popup

Report - ss27.exe

Gen2 Gen1 Generic Malware UPX Malicious Library Malicious Packer PE64 PE File
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.03.11 10:30 Machine s1_win7_x6401
Filename ss27.exe
Type PE32+ executable (GUI) x86-64, for MS Windows
AI Score
1
 Behavior Score
1.4
ZERO API file : malware
VT API (file) 9 detected (Minerva, njkmd, Artemis)
md5 ebe51104a56d305aac2419e97e58f975
sha256 3d4182d4be7f38a25e526943f33c8a2cb6c88c23bd7d08e8ee5e6c907a72945d
ssdeep 6144:x5UguSWlTtbveMH2QRObpNSEmV5cvWeKwDWusJkUpCvpniMWJlHQhynq3W4qOmc/:x5JGFveBQETwyjdJiGEEgSo5Xw
imphash cf7f43e95d6cd4ff3372b7d3c87b1237
impfuzzy 96:3FPuvhuFjVKqvojVFqql6YXmJG9u/ajqnjV0ojV0ZFk1L2UxWNRtuOwXO89Bhv9U:3FPuvhuFHwfqqgYXmk2g2+oSZAL2sWNT
  Network IP location

Signature (4cnts)

Level Description
watch Communicates with host for which no DNS query was performed
notice File has been identified by 9 AntiVirus engines on VirusTotal as malicious
info The file contains an unknown PE resource name possibly indicative of a packer
info This executable has a PDB path

Rules (8cnts)

Level Name Description Collection
danger Win32_Trojan_Gen_1_0904B0_Zero Win32 Trojan Emotet binaries (upload)
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)
info Win32_Trojan_Gen_2_0904B0_Zero Win32 Trojan Gen binaries (upload)

Network (1cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
131.153.76.130
whois
SG PhoenixNAP 131.153.76.130 mailcious

Suricata ids

PE API

IAT(Import Address Table) Library

USER32.dll
 0x14006d800 GetParent
 0x14006d808 PostMessageW
 0x14006d810 SetWindowPos
 0x14006d818 SetWindowLongW
 0x14006d820 RegisterClassExW
 0x14006d828 EndPaint
 0x14006d830 BeginPaint
 0x14006d838 DrawTextW
 0x14006d840 GetClientRect
 0x14006d848 GetSysColorBrush
 0x14006d850 GetWindowLongPtrW
 0x14006d858 GetSysColor
 0x14006d860 LoadCursorW
 0x14006d868 SetCursor
 0x14006d870 EnableWindow
 0x14006d878 UnregisterClassW
 0x14006d880 LoadStringW
 0x14006d888 SystemParametersInfoW
 0x14006d890 ReleaseDC
 0x14006d898 GetDC
 0x14006d8a0 DestroyWindow
 0x14006d8a8 CreateWindowExW
 0x14006d8b0 CallWindowProcW
 0x14006d8b8 DefWindowProcW
 0x14006d8c0 SetTimer
 0x14006d8c8 KillTimer
 0x14006d8d0 ShowWindow
 0x14006d8d8 UpdateWindow
 0x14006d8e0 PostQuitMessage
 0x14006d8e8 RemovePropW
 0x14006d8f0 SetPropW
 0x14006d8f8 CharNextW
 0x14006d900 GetKeyboardLayout
 0x14006d908 GetSystemMetrics
 0x14006d910 DispatchMessageA
 0x14006d918 DispatchMessageW
 0x14006d920 TranslateMessage
 0x14006d928 GetMessageA
 0x14006d930 GetMessageW
 0x14006d938 IsWindowUnicode
 0x14006d940 PeekMessageW
 0x14006d948 LoadImageW
 0x14006d950 PostThreadMessageW
 0x14006d958 SetWindowLongPtrW
 0x14006d960 DrawIcon
 0x14006d968 DestroyIcon
 0x14006d970 LoadIconW
 0x14006d978 SetForegroundWindow
 0x14006d980 SetActiveWindow
 0x14006d988 AllowSetForegroundWindow
 0x14006d990 MsgWaitForMultipleObjects
 0x14006d998 UnregisterClassA
 0x14006d9a0 GetKeyboardLayoutList
 0x14006d9a8 ActivateKeyboardLayout
 0x14006d9b0 GetWindowRect
 0x14006d9b8 SendMessageW
 0x14006d9c0 InvalidateRect
 0x14006d9c8 CharUpperW
msvcrt.dll
 0x14006da30 ??0exception@@QEAA@AEBQEBDH@Z
 0x14006da38 malloc
 0x14006da40 free
 0x14006da48 __C_specific_handler
 0x14006da50 memset
 0x14006da58 _purecall
 0x14006da60 __RTDynamicCast
 0x14006da68 ceil
 0x14006da70 memcmp
 0x14006da78 wcscpy_s
 0x14006da80 ??0exception@@QEAA@AEBQEBD@Z
 0x14006da88 isalnum
 0x14006da90 abort
 0x14006da98 tolower
 0x14006daa0 isspace
 0x14006daa8 realloc
 0x14006dab0 _errno
 0x14006dab8 _onexit
 0x14006dac0 __dllonexit
 0x14006dac8 _unlock
 0x14006dad0 _lock
 0x14006dad8 ??1type_info@@UEAA@XZ
 0x14006dae0 ?terminate@@YAXXZ
 0x14006dae8 _commode
 0x14006daf0 _fmode
 0x14006daf8 _wcmdln
 0x14006db00 _initterm
 0x14006db08 __setusermatherr
 0x14006db10 _cexit
 0x14006db18 _exit
 0x14006db20 exit
 0x14006db28 __set_app_type
 0x14006db30 __wgetmainargs
 0x14006db38 _amsg_exit
 0x14006db40 _XcptFilter
 0x14006db48 _CxxThrowException
 0x14006db50 _callnewh
 0x14006db58 ?what@exception@@UEBAPEBDXZ
 0x14006db60 ??1exception@@UEAA@XZ
 0x14006db68 ??0exception@@QEAA@AEBV0@@Z
 0x14006db70 memcpy_s
 0x14006db78 memmove_s
 0x14006db80 wcsncpy_s
 0x14006db88 _wcsicmp
 0x14006db90 _wtoi
 0x14006db98 wcscat_s
 0x14006dba0 wcscmp
 0x14006dba8 ??0exception@@QEAA@XZ
 0x14006dbb0 _vsnwprintf
 0x14006dbb8 _vscwprintf
 0x14006dbc0 vswprintf_s
 0x14006dbc8 iswspace
 0x14006dbd0 wcsspn
 0x14006dbd8 wcscspn
 0x14006dbe0 wcschr
 0x14006dbe8 wcsstr
 0x14006dbf0 memchr
 0x14006dbf8 localeconv
 0x14006dc00 _strtoi64
 0x14006dc08 _strtoui64
 0x14006dc10 isdigit
 0x14006dc18 isalpha
 0x14006dc20 swprintf_s
 0x14006dc28 strchr
 0x14006dc30 __CxxFrameHandler3
 0x14006dc38 setlocale
 0x14006dc40 __pctype_func
 0x14006dc48 ___lc_handle_func
 0x14006dc50 ___lc_codepage_func
 0x14006dc58 memcpy
 0x14006dc60 ___mb_cur_max_func
 0x14006dc68 __mb_cur_max
 0x14006dc70 __crtGetStringTypeW
 0x14006dc78 __crtLCMapStringW
CRYPTSP.dll
 0x14006d018 CryptDestroyHash
 0x14006d020 CryptGetHashParam
 0x14006d028 CryptHashData
 0x14006d030 CryptCreateHash
 0x14006d038 CryptAcquireContextW
 0x14006d040 CryptReleaseContext
ole32.dll
 0x14006dcd8 CoCreateFreeThreadedMarshaler
 0x14006dce0 CoCreateGuid
 0x14006dce8 CreateStreamOnHGlobal
 0x14006dcf0 CoRevokeClassObject
 0x14006dcf8 CoInitialize
 0x14006dd00 CoRegisterClassObject
 0x14006dd08 StringFromGUID2
 0x14006dd10 CoTaskMemAlloc
 0x14006dd18 CoTaskMemRealloc
 0x14006dd20 CoTaskMemFree
 0x14006dd28 CoCreateInstance
 0x14006dd30 CoUninitialize
 0x14006dd38 CLSIDFromString
OLEAUT32.dll
 0x14006d728 VarUI4FromStr
 0x14006d730 SysAllocString
 0x14006d738 RegisterTypeLib
 0x14006d740 SysStringLen
 0x14006d748 VariantChangeType
 0x14006d750 SafeArrayDestroy
 0x14006d758 SafeArrayCreateVector
 0x14006d760 OleCreatePictureIndirect
 0x14006d768 VariantInit
 0x14006d770 VariantClear
 0x14006d778 SysAllocStringByteLen
 0x14006d780 SysStringByteLen
 0x14006d788 SafeArrayUnaccessData
 0x14006d790 SafeArrayAccessData
 0x14006d798 UnRegisterTypeLib
 0x14006d7a0 LoadTypeLib
 0x14006d7a8 SysFreeString
SHELL32.dll
 0x14006d7e0 Shell_NotifyIconW
 0x14006d7e8 CommandLineToArgvW
 0x14006d7f0 ShellExecuteExW
RPCRT4.dll
 0x14006d7b8 UuidCreate
 0x14006d7c0 UuidFromStringW
 0x14006d7c8 RpcStringFreeW
 0x14006d7d0 UuidToStringW
GDI32.dll
 0x14006d468 TextOutW
 0x14006d470 GetTextExtentPoint32W
 0x14006d478 CreateFontIndirectW
 0x14006d480 DeleteObject
 0x14006d488 SetTextColor
 0x14006d490 SetBkMode
 0x14006d498 GetTextMetricsW
 0x14006d4a0 CreateFontW
 0x14006d4a8 LineTo
 0x14006d4b0 MoveToEx
 0x14006d4b8 GdiGradientFill
 0x14006d4c0 GetStockObject
 0x14006d4c8 RoundRect
 0x14006d4d0 SelectObject
 0x14006d4d8 CreatePen
 0x14006d4e0 GetDeviceCaps
ntdll.dll
 0x14006dc88 EtwRegisterTraceGuidsW
 0x14006dc90 EtwGetTraceEnableFlags
 0x14006dc98 EtwGetTraceEnableLevel
 0x14006dca0 RtlCaptureContext
 0x14006dca8 RtlLookupFunctionEntry
 0x14006dcb0 RtlVirtualUnwind
 0x14006dcb8 EtwLogTraceEvent
 0x14006dcc0 EtwUnregisterTraceGuids
 0x14006dcc8 EtwGetTraceLoggerHandle
KERNEL32.dll
 0x14006d4f0 ExpandEnvironmentStringsW
 0x14006d4f8 WaitForMultipleObjects
 0x14006d500 WriteFile
 0x14006d508 CreateFileW
 0x14006d510 GetTempFileNameW
 0x14006d518 GetFileAttributesW
 0x14006d520 GetTempPathW
 0x14006d528 GlobalUnlock
 0x14006d530 GlobalLock
 0x14006d538 GlobalAlloc
 0x14006d540 FoldStringW
 0x14006d548 HeapAlloc
 0x14006d550 HeapFree
 0x14006d558 GetProcessHeap
 0x14006d560 MulDiv
 0x14006d568 LoadLibraryW
 0x14006d570 GetUserDefaultUILanguage
 0x14006d578 FreeResource
 0x14006d580 FindResourceW
 0x14006d588 ResetEvent
 0x14006d590 SetLastError
 0x14006d598 CreateEventW
 0x14006d5a0 LockResource
 0x14006d5a8 GlobalFree
 0x14006d5b0 CloseHandle
 0x14006d5b8 WaitForSingleObject
 0x14006d5c0 CreateThread
 0x14006d5c8 SetLocaleInfoW
 0x14006d5d0 GetLocaleInfoW
 0x14006d5d8 RegisterApplicationRestart
 0x14006d5e0 HeapSetInformation
 0x14006d5e8 LocalFree
 0x14006d5f0 GetCommandLineW
 0x14006d5f8 GetModuleFileNameW
 0x14006d600 FindResourceExW
 0x14006d608 LoadResource
 0x14006d610 SizeofResource
 0x14006d618 LoadLibraryExW
 0x14006d620 FreeLibrary
 0x14006d628 OutputDebugStringA
 0x14006d630 TerminateProcess
 0x14006d638 GetCurrentProcess
 0x14006d640 UnhandledExceptionFilter
 0x14006d648 GetTickCount
 0x14006d650 GetSystemTimeAsFileTime
 0x14006d658 GetCurrentProcessId
 0x14006d660 QueryPerformanceCounter
 0x14006d668 SetUnhandledExceptionFilter
 0x14006d670 GetStartupInfoW
 0x14006d678 Sleep
 0x14006d680 WideCharToMultiByte
 0x14006d688 MultiByteToWideChar
 0x14006d690 lstrcmpiW
 0x14006d698 GetLastError
 0x14006d6a0 InitializeCriticalSection
 0x14006d6a8 SetEvent
 0x14006d6b0 DeleteCriticalSection
 0x14006d6b8 GetCurrentThreadId
 0x14006d6c0 RaiseException
 0x14006d6c8 GetProcAddress
 0x14006d6d0 GetVersionExW
 0x14006d6d8 GetModuleHandleW
 0x14006d6e0 LocaleNameToLCID
 0x14006d6e8 HeapSize
 0x14006d6f0 LocalAlloc
 0x14006d6f8 GetModuleHandleExW
 0x14006d700 EnterCriticalSection
 0x14006d708 LeaveCriticalSection
 0x14006d710 HeapDestroy
 0x14006d718 HeapReAlloc

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure