Report - ZeroBOX

ScreenShot

Info
Location map


Created	2023.04.16 16:34	Machine	s1_win7_x6401
Filename	s2s.exe
Type	PE32 executable (GUI) Intel 80386, for MS Windows
AI Score	7	Behavior Score	7.6
ZERO API	file : malware
VT API (file)	42 detected (Tedy, Save, Attribute, HighConfidence, malicious, high confidence, a variant of Generik, PNAWNO, score, Agentb, Nekark, bcmwk, DanaBot, ObfuscatedPoly, moderate, Static AI, Suspicious PE, ai score=83, Phonzy, Woreflint, Detected, Artemis, unsafe, R002H0CDE23, Generic@AI, RDML, lB6N3EMmvvuXSZ1UKmHX2g, susgen, PossibleThreat, ZelphiCO, @JW@aq8xFypi, PWSX)
md5	19b50e116e3708c663672d9c6e5a02f7
sha256	a9b3a6990f77252738e89a4880dba0f331cb151c0dfda1ddd0d5002aa907479e
ssdeep	98304:S7B3hoDTBYPaLo4HgOeBdLEIkIT4p2yESDVGo6BImDQxeuEq:S7JC3AGHgOebIIJT4p2yhDVOymDCE
imphash	448ed06e4e843c90ef38e073a369f15e
impfuzzy	192:f30Nk1sTBbuuArSUvK9R6ooqh6pEPbOQW0:f3L1sNAA9HtPbOQr

Network IP location

Signature (18cnts)

Level	Description
danger	File has been identified by 42 AntiVirus engines on VirusTotal as malicious
danger	Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually)
watch	Checks the CPU name from registry
watch	Communicates with host for which no DNS query was performed
notice	A process attempted to delay the analysis task.
notice	A process created a hidden window
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Expresses interest in specific running processes
notice	One or more potentially interesting buffers were extracted
notice	Searches running processes potentially to identify processes for sandbox evasion
notice	The binary likely contains encrypted or compressed data indicative of a packer
info	Checks amount of memory in system
info	Checks if process is being debugged by a debugger
info	Collects information to fingerprint the system (MachineGuid
info	One or more processes crashed
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)
info	The file contains an unknown PE resource name possibly indicative of a packer
info	Uses Windows APIs to generate a cryptographic key

Rules (9cnts)

Level	Name	Description	Collection
warning	Keylogger_Discord	Suspicious keylogging script	binaries (upload)
watch	Admin_Tool_IN_Zero	Admin Tool Sysinternals	binaries (upload)
watch	Malicious_Library_Zero	Malicious_Library	binaries (upload)
watch	Network_Downloader	File Downloader	binaries (upload)
watch	UPX_Zero	UPX packed file	binaries (upload)
info	IsPE32	(no description)	binaries (upload)
info	mzp_file_format	MZP(Delphi) file format	binaries (upload)
info	OS_Processor_Check_Zero	OS Processor Check	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (2cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?
86.197.207.96 whois		Orange	86.197.207.96		clean
176.113.115.21 whois		OOO Network of data-centers Selectel	176.113.115.21		mailcious

Suricata ids

PE API

IAT(Import Address Table) Library

kernel32.dll
0x4cd168 DeleteCriticalSection
0x4cd16c LeaveCriticalSection
0x4cd170 EnterCriticalSection
0x4cd174 InitializeCriticalSection
0x4cd178 VirtualFree
0x4cd17c VirtualAlloc
0x4cd180 LocalFree
0x4cd184 LocalAlloc
0x4cd188 GetVersion
0x4cd18c GetCurrentThreadId
0x4cd190 InterlockedDecrement
0x4cd194 InterlockedIncrement
0x4cd198 VirtualQuery
0x4cd19c WideCharToMultiByte
0x4cd1a0 MultiByteToWideChar
0x4cd1a4 lstrlenA
0x4cd1a8 lstrcpynA
0x4cd1ac LoadLibraryExA
0x4cd1b0 GetThreadLocale
0x4cd1b4 GetStartupInfoA
0x4cd1b8 GetProcAddress
0x4cd1bc GetModuleHandleA
0x4cd1c0 GetModuleFileNameA
0x4cd1c4 GetLocaleInfoA
0x4cd1c8 GetCommandLineA
0x4cd1cc FreeLibrary
0x4cd1d0 FindFirstFileA
0x4cd1d4 FindClose
0x4cd1d8 ExitProcess
0x4cd1dc WriteFile
0x4cd1e0 UnhandledExceptionFilter
0x4cd1e4 RtlUnwind
0x4cd1e8 RaiseException
0x4cd1ec GetStdHandle
user32.dll
0x4cd1f4 GetKeyboardType
0x4cd1f8 LoadStringA
0x4cd1fc MessageBoxA
0x4cd200 CharNextA
advapi32.dll
0x4cd208 RegQueryValueExA
0x4cd20c RegOpenKeyExA
0x4cd210 RegCloseKey
oleaut32.dll
0x4cd218 SysFreeString
0x4cd21c SysReAllocStringLen
0x4cd220 SysAllocStringLen
kernel32.dll
0x4cd228 TlsSetValue
0x4cd22c TlsGetValue
0x4cd230 LocalAlloc
0x4cd234 GetModuleHandleA
advapi32.dll
0x4cd23c RegQueryValueExA
0x4cd240 RegOpenKeyExA
0x4cd244 RegCloseKey
kernel32.dll
0x4cd24c lstrcpyA
0x4cd250 WriteFile
0x4cd254 WaitForSingleObject
0x4cd258 VirtualQuery
0x4cd25c VirtualAlloc
0x4cd260 Sleep
0x4cd264 SizeofResource
0x4cd268 SetThreadLocale
0x4cd26c SetFilePointer
0x4cd270 SetEvent
0x4cd274 SetErrorMode
0x4cd278 SetEndOfFile
0x4cd27c ResetEvent
0x4cd280 ReadFile
0x4cd284 MultiByteToWideChar
0x4cd288 MulDiv
0x4cd28c LockResource
0x4cd290 LoadResource
0x4cd294 LoadLibraryA
0x4cd298 LeaveCriticalSection
0x4cd29c InitializeCriticalSection
0x4cd2a0 GlobalUnlock
0x4cd2a4 GlobalReAlloc
0x4cd2a8 GlobalHandle
0x4cd2ac GlobalLock
0x4cd2b0 GlobalFree
0x4cd2b4 GlobalFindAtomA
0x4cd2b8 GlobalDeleteAtom
0x4cd2bc GlobalAlloc
0x4cd2c0 GlobalAddAtomA
0x4cd2c4 GetVersionExA
0x4cd2c8 GetVersion
0x4cd2cc GetTickCount
0x4cd2d0 GetThreadLocale
0x4cd2d4 GetSystemInfo
0x4cd2d8 GetStringTypeExA
0x4cd2dc GetStdHandle
0x4cd2e0 GetProcAddress
0x4cd2e4 GetModuleHandleA
0x4cd2e8 GetModuleFileNameA
0x4cd2ec GetLocaleInfoA
0x4cd2f0 GetLocalTime
0x4cd2f4 GetLastError
0x4cd2f8 GetFullPathNameA
0x4cd2fc GetDiskFreeSpaceA
0x4cd300 GetDateFormatA
0x4cd304 GetCurrentThreadId
0x4cd308 GetCurrentProcessId
0x4cd30c GetCPInfo
0x4cd310 GetACP
0x4cd314 FreeResource
0x4cd318 InterlockedExchange
0x4cd31c FreeLibrary
0x4cd320 FormatMessageA
0x4cd324 FindResourceA
0x4cd328 FindFirstFileA
0x4cd32c FindClose
0x4cd330 FileTimeToLocalFileTime
0x4cd334 FileTimeToDosDateTime
0x4cd338 EnumCalendarInfoA
0x4cd33c EnterCriticalSection
0x4cd340 DeleteFileA
0x4cd344 DeleteCriticalSection
0x4cd348 CreateThread
0x4cd34c CreateFileA
0x4cd350 CreateEventA
0x4cd354 CompareStringA
0x4cd358 CloseHandle
version.dll
0x4cd360 VerQueryValueA
0x4cd364 GetFileVersionInfoSizeA
0x4cd368 GetFileVersionInfoA
gdi32.dll
0x4cd370 UnrealizeObject
0x4cd374 StretchBlt
0x4cd378 SetWindowOrgEx
0x4cd37c SetViewportOrgEx
0x4cd380 SetTextColor
0x4cd384 SetStretchBltMode
0x4cd388 SetROP2
0x4cd38c SetPixel
0x4cd390 SetDIBColorTable
0x4cd394 SetBrushOrgEx
0x4cd398 SetBkMode
0x4cd39c SetBkColor
0x4cd3a0 SelectPalette
0x4cd3a4 SelectObject
0x4cd3a8 SaveDC
0x4cd3ac RestoreDC
0x4cd3b0 RectVisible
0x4cd3b4 RealizePalette
0x4cd3b8 PatBlt
0x4cd3bc MoveToEx
0x4cd3c0 MaskBlt
0x4cd3c4 LineTo
0x4cd3c8 IntersectClipRect
0x4cd3cc GetWindowOrgEx
0x4cd3d0 GetTextMetricsA
0x4cd3d4 GetTextExtentPoint32A
0x4cd3d8 GetSystemPaletteEntries
0x4cd3dc GetStockObject
0x4cd3e0 GetPixel
0x4cd3e4 GetPaletteEntries
0x4cd3e8 GetObjectA
0x4cd3ec GetDeviceCaps
0x4cd3f0 GetDIBits
0x4cd3f4 GetDIBColorTable
0x4cd3f8 GetDCOrgEx
0x4cd3fc GetCurrentPositionEx
0x4cd400 GetClipBox
0x4cd404 GetBrushOrgEx
0x4cd408 GetBitmapBits
0x4cd40c ExcludeClipRect
0x4cd410 DeleteObject
0x4cd414 DeleteDC
0x4cd418 CreateSolidBrush
0x4cd41c CreatePenIndirect
0x4cd420 CreatePalette
0x4cd424 CreateHalftonePalette
0x4cd428 CreateFontIndirectA
0x4cd42c CreateDIBitmap
0x4cd430 CreateDIBSection
0x4cd434 CreateCompatibleDC
0x4cd438 CreateCompatibleBitmap
0x4cd43c CreateBrushIndirect
0x4cd440 CreateBitmap
0x4cd444 BitBlt
user32.dll
0x4cd44c CreateWindowExA
0x4cd450 WindowFromPoint
0x4cd454 WinHelpA
0x4cd458 WaitMessage
0x4cd45c UpdateWindow
0x4cd460 UnregisterClassA
0x4cd464 UnhookWindowsHookEx
0x4cd468 TranslateMessage
0x4cd46c TranslateMDISysAccel
0x4cd470 TrackPopupMenu
0x4cd474 SystemParametersInfoA
0x4cd478 ShowWindow
0x4cd47c ShowScrollBar
0x4cd480 ShowOwnedPopups
0x4cd484 ShowCursor
0x4cd488 SetWindowsHookExA
0x4cd48c SetWindowTextA
0x4cd490 SetWindowPos
0x4cd494 SetWindowPlacement
0x4cd498 SetWindowLongA
0x4cd49c SetTimer
0x4cd4a0 SetScrollRange
0x4cd4a4 SetScrollPos
0x4cd4a8 SetScrollInfo
0x4cd4ac SetRect
0x4cd4b0 SetPropA
0x4cd4b4 SetParent
0x4cd4b8 SetMenuItemInfoA
0x4cd4bc SetMenu
0x4cd4c0 SetForegroundWindow
0x4cd4c4 SetFocus
0x4cd4c8 SetCursor
0x4cd4cc SetClassLongA
0x4cd4d0 SetCapture
0x4cd4d4 SetActiveWindow
0x4cd4d8 SendMessageA
0x4cd4dc ScrollWindow
0x4cd4e0 ScreenToClient
0x4cd4e4 RemovePropA
0x4cd4e8 RemoveMenu
0x4cd4ec ReleaseDC
0x4cd4f0 ReleaseCapture
0x4cd4f4 RegisterWindowMessageA
0x4cd4f8 RegisterClipboardFormatA
0x4cd4fc RegisterClassA
0x4cd500 RedrawWindow
0x4cd504 PtInRect
0x4cd508 PostQuitMessage
0x4cd50c PostMessageA
0x4cd510 PeekMessageA
0x4cd514 OffsetRect
0x4cd518 OemToCharA
0x4cd51c MessageBoxA
0x4cd520 MapWindowPoints
0x4cd524 MapVirtualKeyA
0x4cd528 LoadStringA
0x4cd52c LoadKeyboardLayoutA
0x4cd530 LoadIconA
0x4cd534 LoadCursorA
0x4cd538 LoadBitmapA
0x4cd53c KillTimer
0x4cd540 IsZoomed
0x4cd544 IsWindowVisible
0x4cd548 IsWindowEnabled
0x4cd54c IsWindow
0x4cd550 IsRectEmpty
0x4cd554 IsIconic
0x4cd558 IsDialogMessageA
0x4cd55c IsChild
0x4cd560 IsCharLowerA
0x4cd564 InvalidateRect
0x4cd568 IntersectRect
0x4cd56c InsertMenuItemA
0x4cd570 InsertMenuA
0x4cd574 InflateRect
0x4cd578 GetWindowThreadProcessId
0x4cd57c GetWindowTextA
0x4cd580 GetWindowRect
0x4cd584 GetWindowPlacement
0x4cd588 GetWindowLongA
0x4cd58c GetWindowDC
0x4cd590 GetTopWindow
0x4cd594 GetSystemMetrics
0x4cd598 GetSystemMenu
0x4cd59c GetSysColorBrush
0x4cd5a0 GetSysColor
0x4cd5a4 GetSubMenu
0x4cd5a8 GetScrollRange
0x4cd5ac GetScrollPos
0x4cd5b0 GetScrollInfo
0x4cd5b4 GetPropA
0x4cd5b8 GetParent
0x4cd5bc GetWindow
0x4cd5c0 GetMenuStringA
0x4cd5c4 GetMenuState
0x4cd5c8 GetMenuItemInfoA
0x4cd5cc GetMenuItemID
0x4cd5d0 GetMenuItemCount
0x4cd5d4 GetMenu
0x4cd5d8 GetLastActivePopup
0x4cd5dc GetKeyboardState
0x4cd5e0 GetKeyboardLayoutList
0x4cd5e4 GetKeyboardLayout
0x4cd5e8 GetKeyState
0x4cd5ec GetKeyNameTextA
0x4cd5f0 GetKBCodePage
0x4cd5f4 GetIconInfo
0x4cd5f8 GetForegroundWindow
0x4cd5fc GetFocus
0x4cd600 GetDesktopWindow
0x4cd604 GetDCEx
0x4cd608 GetDC
0x4cd60c GetCursorPos
0x4cd610 GetCursor
0x4cd614 GetClientRect
0x4cd618 GetClassNameA
0x4cd61c GetClassInfoA
0x4cd620 GetCapture
0x4cd624 GetActiveWindow
0x4cd628 FrameRect
0x4cd62c FindWindowA
0x4cd630 FillRect
0x4cd634 EqualRect
0x4cd638 EnumWindows
0x4cd63c EnumThreadWindows
0x4cd640 EndPaint
0x4cd644 EnableWindow
0x4cd648 EnableScrollBar
0x4cd64c EnableMenuItem
0x4cd650 DrawTextA
0x4cd654 DrawMenuBar
0x4cd658 DrawIconEx
0x4cd65c DrawIcon
0x4cd660 DrawFrameControl
0x4cd664 DrawEdge
0x4cd668 DispatchMessageA
0x4cd66c DestroyWindow
0x4cd670 DestroyMenu
0x4cd674 DestroyIcon
0x4cd678 DestroyCursor
0x4cd67c DeleteMenu
0x4cd680 DefWindowProcA
0x4cd684 DefMDIChildProcA
0x4cd688 DefFrameProcA
0x4cd68c CreatePopupMenu
0x4cd690 CreateMenu
0x4cd694 CreateIcon
0x4cd698 ClientToScreen
0x4cd69c CheckMenuItem
0x4cd6a0 CallWindowProcA
0x4cd6a4 CallNextHookEx
0x4cd6a8 BeginPaint
0x4cd6ac CharNextA
0x4cd6b0 CharLowerA
0x4cd6b4 CharUpperBuffA
0x4cd6b8 CharToOemA
0x4cd6bc AdjustWindowRectEx
0x4cd6c0 ActivateKeyboardLayout
ole32.dll
0x4cd6c8 IsEqualGUID
0x4cd6cc CoTaskMemFree
0x4cd6d0 StringFromCLSID
0x4cd6d4 CoCreateGuid
kernel32.dll
0x4cd6dc Sleep
oleaut32.dll
0x4cd6e4 SafeArrayPtrOfIndex
0x4cd6e8 SafeArrayPutElement
0x4cd6ec SafeArrayGetElement
0x4cd6f0 SafeArrayUnaccessData
0x4cd6f4 SafeArrayAccessData
0x4cd6f8 SafeArrayGetUBound
0x4cd6fc SafeArrayGetLBound
0x4cd700 SafeArrayCreate
0x4cd704 VariantChangeType
0x4cd708 VariantCopyInd
0x4cd70c VariantCopy
0x4cd710 VariantClear
0x4cd714 VariantInit
ole32.dll
0x4cd71c CoCreateInstance
0x4cd720 CoUninitialize
0x4cd724 CoInitialize
oleaut32.dll
0x4cd72c CreateErrorInfo
0x4cd730 GetErrorInfo
0x4cd734 SetErrorInfo
0x4cd738 SysFreeString
comctl32.dll
0x4cd740 ImageList_SetIconSize
0x4cd744 ImageList_GetIconSize
0x4cd748 ImageList_Write
0x4cd74c ImageList_Read
0x4cd750 ImageList_GetDragImage
0x4cd754 ImageList_DragShowNolock
0x4cd758 ImageList_SetDragCursorImage
0x4cd75c ImageList_DragMove
0x4cd760 ImageList_DragLeave
0x4cd764 ImageList_DragEnter
0x4cd768 ImageList_EndDrag
0x4cd76c ImageList_BeginDrag
0x4cd770 ImageList_Remove
0x4cd774 ImageList_DrawEx
0x4cd778 ImageList_Draw
0x4cd77c ImageList_GetBkColor
0x4cd780 ImageList_SetBkColor
0x4cd784 ImageList_ReplaceIcon
0x4cd788 ImageList_Add
0x4cd78c ImageList_GetImageCount
0x4cd790 ImageList_Destroy
0x4cd794 ImageList_Create
shell32.dll
0x4cd79c ShellExecuteExA

EAT(Export Address Table) is none

Report - s2s.exe

Signature (18cnts)

Rules (9cnts)

Network (2cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure