ScreenShot
| Created | 2022.12.09 15:17 | Machine | s1_win7_x6403 |
| Filename | dkWKxiFhDGVr.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 30 detected (AIDetect, malware2, malicious, high confidence, score, Artemis, MachineLearning, Anomalous, 100%, Save, Attribute, HighConfidence, GenCBL, Reline, GenericKD, PRIVATELOADER, YXCLHZ, kcloud, Sabsik, BScope, Zlob, ai score=99, Kryptik, leZOYpvcsGQ, susgen, GenKryptik, GDIT, ZexaF, nvX@auAVJxam) | ||
| md5 | f36038207a570f622e9114bce1f6b1ed | ||
| sha256 | 1f411086d94da3c1e9ec9ef281b490ff06302ad0c2df328f0e08f73d00fea025 | ||
| ssdeep | 24576:Ql8En+ltO6ba9VUIvufEj0NzwazgRy9rUL2EQexQ+uCqa99:Ql8pu92fGQI6E5xQ+uCqq9 | ||
| imphash | bb2af1988009d4b4491115f62e2f94ab | ||
| impfuzzy | 24:arLsWhPuzkJcDYF9TE/cHuOZyvDcIelRTCmfRplduOwkgogAhcVESi2N:arLJs69TE/MuDcxemfffuO/gZAaVESzN | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
| watch | One or more of the buffers contains an embedded PE file |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | One or more potentially interesting buffers were extracted |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x50b000 GetSystemDefaultLangID
0x50b004 lstrlenA
0x50b008 TlsGetValue
0x50b00c HeapAlloc
0x50b010 InterlockedIncrement
0x50b014 OutputDebugStringW
0x50b018 IsBadReadPtr
0x50b01c GetConsoleCP
0x50b020 Sleep
0x50b024 HeapCreate
0x50b028 GetACP
0x50b02c GetLastError
0x50b030 GetCurrentDirectoryW
0x50b034 SetLastError
0x50b038 GetProcAddress
0x50b03c FoldStringW
0x50b040 GetCurrentProcessId
0x50b044 GetThreadUILanguage
0x50b048 LCMapStringW
0x50b04c LCMapStringA
0x50b050 GetStringTypeW
0x50b054 MultiByteToWideChar
0x50b058 GetStringTypeA
0x50b05c GetStartupInfoW
0x50b060 SetUnhandledExceptionFilter
0x50b064 GetModuleHandleW
0x50b068 ExitProcess
0x50b06c WriteFile
0x50b070 GetStdHandle
0x50b074 GetModuleFileNameA
0x50b078 GetModuleFileNameW
0x50b07c FreeEnvironmentStringsW
0x50b080 GetEnvironmentStringsW
0x50b084 GetCommandLineW
0x50b088 SetHandleCount
0x50b08c GetFileType
0x50b090 GetStartupInfoA
0x50b094 DeleteCriticalSection
0x50b098 TlsAlloc
0x50b09c TlsSetValue
0x50b0a0 TlsFree
0x50b0a4 GetCurrentThreadId
0x50b0a8 InterlockedDecrement
0x50b0ac VirtualFree
0x50b0b0 HeapFree
0x50b0b4 QueryPerformanceCounter
0x50b0b8 GetTickCount
0x50b0bc GetSystemTimeAsFileTime
0x50b0c0 TerminateProcess
0x50b0c4 GetCurrentProcess
0x50b0c8 UnhandledExceptionFilter
0x50b0cc IsDebuggerPresent
0x50b0d0 LeaveCriticalSection
0x50b0d4 EnterCriticalSection
0x50b0d8 VirtualAlloc
0x50b0dc HeapReAlloc
0x50b0e0 LoadLibraryA
0x50b0e4 InitializeCriticalSectionAndSpinCount
0x50b0e8 GetCPInfo
0x50b0ec GetOEMCP
0x50b0f0 IsValidCodePage
0x50b0f4 RtlUnwind
0x50b0f8 HeapSize
0x50b0fc GetLocaleInfoA
0x50b100 WideCharToMultiByte
USER32.dll
0x50b108 GetMessagePos
0x50b10c MessageBoxW
0x50b110 IsIconic
0x50b114 GetMessageExtraInfo
0x50b118 IsZoomed
0x50b11c GetWindowTextLengthA
0x50b120 GetForegroundWindow
ole32.dll
0x50b128 CoInitialize
0x50b12c CoUninitialize
EAT(Export Address Table) is none
KERNEL32.dll
0x50b000 GetSystemDefaultLangID
0x50b004 lstrlenA
0x50b008 TlsGetValue
0x50b00c HeapAlloc
0x50b010 InterlockedIncrement
0x50b014 OutputDebugStringW
0x50b018 IsBadReadPtr
0x50b01c GetConsoleCP
0x50b020 Sleep
0x50b024 HeapCreate
0x50b028 GetACP
0x50b02c GetLastError
0x50b030 GetCurrentDirectoryW
0x50b034 SetLastError
0x50b038 GetProcAddress
0x50b03c FoldStringW
0x50b040 GetCurrentProcessId
0x50b044 GetThreadUILanguage
0x50b048 LCMapStringW
0x50b04c LCMapStringA
0x50b050 GetStringTypeW
0x50b054 MultiByteToWideChar
0x50b058 GetStringTypeA
0x50b05c GetStartupInfoW
0x50b060 SetUnhandledExceptionFilter
0x50b064 GetModuleHandleW
0x50b068 ExitProcess
0x50b06c WriteFile
0x50b070 GetStdHandle
0x50b074 GetModuleFileNameA
0x50b078 GetModuleFileNameW
0x50b07c FreeEnvironmentStringsW
0x50b080 GetEnvironmentStringsW
0x50b084 GetCommandLineW
0x50b088 SetHandleCount
0x50b08c GetFileType
0x50b090 GetStartupInfoA
0x50b094 DeleteCriticalSection
0x50b098 TlsAlloc
0x50b09c TlsSetValue
0x50b0a0 TlsFree
0x50b0a4 GetCurrentThreadId
0x50b0a8 InterlockedDecrement
0x50b0ac VirtualFree
0x50b0b0 HeapFree
0x50b0b4 QueryPerformanceCounter
0x50b0b8 GetTickCount
0x50b0bc GetSystemTimeAsFileTime
0x50b0c0 TerminateProcess
0x50b0c4 GetCurrentProcess
0x50b0c8 UnhandledExceptionFilter
0x50b0cc IsDebuggerPresent
0x50b0d0 LeaveCriticalSection
0x50b0d4 EnterCriticalSection
0x50b0d8 VirtualAlloc
0x50b0dc HeapReAlloc
0x50b0e0 LoadLibraryA
0x50b0e4 InitializeCriticalSectionAndSpinCount
0x50b0e8 GetCPInfo
0x50b0ec GetOEMCP
0x50b0f0 IsValidCodePage
0x50b0f4 RtlUnwind
0x50b0f8 HeapSize
0x50b0fc GetLocaleInfoA
0x50b100 WideCharToMultiByte
USER32.dll
0x50b108 GetMessagePos
0x50b10c MessageBoxW
0x50b110 IsIconic
0x50b114 GetMessageExtraInfo
0x50b118 IsZoomed
0x50b11c GetWindowTextLengthA
0x50b120 GetForegroundWindow
ole32.dll
0x50b128 CoInitialize
0x50b12c CoUninitialize
EAT(Export Address Table) is none