ScreenShot
| Created | 2023.03.09 10:15 | Machine | s1_win7_x6403 |
| Filename | HAD.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 27 detected (AIDetectNet, malicious, high confidence, Artemis, unsafe, Save, confidence, ZexaF, JvX@aupVUrlG, Attribute, HighConfidence, GenKryptik, GHCR, score, CrypterX, Generic ML PUA, moderate, Wacatac, GenericKD, MachineLearning, Anomalous, Generic@AI, RDML, M6LrEdlllbO6Dm1ffdwyGA, susgen) | ||
| md5 | 92569f0bc4733fd80a974d67ddb9435e | ||
| sha256 | 343b71456cdcc0f09baf79a2b0f5befe7043f329899f205699ac3ca2424c8282 | ||
| ssdeep | 24576:c2AmVweVO6i4qtX/GWa0KPjGvXb6HRn6fM+TzHzx/OHWJKqWBtkrpUAMTF3:NAmZI6i4qBva0KPjGPqnEM+YWJwTF3 | ||
| imphash | caf9bf1d191236de3d7b150ac6f71de5 | ||
| impfuzzy | 48:6urP6rX23OMqtMS175c+pp9yf30z2Ll7K+c0/VrzhZAt:FrP6rX0UtMS175c+pp9yx/K | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
| watch | One or more of the buffers contains an embedded PE file |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | One or more potentially interesting buffers were extracted |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x57e000 CompareFileTime
0x57e004 SetLastError
0x57e008 lstrlenW
0x57e00c GetUserDefaultLangID
0x57e010 SetEndOfFile
0x57e014 lstrlenA
0x57e018 GetModuleHandleA
0x57e01c GetSystemDefaultLangID
0x57e020 OpenProcess
0x57e024 IsValidCodePage
0x57e028 GetThreadUILanguage
0x57e02c LoadLibraryA
0x57e030 GlobalAlloc
0x57e034 DeleteFileW
0x57e038 GetThreadContext
0x57e03c GetProcAddress
0x57e040 GetProcessHeap
0x57e044 CreateProcessW
0x57e048 lstrcmpiA
0x57e04c GetTickCount
0x57e050 GetEnvironmentStringsW
0x57e054 OpenThread
0x57e058 WriteConsoleW
0x57e05c CloseHandle
0x57e060 CreateFileW
0x57e064 SetFilePointerEx
0x57e068 GetConsoleMode
0x57e06c GetConsoleOutputCP
0x57e070 FlushFileBuffers
0x57e074 HeapReAlloc
0x57e078 HeapSize
0x57e07c LCMapStringW
0x57e080 UnhandledExceptionFilter
0x57e084 SetUnhandledExceptionFilter
0x57e088 GetCurrentProcess
0x57e08c TerminateProcess
0x57e090 IsProcessorFeaturePresent
0x57e094 QueryPerformanceCounter
0x57e098 GetCurrentProcessId
0x57e09c GetCurrentThreadId
0x57e0a0 GetSystemTimeAsFileTime
0x57e0a4 InitializeSListHead
0x57e0a8 IsDebuggerPresent
0x57e0ac GetStartupInfoW
0x57e0b0 GetModuleHandleW
0x57e0b4 RtlUnwind
0x57e0b8 GetLastError
0x57e0bc EnterCriticalSection
0x57e0c0 LeaveCriticalSection
0x57e0c4 DeleteCriticalSection
0x57e0c8 InitializeCriticalSectionAndSpinCount
0x57e0cc TlsAlloc
0x57e0d0 TlsGetValue
0x57e0d4 TlsSetValue
0x57e0d8 TlsFree
0x57e0dc FreeLibrary
0x57e0e0 LoadLibraryExW
0x57e0e4 RaiseException
0x57e0e8 GetStdHandle
0x57e0ec WriteFile
0x57e0f0 GetModuleFileNameW
0x57e0f4 ExitProcess
0x57e0f8 GetModuleHandleExW
0x57e0fc HeapAlloc
0x57e100 HeapFree
0x57e104 FindClose
0x57e108 FindFirstFileExW
0x57e10c FindNextFileW
0x57e110 GetACP
0x57e114 GetOEMCP
0x57e118 GetCPInfo
0x57e11c GetCommandLineA
0x57e120 GetCommandLineW
0x57e124 MultiByteToWideChar
0x57e128 WideCharToMultiByte
0x57e12c FreeEnvironmentStringsW
0x57e130 SetStdHandle
0x57e134 GetFileType
0x57e138 GetStringTypeW
0x57e13c DecodePointer
USER32.dll
0x57e144 OpenIcon
0x57e148 IsWindowVisible
0x57e14c GetShellWindow
0x57e150 TrackPopupMenu
0x57e154 ShowWindow
0x57e158 AnyPopup
0x57e15c GetForegroundWindow
0x57e160 IsWow64Message
0x57e164 IsZoomed
0x57e168 GetDesktopWindow
0x57e16c GetParent
0x57e170 IsIconic
0x57e174 GetDlgItemTextA
EAT(Export Address Table) is none
KERNEL32.dll
0x57e000 CompareFileTime
0x57e004 SetLastError
0x57e008 lstrlenW
0x57e00c GetUserDefaultLangID
0x57e010 SetEndOfFile
0x57e014 lstrlenA
0x57e018 GetModuleHandleA
0x57e01c GetSystemDefaultLangID
0x57e020 OpenProcess
0x57e024 IsValidCodePage
0x57e028 GetThreadUILanguage
0x57e02c LoadLibraryA
0x57e030 GlobalAlloc
0x57e034 DeleteFileW
0x57e038 GetThreadContext
0x57e03c GetProcAddress
0x57e040 GetProcessHeap
0x57e044 CreateProcessW
0x57e048 lstrcmpiA
0x57e04c GetTickCount
0x57e050 GetEnvironmentStringsW
0x57e054 OpenThread
0x57e058 WriteConsoleW
0x57e05c CloseHandle
0x57e060 CreateFileW
0x57e064 SetFilePointerEx
0x57e068 GetConsoleMode
0x57e06c GetConsoleOutputCP
0x57e070 FlushFileBuffers
0x57e074 HeapReAlloc
0x57e078 HeapSize
0x57e07c LCMapStringW
0x57e080 UnhandledExceptionFilter
0x57e084 SetUnhandledExceptionFilter
0x57e088 GetCurrentProcess
0x57e08c TerminateProcess
0x57e090 IsProcessorFeaturePresent
0x57e094 QueryPerformanceCounter
0x57e098 GetCurrentProcessId
0x57e09c GetCurrentThreadId
0x57e0a0 GetSystemTimeAsFileTime
0x57e0a4 InitializeSListHead
0x57e0a8 IsDebuggerPresent
0x57e0ac GetStartupInfoW
0x57e0b0 GetModuleHandleW
0x57e0b4 RtlUnwind
0x57e0b8 GetLastError
0x57e0bc EnterCriticalSection
0x57e0c0 LeaveCriticalSection
0x57e0c4 DeleteCriticalSection
0x57e0c8 InitializeCriticalSectionAndSpinCount
0x57e0cc TlsAlloc
0x57e0d0 TlsGetValue
0x57e0d4 TlsSetValue
0x57e0d8 TlsFree
0x57e0dc FreeLibrary
0x57e0e0 LoadLibraryExW
0x57e0e4 RaiseException
0x57e0e8 GetStdHandle
0x57e0ec WriteFile
0x57e0f0 GetModuleFileNameW
0x57e0f4 ExitProcess
0x57e0f8 GetModuleHandleExW
0x57e0fc HeapAlloc
0x57e100 HeapFree
0x57e104 FindClose
0x57e108 FindFirstFileExW
0x57e10c FindNextFileW
0x57e110 GetACP
0x57e114 GetOEMCP
0x57e118 GetCPInfo
0x57e11c GetCommandLineA
0x57e120 GetCommandLineW
0x57e124 MultiByteToWideChar
0x57e128 WideCharToMultiByte
0x57e12c FreeEnvironmentStringsW
0x57e130 SetStdHandle
0x57e134 GetFileType
0x57e138 GetStringTypeW
0x57e13c DecodePointer
USER32.dll
0x57e144 OpenIcon
0x57e148 IsWindowVisible
0x57e14c GetShellWindow
0x57e150 TrackPopupMenu
0x57e154 ShowWindow
0x57e158 AnyPopup
0x57e15c GetForegroundWindow
0x57e160 IsWow64Message
0x57e164 IsZoomed
0x57e168 GetDesktopWindow
0x57e16c GetParent
0x57e170 IsIconic
0x57e174 GetDlgItemTextA
EAT(Export Address Table) is none