0x1400c1280 RtlCaptureContext
0x1400c1288 RtlLookupFunctionEntry
0x1400c1290 RtlVirtualUnwind
0x1400c1298 UnhandledExceptionFilter
0x1400c12a0 SetUnhandledExceptionFilter
0x1400c12a8 GetCurrentProcess
0x1400c12b0 TerminateProcess
0x1400c12b8 IsProcessorFeaturePresent
0x1400c12c0 QueryPerformanceCounter
0x1400c12c8 InitializeSListHead
0x1400c12d0 IsDebuggerPresent
0x1400c12d8 GetStartupInfoW
0x1400c12e0 RtlUnwindEx
0x1400c12e8 RtlPcToFileHeader
0x1400c12f0 RaiseException
0x1400c12f8 SetLastError
0x1400c1300 EncodePointer
0x1400c1308 EnterCriticalSection
0x1400c1310 LeaveCriticalSection
0x1400c1318 DeleteCriticalSection
0x1400c1320 InitializeCriticalSectionAndSpinCount
0x1400c1328 TlsAlloc
0x1400c1330 TlsGetValue
0x1400c1338 TlsSetValue
0x1400c1340 TlsFree
0x1400c1348 LoadLibraryExW
0x1400c1350 GetStdHandle
0x1400c1358 GetFileType
0x1400c1360 GetModuleFileNameW
0x1400c1368 GetModuleHandleExW
0x1400c1370 WriteConsoleW
0x1400c1378 ExitProcess
0x1400c1380 OutputDebugStringW
ADVAPI32.dll
0x1400c1000 CloseEventLog
SHELL32.dll
0x1400c13a0 CommandLineToArgvW
0x1400c13a8 SHCreateProcessAsUserW
ole32.dll
0x1400c1430 CoInitializeEx
0x1400c1438 CoInitializeSecurity
0x1400c1440 CoSetProxyBlanket
0x1400c1448 CoCreateInstance
0x1400c1450 HWND_UserMarshal
OLEAUT32.dll
0x1400c1390 BSTR_UserFree
EAT(Export Address Table) Library