Report - ZeroBOX

ScreenShot

Info
Location map


Created	2022.12.13 17:29	Machine	s1_win7_x6403
Filename	demo.exe
Type	PE32+ executable (GUI) x86-64, for MS Windows
AI Score	1	Behavior Score	1.6
ZERO API	file : malware
VT API (file)	28 detected (malicious, moderate confidence, GenericKD, Unsafe, Vnc4, confidence, 100%, ABRisk, FKTJ, Attribute, HighConfidence, score, MalwareX, Agen, Ywhl, GenKD, Wacatac, Detected, Chgt)
md5	d16df5a6a394820b2271898b31703862
sha256	58e674636ca1d0dfac7e39debd343d652df870f7c582561baf68c38f585410d2
ssdeep	98304:DVyxQbaRbcR1Mp2DdAG7qDA9faD5n7V78G2R4f8zXEULYhkxl:bEbc19fSgX
imphash	c6d1a60b30b8dc763577ff55f44360f0
impfuzzy	96:MbdVUu4/axj+9W5W6twEX7BcE5jnmebLYrcUb4KvxQ736/XAXHCUJGJRqtzE:IUub+9W5W6tweeE5vbLDiwWJctzE

Network IP location

Signature (4cnts)

Level	Description
warning	File has been identified by 28 AntiVirus engines on VirusTotal as malicious
notice	The binary likely contains encrypted or compressed data indicative of a packer
info	Checks amount of memory in system
info	One or more processes crashed

Rules (8cnts)

Level	Name	Description	Collection
warning	Generic_Malware_Zero	Generic Malware	binaries (upload)
watch	Admin_Tool_IN_Zero	Admin Tool Sysinternals	binaries (upload)
watch	Malicious_Library_Zero	Malicious_Library	binaries (upload)
watch	Malicious_Packer_Zero	Malicious Packer	binaries (upload)
watch	UPX_Zero	UPX packed file	binaries (upload)
info	IsPE64	(no description)	binaries (upload)
info	OS_Processor_Check_Zero	OS Processor Check	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

ADVAPI32.dll
0x62d9cc GetTokenInformation
0x62d9d4 LookupAccountSidW
0x62d9dc OpenProcessToken
0x62d9e4 RegCloseKey
0x62d9ec RegCreateKeyExW
0x62d9f4 RegEnumKeyExW
0x62d9fc RegEnumValueW
0x62da04 RegOpenKeyExW
0x62da0c RegQueryInfoKeyW
0x62da14 RegQueryValueExW
0x62da1c RegSetValueExW
IPHLPAPI.DLL
0x62da2c FreeMibTable
0x62da34 GetIfEntry2
0x62da3c GetIfTable2
NETAPI32.dll
0x62da4c NetApiBufferFree
0x62da54 NetUserEnum
0x62da5c NetUserGetLocalGroups
ntdll.dll
0x62da6c NtQueryInformationProcess
0x62da74 NtQuerySystemInformation
0x62da7c RtlCaptureContext
0x62da84 RtlGetVersion
0x62da8c RtlLookupFunctionEntry
ole32.dll
0x62da9c CoCreateInstance
0x62daa4 CoInitializeEx
0x62daac CoInitializeSecurity
0x62dab4 CoSetProxyBlanket
0x62dabc CoTaskMemFree
0x62dac4 CoUninitialize
OLEAUT32.dll
0x62dad4 SysAllocString
0x62dadc SysFreeString
0x62dae4 VariantClear
pdh.dll
0x62daf4 PdhAddEnglishCounterA
0x62dafc PdhAddEnglishCounterW
0x62db04 PdhCloseQuery
0x62db0c PdhCollectQueryData
0x62db14 PdhCollectQueryDataEx
0x62db1c PdhGetFormattedCounterValue
0x62db24 PdhOpenQueryA
0x62db2c PdhRemoveCounter
POWRPROF.dll
0x62db3c CallNtPowerInformation
PSAPI.DLL
0x62db4c EnumProcessModulesEx
0x62db54 GetModuleBaseNameW
0x62db5c GetModuleFileNameExW
0x62db64 GetPerformanceInfo
0x62db6c GetProcessMemoryInfo
Secur32.dll
0x62db7c LsaEnumerateLogonSessions
0x62db84 LsaFreeReturnBuffer
0x62db8c LsaGetLogonSessionData
SHELL32.dll
0x62db9c CommandLineToArgvW
0x62dba4 SHGetKnownFolderPath
WS2_32.dll
0x62dbb4 WSACleanup
0x62dbbc WSADuplicateSocketW
0x62dbc4 WSAGetLastError
0x62dbcc WSARecv
0x62dbd4 WSASend
0x62dbdc WSASocketW
0x62dbe4 WSAStartup
0x62dbec accept
0x62dbf4 ind
0x62dbfc closesocket
0x62dc04 connect
0x62dc0c freeaddrinfo
0x62dc14 getaddrinfo
0x62dc1c getpeername
0x62dc24 getsockname
0x62dc2c getsockopt
0x62dc34 ioctlsocket
0x62dc3c listen
0x62dc44 recv
0x62dc4c recvfrom
0x62dc54 select
0x62dc5c send
0x62dc64 sendto
0x62dc6c setsockopt
0x62dc74 shutdown
crypt.dll
0x62dc84 BCryptCloseAlgorithmProvider
0x62dc8c BCryptGenRandom
0x62dc94 BCryptOpenAlgorithmProvider
KERNEL32.dll
0x62dca4 AcquireSRWLockExclusive
0x62dcac AcquireSRWLockShared
0x62dcb4 AddVectoredExceptionHandler
0x62dcbc CancelIo
0x62dcc4 CloseHandle
0x62dccc CompareStringOrdinal
0x62dcd4 CopyFileExW
0x62dcdc CreateDirectoryW
0x62dce4 CreateEventA
0x62dcec CreateEventW
0x62dcf4 CreateFileMappingA
0x62dcfc CreateFileW
0x62dd04 CreateHardLinkW
0x62dd0c CreateMutexA
0x62dd14 CreateNamedPipeW
0x62dd1c CreateProcessW
0x62dd24 CreateSymbolicLinkW
0x62dd2c CreateThread
0x62dd34 CreateToolhelp32Snapshot
0x62dd3c DeleteCriticalSection
0x62dd44 DeleteFileW
0x62dd4c DeviceIoControl
0x62dd54 DuplicateHandle
0x62dd5c EnterCriticalSection
0x62dd64 EnumSystemGeoID
0x62dd6c ExitProcess
0x62dd74 FileTimeToSystemTime
0x62dd7c FindClose
0x62dd84 FindFirstFileW
0x62dd8c FindNextFileW
0x62dd94 FlushFileBuffers
0x62dd9c FormatMessageW
0x62dda4 FreeEnvironmentStringsW
0x62ddac FreeLibrary
0x62ddb4 GetCommandLineW
0x62ddbc GetComputerNameExW
0x62ddc4 GetConsoleMode
0x62ddcc GetCurrentDirectoryW
0x62ddd4 GetCurrentProcess
0x62dddc GetCurrentProcessId
0x62dde4 GetCurrentThread
0x62ddec GetCurrentThreadId
0x62ddf4 GetDiskFreeSpaceExW
0x62ddfc GetDriveTypeW
0x62de04 GetEnvironmentStringsW
0x62de0c GetEnvironmentVariableW
0x62de14 GetExitCodeProcess
0x62de1c GetFileAttributesW
0x62de24 GetFileInformationByHandle
0x62de2c GetFileInformationByHandleEx
0x62de34 GetFileType
0x62de3c GetFinalPathNameByHandleW
0x62de44 GetFullPathNameW
0x62de4c GetLastError
0x62de54 GetLogicalDrives
0x62de5c GetLogicalProcessorInformation
0x62de64 GetLogicalProcessorInformationEx
0x62de6c GetModuleFileNameW
0x62de74 GetModuleHandleA
0x62de7c GetModuleHandleExW
0x62de84 GetModuleHandleW
0x62de8c GetOverlappedResult
0x62de94 GetProcAddress
0x62de9c GetProcessHeap
0x62dea4 GetProcessId
0x62deac GetProcessIoCounters
0x62deb4 GetProcessTimes
0x62debc GetStartupInfoA
0x62dec4 GetStdHandle
0x62decc GetSystemDirectoryW
0x62ded4 GetSystemInfo
0x62dedc GetSystemTimeAsFileTime
0x62dee4 GetSystemTimes
0x62deec GetTempPathW
0x62def4 GetTickCount
0x62defc GetTickCount64
0x62df04 GetVolumeInformationW
0x62df0c GetWindowsDirectoryW
0x62df14 GlobalMemoryStatusEx
0x62df1c HeapAlloc
0x62df24 HeapFree
0x62df2c HeapReAlloc
0x62df34 InitOnceBeginInitialize
0x62df3c InitOnceComplete
0x62df44 InitializeCriticalSection
0x62df4c LeaveCriticalSection
0x62df54 LoadLibraryA
0x62df5c LoadLibraryExW
0x62df64 LocalFree
0x62df6c MapViewOfFile
0x62df74 Module32FirstW
0x62df7c Module32NextW
0x62df84 MoveFileExW
0x62df8c OpenProcess
0x62df94 ProcessIdToSessionId
0x62df9c QueryPerformanceCounter
0x62dfa4 QueryPerformanceFrequency
0x62dfac RaiseException
0x62dfb4 ReadConsoleW
0x62dfbc ReadFile
0x62dfc4 ReadFileEx
0x62dfcc ReadProcessMemory
0x62dfd4 RegisterWaitForSingleObject
0x62dfdc ReleaseMutex
0x62dfe4 ReleaseSRWLockExclusive
0x62dfec ReleaseSRWLockShared
0x62dff4 RemoveDirectoryW
0x62dffc RtlAddFunctionTable
0x62e004 RtlUnwindEx
0x62e00c RtlVirtualUnwind
0x62e014 SetCurrentDirectoryW
0x62e01c SetEnvironmentVariableW
0x62e024 SetErrorMode
0x62e02c SetFileAttributesW
0x62e034 SetFileInformationByHandle
0x62e03c SetFilePointerEx
0x62e044 SetFileTime
0x62e04c SetHandleInformation
0x62e054 SetLastError
0x62e05c SetThreadErrorMode
0x62e064 SetThreadStackGuarantee
0x62e06c SetUnhandledExceptionFilter
0x62e074 Sleep
0x62e07c SleepConditionVariableSRW
0x62e084 SleepEx
0x62e08c SwitchToThread
0x62e094 TerminateProcess
0x62e09c TlsAlloc
0x62e0a4 TlsFree
0x62e0ac TlsGetValue
0x62e0b4 TlsSetValue
0x62e0bc TryAcquireSRWLockExclusive
0x62e0c4 UnhandledExceptionFilter
0x62e0cc UnmapViewOfFile
0x62e0d4 VirtualAlloc
0x62e0dc VirtualProtect
0x62e0e4 VirtualQuery
0x62e0ec VirtualQueryEx
0x62e0f4 WaitForMultipleObjects
0x62e0fc WaitForSingleObject
0x62e104 WaitForSingleObjectEx
0x62e10c WakeAllConditionVariable
0x62e114 WakeConditionVariable
0x62e11c WriteConsoleW
0x62e124 WriteFileEx
0x62e12c __C_specific_handler
0x62e134 lstrlenW
msvcrt.dll
0x62e144 __getmainargs
0x62e14c __initenv
0x62e154 __iob_func
0x62e15c __lconv_init
0x62e164 __set_app_type
0x62e16c __setusermatherr
0x62e174 _acmdln
0x62e17c _amsg_exit
0x62e184 _cexit
0x62e18c _fmode
0x62e194 _fpreset
0x62e19c _initterm
0x62e1a4 _onexit
0x62e1ac abort
0x62e1b4 calloc
0x62e1bc exit
0x62e1c4 fprintf
0x62e1cc free
0x62e1d4 fwrite
0x62e1dc malloc
0x62e1e4 memcmp
0x62e1ec memcpy
0x62e1f4 memmove
0x62e1fc memset
0x62e204 signal
0x62e20c strlen
0x62e214 strncmp
0x62e21c vfprintf
0x62e224 wcslen
USERENV.dll
0x62e234 GetUserProfileDirectoryW

EAT(Export Address Table) is none

Report - demo.exe

Signature (4cnts)

Rules (8cnts)

Network (0cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure