ScreenShot
| Created | 2023.03.12 10:18 | Machine | s1_win7_x6403 |
| Filename | ape2.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 22 detected (malicious, high confidence, Artemis, Save, ZexaF, QvX@aSLsKMmO, Attribute, HighConfidence, GenKryptik, GHIS, score, FileRepMalware, Misc, PRIVATELOADER, YXDCLZ, moderate, Casdet, Detected, Limpopo, Cerber, susgen) | ||
| md5 | bc2bec9810f53c3b1ca1220d05b0fea7 | ||
| sha256 | 7d36d865c07e911c5eff4d45c8f7e837b0ffe589cefcd7a8d812477f4e05b5d7 | ||
| ssdeep | 24576:ur99vy7F8EXAeRBf9zY7lXYZJ3oaHWuCpisNAbHWTWDlmhz:uZ9vy7uUl07WNhHuikAb2TWJs | ||
| imphash | 533c5409968cfac36437ac5835c4d83f | ||
| impfuzzy | 48:arZ1Y5+flkt0wqcoHvcUZ7BtayzVh0rzH/G9:arZ1Y5+fSt0wqcYvcU7BLiu | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x599000 GetSystemDefaultLangID
0x599004 lstrcmpA
0x599008 lstrlenA
0x59900c GetSystemDefaultUILanguage
0x599010 LeaveCriticalSection
0x599014 GetACP
0x599018 lstrlenW
0x59901c SetLastError
0x599020 GetProcAddress
0x599024 IsValidCodePage
0x599028 GetPrivateProfileStringA
0x59902c GetModuleHandleA
0x599030 CreateFileA
0x599034 GetLocaleInfoW
0x599038 SetStdHandle
0x59903c WriteConsoleW
0x599040 GetConsoleOutputCP
0x599044 WriteConsoleA
0x599048 LoadLibraryA
0x59904c InterlockedIncrement
0x599050 InterlockedDecrement
0x599054 Sleep
0x599058 InitializeCriticalSection
0x59905c DeleteCriticalSection
0x599060 EnterCriticalSection
0x599064 HeapAlloc
0x599068 GetCommandLineA
0x59906c GetStartupInfoA
0x599070 TerminateProcess
0x599074 GetCurrentProcess
0x599078 UnhandledExceptionFilter
0x59907c SetUnhandledExceptionFilter
0x599080 IsDebuggerPresent
0x599084 RaiseException
0x599088 GetLastError
0x59908c HeapFree
0x599090 RtlUnwind
0x599094 LCMapStringA
0x599098 WideCharToMultiByte
0x59909c MultiByteToWideChar
0x5990a0 LCMapStringW
0x5990a4 GetCPInfo
0x5990a8 VirtualFree
0x5990ac VirtualAlloc
0x5990b0 HeapReAlloc
0x5990b4 HeapCreate
0x5990b8 GetModuleHandleW
0x5990bc ExitProcess
0x5990c0 WriteFile
0x5990c4 GetStdHandle
0x5990c8 GetModuleFileNameA
0x5990cc FreeEnvironmentStringsA
0x5990d0 GetEnvironmentStrings
0x5990d4 FreeEnvironmentStringsW
0x5990d8 GetEnvironmentStringsW
0x5990dc SetHandleCount
0x5990e0 GetFileType
0x5990e4 TlsGetValue
0x5990e8 TlsAlloc
0x5990ec TlsSetValue
0x5990f0 TlsFree
0x5990f4 GetCurrentThreadId
0x5990f8 QueryPerformanceCounter
0x5990fc GetTickCount
0x599100 GetCurrentProcessId
0x599104 GetSystemTimeAsFileTime
0x599108 GetConsoleCP
0x59910c GetConsoleMode
0x599110 FlushFileBuffers
0x599114 ReadFile
0x599118 SetFilePointer
0x59911c CloseHandle
0x599120 HeapSize
0x599124 GetOEMCP
0x599128 GetLocaleInfoA
0x59912c GetStringTypeA
0x599130 GetStringTypeW
0x599134 GetUserDefaultLCID
0x599138 EnumSystemLocalesA
0x59913c IsValidLocale
0x599140 InitializeCriticalSectionAndSpinCount
USER32.dll
0x599148 GetMessageExtraInfo
0x59914c GetTopWindow
0x599150 IsZoomed
0x599154 GetParent
0x599158 GetForegroundWindow
0x59915c GetDesktopWindow
0x599160 IsWindow
0x599164 IsWow64Message
0x599168 GetDlgCtrlID
0x59916c GetShellWindow
EAT(Export Address Table) is none
KERNEL32.dll
0x599000 GetSystemDefaultLangID
0x599004 lstrcmpA
0x599008 lstrlenA
0x59900c GetSystemDefaultUILanguage
0x599010 LeaveCriticalSection
0x599014 GetACP
0x599018 lstrlenW
0x59901c SetLastError
0x599020 GetProcAddress
0x599024 IsValidCodePage
0x599028 GetPrivateProfileStringA
0x59902c GetModuleHandleA
0x599030 CreateFileA
0x599034 GetLocaleInfoW
0x599038 SetStdHandle
0x59903c WriteConsoleW
0x599040 GetConsoleOutputCP
0x599044 WriteConsoleA
0x599048 LoadLibraryA
0x59904c InterlockedIncrement
0x599050 InterlockedDecrement
0x599054 Sleep
0x599058 InitializeCriticalSection
0x59905c DeleteCriticalSection
0x599060 EnterCriticalSection
0x599064 HeapAlloc
0x599068 GetCommandLineA
0x59906c GetStartupInfoA
0x599070 TerminateProcess
0x599074 GetCurrentProcess
0x599078 UnhandledExceptionFilter
0x59907c SetUnhandledExceptionFilter
0x599080 IsDebuggerPresent
0x599084 RaiseException
0x599088 GetLastError
0x59908c HeapFree
0x599090 RtlUnwind
0x599094 LCMapStringA
0x599098 WideCharToMultiByte
0x59909c MultiByteToWideChar
0x5990a0 LCMapStringW
0x5990a4 GetCPInfo
0x5990a8 VirtualFree
0x5990ac VirtualAlloc
0x5990b0 HeapReAlloc
0x5990b4 HeapCreate
0x5990b8 GetModuleHandleW
0x5990bc ExitProcess
0x5990c0 WriteFile
0x5990c4 GetStdHandle
0x5990c8 GetModuleFileNameA
0x5990cc FreeEnvironmentStringsA
0x5990d0 GetEnvironmentStrings
0x5990d4 FreeEnvironmentStringsW
0x5990d8 GetEnvironmentStringsW
0x5990dc SetHandleCount
0x5990e0 GetFileType
0x5990e4 TlsGetValue
0x5990e8 TlsAlloc
0x5990ec TlsSetValue
0x5990f0 TlsFree
0x5990f4 GetCurrentThreadId
0x5990f8 QueryPerformanceCounter
0x5990fc GetTickCount
0x599100 GetCurrentProcessId
0x599104 GetSystemTimeAsFileTime
0x599108 GetConsoleCP
0x59910c GetConsoleMode
0x599110 FlushFileBuffers
0x599114 ReadFile
0x599118 SetFilePointer
0x59911c CloseHandle
0x599120 HeapSize
0x599124 GetOEMCP
0x599128 GetLocaleInfoA
0x59912c GetStringTypeA
0x599130 GetStringTypeW
0x599134 GetUserDefaultLCID
0x599138 EnumSystemLocalesA
0x59913c IsValidLocale
0x599140 InitializeCriticalSectionAndSpinCount
USER32.dll
0x599148 GetMessageExtraInfo
0x59914c GetTopWindow
0x599150 IsZoomed
0x599154 GetParent
0x599158 GetForegroundWindow
0x59915c GetDesktopWindow
0x599160 IsWindow
0x599164 IsWow64Message
0x599168 GetDlgCtrlID
0x59916c GetShellWindow
EAT(Export Address Table) is none