ScreenShot
| Created | 2023.03.10 16:54 | Machine | s1_win7_x6401 |
| Filename | Projectads.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 0f16ee89f88b541aea1867c8b6b44868 | ||
| sha256 | 0002ab37c265250dc388afc14e44b8b9362d941db7634df5bad9fa7d7c287b19 | ||
| ssdeep | 24576:J7u0QUm8sMWyLCB3aO+AhcE/evoBNMhgNkTjR2iRRZj0tJqeRXigd0ojgKa8LAqx:tFDAMcMhgNmF7ZIue5igd9pGqx | ||
| imphash | 06a097e0e1da8bc7de03cf1b2644e8f7 | ||
| impfuzzy | 48:FrAxMjFZDaEZtgfcdV8haWzYrLtdhA+c1ex5J:FrAxMjFkEZtgfcdV8h3zY9T9 | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| watch | One or more of the buffers contains an embedded PE file |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | One or more potentially interesting buffers were extracted |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x55f008 GetProcessHeap
0x55f00c GetUserDefaultLangID
0x55f010 lstrlenW
0x55f014 GetLastError
0x55f018 GetCurrentDirectoryW
0x55f01c SetLastError
0x55f020 lstrcmpiA
0x55f024 GetProcAddress
0x55f028 IsValidCodePage
0x55f02c GetLocalTime
0x55f030 LoadLibraryA
0x55f034 LocalAlloc
0x55f038 SetCurrentDirectoryW
0x55f03c lstrlenA
0x55f040 GetModuleHandleA
0x55f044 VirtualProtect
0x55f048 QueryPerformanceFrequency
0x55f04c OutputDebugStringA
0x55f050 FlushFileBuffers
0x55f054 CloseHandle
0x55f058 CreateFileA
0x55f05c GetConsoleOutputCP
0x55f060 WriteConsoleA
0x55f064 SetStdHandle
0x55f068 GetConsoleMode
0x55f06c GetOEMCP
0x55f070 GetCommandLineW
0x55f074 GetConsoleCP
0x55f078 SetFilePointer
0x55f07c GetStartupInfoW
0x55f080 HeapValidate
0x55f084 IsBadReadPtr
0x55f088 RaiseException
0x55f08c TerminateProcess
0x55f090 GetCurrentProcess
0x55f094 UnhandledExceptionFilter
0x55f098 SetUnhandledExceptionFilter
0x55f09c IsDebuggerPresent
0x55f0a0 DeleteCriticalSection
0x55f0a4 EnterCriticalSection
0x55f0a8 LeaveCriticalSection
0x55f0ac GetModuleFileNameW
0x55f0b0 QueryPerformanceCounter
0x55f0b4 GetTickCount
0x55f0b8 GetCurrentThreadId
0x55f0bc GetCurrentProcessId
0x55f0c0 GetSystemTimeAsFileTime
0x55f0c4 GetModuleHandleW
0x55f0c8 Sleep
0x55f0cc InterlockedIncrement
0x55f0d0 InterlockedDecrement
0x55f0d4 ExitProcess
0x55f0d8 FreeEnvironmentStringsW
0x55f0dc GetEnvironmentStringsW
0x55f0e0 SetHandleCount
0x55f0e4 GetStdHandle
0x55f0e8 GetFileType
0x55f0ec GetStartupInfoA
0x55f0f0 TlsGetValue
0x55f0f4 TlsAlloc
0x55f0f8 TlsSetValue
0x55f0fc TlsFree
0x55f100 HeapDestroy
0x55f104 HeapCreate
0x55f108 HeapFree
0x55f10c VirtualFree
0x55f110 GetModuleFileNameA
0x55f114 WriteFile
0x55f118 HeapAlloc
0x55f11c HeapSize
0x55f120 HeapReAlloc
0x55f124 VirtualAlloc
0x55f128 GetACP
0x55f12c GetCPInfo
0x55f130 InitializeCriticalSectionAndSpinCount
0x55f134 DebugBreak
0x55f138 WriteConsoleW
0x55f13c OutputDebugStringW
0x55f140 LoadLibraryW
0x55f144 RtlUnwind
0x55f148 WideCharToMultiByte
0x55f14c MultiByteToWideChar
0x55f150 LCMapStringA
0x55f154 LCMapStringW
0x55f158 GetStringTypeA
0x55f15c GetStringTypeW
0x55f160 GetLocaleInfoA
USER32.dll
0x55f168 IsWindowVisible
0x55f16c GetLastActivePopup
0x55f170 GetParent
0x55f174 IsWindowEnabled
0x55f178 AnyPopup
0x55f17c GetDoubleClickTime
0x55f180 CheckDlgButton
0x55f184 IsWow64Message
ADVAPI32.dll
0x55f000 RegQueryValueExW
ole32.dll
0x55f18c OleInitialize
EAT(Export Address Table) is none
KERNEL32.dll
0x55f008 GetProcessHeap
0x55f00c GetUserDefaultLangID
0x55f010 lstrlenW
0x55f014 GetLastError
0x55f018 GetCurrentDirectoryW
0x55f01c SetLastError
0x55f020 lstrcmpiA
0x55f024 GetProcAddress
0x55f028 IsValidCodePage
0x55f02c GetLocalTime
0x55f030 LoadLibraryA
0x55f034 LocalAlloc
0x55f038 SetCurrentDirectoryW
0x55f03c lstrlenA
0x55f040 GetModuleHandleA
0x55f044 VirtualProtect
0x55f048 QueryPerformanceFrequency
0x55f04c OutputDebugStringA
0x55f050 FlushFileBuffers
0x55f054 CloseHandle
0x55f058 CreateFileA
0x55f05c GetConsoleOutputCP
0x55f060 WriteConsoleA
0x55f064 SetStdHandle
0x55f068 GetConsoleMode
0x55f06c GetOEMCP
0x55f070 GetCommandLineW
0x55f074 GetConsoleCP
0x55f078 SetFilePointer
0x55f07c GetStartupInfoW
0x55f080 HeapValidate
0x55f084 IsBadReadPtr
0x55f088 RaiseException
0x55f08c TerminateProcess
0x55f090 GetCurrentProcess
0x55f094 UnhandledExceptionFilter
0x55f098 SetUnhandledExceptionFilter
0x55f09c IsDebuggerPresent
0x55f0a0 DeleteCriticalSection
0x55f0a4 EnterCriticalSection
0x55f0a8 LeaveCriticalSection
0x55f0ac GetModuleFileNameW
0x55f0b0 QueryPerformanceCounter
0x55f0b4 GetTickCount
0x55f0b8 GetCurrentThreadId
0x55f0bc GetCurrentProcessId
0x55f0c0 GetSystemTimeAsFileTime
0x55f0c4 GetModuleHandleW
0x55f0c8 Sleep
0x55f0cc InterlockedIncrement
0x55f0d0 InterlockedDecrement
0x55f0d4 ExitProcess
0x55f0d8 FreeEnvironmentStringsW
0x55f0dc GetEnvironmentStringsW
0x55f0e0 SetHandleCount
0x55f0e4 GetStdHandle
0x55f0e8 GetFileType
0x55f0ec GetStartupInfoA
0x55f0f0 TlsGetValue
0x55f0f4 TlsAlloc
0x55f0f8 TlsSetValue
0x55f0fc TlsFree
0x55f100 HeapDestroy
0x55f104 HeapCreate
0x55f108 HeapFree
0x55f10c VirtualFree
0x55f110 GetModuleFileNameA
0x55f114 WriteFile
0x55f118 HeapAlloc
0x55f11c HeapSize
0x55f120 HeapReAlloc
0x55f124 VirtualAlloc
0x55f128 GetACP
0x55f12c GetCPInfo
0x55f130 InitializeCriticalSectionAndSpinCount
0x55f134 DebugBreak
0x55f138 WriteConsoleW
0x55f13c OutputDebugStringW
0x55f140 LoadLibraryW
0x55f144 RtlUnwind
0x55f148 WideCharToMultiByte
0x55f14c MultiByteToWideChar
0x55f150 LCMapStringA
0x55f154 LCMapStringW
0x55f158 GetStringTypeA
0x55f15c GetStringTypeW
0x55f160 GetLocaleInfoA
USER32.dll
0x55f168 IsWindowVisible
0x55f16c GetLastActivePopup
0x55f170 GetParent
0x55f174 IsWindowEnabled
0x55f178 AnyPopup
0x55f17c GetDoubleClickTime
0x55f180 CheckDlgButton
0x55f184 IsWow64Message
ADVAPI32.dll
0x55f000 RegQueryValueExW
ole32.dll
0x55f18c OleInitialize
EAT(Export Address Table) is none