ScreenShot
| Created | 2023.04.16 16:45 | Machine | s1_win7_x6401 |
| Filename | crys.suite.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 45 detected (PMax, malicious, high confidence, Lazy, Artemis, PasswordStealer, TrojanPSW, confidence, 100%, ABRisk, EJDK, Attribute, HighConfidence, score, Luca, CLASSIC, sqhtu, Outbreak, ai score=82, Wacatac, Detected, R567420, unsafe, Chgt, R002H0DCI23, QQPass, QQRob, Swhl, susgen, MalwareX) | ||
| md5 | ca1c266f80e30187ad1436b3da5bea81 | ||
| sha256 | 526c9ce5894a547167f22f1ff6dc539e7089f3bd90b86b9381c488a0080ee8c3 | ||
| ssdeep | 49152:Csl1uxhzrhSbb6w537vkSAX13CFuSQU7wGVrxkAof81js78sFQt5nQH79h0uJUO4:Cs0Srvr4SQU7EH8wguJUV | ||
| imphash | 882db238a37af35c8d608300bd05d183 | ||
| impfuzzy | 96:otHA84dITtD9fXDs4ZaKav5fcg+PJdZWBCWUyI71cHhUWiaCN09y2ELtMQN:olA5IpJTs4ZaKaWWUW3IuH6W/y20tMQN | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
oleaut32.dll
0x140294798 SysFreeString
0x1402947a0 SafeArrayUnaccessData
0x1402947a8 SysAllocStringLen
0x1402947b0 SafeArrayGetUBound
0x1402947b8 SafeArrayGetLBound
0x1402947c0 VariantClear
0x1402947c8 SafeArrayAccessData
0x1402947d0 SafeArrayDestroy
kernel32.dll
0x1402942d8 SetHandleInformation
0x1402942e0 GlobalFree
0x1402942e8 GlobalAlloc
0x1402942f0 GetModuleHandleA
0x1402942f8 GetProcAddress
0x140294300 GetCurrentThread
0x140294308 GetStdHandle
0x140294310 GetConsoleMode
0x140294318 WriteConsoleW
0x140294320 WaitForSingleObjectEx
0x140294328 LoadLibraryA
0x140294330 CreateMutexA
0x140294338 GetCurrentProcess
0x140294340 ReleaseMutex
0x140294348 GetEnvironmentVariableW
0x140294350 RtlLookupFunctionEntry
0x140294358 GetModuleHandleW
0x140294360 FormatMessageW
0x140294368 GetTempPathW
0x140294370 GetModuleFileNameW
0x140294378 CreateFileW
0x140294380 WaitForMultipleObjects
0x140294388 Sleep
0x140294390 SetFilePointerEx
0x140294398 FindNextFileW
0x1402943a0 CreateDirectoryW
0x1402943a8 FindFirstFileW
0x1402943b0 FindClose
0x1402943b8 GlobalUnlock
0x1402943c0 GlobalLock
0x1402943c8 GlobalSize
0x1402943d0 GetTimeZoneInformation
0x1402943d8 GetEnvironmentStringsW
0x1402943e0 FreeEnvironmentStringsW
0x1402943e8 CompareStringOrdinal
0x1402943f0 GetSystemDirectoryW
0x1402943f8 GetWindowsDirectoryW
0x140294400 CreateProcessW
0x140294408 GetFileAttributesW
0x140294410 DuplicateHandle
0x140294418 GetCurrentProcessId
0x140294420 CreateNamedPipeW
0x140294428 CreateThread
0x140294430 ReadFileEx
0x140294438 SleepEx
0x140294440 WriteFileEx
0x140294448 SystemTimeToFileTime
0x140294450 CreateEventW
0x140294458 CancelIo
0x140294460 ReadFile
0x140294468 ExitProcess
0x140294470 QueryPerformanceFrequency
0x140294478 GetCurrentDirectoryW
0x140294480 RtlCaptureContext
0x140294488 AddVectoredExceptionHandler
0x140294490 SleepConditionVariableSRW
0x140294498 WakeAllConditionVariable
0x1402944a0 WakeConditionVariable
0x1402944a8 PostQueuedCompletionStatus
0x1402944b0 SystemTimeToTzSpecificLocalTime
0x1402944b8 FileTimeToSystemTime
0x1402944c0 GetSystemTimeAsFileTime
0x1402944c8 SetThreadStackGuarantee
0x1402944d0 SwitchToThread
0x1402944d8 SetLastError
0x1402944e0 GetFinalPathNameByHandleW
0x1402944e8 GetFileInformationByHandle
0x1402944f0 ReleaseSRWLockExclusive
0x1402944f8 TryAcquireSRWLockExclusive
0x140294500 GetQueuedCompletionStatusEx
0x140294508 HeapAlloc
0x140294510 GetProcessHeap
0x140294518 RtlVirtualUnwind
0x140294520 FlushFileBuffers
0x140294528 GetTickCount
0x140294530 MapViewOfFile
0x140294538 CreateFileMappingW
0x140294540 FormatMessageA
0x140294548 GetSystemTime
0x140294550 WideCharToMultiByte
0x140294558 FreeLibrary
0x140294560 GetFileSize
0x140294568 LockFileEx
0x140294570 LocalFree
0x140294578 UnlockFile
0x140294580 HeapDestroy
0x140294588 HeapCompact
0x140294590 LoadLibraryW
0x140294598 DeleteFileW
0x1402945a0 DeleteFileA
0x1402945a8 CreateFileA
0x1402945b0 FlushViewOfFile
0x1402945b8 OutputDebugStringW
0x1402945c0 GetFileAttributesExW
0x1402945c8 GetFileAttributesA
0x1402945d0 GetDiskFreeSpaceA
0x1402945d8 GetTempPathA
0x1402945e0 MultiByteToWideChar
0x1402945e8 HeapSize
0x1402945f0 HeapValidate
0x1402945f8 UnmapViewOfFile
0x140294600 CreateMutexW
0x140294608 UnlockFileEx
0x140294610 SetEndOfFile
0x140294618 GetFullPathNameA
0x140294620 SetFilePointer
0x140294628 LockFile
0x140294630 OutputDebugStringA
0x140294638 GetDiskFreeSpaceW
0x140294640 WriteFile
0x140294648 HeapCreate
0x140294650 AreFileApisANSI
0x140294658 InitializeCriticalSection
0x140294660 EnterCriticalSection
0x140294668 LeaveCriticalSection
0x140294670 TryEnterCriticalSection
0x140294678 DeleteCriticalSection
0x140294680 GetCurrentThreadId
0x140294688 UnhandledExceptionFilter
0x140294690 CreateIoCompletionPort
0x140294698 SetFileCompletionNotificationModes
0x1402946a0 AcquireSRWLockShared
0x1402946a8 CopyFileExW
0x1402946b0 SetUnhandledExceptionFilter
0x1402946b8 ReleaseSRWLockShared
0x1402946c0 GetExitCodeProcess
0x1402946c8 WaitForSingleObject
0x1402946d0 TerminateProcess
0x1402946d8 IsProcessorFeaturePresent
0x1402946e0 GetFullPathNameW
0x1402946e8 HeapReAlloc
0x1402946f0 GetSystemInfo
0x1402946f8 GetLastError
0x140294700 GetOverlappedResult
0x140294708 CloseHandle
0x140294710 AcquireSRWLockExclusive
0x140294718 HeapFree
0x140294720 InitializeSListHead
0x140294728 IsDebuggerPresent
0x140294730 GetFileInformationByHandleEx
0x140294738 QueryPerformanceCounter
crypt32.dll
0x140294210 CertFreeCertificateChain
0x140294218 CertEnumCertificatesInStore
0x140294220 CertFreeCertificateContext
0x140294228 CertOpenStore
0x140294230 CertDuplicateStore
0x140294238 CertVerifyCertificateChainPolicy
0x140294240 CryptUnprotectData
0x140294248 CertDuplicateCertificateContext
0x140294250 CertGetCertificateChain
0x140294258 CertCloseStore
0x140294260 CertDuplicateCertificateChain
0x140294268 CertAddCertificateContextToStore
ole32.dll
0x140294770 CoInitializeSecurity
0x140294778 CoCreateInstance
0x140294780 CoSetProxyBlanket
0x140294788 CoInitializeEx
advapi32.dll
0x140294050 RegQueryValueExW
0x140294058 SystemFunction036
0x140294060 RegOpenKeyExW
0x140294068 RegCloseKey
0x140294070 FreeSid
0x140294078 AllocateAndInitializeSid
0x140294080 CheckTokenMembership
user32.dll
0x140294838 EnumDisplaySettingsExW
0x140294840 OpenClipboard
0x140294848 GetClipboardData
0x140294850 GetMonitorInfoW
0x140294858 CloseClipboard
0x140294860 SetClipboardData
0x140294868 EnumDisplayMonitors
gdi32.dll
0x140294278 GetDeviceCaps
0x140294280 CreateDCW
0x140294288 DeleteDC
0x140294290 CreateCompatibleDC
0x140294298 CreateCompatibleBitmap
0x1402942a0 SelectObject
0x1402942a8 SetStretchBltMode
0x1402942b0 StretchBlt
0x1402942b8 GetDIBits
0x1402942c0 GetObjectW
0x1402942c8 DeleteObject
crypt.dll
0x140294200 BCryptGenRandom
ws2_32.dll
0x140294878 WSAStartup
0x140294880 getaddrinfo
0x140294888 WSAIoctl
0x140294890 recv
0x140294898 setsockopt
0x1402948a0 shutdown
0x1402948a8 getsockname
0x1402948b0 WSAGetLastError
0x1402948b8 getpeername
0x1402948c0 closesocket
0x1402948c8 ind
0x1402948d0 WSASend
0x1402948d8 getsockopt
0x1402948e0 connect
0x1402948e8 WSACleanup
0x1402948f0 freeaddrinfo
0x1402948f8 send
0x140294900 WSASocketW
0x140294908 ioctlsocket
ntdll.dll
0x140294748 RtlNtStatusToDosError
0x140294750 NtCreateFile
0x140294758 NtDeviceIoControlFile
0x140294760 NtCancelIoFileEx
secur32.dll
0x1402947e0 DeleteSecurityContext
0x1402947e8 FreeContextBuffer
0x1402947f0 FreeCredentialsHandle
0x1402947f8 EncryptMessage
0x140294800 AcceptSecurityContext
0x140294808 AcquireCredentialsHandleA
0x140294810 InitializeSecurityContextW
0x140294818 QueryContextAttributesW
0x140294820 DecryptMessage
0x140294828 ApplyControlToken
VCRUNTIME140.dll
0x140294000 __current_exception_context
0x140294008 __current_exception
0x140294010 __C_specific_handler
0x140294018 strrchr
0x140294020 memmove
0x140294028 __CxxFrameHandler3
0x140294030 memset
0x140294038 memcmp
0x140294040 memcpy
api-ms-win-crt-string-l1-1-0.dll
0x1402941b0 strcspn
0x1402941b8 strncmp
0x1402941c0 strlen
0x1402941c8 strcmp
api-ms-win-crt-utility-l1-1-0.dll
0x1402941e8 qsort
0x1402941f0 _rotl64
api-ms-win-crt-heap-l1-1-0.dll
0x140294090 free
0x140294098 malloc
0x1402940a0 _set_new_mode
0x1402940a8 realloc
0x1402940b0 _msize
api-ms-win-crt-time-l1-1-0.dll
0x1402941d8 _localtime64_s
api-ms-win-crt-math-l1-1-0.dll
0x1402940d0 __setusermatherr
0x1402940d8 log
0x1402940e0 _dclass
api-ms-win-crt-runtime-l1-1-0.dll
0x1402940f0 __p___argv
0x1402940f8 _beginthreadex
0x140294100 _endthreadex
0x140294108 _initialize_onexit_table
0x140294110 _seh_filter_exe
0x140294118 _register_onexit_function
0x140294120 _set_app_type
0x140294128 _register_thread_local_exe_atexit_callback
0x140294130 _configure_narrow_argv
0x140294138 _crt_atexit
0x140294140 _initialize_narrow_environment
0x140294148 _cexit
0x140294150 _get_initial_narrow_environment
0x140294158 _initterm
0x140294160 _exit
0x140294168 exit
0x140294170 terminate
0x140294178 __p___argc
0x140294180 _c_exit
0x140294188 _initterm_e
api-ms-win-crt-stdio-l1-1-0.dll
0x140294198 _set_fmode
0x1402941a0 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x1402940c0 _configthreadlocale
EAT(Export Address Table) is none
oleaut32.dll
0x140294798 SysFreeString
0x1402947a0 SafeArrayUnaccessData
0x1402947a8 SysAllocStringLen
0x1402947b0 SafeArrayGetUBound
0x1402947b8 SafeArrayGetLBound
0x1402947c0 VariantClear
0x1402947c8 SafeArrayAccessData
0x1402947d0 SafeArrayDestroy
kernel32.dll
0x1402942d8 SetHandleInformation
0x1402942e0 GlobalFree
0x1402942e8 GlobalAlloc
0x1402942f0 GetModuleHandleA
0x1402942f8 GetProcAddress
0x140294300 GetCurrentThread
0x140294308 GetStdHandle
0x140294310 GetConsoleMode
0x140294318 WriteConsoleW
0x140294320 WaitForSingleObjectEx
0x140294328 LoadLibraryA
0x140294330 CreateMutexA
0x140294338 GetCurrentProcess
0x140294340 ReleaseMutex
0x140294348 GetEnvironmentVariableW
0x140294350 RtlLookupFunctionEntry
0x140294358 GetModuleHandleW
0x140294360 FormatMessageW
0x140294368 GetTempPathW
0x140294370 GetModuleFileNameW
0x140294378 CreateFileW
0x140294380 WaitForMultipleObjects
0x140294388 Sleep
0x140294390 SetFilePointerEx
0x140294398 FindNextFileW
0x1402943a0 CreateDirectoryW
0x1402943a8 FindFirstFileW
0x1402943b0 FindClose
0x1402943b8 GlobalUnlock
0x1402943c0 GlobalLock
0x1402943c8 GlobalSize
0x1402943d0 GetTimeZoneInformation
0x1402943d8 GetEnvironmentStringsW
0x1402943e0 FreeEnvironmentStringsW
0x1402943e8 CompareStringOrdinal
0x1402943f0 GetSystemDirectoryW
0x1402943f8 GetWindowsDirectoryW
0x140294400 CreateProcessW
0x140294408 GetFileAttributesW
0x140294410 DuplicateHandle
0x140294418 GetCurrentProcessId
0x140294420 CreateNamedPipeW
0x140294428 CreateThread
0x140294430 ReadFileEx
0x140294438 SleepEx
0x140294440 WriteFileEx
0x140294448 SystemTimeToFileTime
0x140294450 CreateEventW
0x140294458 CancelIo
0x140294460 ReadFile
0x140294468 ExitProcess
0x140294470 QueryPerformanceFrequency
0x140294478 GetCurrentDirectoryW
0x140294480 RtlCaptureContext
0x140294488 AddVectoredExceptionHandler
0x140294490 SleepConditionVariableSRW
0x140294498 WakeAllConditionVariable
0x1402944a0 WakeConditionVariable
0x1402944a8 PostQueuedCompletionStatus
0x1402944b0 SystemTimeToTzSpecificLocalTime
0x1402944b8 FileTimeToSystemTime
0x1402944c0 GetSystemTimeAsFileTime
0x1402944c8 SetThreadStackGuarantee
0x1402944d0 SwitchToThread
0x1402944d8 SetLastError
0x1402944e0 GetFinalPathNameByHandleW
0x1402944e8 GetFileInformationByHandle
0x1402944f0 ReleaseSRWLockExclusive
0x1402944f8 TryAcquireSRWLockExclusive
0x140294500 GetQueuedCompletionStatusEx
0x140294508 HeapAlloc
0x140294510 GetProcessHeap
0x140294518 RtlVirtualUnwind
0x140294520 FlushFileBuffers
0x140294528 GetTickCount
0x140294530 MapViewOfFile
0x140294538 CreateFileMappingW
0x140294540 FormatMessageA
0x140294548 GetSystemTime
0x140294550 WideCharToMultiByte
0x140294558 FreeLibrary
0x140294560 GetFileSize
0x140294568 LockFileEx
0x140294570 LocalFree
0x140294578 UnlockFile
0x140294580 HeapDestroy
0x140294588 HeapCompact
0x140294590 LoadLibraryW
0x140294598 DeleteFileW
0x1402945a0 DeleteFileA
0x1402945a8 CreateFileA
0x1402945b0 FlushViewOfFile
0x1402945b8 OutputDebugStringW
0x1402945c0 GetFileAttributesExW
0x1402945c8 GetFileAttributesA
0x1402945d0 GetDiskFreeSpaceA
0x1402945d8 GetTempPathA
0x1402945e0 MultiByteToWideChar
0x1402945e8 HeapSize
0x1402945f0 HeapValidate
0x1402945f8 UnmapViewOfFile
0x140294600 CreateMutexW
0x140294608 UnlockFileEx
0x140294610 SetEndOfFile
0x140294618 GetFullPathNameA
0x140294620 SetFilePointer
0x140294628 LockFile
0x140294630 OutputDebugStringA
0x140294638 GetDiskFreeSpaceW
0x140294640 WriteFile
0x140294648 HeapCreate
0x140294650 AreFileApisANSI
0x140294658 InitializeCriticalSection
0x140294660 EnterCriticalSection
0x140294668 LeaveCriticalSection
0x140294670 TryEnterCriticalSection
0x140294678 DeleteCriticalSection
0x140294680 GetCurrentThreadId
0x140294688 UnhandledExceptionFilter
0x140294690 CreateIoCompletionPort
0x140294698 SetFileCompletionNotificationModes
0x1402946a0 AcquireSRWLockShared
0x1402946a8 CopyFileExW
0x1402946b0 SetUnhandledExceptionFilter
0x1402946b8 ReleaseSRWLockShared
0x1402946c0 GetExitCodeProcess
0x1402946c8 WaitForSingleObject
0x1402946d0 TerminateProcess
0x1402946d8 IsProcessorFeaturePresent
0x1402946e0 GetFullPathNameW
0x1402946e8 HeapReAlloc
0x1402946f0 GetSystemInfo
0x1402946f8 GetLastError
0x140294700 GetOverlappedResult
0x140294708 CloseHandle
0x140294710 AcquireSRWLockExclusive
0x140294718 HeapFree
0x140294720 InitializeSListHead
0x140294728 IsDebuggerPresent
0x140294730 GetFileInformationByHandleEx
0x140294738 QueryPerformanceCounter
crypt32.dll
0x140294210 CertFreeCertificateChain
0x140294218 CertEnumCertificatesInStore
0x140294220 CertFreeCertificateContext
0x140294228 CertOpenStore
0x140294230 CertDuplicateStore
0x140294238 CertVerifyCertificateChainPolicy
0x140294240 CryptUnprotectData
0x140294248 CertDuplicateCertificateContext
0x140294250 CertGetCertificateChain
0x140294258 CertCloseStore
0x140294260 CertDuplicateCertificateChain
0x140294268 CertAddCertificateContextToStore
ole32.dll
0x140294770 CoInitializeSecurity
0x140294778 CoCreateInstance
0x140294780 CoSetProxyBlanket
0x140294788 CoInitializeEx
advapi32.dll
0x140294050 RegQueryValueExW
0x140294058 SystemFunction036
0x140294060 RegOpenKeyExW
0x140294068 RegCloseKey
0x140294070 FreeSid
0x140294078 AllocateAndInitializeSid
0x140294080 CheckTokenMembership
user32.dll
0x140294838 EnumDisplaySettingsExW
0x140294840 OpenClipboard
0x140294848 GetClipboardData
0x140294850 GetMonitorInfoW
0x140294858 CloseClipboard
0x140294860 SetClipboardData
0x140294868 EnumDisplayMonitors
gdi32.dll
0x140294278 GetDeviceCaps
0x140294280 CreateDCW
0x140294288 DeleteDC
0x140294290 CreateCompatibleDC
0x140294298 CreateCompatibleBitmap
0x1402942a0 SelectObject
0x1402942a8 SetStretchBltMode
0x1402942b0 StretchBlt
0x1402942b8 GetDIBits
0x1402942c0 GetObjectW
0x1402942c8 DeleteObject
crypt.dll
0x140294200 BCryptGenRandom
ws2_32.dll
0x140294878 WSAStartup
0x140294880 getaddrinfo
0x140294888 WSAIoctl
0x140294890 recv
0x140294898 setsockopt
0x1402948a0 shutdown
0x1402948a8 getsockname
0x1402948b0 WSAGetLastError
0x1402948b8 getpeername
0x1402948c0 closesocket
0x1402948c8 ind
0x1402948d0 WSASend
0x1402948d8 getsockopt
0x1402948e0 connect
0x1402948e8 WSACleanup
0x1402948f0 freeaddrinfo
0x1402948f8 send
0x140294900 WSASocketW
0x140294908 ioctlsocket
ntdll.dll
0x140294748 RtlNtStatusToDosError
0x140294750 NtCreateFile
0x140294758 NtDeviceIoControlFile
0x140294760 NtCancelIoFileEx
secur32.dll
0x1402947e0 DeleteSecurityContext
0x1402947e8 FreeContextBuffer
0x1402947f0 FreeCredentialsHandle
0x1402947f8 EncryptMessage
0x140294800 AcceptSecurityContext
0x140294808 AcquireCredentialsHandleA
0x140294810 InitializeSecurityContextW
0x140294818 QueryContextAttributesW
0x140294820 DecryptMessage
0x140294828 ApplyControlToken
VCRUNTIME140.dll
0x140294000 __current_exception_context
0x140294008 __current_exception
0x140294010 __C_specific_handler
0x140294018 strrchr
0x140294020 memmove
0x140294028 __CxxFrameHandler3
0x140294030 memset
0x140294038 memcmp
0x140294040 memcpy
api-ms-win-crt-string-l1-1-0.dll
0x1402941b0 strcspn
0x1402941b8 strncmp
0x1402941c0 strlen
0x1402941c8 strcmp
api-ms-win-crt-utility-l1-1-0.dll
0x1402941e8 qsort
0x1402941f0 _rotl64
api-ms-win-crt-heap-l1-1-0.dll
0x140294090 free
0x140294098 malloc
0x1402940a0 _set_new_mode
0x1402940a8 realloc
0x1402940b0 _msize
api-ms-win-crt-time-l1-1-0.dll
0x1402941d8 _localtime64_s
api-ms-win-crt-math-l1-1-0.dll
0x1402940d0 __setusermatherr
0x1402940d8 log
0x1402940e0 _dclass
api-ms-win-crt-runtime-l1-1-0.dll
0x1402940f0 __p___argv
0x1402940f8 _beginthreadex
0x140294100 _endthreadex
0x140294108 _initialize_onexit_table
0x140294110 _seh_filter_exe
0x140294118 _register_onexit_function
0x140294120 _set_app_type
0x140294128 _register_thread_local_exe_atexit_callback
0x140294130 _configure_narrow_argv
0x140294138 _crt_atexit
0x140294140 _initialize_narrow_environment
0x140294148 _cexit
0x140294150 _get_initial_narrow_environment
0x140294158 _initterm
0x140294160 _exit
0x140294168 exit
0x140294170 terminate
0x140294178 __p___argc
0x140294180 _c_exit
0x140294188 _initterm_e
api-ms-win-crt-stdio-l1-1-0.dll
0x140294198 _set_fmode
0x1402941a0 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x1402940c0 _configthreadlocale
EAT(Export Address Table) is none