ScreenShot
| Created | 2023.04.16 16:30 | Machine | s1_win7_x6401 |
| Filename | build.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 35 detected (Lazy, Artemis, PasswordStealer, malicious, confidence, Attribute, HighConfidence, high confidence, score, MalwareX, Agen, Fmnw, ai score=80, Wacatac, Detected, R550345, unsafe, Luca, CLASSIC) | ||
| md5 | 5bc8474304e8141a5e8e503c8e59a859 | ||
| sha256 | da1cbe7babc99e3fc8dc3b1287bb5e73d4db8ce020dd99dab22b067d109d3fd0 | ||
| ssdeep | 49152:Czry5T+SAUrOIUBG117oaECgFZ7wGVrGzO5UxB1kSerrF7rLq2MRFMJE:CzXSG7afgFZsxzeEhMJE | ||
| imphash | b8f6d0b0e04ca86e6419db0eea257de8 | ||
| impfuzzy | 96:otHAXPsgQgPwTxMHs4ZaKav5fcg+P2WKOeXWBIn1cHhUWiaCN09yn0Jx+YE:olA/skwos4ZaKa9WoWBIqH6W/y0Jx+YE | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 35 AntiVirus engines on VirusTotal as malicious |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
oleaut32.dll
0x140294798 SysFreeString
0x1402947a0 SafeArrayUnaccessData
0x1402947a8 SysAllocStringLen
0x1402947b0 SafeArrayGetUBound
0x1402947b8 SafeArrayGetLBound
0x1402947c0 VariantClear
0x1402947c8 SafeArrayAccessData
0x1402947d0 SafeArrayDestroy
kernel32.dll
0x1402942d8 SetThreadStackGuarantee
0x1402942e0 AddVectoredExceptionHandler
0x1402942e8 GlobalFree
0x1402942f0 SetHandleInformation
0x1402942f8 GlobalAlloc
0x140294300 Sleep
0x140294308 GetModuleHandleA
0x140294310 GetProcAddress
0x140294318 GetCurrentThread
0x140294320 GetStdHandle
0x140294328 GetConsoleMode
0x140294330 WriteConsoleW
0x140294338 WaitForSingleObjectEx
0x140294340 LoadLibraryA
0x140294348 CreateMutexA
0x140294350 GetCurrentProcess
0x140294358 ReleaseMutex
0x140294360 GetEnvironmentVariableW
0x140294368 RtlLookupFunctionEntry
0x140294370 GetModuleHandleW
0x140294378 FormatMessageW
0x140294380 HeapReAlloc
0x140294388 GlobalUnlock
0x140294390 CreateFileW
0x140294398 GetFileInformationByHandleEx
0x1402943a0 GetFullPathNameW
0x1402943a8 SetFilePointerEx
0x1402943b0 FindNextFileW
0x1402943b8 CreateDirectoryW
0x1402943c0 FindFirstFileW
0x1402943c8 GlobalLock
0x1402943d0 GlobalSize
0x1402943d8 GetTimeZoneInformation
0x1402943e0 SystemTimeToFileTime
0x1402943e8 GetEnvironmentStringsW
0x1402943f0 FreeEnvironmentStringsW
0x1402943f8 CompareStringOrdinal
0x140294400 GetSystemDirectoryW
0x140294408 GetWindowsDirectoryW
0x140294410 CreateProcessW
0x140294418 GetFileAttributesW
0x140294420 DuplicateHandle
0x140294428 GetCurrentProcessId
0x140294430 CreateNamedPipeW
0x140294438 CreateThread
0x140294440 ReadFileEx
0x140294448 SleepEx
0x140294450 WriteFileEx
0x140294458 SystemTimeToTzSpecificLocalTime
0x140294460 CreateEventW
0x140294468 CancelIo
0x140294470 ExitProcess
0x140294478 QueryPerformanceCounter
0x140294480 QueryPerformanceFrequency
0x140294488 HeapAlloc
0x140294490 RtlCaptureContext
0x140294498 CopyFileExW
0x1402944a0 SleepConditionVariableSRW
0x1402944a8 WakeAllConditionVariable
0x1402944b0 WakeConditionVariable
0x1402944b8 PostQueuedCompletionStatus
0x1402944c0 FileTimeToSystemTime
0x1402944c8 GetSystemTimeAsFileTime
0x1402944d0 GetProcessHeap
0x1402944d8 GetFileInformationByHandle
0x1402944e0 ReleaseSRWLockExclusive
0x1402944e8 SwitchToThread
0x1402944f0 SetLastError
0x1402944f8 GetFinalPathNameByHandleW
0x140294500 TryAcquireSRWLockExclusive
0x140294508 GetQueuedCompletionStatusEx
0x140294510 UnhandledExceptionFilter
0x140294518 RtlVirtualUnwind
0x140294520 FlushFileBuffers
0x140294528 GetTickCount
0x140294530 MapViewOfFile
0x140294538 CreateFileMappingW
0x140294540 FormatMessageA
0x140294548 GetSystemTime
0x140294550 WideCharToMultiByte
0x140294558 FreeLibrary
0x140294560 GetFileSize
0x140294568 LockFileEx
0x140294570 LocalFree
0x140294578 UnlockFile
0x140294580 HeapDestroy
0x140294588 HeapCompact
0x140294590 LoadLibraryW
0x140294598 DeleteFileW
0x1402945a0 DeleteFileA
0x1402945a8 CreateFileA
0x1402945b0 FlushViewOfFile
0x1402945b8 OutputDebugStringW
0x1402945c0 GetFileAttributesExW
0x1402945c8 GetFileAttributesA
0x1402945d0 GetDiskFreeSpaceA
0x1402945d8 GetTempPathA
0x1402945e0 MultiByteToWideChar
0x1402945e8 HeapSize
0x1402945f0 HeapValidate
0x1402945f8 UnmapViewOfFile
0x140294600 CreateMutexW
0x140294608 UnlockFileEx
0x140294610 SetEndOfFile
0x140294618 GetFullPathNameA
0x140294620 SetFilePointer
0x140294628 LockFile
0x140294630 OutputDebugStringA
0x140294638 GetDiskFreeSpaceW
0x140294640 WriteFile
0x140294648 HeapCreate
0x140294650 AreFileApisANSI
0x140294658 InitializeCriticalSection
0x140294660 EnterCriticalSection
0x140294668 LeaveCriticalSection
0x140294670 TryEnterCriticalSection
0x140294678 DeleteCriticalSection
0x140294680 GetCurrentThreadId
0x140294688 ReleaseSRWLockShared
0x140294690 AcquireSRWLockShared
0x140294698 CreateIoCompletionPort
0x1402946a0 GetCurrentDirectoryW
0x1402946a8 SetUnhandledExceptionFilter
0x1402946b0 GetExitCodeProcess
0x1402946b8 SetFileCompletionNotificationModes
0x1402946c0 WaitForSingleObject
0x1402946c8 TerminateProcess
0x1402946d0 IsProcessorFeaturePresent
0x1402946d8 GetOverlappedResult
0x1402946e0 GetModuleFileNameW
0x1402946e8 GetSystemInfo
0x1402946f0 GetLastError
0x1402946f8 WaitForMultipleObjects
0x140294700 FindClose
0x140294708 CloseHandle
0x140294710 AcquireSRWLockExclusive
0x140294718 HeapFree
0x140294720 InitializeSListHead
0x140294728 IsDebuggerPresent
0x140294730 GetTempPathW
0x140294738 ReadFile
crypt32.dll
0x140294210 CertOpenStore
0x140294218 CertDuplicateCertificateChain
0x140294220 CertEnumCertificatesInStore
0x140294228 CertGetCertificateChain
0x140294230 CertFreeCertificateChain
0x140294238 CertVerifyCertificateChainPolicy
0x140294240 CertDuplicateCertificateContext
0x140294248 CertAddCertificateContextToStore
0x140294250 CertCloseStore
0x140294258 CertFreeCertificateContext
0x140294260 CryptUnprotectData
0x140294268 CertDuplicateStore
ole32.dll
0x140294770 CoInitializeSecurity
0x140294778 CoCreateInstance
0x140294780 CoSetProxyBlanket
0x140294788 CoInitializeEx
advapi32.dll
0x140294050 RegQueryValueExW
0x140294058 RegOpenKeyExW
0x140294060 SystemFunction036
0x140294068 FreeSid
0x140294070 RegCloseKey
0x140294078 CheckTokenMembership
0x140294080 AllocateAndInitializeSid
user32.dll
0x140294838 EnumDisplaySettingsExW
0x140294840 OpenClipboard
0x140294848 GetClipboardData
0x140294850 GetMonitorInfoW
0x140294858 CloseClipboard
0x140294860 SetClipboardData
0x140294868 EnumDisplayMonitors
gdi32.dll
0x140294278 CreateDCW
0x140294280 GetDeviceCaps
0x140294288 DeleteDC
0x140294290 CreateCompatibleDC
0x140294298 CreateCompatibleBitmap
0x1402942a0 SelectObject
0x1402942a8 SetStretchBltMode
0x1402942b0 StretchBlt
0x1402942b8 GetDIBits
0x1402942c0 GetObjectW
0x1402942c8 DeleteObject
crypt.dll
0x140294200 BCryptGenRandom
ws2_32.dll
0x140294878 WSAStartup
0x140294880 getaddrinfo
0x140294888 WSAIoctl
0x140294890 recv
0x140294898 setsockopt
0x1402948a0 shutdown
0x1402948a8 getsockname
0x1402948b0 WSAGetLastError
0x1402948b8 getpeername
0x1402948c0 closesocket
0x1402948c8 ind
0x1402948d0 WSASend
0x1402948d8 getsockopt
0x1402948e0 connect
0x1402948e8 WSACleanup
0x1402948f0 freeaddrinfo
0x1402948f8 send
0x140294900 WSASocketW
0x140294908 ioctlsocket
ntdll.dll
0x140294748 RtlNtStatusToDosError
0x140294750 NtCreateFile
0x140294758 NtDeviceIoControlFile
0x140294760 NtCancelIoFileEx
secur32.dll
0x1402947e0 DeleteSecurityContext
0x1402947e8 FreeContextBuffer
0x1402947f0 FreeCredentialsHandle
0x1402947f8 EncryptMessage
0x140294800 AcceptSecurityContext
0x140294808 AcquireCredentialsHandleA
0x140294810 InitializeSecurityContextW
0x140294818 QueryContextAttributesW
0x140294820 DecryptMessage
0x140294828 ApplyControlToken
VCRUNTIME140.dll
0x140294000 __current_exception_context
0x140294008 __current_exception
0x140294010 __C_specific_handler
0x140294018 strrchr
0x140294020 memmove
0x140294028 __CxxFrameHandler3
0x140294030 memset
0x140294038 memcmp
0x140294040 memcpy
api-ms-win-crt-string-l1-1-0.dll
0x1402941b0 strncmp
0x1402941b8 strcspn
0x1402941c0 strcmp
0x1402941c8 strlen
api-ms-win-crt-utility-l1-1-0.dll
0x1402941e8 qsort
0x1402941f0 _rotl64
api-ms-win-crt-heap-l1-1-0.dll
0x140294090 _set_new_mode
0x140294098 free
0x1402940a0 malloc
0x1402940a8 _msize
0x1402940b0 realloc
api-ms-win-crt-time-l1-1-0.dll
0x1402941d8 _localtime64_s
api-ms-win-crt-math-l1-1-0.dll
0x1402940d0 log
0x1402940d8 __setusermatherr
0x1402940e0 _dclass
api-ms-win-crt-runtime-l1-1-0.dll
0x1402940f0 _register_thread_local_exe_atexit_callback
0x1402940f8 _beginthreadex
0x140294100 _endthreadex
0x140294108 _c_exit
0x140294110 _seh_filter_exe
0x140294118 _set_app_type
0x140294120 _register_onexit_function
0x140294128 _crt_atexit
0x140294130 _initialize_onexit_table
0x140294138 _configure_narrow_argv
0x140294140 __p___argc
0x140294148 _initialize_narrow_environment
0x140294150 _get_initial_narrow_environment
0x140294158 _initterm
0x140294160 __p___argv
0x140294168 terminate
0x140294170 _exit
0x140294178 exit
0x140294180 _cexit
0x140294188 _initterm_e
api-ms-win-crt-stdio-l1-1-0.dll
0x140294198 _set_fmode
0x1402941a0 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x1402940c0 _configthreadlocale
EAT(Export Address Table) is none
oleaut32.dll
0x140294798 SysFreeString
0x1402947a0 SafeArrayUnaccessData
0x1402947a8 SysAllocStringLen
0x1402947b0 SafeArrayGetUBound
0x1402947b8 SafeArrayGetLBound
0x1402947c0 VariantClear
0x1402947c8 SafeArrayAccessData
0x1402947d0 SafeArrayDestroy
kernel32.dll
0x1402942d8 SetThreadStackGuarantee
0x1402942e0 AddVectoredExceptionHandler
0x1402942e8 GlobalFree
0x1402942f0 SetHandleInformation
0x1402942f8 GlobalAlloc
0x140294300 Sleep
0x140294308 GetModuleHandleA
0x140294310 GetProcAddress
0x140294318 GetCurrentThread
0x140294320 GetStdHandle
0x140294328 GetConsoleMode
0x140294330 WriteConsoleW
0x140294338 WaitForSingleObjectEx
0x140294340 LoadLibraryA
0x140294348 CreateMutexA
0x140294350 GetCurrentProcess
0x140294358 ReleaseMutex
0x140294360 GetEnvironmentVariableW
0x140294368 RtlLookupFunctionEntry
0x140294370 GetModuleHandleW
0x140294378 FormatMessageW
0x140294380 HeapReAlloc
0x140294388 GlobalUnlock
0x140294390 CreateFileW
0x140294398 GetFileInformationByHandleEx
0x1402943a0 GetFullPathNameW
0x1402943a8 SetFilePointerEx
0x1402943b0 FindNextFileW
0x1402943b8 CreateDirectoryW
0x1402943c0 FindFirstFileW
0x1402943c8 GlobalLock
0x1402943d0 GlobalSize
0x1402943d8 GetTimeZoneInformation
0x1402943e0 SystemTimeToFileTime
0x1402943e8 GetEnvironmentStringsW
0x1402943f0 FreeEnvironmentStringsW
0x1402943f8 CompareStringOrdinal
0x140294400 GetSystemDirectoryW
0x140294408 GetWindowsDirectoryW
0x140294410 CreateProcessW
0x140294418 GetFileAttributesW
0x140294420 DuplicateHandle
0x140294428 GetCurrentProcessId
0x140294430 CreateNamedPipeW
0x140294438 CreateThread
0x140294440 ReadFileEx
0x140294448 SleepEx
0x140294450 WriteFileEx
0x140294458 SystemTimeToTzSpecificLocalTime
0x140294460 CreateEventW
0x140294468 CancelIo
0x140294470 ExitProcess
0x140294478 QueryPerformanceCounter
0x140294480 QueryPerformanceFrequency
0x140294488 HeapAlloc
0x140294490 RtlCaptureContext
0x140294498 CopyFileExW
0x1402944a0 SleepConditionVariableSRW
0x1402944a8 WakeAllConditionVariable
0x1402944b0 WakeConditionVariable
0x1402944b8 PostQueuedCompletionStatus
0x1402944c0 FileTimeToSystemTime
0x1402944c8 GetSystemTimeAsFileTime
0x1402944d0 GetProcessHeap
0x1402944d8 GetFileInformationByHandle
0x1402944e0 ReleaseSRWLockExclusive
0x1402944e8 SwitchToThread
0x1402944f0 SetLastError
0x1402944f8 GetFinalPathNameByHandleW
0x140294500 TryAcquireSRWLockExclusive
0x140294508 GetQueuedCompletionStatusEx
0x140294510 UnhandledExceptionFilter
0x140294518 RtlVirtualUnwind
0x140294520 FlushFileBuffers
0x140294528 GetTickCount
0x140294530 MapViewOfFile
0x140294538 CreateFileMappingW
0x140294540 FormatMessageA
0x140294548 GetSystemTime
0x140294550 WideCharToMultiByte
0x140294558 FreeLibrary
0x140294560 GetFileSize
0x140294568 LockFileEx
0x140294570 LocalFree
0x140294578 UnlockFile
0x140294580 HeapDestroy
0x140294588 HeapCompact
0x140294590 LoadLibraryW
0x140294598 DeleteFileW
0x1402945a0 DeleteFileA
0x1402945a8 CreateFileA
0x1402945b0 FlushViewOfFile
0x1402945b8 OutputDebugStringW
0x1402945c0 GetFileAttributesExW
0x1402945c8 GetFileAttributesA
0x1402945d0 GetDiskFreeSpaceA
0x1402945d8 GetTempPathA
0x1402945e0 MultiByteToWideChar
0x1402945e8 HeapSize
0x1402945f0 HeapValidate
0x1402945f8 UnmapViewOfFile
0x140294600 CreateMutexW
0x140294608 UnlockFileEx
0x140294610 SetEndOfFile
0x140294618 GetFullPathNameA
0x140294620 SetFilePointer
0x140294628 LockFile
0x140294630 OutputDebugStringA
0x140294638 GetDiskFreeSpaceW
0x140294640 WriteFile
0x140294648 HeapCreate
0x140294650 AreFileApisANSI
0x140294658 InitializeCriticalSection
0x140294660 EnterCriticalSection
0x140294668 LeaveCriticalSection
0x140294670 TryEnterCriticalSection
0x140294678 DeleteCriticalSection
0x140294680 GetCurrentThreadId
0x140294688 ReleaseSRWLockShared
0x140294690 AcquireSRWLockShared
0x140294698 CreateIoCompletionPort
0x1402946a0 GetCurrentDirectoryW
0x1402946a8 SetUnhandledExceptionFilter
0x1402946b0 GetExitCodeProcess
0x1402946b8 SetFileCompletionNotificationModes
0x1402946c0 WaitForSingleObject
0x1402946c8 TerminateProcess
0x1402946d0 IsProcessorFeaturePresent
0x1402946d8 GetOverlappedResult
0x1402946e0 GetModuleFileNameW
0x1402946e8 GetSystemInfo
0x1402946f0 GetLastError
0x1402946f8 WaitForMultipleObjects
0x140294700 FindClose
0x140294708 CloseHandle
0x140294710 AcquireSRWLockExclusive
0x140294718 HeapFree
0x140294720 InitializeSListHead
0x140294728 IsDebuggerPresent
0x140294730 GetTempPathW
0x140294738 ReadFile
crypt32.dll
0x140294210 CertOpenStore
0x140294218 CertDuplicateCertificateChain
0x140294220 CertEnumCertificatesInStore
0x140294228 CertGetCertificateChain
0x140294230 CertFreeCertificateChain
0x140294238 CertVerifyCertificateChainPolicy
0x140294240 CertDuplicateCertificateContext
0x140294248 CertAddCertificateContextToStore
0x140294250 CertCloseStore
0x140294258 CertFreeCertificateContext
0x140294260 CryptUnprotectData
0x140294268 CertDuplicateStore
ole32.dll
0x140294770 CoInitializeSecurity
0x140294778 CoCreateInstance
0x140294780 CoSetProxyBlanket
0x140294788 CoInitializeEx
advapi32.dll
0x140294050 RegQueryValueExW
0x140294058 RegOpenKeyExW
0x140294060 SystemFunction036
0x140294068 FreeSid
0x140294070 RegCloseKey
0x140294078 CheckTokenMembership
0x140294080 AllocateAndInitializeSid
user32.dll
0x140294838 EnumDisplaySettingsExW
0x140294840 OpenClipboard
0x140294848 GetClipboardData
0x140294850 GetMonitorInfoW
0x140294858 CloseClipboard
0x140294860 SetClipboardData
0x140294868 EnumDisplayMonitors
gdi32.dll
0x140294278 CreateDCW
0x140294280 GetDeviceCaps
0x140294288 DeleteDC
0x140294290 CreateCompatibleDC
0x140294298 CreateCompatibleBitmap
0x1402942a0 SelectObject
0x1402942a8 SetStretchBltMode
0x1402942b0 StretchBlt
0x1402942b8 GetDIBits
0x1402942c0 GetObjectW
0x1402942c8 DeleteObject
crypt.dll
0x140294200 BCryptGenRandom
ws2_32.dll
0x140294878 WSAStartup
0x140294880 getaddrinfo
0x140294888 WSAIoctl
0x140294890 recv
0x140294898 setsockopt
0x1402948a0 shutdown
0x1402948a8 getsockname
0x1402948b0 WSAGetLastError
0x1402948b8 getpeername
0x1402948c0 closesocket
0x1402948c8 ind
0x1402948d0 WSASend
0x1402948d8 getsockopt
0x1402948e0 connect
0x1402948e8 WSACleanup
0x1402948f0 freeaddrinfo
0x1402948f8 send
0x140294900 WSASocketW
0x140294908 ioctlsocket
ntdll.dll
0x140294748 RtlNtStatusToDosError
0x140294750 NtCreateFile
0x140294758 NtDeviceIoControlFile
0x140294760 NtCancelIoFileEx
secur32.dll
0x1402947e0 DeleteSecurityContext
0x1402947e8 FreeContextBuffer
0x1402947f0 FreeCredentialsHandle
0x1402947f8 EncryptMessage
0x140294800 AcceptSecurityContext
0x140294808 AcquireCredentialsHandleA
0x140294810 InitializeSecurityContextW
0x140294818 QueryContextAttributesW
0x140294820 DecryptMessage
0x140294828 ApplyControlToken
VCRUNTIME140.dll
0x140294000 __current_exception_context
0x140294008 __current_exception
0x140294010 __C_specific_handler
0x140294018 strrchr
0x140294020 memmove
0x140294028 __CxxFrameHandler3
0x140294030 memset
0x140294038 memcmp
0x140294040 memcpy
api-ms-win-crt-string-l1-1-0.dll
0x1402941b0 strncmp
0x1402941b8 strcspn
0x1402941c0 strcmp
0x1402941c8 strlen
api-ms-win-crt-utility-l1-1-0.dll
0x1402941e8 qsort
0x1402941f0 _rotl64
api-ms-win-crt-heap-l1-1-0.dll
0x140294090 _set_new_mode
0x140294098 free
0x1402940a0 malloc
0x1402940a8 _msize
0x1402940b0 realloc
api-ms-win-crt-time-l1-1-0.dll
0x1402941d8 _localtime64_s
api-ms-win-crt-math-l1-1-0.dll
0x1402940d0 log
0x1402940d8 __setusermatherr
0x1402940e0 _dclass
api-ms-win-crt-runtime-l1-1-0.dll
0x1402940f0 _register_thread_local_exe_atexit_callback
0x1402940f8 _beginthreadex
0x140294100 _endthreadex
0x140294108 _c_exit
0x140294110 _seh_filter_exe
0x140294118 _set_app_type
0x140294120 _register_onexit_function
0x140294128 _crt_atexit
0x140294130 _initialize_onexit_table
0x140294138 _configure_narrow_argv
0x140294140 __p___argc
0x140294148 _initialize_narrow_environment
0x140294150 _get_initial_narrow_environment
0x140294158 _initterm
0x140294160 __p___argv
0x140294168 terminate
0x140294170 _exit
0x140294178 exit
0x140294180 _cexit
0x140294188 _initterm_e
api-ms-win-crt-stdio-l1-1-0.dll
0x140294198 _set_fmode
0x1402941a0 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x1402940c0 _configthreadlocale
EAT(Export Address Table) is none