ScreenShot
| Created | 2022.12.19 10:07 | Machine | s1_win7_x6403 |
| Filename | rtpehnnzbxoa.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 43 detected (PenTiumD, BroPass, malicious, high confidence, GenericKDZ, Abcv, TrojanPSW, Attribute, HighConfidence, a variant of WinGo, score, Convagent, CLOUD, AGEN, PRIVATELOADER, YXCLQZ, AdwareTskLnk, Sabsik, PSWTroj, kcloud, Trickbot, Detected, R535068, Artemis, ai score=83, QQPass, QQRob, Mzfl) | ||
| md5 | 31e5f2a6588723aadefaf5595482d955 | ||
| sha256 | 0278ab4f0298aa6e8066c14cf2b0063a09ac96e8bac365ddf192092dc17b42af | ||
| ssdeep | 49152:RfKECgAG4VFdurb/TxvO90d7HjmAFd4A64nsfJl6QnJ8FxaUbSCItEptH8uLuX2K:RIn+1uGgaMfUTEUAz2Xa/ | ||
| imphash | 57c9b357ae0cb2f414b0a5873e2f216d | ||
| impfuzzy | 96:nB0xlCFX7+C4S5O1eTucwOcX8gXj+JG46BRqt3R:nK3CN774S5lTmXxt46Bct3R | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 43 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0xbc54fc AddVectoredExceptionHandler
0xbc5504 AreFileApisANSI
0xbc550c CloseHandle
0xbc5514 CreateEventA
0xbc551c CreateFileA
0xbc5524 CreateFileMappingA
0xbc552c CreateFileMappingW
0xbc5534 CreateFileW
0xbc553c CreateIoCompletionPort
0xbc5544 CreateMutexW
0xbc554c CreateThread
0xbc5554 CreateWaitableTimerA
0xbc555c CreateWaitableTimerExW
0xbc5564 DeleteCriticalSection
0xbc556c DeleteFileA
0xbc5574 DeleteFileW
0xbc557c DuplicateHandle
0xbc5584 EnterCriticalSection
0xbc558c ExitProcess
0xbc5594 FlushFileBuffers
0xbc559c FlushViewOfFile
0xbc55a4 FormatMessageA
0xbc55ac FormatMessageW
0xbc55b4 FreeEnvironmentStringsW
0xbc55bc FreeLibrary
0xbc55c4 GetConsoleMode
0xbc55cc GetCurrentProcess
0xbc55d4 GetCurrentProcessId
0xbc55dc GetCurrentThreadId
0xbc55e4 GetDiskFreeSpaceA
0xbc55ec GetDiskFreeSpaceW
0xbc55f4 GetEnvironmentStringsW
0xbc55fc GetFileAttributesA
0xbc5604 GetFileAttributesExW
0xbc560c GetFileAttributesW
0xbc5614 GetFileSize
0xbc561c GetFullPathNameA
0xbc5624 GetFullPathNameW
0xbc562c GetLastError
0xbc5634 GetProcAddress
0xbc563c GetProcessAffinityMask
0xbc5644 GetProcessHeap
0xbc564c GetQueuedCompletionStatusEx
0xbc5654 GetStartupInfoA
0xbc565c GetStdHandle
0xbc5664 GetSystemDirectoryA
0xbc566c GetSystemInfo
0xbc5674 GetSystemTime
0xbc567c GetSystemTimeAsFileTime
0xbc5684 GetTempPathA
0xbc568c GetTempPathW
0xbc5694 GetThreadContext
0xbc569c GetTickCount
0xbc56a4 GetVersionExA
0xbc56ac GetVersionExW
0xbc56b4 HeapAlloc
0xbc56bc HeapCompact
0xbc56c4 HeapCreate
0xbc56cc HeapDestroy
0xbc56d4 HeapFree
0xbc56dc HeapReAlloc
0xbc56e4 HeapSize
0xbc56ec HeapValidate
0xbc56f4 InitializeCriticalSection
0xbc56fc LeaveCriticalSection
0xbc5704 LoadLibraryA
0xbc570c LoadLibraryW
0xbc5714 LocalFree
0xbc571c LockFile
0xbc5724 LockFileEx
0xbc572c MapViewOfFile
0xbc5734 MultiByteToWideChar
0xbc573c OutputDebugStringA
0xbc5744 OutputDebugStringW
0xbc574c PostQueuedCompletionStatus
0xbc5754 QueryPerformanceCounter
0xbc575c ReadFile
0xbc5764 ResumeThread
0xbc576c RtlAddFunctionTable
0xbc5774 RtlCaptureContext
0xbc577c RtlLookupFunctionEntry
0xbc5784 RtlVirtualUnwind
0xbc578c SetConsoleCtrlHandler
0xbc5794 SetEndOfFile
0xbc579c SetErrorMode
0xbc57a4 SetEvent
0xbc57ac SetFilePointer
0xbc57b4 SetProcessPriorityBoost
0xbc57bc SetThreadContext
0xbc57c4 SetUnhandledExceptionFilter
0xbc57cc SetWaitableTimer
0xbc57d4 Sleep
0xbc57dc SuspendThread
0xbc57e4 SwitchToThread
0xbc57ec SystemTimeToFileTime
0xbc57f4 TerminateProcess
0xbc57fc TlsGetValue
0xbc5804 TryEnterCriticalSection
0xbc580c UnhandledExceptionFilter
0xbc5814 UnlockFile
0xbc581c UnlockFileEx
0xbc5824 UnmapViewOfFile
0xbc582c VirtualAlloc
0xbc5834 VirtualFree
0xbc583c VirtualProtect
0xbc5844 VirtualQuery
0xbc584c WaitForMultipleObjects
0xbc5854 WaitForSingleObject
0xbc585c WaitForSingleObjectEx
0xbc5864 WideCharToMultiByte
0xbc586c WriteConsoleW
0xbc5874 WriteFile
0xbc587c __C_specific_handler
msvcrt.dll
0xbc588c __getmainargs
0xbc5894 __initenv
0xbc589c __iob_func
0xbc58a4 __lconv_init
0xbc58ac __set_app_type
0xbc58b4 __setusermatherr
0xbc58bc _acmdln
0xbc58c4 _amsg_exit
0xbc58cc _beginthread
0xbc58d4 _beginthreadex
0xbc58dc _cexit
0xbc58e4 _endthreadex
0xbc58ec _errno
0xbc58f4 _fmode
0xbc58fc _initterm
0xbc5904 _localtime64
0xbc590c _onexit
0xbc5914 abort
0xbc591c calloc
0xbc5924 exit
0xbc592c fprintf
0xbc5934 free
0xbc593c fwrite
0xbc5944 malloc
0xbc594c memcmp
0xbc5954 memcpy
0xbc595c memmove
0xbc5964 memset
0xbc596c qsort
0xbc5974 realloc
0xbc597c signal
0xbc5984 strcmp
0xbc598c strcspn
0xbc5994 strlen
0xbc599c strncmp
0xbc59a4 strrchr
0xbc59ac vfprintf
EAT(Export Address Table) Library
0xbc3e10 _cgo_dummy_export
0x733a60 authorizerTrampoline
0x733780 callbackTrampoline
0x733940 commitHookTrampoline
0x7338a0 compareTrampoline
0x733850 doneTrampoline
0x733ae0 preUpdateHookTrampoline
0x7339a0 rollbackHookTrampoline
0x7337e0 stepTrampoline
0x7339f0 updateHookTrampoline
KERNEL32.dll
0xbc54fc AddVectoredExceptionHandler
0xbc5504 AreFileApisANSI
0xbc550c CloseHandle
0xbc5514 CreateEventA
0xbc551c CreateFileA
0xbc5524 CreateFileMappingA
0xbc552c CreateFileMappingW
0xbc5534 CreateFileW
0xbc553c CreateIoCompletionPort
0xbc5544 CreateMutexW
0xbc554c CreateThread
0xbc5554 CreateWaitableTimerA
0xbc555c CreateWaitableTimerExW
0xbc5564 DeleteCriticalSection
0xbc556c DeleteFileA
0xbc5574 DeleteFileW
0xbc557c DuplicateHandle
0xbc5584 EnterCriticalSection
0xbc558c ExitProcess
0xbc5594 FlushFileBuffers
0xbc559c FlushViewOfFile
0xbc55a4 FormatMessageA
0xbc55ac FormatMessageW
0xbc55b4 FreeEnvironmentStringsW
0xbc55bc FreeLibrary
0xbc55c4 GetConsoleMode
0xbc55cc GetCurrentProcess
0xbc55d4 GetCurrentProcessId
0xbc55dc GetCurrentThreadId
0xbc55e4 GetDiskFreeSpaceA
0xbc55ec GetDiskFreeSpaceW
0xbc55f4 GetEnvironmentStringsW
0xbc55fc GetFileAttributesA
0xbc5604 GetFileAttributesExW
0xbc560c GetFileAttributesW
0xbc5614 GetFileSize
0xbc561c GetFullPathNameA
0xbc5624 GetFullPathNameW
0xbc562c GetLastError
0xbc5634 GetProcAddress
0xbc563c GetProcessAffinityMask
0xbc5644 GetProcessHeap
0xbc564c GetQueuedCompletionStatusEx
0xbc5654 GetStartupInfoA
0xbc565c GetStdHandle
0xbc5664 GetSystemDirectoryA
0xbc566c GetSystemInfo
0xbc5674 GetSystemTime
0xbc567c GetSystemTimeAsFileTime
0xbc5684 GetTempPathA
0xbc568c GetTempPathW
0xbc5694 GetThreadContext
0xbc569c GetTickCount
0xbc56a4 GetVersionExA
0xbc56ac GetVersionExW
0xbc56b4 HeapAlloc
0xbc56bc HeapCompact
0xbc56c4 HeapCreate
0xbc56cc HeapDestroy
0xbc56d4 HeapFree
0xbc56dc HeapReAlloc
0xbc56e4 HeapSize
0xbc56ec HeapValidate
0xbc56f4 InitializeCriticalSection
0xbc56fc LeaveCriticalSection
0xbc5704 LoadLibraryA
0xbc570c LoadLibraryW
0xbc5714 LocalFree
0xbc571c LockFile
0xbc5724 LockFileEx
0xbc572c MapViewOfFile
0xbc5734 MultiByteToWideChar
0xbc573c OutputDebugStringA
0xbc5744 OutputDebugStringW
0xbc574c PostQueuedCompletionStatus
0xbc5754 QueryPerformanceCounter
0xbc575c ReadFile
0xbc5764 ResumeThread
0xbc576c RtlAddFunctionTable
0xbc5774 RtlCaptureContext
0xbc577c RtlLookupFunctionEntry
0xbc5784 RtlVirtualUnwind
0xbc578c SetConsoleCtrlHandler
0xbc5794 SetEndOfFile
0xbc579c SetErrorMode
0xbc57a4 SetEvent
0xbc57ac SetFilePointer
0xbc57b4 SetProcessPriorityBoost
0xbc57bc SetThreadContext
0xbc57c4 SetUnhandledExceptionFilter
0xbc57cc SetWaitableTimer
0xbc57d4 Sleep
0xbc57dc SuspendThread
0xbc57e4 SwitchToThread
0xbc57ec SystemTimeToFileTime
0xbc57f4 TerminateProcess
0xbc57fc TlsGetValue
0xbc5804 TryEnterCriticalSection
0xbc580c UnhandledExceptionFilter
0xbc5814 UnlockFile
0xbc581c UnlockFileEx
0xbc5824 UnmapViewOfFile
0xbc582c VirtualAlloc
0xbc5834 VirtualFree
0xbc583c VirtualProtect
0xbc5844 VirtualQuery
0xbc584c WaitForMultipleObjects
0xbc5854 WaitForSingleObject
0xbc585c WaitForSingleObjectEx
0xbc5864 WideCharToMultiByte
0xbc586c WriteConsoleW
0xbc5874 WriteFile
0xbc587c __C_specific_handler
msvcrt.dll
0xbc588c __getmainargs
0xbc5894 __initenv
0xbc589c __iob_func
0xbc58a4 __lconv_init
0xbc58ac __set_app_type
0xbc58b4 __setusermatherr
0xbc58bc _acmdln
0xbc58c4 _amsg_exit
0xbc58cc _beginthread
0xbc58d4 _beginthreadex
0xbc58dc _cexit
0xbc58e4 _endthreadex
0xbc58ec _errno
0xbc58f4 _fmode
0xbc58fc _initterm
0xbc5904 _localtime64
0xbc590c _onexit
0xbc5914 abort
0xbc591c calloc
0xbc5924 exit
0xbc592c fprintf
0xbc5934 free
0xbc593c fwrite
0xbc5944 malloc
0xbc594c memcmp
0xbc5954 memcpy
0xbc595c memmove
0xbc5964 memset
0xbc596c qsort
0xbc5974 realloc
0xbc597c signal
0xbc5984 strcmp
0xbc598c strcspn
0xbc5994 strlen
0xbc599c strncmp
0xbc59a4 strrchr
0xbc59ac vfprintf
EAT(Export Address Table) Library
0xbc3e10 _cgo_dummy_export
0x733a60 authorizerTrampoline
0x733780 callbackTrampoline
0x733940 commitHookTrampoline
0x7338a0 compareTrampoline
0x733850 doneTrampoline
0x733ae0 preUpdateHookTrampoline
0x7339a0 rollbackHookTrampoline
0x7337e0 stepTrampoline
0x7339f0 updateHookTrampoline