ScreenShot
| Created | 2023.03.13 09:51 | Machine | s1_win7_x6403 |
| Filename | 1.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 24 detected (malicious, high confidence, GenericKD, Vhcy, confidence, Attribute, HighConfidence, a variant of Generik, ECRJPKD, score, DropperX, Undefined, CLOUD, ClipSpy, NetLoader, ai score=82, Wacatac, Artemis, unsafe, PossibleThreat) | ||
| md5 | ef57f8d8a632b8cf2b89021e2a7be68e | ||
| sha256 | 504eeed5061605b464f6dd44aa72d78efaed7d8ec0704d6db6595c977b7dd68a | ||
| ssdeep | 3072:Lm1ReRExqa3HodDUMTW3FCh3tnigcQnbMbAvmppijpV:kReREl34DhqoJigcpbUpV | ||
| imphash | f37a61d96b690f7b944e7449374d4371 | ||
| impfuzzy | 96:op+tybYLFBPVjqLLfE9WKhqpD3n6XCDbZymonWXjoQgLQkLFYe4Ihok+qJ1Fx:4bGBmmhqpD3n6yDAm0Q4QverhoklJ1 | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 24 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Repeatedly searches for a not-found process |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140024128 WaitForMultipleObjects
0x140024130 LeaveCriticalSection
0x140024138 InitializeCriticalSection
0x140024140 DeleteCriticalSection
0x140024148 LoadLibraryW
0x140024150 GetProcAddress
0x140024158 InitializeCriticalSectionAndSpinCount
0x140024160 CreateProcessW
0x140024168 FindFirstFileW
0x140024170 FindNextFileW
0x140024178 FindClose
0x140024180 GetDiskFreeSpaceExW
0x140024188 GetDriveTypeW
0x140024190 GetModuleHandleA
0x140024198 SetFileAttributesW
0x1400241a0 GetCurrentProcessId
0x1400241a8 SetFilePointer
0x1400241b0 LocalAlloc
0x1400241b8 GlobalSize
0x1400241c0 GetLocalTime
0x1400241c8 GlobalLock
0x1400241d0 ExitProcess
0x1400241d8 LocalReAlloc
0x1400241e0 GlobalUnlock
0x1400241e8 DeleteFileW
0x1400241f0 GetSystemInfo
0x1400241f8 GetComputerNameW
0x140024200 IsWow64Process
0x140024208 TerminateProcess
0x140024210 K32GetProcessMemoryInfo
0x140024218 GetPriorityClass
0x140024220 GetModuleHandleW
0x140024228 LocalFree
0x140024230 GetStartupInfoW
0x140024238 CreatePipe
0x140024240 PeekNamedPipe
0x140024248 DisconnectNamedPipe
0x140024250 TerminateThread
0x140024258 WideCharToMultiByte
0x140024260 lstrcmpiW
0x140024268 GetModuleHandleExW
0x140024270 EncodePointer
0x140024278 RtlUnwindEx
0x140024280 RaiseException
0x140024288 OutputDebugStringW
0x140024290 InitializeSListHead
0x140024298 GetSystemTimeAsFileTime
0x1400242a0 QueryPerformanceCounter
0x1400242a8 IsDebuggerPresent
0x1400242b0 IsProcessorFeaturePresent
0x1400242b8 SetUnhandledExceptionFilter
0x1400242c0 UnhandledExceptionFilter
0x1400242c8 RtlVirtualUnwind
0x1400242d0 RtlLookupFunctionEntry
0x1400242d8 RtlCaptureContext
0x1400242e0 WaitForSingleObjectEx
0x1400242e8 ResetEvent
0x1400242f0 EnterCriticalSection
0x1400242f8 GlobalFree
0x140024300 MoveFileW
0x140024308 K32EnumProcessModules
0x140024310 Process32FirstW
0x140024318 lstrcpyA
0x140024320 GlobalAlloc
0x140024328 lstrcatW
0x140024330 Process32NextW
0x140024338 GetTickCount64
0x140024340 CreateToolhelp32Snapshot
0x140024348 GetLogicalDriveStringsW
0x140024350 OpenProcess
0x140024358 lstrcatA
0x140024360 GetSystemDirectoryW
0x140024368 K32GetProcessImageFileNameW
0x140024370 GetCurrentThreadId
0x140024378 CreateFileW
0x140024380 lstrlenA
0x140024388 QueryDosDeviceA
0x140024390 K32GetProcessImageFileNameA
0x140024398 WriteFile
0x1400243a0 lstrlenW
0x1400243a8 GetCurrentProcess
0x1400243b0 GetVolumeInformationW
0x1400243b8 VirtualFree
0x1400243c0 QueryDosDeviceW
0x1400243c8 lstrcmpiA
0x1400243d0 lstrcpyW
0x1400243d8 FreeLibrary
0x1400243e0 GetFileSize
0x1400243e8 MoveFileExW
0x1400243f0 GetWindowsDirectoryW
0x1400243f8 GetLogicalDriveStringsA
0x140024400 VirtualProtect
0x140024408 CloseHandle
0x140024410 ReadFile
0x140024418 SetEvent
0x140024420 GetLastError
0x140024428 Sleep
0x140024430 CreateEventW
0x140024438 WaitForSingleObject
0x140024440 CancelIo
0x140024448 VirtualAlloc
0x140024450 GlobalMemoryStatusEx
USER32.dll
0x140024490 SetWindowLongPtrW
0x140024498 CreateWindowExW
0x1400244a0 CallNextHookEx
0x1400244a8 GetAsyncKeyState
0x1400244b0 OpenClipboard
0x1400244b8 GetKeyState
0x1400244c0 CloseClipboard
0x1400244c8 ExitWindowsEx
0x1400244d0 GetWindowTextA
0x1400244d8 GetRawInputData
0x1400244e0 GetForegroundWindow
0x1400244e8 UnhookWindowsHookEx
0x1400244f0 DefWindowProcW
0x1400244f8 GetMessageW
0x140024500 DispatchMessageW
0x140024508 GetCursorPos
0x140024510 wsprintfW
0x140024518 SystemParametersInfoW
0x140024520 OpenInputDesktop
0x140024528 GetDesktopWindow
0x140024530 LoadCursorW
0x140024538 GetCursorInfo
0x140024540 DestroyCursor
0x140024548 GetSystemMetrics
0x140024550 SendMessageW
0x140024558 GetWindowThreadProcessId
0x140024560 CloseDesktop
0x140024568 wsprintfA
0x140024570 GetThreadDesktop
0x140024578 SetThreadDesktop
0x140024580 SetRect
0x140024588 IntersectRect
0x140024590 CopyRect
0x140024598 GetMonitorInfoW
0x1400245a0 OffsetRect
0x1400245a8 UnionRect
0x1400245b0 EqualRect
0x1400245b8 ReleaseDC
0x1400245c0 GetDC
0x1400245c8 mouse_event
0x1400245d0 BlockInput
0x1400245d8 keybd_event
0x1400245e0 MapVirtualKeyW
0x1400245e8 SetWindowsHookExW
0x1400245f0 GetUserObjectInformationW
0x1400245f8 TranslateMessage
0x140024600 GetClipboardData
0x140024608 RegisterRawInputDevices
GDI32.dll
0x1400240c0 CreateCompatibleBitmap
0x1400240c8 SelectObject
0x1400240d0 CreateDIBSection
0x1400240d8 CreateCompatibleDC
0x1400240e0 GetDIBits
0x1400240e8 DeleteObject
0x1400240f0 GetDeviceCaps
0x1400240f8 DeleteDC
0x140024100 BitBlt
ADVAPI32.dll
0x140024000 OpenSCManagerW
0x140024008 OpenProcessToken
0x140024010 StartServiceW
0x140024018 RegOpenKeyExW
0x140024020 OpenServiceW
0x140024028 LookupAccountSidW
0x140024030 RegQueryValueExW
0x140024038 GetTokenInformation
0x140024040 CloseServiceHandle
0x140024048 RegCloseKey
0x140024050 AdjustTokenPrivileges
0x140024058 LookupPrivilegeValueW
0x140024060 DeleteService
0x140024068 RegEnumValueW
0x140024070 RegEnumKeyExW
0x140024078 EnumServicesStatusW
0x140024080 QueryServiceConfig2W
0x140024088 ChangeServiceConfigW
0x140024090 QueryServiceConfigW
0x140024098 ControlService
0x1400240a0 LockServiceDatabase
0x1400240a8 UnlockServiceDatabase
0x1400240b0 QueryServiceStatus
SHELL32.dll
0x140024478 ShellExecuteW
0x140024480 SHFileOperationW
ole32.dll
0x140024840 CoInitializeEx
0x140024848 CoUninitialize
0x140024850 CoInitialize
0x140024858 CoCreateInstance
OLEAUT32.dll
0x140024460 VariantClear
0x140024468 VariantInit
WTSAPI32.dll
0x1400246d0 WTSFreeMemory
0x1400246d8 WTSQuerySessionInformationW
0x1400246e0 WTSEnumerateSessionsW
WS2_32.dll
0x140024628 WSACleanup
0x140024630 gethostname
0x140024638 inet_ntoa
0x140024640 WSAStartup
0x140024648 WSAEventSelect
0x140024650 send
0x140024658 socket
0x140024660 select
0x140024668 WSAWaitForMultipleEvents
0x140024670 recv
0x140024678 closesocket
0x140024680 WSAEnumNetworkEvents
0x140024688 htons
0x140024690 WSACreateEvent
0x140024698 setsockopt
0x1400246a0 getaddrinfo
0x1400246a8 WSAGetLastError
0x1400246b0 WSASend
0x1400246b8 connect
0x1400246c0 gethostbyname
IPHLPAPI.DLL
0x140024110 GetExtendedUdpTable
0x140024118 GetExtendedTcpTable
WINMM.dll
0x140024618 timeGetTime
gdiplus.dll
0x1400246f0 GdipCloneImage
0x1400246f8 GdiplusShutdown
0x140024700 GdipFree
0x140024708 GdipGetImageGraphicsContext
0x140024710 GdipDeleteGraphics
0x140024718 GdipCreateBitmapFromScan0
0x140024720 GdipDrawImageI
0x140024728 GdiplusStartup
0x140024730 GdipDisposeImage
0x140024738 GdipAlloc
msvcrt.dll
0x140024748 _msize
0x140024750 _XcptFilter
0x140024758 __set_app_type
0x140024760 _acmdln
0x140024768 _fmode
0x140024770 ?_set_new_mode@@YAHH@Z
0x140024778 _commode
0x140024780 ?terminate@@YAXXZ
0x140024788 realloc
0x140024790 _initterm
0x140024798 _callnewh
0x1400247a0 _errno
0x1400247a8 wcsncmp
0x1400247b0 strncmp
0x1400247b8 _beginthreadex
0x1400247c0 malloc
0x1400247c8 free
0x1400247d0 abort
0x1400247d8 __DestructExceptionObject
0x1400247e0 _amsg_exit
0x1400247e8 memmove
0x1400247f0 memset
0x1400247f8 memcpy
0x140024800 _CxxThrowException
0x140024808 __C_specific_handler
0x140024810 wcsstr
0x140024818 __getmainargs
0x140024820 __CxxFrameHandler
0x140024828 _ismbblead
0x140024830 ceil
EAT(Export Address Table) is none
KERNEL32.dll
0x140024128 WaitForMultipleObjects
0x140024130 LeaveCriticalSection
0x140024138 InitializeCriticalSection
0x140024140 DeleteCriticalSection
0x140024148 LoadLibraryW
0x140024150 GetProcAddress
0x140024158 InitializeCriticalSectionAndSpinCount
0x140024160 CreateProcessW
0x140024168 FindFirstFileW
0x140024170 FindNextFileW
0x140024178 FindClose
0x140024180 GetDiskFreeSpaceExW
0x140024188 GetDriveTypeW
0x140024190 GetModuleHandleA
0x140024198 SetFileAttributesW
0x1400241a0 GetCurrentProcessId
0x1400241a8 SetFilePointer
0x1400241b0 LocalAlloc
0x1400241b8 GlobalSize
0x1400241c0 GetLocalTime
0x1400241c8 GlobalLock
0x1400241d0 ExitProcess
0x1400241d8 LocalReAlloc
0x1400241e0 GlobalUnlock
0x1400241e8 DeleteFileW
0x1400241f0 GetSystemInfo
0x1400241f8 GetComputerNameW
0x140024200 IsWow64Process
0x140024208 TerminateProcess
0x140024210 K32GetProcessMemoryInfo
0x140024218 GetPriorityClass
0x140024220 GetModuleHandleW
0x140024228 LocalFree
0x140024230 GetStartupInfoW
0x140024238 CreatePipe
0x140024240 PeekNamedPipe
0x140024248 DisconnectNamedPipe
0x140024250 TerminateThread
0x140024258 WideCharToMultiByte
0x140024260 lstrcmpiW
0x140024268 GetModuleHandleExW
0x140024270 EncodePointer
0x140024278 RtlUnwindEx
0x140024280 RaiseException
0x140024288 OutputDebugStringW
0x140024290 InitializeSListHead
0x140024298 GetSystemTimeAsFileTime
0x1400242a0 QueryPerformanceCounter
0x1400242a8 IsDebuggerPresent
0x1400242b0 IsProcessorFeaturePresent
0x1400242b8 SetUnhandledExceptionFilter
0x1400242c0 UnhandledExceptionFilter
0x1400242c8 RtlVirtualUnwind
0x1400242d0 RtlLookupFunctionEntry
0x1400242d8 RtlCaptureContext
0x1400242e0 WaitForSingleObjectEx
0x1400242e8 ResetEvent
0x1400242f0 EnterCriticalSection
0x1400242f8 GlobalFree
0x140024300 MoveFileW
0x140024308 K32EnumProcessModules
0x140024310 Process32FirstW
0x140024318 lstrcpyA
0x140024320 GlobalAlloc
0x140024328 lstrcatW
0x140024330 Process32NextW
0x140024338 GetTickCount64
0x140024340 CreateToolhelp32Snapshot
0x140024348 GetLogicalDriveStringsW
0x140024350 OpenProcess
0x140024358 lstrcatA
0x140024360 GetSystemDirectoryW
0x140024368 K32GetProcessImageFileNameW
0x140024370 GetCurrentThreadId
0x140024378 CreateFileW
0x140024380 lstrlenA
0x140024388 QueryDosDeviceA
0x140024390 K32GetProcessImageFileNameA
0x140024398 WriteFile
0x1400243a0 lstrlenW
0x1400243a8 GetCurrentProcess
0x1400243b0 GetVolumeInformationW
0x1400243b8 VirtualFree
0x1400243c0 QueryDosDeviceW
0x1400243c8 lstrcmpiA
0x1400243d0 lstrcpyW
0x1400243d8 FreeLibrary
0x1400243e0 GetFileSize
0x1400243e8 MoveFileExW
0x1400243f0 GetWindowsDirectoryW
0x1400243f8 GetLogicalDriveStringsA
0x140024400 VirtualProtect
0x140024408 CloseHandle
0x140024410 ReadFile
0x140024418 SetEvent
0x140024420 GetLastError
0x140024428 Sleep
0x140024430 CreateEventW
0x140024438 WaitForSingleObject
0x140024440 CancelIo
0x140024448 VirtualAlloc
0x140024450 GlobalMemoryStatusEx
USER32.dll
0x140024490 SetWindowLongPtrW
0x140024498 CreateWindowExW
0x1400244a0 CallNextHookEx
0x1400244a8 GetAsyncKeyState
0x1400244b0 OpenClipboard
0x1400244b8 GetKeyState
0x1400244c0 CloseClipboard
0x1400244c8 ExitWindowsEx
0x1400244d0 GetWindowTextA
0x1400244d8 GetRawInputData
0x1400244e0 GetForegroundWindow
0x1400244e8 UnhookWindowsHookEx
0x1400244f0 DefWindowProcW
0x1400244f8 GetMessageW
0x140024500 DispatchMessageW
0x140024508 GetCursorPos
0x140024510 wsprintfW
0x140024518 SystemParametersInfoW
0x140024520 OpenInputDesktop
0x140024528 GetDesktopWindow
0x140024530 LoadCursorW
0x140024538 GetCursorInfo
0x140024540 DestroyCursor
0x140024548 GetSystemMetrics
0x140024550 SendMessageW
0x140024558 GetWindowThreadProcessId
0x140024560 CloseDesktop
0x140024568 wsprintfA
0x140024570 GetThreadDesktop
0x140024578 SetThreadDesktop
0x140024580 SetRect
0x140024588 IntersectRect
0x140024590 CopyRect
0x140024598 GetMonitorInfoW
0x1400245a0 OffsetRect
0x1400245a8 UnionRect
0x1400245b0 EqualRect
0x1400245b8 ReleaseDC
0x1400245c0 GetDC
0x1400245c8 mouse_event
0x1400245d0 BlockInput
0x1400245d8 keybd_event
0x1400245e0 MapVirtualKeyW
0x1400245e8 SetWindowsHookExW
0x1400245f0 GetUserObjectInformationW
0x1400245f8 TranslateMessage
0x140024600 GetClipboardData
0x140024608 RegisterRawInputDevices
GDI32.dll
0x1400240c0 CreateCompatibleBitmap
0x1400240c8 SelectObject
0x1400240d0 CreateDIBSection
0x1400240d8 CreateCompatibleDC
0x1400240e0 GetDIBits
0x1400240e8 DeleteObject
0x1400240f0 GetDeviceCaps
0x1400240f8 DeleteDC
0x140024100 BitBlt
ADVAPI32.dll
0x140024000 OpenSCManagerW
0x140024008 OpenProcessToken
0x140024010 StartServiceW
0x140024018 RegOpenKeyExW
0x140024020 OpenServiceW
0x140024028 LookupAccountSidW
0x140024030 RegQueryValueExW
0x140024038 GetTokenInformation
0x140024040 CloseServiceHandle
0x140024048 RegCloseKey
0x140024050 AdjustTokenPrivileges
0x140024058 LookupPrivilegeValueW
0x140024060 DeleteService
0x140024068 RegEnumValueW
0x140024070 RegEnumKeyExW
0x140024078 EnumServicesStatusW
0x140024080 QueryServiceConfig2W
0x140024088 ChangeServiceConfigW
0x140024090 QueryServiceConfigW
0x140024098 ControlService
0x1400240a0 LockServiceDatabase
0x1400240a8 UnlockServiceDatabase
0x1400240b0 QueryServiceStatus
SHELL32.dll
0x140024478 ShellExecuteW
0x140024480 SHFileOperationW
ole32.dll
0x140024840 CoInitializeEx
0x140024848 CoUninitialize
0x140024850 CoInitialize
0x140024858 CoCreateInstance
OLEAUT32.dll
0x140024460 VariantClear
0x140024468 VariantInit
WTSAPI32.dll
0x1400246d0 WTSFreeMemory
0x1400246d8 WTSQuerySessionInformationW
0x1400246e0 WTSEnumerateSessionsW
WS2_32.dll
0x140024628 WSACleanup
0x140024630 gethostname
0x140024638 inet_ntoa
0x140024640 WSAStartup
0x140024648 WSAEventSelect
0x140024650 send
0x140024658 socket
0x140024660 select
0x140024668 WSAWaitForMultipleEvents
0x140024670 recv
0x140024678 closesocket
0x140024680 WSAEnumNetworkEvents
0x140024688 htons
0x140024690 WSACreateEvent
0x140024698 setsockopt
0x1400246a0 getaddrinfo
0x1400246a8 WSAGetLastError
0x1400246b0 WSASend
0x1400246b8 connect
0x1400246c0 gethostbyname
IPHLPAPI.DLL
0x140024110 GetExtendedUdpTable
0x140024118 GetExtendedTcpTable
WINMM.dll
0x140024618 timeGetTime
gdiplus.dll
0x1400246f0 GdipCloneImage
0x1400246f8 GdiplusShutdown
0x140024700 GdipFree
0x140024708 GdipGetImageGraphicsContext
0x140024710 GdipDeleteGraphics
0x140024718 GdipCreateBitmapFromScan0
0x140024720 GdipDrawImageI
0x140024728 GdiplusStartup
0x140024730 GdipDisposeImage
0x140024738 GdipAlloc
msvcrt.dll
0x140024748 _msize
0x140024750 _XcptFilter
0x140024758 __set_app_type
0x140024760 _acmdln
0x140024768 _fmode
0x140024770 ?_set_new_mode@@YAHH@Z
0x140024778 _commode
0x140024780 ?terminate@@YAXXZ
0x140024788 realloc
0x140024790 _initterm
0x140024798 _callnewh
0x1400247a0 _errno
0x1400247a8 wcsncmp
0x1400247b0 strncmp
0x1400247b8 _beginthreadex
0x1400247c0 malloc
0x1400247c8 free
0x1400247d0 abort
0x1400247d8 __DestructExceptionObject
0x1400247e0 _amsg_exit
0x1400247e8 memmove
0x1400247f0 memset
0x1400247f8 memcpy
0x140024800 _CxxThrowException
0x140024808 __C_specific_handler
0x140024810 wcsstr
0x140024818 __getmainargs
0x140024820 __CxxFrameHandler
0x140024828 _ismbblead
0x140024830 ceil
EAT(Export Address Table) is none