ScreenShot
| Created | 2022.12.13 17:12 | Machine | s1_win7_x6401 |
| Filename | zRJt3MAZwJOF.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 34 detected (AIDetect, malware2, malicious, high confidence, GenericKD, GenericRXUV, Vvyx, confidence, Attribute, HighConfidence, GenCBL, FalseSign, Xwhl, exeyg, REDLINE, YXCLIZ, Artemis, Sabsik, Wacatac, score, ZexaF, nvX@aOSBoOeO, ai score=85, BScope, Zlob, Unsafe, Kryptik, leZOYpvcsGQ, susgen, PossibleThreat) | ||
| md5 | 9500782d04722c38addd1570f4a389c4 | ||
| sha256 | 57a6c44f15d7078d07680c0e0cee81fa4ab8ef90ef728794f1f6edc9d5778b33 | ||
| ssdeep | 24576:VgzTH4aHIf+P2300SoH7hGh8PQwI2nbmM0QP806t4y:V44IC0IH78hvwy636 | ||
| imphash | bb2af1988009d4b4491115f62e2f94ab | ||
| impfuzzy | 24:arLsWhPuzkJcDYF9TE/cHuOZyvDcIelRTCmfRplduOwkgogAhcVESi2N:arLJs69TE/MuDcxemfffuO/gZAaVESzN | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 34 AntiVirus engines on VirusTotal as malicious |
| watch | One or more of the buffers contains an embedded PE file |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | One or more potentially interesting buffers were extracted |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x50a000 GetSystemDefaultLangID
0x50a004 lstrlenA
0x50a008 TlsGetValue
0x50a00c HeapAlloc
0x50a010 InterlockedIncrement
0x50a014 OutputDebugStringW
0x50a018 IsBadReadPtr
0x50a01c GetConsoleCP
0x50a020 Sleep
0x50a024 HeapCreate
0x50a028 GetACP
0x50a02c GetLastError
0x50a030 GetCurrentDirectoryW
0x50a034 SetLastError
0x50a038 GetProcAddress
0x50a03c FoldStringW
0x50a040 GetCurrentProcessId
0x50a044 GetThreadUILanguage
0x50a048 LCMapStringW
0x50a04c LCMapStringA
0x50a050 GetStringTypeW
0x50a054 MultiByteToWideChar
0x50a058 GetStringTypeA
0x50a05c GetStartupInfoW
0x50a060 SetUnhandledExceptionFilter
0x50a064 GetModuleHandleW
0x50a068 ExitProcess
0x50a06c WriteFile
0x50a070 GetStdHandle
0x50a074 GetModuleFileNameA
0x50a078 GetModuleFileNameW
0x50a07c FreeEnvironmentStringsW
0x50a080 GetEnvironmentStringsW
0x50a084 GetCommandLineW
0x50a088 SetHandleCount
0x50a08c GetFileType
0x50a090 GetStartupInfoA
0x50a094 DeleteCriticalSection
0x50a098 TlsAlloc
0x50a09c TlsSetValue
0x50a0a0 TlsFree
0x50a0a4 GetCurrentThreadId
0x50a0a8 InterlockedDecrement
0x50a0ac VirtualFree
0x50a0b0 HeapFree
0x50a0b4 QueryPerformanceCounter
0x50a0b8 GetTickCount
0x50a0bc GetSystemTimeAsFileTime
0x50a0c0 TerminateProcess
0x50a0c4 GetCurrentProcess
0x50a0c8 UnhandledExceptionFilter
0x50a0cc IsDebuggerPresent
0x50a0d0 LeaveCriticalSection
0x50a0d4 EnterCriticalSection
0x50a0d8 VirtualAlloc
0x50a0dc HeapReAlloc
0x50a0e0 LoadLibraryA
0x50a0e4 InitializeCriticalSectionAndSpinCount
0x50a0e8 GetCPInfo
0x50a0ec GetOEMCP
0x50a0f0 IsValidCodePage
0x50a0f4 RtlUnwind
0x50a0f8 HeapSize
0x50a0fc GetLocaleInfoA
0x50a100 WideCharToMultiByte
USER32.dll
0x50a108 GetMessagePos
0x50a10c MessageBoxW
0x50a110 IsIconic
0x50a114 GetMessageExtraInfo
0x50a118 IsZoomed
0x50a11c GetWindowTextLengthA
0x50a120 GetForegroundWindow
ole32.dll
0x50a128 CoInitialize
0x50a12c CoUninitialize
EAT(Export Address Table) is none
KERNEL32.dll
0x50a000 GetSystemDefaultLangID
0x50a004 lstrlenA
0x50a008 TlsGetValue
0x50a00c HeapAlloc
0x50a010 InterlockedIncrement
0x50a014 OutputDebugStringW
0x50a018 IsBadReadPtr
0x50a01c GetConsoleCP
0x50a020 Sleep
0x50a024 HeapCreate
0x50a028 GetACP
0x50a02c GetLastError
0x50a030 GetCurrentDirectoryW
0x50a034 SetLastError
0x50a038 GetProcAddress
0x50a03c FoldStringW
0x50a040 GetCurrentProcessId
0x50a044 GetThreadUILanguage
0x50a048 LCMapStringW
0x50a04c LCMapStringA
0x50a050 GetStringTypeW
0x50a054 MultiByteToWideChar
0x50a058 GetStringTypeA
0x50a05c GetStartupInfoW
0x50a060 SetUnhandledExceptionFilter
0x50a064 GetModuleHandleW
0x50a068 ExitProcess
0x50a06c WriteFile
0x50a070 GetStdHandle
0x50a074 GetModuleFileNameA
0x50a078 GetModuleFileNameW
0x50a07c FreeEnvironmentStringsW
0x50a080 GetEnvironmentStringsW
0x50a084 GetCommandLineW
0x50a088 SetHandleCount
0x50a08c GetFileType
0x50a090 GetStartupInfoA
0x50a094 DeleteCriticalSection
0x50a098 TlsAlloc
0x50a09c TlsSetValue
0x50a0a0 TlsFree
0x50a0a4 GetCurrentThreadId
0x50a0a8 InterlockedDecrement
0x50a0ac VirtualFree
0x50a0b0 HeapFree
0x50a0b4 QueryPerformanceCounter
0x50a0b8 GetTickCount
0x50a0bc GetSystemTimeAsFileTime
0x50a0c0 TerminateProcess
0x50a0c4 GetCurrentProcess
0x50a0c8 UnhandledExceptionFilter
0x50a0cc IsDebuggerPresent
0x50a0d0 LeaveCriticalSection
0x50a0d4 EnterCriticalSection
0x50a0d8 VirtualAlloc
0x50a0dc HeapReAlloc
0x50a0e0 LoadLibraryA
0x50a0e4 InitializeCriticalSectionAndSpinCount
0x50a0e8 GetCPInfo
0x50a0ec GetOEMCP
0x50a0f0 IsValidCodePage
0x50a0f4 RtlUnwind
0x50a0f8 HeapSize
0x50a0fc GetLocaleInfoA
0x50a100 WideCharToMultiByte
USER32.dll
0x50a108 GetMessagePos
0x50a10c MessageBoxW
0x50a110 IsIconic
0x50a114 GetMessageExtraInfo
0x50a118 IsZoomed
0x50a11c GetWindowTextLengthA
0x50a120 GetForegroundWindow
ole32.dll
0x50a128 CoInitialize
0x50a12c CoUninitialize
EAT(Export Address Table) is none