ScreenShot
| Created | 2023.03.09 10:08 | Machine | s1_win7_x6403 |
| Filename | JavHa.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 28 detected (malicious, high confidence, Artemis, Save, confidence, Attribute, HighConfidence, GenKryptik, GHCR, score, FileRepMalware, Misc, GenericKD, moderate, Generic ML PUA, Woreflint, ZexaF, LvX@aSdD3opG, unsafe, RHADAMANTHYS, YXDCHZ, Kryptik, td19bmHh0BM, susgen) | ||
| md5 | 4adf9b20011bc571b61884f1b630a84a | ||
| sha256 | 044e62e14faf9e06d2759ac0d62b4c6cb3a103fe287e235c48ab1c64604cfe3a | ||
| ssdeep | 24576:gncYAIIhJ6Z1NM97KM/th4FosodIWp26ICk95akZPa/S6Dh/aI5:2GJ6q7DQi3dTp2/9gpRaI5 | ||
| imphash | caf9bf1d191236de3d7b150ac6f71de5 | ||
| impfuzzy | 48:6urP6rX23OMqtMS175c+pp9yf30z2Ll7K+c0/VrzhZAt:FrP6rX0UtMS175c+pp9yx/K | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| watch | One or more of the buffers contains an embedded PE file |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | One or more potentially interesting buffers were extracted |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x586000 CompareFileTime
0x586004 SetLastError
0x586008 lstrlenW
0x58600c GetUserDefaultLangID
0x586010 SetEndOfFile
0x586014 lstrlenA
0x586018 GetModuleHandleA
0x58601c GetSystemDefaultLangID
0x586020 OpenProcess
0x586024 IsValidCodePage
0x586028 GetThreadUILanguage
0x58602c LoadLibraryA
0x586030 GlobalAlloc
0x586034 DeleteFileW
0x586038 GetThreadContext
0x58603c GetProcAddress
0x586040 GetProcessHeap
0x586044 CreateProcessW
0x586048 lstrcmpiA
0x58604c GetTickCount
0x586050 GetEnvironmentStringsW
0x586054 OpenThread
0x586058 WriteConsoleW
0x58605c CloseHandle
0x586060 CreateFileW
0x586064 SetFilePointerEx
0x586068 GetConsoleMode
0x58606c GetConsoleOutputCP
0x586070 FlushFileBuffers
0x586074 HeapReAlloc
0x586078 HeapSize
0x58607c LCMapStringW
0x586080 UnhandledExceptionFilter
0x586084 SetUnhandledExceptionFilter
0x586088 GetCurrentProcess
0x58608c TerminateProcess
0x586090 IsProcessorFeaturePresent
0x586094 QueryPerformanceCounter
0x586098 GetCurrentProcessId
0x58609c GetCurrentThreadId
0x5860a0 GetSystemTimeAsFileTime
0x5860a4 InitializeSListHead
0x5860a8 IsDebuggerPresent
0x5860ac GetStartupInfoW
0x5860b0 GetModuleHandleW
0x5860b4 RtlUnwind
0x5860b8 GetLastError
0x5860bc EnterCriticalSection
0x5860c0 LeaveCriticalSection
0x5860c4 DeleteCriticalSection
0x5860c8 InitializeCriticalSectionAndSpinCount
0x5860cc TlsAlloc
0x5860d0 TlsGetValue
0x5860d4 TlsSetValue
0x5860d8 TlsFree
0x5860dc FreeLibrary
0x5860e0 LoadLibraryExW
0x5860e4 RaiseException
0x5860e8 GetStdHandle
0x5860ec WriteFile
0x5860f0 GetModuleFileNameW
0x5860f4 ExitProcess
0x5860f8 GetModuleHandleExW
0x5860fc HeapAlloc
0x586100 HeapFree
0x586104 FindClose
0x586108 FindFirstFileExW
0x58610c FindNextFileW
0x586110 GetACP
0x586114 GetOEMCP
0x586118 GetCPInfo
0x58611c GetCommandLineA
0x586120 GetCommandLineW
0x586124 MultiByteToWideChar
0x586128 WideCharToMultiByte
0x58612c FreeEnvironmentStringsW
0x586130 SetStdHandle
0x586134 GetFileType
0x586138 GetStringTypeW
0x58613c DecodePointer
USER32.dll
0x586144 OpenIcon
0x586148 IsWindowVisible
0x58614c GetShellWindow
0x586150 TrackPopupMenu
0x586154 ShowWindow
0x586158 AnyPopup
0x58615c GetForegroundWindow
0x586160 IsWow64Message
0x586164 IsZoomed
0x586168 GetDesktopWindow
0x58616c GetParent
0x586170 IsIconic
0x586174 GetDlgItemTextA
EAT(Export Address Table) is none
KERNEL32.dll
0x586000 CompareFileTime
0x586004 SetLastError
0x586008 lstrlenW
0x58600c GetUserDefaultLangID
0x586010 SetEndOfFile
0x586014 lstrlenA
0x586018 GetModuleHandleA
0x58601c GetSystemDefaultLangID
0x586020 OpenProcess
0x586024 IsValidCodePage
0x586028 GetThreadUILanguage
0x58602c LoadLibraryA
0x586030 GlobalAlloc
0x586034 DeleteFileW
0x586038 GetThreadContext
0x58603c GetProcAddress
0x586040 GetProcessHeap
0x586044 CreateProcessW
0x586048 lstrcmpiA
0x58604c GetTickCount
0x586050 GetEnvironmentStringsW
0x586054 OpenThread
0x586058 WriteConsoleW
0x58605c CloseHandle
0x586060 CreateFileW
0x586064 SetFilePointerEx
0x586068 GetConsoleMode
0x58606c GetConsoleOutputCP
0x586070 FlushFileBuffers
0x586074 HeapReAlloc
0x586078 HeapSize
0x58607c LCMapStringW
0x586080 UnhandledExceptionFilter
0x586084 SetUnhandledExceptionFilter
0x586088 GetCurrentProcess
0x58608c TerminateProcess
0x586090 IsProcessorFeaturePresent
0x586094 QueryPerformanceCounter
0x586098 GetCurrentProcessId
0x58609c GetCurrentThreadId
0x5860a0 GetSystemTimeAsFileTime
0x5860a4 InitializeSListHead
0x5860a8 IsDebuggerPresent
0x5860ac GetStartupInfoW
0x5860b0 GetModuleHandleW
0x5860b4 RtlUnwind
0x5860b8 GetLastError
0x5860bc EnterCriticalSection
0x5860c0 LeaveCriticalSection
0x5860c4 DeleteCriticalSection
0x5860c8 InitializeCriticalSectionAndSpinCount
0x5860cc TlsAlloc
0x5860d0 TlsGetValue
0x5860d4 TlsSetValue
0x5860d8 TlsFree
0x5860dc FreeLibrary
0x5860e0 LoadLibraryExW
0x5860e4 RaiseException
0x5860e8 GetStdHandle
0x5860ec WriteFile
0x5860f0 GetModuleFileNameW
0x5860f4 ExitProcess
0x5860f8 GetModuleHandleExW
0x5860fc HeapAlloc
0x586100 HeapFree
0x586104 FindClose
0x586108 FindFirstFileExW
0x58610c FindNextFileW
0x586110 GetACP
0x586114 GetOEMCP
0x586118 GetCPInfo
0x58611c GetCommandLineA
0x586120 GetCommandLineW
0x586124 MultiByteToWideChar
0x586128 WideCharToMultiByte
0x58612c FreeEnvironmentStringsW
0x586130 SetStdHandle
0x586134 GetFileType
0x586138 GetStringTypeW
0x58613c DecodePointer
USER32.dll
0x586144 OpenIcon
0x586148 IsWindowVisible
0x58614c GetShellWindow
0x586150 TrackPopupMenu
0x586154 ShowWindow
0x586158 AnyPopup
0x58615c GetForegroundWindow
0x586160 IsWow64Message
0x586164 IsZoomed
0x586168 GetDesktopWindow
0x58616c GetParent
0x586170 IsIconic
0x586174 GetDlgItemTextA
EAT(Export Address Table) is none