ScreenShot
| Created | 2023.03.20 09:47 | Machine | s1_win7_x6403 |
| Filename | f2f16bc7-e50f-45d2-9d83-c860d538d8ed | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 20 detected (AIDetectNet, malicious, high confidence, Save, confidence, Attribute, HighConfidence, VMProtect, score, Generic ML PUA, Static AI, Suspicious PE, Sabsik, Generic@AI, RDML, fD7xnyp691p8Vr4OIQrX6A, susgen, ZexaF, @J0@aa@hO@hi) | ||
| md5 | f5d957a42f578847664cacb8a4c3d695 | ||
| sha256 | 00978d16ecc2b0f6cf039b3bef087a8542d2092d8f95f36104f2329f7bf362dc | ||
| ssdeep | 196608:ZOtzW0BrGc/4GmLcBh8YSZIEqsyZr2caC78:kVW6Gc//B/xEh+a | ||
| imphash | f0e8db307701582115b12426e04e3928 | ||
| impfuzzy | 96:AJcpVY3S1RtaMDpJE0j21AXJ+Zcp+qjwSttLyuua:/J1Z+Ra | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 20 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Queries information on disks |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x838000 DeviceIoControl
0x838004 CreateToolhelp32Snapshot
0x838008 GetTickCount64
0x83800c Process32NextW
0x838010 CreateFileA
0x838014 Process32FirstW
0x838018 CloseHandle
0x83801c GetSystemInfo
0x838020 GetProcAddress
0x838024 GlobalMemoryStatusEx
0x838028 GetModuleFileNameA
0x83802c IsDebuggerPresent
0x838030 GetComputerNameA
0x838034 Sleep
0x838038 CreateDirectoryA
0x83803c WriteConsoleW
0x838040 HeapSize
0x838044 CreateFileW
0x838048 GetProcessHeap
0x83804c SetStdHandle
0x838050 SetEnvironmentVariableW
0x838054 FreeEnvironmentStringsW
0x838058 GlobalUnlock
0x83805c GlobalLock
0x838060 GlobalFree
0x838064 GetModuleHandleW
0x838068 GlobalAlloc
0x83806c GetEnvironmentStringsW
0x838070 GetOEMCP
0x838074 GetACP
0x838078 IsValidCodePage
0x83807c FindNextFileW
0x838080 FindFirstFileExW
0x838084 FindClose
0x838088 MultiByteToWideChar
0x83808c WideCharToMultiByte
0x838090 LCMapStringEx
0x838094 EnterCriticalSection
0x838098 LeaveCriticalSection
0x83809c InitializeCriticalSectionEx
0x8380a0 DeleteCriticalSection
0x8380a4 EncodePointer
0x8380a8 DecodePointer
0x8380ac CompareStringEx
0x8380b0 GetCPInfo
0x8380b4 GetStringTypeW
0x8380b8 IsProcessorFeaturePresent
0x8380bc QueryPerformanceCounter
0x8380c0 GetCurrentProcessId
0x8380c4 GetCurrentThreadId
0x8380c8 GetSystemTimeAsFileTime
0x8380cc InitializeSListHead
0x8380d0 UnhandledExceptionFilter
0x8380d4 SetUnhandledExceptionFilter
0x8380d8 GetStartupInfoW
0x8380dc GetCurrentProcess
0x8380e0 TerminateProcess
0x8380e4 RtlUnwind
0x8380e8 RaiseException
0x8380ec GetLastError
0x8380f0 SetLastError
0x8380f4 InitializeCriticalSectionAndSpinCount
0x8380f8 TlsAlloc
0x8380fc TlsGetValue
0x838100 TlsSetValue
0x838104 TlsFree
0x838108 FreeLibrary
0x83810c LoadLibraryExW
0x838110 GetStdHandle
0x838114 WriteFile
0x838118 GetModuleFileNameW
0x83811c ExitProcess
0x838120 GetModuleHandleExW
0x838124 GetCommandLineA
0x838128 GetCommandLineW
0x83812c HeapReAlloc
0x838130 CompareStringW
0x838134 LCMapStringW
0x838138 GetLocaleInfoW
0x83813c IsValidLocale
0x838140 GetUserDefaultLCID
0x838144 EnumSystemLocalesW
0x838148 HeapFree
0x83814c GetFileSizeEx
0x838150 SetFilePointerEx
0x838154 GetFileType
0x838158 FlushFileBuffers
0x83815c GetConsoleOutputCP
0x838160 GetConsoleMode
0x838164 HeapAlloc
0x838168 ReadFile
0x83816c ReadConsoleW
0x838170 SetEndOfFile
USER32.dll
0x838178 EmptyClipboard
0x83817c GetClipboardData
0x838180 OpenClipboard
0x838184 CloseClipboard
0x838188 SetClipboardData
ADVAPI32.dll
0x838190 RegSetValueExA
0x838194 RegOpenKeyExW
0x838198 GetUserNameA
0x83819c RegCloseKey
SHELL32.dll
0x8381a4 ShellExecuteA
0x8381a8 SHGetFolderPathA
WININET.dll
0x8381b0 InternetCloseHandle
0x8381b4 HttpOpenRequestA
0x8381b8 InternetOpenA
0x8381bc HttpSendRequestW
0x8381c0 InternetConnectA
0x8381c4 InternetReadFile
KERNEL32.dll
0x8381cc GetSystemTimeAsFileTime
0x8381d0 GetModuleHandleA
0x8381d4 CreateEventA
0x8381d8 GetModuleFileNameW
0x8381dc TerminateProcess
0x8381e0 GetCurrentProcess
0x8381e4 CreateToolhelp32Snapshot
0x8381e8 Thread32First
0x8381ec GetCurrentProcessId
0x8381f0 GetCurrentThreadId
0x8381f4 OpenThread
0x8381f8 Thread32Next
0x8381fc CloseHandle
0x838200 SuspendThread
0x838204 ResumeThread
0x838208 WriteProcessMemory
0x83820c GetSystemInfo
0x838210 VirtualAlloc
0x838214 VirtualProtect
0x838218 VirtualFree
0x83821c GetProcessAffinityMask
0x838220 SetProcessAffinityMask
0x838224 GetCurrentThread
0x838228 SetThreadAffinityMask
0x83822c Sleep
0x838230 LoadLibraryA
0x838234 FreeLibrary
0x838238 GetTickCount
0x83823c SystemTimeToFileTime
0x838240 FileTimeToSystemTime
0x838244 GlobalFree
0x838248 LocalAlloc
0x83824c LocalFree
0x838250 GetProcAddress
0x838254 ExitProcess
0x838258 EnterCriticalSection
0x83825c LeaveCriticalSection
0x838260 InitializeCriticalSection
0x838264 DeleteCriticalSection
0x838268 GetModuleHandleW
0x83826c LoadResource
0x838270 MultiByteToWideChar
0x838274 FindResourceExW
0x838278 FindResourceExA
0x83827c WideCharToMultiByte
0x838280 GetThreadLocale
0x838284 GetUserDefaultLCID
0x838288 GetSystemDefaultLCID
0x83828c EnumResourceNamesA
0x838290 EnumResourceNamesW
0x838294 EnumResourceLanguagesA
0x838298 EnumResourceLanguagesW
0x83829c EnumResourceTypesA
0x8382a0 EnumResourceTypesW
0x8382a4 CreateFileW
0x8382a8 LoadLibraryW
0x8382ac GetLastError
0x8382b0 FlushFileBuffers
0x8382b4 WriteConsoleW
0x8382b8 SetStdHandle
0x8382bc IsProcessorFeaturePresent
0x8382c0 DecodePointer
0x8382c4 GetCommandLineA
0x8382c8 RaiseException
0x8382cc HeapFree
0x8382d0 GetCPInfo
0x8382d4 InterlockedIncrement
0x8382d8 InterlockedDecrement
0x8382dc GetACP
0x8382e0 GetOEMCP
0x8382e4 IsValidCodePage
0x8382e8 EncodePointer
0x8382ec TlsAlloc
0x8382f0 TlsGetValue
0x8382f4 TlsSetValue
0x8382f8 TlsFree
0x8382fc SetLastError
0x838300 UnhandledExceptionFilter
0x838304 SetUnhandledExceptionFilter
0x838308 IsDebuggerPresent
0x83830c HeapAlloc
0x838310 LCMapStringW
0x838314 GetStringTypeW
0x838318 SetHandleCount
0x83831c GetStdHandle
0x838320 InitializeCriticalSectionAndSpinCount
0x838324 GetFileType
0x838328 GetStartupInfoW
0x83832c GetModuleFileNameA
0x838330 FreeEnvironmentStringsW
0x838334 GetEnvironmentStringsW
0x838338 HeapCreate
0x83833c HeapDestroy
0x838340 QueryPerformanceCounter
0x838344 HeapSize
0x838348 WriteFile
0x83834c RtlUnwind
0x838350 SetFilePointer
0x838354 GetConsoleCP
0x838358 GetConsoleMode
0x83835c HeapReAlloc
0x838360 VirtualQuery
USER32.dll
0x838368 CharUpperBuffW
KERNEL32.dll
0x838370 LocalAlloc
0x838374 LocalFree
0x838378 GetModuleFileNameW
0x83837c ExitProcess
0x838380 LoadLibraryA
0x838384 GetModuleHandleA
0x838388 GetProcAddress
EAT(Export Address Table) is none
KERNEL32.dll
0x838000 DeviceIoControl
0x838004 CreateToolhelp32Snapshot
0x838008 GetTickCount64
0x83800c Process32NextW
0x838010 CreateFileA
0x838014 Process32FirstW
0x838018 CloseHandle
0x83801c GetSystemInfo
0x838020 GetProcAddress
0x838024 GlobalMemoryStatusEx
0x838028 GetModuleFileNameA
0x83802c IsDebuggerPresent
0x838030 GetComputerNameA
0x838034 Sleep
0x838038 CreateDirectoryA
0x83803c WriteConsoleW
0x838040 HeapSize
0x838044 CreateFileW
0x838048 GetProcessHeap
0x83804c SetStdHandle
0x838050 SetEnvironmentVariableW
0x838054 FreeEnvironmentStringsW
0x838058 GlobalUnlock
0x83805c GlobalLock
0x838060 GlobalFree
0x838064 GetModuleHandleW
0x838068 GlobalAlloc
0x83806c GetEnvironmentStringsW
0x838070 GetOEMCP
0x838074 GetACP
0x838078 IsValidCodePage
0x83807c FindNextFileW
0x838080 FindFirstFileExW
0x838084 FindClose
0x838088 MultiByteToWideChar
0x83808c WideCharToMultiByte
0x838090 LCMapStringEx
0x838094 EnterCriticalSection
0x838098 LeaveCriticalSection
0x83809c InitializeCriticalSectionEx
0x8380a0 DeleteCriticalSection
0x8380a4 EncodePointer
0x8380a8 DecodePointer
0x8380ac CompareStringEx
0x8380b0 GetCPInfo
0x8380b4 GetStringTypeW
0x8380b8 IsProcessorFeaturePresent
0x8380bc QueryPerformanceCounter
0x8380c0 GetCurrentProcessId
0x8380c4 GetCurrentThreadId
0x8380c8 GetSystemTimeAsFileTime
0x8380cc InitializeSListHead
0x8380d0 UnhandledExceptionFilter
0x8380d4 SetUnhandledExceptionFilter
0x8380d8 GetStartupInfoW
0x8380dc GetCurrentProcess
0x8380e0 TerminateProcess
0x8380e4 RtlUnwind
0x8380e8 RaiseException
0x8380ec GetLastError
0x8380f0 SetLastError
0x8380f4 InitializeCriticalSectionAndSpinCount
0x8380f8 TlsAlloc
0x8380fc TlsGetValue
0x838100 TlsSetValue
0x838104 TlsFree
0x838108 FreeLibrary
0x83810c LoadLibraryExW
0x838110 GetStdHandle
0x838114 WriteFile
0x838118 GetModuleFileNameW
0x83811c ExitProcess
0x838120 GetModuleHandleExW
0x838124 GetCommandLineA
0x838128 GetCommandLineW
0x83812c HeapReAlloc
0x838130 CompareStringW
0x838134 LCMapStringW
0x838138 GetLocaleInfoW
0x83813c IsValidLocale
0x838140 GetUserDefaultLCID
0x838144 EnumSystemLocalesW
0x838148 HeapFree
0x83814c GetFileSizeEx
0x838150 SetFilePointerEx
0x838154 GetFileType
0x838158 FlushFileBuffers
0x83815c GetConsoleOutputCP
0x838160 GetConsoleMode
0x838164 HeapAlloc
0x838168 ReadFile
0x83816c ReadConsoleW
0x838170 SetEndOfFile
USER32.dll
0x838178 EmptyClipboard
0x83817c GetClipboardData
0x838180 OpenClipboard
0x838184 CloseClipboard
0x838188 SetClipboardData
ADVAPI32.dll
0x838190 RegSetValueExA
0x838194 RegOpenKeyExW
0x838198 GetUserNameA
0x83819c RegCloseKey
SHELL32.dll
0x8381a4 ShellExecuteA
0x8381a8 SHGetFolderPathA
WININET.dll
0x8381b0 InternetCloseHandle
0x8381b4 HttpOpenRequestA
0x8381b8 InternetOpenA
0x8381bc HttpSendRequestW
0x8381c0 InternetConnectA
0x8381c4 InternetReadFile
KERNEL32.dll
0x8381cc GetSystemTimeAsFileTime
0x8381d0 GetModuleHandleA
0x8381d4 CreateEventA
0x8381d8 GetModuleFileNameW
0x8381dc TerminateProcess
0x8381e0 GetCurrentProcess
0x8381e4 CreateToolhelp32Snapshot
0x8381e8 Thread32First
0x8381ec GetCurrentProcessId
0x8381f0 GetCurrentThreadId
0x8381f4 OpenThread
0x8381f8 Thread32Next
0x8381fc CloseHandle
0x838200 SuspendThread
0x838204 ResumeThread
0x838208 WriteProcessMemory
0x83820c GetSystemInfo
0x838210 VirtualAlloc
0x838214 VirtualProtect
0x838218 VirtualFree
0x83821c GetProcessAffinityMask
0x838220 SetProcessAffinityMask
0x838224 GetCurrentThread
0x838228 SetThreadAffinityMask
0x83822c Sleep
0x838230 LoadLibraryA
0x838234 FreeLibrary
0x838238 GetTickCount
0x83823c SystemTimeToFileTime
0x838240 FileTimeToSystemTime
0x838244 GlobalFree
0x838248 LocalAlloc
0x83824c LocalFree
0x838250 GetProcAddress
0x838254 ExitProcess
0x838258 EnterCriticalSection
0x83825c LeaveCriticalSection
0x838260 InitializeCriticalSection
0x838264 DeleteCriticalSection
0x838268 GetModuleHandleW
0x83826c LoadResource
0x838270 MultiByteToWideChar
0x838274 FindResourceExW
0x838278 FindResourceExA
0x83827c WideCharToMultiByte
0x838280 GetThreadLocale
0x838284 GetUserDefaultLCID
0x838288 GetSystemDefaultLCID
0x83828c EnumResourceNamesA
0x838290 EnumResourceNamesW
0x838294 EnumResourceLanguagesA
0x838298 EnumResourceLanguagesW
0x83829c EnumResourceTypesA
0x8382a0 EnumResourceTypesW
0x8382a4 CreateFileW
0x8382a8 LoadLibraryW
0x8382ac GetLastError
0x8382b0 FlushFileBuffers
0x8382b4 WriteConsoleW
0x8382b8 SetStdHandle
0x8382bc IsProcessorFeaturePresent
0x8382c0 DecodePointer
0x8382c4 GetCommandLineA
0x8382c8 RaiseException
0x8382cc HeapFree
0x8382d0 GetCPInfo
0x8382d4 InterlockedIncrement
0x8382d8 InterlockedDecrement
0x8382dc GetACP
0x8382e0 GetOEMCP
0x8382e4 IsValidCodePage
0x8382e8 EncodePointer
0x8382ec TlsAlloc
0x8382f0 TlsGetValue
0x8382f4 TlsSetValue
0x8382f8 TlsFree
0x8382fc SetLastError
0x838300 UnhandledExceptionFilter
0x838304 SetUnhandledExceptionFilter
0x838308 IsDebuggerPresent
0x83830c HeapAlloc
0x838310 LCMapStringW
0x838314 GetStringTypeW
0x838318 SetHandleCount
0x83831c GetStdHandle
0x838320 InitializeCriticalSectionAndSpinCount
0x838324 GetFileType
0x838328 GetStartupInfoW
0x83832c GetModuleFileNameA
0x838330 FreeEnvironmentStringsW
0x838334 GetEnvironmentStringsW
0x838338 HeapCreate
0x83833c HeapDestroy
0x838340 QueryPerformanceCounter
0x838344 HeapSize
0x838348 WriteFile
0x83834c RtlUnwind
0x838350 SetFilePointer
0x838354 GetConsoleCP
0x838358 GetConsoleMode
0x83835c HeapReAlloc
0x838360 VirtualQuery
USER32.dll
0x838368 CharUpperBuffW
KERNEL32.dll
0x838370 LocalAlloc
0x838374 LocalFree
0x838378 GetModuleFileNameW
0x83837c ExitProcess
0x838380 LoadLibraryA
0x838384 GetModuleHandleA
0x838388 GetProcAddress
EAT(Export Address Table) is none