ScreenShot
| Created | 2023.03.20 10:13 | Machine | s1_win7_x6401 |
| Filename | putty.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 23 detected (Fragtor, MachineLearning, Anomalous, Kryptik, V8hh, malicious, confidence, Attribute, HighConfidence, high confidence, GenKryptik, GHUE, Strab, iGNAP8e4kjN, moderate, score, Slepak, Detected, Wacapew, ai score=80, Limpopo, unsafe, susgen, EFKJ, TrojanX) | ||
| md5 | 503ad71c49fe0f7ad1a9fac50a6a3d66 | ||
| sha256 | 94734c499154c5dcc0c678e2ff3ee97ed627eaafc725dd71af725435e24b5bb6 | ||
| ssdeep | 24576:8LqHSHFpNBABT09QmydSOsMEKW/a0RIpXCWwCKDmQh3H9B1FlcacOui2ZWxNUC2H:0NBrK6vK3S8WHT1F1uv2NEXpKOYc | ||
| imphash | 231e93d6c38d93827fc1150514e60423 | ||
| impfuzzy | 48:HO7XBMaE1tgfcdV8hGEXl/tA2yzVh0rzHGz5:HO7bE1tgfcdV8hzXl/tQiy | ||
Network IP location
Signature (10cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | One or more of the buffers contains an embedded PE file |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | One or more potentially interesting buffers were extracted |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x589008 GetDriveTypeW
0x58900c GetSystemDefaultUILanguage
0x589010 LoadResource
0x589014 GetCurrentProcess
0x589018 GetEnvironmentStringsW
0x58901c HeapCreate
0x589020 TerminateProcess
0x589024 GetEnvironmentVariableA
0x589028 GetACP
0x58902c lstrlenW
0x589030 GetLastError
0x589034 SetLastError
0x589038 lstrcmpiA
0x58903c GetProcAddress
0x589040 VirtualAlloc
0x589044 lstrlenA
0x589048 LoadLibraryA
0x58904c GetModuleHandleA
0x589050 QueryPerformanceFrequency
0x589054 ReleaseMutex
0x589058 FlushFileBuffers
0x58905c CloseHandle
0x589060 CreateFileA
0x589064 GetConsoleOutputCP
0x589068 WriteConsoleA
0x58906c SetStdHandle
0x589070 GetConsoleMode
0x589074 IsValidCodePage
0x589078 GetCommandLineW
0x58907c GetCommandLineA
0x589080 GetStartupInfoA
0x589084 HeapValidate
0x589088 IsBadReadPtr
0x58908c RaiseException
0x589090 UnhandledExceptionFilter
0x589094 SetUnhandledExceptionFilter
0x589098 IsDebuggerPresent
0x58909c DeleteCriticalSection
0x5890a0 EnterCriticalSection
0x5890a4 LeaveCriticalSection
0x5890a8 GetModuleFileNameW
0x5890ac QueryPerformanceCounter
0x5890b0 GetTickCount
0x5890b4 GetCurrentThreadId
0x5890b8 GetCurrentProcessId
0x5890bc GetSystemTimeAsFileTime
0x5890c0 GetModuleHandleW
0x5890c4 Sleep
0x5890c8 InterlockedIncrement
0x5890cc InterlockedDecrement
0x5890d0 ExitProcess
0x5890d4 GetModuleFileNameA
0x5890d8 FreeEnvironmentStringsA
0x5890dc GetEnvironmentStrings
0x5890e0 FreeEnvironmentStringsW
0x5890e4 WideCharToMultiByte
0x5890e8 SetHandleCount
0x5890ec GetStdHandle
0x5890f0 GetFileType
0x5890f4 TlsGetValue
0x5890f8 TlsAlloc
0x5890fc TlsSetValue
0x589100 TlsFree
0x589104 HeapDestroy
0x589108 HeapFree
0x58910c VirtualFree
0x589110 WriteFile
0x589114 HeapAlloc
0x589118 HeapSize
0x58911c HeapReAlloc
0x589120 GetOEMCP
0x589124 GetCPInfo
0x589128 InitializeCriticalSectionAndSpinCount
0x58912c DebugBreak
0x589130 OutputDebugStringA
0x589134 WriteConsoleW
0x589138 OutputDebugStringW
0x58913c LoadLibraryW
0x589140 RtlUnwind
0x589144 MultiByteToWideChar
0x589148 LCMapStringA
0x58914c LCMapStringW
0x589150 GetStringTypeA
0x589154 GetStringTypeW
0x589158 GetLocaleInfoA
0x58915c SetFilePointer
0x589160 GetConsoleCP
USER32.dll
0x589168 OpenIcon
0x58916c GetTopWindow
0x589170 IsZoomed
0x589174 GetParent
0x589178 GetForegroundWindow
0x58917c GetDesktopWindow
0x589180 IsWindow
0x589184 GetDlgCtrlID
0x589188 GetDialogBaseUnits
0x58918c GetMessageTime
GDI32.dll
0x589000 GetCharWidthW
EAT(Export Address Table) is none
KERNEL32.dll
0x589008 GetDriveTypeW
0x58900c GetSystemDefaultUILanguage
0x589010 LoadResource
0x589014 GetCurrentProcess
0x589018 GetEnvironmentStringsW
0x58901c HeapCreate
0x589020 TerminateProcess
0x589024 GetEnvironmentVariableA
0x589028 GetACP
0x58902c lstrlenW
0x589030 GetLastError
0x589034 SetLastError
0x589038 lstrcmpiA
0x58903c GetProcAddress
0x589040 VirtualAlloc
0x589044 lstrlenA
0x589048 LoadLibraryA
0x58904c GetModuleHandleA
0x589050 QueryPerformanceFrequency
0x589054 ReleaseMutex
0x589058 FlushFileBuffers
0x58905c CloseHandle
0x589060 CreateFileA
0x589064 GetConsoleOutputCP
0x589068 WriteConsoleA
0x58906c SetStdHandle
0x589070 GetConsoleMode
0x589074 IsValidCodePage
0x589078 GetCommandLineW
0x58907c GetCommandLineA
0x589080 GetStartupInfoA
0x589084 HeapValidate
0x589088 IsBadReadPtr
0x58908c RaiseException
0x589090 UnhandledExceptionFilter
0x589094 SetUnhandledExceptionFilter
0x589098 IsDebuggerPresent
0x58909c DeleteCriticalSection
0x5890a0 EnterCriticalSection
0x5890a4 LeaveCriticalSection
0x5890a8 GetModuleFileNameW
0x5890ac QueryPerformanceCounter
0x5890b0 GetTickCount
0x5890b4 GetCurrentThreadId
0x5890b8 GetCurrentProcessId
0x5890bc GetSystemTimeAsFileTime
0x5890c0 GetModuleHandleW
0x5890c4 Sleep
0x5890c8 InterlockedIncrement
0x5890cc InterlockedDecrement
0x5890d0 ExitProcess
0x5890d4 GetModuleFileNameA
0x5890d8 FreeEnvironmentStringsA
0x5890dc GetEnvironmentStrings
0x5890e0 FreeEnvironmentStringsW
0x5890e4 WideCharToMultiByte
0x5890e8 SetHandleCount
0x5890ec GetStdHandle
0x5890f0 GetFileType
0x5890f4 TlsGetValue
0x5890f8 TlsAlloc
0x5890fc TlsSetValue
0x589100 TlsFree
0x589104 HeapDestroy
0x589108 HeapFree
0x58910c VirtualFree
0x589110 WriteFile
0x589114 HeapAlloc
0x589118 HeapSize
0x58911c HeapReAlloc
0x589120 GetOEMCP
0x589124 GetCPInfo
0x589128 InitializeCriticalSectionAndSpinCount
0x58912c DebugBreak
0x589130 OutputDebugStringA
0x589134 WriteConsoleW
0x589138 OutputDebugStringW
0x58913c LoadLibraryW
0x589140 RtlUnwind
0x589144 MultiByteToWideChar
0x589148 LCMapStringA
0x58914c LCMapStringW
0x589150 GetStringTypeA
0x589154 GetStringTypeW
0x589158 GetLocaleInfoA
0x58915c SetFilePointer
0x589160 GetConsoleCP
USER32.dll
0x589168 OpenIcon
0x58916c GetTopWindow
0x589170 IsZoomed
0x589174 GetParent
0x589178 GetForegroundWindow
0x58917c GetDesktopWindow
0x589180 IsWindow
0x589184 GetDlgCtrlID
0x589188 GetDialogBaseUnits
0x58918c GetMessageTime
GDI32.dll
0x589000 GetCharWidthW
EAT(Export Address Table) is none