ScreenShot
| Created | 2023.03.27 10:34 | Machine | s1_win7_x6401 |
| Filename | a.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 41 detected (Hacktool, Hijak, Tool, UACMe, Ulise, Vwun, malicious, confidence, 100%, Eldorado, Attribute, HighConfidence, high confidence, score, HacktoolX, Gencirc, Drixed, AGEN, ColorUAC, Detected, R533556, Artemis, ai score=81, R002H0CCH23, Crypto, W9zjiRQyiSN, fQ57oq3YJ1g, susgen) | ||
| md5 | 1dc49de091d11dd75ff77444e1b2e286 | ||
| sha256 | 067874627d98163c43bd4626c24911e4eda83dc42dc5940addbd17abb493d5fc | ||
| ssdeep | 3072:a2ESa+9yVb9w6k00pHT3g1n4M7RJtsE04rlod8I2sWpYl7k1E4I1bTMq:a2ESa88ILV3g1nTlo8pO4C | ||
| imphash | 5834ed4291bdeb928270428ebbaf7604 | ||
| impfuzzy | 96:MMv4+X15XXTfrLsSBKSyLJMLaFtmj9bh+Z/54pCGEL1TX:MM9F5AdSyqWO9t+v2s1TX | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 41 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1400140e8 SetFilePointer
0x1400140f0 GetFileInformationByHandle
0x1400140f8 GetTempPathA
0x140014100 CreateFileA
0x140014108 DeleteFileA
0x140014110 FileTimeToLocalFileTime
0x140014118 WideCharToMultiByte
0x140014120 GetTempFileNameA
0x140014128 FileTimeToDosDateTime
0x140014130 HeapCreate
0x140014138 HeapAlloc
0x140014140 HeapDestroy
0x140014148 CreateDirectoryW
0x140014150 CompareFileTime
0x140014158 TerminateProcess
0x140014160 RemoveDirectoryW
0x140014168 SetEndOfFile
0x140014170 CreateFileW
0x140014178 ResumeThread
0x140014180 DeleteFileW
0x140014188 MoveFileExW
0x140014190 CreateProcessW
0x140014198 GetFileTime
0x1400141a0 GetExitCodeProcess
0x1400141a8 CopyFileW
0x1400141b0 GetFileAttributesW
0x1400141b8 LoadLibraryW
0x1400141c0 GetCurrentDirectoryW
0x1400141c8 SetCurrentDirectoryW
0x1400141d0 GetStartupInfoW
0x1400141d8 WaitForDebugEvent
0x1400141e0 InitializeProcThreadAttributeList
0x1400141e8 ContinueDebugEvent
0x1400141f0 UpdateProcThreadAttribute
0x1400141f8 DeleteProcThreadAttributeList
0x140014200 TerminateThread
0x140014208 CreateThread
0x140014210 SetThreadPriority
0x140014218 VirtualFree
0x140014220 FreeLibrary
0x140014228 LocalAlloc
0x140014230 GetCurrentThreadId
0x140014238 OpenProcess
0x140014240 SetEvent
0x140014248 LocalFree
0x140014250 GetStringTypeW
0x140014258 ReadFile
0x140014260 GetOEMCP
0x140014268 GetACP
0x140014270 IsValidCodePage
0x140014278 FindClose
0x140014280 FindNextFileW
0x140014288 FindFirstFileW
0x140014290 GetTickCount
0x140014298 GetModuleHandleW
0x1400142a0 GetProcAddress
0x1400142a8 Sleep
0x1400142b0 CloseHandle
0x1400142b8 GetLastError
0x1400142c0 CreateEventW
0x1400142c8 WaitForSingleObject
0x1400142d0 SetLastError
0x1400142d8 GetModuleFileNameW
0x1400142e0 LCMapStringW
0x1400142e8 LeaveCriticalSection
0x1400142f0 EnterCriticalSection
0x1400142f8 HeapFree
0x140014300 SetUnhandledExceptionFilter
0x140014308 UnhandledExceptionFilter
0x140014310 IsDebuggerPresent
0x140014318 GetModuleHandleExW
0x140014320 IsProcessorFeaturePresent
0x140014328 TlsSetValue
0x140014330 TlsGetValue
0x140014338 WriteFile
0x140014340 ExitProcess
0x140014348 GetCommandLineW
0x140014350 GetCPInfo
0x140014358 LoadLibraryExW
0x140014360 GetCurrentProcess
0x140014368 VirtualAlloc
0x140014370 MultiByteToWideChar
USER32.dll
0x140014440 SendMessageTimeoutW
0x140014448 GetShellWindow
0x140014450 GetThreadDesktop
0x140014458 CharPrevW
0x140014460 GetUserObjectInformationW
0x140014468 GetProcessWindowStation
0x140014470 GetWindowThreadProcessId
ADVAPI32.dll
0x140014000 RegCloseKey
0x140014008 QueryServiceStatusEx
0x140014010 RegSetKeyValueW
0x140014018 CreateWellKnownSid
0x140014020 RegFlushKey
0x140014028 RegEnumKeyExW
0x140014030 RegOpenKeyW
0x140014038 CreateProcessAsUserW
0x140014040 RegRenameKey
0x140014048 RegDeleteKeyW
0x140014050 RegCreateKeyW
0x140014058 RegEnumValueW
0x140014060 RegQueryInfoKeyW
0x140014068 CloseServiceHandle
0x140014070 OpenSCManagerW
0x140014078 RegCreateKeyExW
0x140014080 RegSetValueExW
0x140014088 StartServiceW
0x140014090 RegOpenKeyExW
0x140014098 RegDeleteValueW
0x1400140a0 OpenServiceW
SHELL32.dll
0x140014410 SHGetKnownFolderPath
0x140014418 ShellExecuteExW
0x140014420 SHAssocEnumHandlersForProtocolByApplication
0x140014428 SHGetSpecialFolderPathW
0x140014430 SHCreateItemFromParsingName
ole32.dll
0x140014770 CoCreateGuid
0x140014778 CoCreateInstance
0x140014780 CoUninitialize
0x140014788 CoInitializeSecurity
0x140014790 CoGetObject
0x140014798 CLSIDFromString
0x1400147a0 CoTaskMemFree
0x1400147a8 StringFromCLSID
0x1400147b0 CoInitializeEx
OLEAUT32.dll
0x140014380 SysStringLen
0x140014388 SysAllocString
0x140014390 SysFreeString
0x140014398 VariantInit
RPCRT4.dll
0x1400143a8 RpcBindingSetAuthInfoExW
0x1400143b0 RpcRaiseException
0x1400143b8 RpcAsyncInitializeHandle
0x1400143c0 RpcAsyncCompleteCall
0x1400143c8 RpcBindingFree
0x1400143d0 NdrAsyncClientCall
0x1400143d8 UuidCreateNil
0x1400143e0 UuidCompare
0x1400143e8 NdrClientCall2
0x1400143f0 RpcBindingFromStringBindingW
0x1400143f8 RpcStringBindingComposeW
0x140014400 RpcStringFreeW
ntdll.dll
0x1400144d0 NtDeleteKey
0x1400144d8 RtlNtStatusToDosErrorNoTeb
0x1400144e0 NtFreeVirtualMemory
0x1400144e8 RtlInitializeSid
0x1400144f0 RtlDestroyHeap
0x1400144f8 RtlAllocateHeap
0x140014500 NtQuerySystemInformation
0x140014508 RtlSubAuthoritySid
0x140014510 RtlCreateBoundaryDescriptor
0x140014518 LdrGetDllHandle
0x140014520 NtQueryInformationProcess
0x140014528 RtlDeleteBoundaryDescriptor
0x140014530 NtOpenProcess
0x140014538 LdrFindResource_U
0x140014540 NtReadFile
0x140014548 NtQueryInformationToken
0x140014550 NtAllocateVirtualMemory
0x140014558 LdrEnumerateLoadedModules
0x140014560 RtlPrefixUnicodeString
0x140014568 NtDeleteValueKey
0x140014570 RtlLengthRequiredSid
0x140014578 RtlAcquirePebLock
0x140014580 RtlImageNtHeader
0x140014588 RtlGetVersion
0x140014590 RtlPushFrame
0x140014598 NtFsControlFile
0x1400145a0 NtDeleteFile
0x1400145a8 NtCreatePrivateNamespace
0x1400145b0 NtQueryInformationFile
0x1400145b8 DbgUiSetThreadDebugObject
0x1400145c0 RtlFreeHeap
0x1400145c8 RtlRaiseStatus
0x1400145d0 RtlSetHeapInformation
0x1400145d8 RtlCreateHeap
0x1400145e0 LdrFindEntryForAddress
0x1400145e8 RtlAddSIDToBoundaryDescriptor
0x1400145f0 RtlReleasePebLock
0x1400145f8 RtlExpandEnvironmentStrings_U
0x140014600 NtQueryValueKey
0x140014608 LdrAccessResource
0x140014610 RtlUnwindEx
0x140014618 NtCreateKey
0x140014620 NtMapViewOfSection
0x140014628 NtUnmapViewOfSection
0x140014630 NtCreateEvent
0x140014638 NtClose
0x140014640 RtlInitUnicodeString
0x140014648 RtlRandomEx
0x140014650 RtlEqualUnicodeString
0x140014658 RtlPopFrame
0x140014660 NtNotifyChangeDirectoryFile
0x140014668 RtlGetFrame
0x140014670 NtWaitForSingleObject
0x140014678 NtCreateFile
0x140014680 NtSetEvent
0x140014688 RtlDosPathNameToNtPathName_U
0x140014690 RtlFreeUnicodeString
0x140014698 NtTerminateProcess
0x1400146a0 NtCreateSection
0x1400146a8 RtlComputeCrc32
0x1400146b0 RtlQueryElevationFlags
0x1400146b8 LdrGetDllHandleEx
0x1400146c0 RtlCaptureContext
0x1400146c8 RtlLookupFunctionEntry
0x1400146d0 RtlVirtualUnwind
0x1400146d8 NtCompressKey
0x1400146e0 RtlExitUserProcess
0x1400146e8 RtlImageDirectoryEntryToData
0x1400146f0 RtlFreeSid
0x1400146f8 NtDuplicateObject
0x140014700 RtlLengthSid
0x140014708 RtlAllocateAndInitializeSid
0x140014710 NtSetInformationToken
0x140014718 NtRemoveProcessDebug
0x140014720 NtDuplicateToken
0x140014728 NtSetValueKey
0x140014730 RtlFormatCurrentUserKeyPath
0x140014738 NtOpenKey
0x140014740 NtOpenProcessToken
0x140014748 RtlAppendUnicodeToString
0x140014750 NtDeletePrivateNamespace
0x140014758 RtlAppendUnicodeStringToString
0x140014760 RtlGetCurrentPeb
COMCTL32.dll
0x1400140b0 None
Cabinet.dll
0x1400140c0 None
0x1400140c8 None
0x1400140d0 None
0x1400140d8 None
msdelta.dll
0x1400144b8 ApplyDeltaB
0x1400144c0 DeltaFree
crypt.dll
0x140014480 BCryptCloseAlgorithmProvider
0x140014488 BCryptOpenAlgorithmProvider
0x140014490 BCryptDecrypt
0x140014498 BCryptGetProperty
0x1400144a0 BCryptDestroyKey
0x1400144a8 BCryptGenerateSymmetricKey
EAT(Export Address Table) is none
KERNEL32.dll
0x1400140e8 SetFilePointer
0x1400140f0 GetFileInformationByHandle
0x1400140f8 GetTempPathA
0x140014100 CreateFileA
0x140014108 DeleteFileA
0x140014110 FileTimeToLocalFileTime
0x140014118 WideCharToMultiByte
0x140014120 GetTempFileNameA
0x140014128 FileTimeToDosDateTime
0x140014130 HeapCreate
0x140014138 HeapAlloc
0x140014140 HeapDestroy
0x140014148 CreateDirectoryW
0x140014150 CompareFileTime
0x140014158 TerminateProcess
0x140014160 RemoveDirectoryW
0x140014168 SetEndOfFile
0x140014170 CreateFileW
0x140014178 ResumeThread
0x140014180 DeleteFileW
0x140014188 MoveFileExW
0x140014190 CreateProcessW
0x140014198 GetFileTime
0x1400141a0 GetExitCodeProcess
0x1400141a8 CopyFileW
0x1400141b0 GetFileAttributesW
0x1400141b8 LoadLibraryW
0x1400141c0 GetCurrentDirectoryW
0x1400141c8 SetCurrentDirectoryW
0x1400141d0 GetStartupInfoW
0x1400141d8 WaitForDebugEvent
0x1400141e0 InitializeProcThreadAttributeList
0x1400141e8 ContinueDebugEvent
0x1400141f0 UpdateProcThreadAttribute
0x1400141f8 DeleteProcThreadAttributeList
0x140014200 TerminateThread
0x140014208 CreateThread
0x140014210 SetThreadPriority
0x140014218 VirtualFree
0x140014220 FreeLibrary
0x140014228 LocalAlloc
0x140014230 GetCurrentThreadId
0x140014238 OpenProcess
0x140014240 SetEvent
0x140014248 LocalFree
0x140014250 GetStringTypeW
0x140014258 ReadFile
0x140014260 GetOEMCP
0x140014268 GetACP
0x140014270 IsValidCodePage
0x140014278 FindClose
0x140014280 FindNextFileW
0x140014288 FindFirstFileW
0x140014290 GetTickCount
0x140014298 GetModuleHandleW
0x1400142a0 GetProcAddress
0x1400142a8 Sleep
0x1400142b0 CloseHandle
0x1400142b8 GetLastError
0x1400142c0 CreateEventW
0x1400142c8 WaitForSingleObject
0x1400142d0 SetLastError
0x1400142d8 GetModuleFileNameW
0x1400142e0 LCMapStringW
0x1400142e8 LeaveCriticalSection
0x1400142f0 EnterCriticalSection
0x1400142f8 HeapFree
0x140014300 SetUnhandledExceptionFilter
0x140014308 UnhandledExceptionFilter
0x140014310 IsDebuggerPresent
0x140014318 GetModuleHandleExW
0x140014320 IsProcessorFeaturePresent
0x140014328 TlsSetValue
0x140014330 TlsGetValue
0x140014338 WriteFile
0x140014340 ExitProcess
0x140014348 GetCommandLineW
0x140014350 GetCPInfo
0x140014358 LoadLibraryExW
0x140014360 GetCurrentProcess
0x140014368 VirtualAlloc
0x140014370 MultiByteToWideChar
USER32.dll
0x140014440 SendMessageTimeoutW
0x140014448 GetShellWindow
0x140014450 GetThreadDesktop
0x140014458 CharPrevW
0x140014460 GetUserObjectInformationW
0x140014468 GetProcessWindowStation
0x140014470 GetWindowThreadProcessId
ADVAPI32.dll
0x140014000 RegCloseKey
0x140014008 QueryServiceStatusEx
0x140014010 RegSetKeyValueW
0x140014018 CreateWellKnownSid
0x140014020 RegFlushKey
0x140014028 RegEnumKeyExW
0x140014030 RegOpenKeyW
0x140014038 CreateProcessAsUserW
0x140014040 RegRenameKey
0x140014048 RegDeleteKeyW
0x140014050 RegCreateKeyW
0x140014058 RegEnumValueW
0x140014060 RegQueryInfoKeyW
0x140014068 CloseServiceHandle
0x140014070 OpenSCManagerW
0x140014078 RegCreateKeyExW
0x140014080 RegSetValueExW
0x140014088 StartServiceW
0x140014090 RegOpenKeyExW
0x140014098 RegDeleteValueW
0x1400140a0 OpenServiceW
SHELL32.dll
0x140014410 SHGetKnownFolderPath
0x140014418 ShellExecuteExW
0x140014420 SHAssocEnumHandlersForProtocolByApplication
0x140014428 SHGetSpecialFolderPathW
0x140014430 SHCreateItemFromParsingName
ole32.dll
0x140014770 CoCreateGuid
0x140014778 CoCreateInstance
0x140014780 CoUninitialize
0x140014788 CoInitializeSecurity
0x140014790 CoGetObject
0x140014798 CLSIDFromString
0x1400147a0 CoTaskMemFree
0x1400147a8 StringFromCLSID
0x1400147b0 CoInitializeEx
OLEAUT32.dll
0x140014380 SysStringLen
0x140014388 SysAllocString
0x140014390 SysFreeString
0x140014398 VariantInit
RPCRT4.dll
0x1400143a8 RpcBindingSetAuthInfoExW
0x1400143b0 RpcRaiseException
0x1400143b8 RpcAsyncInitializeHandle
0x1400143c0 RpcAsyncCompleteCall
0x1400143c8 RpcBindingFree
0x1400143d0 NdrAsyncClientCall
0x1400143d8 UuidCreateNil
0x1400143e0 UuidCompare
0x1400143e8 NdrClientCall2
0x1400143f0 RpcBindingFromStringBindingW
0x1400143f8 RpcStringBindingComposeW
0x140014400 RpcStringFreeW
ntdll.dll
0x1400144d0 NtDeleteKey
0x1400144d8 RtlNtStatusToDosErrorNoTeb
0x1400144e0 NtFreeVirtualMemory
0x1400144e8 RtlInitializeSid
0x1400144f0 RtlDestroyHeap
0x1400144f8 RtlAllocateHeap
0x140014500 NtQuerySystemInformation
0x140014508 RtlSubAuthoritySid
0x140014510 RtlCreateBoundaryDescriptor
0x140014518 LdrGetDllHandle
0x140014520 NtQueryInformationProcess
0x140014528 RtlDeleteBoundaryDescriptor
0x140014530 NtOpenProcess
0x140014538 LdrFindResource_U
0x140014540 NtReadFile
0x140014548 NtQueryInformationToken
0x140014550 NtAllocateVirtualMemory
0x140014558 LdrEnumerateLoadedModules
0x140014560 RtlPrefixUnicodeString
0x140014568 NtDeleteValueKey
0x140014570 RtlLengthRequiredSid
0x140014578 RtlAcquirePebLock
0x140014580 RtlImageNtHeader
0x140014588 RtlGetVersion
0x140014590 RtlPushFrame
0x140014598 NtFsControlFile
0x1400145a0 NtDeleteFile
0x1400145a8 NtCreatePrivateNamespace
0x1400145b0 NtQueryInformationFile
0x1400145b8 DbgUiSetThreadDebugObject
0x1400145c0 RtlFreeHeap
0x1400145c8 RtlRaiseStatus
0x1400145d0 RtlSetHeapInformation
0x1400145d8 RtlCreateHeap
0x1400145e0 LdrFindEntryForAddress
0x1400145e8 RtlAddSIDToBoundaryDescriptor
0x1400145f0 RtlReleasePebLock
0x1400145f8 RtlExpandEnvironmentStrings_U
0x140014600 NtQueryValueKey
0x140014608 LdrAccessResource
0x140014610 RtlUnwindEx
0x140014618 NtCreateKey
0x140014620 NtMapViewOfSection
0x140014628 NtUnmapViewOfSection
0x140014630 NtCreateEvent
0x140014638 NtClose
0x140014640 RtlInitUnicodeString
0x140014648 RtlRandomEx
0x140014650 RtlEqualUnicodeString
0x140014658 RtlPopFrame
0x140014660 NtNotifyChangeDirectoryFile
0x140014668 RtlGetFrame
0x140014670 NtWaitForSingleObject
0x140014678 NtCreateFile
0x140014680 NtSetEvent
0x140014688 RtlDosPathNameToNtPathName_U
0x140014690 RtlFreeUnicodeString
0x140014698 NtTerminateProcess
0x1400146a0 NtCreateSection
0x1400146a8 RtlComputeCrc32
0x1400146b0 RtlQueryElevationFlags
0x1400146b8 LdrGetDllHandleEx
0x1400146c0 RtlCaptureContext
0x1400146c8 RtlLookupFunctionEntry
0x1400146d0 RtlVirtualUnwind
0x1400146d8 NtCompressKey
0x1400146e0 RtlExitUserProcess
0x1400146e8 RtlImageDirectoryEntryToData
0x1400146f0 RtlFreeSid
0x1400146f8 NtDuplicateObject
0x140014700 RtlLengthSid
0x140014708 RtlAllocateAndInitializeSid
0x140014710 NtSetInformationToken
0x140014718 NtRemoveProcessDebug
0x140014720 NtDuplicateToken
0x140014728 NtSetValueKey
0x140014730 RtlFormatCurrentUserKeyPath
0x140014738 NtOpenKey
0x140014740 NtOpenProcessToken
0x140014748 RtlAppendUnicodeToString
0x140014750 NtDeletePrivateNamespace
0x140014758 RtlAppendUnicodeStringToString
0x140014760 RtlGetCurrentPeb
COMCTL32.dll
0x1400140b0 None
Cabinet.dll
0x1400140c0 None
0x1400140c8 None
0x1400140d0 None
0x1400140d8 None
msdelta.dll
0x1400144b8 ApplyDeltaB
0x1400144c0 DeltaFree
crypt.dll
0x140014480 BCryptCloseAlgorithmProvider
0x140014488 BCryptOpenAlgorithmProvider
0x140014490 BCryptDecrypt
0x140014498 BCryptGetProperty
0x1400144a0 BCryptDestroyKey
0x1400144a8 BCryptGenerateSymmetricKey
EAT(Export Address Table) is none