ScreenShot
| Created | 2022.12.13 09:54 | Machine | s1_win7_x6403 |
| Filename | 1055716893.exe | ||
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 22 detected (Unsafe, Redcap, ZexaF, IMX@a0Cy1Gj, malicious, high confidence, AGen, Artemis, uedex, Sabsik, D5YVKY, score, BScope, Bebra, FakeSig, BYwIgtW3wcD, Static AI, Suspicious PE) | ||
| md5 | d2bad349906b711cf59df7178146abff | ||
| sha256 | 63b14b74c629ae9cdddacfd42fed6593a59b4d16841036e7af06a92a5853c69f | ||
| ssdeep | 49152:vfuWC+4w1Qh8jbj66yrgeBeh0BVWmqzfGCXGhGmGl8ZyahqPR3hhjEX/x0q0HVrS:vftC+RG6bjh2neh0BdqlH58ZyahqPPhw | ||
| imphash | 9b07102925b4f59f35c71f053bd1ede5 | ||
| impfuzzy | 96:lQB0hX7+bSrNmeTMqHs47xQ/VXiX1PriJGeRlM54qgeT7Fshp:lQKZ7gSrRTMo+VSFJeDMgePWj | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Creates an executable file in a user folder |
| notice | Creates executable files on the filesystem |
| notice | One or more potentially interesting buffers were extracted |
| notice | Steals private information from local Internet browsers |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
crypt.dll
0x6803f8 BCryptDecrypt
0x6803fc BCryptGenerateSymmetricKey
0x680400 BCryptOpenAlgorithmProvider
0x680404 BCryptSetProperty
CRYPT32.dll
0x68040c CryptUnprotectData
KERNEL32.dll
0x680414 AddAtomA
0x680418 AddVectoredExceptionHandler
0x68041c AreFileApisANSI
0x680420 CloseHandle
0x680424 CreateEventA
0x680428 CreateFileA
0x68042c CreateFileMappingA
0x680430 CreateFileMappingW
0x680434 CreateFileW
0x680438 CreateMutexA
0x68043c CreateMutexW
0x680440 CreateSemaphoreA
0x680444 DeleteAtom
0x680448 DeleteCriticalSection
0x68044c DeleteFileA
0x680450 DeleteFileW
0x680454 DuplicateHandle
0x680458 EnterCriticalSection
0x68045c FindAtomA
0x680460 FlushFileBuffers
0x680464 FlushViewOfFile
0x680468 FormatMessageA
0x68046c FormatMessageW
0x680470 FreeLibrary
0x680474 GetAtomNameA
0x680478 GetCurrentProcess
0x68047c GetCurrentProcessId
0x680480 GetCurrentThread
0x680484 GetCurrentThreadId
0x680488 GetDiskFreeSpaceA
0x68048c GetDiskFreeSpaceW
0x680490 GetFileAttributesA
0x680494 GetFileAttributesExW
0x680498 GetFileAttributesW
0x68049c GetFileSize
0x6804a0 GetFullPathNameA
0x6804a4 GetFullPathNameW
0x6804a8 GetHandleInformation
0x6804ac GetLastError
0x6804b0 GetModuleHandleW
0x6804b4 GetProcAddress
0x6804b8 GetProcessAffinityMask
0x6804bc GetProcessHeap
0x6804c0 GetStartupInfoA
0x6804c4 GetSystemInfo
0x6804c8 GetSystemTime
0x6804cc GetSystemTimeAsFileTime
0x6804d0 GetTempPathA
0x6804d4 GetTempPathW
0x6804d8 GetThreadContext
0x6804dc GetThreadPriority
0x6804e0 GetTickCount
0x6804e4 GetVersionExA
0x6804e8 GetVersionExW
0x6804ec HeapAlloc
0x6804f0 HeapCompact
0x6804f4 HeapCreate
0x6804f8 HeapDestroy
0x6804fc HeapFree
0x680500 HeapReAlloc
0x680504 HeapSize
0x680508 HeapValidate
0x68050c InitializeCriticalSection
0x680510 IsDBCSLeadByteEx
0x680514 IsDebuggerPresent
0x680518 LeaveCriticalSection
0x68051c LoadLibraryA
0x680520 LoadLibraryW
0x680524 LocalFree
0x680528 LockFile
0x68052c LockFileEx
0x680530 MapViewOfFile
0x680534 MultiByteToWideChar
0x680538 OpenProcess
0x68053c OutputDebugStringA
0x680540 OutputDebugStringW
0x680544 QueryPerformanceCounter
0x680548 QueryPerformanceFrequency
0x68054c RaiseException
0x680550 ReadFile
0x680554 ReleaseMutex
0x680558 ReleaseSemaphore
0x68055c RemoveVectoredExceptionHandler
0x680560 ResetEvent
0x680564 ResumeThread
0x680568 SetEndOfFile
0x68056c SetEvent
0x680570 SetFilePointer
0x680574 SetLastError
0x680578 SetProcessAffinityMask
0x68057c SetThreadContext
0x680580 SetThreadPriority
0x680584 SetUnhandledExceptionFilter
0x680588 Sleep
0x68058c SuspendThread
0x680590 SystemTimeToFileTime
0x680594 TlsAlloc
0x680598 TlsGetValue
0x68059c TlsSetValue
0x6805a0 TryEnterCriticalSection
0x6805a4 UnlockFile
0x6805a8 UnlockFileEx
0x6805ac UnmapViewOfFile
0x6805b0 VirtualProtect
0x6805b4 VirtualQuery
0x6805b8 WaitForMultipleObjects
0x6805bc WaitForSingleObject
0x6805c0 WaitForSingleObjectEx
0x6805c4 WideCharToMultiByte
0x6805c8 WriteFile
0x6805cc lstrcatW
msvcrt.dll
0x6805d4 __getmainargs
0x6805d8 __initenv
0x6805dc __lconv_init
0x6805e0 __mb_cur_max
0x6805e4 __p__acmdln
0x6805e8 __p__commode
0x6805ec __p__fmode
0x6805f0 __set_app_type
0x6805f4 __setusermatherr
0x6805f8 _amsg_exit
0x6805fc _assert
0x680600 _beginthreadex
0x680604 _cexit
0x680608 _close
0x68060c _endthreadex
0x680610 _errno
0x680614 _fdopen
0x680618 _filelengthi64
0x68061c _fileno
0x680620 _fileno
0x680624 _fstat64
0x680628 _initterm
0x68062c _iob
0x680630 _lseeki64
0x680634 _mbsicmp
0x680638 _onexit
0x68063c _read
0x680640 _memccpy
0x680644 _setjmp3
0x680648 _strdup
0x68064c _strnicmp
0x680650 _ultoa
0x680654 _wfopen
0x680658 _wgetenv_s
0x68065c _write
0x680660 abort
0x680664 atoi
0x680668 calloc
0x68066c exit
0x680670 fclose
0x680674 fflush
0x680678 fgetpos
0x68067c fopen
0x680680 fprintf
0x680684 fputc
0x680688 fputs
0x68068c fputwc
0x680690 fread
0x680694 free
0x680698 fsetpos
0x68069c fwrite
0x6806a0 fwprintf
0x6806a4 getc
0x6806a8 getwc
0x6806ac isalnum
0x6806b0 isspace
0x6806b4 iswctype
0x6806b8 localtime
0x6806bc localeconv
0x6806c0 longjmp
0x6806c4 malloc
0x6806c8 memchr
0x6806cc memcmp
0x6806d0 memcpy
0x6806d4 memmove
0x6806d8 memset
0x6806dc printf
0x6806e0 putc
0x6806e4 putwc
0x6806e8 realloc
0x6806ec setlocale
0x6806f0 setvbuf
0x6806f4 signal
0x6806f8 strchr
0x6806fc strcmp
0x680700 strcoll
0x680704 strcspn
0x680708 strerror
0x68070c strftime
0x680710 strlen
0x680714 strncmp
0x680718 strrchr
0x68071c strxfrm
0x680720 towlower
0x680724 towupper
0x680728 ungetc
0x68072c ungetwc
0x680730 vfprintf
0x680734 wcscoll
0x680738 wcsftime
0x68073c wcslen
0x680740 wcsxfrm
WINHTTP.dll
0x680748 WinHttpAddRequestHeaders
0x68074c WinHttpCloseHandle
0x680750 WinHttpConnect
0x680754 WinHttpOpen
0x680758 WinHttpOpenRequest
0x68075c WinHttpQueryDataAvailable
0x680760 WinHttpQueryHeaders
0x680764 WinHttpReadData
0x680768 WinHttpReceiveResponse
0x68076c WinHttpSendRequest
0x680770 WinHttpSetOption
EAT(Export Address Table) is none
crypt.dll
0x6803f8 BCryptDecrypt
0x6803fc BCryptGenerateSymmetricKey
0x680400 BCryptOpenAlgorithmProvider
0x680404 BCryptSetProperty
CRYPT32.dll
0x68040c CryptUnprotectData
KERNEL32.dll
0x680414 AddAtomA
0x680418 AddVectoredExceptionHandler
0x68041c AreFileApisANSI
0x680420 CloseHandle
0x680424 CreateEventA
0x680428 CreateFileA
0x68042c CreateFileMappingA
0x680430 CreateFileMappingW
0x680434 CreateFileW
0x680438 CreateMutexA
0x68043c CreateMutexW
0x680440 CreateSemaphoreA
0x680444 DeleteAtom
0x680448 DeleteCriticalSection
0x68044c DeleteFileA
0x680450 DeleteFileW
0x680454 DuplicateHandle
0x680458 EnterCriticalSection
0x68045c FindAtomA
0x680460 FlushFileBuffers
0x680464 FlushViewOfFile
0x680468 FormatMessageA
0x68046c FormatMessageW
0x680470 FreeLibrary
0x680474 GetAtomNameA
0x680478 GetCurrentProcess
0x68047c GetCurrentProcessId
0x680480 GetCurrentThread
0x680484 GetCurrentThreadId
0x680488 GetDiskFreeSpaceA
0x68048c GetDiskFreeSpaceW
0x680490 GetFileAttributesA
0x680494 GetFileAttributesExW
0x680498 GetFileAttributesW
0x68049c GetFileSize
0x6804a0 GetFullPathNameA
0x6804a4 GetFullPathNameW
0x6804a8 GetHandleInformation
0x6804ac GetLastError
0x6804b0 GetModuleHandleW
0x6804b4 GetProcAddress
0x6804b8 GetProcessAffinityMask
0x6804bc GetProcessHeap
0x6804c0 GetStartupInfoA
0x6804c4 GetSystemInfo
0x6804c8 GetSystemTime
0x6804cc GetSystemTimeAsFileTime
0x6804d0 GetTempPathA
0x6804d4 GetTempPathW
0x6804d8 GetThreadContext
0x6804dc GetThreadPriority
0x6804e0 GetTickCount
0x6804e4 GetVersionExA
0x6804e8 GetVersionExW
0x6804ec HeapAlloc
0x6804f0 HeapCompact
0x6804f4 HeapCreate
0x6804f8 HeapDestroy
0x6804fc HeapFree
0x680500 HeapReAlloc
0x680504 HeapSize
0x680508 HeapValidate
0x68050c InitializeCriticalSection
0x680510 IsDBCSLeadByteEx
0x680514 IsDebuggerPresent
0x680518 LeaveCriticalSection
0x68051c LoadLibraryA
0x680520 LoadLibraryW
0x680524 LocalFree
0x680528 LockFile
0x68052c LockFileEx
0x680530 MapViewOfFile
0x680534 MultiByteToWideChar
0x680538 OpenProcess
0x68053c OutputDebugStringA
0x680540 OutputDebugStringW
0x680544 QueryPerformanceCounter
0x680548 QueryPerformanceFrequency
0x68054c RaiseException
0x680550 ReadFile
0x680554 ReleaseMutex
0x680558 ReleaseSemaphore
0x68055c RemoveVectoredExceptionHandler
0x680560 ResetEvent
0x680564 ResumeThread
0x680568 SetEndOfFile
0x68056c SetEvent
0x680570 SetFilePointer
0x680574 SetLastError
0x680578 SetProcessAffinityMask
0x68057c SetThreadContext
0x680580 SetThreadPriority
0x680584 SetUnhandledExceptionFilter
0x680588 Sleep
0x68058c SuspendThread
0x680590 SystemTimeToFileTime
0x680594 TlsAlloc
0x680598 TlsGetValue
0x68059c TlsSetValue
0x6805a0 TryEnterCriticalSection
0x6805a4 UnlockFile
0x6805a8 UnlockFileEx
0x6805ac UnmapViewOfFile
0x6805b0 VirtualProtect
0x6805b4 VirtualQuery
0x6805b8 WaitForMultipleObjects
0x6805bc WaitForSingleObject
0x6805c0 WaitForSingleObjectEx
0x6805c4 WideCharToMultiByte
0x6805c8 WriteFile
0x6805cc lstrcatW
msvcrt.dll
0x6805d4 __getmainargs
0x6805d8 __initenv
0x6805dc __lconv_init
0x6805e0 __mb_cur_max
0x6805e4 __p__acmdln
0x6805e8 __p__commode
0x6805ec __p__fmode
0x6805f0 __set_app_type
0x6805f4 __setusermatherr
0x6805f8 _amsg_exit
0x6805fc _assert
0x680600 _beginthreadex
0x680604 _cexit
0x680608 _close
0x68060c _endthreadex
0x680610 _errno
0x680614 _fdopen
0x680618 _filelengthi64
0x68061c _fileno
0x680620 _fileno
0x680624 _fstat64
0x680628 _initterm
0x68062c _iob
0x680630 _lseeki64
0x680634 _mbsicmp
0x680638 _onexit
0x68063c _read
0x680640 _memccpy
0x680644 _setjmp3
0x680648 _strdup
0x68064c _strnicmp
0x680650 _ultoa
0x680654 _wfopen
0x680658 _wgetenv_s
0x68065c _write
0x680660 abort
0x680664 atoi
0x680668 calloc
0x68066c exit
0x680670 fclose
0x680674 fflush
0x680678 fgetpos
0x68067c fopen
0x680680 fprintf
0x680684 fputc
0x680688 fputs
0x68068c fputwc
0x680690 fread
0x680694 free
0x680698 fsetpos
0x68069c fwrite
0x6806a0 fwprintf
0x6806a4 getc
0x6806a8 getwc
0x6806ac isalnum
0x6806b0 isspace
0x6806b4 iswctype
0x6806b8 localtime
0x6806bc localeconv
0x6806c0 longjmp
0x6806c4 malloc
0x6806c8 memchr
0x6806cc memcmp
0x6806d0 memcpy
0x6806d4 memmove
0x6806d8 memset
0x6806dc printf
0x6806e0 putc
0x6806e4 putwc
0x6806e8 realloc
0x6806ec setlocale
0x6806f0 setvbuf
0x6806f4 signal
0x6806f8 strchr
0x6806fc strcmp
0x680700 strcoll
0x680704 strcspn
0x680708 strerror
0x68070c strftime
0x680710 strlen
0x680714 strncmp
0x680718 strrchr
0x68071c strxfrm
0x680720 towlower
0x680724 towupper
0x680728 ungetc
0x68072c ungetwc
0x680730 vfprintf
0x680734 wcscoll
0x680738 wcsftime
0x68073c wcslen
0x680740 wcsxfrm
WINHTTP.dll
0x680748 WinHttpAddRequestHeaders
0x68074c WinHttpCloseHandle
0x680750 WinHttpConnect
0x680754 WinHttpOpen
0x680758 WinHttpOpenRequest
0x68075c WinHttpQueryDataAvailable
0x680760 WinHttpQueryHeaders
0x680764 WinHttpReadData
0x680768 WinHttpReceiveResponse
0x68076c WinHttpSendRequest
0x680770 WinHttpSetOption
EAT(Export Address Table) is none