ScreenShot
| Created | 2023.04.13 09:10 | Machine | s1_win7_x6403 |
| Filename | alph.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 39 detected (Fragtor, unsafe, Save, malicious, confidence, Attribute, HighConfidence, high confidence, Delf, score, RansomX, Generic Reputation PUA, SpywareLyndra, moderate, DelfInject, ai score=84, PossibleThreat, Sabsik, Detected, Artemis, R002H09DC23, Generic@AI, RDML, pfUY2reTavC7YXfznZWlzA, Static AI, Suspicious PE, susgen, ZelphiF, iGW@a0flGWl) | ||
| md5 | e7465dd41c7a0fae866744b86c78f80a | ||
| sha256 | 295899b745c86d2a2c3d418d71e0b045d003f2739af1e358ad39767287505276 | ||
| ssdeep | 3072:wqud+OXPiboWVSLaH1y48xrDTRiVfbSmCqYK8EgETcQJ:wqud/0bh11xNltbOd | ||
| imphash | 3d578d4667ae9193b7fcb44b01e4e3ea | ||
| impfuzzy | 96:8cfpHYo345c/4zp/UHu/XqqiuaKCRDwPOQo:P3kauftiuNdPOQo | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 39 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
kernel32.dll
0x42012c DeleteCriticalSection
0x420130 LeaveCriticalSection
0x420134 EnterCriticalSection
0x420138 InitializeCriticalSection
0x42013c VirtualFree
0x420140 VirtualAlloc
0x420144 LocalFree
0x420148 LocalAlloc
0x42014c GetVersion
0x420150 GetCurrentThreadId
0x420154 InterlockedDecrement
0x420158 InterlockedIncrement
0x42015c VirtualQuery
0x420160 WideCharToMultiByte
0x420164 MultiByteToWideChar
0x420168 lstrlenA
0x42016c lstrcpynA
0x420170 LoadLibraryExA
0x420174 GetThreadLocale
0x420178 GetStartupInfoA
0x42017c GetProcAddress
0x420180 GetModuleHandleA
0x420184 GetModuleFileNameA
0x420188 GetLocaleInfoA
0x42018c GetLastError
0x420190 GetCommandLineA
0x420194 FreeLibrary
0x420198 FindFirstFileA
0x42019c FindClose
0x4201a0 ExitProcess
0x4201a4 CreateThread
0x4201a8 WriteFile
0x4201ac UnhandledExceptionFilter
0x4201b0 SetFilePointer
0x4201b4 SetEndOfFile
0x4201b8 RtlUnwind
0x4201bc ReadFile
0x4201c0 RaiseException
0x4201c4 GetStdHandle
0x4201c8 GetFileSize
0x4201cc GetFileType
0x4201d0 CreateFileA
0x4201d4 CloseHandle
user32.dll
0x4201dc GetKeyboardType
0x4201e0 LoadStringA
0x4201e4 MessageBoxA
0x4201e8 CharNextA
advapi32.dll
0x4201f0 RegQueryValueExA
0x4201f4 RegOpenKeyExA
0x4201f8 RegCloseKey
oleaut32.dll
0x420200 SysFreeString
0x420204 SysReAllocStringLen
0x420208 SysAllocStringLen
kernel32.dll
0x420210 TlsSetValue
0x420214 TlsGetValue
0x420218 LocalAlloc
0x42021c GetModuleHandleA
advapi32.dll
0x420224 GetUserNameA
kernel32.dll
0x42022c WriteFile
0x420230 WaitForSingleObject
0x420234 VirtualQuery
0x420238 SetFilePointer
0x42023c SetEvent
0x420240 SetErrorMode
0x420244 SetEndOfFile
0x420248 ResumeThread
0x42024c ResetEvent
0x420250 ReadFile
0x420254 MulDiv
0x420258 LeaveCriticalSection
0x42025c InitializeCriticalSection
0x420260 GlobalUnlock
0x420264 GlobalReAlloc
0x420268 GlobalHandle
0x42026c GlobalLock
0x420270 GlobalFree
0x420274 GlobalAlloc
0x420278 GetVersionExA
0x42027c GetThreadLocale
0x420280 GetSystemPowerStatus
0x420284 GetSystemInfo
0x420288 GetStringTypeExA
0x42028c GetStdHandle
0x420290 GetProcAddress
0x420294 GetModuleHandleA
0x420298 GetModuleFileNameA
0x42029c GetLogicalDriveStringsA
0x4202a0 GetLocaleInfoA
0x4202a4 GetLocalTime
0x4202a8 GetLastError
0x4202ac GetFullPathNameA
0x4202b0 GetFileSize
0x4202b4 GetExitCodeThread
0x4202b8 GetEnvironmentVariableA
0x4202bc GetDiskFreeSpaceA
0x4202c0 GetDateFormatA
0x4202c4 GetCurrentThreadId
0x4202c8 GetCurrentProcess
0x4202cc GetComputerNameA
0x4202d0 GetCPInfo
0x4202d4 GetACP
0x4202d8 FormatMessageA
0x4202dc FindNextFileA
0x4202e0 FindFirstFileA
0x4202e4 FindClose
0x4202e8 FileTimeToLocalFileTime
0x4202ec FileTimeToDosDateTime
0x4202f0 ExitThread
0x4202f4 ExitProcess
0x4202f8 EnumCalendarInfoA
0x4202fc EnterCriticalSection
0x420300 DeleteFileA
0x420304 DeleteCriticalSection
0x420308 CreateProcessA
0x42030c CreatePipe
0x420310 CreateMutexA
0x420314 CreateFileA
0x420318 CreateEventA
0x42031c CompareStringA
0x420320 CloseHandle
gdi32.dll
0x420328 UnrealizeObject
0x42032c StretchBlt
0x420330 SetTextColor
0x420334 SetStretchBltMode
0x420338 SetROP2
0x42033c SetDIBColorTable
0x420340 SetBrushOrgEx
0x420344 SetBkMode
0x420348 SetBkColor
0x42034c SelectPalette
0x420350 SelectObject
0x420354 RealizePalette
0x420358 PatBlt
0x42035c MoveToEx
0x420360 MaskBlt
0x420364 GetTextMetricsA
0x420368 GetSystemPaletteEntries
0x42036c GetStockObject
0x420370 GetPixel
0x420374 GetPaletteEntries
0x420378 GetObjectA
0x42037c GetDeviceCaps
0x420380 GetDIBits
0x420384 GetDIBColorTable
0x420388 GetCurrentPositionEx
0x42038c GetBrushOrgEx
0x420390 DeleteObject
0x420394 DeleteDC
0x420398 CreatePenIndirect
0x42039c CreatePalette
0x4203a0 CreateHalftonePalette
0x4203a4 CreateFontIndirectA
0x4203a8 CreateDIBitmap
0x4203ac CreateDIBSection
0x4203b0 CreateCompatibleDC
0x4203b4 CreateCompatibleBitmap
0x4203b8 CreateBrushIndirect
0x4203bc CreateBitmap
0x4203c0 BitBlt
user32.dll
0x4203c8 ReleaseDC
0x4203cc MessageBoxA
0x4203d0 LoadStringA
0x4203d4 LoadIconA
0x4203d8 GetSystemMetrics
0x4203dc GetSysColor
0x4203e0 GetDesktopWindow
0x4203e4 GetDC
0x4203e8 FillRect
0x4203ec CharNextA
0x4203f0 CharUpperBuffA
0x4203f4 CharToOemA
wsock32.dll
0x4203fc WSACleanup
0x420400 WSAStartup
0x420404 WSAGetLastError
0x420408 gethostname
0x42040c gethostbyname
0x420410 socket
0x420414 setsockopt
0x420418 send
0x42041c recv
0x420420 inet_ntoa
0x420424 inet_addr
0x420428 htons
0x42042c connect
0x420430 closesocket
ole32.dll
0x420438 CoTaskMemFree
0x42043c StringFromCLSID
kernel32.dll
0x420444 Sleep
oleaut32.dll
0x42044c SafeArrayPtrOfIndex
0x420450 SafeArrayGetUBound
0x420454 SafeArrayGetLBound
0x420458 SafeArrayCreate
0x42045c VariantChangeType
0x420460 VariantCopy
0x420464 VariantClear
0x420468 VariantInit
shell32.dll
0x420470 ShellExecuteA
EAT(Export Address Table) is none
kernel32.dll
0x42012c DeleteCriticalSection
0x420130 LeaveCriticalSection
0x420134 EnterCriticalSection
0x420138 InitializeCriticalSection
0x42013c VirtualFree
0x420140 VirtualAlloc
0x420144 LocalFree
0x420148 LocalAlloc
0x42014c GetVersion
0x420150 GetCurrentThreadId
0x420154 InterlockedDecrement
0x420158 InterlockedIncrement
0x42015c VirtualQuery
0x420160 WideCharToMultiByte
0x420164 MultiByteToWideChar
0x420168 lstrlenA
0x42016c lstrcpynA
0x420170 LoadLibraryExA
0x420174 GetThreadLocale
0x420178 GetStartupInfoA
0x42017c GetProcAddress
0x420180 GetModuleHandleA
0x420184 GetModuleFileNameA
0x420188 GetLocaleInfoA
0x42018c GetLastError
0x420190 GetCommandLineA
0x420194 FreeLibrary
0x420198 FindFirstFileA
0x42019c FindClose
0x4201a0 ExitProcess
0x4201a4 CreateThread
0x4201a8 WriteFile
0x4201ac UnhandledExceptionFilter
0x4201b0 SetFilePointer
0x4201b4 SetEndOfFile
0x4201b8 RtlUnwind
0x4201bc ReadFile
0x4201c0 RaiseException
0x4201c4 GetStdHandle
0x4201c8 GetFileSize
0x4201cc GetFileType
0x4201d0 CreateFileA
0x4201d4 CloseHandle
user32.dll
0x4201dc GetKeyboardType
0x4201e0 LoadStringA
0x4201e4 MessageBoxA
0x4201e8 CharNextA
advapi32.dll
0x4201f0 RegQueryValueExA
0x4201f4 RegOpenKeyExA
0x4201f8 RegCloseKey
oleaut32.dll
0x420200 SysFreeString
0x420204 SysReAllocStringLen
0x420208 SysAllocStringLen
kernel32.dll
0x420210 TlsSetValue
0x420214 TlsGetValue
0x420218 LocalAlloc
0x42021c GetModuleHandleA
advapi32.dll
0x420224 GetUserNameA
kernel32.dll
0x42022c WriteFile
0x420230 WaitForSingleObject
0x420234 VirtualQuery
0x420238 SetFilePointer
0x42023c SetEvent
0x420240 SetErrorMode
0x420244 SetEndOfFile
0x420248 ResumeThread
0x42024c ResetEvent
0x420250 ReadFile
0x420254 MulDiv
0x420258 LeaveCriticalSection
0x42025c InitializeCriticalSection
0x420260 GlobalUnlock
0x420264 GlobalReAlloc
0x420268 GlobalHandle
0x42026c GlobalLock
0x420270 GlobalFree
0x420274 GlobalAlloc
0x420278 GetVersionExA
0x42027c GetThreadLocale
0x420280 GetSystemPowerStatus
0x420284 GetSystemInfo
0x420288 GetStringTypeExA
0x42028c GetStdHandle
0x420290 GetProcAddress
0x420294 GetModuleHandleA
0x420298 GetModuleFileNameA
0x42029c GetLogicalDriveStringsA
0x4202a0 GetLocaleInfoA
0x4202a4 GetLocalTime
0x4202a8 GetLastError
0x4202ac GetFullPathNameA
0x4202b0 GetFileSize
0x4202b4 GetExitCodeThread
0x4202b8 GetEnvironmentVariableA
0x4202bc GetDiskFreeSpaceA
0x4202c0 GetDateFormatA
0x4202c4 GetCurrentThreadId
0x4202c8 GetCurrentProcess
0x4202cc GetComputerNameA
0x4202d0 GetCPInfo
0x4202d4 GetACP
0x4202d8 FormatMessageA
0x4202dc FindNextFileA
0x4202e0 FindFirstFileA
0x4202e4 FindClose
0x4202e8 FileTimeToLocalFileTime
0x4202ec FileTimeToDosDateTime
0x4202f0 ExitThread
0x4202f4 ExitProcess
0x4202f8 EnumCalendarInfoA
0x4202fc EnterCriticalSection
0x420300 DeleteFileA
0x420304 DeleteCriticalSection
0x420308 CreateProcessA
0x42030c CreatePipe
0x420310 CreateMutexA
0x420314 CreateFileA
0x420318 CreateEventA
0x42031c CompareStringA
0x420320 CloseHandle
gdi32.dll
0x420328 UnrealizeObject
0x42032c StretchBlt
0x420330 SetTextColor
0x420334 SetStretchBltMode
0x420338 SetROP2
0x42033c SetDIBColorTable
0x420340 SetBrushOrgEx
0x420344 SetBkMode
0x420348 SetBkColor
0x42034c SelectPalette
0x420350 SelectObject
0x420354 RealizePalette
0x420358 PatBlt
0x42035c MoveToEx
0x420360 MaskBlt
0x420364 GetTextMetricsA
0x420368 GetSystemPaletteEntries
0x42036c GetStockObject
0x420370 GetPixel
0x420374 GetPaletteEntries
0x420378 GetObjectA
0x42037c GetDeviceCaps
0x420380 GetDIBits
0x420384 GetDIBColorTable
0x420388 GetCurrentPositionEx
0x42038c GetBrushOrgEx
0x420390 DeleteObject
0x420394 DeleteDC
0x420398 CreatePenIndirect
0x42039c CreatePalette
0x4203a0 CreateHalftonePalette
0x4203a4 CreateFontIndirectA
0x4203a8 CreateDIBitmap
0x4203ac CreateDIBSection
0x4203b0 CreateCompatibleDC
0x4203b4 CreateCompatibleBitmap
0x4203b8 CreateBrushIndirect
0x4203bc CreateBitmap
0x4203c0 BitBlt
user32.dll
0x4203c8 ReleaseDC
0x4203cc MessageBoxA
0x4203d0 LoadStringA
0x4203d4 LoadIconA
0x4203d8 GetSystemMetrics
0x4203dc GetSysColor
0x4203e0 GetDesktopWindow
0x4203e4 GetDC
0x4203e8 FillRect
0x4203ec CharNextA
0x4203f0 CharUpperBuffA
0x4203f4 CharToOemA
wsock32.dll
0x4203fc WSACleanup
0x420400 WSAStartup
0x420404 WSAGetLastError
0x420408 gethostname
0x42040c gethostbyname
0x420410 socket
0x420414 setsockopt
0x420418 send
0x42041c recv
0x420420 inet_ntoa
0x420424 inet_addr
0x420428 htons
0x42042c connect
0x420430 closesocket
ole32.dll
0x420438 CoTaskMemFree
0x42043c StringFromCLSID
kernel32.dll
0x420444 Sleep
oleaut32.dll
0x42044c SafeArrayPtrOfIndex
0x420450 SafeArrayGetUBound
0x420454 SafeArrayGetLBound
0x420458 SafeArrayCreate
0x42045c VariantChangeType
0x420460 VariantCopy
0x420464 VariantClear
0x420468 VariantInit
shell32.dll
0x420470 ShellExecuteA
EAT(Export Address Table) is none