ScreenShot
| Created | 2023.03.15 16:35 | Machine | s1_win7_x6402 |
| Filename | AnyDesk.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 36 detected (GenericKD, Artemis, Vg9c, Banload, PowerShell, Malicious, score, CLOUD, Bifrose, CVE-2021-4137, Poison, Redcap, xmkaz, Casdet, Detected, ai score=89, unsafe, R002H09CC23, PossibleThreat, Chgt) | ||
| md5 | 33614c059849aaeacaa68422b11a9795 | ||
| sha256 | 25884495d9c27c8b120bfab40bd28b7f5255b4916c54c7fb74a90dd8000bf44e | ||
| ssdeep | 98304:cKYGKdACTgvV6qPvZpgvXM/N3qZBO0cY2YPGvhP0JGom5:cp86qPvZ6v6NH0l7PXm5 | ||
| imphash | dddcfeae41621c177d63ed8ec427469c | ||
| impfuzzy | 96:bZItzOy+3Io14iQHYqDsFmGk4dOy8I+hMQcnc6MFQYQPD:1Z3U7sFmGk4dOHI+hRcncxQPD | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 36 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Command line console output was observed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (15cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_1_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | ASPack_Zero | ASPack packed file | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | CAB_file_format | CAB archive file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | Microsoft_Office_File_Zero | Microsoft Office File | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x424094 GetCommandLineA
0x424098 GetStartupInfoA
0x42409c HeapAlloc
0x4240a0 HeapFree
0x4240a4 RaiseException
0x4240a8 VirtualAlloc
0x4240ac HeapReAlloc
0x4240b0 Sleep
0x4240b4 ExitProcess
0x4240b8 HeapSize
0x4240bc TerminateProcess
0x4240c0 UnhandledExceptionFilter
0x4240c4 SetUnhandledExceptionFilter
0x4240c8 IsDebuggerPresent
0x4240cc GetConsoleCP
0x4240d0 GetConsoleMode
0x4240d4 GetStdHandle
0x4240d8 FreeEnvironmentStringsA
0x4240dc GetEnvironmentStrings
0x4240e0 FreeEnvironmentStringsW
0x4240e4 GetEnvironmentStringsW
0x4240e8 SetHandleCount
0x4240ec GetFileType
0x4240f0 RtlUnwind
0x4240f4 VirtualFree
0x4240f8 QueryPerformanceCounter
0x4240fc GetTickCount
0x424100 GetSystemTimeAsFileTime
0x424104 GetACP
0x424108 IsValidCodePage
0x42410c InitializeCriticalSectionAndSpinCount
0x424110 SetStdHandle
0x424114 WriteConsoleA
0x424118 GetConsoleOutputCP
0x42411c WriteConsoleW
0x424120 LCMapStringA
0x424124 LCMapStringW
0x424128 GetStringTypeA
0x42412c GetStringTypeW
0x424130 GetProcessHeap
0x424134 SetErrorMode
0x424138 CreateFileA
0x42413c GetCurrentProcess
0x424140 SetEndOfFile
0x424144 FlushFileBuffers
0x424148 SetFilePointer
0x42414c WriteFile
0x424150 ReadFile
0x424154 WritePrivateProfileStringA
0x424158 GetModuleHandleW
0x42415c GetOEMCP
0x424160 GetCPInfo
0x424164 InterlockedIncrement
0x424168 TlsFree
0x42416c DeleteCriticalSection
0x424170 LocalReAlloc
0x424174 TlsSetValue
0x424178 TlsAlloc
0x42417c InitializeCriticalSection
0x424180 GlobalHandle
0x424184 GlobalReAlloc
0x424188 EnterCriticalSection
0x42418c TlsGetValue
0x424190 LeaveCriticalSection
0x424194 LocalAlloc
0x424198 GlobalFlags
0x42419c InterlockedDecrement
0x4241a0 GetModuleFileNameW
0x4241a4 CloseHandle
0x4241a8 GetCurrentThread
0x4241ac ConvertDefaultLocale
0x4241b0 EnumResourceLanguagesA
0x4241b4 GetLocaleInfoA
0x4241b8 InterlockedExchange
0x4241bc lstrcmpA
0x4241c0 GetCurrentProcessId
0x4241c4 GetModuleFileNameA
0x4241c8 GlobalAlloc
0x4241cc FormatMessageA
0x4241d0 LocalFree
0x4241d4 MulDiv
0x4241d8 lstrlenA
0x4241dc GetCurrentThreadId
0x4241e0 GlobalGetAtomNameA
0x4241e4 GlobalAddAtomA
0x4241e8 GlobalFindAtomA
0x4241ec GlobalDeleteAtom
0x4241f0 FreeLibrary
0x4241f4 CompareStringA
0x4241f8 LoadLibraryA
0x4241fc GetLastError
0x424200 SetLastError
0x424204 MultiByteToWideChar
0x424208 lstrcmpW
0x42420c GetModuleHandleA
0x424210 GetProcAddress
0x424214 GetVersionExA
0x424218 GlobalLock
0x42421c GlobalUnlock
0x424220 GlobalFree
0x424224 GetTempPathA
0x424228 FreeResource
0x42422c WideCharToMultiByte
0x424230 FindResourceA
0x424234 LoadResource
0x424238 LockResource
0x42423c HeapCreate
0x424240 SizeofResource
USER32.dll
0x424278 GetSysColorBrush
0x42427c DestroyMenu
0x424280 SetCursor
0x424284 GetMessageA
0x424288 TranslateMessage
0x42428c GetCursorPos
0x424290 ValidateRect
0x424294 PostQuitMessage
0x424298 GetWindowThreadProcessId
0x42429c EndPaint
0x4242a0 BeginPaint
0x4242a4 ReleaseDC
0x4242a8 GetDC
0x4242ac ClientToScreen
0x4242b0 GrayStringA
0x4242b4 DrawTextExA
0x4242b8 DrawTextA
0x4242bc TabbedTextOutA
0x4242c0 ShowWindow
0x4242c4 SetWindowTextA
0x4242c8 IsDialogMessageA
0x4242cc SetMenuItemBitmaps
0x4242d0 GetMenuCheckMarkDimensions
0x4242d4 ModifyMenuA
0x4242d8 EnableMenuItem
0x4242dc CheckMenuItem
0x4242e0 RegisterWindowMessageA
0x4242e4 SendDlgItemMessageA
0x4242e8 WinHelpA
0x4242ec GetCapture
0x4242f0 SetWindowsHookExA
0x4242f4 CallNextHookEx
0x4242f8 GetClassLongA
0x4242fc GetClassNameA
0x424300 SetPropA
0x424304 GetPropA
0x424308 RemovePropA
0x42430c GetFocus
0x424310 SetFocus
0x424314 GetWindowTextLengthA
0x424318 GetWindowTextA
0x42431c GetForegroundWindow
0x424320 GetLastActivePopup
0x424324 DispatchMessageA
0x424328 GetTopWindow
0x42432c UnhookWindowsHookEx
0x424330 GetMessageTime
0x424334 GetMessagePos
0x424338 PeekMessageA
0x42433c MapWindowPoints
0x424340 GetKeyState
0x424344 SetMenu
0x424348 SetForegroundWindow
0x42434c IsWindowVisible
0x424350 GetClientRect
0x424354 EnableWindow
0x424358 DrawIcon
0x42435c SendMessageA
0x424360 UpdateWindow
0x424364 PostMessageA
0x424368 GetSubMenu
0x42436c GetMenuItemID
0x424370 GetMenuItemCount
0x424374 MessageBoxA
0x424378 CreateWindowExA
0x42437c GetClassInfoExA
0x424380 GetClassInfoA
0x424384 RegisterClassA
0x424388 GetSysColor
0x42438c AdjustWindowRectEx
0x424390 UnregisterClassA
0x424394 GetMenuState
0x424398 IsIconic
0x42439c LoadIconA
0x4243a0 GetSystemMetrics
0x4243a4 SetClassLongA
0x4243a8 LoadCursorA
0x4243ac EndDialog
0x4243b0 GetNextDlgTabItem
0x4243b4 GetParent
0x4243b8 IsWindowEnabled
0x4243bc GetDlgItem
0x4243c0 GetWindowLongA
0x4243c4 IsWindow
0x4243c8 DestroyWindow
0x4243cc CreateDialogIndirectParamA
0x4243d0 SetActiveWindow
0x4243d4 GetActiveWindow
0x4243d8 GetDesktopWindow
0x4243dc GetWindow
0x4243e0 GetWindowRect
0x4243e4 GetWindowPlacement
0x4243e8 CopyRect
0x4243ec PtInRect
0x4243f0 GetDlgCtrlID
0x4243f4 DefWindowProcA
0x4243f8 CallWindowProcA
0x4243fc GetMenu
0x424400 SetWindowLongA
0x424404 SetWindowPos
0x424408 SystemParametersInfoA
0x42440c LoadBitmapA
GDI32.dll
0x424028 DeleteDC
0x42402c GetStockObject
0x424030 GetDeviceCaps
0x424034 ScaleWindowExtEx
0x424038 SetWindowExtEx
0x42403c ExtTextOutA
0x424040 ScaleViewportExtEx
0x424044 SetViewportExtEx
0x424048 OffsetViewportOrgEx
0x42404c SetViewportOrgEx
0x424050 SelectObject
0x424054 CreateSolidBrush
0x424058 TextOutA
0x42405c RectVisible
0x424060 PtVisible
0x424064 DeleteObject
0x424068 SetMapMode
0x42406c SetBkMode
0x424070 RestoreDC
0x424074 SaveDC
0x424078 CreateBitmap
0x42407c GetObjectA
0x424080 SetBkColor
0x424084 SetTextColor
0x424088 GetClipBox
0x42408c Escape
WINSPOOL.DRV
0x424414 DocumentPropertiesA
0x424418 OpenPrinterA
0x42441c ClosePrinter
ADVAPI32.dll
0x424000 RegSetValueExA
0x424004 RegCreateKeyExA
0x424008 RegQueryValueA
0x42400c RegOpenKeyA
0x424010 RegEnumKeyA
0x424014 RegDeleteKeyA
0x424018 RegOpenKeyExA
0x42401c RegQueryValueExA
0x424020 RegCloseKey
SHELL32.dll
0x424258 SHGetPathFromIDListA
0x42425c SHBrowseForFolderA
0x424260 SHGetMalloc
0x424264 ShellExecuteA
SHLWAPI.dll
0x42426c PathFindFileNameA
0x424270 PathFindExtensionA
OLEAUT32.dll
0x424248 VariantClear
0x42424c VariantChangeType
0x424250 VariantInit
EAT(Export Address Table) is none
KERNEL32.dll
0x424094 GetCommandLineA
0x424098 GetStartupInfoA
0x42409c HeapAlloc
0x4240a0 HeapFree
0x4240a4 RaiseException
0x4240a8 VirtualAlloc
0x4240ac HeapReAlloc
0x4240b0 Sleep
0x4240b4 ExitProcess
0x4240b8 HeapSize
0x4240bc TerminateProcess
0x4240c0 UnhandledExceptionFilter
0x4240c4 SetUnhandledExceptionFilter
0x4240c8 IsDebuggerPresent
0x4240cc GetConsoleCP
0x4240d0 GetConsoleMode
0x4240d4 GetStdHandle
0x4240d8 FreeEnvironmentStringsA
0x4240dc GetEnvironmentStrings
0x4240e0 FreeEnvironmentStringsW
0x4240e4 GetEnvironmentStringsW
0x4240e8 SetHandleCount
0x4240ec GetFileType
0x4240f0 RtlUnwind
0x4240f4 VirtualFree
0x4240f8 QueryPerformanceCounter
0x4240fc GetTickCount
0x424100 GetSystemTimeAsFileTime
0x424104 GetACP
0x424108 IsValidCodePage
0x42410c InitializeCriticalSectionAndSpinCount
0x424110 SetStdHandle
0x424114 WriteConsoleA
0x424118 GetConsoleOutputCP
0x42411c WriteConsoleW
0x424120 LCMapStringA
0x424124 LCMapStringW
0x424128 GetStringTypeA
0x42412c GetStringTypeW
0x424130 GetProcessHeap
0x424134 SetErrorMode
0x424138 CreateFileA
0x42413c GetCurrentProcess
0x424140 SetEndOfFile
0x424144 FlushFileBuffers
0x424148 SetFilePointer
0x42414c WriteFile
0x424150 ReadFile
0x424154 WritePrivateProfileStringA
0x424158 GetModuleHandleW
0x42415c GetOEMCP
0x424160 GetCPInfo
0x424164 InterlockedIncrement
0x424168 TlsFree
0x42416c DeleteCriticalSection
0x424170 LocalReAlloc
0x424174 TlsSetValue
0x424178 TlsAlloc
0x42417c InitializeCriticalSection
0x424180 GlobalHandle
0x424184 GlobalReAlloc
0x424188 EnterCriticalSection
0x42418c TlsGetValue
0x424190 LeaveCriticalSection
0x424194 LocalAlloc
0x424198 GlobalFlags
0x42419c InterlockedDecrement
0x4241a0 GetModuleFileNameW
0x4241a4 CloseHandle
0x4241a8 GetCurrentThread
0x4241ac ConvertDefaultLocale
0x4241b0 EnumResourceLanguagesA
0x4241b4 GetLocaleInfoA
0x4241b8 InterlockedExchange
0x4241bc lstrcmpA
0x4241c0 GetCurrentProcessId
0x4241c4 GetModuleFileNameA
0x4241c8 GlobalAlloc
0x4241cc FormatMessageA
0x4241d0 LocalFree
0x4241d4 MulDiv
0x4241d8 lstrlenA
0x4241dc GetCurrentThreadId
0x4241e0 GlobalGetAtomNameA
0x4241e4 GlobalAddAtomA
0x4241e8 GlobalFindAtomA
0x4241ec GlobalDeleteAtom
0x4241f0 FreeLibrary
0x4241f4 CompareStringA
0x4241f8 LoadLibraryA
0x4241fc GetLastError
0x424200 SetLastError
0x424204 MultiByteToWideChar
0x424208 lstrcmpW
0x42420c GetModuleHandleA
0x424210 GetProcAddress
0x424214 GetVersionExA
0x424218 GlobalLock
0x42421c GlobalUnlock
0x424220 GlobalFree
0x424224 GetTempPathA
0x424228 FreeResource
0x42422c WideCharToMultiByte
0x424230 FindResourceA
0x424234 LoadResource
0x424238 LockResource
0x42423c HeapCreate
0x424240 SizeofResource
USER32.dll
0x424278 GetSysColorBrush
0x42427c DestroyMenu
0x424280 SetCursor
0x424284 GetMessageA
0x424288 TranslateMessage
0x42428c GetCursorPos
0x424290 ValidateRect
0x424294 PostQuitMessage
0x424298 GetWindowThreadProcessId
0x42429c EndPaint
0x4242a0 BeginPaint
0x4242a4 ReleaseDC
0x4242a8 GetDC
0x4242ac ClientToScreen
0x4242b0 GrayStringA
0x4242b4 DrawTextExA
0x4242b8 DrawTextA
0x4242bc TabbedTextOutA
0x4242c0 ShowWindow
0x4242c4 SetWindowTextA
0x4242c8 IsDialogMessageA
0x4242cc SetMenuItemBitmaps
0x4242d0 GetMenuCheckMarkDimensions
0x4242d4 ModifyMenuA
0x4242d8 EnableMenuItem
0x4242dc CheckMenuItem
0x4242e0 RegisterWindowMessageA
0x4242e4 SendDlgItemMessageA
0x4242e8 WinHelpA
0x4242ec GetCapture
0x4242f0 SetWindowsHookExA
0x4242f4 CallNextHookEx
0x4242f8 GetClassLongA
0x4242fc GetClassNameA
0x424300 SetPropA
0x424304 GetPropA
0x424308 RemovePropA
0x42430c GetFocus
0x424310 SetFocus
0x424314 GetWindowTextLengthA
0x424318 GetWindowTextA
0x42431c GetForegroundWindow
0x424320 GetLastActivePopup
0x424324 DispatchMessageA
0x424328 GetTopWindow
0x42432c UnhookWindowsHookEx
0x424330 GetMessageTime
0x424334 GetMessagePos
0x424338 PeekMessageA
0x42433c MapWindowPoints
0x424340 GetKeyState
0x424344 SetMenu
0x424348 SetForegroundWindow
0x42434c IsWindowVisible
0x424350 GetClientRect
0x424354 EnableWindow
0x424358 DrawIcon
0x42435c SendMessageA
0x424360 UpdateWindow
0x424364 PostMessageA
0x424368 GetSubMenu
0x42436c GetMenuItemID
0x424370 GetMenuItemCount
0x424374 MessageBoxA
0x424378 CreateWindowExA
0x42437c GetClassInfoExA
0x424380 GetClassInfoA
0x424384 RegisterClassA
0x424388 GetSysColor
0x42438c AdjustWindowRectEx
0x424390 UnregisterClassA
0x424394 GetMenuState
0x424398 IsIconic
0x42439c LoadIconA
0x4243a0 GetSystemMetrics
0x4243a4 SetClassLongA
0x4243a8 LoadCursorA
0x4243ac EndDialog
0x4243b0 GetNextDlgTabItem
0x4243b4 GetParent
0x4243b8 IsWindowEnabled
0x4243bc GetDlgItem
0x4243c0 GetWindowLongA
0x4243c4 IsWindow
0x4243c8 DestroyWindow
0x4243cc CreateDialogIndirectParamA
0x4243d0 SetActiveWindow
0x4243d4 GetActiveWindow
0x4243d8 GetDesktopWindow
0x4243dc GetWindow
0x4243e0 GetWindowRect
0x4243e4 GetWindowPlacement
0x4243e8 CopyRect
0x4243ec PtInRect
0x4243f0 GetDlgCtrlID
0x4243f4 DefWindowProcA
0x4243f8 CallWindowProcA
0x4243fc GetMenu
0x424400 SetWindowLongA
0x424404 SetWindowPos
0x424408 SystemParametersInfoA
0x42440c LoadBitmapA
GDI32.dll
0x424028 DeleteDC
0x42402c GetStockObject
0x424030 GetDeviceCaps
0x424034 ScaleWindowExtEx
0x424038 SetWindowExtEx
0x42403c ExtTextOutA
0x424040 ScaleViewportExtEx
0x424044 SetViewportExtEx
0x424048 OffsetViewportOrgEx
0x42404c SetViewportOrgEx
0x424050 SelectObject
0x424054 CreateSolidBrush
0x424058 TextOutA
0x42405c RectVisible
0x424060 PtVisible
0x424064 DeleteObject
0x424068 SetMapMode
0x42406c SetBkMode
0x424070 RestoreDC
0x424074 SaveDC
0x424078 CreateBitmap
0x42407c GetObjectA
0x424080 SetBkColor
0x424084 SetTextColor
0x424088 GetClipBox
0x42408c Escape
WINSPOOL.DRV
0x424414 DocumentPropertiesA
0x424418 OpenPrinterA
0x42441c ClosePrinter
ADVAPI32.dll
0x424000 RegSetValueExA
0x424004 RegCreateKeyExA
0x424008 RegQueryValueA
0x42400c RegOpenKeyA
0x424010 RegEnumKeyA
0x424014 RegDeleteKeyA
0x424018 RegOpenKeyExA
0x42401c RegQueryValueExA
0x424020 RegCloseKey
SHELL32.dll
0x424258 SHGetPathFromIDListA
0x42425c SHBrowseForFolderA
0x424260 SHGetMalloc
0x424264 ShellExecuteA
SHLWAPI.dll
0x42426c PathFindFileNameA
0x424270 PathFindExtensionA
OLEAUT32.dll
0x424248 VariantClear
0x42424c VariantChangeType
0x424250 VariantInit
EAT(Export Address Table) is none