ScreenShot
| Created | 2023.03.20 09:43 | Machine | s1_win7_x6403 |
| Filename | neee.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 45 detected (AIDetectNet, malicious, high confidence, GenericKD, ClipBanker, unsafe, Save, confidence, 100%, TrojanBanker, ZexaF, @J0@aik, 1ynj, ABRisk, MTJC, Attribute, HighConfidence, VMProtect, score, TrojanX, Gencirc, Generic ML PUA, high, AGEN, ai score=82, Sabsik, Casdet, Detected, Artemis, R002H0CCE23, R9MN1BAHivH, PossibleThreat) | ||
| md5 | 99f16ab6ab670935b5aa5c84b1b5f6bd | ||
| sha256 | 348014d89503967f134b988559b2ac694e0d3256708bbf7d8b96aa8c49fe1057 | ||
| ssdeep | 196608:Ltu5ODXM16mjmKSRFWuxx6ruj3nK/x9jWuy:L05ODcgR6mix1 | ||
| imphash | 8aa23bea230ae1c890d1bde72074903b | ||
| impfuzzy | 96:TJcpVY3S1RtaMDpJE0j21AXJ+Zcp+qjwSttLyuua:KJ1Z+Ra | ||
Network IP location
Signature (17cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| watch | A process performed obfuscation on information about the computer or sent it to a remote location indicative of CnC Traffic/Preperations. |
| watch | Communicates with host for which no DNS query was performed |
| watch | Installs itself for autorun at Windows startup |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Creates executable files on the filesystem |
| notice | Drops a binary and executes it |
| notice | Drops an executable to the user AppData folder |
| notice | Foreign language identified in PE resource |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (12cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (3cnts) ?
Suricata ids
ET MALWARE Laplas Clipper - SetOnline CnC Checkin
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x832000 CloseHandle
0x832004 GetProcAddress
0x832008 GetModuleFileNameA
0x83200c IsDebuggerPresent
0x832010 GetComputerNameA
0x832014 Sleep
0x832018 CreateDirectoryA
0x83201c WriteConsoleW
0x832020 HeapSize
0x832024 CreateFileW
0x832028 GetProcessHeap
0x83202c SetStdHandle
0x832030 SetEnvironmentVariableW
0x832034 FreeEnvironmentStringsW
0x832038 GlobalUnlock
0x83203c GlobalLock
0x832040 GlobalFree
0x832044 GetModuleHandleW
0x832048 GlobalAlloc
0x83204c GetEnvironmentStringsW
0x832050 GetOEMCP
0x832054 GetACP
0x832058 IsValidCodePage
0x83205c FindNextFileW
0x832060 FindFirstFileExW
0x832064 FindClose
0x832068 MultiByteToWideChar
0x83206c WideCharToMultiByte
0x832070 LCMapStringEx
0x832074 EnterCriticalSection
0x832078 LeaveCriticalSection
0x83207c InitializeCriticalSectionEx
0x832080 DeleteCriticalSection
0x832084 EncodePointer
0x832088 DecodePointer
0x83208c CompareStringEx
0x832090 GetCPInfo
0x832094 GetStringTypeW
0x832098 IsProcessorFeaturePresent
0x83209c QueryPerformanceCounter
0x8320a0 GetCurrentProcessId
0x8320a4 GetCurrentThreadId
0x8320a8 GetSystemTimeAsFileTime
0x8320ac InitializeSListHead
0x8320b0 UnhandledExceptionFilter
0x8320b4 SetUnhandledExceptionFilter
0x8320b8 GetStartupInfoW
0x8320bc GetCurrentProcess
0x8320c0 TerminateProcess
0x8320c4 RtlUnwind
0x8320c8 RaiseException
0x8320cc GetLastError
0x8320d0 SetLastError
0x8320d4 InitializeCriticalSectionAndSpinCount
0x8320d8 TlsAlloc
0x8320dc TlsGetValue
0x8320e0 TlsSetValue
0x8320e4 TlsFree
0x8320e8 FreeLibrary
0x8320ec LoadLibraryExW
0x8320f0 GetStdHandle
0x8320f4 WriteFile
0x8320f8 GetModuleFileNameW
0x8320fc ExitProcess
0x832100 GetModuleHandleExW
0x832104 GetCommandLineA
0x832108 GetCommandLineW
0x83210c HeapReAlloc
0x832110 CompareStringW
0x832114 LCMapStringW
0x832118 GetLocaleInfoW
0x83211c IsValidLocale
0x832120 GetUserDefaultLCID
0x832124 EnumSystemLocalesW
0x832128 HeapFree
0x83212c GetFileSizeEx
0x832130 SetFilePointerEx
0x832134 GetFileType
0x832138 FlushFileBuffers
0x83213c GetConsoleOutputCP
0x832140 GetConsoleMode
0x832144 HeapAlloc
0x832148 ReadFile
0x83214c ReadConsoleW
0x832150 SetEndOfFile
USER32.dll
0x832158 EmptyClipboard
0x83215c GetClipboardData
0x832160 OpenClipboard
0x832164 CloseClipboard
0x832168 SetClipboardData
ADVAPI32.dll
0x832170 RegSetValueExA
0x832174 RegOpenKeyExW
0x832178 GetUserNameA
0x83217c RegCloseKey
SHELL32.dll
0x832184 ShellExecuteA
0x832188 SHGetFolderPathA
WININET.dll
0x832190 InternetCloseHandle
0x832194 HttpOpenRequestA
0x832198 InternetOpenA
0x83219c HttpSendRequestW
0x8321a0 InternetConnectA
0x8321a4 InternetReadFile
KERNEL32.dll
0x8321ac GetSystemTimeAsFileTime
0x8321b0 GetModuleHandleA
0x8321b4 CreateEventA
0x8321b8 GetModuleFileNameW
0x8321bc TerminateProcess
0x8321c0 GetCurrentProcess
0x8321c4 CreateToolhelp32Snapshot
0x8321c8 Thread32First
0x8321cc GetCurrentProcessId
0x8321d0 GetCurrentThreadId
0x8321d4 OpenThread
0x8321d8 Thread32Next
0x8321dc CloseHandle
0x8321e0 SuspendThread
0x8321e4 ResumeThread
0x8321e8 WriteProcessMemory
0x8321ec GetSystemInfo
0x8321f0 VirtualAlloc
0x8321f4 VirtualProtect
0x8321f8 VirtualFree
0x8321fc GetProcessAffinityMask
0x832200 SetProcessAffinityMask
0x832204 GetCurrentThread
0x832208 SetThreadAffinityMask
0x83220c Sleep
0x832210 LoadLibraryA
0x832214 FreeLibrary
0x832218 GetTickCount
0x83221c SystemTimeToFileTime
0x832220 FileTimeToSystemTime
0x832224 GlobalFree
0x832228 LocalAlloc
0x83222c LocalFree
0x832230 GetProcAddress
0x832234 ExitProcess
0x832238 EnterCriticalSection
0x83223c LeaveCriticalSection
0x832240 InitializeCriticalSection
0x832244 DeleteCriticalSection
0x832248 GetModuleHandleW
0x83224c LoadResource
0x832250 MultiByteToWideChar
0x832254 FindResourceExW
0x832258 FindResourceExA
0x83225c WideCharToMultiByte
0x832260 GetThreadLocale
0x832264 GetUserDefaultLCID
0x832268 GetSystemDefaultLCID
0x83226c EnumResourceNamesA
0x832270 EnumResourceNamesW
0x832274 EnumResourceLanguagesA
0x832278 EnumResourceLanguagesW
0x83227c EnumResourceTypesA
0x832280 EnumResourceTypesW
0x832284 CreateFileW
0x832288 LoadLibraryW
0x83228c GetLastError
0x832290 FlushFileBuffers
0x832294 WriteConsoleW
0x832298 SetStdHandle
0x83229c IsProcessorFeaturePresent
0x8322a0 DecodePointer
0x8322a4 GetCommandLineA
0x8322a8 RaiseException
0x8322ac HeapFree
0x8322b0 GetCPInfo
0x8322b4 InterlockedIncrement
0x8322b8 InterlockedDecrement
0x8322bc GetACP
0x8322c0 GetOEMCP
0x8322c4 IsValidCodePage
0x8322c8 EncodePointer
0x8322cc TlsAlloc
0x8322d0 TlsGetValue
0x8322d4 TlsSetValue
0x8322d8 TlsFree
0x8322dc SetLastError
0x8322e0 UnhandledExceptionFilter
0x8322e4 SetUnhandledExceptionFilter
0x8322e8 IsDebuggerPresent
0x8322ec HeapAlloc
0x8322f0 LCMapStringW
0x8322f4 GetStringTypeW
0x8322f8 SetHandleCount
0x8322fc GetStdHandle
0x832300 InitializeCriticalSectionAndSpinCount
0x832304 GetFileType
0x832308 GetStartupInfoW
0x83230c GetModuleFileNameA
0x832310 FreeEnvironmentStringsW
0x832314 GetEnvironmentStringsW
0x832318 HeapCreate
0x83231c HeapDestroy
0x832320 QueryPerformanceCounter
0x832324 HeapSize
0x832328 WriteFile
0x83232c RtlUnwind
0x832330 SetFilePointer
0x832334 GetConsoleCP
0x832338 GetConsoleMode
0x83233c HeapReAlloc
0x832340 VirtualQuery
USER32.dll
0x832348 CharUpperBuffW
KERNEL32.dll
0x832350 LocalAlloc
0x832354 LocalFree
0x832358 GetModuleFileNameW
0x83235c ExitProcess
0x832360 LoadLibraryA
0x832364 GetModuleHandleA
0x832368 GetProcAddress
EAT(Export Address Table) is none
KERNEL32.dll
0x832000 CloseHandle
0x832004 GetProcAddress
0x832008 GetModuleFileNameA
0x83200c IsDebuggerPresent
0x832010 GetComputerNameA
0x832014 Sleep
0x832018 CreateDirectoryA
0x83201c WriteConsoleW
0x832020 HeapSize
0x832024 CreateFileW
0x832028 GetProcessHeap
0x83202c SetStdHandle
0x832030 SetEnvironmentVariableW
0x832034 FreeEnvironmentStringsW
0x832038 GlobalUnlock
0x83203c GlobalLock
0x832040 GlobalFree
0x832044 GetModuleHandleW
0x832048 GlobalAlloc
0x83204c GetEnvironmentStringsW
0x832050 GetOEMCP
0x832054 GetACP
0x832058 IsValidCodePage
0x83205c FindNextFileW
0x832060 FindFirstFileExW
0x832064 FindClose
0x832068 MultiByteToWideChar
0x83206c WideCharToMultiByte
0x832070 LCMapStringEx
0x832074 EnterCriticalSection
0x832078 LeaveCriticalSection
0x83207c InitializeCriticalSectionEx
0x832080 DeleteCriticalSection
0x832084 EncodePointer
0x832088 DecodePointer
0x83208c CompareStringEx
0x832090 GetCPInfo
0x832094 GetStringTypeW
0x832098 IsProcessorFeaturePresent
0x83209c QueryPerformanceCounter
0x8320a0 GetCurrentProcessId
0x8320a4 GetCurrentThreadId
0x8320a8 GetSystemTimeAsFileTime
0x8320ac InitializeSListHead
0x8320b0 UnhandledExceptionFilter
0x8320b4 SetUnhandledExceptionFilter
0x8320b8 GetStartupInfoW
0x8320bc GetCurrentProcess
0x8320c0 TerminateProcess
0x8320c4 RtlUnwind
0x8320c8 RaiseException
0x8320cc GetLastError
0x8320d0 SetLastError
0x8320d4 InitializeCriticalSectionAndSpinCount
0x8320d8 TlsAlloc
0x8320dc TlsGetValue
0x8320e0 TlsSetValue
0x8320e4 TlsFree
0x8320e8 FreeLibrary
0x8320ec LoadLibraryExW
0x8320f0 GetStdHandle
0x8320f4 WriteFile
0x8320f8 GetModuleFileNameW
0x8320fc ExitProcess
0x832100 GetModuleHandleExW
0x832104 GetCommandLineA
0x832108 GetCommandLineW
0x83210c HeapReAlloc
0x832110 CompareStringW
0x832114 LCMapStringW
0x832118 GetLocaleInfoW
0x83211c IsValidLocale
0x832120 GetUserDefaultLCID
0x832124 EnumSystemLocalesW
0x832128 HeapFree
0x83212c GetFileSizeEx
0x832130 SetFilePointerEx
0x832134 GetFileType
0x832138 FlushFileBuffers
0x83213c GetConsoleOutputCP
0x832140 GetConsoleMode
0x832144 HeapAlloc
0x832148 ReadFile
0x83214c ReadConsoleW
0x832150 SetEndOfFile
USER32.dll
0x832158 EmptyClipboard
0x83215c GetClipboardData
0x832160 OpenClipboard
0x832164 CloseClipboard
0x832168 SetClipboardData
ADVAPI32.dll
0x832170 RegSetValueExA
0x832174 RegOpenKeyExW
0x832178 GetUserNameA
0x83217c RegCloseKey
SHELL32.dll
0x832184 ShellExecuteA
0x832188 SHGetFolderPathA
WININET.dll
0x832190 InternetCloseHandle
0x832194 HttpOpenRequestA
0x832198 InternetOpenA
0x83219c HttpSendRequestW
0x8321a0 InternetConnectA
0x8321a4 InternetReadFile
KERNEL32.dll
0x8321ac GetSystemTimeAsFileTime
0x8321b0 GetModuleHandleA
0x8321b4 CreateEventA
0x8321b8 GetModuleFileNameW
0x8321bc TerminateProcess
0x8321c0 GetCurrentProcess
0x8321c4 CreateToolhelp32Snapshot
0x8321c8 Thread32First
0x8321cc GetCurrentProcessId
0x8321d0 GetCurrentThreadId
0x8321d4 OpenThread
0x8321d8 Thread32Next
0x8321dc CloseHandle
0x8321e0 SuspendThread
0x8321e4 ResumeThread
0x8321e8 WriteProcessMemory
0x8321ec GetSystemInfo
0x8321f0 VirtualAlloc
0x8321f4 VirtualProtect
0x8321f8 VirtualFree
0x8321fc GetProcessAffinityMask
0x832200 SetProcessAffinityMask
0x832204 GetCurrentThread
0x832208 SetThreadAffinityMask
0x83220c Sleep
0x832210 LoadLibraryA
0x832214 FreeLibrary
0x832218 GetTickCount
0x83221c SystemTimeToFileTime
0x832220 FileTimeToSystemTime
0x832224 GlobalFree
0x832228 LocalAlloc
0x83222c LocalFree
0x832230 GetProcAddress
0x832234 ExitProcess
0x832238 EnterCriticalSection
0x83223c LeaveCriticalSection
0x832240 InitializeCriticalSection
0x832244 DeleteCriticalSection
0x832248 GetModuleHandleW
0x83224c LoadResource
0x832250 MultiByteToWideChar
0x832254 FindResourceExW
0x832258 FindResourceExA
0x83225c WideCharToMultiByte
0x832260 GetThreadLocale
0x832264 GetUserDefaultLCID
0x832268 GetSystemDefaultLCID
0x83226c EnumResourceNamesA
0x832270 EnumResourceNamesW
0x832274 EnumResourceLanguagesA
0x832278 EnumResourceLanguagesW
0x83227c EnumResourceTypesA
0x832280 EnumResourceTypesW
0x832284 CreateFileW
0x832288 LoadLibraryW
0x83228c GetLastError
0x832290 FlushFileBuffers
0x832294 WriteConsoleW
0x832298 SetStdHandle
0x83229c IsProcessorFeaturePresent
0x8322a0 DecodePointer
0x8322a4 GetCommandLineA
0x8322a8 RaiseException
0x8322ac HeapFree
0x8322b0 GetCPInfo
0x8322b4 InterlockedIncrement
0x8322b8 InterlockedDecrement
0x8322bc GetACP
0x8322c0 GetOEMCP
0x8322c4 IsValidCodePage
0x8322c8 EncodePointer
0x8322cc TlsAlloc
0x8322d0 TlsGetValue
0x8322d4 TlsSetValue
0x8322d8 TlsFree
0x8322dc SetLastError
0x8322e0 UnhandledExceptionFilter
0x8322e4 SetUnhandledExceptionFilter
0x8322e8 IsDebuggerPresent
0x8322ec HeapAlloc
0x8322f0 LCMapStringW
0x8322f4 GetStringTypeW
0x8322f8 SetHandleCount
0x8322fc GetStdHandle
0x832300 InitializeCriticalSectionAndSpinCount
0x832304 GetFileType
0x832308 GetStartupInfoW
0x83230c GetModuleFileNameA
0x832310 FreeEnvironmentStringsW
0x832314 GetEnvironmentStringsW
0x832318 HeapCreate
0x83231c HeapDestroy
0x832320 QueryPerformanceCounter
0x832324 HeapSize
0x832328 WriteFile
0x83232c RtlUnwind
0x832330 SetFilePointer
0x832334 GetConsoleCP
0x832338 GetConsoleMode
0x83233c HeapReAlloc
0x832340 VirtualQuery
USER32.dll
0x832348 CharUpperBuffW
KERNEL32.dll
0x832350 LocalAlloc
0x832354 LocalFree
0x832358 GetModuleFileNameW
0x83235c ExitProcess
0x832360 LoadLibraryA
0x832364 GetModuleHandleA
0x832368 GetProcAddress
EAT(Export Address Table) is none