ScreenShot
| Created | 2023.03.30 09:21 | Machine | s1_win7_x6401 |
| Filename | 1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 50 detected (Windows, Remcos, GenericRI, S30100141, GenericRXVH, Rescoms, Save, malicious, confidence, ZexaF, DCW@a4M8jEpi, Genus, Attribute, HighConfidence, score, HackTool, Knotweed, Invader, jushzk, RATX, Gencirc, Emogen, Kryptik, Inject4, Static AI, Malicious PE, ai score=86, Wacatac, Detected, BScope, unsafe, CLASSIC, f1qZVKKb, susgen, GdSda) | ||
| md5 | 88131cfd2cca21aba749fd591b04b45f | ||
| sha256 | 0d9cbc0e94d01e763facaf37991bce5c6b466b552961e9f136214004085d912a | ||
| ssdeep | 12288:tjdAK8wxqkXuxOqLXO3X2orpbKs/ZgZBRq:zA3wxqkXuxOq+rpbRZm | ||
| imphash | b1c8f7572a6db205362528e88fd3ff32 | ||
| impfuzzy | 96:miSzHmXkgLHcp+1OMeriSLhfGLLuZ5UKNUz7KgKd3YdP5uPosV:Pt09rzLky5+PiZw5ubV | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Creates a windows hook that monitors keyboard input (keylogger) |
| notice | A process attempted to delay the analysis task. |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| info | Checks amount of memory in system |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (5cnts) ?
Suricata ids
ET JA3 Hash - Remcos 3.x TLS Connection
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4570b0 FindNextFileA
0x4570b4 ExpandEnvironmentStringsA
0x4570b8 GetLongPathNameW
0x4570bc CopyFileW
0x4570c0 GetLocaleInfoA
0x4570c4 CreateToolhelp32Snapshot
0x4570c8 OpenMutexA
0x4570cc Process32NextW
0x4570d0 Process32FirstW
0x4570d4 VirtualProtect
0x4570d8 SetLastError
0x4570dc VirtualFree
0x4570e0 VirtualAlloc
0x4570e4 GetNativeSystemInfo
0x4570e8 HeapAlloc
0x4570ec GetProcessHeap
0x4570f0 FreeLibrary
0x4570f4 IsBadReadPtr
0x4570f8 GetTempPathW
0x4570fc OpenProcess
0x457100 lstrcatW
0x457104 GetCurrentProcessId
0x457108 GetTempFileNameW
0x45710c GetSystemDirectoryA
0x457110 GlobalAlloc
0x457114 GlobalLock
0x457118 GetTickCount
0x45711c GlobalUnlock
0x457120 WriteProcessMemory
0x457124 ResumeThread
0x457128 GetThreadContext
0x45712c ReadProcessMemory
0x457130 CreateProcessW
0x457134 SetThreadContext
0x457138 LocalAlloc
0x45713c GlobalFree
0x457140 MulDiv
0x457144 SizeofResource
0x457148 GetConsoleScreenBufferInfo
0x45714c SetConsoleTextAttribute
0x457150 GetStdHandle
0x457154 SetFilePointer
0x457158 FindResourceA
0x45715c LockResource
0x457160 LoadResource
0x457164 LocalFree
0x457168 SetConsoleOutputCP
0x45716c FormatMessageA
0x457170 AllocConsole
0x457174 FindFirstFileA
0x457178 lstrcpynA
0x45717c QueryPerformanceFrequency
0x457180 QueryPerformanceCounter
0x457184 EnterCriticalSection
0x457188 LeaveCriticalSection
0x45718c InitializeCriticalSection
0x457190 DeleteCriticalSection
0x457194 HeapSize
0x457198 WriteConsoleW
0x45719c SetStdHandle
0x4571a0 SetEnvironmentVariableW
0x4571a4 SetEnvironmentVariableA
0x4571a8 FreeEnvironmentStringsW
0x4571ac GetEnvironmentStringsW
0x4571b0 GetCommandLineW
0x4571b4 GetCommandLineA
0x4571b8 GetOEMCP
0x4571bc IsValidCodePage
0x4571c0 FindFirstFileExA
0x4571c4 ReadConsoleW
0x4571c8 GetConsoleMode
0x4571cc GetConsoleCP
0x4571d0 FlushFileBuffers
0x4571d4 GetFileType
0x4571d8 GetTimeZoneInformation
0x4571dc EnumSystemLocalesW
0x4571e0 GetUserDefaultLCID
0x4571e4 IsValidLocale
0x4571e8 GetTimeFormatW
0x4571ec GetDateFormatW
0x4571f0 HeapReAlloc
0x4571f4 GetACP
0x4571f8 GetModuleHandleExW
0x4571fc MoveFileExW
0x457200 RtlUnwind
0x457204 RaiseException
0x457208 LoadLibraryExW
0x45720c GetCPInfo
0x457210 GetStringTypeW
0x457214 GetLocaleInfoW
0x457218 LCMapStringW
0x45721c CompareStringW
0x457220 TlsFree
0x457224 TlsSetValue
0x457228 TlsGetValue
0x45722c GetFileSize
0x457230 TerminateThread
0x457234 GetLastError
0x457238 GetModuleHandleA
0x45723c RemoveDirectoryW
0x457240 MoveFileW
0x457244 SetFilePointerEx
0x457248 GetLogicalDriveStringsA
0x45724c DeleteFileW
0x457250 CreateDirectoryW
0x457254 DeleteFileA
0x457258 SetFileAttributesW
0x45725c GetFileAttributesW
0x457260 FindClose
0x457264 lstrlenA
0x457268 GetDriveTypeA
0x45726c FindNextFileW
0x457270 GetFileSizeEx
0x457274 FindFirstFileW
0x457278 GetModuleHandleW
0x45727c ExitProcess
0x457280 CreateMutexA
0x457284 GetCurrentProcess
0x457288 GetProcAddress
0x45728c LoadLibraryA
0x457290 CreateProcessA
0x457294 PeekNamedPipe
0x457298 CreatePipe
0x45729c TerminateProcess
0x4572a0 ReadFile
0x4572a4 HeapFree
0x4572a8 HeapCreate
0x4572ac CreateEventA
0x4572b0 GetLocalTime
0x4572b4 CreateThread
0x4572b8 SetEvent
0x4572bc CreateEventW
0x4572c0 WaitForSingleObject
0x4572c4 Sleep
0x4572c8 GetModuleFileNameW
0x4572cc CloseHandle
0x4572d0 ExitThread
0x4572d4 CreateFileW
0x4572d8 WriteFile
0x4572dc GetModuleFileNameA
0x4572e0 TlsAlloc
0x4572e4 InitializeCriticalSectionAndSpinCount
0x4572e8 MultiByteToWideChar
0x4572ec DecodePointer
0x4572f0 EncodePointer
0x4572f4 WideCharToMultiByte
0x4572f8 InitializeSListHead
0x4572fc GetSystemTimeAsFileTime
0x457300 GetCurrentThreadId
0x457304 IsProcessorFeaturePresent
0x457308 GetStartupInfoW
0x45730c SetUnhandledExceptionFilter
0x457310 UnhandledExceptionFilter
0x457314 IsDebuggerPresent
0x457318 WaitForSingleObjectEx
0x45731c ResetEvent
0x457320 SetEndOfFile
USER32.dll
0x45734c GetWindowTextW
0x457350 wsprintfW
0x457354 GetClipboardData
0x457358 UnhookWindowsHookEx
0x45735c GetForegroundWindow
0x457360 ToUnicodeEx
0x457364 GetKeyboardLayout
0x457368 SetWindowsHookExA
0x45736c CloseClipboard
0x457370 OpenClipboard
0x457374 GetKeyboardState
0x457378 CallNextHookEx
0x45737c GetKeyboardLayoutNameA
0x457380 GetKeyState
0x457384 GetWindowTextLengthW
0x457388 GetWindowThreadProcessId
0x45738c GetMessageA
0x457390 SetClipboardData
0x457394 EnumWindows
0x457398 ExitWindowsEx
0x45739c EmptyClipboard
0x4573a0 ShowWindow
0x4573a4 SetWindowTextW
0x4573a8 MessageBoxW
0x4573ac IsWindowVisible
0x4573b0 CloseWindow
0x4573b4 SendInput
0x4573b8 EnumDisplaySettingsW
0x4573bc mouse_event
0x4573c0 CreatePopupMenu
0x4573c4 DispatchMessageA
0x4573c8 TranslateMessage
0x4573cc TrackPopupMenu
0x4573d0 DefWindowProcA
0x4573d4 CreateWindowExA
0x4573d8 GetIconInfo
0x4573dc GetSystemMetrics
0x4573e0 AppendMenuA
0x4573e4 RegisterClassExA
0x4573e8 GetCursorPos
0x4573ec SetForegroundWindow
0x4573f0 DrawIcon
0x4573f4 SystemParametersInfoW
GDI32.dll
0x457088 CreateCompatibleBitmap
0x45708c SelectObject
0x457090 CreateCompatibleDC
0x457094 StretchBlt
0x457098 GetDIBits
0x45709c DeleteDC
0x4570a0 DeleteObject
0x4570a4 CreateDCA
0x4570a8 GetObjectA
ADVAPI32.dll
0x457000 CryptAcquireContextA
0x457004 CryptGenRandom
0x457008 CryptReleaseContext
0x45700c GetUserNameW
0x457010 RegEnumKeyExA
0x457014 QueryServiceStatus
0x457018 CloseServiceHandle
0x45701c OpenSCManagerW
0x457020 OpenSCManagerA
0x457024 ControlService
0x457028 StartServiceW
0x45702c QueryServiceConfigW
0x457030 ChangeServiceConfigW
0x457034 OpenServiceW
0x457038 EnumServicesStatusW
0x45703c AdjustTokenPrivileges
0x457040 LookupPrivilegeValueA
0x457044 OpenProcessToken
0x457048 RegCreateKeyA
0x45704c RegCloseKey
0x457050 RegQueryInfoKeyW
0x457054 RegQueryValueExA
0x457058 RegCreateKeyExW
0x45705c RegEnumKeyExW
0x457060 RegSetValueExW
0x457064 RegSetValueExA
0x457068 RegOpenKeyExA
0x45706c RegOpenKeyExW
0x457070 RegCreateKeyW
0x457074 RegDeleteValueW
0x457078 RegEnumValueW
0x45707c RegQueryValueExW
0x457080 RegDeleteKeyA
SHELL32.dll
0x457328 ShellExecuteExA
0x45732c Shell_NotifyIconA
0x457330 ExtractIconA
0x457334 ShellExecuteW
ole32.dll
0x4574ac CoInitializeEx
0x4574b0 CoUninitialize
0x4574b4 CoGetObject
SHLWAPI.dll
0x45733c PathFileExistsW
0x457340 PathFileExistsA
0x457344 StrToIntA
WINMM.dll
0x457410 waveInUnprepareHeader
0x457414 waveInOpen
0x457418 waveInStart
0x45741c waveInAddBuffer
0x457420 PlaySoundW
0x457424 mciSendStringA
0x457428 mciSendStringW
0x45742c waveInClose
0x457430 waveInStop
0x457434 waveInPrepareHeader
WS2_32.dll
0x45743c gethostbyname
0x457440 send
0x457444 WSAStartup
0x457448 closesocket
0x45744c inet_ntoa
0x457450 htons
0x457454 htonl
0x457458 getservbyname
0x45745c ntohs
0x457460 getservbyport
0x457464 gethostbyaddr
0x457468 inet_addr
0x45746c WSASetLastError
0x457470 WSAGetLastError
0x457474 recv
0x457478 connect
0x45747c socket
urlmon.dll
0x4574bc URLOpenBlockingStreamW
0x4574c0 URLDownloadToFileW
gdiplus.dll
0x457484 GdipSaveImageToStream
0x457488 GdipGetImageEncodersSize
0x45748c GdipFree
0x457490 GdipDisposeImage
0x457494 GdipAlloc
0x457498 GdipCloneImage
0x45749c GdipGetImageEncoders
0x4574a0 GdiplusStartup
0x4574a4 GdipLoadImageFromStream
WININET.dll
0x4573fc InternetOpenUrlW
0x457400 InternetOpenW
0x457404 InternetCloseHandle
0x457408 InternetReadFile
EAT(Export Address Table) is none
KERNEL32.dll
0x4570b0 FindNextFileA
0x4570b4 ExpandEnvironmentStringsA
0x4570b8 GetLongPathNameW
0x4570bc CopyFileW
0x4570c0 GetLocaleInfoA
0x4570c4 CreateToolhelp32Snapshot
0x4570c8 OpenMutexA
0x4570cc Process32NextW
0x4570d0 Process32FirstW
0x4570d4 VirtualProtect
0x4570d8 SetLastError
0x4570dc VirtualFree
0x4570e0 VirtualAlloc
0x4570e4 GetNativeSystemInfo
0x4570e8 HeapAlloc
0x4570ec GetProcessHeap
0x4570f0 FreeLibrary
0x4570f4 IsBadReadPtr
0x4570f8 GetTempPathW
0x4570fc OpenProcess
0x457100 lstrcatW
0x457104 GetCurrentProcessId
0x457108 GetTempFileNameW
0x45710c GetSystemDirectoryA
0x457110 GlobalAlloc
0x457114 GlobalLock
0x457118 GetTickCount
0x45711c GlobalUnlock
0x457120 WriteProcessMemory
0x457124 ResumeThread
0x457128 GetThreadContext
0x45712c ReadProcessMemory
0x457130 CreateProcessW
0x457134 SetThreadContext
0x457138 LocalAlloc
0x45713c GlobalFree
0x457140 MulDiv
0x457144 SizeofResource
0x457148 GetConsoleScreenBufferInfo
0x45714c SetConsoleTextAttribute
0x457150 GetStdHandle
0x457154 SetFilePointer
0x457158 FindResourceA
0x45715c LockResource
0x457160 LoadResource
0x457164 LocalFree
0x457168 SetConsoleOutputCP
0x45716c FormatMessageA
0x457170 AllocConsole
0x457174 FindFirstFileA
0x457178 lstrcpynA
0x45717c QueryPerformanceFrequency
0x457180 QueryPerformanceCounter
0x457184 EnterCriticalSection
0x457188 LeaveCriticalSection
0x45718c InitializeCriticalSection
0x457190 DeleteCriticalSection
0x457194 HeapSize
0x457198 WriteConsoleW
0x45719c SetStdHandle
0x4571a0 SetEnvironmentVariableW
0x4571a4 SetEnvironmentVariableA
0x4571a8 FreeEnvironmentStringsW
0x4571ac GetEnvironmentStringsW
0x4571b0 GetCommandLineW
0x4571b4 GetCommandLineA
0x4571b8 GetOEMCP
0x4571bc IsValidCodePage
0x4571c0 FindFirstFileExA
0x4571c4 ReadConsoleW
0x4571c8 GetConsoleMode
0x4571cc GetConsoleCP
0x4571d0 FlushFileBuffers
0x4571d4 GetFileType
0x4571d8 GetTimeZoneInformation
0x4571dc EnumSystemLocalesW
0x4571e0 GetUserDefaultLCID
0x4571e4 IsValidLocale
0x4571e8 GetTimeFormatW
0x4571ec GetDateFormatW
0x4571f0 HeapReAlloc
0x4571f4 GetACP
0x4571f8 GetModuleHandleExW
0x4571fc MoveFileExW
0x457200 RtlUnwind
0x457204 RaiseException
0x457208 LoadLibraryExW
0x45720c GetCPInfo
0x457210 GetStringTypeW
0x457214 GetLocaleInfoW
0x457218 LCMapStringW
0x45721c CompareStringW
0x457220 TlsFree
0x457224 TlsSetValue
0x457228 TlsGetValue
0x45722c GetFileSize
0x457230 TerminateThread
0x457234 GetLastError
0x457238 GetModuleHandleA
0x45723c RemoveDirectoryW
0x457240 MoveFileW
0x457244 SetFilePointerEx
0x457248 GetLogicalDriveStringsA
0x45724c DeleteFileW
0x457250 CreateDirectoryW
0x457254 DeleteFileA
0x457258 SetFileAttributesW
0x45725c GetFileAttributesW
0x457260 FindClose
0x457264 lstrlenA
0x457268 GetDriveTypeA
0x45726c FindNextFileW
0x457270 GetFileSizeEx
0x457274 FindFirstFileW
0x457278 GetModuleHandleW
0x45727c ExitProcess
0x457280 CreateMutexA
0x457284 GetCurrentProcess
0x457288 GetProcAddress
0x45728c LoadLibraryA
0x457290 CreateProcessA
0x457294 PeekNamedPipe
0x457298 CreatePipe
0x45729c TerminateProcess
0x4572a0 ReadFile
0x4572a4 HeapFree
0x4572a8 HeapCreate
0x4572ac CreateEventA
0x4572b0 GetLocalTime
0x4572b4 CreateThread
0x4572b8 SetEvent
0x4572bc CreateEventW
0x4572c0 WaitForSingleObject
0x4572c4 Sleep
0x4572c8 GetModuleFileNameW
0x4572cc CloseHandle
0x4572d0 ExitThread
0x4572d4 CreateFileW
0x4572d8 WriteFile
0x4572dc GetModuleFileNameA
0x4572e0 TlsAlloc
0x4572e4 InitializeCriticalSectionAndSpinCount
0x4572e8 MultiByteToWideChar
0x4572ec DecodePointer
0x4572f0 EncodePointer
0x4572f4 WideCharToMultiByte
0x4572f8 InitializeSListHead
0x4572fc GetSystemTimeAsFileTime
0x457300 GetCurrentThreadId
0x457304 IsProcessorFeaturePresent
0x457308 GetStartupInfoW
0x45730c SetUnhandledExceptionFilter
0x457310 UnhandledExceptionFilter
0x457314 IsDebuggerPresent
0x457318 WaitForSingleObjectEx
0x45731c ResetEvent
0x457320 SetEndOfFile
USER32.dll
0x45734c GetWindowTextW
0x457350 wsprintfW
0x457354 GetClipboardData
0x457358 UnhookWindowsHookEx
0x45735c GetForegroundWindow
0x457360 ToUnicodeEx
0x457364 GetKeyboardLayout
0x457368 SetWindowsHookExA
0x45736c CloseClipboard
0x457370 OpenClipboard
0x457374 GetKeyboardState
0x457378 CallNextHookEx
0x45737c GetKeyboardLayoutNameA
0x457380 GetKeyState
0x457384 GetWindowTextLengthW
0x457388 GetWindowThreadProcessId
0x45738c GetMessageA
0x457390 SetClipboardData
0x457394 EnumWindows
0x457398 ExitWindowsEx
0x45739c EmptyClipboard
0x4573a0 ShowWindow
0x4573a4 SetWindowTextW
0x4573a8 MessageBoxW
0x4573ac IsWindowVisible
0x4573b0 CloseWindow
0x4573b4 SendInput
0x4573b8 EnumDisplaySettingsW
0x4573bc mouse_event
0x4573c0 CreatePopupMenu
0x4573c4 DispatchMessageA
0x4573c8 TranslateMessage
0x4573cc TrackPopupMenu
0x4573d0 DefWindowProcA
0x4573d4 CreateWindowExA
0x4573d8 GetIconInfo
0x4573dc GetSystemMetrics
0x4573e0 AppendMenuA
0x4573e4 RegisterClassExA
0x4573e8 GetCursorPos
0x4573ec SetForegroundWindow
0x4573f0 DrawIcon
0x4573f4 SystemParametersInfoW
GDI32.dll
0x457088 CreateCompatibleBitmap
0x45708c SelectObject
0x457090 CreateCompatibleDC
0x457094 StretchBlt
0x457098 GetDIBits
0x45709c DeleteDC
0x4570a0 DeleteObject
0x4570a4 CreateDCA
0x4570a8 GetObjectA
ADVAPI32.dll
0x457000 CryptAcquireContextA
0x457004 CryptGenRandom
0x457008 CryptReleaseContext
0x45700c GetUserNameW
0x457010 RegEnumKeyExA
0x457014 QueryServiceStatus
0x457018 CloseServiceHandle
0x45701c OpenSCManagerW
0x457020 OpenSCManagerA
0x457024 ControlService
0x457028 StartServiceW
0x45702c QueryServiceConfigW
0x457030 ChangeServiceConfigW
0x457034 OpenServiceW
0x457038 EnumServicesStatusW
0x45703c AdjustTokenPrivileges
0x457040 LookupPrivilegeValueA
0x457044 OpenProcessToken
0x457048 RegCreateKeyA
0x45704c RegCloseKey
0x457050 RegQueryInfoKeyW
0x457054 RegQueryValueExA
0x457058 RegCreateKeyExW
0x45705c RegEnumKeyExW
0x457060 RegSetValueExW
0x457064 RegSetValueExA
0x457068 RegOpenKeyExA
0x45706c RegOpenKeyExW
0x457070 RegCreateKeyW
0x457074 RegDeleteValueW
0x457078 RegEnumValueW
0x45707c RegQueryValueExW
0x457080 RegDeleteKeyA
SHELL32.dll
0x457328 ShellExecuteExA
0x45732c Shell_NotifyIconA
0x457330 ExtractIconA
0x457334 ShellExecuteW
ole32.dll
0x4574ac CoInitializeEx
0x4574b0 CoUninitialize
0x4574b4 CoGetObject
SHLWAPI.dll
0x45733c PathFileExistsW
0x457340 PathFileExistsA
0x457344 StrToIntA
WINMM.dll
0x457410 waveInUnprepareHeader
0x457414 waveInOpen
0x457418 waveInStart
0x45741c waveInAddBuffer
0x457420 PlaySoundW
0x457424 mciSendStringA
0x457428 mciSendStringW
0x45742c waveInClose
0x457430 waveInStop
0x457434 waveInPrepareHeader
WS2_32.dll
0x45743c gethostbyname
0x457440 send
0x457444 WSAStartup
0x457448 closesocket
0x45744c inet_ntoa
0x457450 htons
0x457454 htonl
0x457458 getservbyname
0x45745c ntohs
0x457460 getservbyport
0x457464 gethostbyaddr
0x457468 inet_addr
0x45746c WSASetLastError
0x457470 WSAGetLastError
0x457474 recv
0x457478 connect
0x45747c socket
urlmon.dll
0x4574bc URLOpenBlockingStreamW
0x4574c0 URLDownloadToFileW
gdiplus.dll
0x457484 GdipSaveImageToStream
0x457488 GdipGetImageEncodersSize
0x45748c GdipFree
0x457490 GdipDisposeImage
0x457494 GdipAlloc
0x457498 GdipCloneImage
0x45749c GdipGetImageEncoders
0x4574a0 GdiplusStartup
0x4574a4 GdipLoadImageFromStream
WININET.dll
0x4573fc InternetOpenUrlW
0x457400 InternetOpenW
0x457404 InternetCloseHandle
0x457408 InternetReadFile
EAT(Export Address Table) is none