ScreenShot
| Created | 2023.03.27 10:30 | Machine | s1_win7_x6403 |
| Filename | update.exe | ||
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 41 detected (Stealerc, GenericKD, Trojanpws, TrojanPSW, ABRisk, IHWE, Attribute, HighConfidence, malicious, moderate confidence, GenKryptik, GHXH, score, PWSX, FalseSign, Qgil, Siggen3, STEALC, YXDCUZ, Artemis, xapjy, Woreflint, Malware@#3o1ol80jzf06c, Casdet, Detected, ai score=85, BScope, LClipper, x1FyXGvCI3U, Krypt, PossibleThreat, Chgt) | ||
| md5 | 93b9f5bf918b7e5de262a85214aa8fea | ||
| sha256 | 64b0d4ff01dc13572b748c0caa19d797aa6841994a90e5643d23dd5c692c0f17 | ||
| ssdeep | 24576:6122eyR3deGLPN5MaifsiDeMlJvtaBZ8X45FlkhkaSQ8I7IC+jLq38OHD:0h0GLPN5Ma3ebMZ8X45FO6Q8S+jLq3j | ||
| imphash | 85a54fad2bd6b77afdc3a0e3e1364550 | ||
| impfuzzy | 96:NN+9W5W6ttFWA55nH6buxKcXHdbxofPDRufI9yXiX1SjwJGdN17qtj5:L+9W5W6ttFWA5nt2wWySFGd3mtj5 | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 41 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Sends data using the HTTP POST Method |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Queries for the computername |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
advapi32.dll
0x5ef440 OpenProcessToken
crypt.dll
0x5ef448 BCryptCloseAlgorithmProvider
0x5ef44c BCryptGenRandom
0x5ef450 BCryptOpenAlgorithmProvider
kernel32.dll
0x5ef458 AcquireSRWLockExclusive
0x5ef45c AcquireSRWLockShared
0x5ef460 AddVectoredExceptionHandler
0x5ef464 CancelIo
0x5ef468 CloseHandle
0x5ef46c CompareStringOrdinal
0x5ef470 CopyFileExW
0x5ef474 CreateDirectoryW
0x5ef478 CreateEventW
0x5ef47c CreateFileMappingA
0x5ef480 CreateFileW
0x5ef484 CreateHardLinkW
0x5ef488 CreateMutexA
0x5ef48c CreateNamedPipeW
0x5ef490 CreateProcessW
0x5ef494 CreateSymbolicLinkW
0x5ef498 CreateThread
0x5ef49c CreateToolhelp32Snapshot
0x5ef4a0 DeleteFileW
0x5ef4a4 DeviceIoControl
0x5ef4a8 DuplicateHandle
0x5ef4ac ExitProcess
0x5ef4b0 FindClose
0x5ef4b4 FindFirstFileW
0x5ef4b8 FindNextFileW
0x5ef4bc FlushFileBuffers
0x5ef4c0 FormatMessageW
0x5ef4c4 FreeEnvironmentStringsW
0x5ef4c8 FreeLibrary
0x5ef4cc GetCommandLineW
0x5ef4d0 GetConsoleMode
0x5ef4d4 GetCurrentDirectoryW
0x5ef4d8 GetCurrentProcess
0x5ef4dc GetCurrentProcessId
0x5ef4e0 GetCurrentThread
0x5ef4e4 GetEnvironmentStringsW
0x5ef4e8 GetEnvironmentVariableW
0x5ef4ec GetExitCodeProcess
0x5ef4f0 GetFileAttributesW
0x5ef4f4 GetFileInformationByHandle
0x5ef4f8 GetFileInformationByHandleEx
0x5ef4fc GetFileType
0x5ef500 GetFinalPathNameByHandleW
0x5ef504 GetFullPathNameW
0x5ef508 GetLastError
0x5ef50c GetModuleFileNameW
0x5ef510 GetModuleHandleA
0x5ef514 GetModuleHandleW
0x5ef518 GetOverlappedResult
0x5ef51c GetProcAddress
0x5ef520 GetProcessHeap
0x5ef524 GetProcessId
0x5ef528 GetStartupInfoA
0x5ef52c GetStdHandle
0x5ef530 GetSystemDirectoryW
0x5ef534 GetSystemInfo
0x5ef538 GetSystemTimeAsFileTime
0x5ef53c GetTempPathW
0x5ef540 GetWindowsDirectoryW
0x5ef544 GlobalAlloc
0x5ef548 HeapAlloc
0x5ef54c HeapFree
0x5ef550 HeapReAlloc
0x5ef554 InitOnceBeginInitialize
0x5ef558 InitOnceComplete
0x5ef55c LoadLibraryA
0x5ef560 LoadLibraryW
0x5ef564 MapViewOfFile
0x5ef568 Module32FirstW
0x5ef56c Module32NextW
0x5ef570 MoveFileExW
0x5ef574 QueryPerformanceCounter
0x5ef578 QueryPerformanceFrequency
0x5ef57c ReadConsoleW
0x5ef580 ReadFile
0x5ef584 ReadFileEx
0x5ef588 ReleaseMutex
0x5ef58c ReleaseSRWLockExclusive
0x5ef590 ReleaseSRWLockShared
0x5ef594 RemoveDirectoryW
0x5ef598 RtlCaptureContext
0x5ef59c SetCurrentDirectoryW
0x5ef5a0 SetEnvironmentVariableW
0x5ef5a4 SetEvent
0x5ef5a8 SetFileAttributesW
0x5ef5ac SetFileInformationByHandle
0x5ef5b0 SetFilePointerEx
0x5ef5b4 SetFileTime
0x5ef5b8 SetHandleInformation
0x5ef5bc SetLastError
0x5ef5c0 SetThreadStackGuarantee
0x5ef5c4 SetUnhandledExceptionFilter
0x5ef5c8 Sleep
0x5ef5cc SleepConditionVariableSRW
0x5ef5d0 SleepEx
0x5ef5d4 SwitchToThread
0x5ef5d8 TerminateProcess
0x5ef5dc TlsAlloc
0x5ef5e0 TlsFree
0x5ef5e4 TlsGetValue
0x5ef5e8 TlsSetValue
0x5ef5ec TryAcquireSRWLockExclusive
0x5ef5f0 UnmapViewOfFile
0x5ef5f4 VirtualProtect
0x5ef5f8 WaitForMultipleObjects
0x5ef5fc WaitForSingleObject
0x5ef600 WaitForSingleObjectEx
0x5ef604 WakeAllConditionVariable
0x5ef608 WakeConditionVariable
0x5ef60c WriteConsoleW
0x5ef610 WriteFileEx
ole32.dll
0x5ef618 CoCreateGuid
oleaut32.dll
0x5ef620 GetErrorInfo
0x5ef624 SetErrorInfo
0x5ef628 SysAllocStringLen
0x5ef62c SysFreeString
0x5ef630 SysStringLen
userenv.dll
0x5ef638 GetUserProfileDirectoryW
ws2_32.dll
0x5ef640 WSACleanup
0x5ef644 WSADuplicateSocketW
0x5ef648 WSAGetLastError
0x5ef64c WSARecv
0x5ef650 WSASend
0x5ef654 WSASocketW
0x5ef658 WSAStartup
0x5ef65c accept
0x5ef660 ind
0x5ef664 closesocket
0x5ef668 connect
0x5ef66c freeaddrinfo
0x5ef670 getaddrinfo
0x5ef674 getpeername
0x5ef678 getsockname
0x5ef67c getsockopt
0x5ef680 ioctlsocket
0x5ef684 listen
0x5ef688 recv
0x5ef68c recvfrom
0x5ef690 select
0x5ef694 send
0x5ef698 sendto
0x5ef69c setsockopt
0x5ef6a0 shutdown
KERNEL32.dll
0x5ef6a8 CreateEventA
0x5ef6ac CreateSemaphoreA
0x5ef6b0 DeleteCriticalSection
0x5ef6b4 EnterCriticalSection
0x5ef6b8 GetCurrentThreadId
0x5ef6bc GetHandleInformation
0x5ef6c0 GetProcessAffinityMask
0x5ef6c4 GetThreadContext
0x5ef6c8 GetThreadPriority
0x5ef6cc GetTickCount
0x5ef6d0 InitializeCriticalSection
0x5ef6d4 IsDebuggerPresent
0x5ef6d8 LeaveCriticalSection
0x5ef6dc OutputDebugStringA
0x5ef6e0 RaiseException
0x5ef6e4 ReleaseSemaphore
0x5ef6e8 RemoveVectoredExceptionHandler
0x5ef6ec ResetEvent
0x5ef6f0 ResumeThread
0x5ef6f4 SetProcessAffinityMask
0x5ef6f8 SetThreadContext
0x5ef6fc SetThreadPriority
0x5ef700 SuspendThread
0x5ef704 TryEnterCriticalSection
0x5ef708 UnhandledExceptionFilter
0x5ef70c VirtualQuery
msvcrt.dll
0x5ef714 __dllonexit
0x5ef718 __getmainargs
0x5ef71c __initenv
0x5ef720 __lconv_init
0x5ef724 __set_app_type
0x5ef728 __setusermatherr
0x5ef72c _acmdln
0x5ef730 _amsg_exit
0x5ef734 _beginthreadex
0x5ef738 _cexit
0x5ef73c _endthreadex
0x5ef740 _fmode
0x5ef744 _fpreset
0x5ef748 _initterm
0x5ef74c _iob
0x5ef750 _lock
0x5ef754 _onexit
0x5ef758 _setjmp3
0x5ef75c _strdup
0x5ef760 _ultoa
0x5ef764 _unlock
0x5ef768 abort
0x5ef76c calloc
0x5ef770 exit
0x5ef774 fprintf
0x5ef778 free
0x5ef77c fwrite
0x5ef780 longjmp
0x5ef784 malloc
0x5ef788 memcmp
0x5ef78c memcpy
0x5ef790 memmove
0x5ef794 memset
0x5ef798 printf
0x5ef79c realloc
0x5ef7a0 signal
0x5ef7a4 strlen
0x5ef7a8 strncmp
0x5ef7ac vfprintf
0x5ef7b0 wcslen
EAT(Export Address Table) is none
advapi32.dll
0x5ef440 OpenProcessToken
crypt.dll
0x5ef448 BCryptCloseAlgorithmProvider
0x5ef44c BCryptGenRandom
0x5ef450 BCryptOpenAlgorithmProvider
kernel32.dll
0x5ef458 AcquireSRWLockExclusive
0x5ef45c AcquireSRWLockShared
0x5ef460 AddVectoredExceptionHandler
0x5ef464 CancelIo
0x5ef468 CloseHandle
0x5ef46c CompareStringOrdinal
0x5ef470 CopyFileExW
0x5ef474 CreateDirectoryW
0x5ef478 CreateEventW
0x5ef47c CreateFileMappingA
0x5ef480 CreateFileW
0x5ef484 CreateHardLinkW
0x5ef488 CreateMutexA
0x5ef48c CreateNamedPipeW
0x5ef490 CreateProcessW
0x5ef494 CreateSymbolicLinkW
0x5ef498 CreateThread
0x5ef49c CreateToolhelp32Snapshot
0x5ef4a0 DeleteFileW
0x5ef4a4 DeviceIoControl
0x5ef4a8 DuplicateHandle
0x5ef4ac ExitProcess
0x5ef4b0 FindClose
0x5ef4b4 FindFirstFileW
0x5ef4b8 FindNextFileW
0x5ef4bc FlushFileBuffers
0x5ef4c0 FormatMessageW
0x5ef4c4 FreeEnvironmentStringsW
0x5ef4c8 FreeLibrary
0x5ef4cc GetCommandLineW
0x5ef4d0 GetConsoleMode
0x5ef4d4 GetCurrentDirectoryW
0x5ef4d8 GetCurrentProcess
0x5ef4dc GetCurrentProcessId
0x5ef4e0 GetCurrentThread
0x5ef4e4 GetEnvironmentStringsW
0x5ef4e8 GetEnvironmentVariableW
0x5ef4ec GetExitCodeProcess
0x5ef4f0 GetFileAttributesW
0x5ef4f4 GetFileInformationByHandle
0x5ef4f8 GetFileInformationByHandleEx
0x5ef4fc GetFileType
0x5ef500 GetFinalPathNameByHandleW
0x5ef504 GetFullPathNameW
0x5ef508 GetLastError
0x5ef50c GetModuleFileNameW
0x5ef510 GetModuleHandleA
0x5ef514 GetModuleHandleW
0x5ef518 GetOverlappedResult
0x5ef51c GetProcAddress
0x5ef520 GetProcessHeap
0x5ef524 GetProcessId
0x5ef528 GetStartupInfoA
0x5ef52c GetStdHandle
0x5ef530 GetSystemDirectoryW
0x5ef534 GetSystemInfo
0x5ef538 GetSystemTimeAsFileTime
0x5ef53c GetTempPathW
0x5ef540 GetWindowsDirectoryW
0x5ef544 GlobalAlloc
0x5ef548 HeapAlloc
0x5ef54c HeapFree
0x5ef550 HeapReAlloc
0x5ef554 InitOnceBeginInitialize
0x5ef558 InitOnceComplete
0x5ef55c LoadLibraryA
0x5ef560 LoadLibraryW
0x5ef564 MapViewOfFile
0x5ef568 Module32FirstW
0x5ef56c Module32NextW
0x5ef570 MoveFileExW
0x5ef574 QueryPerformanceCounter
0x5ef578 QueryPerformanceFrequency
0x5ef57c ReadConsoleW
0x5ef580 ReadFile
0x5ef584 ReadFileEx
0x5ef588 ReleaseMutex
0x5ef58c ReleaseSRWLockExclusive
0x5ef590 ReleaseSRWLockShared
0x5ef594 RemoveDirectoryW
0x5ef598 RtlCaptureContext
0x5ef59c SetCurrentDirectoryW
0x5ef5a0 SetEnvironmentVariableW
0x5ef5a4 SetEvent
0x5ef5a8 SetFileAttributesW
0x5ef5ac SetFileInformationByHandle
0x5ef5b0 SetFilePointerEx
0x5ef5b4 SetFileTime
0x5ef5b8 SetHandleInformation
0x5ef5bc SetLastError
0x5ef5c0 SetThreadStackGuarantee
0x5ef5c4 SetUnhandledExceptionFilter
0x5ef5c8 Sleep
0x5ef5cc SleepConditionVariableSRW
0x5ef5d0 SleepEx
0x5ef5d4 SwitchToThread
0x5ef5d8 TerminateProcess
0x5ef5dc TlsAlloc
0x5ef5e0 TlsFree
0x5ef5e4 TlsGetValue
0x5ef5e8 TlsSetValue
0x5ef5ec TryAcquireSRWLockExclusive
0x5ef5f0 UnmapViewOfFile
0x5ef5f4 VirtualProtect
0x5ef5f8 WaitForMultipleObjects
0x5ef5fc WaitForSingleObject
0x5ef600 WaitForSingleObjectEx
0x5ef604 WakeAllConditionVariable
0x5ef608 WakeConditionVariable
0x5ef60c WriteConsoleW
0x5ef610 WriteFileEx
ole32.dll
0x5ef618 CoCreateGuid
oleaut32.dll
0x5ef620 GetErrorInfo
0x5ef624 SetErrorInfo
0x5ef628 SysAllocStringLen
0x5ef62c SysFreeString
0x5ef630 SysStringLen
userenv.dll
0x5ef638 GetUserProfileDirectoryW
ws2_32.dll
0x5ef640 WSACleanup
0x5ef644 WSADuplicateSocketW
0x5ef648 WSAGetLastError
0x5ef64c WSARecv
0x5ef650 WSASend
0x5ef654 WSASocketW
0x5ef658 WSAStartup
0x5ef65c accept
0x5ef660 ind
0x5ef664 closesocket
0x5ef668 connect
0x5ef66c freeaddrinfo
0x5ef670 getaddrinfo
0x5ef674 getpeername
0x5ef678 getsockname
0x5ef67c getsockopt
0x5ef680 ioctlsocket
0x5ef684 listen
0x5ef688 recv
0x5ef68c recvfrom
0x5ef690 select
0x5ef694 send
0x5ef698 sendto
0x5ef69c setsockopt
0x5ef6a0 shutdown
KERNEL32.dll
0x5ef6a8 CreateEventA
0x5ef6ac CreateSemaphoreA
0x5ef6b0 DeleteCriticalSection
0x5ef6b4 EnterCriticalSection
0x5ef6b8 GetCurrentThreadId
0x5ef6bc GetHandleInformation
0x5ef6c0 GetProcessAffinityMask
0x5ef6c4 GetThreadContext
0x5ef6c8 GetThreadPriority
0x5ef6cc GetTickCount
0x5ef6d0 InitializeCriticalSection
0x5ef6d4 IsDebuggerPresent
0x5ef6d8 LeaveCriticalSection
0x5ef6dc OutputDebugStringA
0x5ef6e0 RaiseException
0x5ef6e4 ReleaseSemaphore
0x5ef6e8 RemoveVectoredExceptionHandler
0x5ef6ec ResetEvent
0x5ef6f0 ResumeThread
0x5ef6f4 SetProcessAffinityMask
0x5ef6f8 SetThreadContext
0x5ef6fc SetThreadPriority
0x5ef700 SuspendThread
0x5ef704 TryEnterCriticalSection
0x5ef708 UnhandledExceptionFilter
0x5ef70c VirtualQuery
msvcrt.dll
0x5ef714 __dllonexit
0x5ef718 __getmainargs
0x5ef71c __initenv
0x5ef720 __lconv_init
0x5ef724 __set_app_type
0x5ef728 __setusermatherr
0x5ef72c _acmdln
0x5ef730 _amsg_exit
0x5ef734 _beginthreadex
0x5ef738 _cexit
0x5ef73c _endthreadex
0x5ef740 _fmode
0x5ef744 _fpreset
0x5ef748 _initterm
0x5ef74c _iob
0x5ef750 _lock
0x5ef754 _onexit
0x5ef758 _setjmp3
0x5ef75c _strdup
0x5ef760 _ultoa
0x5ef764 _unlock
0x5ef768 abort
0x5ef76c calloc
0x5ef770 exit
0x5ef774 fprintf
0x5ef778 free
0x5ef77c fwrite
0x5ef780 longjmp
0x5ef784 malloc
0x5ef788 memcmp
0x5ef78c memcpy
0x5ef790 memmove
0x5ef794 memset
0x5ef798 printf
0x5ef79c realloc
0x5ef7a0 signal
0x5ef7a4 strlen
0x5ef7a8 strncmp
0x5ef7ac vfprintf
0x5ef7b0 wcslen
EAT(Export Address Table) is none