ScreenShot
| Created | 2023.03.08 11:09 | Machine | s1_win7_x6403 |
| Filename | New1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 35 detected (Tedy, Save, malicious, confidence, None, ZexaE, QvX@aSzV4hmG, Attribute, HighConfidence, high confidence, GenKryptik, GHAA, score, Strab, TrojanX, Artemis, moderate, Static AI, Suspicious PE, ai score=80, Wacatac, Casdet, BScope, unsafe, R002H0DC723, Undefined, k3h1PhqnxaE) | ||
| md5 | 0492a562ceee12e6db78b77aa191e267 | ||
| sha256 | 3c41412eb5d424cbf29a62862bc2ccc0ba89c32c27e36f5c74a8d16a82fe2331 | ||
| ssdeep | 49152:Qh4FhhuZD6yJ+aJLSHvg1+Bn3ceAhFkXXVS8DO2F4PNKscRDSsj5xjo0fc8VZK0R:RKze3ns8Cna | ||
| imphash | 151f536da17206958ed89113fe3ba656 | ||
| impfuzzy | 48:/YnyS9NrRaEhgfcJcS+KgXleAh0H/FLGOi:/E9NrYEhgfcJcS+VXles | ||
Network IP location
Signature (10cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 35 AntiVirus engines on VirusTotal as malicious |
| watch | One or more of the buffers contains an embedded PE file |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | One or more potentially interesting buffers were extracted |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x594008 FindFirstFileW
0x59400c lstrlenA
0x594010 MapViewOfFile
0x594014 LoadLibraryExW
0x594018 GetCurrentProcess
0x59401c CompareFileTime
0x594020 GetEnvironmentStringsW
0x594024 GetTickCount
0x594028 GetCurrentThread
0x59402c GetProcessHeap
0x594030 GetCommandLineA
0x594034 GlobalAlloc
0x594038 GetModuleFileNameW
0x59403c lstrlenW
0x594040 GetStartupInfoW
0x594044 GetProcAddress
0x594048 IsValidCodePage
0x59404c LoadLibraryA
0x594050 GetCommandLineW
0x594054 UnhandledExceptionFilter
0x594058 LocalAlloc
0x59405c SetCurrentDirectoryW
0x594060 GetLargePageMinimum
0x594064 GetOEMCP
0x594068 GetModuleHandleA
0x59406c FlushFileBuffers
0x594070 CloseHandle
0x594074 CreateFileA
0x594078 GetConsoleOutputCP
0x59407c WriteConsoleA
0x594080 SetStdHandle
0x594084 GetConsoleMode
0x594088 GetConsoleCP
0x59408c OpenThread
0x594090 GetSystemDefaultLangID
0x594094 HeapValidate
0x594098 IsBadReadPtr
0x59409c RaiseException
0x5940a0 TerminateProcess
0x5940a4 SetUnhandledExceptionFilter
0x5940a8 IsDebuggerPresent
0x5940ac DeleteCriticalSection
0x5940b0 EnterCriticalSection
0x5940b4 LeaveCriticalSection
0x5940b8 InterlockedIncrement
0x5940bc InterlockedDecrement
0x5940c0 GetACP
0x5940c4 GetCPInfo
0x5940c8 TlsGetValue
0x5940cc GetModuleHandleW
0x5940d0 TlsAlloc
0x5940d4 TlsSetValue
0x5940d8 GetCurrentThreadId
0x5940dc TlsFree
0x5940e0 SetLastError
0x5940e4 GetLastError
0x5940e8 QueryPerformanceCounter
0x5940ec GetCurrentProcessId
0x5940f0 GetSystemTimeAsFileTime
0x5940f4 Sleep
0x5940f8 ExitProcess
0x5940fc FreeEnvironmentStringsW
0x594100 SetHandleCount
0x594104 GetStdHandle
0x594108 GetFileType
0x59410c GetStartupInfoA
0x594110 HeapDestroy
0x594114 HeapCreate
0x594118 HeapFree
0x59411c VirtualFree
0x594120 GetModuleFileNameA
0x594124 WriteFile
0x594128 HeapAlloc
0x59412c HeapSize
0x594130 HeapReAlloc
0x594134 VirtualAlloc
0x594138 InitializeCriticalSectionAndSpinCount
0x59413c DebugBreak
0x594140 OutputDebugStringA
0x594144 WriteConsoleW
0x594148 OutputDebugStringW
0x59414c LoadLibraryW
0x594150 RtlUnwind
0x594154 MultiByteToWideChar
0x594158 GetStringTypeA
0x59415c GetStringTypeW
0x594160 WideCharToMultiByte
0x594164 LCMapStringA
0x594168 LCMapStringW
0x59416c GetLocaleInfoA
0x594170 SetFilePointer
USER32.dll
0x594178 GetParent
0x59417c GetForegroundWindow
0x594180 IsWindow
0x594184 IsWow64Message
0x594188 GetSystemMetrics
0x59418c IsWindowVisible
0x594190 GetDlgCtrlID
0x594194 GetMessagePos
0x594198 GetShellWindow
ADVAPI32.dll
0x594000 RegEnumValueA
EAT(Export Address Table) is none
KERNEL32.dll
0x594008 FindFirstFileW
0x59400c lstrlenA
0x594010 MapViewOfFile
0x594014 LoadLibraryExW
0x594018 GetCurrentProcess
0x59401c CompareFileTime
0x594020 GetEnvironmentStringsW
0x594024 GetTickCount
0x594028 GetCurrentThread
0x59402c GetProcessHeap
0x594030 GetCommandLineA
0x594034 GlobalAlloc
0x594038 GetModuleFileNameW
0x59403c lstrlenW
0x594040 GetStartupInfoW
0x594044 GetProcAddress
0x594048 IsValidCodePage
0x59404c LoadLibraryA
0x594050 GetCommandLineW
0x594054 UnhandledExceptionFilter
0x594058 LocalAlloc
0x59405c SetCurrentDirectoryW
0x594060 GetLargePageMinimum
0x594064 GetOEMCP
0x594068 GetModuleHandleA
0x59406c FlushFileBuffers
0x594070 CloseHandle
0x594074 CreateFileA
0x594078 GetConsoleOutputCP
0x59407c WriteConsoleA
0x594080 SetStdHandle
0x594084 GetConsoleMode
0x594088 GetConsoleCP
0x59408c OpenThread
0x594090 GetSystemDefaultLangID
0x594094 HeapValidate
0x594098 IsBadReadPtr
0x59409c RaiseException
0x5940a0 TerminateProcess
0x5940a4 SetUnhandledExceptionFilter
0x5940a8 IsDebuggerPresent
0x5940ac DeleteCriticalSection
0x5940b0 EnterCriticalSection
0x5940b4 LeaveCriticalSection
0x5940b8 InterlockedIncrement
0x5940bc InterlockedDecrement
0x5940c0 GetACP
0x5940c4 GetCPInfo
0x5940c8 TlsGetValue
0x5940cc GetModuleHandleW
0x5940d0 TlsAlloc
0x5940d4 TlsSetValue
0x5940d8 GetCurrentThreadId
0x5940dc TlsFree
0x5940e0 SetLastError
0x5940e4 GetLastError
0x5940e8 QueryPerformanceCounter
0x5940ec GetCurrentProcessId
0x5940f0 GetSystemTimeAsFileTime
0x5940f4 Sleep
0x5940f8 ExitProcess
0x5940fc FreeEnvironmentStringsW
0x594100 SetHandleCount
0x594104 GetStdHandle
0x594108 GetFileType
0x59410c GetStartupInfoA
0x594110 HeapDestroy
0x594114 HeapCreate
0x594118 HeapFree
0x59411c VirtualFree
0x594120 GetModuleFileNameA
0x594124 WriteFile
0x594128 HeapAlloc
0x59412c HeapSize
0x594130 HeapReAlloc
0x594134 VirtualAlloc
0x594138 InitializeCriticalSectionAndSpinCount
0x59413c DebugBreak
0x594140 OutputDebugStringA
0x594144 WriteConsoleW
0x594148 OutputDebugStringW
0x59414c LoadLibraryW
0x594150 RtlUnwind
0x594154 MultiByteToWideChar
0x594158 GetStringTypeA
0x59415c GetStringTypeW
0x594160 WideCharToMultiByte
0x594164 LCMapStringA
0x594168 LCMapStringW
0x59416c GetLocaleInfoA
0x594170 SetFilePointer
USER32.dll
0x594178 GetParent
0x59417c GetForegroundWindow
0x594180 IsWindow
0x594184 IsWow64Message
0x594188 GetSystemMetrics
0x59418c IsWindowVisible
0x594190 GetDlgCtrlID
0x594194 GetMessagePos
0x594198 GetShellWindow
ADVAPI32.dll
0x594000 RegEnumValueA
EAT(Export Address Table) is none