ScreenShot
| Created | 2022.12.21 17:54 | Machine | s1_win7_x6401 |
| Filename | 0f5e8774150b7f0120a47909d07dc909.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 53 detected (AIDetect, malware2, Manuscrypt, malicious, high confidence, GenericKD, Mokes, Artemis, Unsafe, Vpdm, ABRisk, TGRO, Attribute, HighConfidence, score, DropperX, Gencirc, bdosp, R002C0DLE22, Sabsik, kcloud, NEAA, 1W9RM85, Detected, Vigorf, BScope, ai score=83, jNquyQxW7cL, PossibleThreat, ZexaE, my0@amNxzifj, GdSda) | ||
| md5 | 7c151e9e14789c5fdb870541edd8a4e0 | ||
| sha256 | 13b97b388624af071d4a68e760f4f1b828c80e627ffdc39d06aacea317e49ade | ||
| ssdeep | 6144:Izpmv19cF/p/uwONct43Ep/uwONct43T92USK:ym09pGHNu4UpGHNu4R2USK | ||
| imphash | bef982b9edad5be092321ba1afb3822f | ||
| impfuzzy | 24:s3lwu9bjmbD3dMUsviu9Q1GcHtmS1+bJe99roIOovbOuqN5k2kZ4wxbEQvEYB5MS:GEH4zcHtmS1+OZe3dQ9Z/g3YIS | ||
Network IP location
Signature (13cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
| warning | Uses WMI to create a new process |
| watch | Checks for the presence of known windows from debuggers and forensic tools |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | Foreign language identified in PE resource |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40f000 InterlockedDecrement
0x40f004 GetModuleFileNameW
0x40f008 InitializeCriticalSectionAndSpinCount
0x40f00c GetEnvironmentVariableW
0x40f010 GetLastError
0x40f014 LoadLibraryA
0x40f018 lstrcatW
0x40f01c RaiseException
0x40f020 DecodePointer
0x40f024 GetProcAddress
0x40f028 DeleteCriticalSection
0x40f02c CreateFileW
0x40f030 WriteConsoleW
0x40f034 SetFilePointerEx
0x40f038 GetConsoleMode
0x40f03c GetConsoleCP
0x40f040 FlushFileBuffers
0x40f044 GetStringTypeW
0x40f048 SetStdHandle
0x40f04c CloseHandle
0x40f050 GetFileType
0x40f054 GetProcessHeap
0x40f058 SetEnvironmentVariableW
0x40f05c FreeEnvironmentStringsW
0x40f060 IsDebuggerPresent
0x40f064 OutputDebugStringW
0x40f068 EnterCriticalSection
0x40f06c LeaveCriticalSection
0x40f070 MultiByteToWideChar
0x40f074 WideCharToMultiByte
0x40f078 LocalFree
0x40f07c IsProcessorFeaturePresent
0x40f080 UnhandledExceptionFilter
0x40f084 SetUnhandledExceptionFilter
0x40f088 GetStartupInfoW
0x40f08c GetModuleHandleW
0x40f090 QueryPerformanceCounter
0x40f094 GetCurrentProcessId
0x40f098 GetCurrentThreadId
0x40f09c GetSystemTimeAsFileTime
0x40f0a0 InitializeSListHead
0x40f0a4 GetCurrentProcess
0x40f0a8 TerminateProcess
0x40f0ac RtlUnwind
0x40f0b0 SetLastError
0x40f0b4 EncodePointer
0x40f0b8 TlsAlloc
0x40f0bc TlsGetValue
0x40f0c0 TlsSetValue
0x40f0c4 TlsFree
0x40f0c8 FreeLibrary
0x40f0cc LoadLibraryExW
0x40f0d0 ExitProcess
0x40f0d4 GetModuleHandleExW
0x40f0d8 GetStdHandle
0x40f0dc WriteFile
0x40f0e0 GetCommandLineA
0x40f0e4 GetCommandLineW
0x40f0e8 GetACP
0x40f0ec HeapFree
0x40f0f0 HeapAlloc
0x40f0f4 HeapSize
0x40f0f8 HeapReAlloc
0x40f0fc CompareStringW
0x40f100 LCMapStringW
0x40f104 FindClose
0x40f108 FindFirstFileExW
0x40f10c FindNextFileW
0x40f110 IsValidCodePage
0x40f114 GetOEMCP
0x40f118 GetCPInfo
0x40f11c GetEnvironmentStringsW
USER32.dll
0x40f154 FindWindowW
0x40f158 ShowWindow
ole32.dll
0x40f160 CoCreateInstance
OLEAUT32.dll
0x40f124 VariantClear
0x40f128 SafeArrayGetDim
0x40f12c VariantInit
0x40f130 SafeArrayGetUBound
0x40f134 SafeArrayGetLBound
0x40f138 SysFreeString
0x40f13c SysAllocString
0x40f140 SafeArrayAccessData
0x40f144 GetErrorInfo
SHLWAPI.dll
0x40f14c StrStrW
EAT(Export Address Table) is none
KERNEL32.dll
0x40f000 InterlockedDecrement
0x40f004 GetModuleFileNameW
0x40f008 InitializeCriticalSectionAndSpinCount
0x40f00c GetEnvironmentVariableW
0x40f010 GetLastError
0x40f014 LoadLibraryA
0x40f018 lstrcatW
0x40f01c RaiseException
0x40f020 DecodePointer
0x40f024 GetProcAddress
0x40f028 DeleteCriticalSection
0x40f02c CreateFileW
0x40f030 WriteConsoleW
0x40f034 SetFilePointerEx
0x40f038 GetConsoleMode
0x40f03c GetConsoleCP
0x40f040 FlushFileBuffers
0x40f044 GetStringTypeW
0x40f048 SetStdHandle
0x40f04c CloseHandle
0x40f050 GetFileType
0x40f054 GetProcessHeap
0x40f058 SetEnvironmentVariableW
0x40f05c FreeEnvironmentStringsW
0x40f060 IsDebuggerPresent
0x40f064 OutputDebugStringW
0x40f068 EnterCriticalSection
0x40f06c LeaveCriticalSection
0x40f070 MultiByteToWideChar
0x40f074 WideCharToMultiByte
0x40f078 LocalFree
0x40f07c IsProcessorFeaturePresent
0x40f080 UnhandledExceptionFilter
0x40f084 SetUnhandledExceptionFilter
0x40f088 GetStartupInfoW
0x40f08c GetModuleHandleW
0x40f090 QueryPerformanceCounter
0x40f094 GetCurrentProcessId
0x40f098 GetCurrentThreadId
0x40f09c GetSystemTimeAsFileTime
0x40f0a0 InitializeSListHead
0x40f0a4 GetCurrentProcess
0x40f0a8 TerminateProcess
0x40f0ac RtlUnwind
0x40f0b0 SetLastError
0x40f0b4 EncodePointer
0x40f0b8 TlsAlloc
0x40f0bc TlsGetValue
0x40f0c0 TlsSetValue
0x40f0c4 TlsFree
0x40f0c8 FreeLibrary
0x40f0cc LoadLibraryExW
0x40f0d0 ExitProcess
0x40f0d4 GetModuleHandleExW
0x40f0d8 GetStdHandle
0x40f0dc WriteFile
0x40f0e0 GetCommandLineA
0x40f0e4 GetCommandLineW
0x40f0e8 GetACP
0x40f0ec HeapFree
0x40f0f0 HeapAlloc
0x40f0f4 HeapSize
0x40f0f8 HeapReAlloc
0x40f0fc CompareStringW
0x40f100 LCMapStringW
0x40f104 FindClose
0x40f108 FindFirstFileExW
0x40f10c FindNextFileW
0x40f110 IsValidCodePage
0x40f114 GetOEMCP
0x40f118 GetCPInfo
0x40f11c GetEnvironmentStringsW
USER32.dll
0x40f154 FindWindowW
0x40f158 ShowWindow
ole32.dll
0x40f160 CoCreateInstance
OLEAUT32.dll
0x40f124 VariantClear
0x40f128 SafeArrayGetDim
0x40f12c VariantInit
0x40f130 SafeArrayGetUBound
0x40f134 SafeArrayGetLBound
0x40f138 SysFreeString
0x40f13c SysAllocString
0x40f140 SafeArrayAccessData
0x40f144 GetErrorInfo
SHLWAPI.dll
0x40f14c StrStrW
EAT(Export Address Table) is none