ScreenShot
| Created | 2023.04.21 18:13 | Machine | s1_win7_x6401 |
| Filename | 4496TmGAmszliFaJddlAQYLYCUMW.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 23 detected (GenericKD, malicious, confidence, score, FileRepMalware, Misc, AGEN, Mikey, BrowseFox, Casdet, Artemis, ai score=87, susgen, PossibleThreat) | ||
| md5 | 249e72c284e40f491a40290b0b22fc58 | ||
| sha256 | e74e9eef09f0408bc12122664feab0f172a77bda450290cb2c583a1fb09a18b7 | ||
| ssdeep | 49152:Y1LslvY4A5tOYiFozvPfpiE42OwpJM86LB:Y1OvFA5viFLFIO86 | ||
| imphash | 43a682db5d18214091b3a5e4b9713a58 | ||
| impfuzzy | 96:/776E1EQJmT6CCBttYnc0atuLaQRWbPAtDCfTlRKaci5LcKN2a:/7d46Ltsa8+aWQwTGPKN2a | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14016c110 GetFileAttributesExW
0x14016c118 OutputDebugStringW
0x14016c120 FlushViewOfFile
0x14016c128 CreateFileA
0x14016c130 WaitForSingleObjectEx
0x14016c138 DeleteFileA
0x14016c140 DeleteFileW
0x14016c148 HeapReAlloc
0x14016c150 CloseHandle
0x14016c158 GetSystemInfo
0x14016c160 HeapAlloc
0x14016c168 HeapCompact
0x14016c170 HeapDestroy
0x14016c178 UnlockFile
0x14016c180 LocalFree
0x14016c188 LockFileEx
0x14016c190 GetFileSize
0x14016c198 DeleteCriticalSection
0x14016c1a0 GetCurrentProcessId
0x14016c1a8 GetProcessHeap
0x14016c1b0 SystemTimeToFileTime
0x14016c1b8 WideCharToMultiByte
0x14016c1c0 GetSystemTimeAsFileTime
0x14016c1c8 GetSystemTime
0x14016c1d0 FormatMessageA
0x14016c1d8 CreateFileMappingW
0x14016c1e0 MapViewOfFile
0x14016c1e8 QueryPerformanceCounter
0x14016c1f0 GetTickCount
0x14016c1f8 FlushFileBuffers
0x14016c200 CreateDirectoryW
0x14016c208 GetCurrentProcess
0x14016c210 GetUserDefaultUILanguage
0x14016c218 GetProcAddress
0x14016c220 GetModuleHandleW
0x14016c228 CopyFileW
0x14016c230 QueryFullProcessImageNameW
0x14016c238 AreFileApisANSI
0x14016c240 ReadFile
0x14016c248 TryEnterCriticalSection
0x14016c250 HeapCreate
0x14016c258 HeapFree
0x14016c260 EnterCriticalSection
0x14016c268 GetFullPathNameW
0x14016c270 WriteFile
0x14016c278 GetCurrentDirectoryW
0x14016c280 GetLastError
0x14016c288 GetDiskFreeSpaceA
0x14016c290 FormatMessageW
0x14016c298 GetTempPathA
0x14016c2a0 Sleep
0x14016c2a8 MultiByteToWideChar
0x14016c2b0 HeapSize
0x14016c2b8 HeapValidate
0x14016c2c0 ReadConsoleW
0x14016c2c8 SetEnvironmentVariableW
0x14016c2d0 FreeEnvironmentStringsW
0x14016c2d8 GetEnvironmentStringsW
0x14016c2e0 GetCommandLineW
0x14016c2e8 GetCommandLineA
0x14016c2f0 GetOEMCP
0x14016c2f8 GetACP
0x14016c300 IsValidCodePage
0x14016c308 FindNextFileW
0x14016c310 FindFirstFileExW
0x14016c318 FindClose
0x14016c320 GetTimeZoneInformation
0x14016c328 GetConsoleMode
0x14016c330 GetConsoleOutputCP
0x14016c338 EnumSystemLocalesW
0x14016c340 GetUserDefaultLCID
0x14016c348 IsValidLocale
0x14016c350 GetLocaleInfoW
0x14016c358 LCMapStringW
0x14016c360 CompareStringW
0x14016c368 GetTimeFormatW
0x14016c370 GetDateFormatW
0x14016c378 FlsFree
0x14016c380 FlsSetValue
0x14016c388 FlsGetValue
0x14016c390 FlsAlloc
0x14016c398 SetFilePointerEx
0x14016c3a0 FileTimeToSystemTime
0x14016c3a8 SystemTimeToTzSpecificLocalTime
0x14016c3b0 GetFileInformationByHandle
0x14016c3b8 GetDriveTypeW
0x14016c3c0 GetModuleFileNameW
0x14016c3c8 ExitProcess
0x14016c3d0 GetModuleHandleExW
0x14016c3d8 FreeLibraryAndExitThread
0x14016c3e0 ExitThread
0x14016c3e8 CreateThread
0x14016c3f0 SetStdHandle
0x14016c3f8 RtlUnwind
0x14016c400 UnmapViewOfFile
0x14016c408 GetCurrentThreadId
0x14016c410 GetFileAttributesW
0x14016c418 CreateFileW
0x14016c420 WaitForSingleObject
0x14016c428 CreateMutexW
0x14016c430 GetTempPathW
0x14016c438 UnlockFileEx
0x14016c440 SetEndOfFile
0x14016c448 GetFullPathNameA
0x14016c450 SetFilePointer
0x14016c458 InitializeCriticalSection
0x14016c460 LeaveCriticalSection
0x14016c468 LockFile
0x14016c470 OutputDebugStringA
0x14016c478 GetDiskFreeSpaceW
0x14016c480 GetFileAttributesA
0x14016c488 LoadLibraryExW
0x14016c490 TlsFree
0x14016c498 TlsSetValue
0x14016c4a0 TlsGetValue
0x14016c4a8 TlsAlloc
0x14016c4b0 RaiseException
0x14016c4b8 RtlPcToFileHeader
0x14016c4c0 WriteConsoleW
0x14016c4c8 RtlUnwindEx
0x14016c4d0 GetFileSizeEx
0x14016c4d8 VerifyVersionInfoW
0x14016c4e0 VerSetConditionMask
0x14016c4e8 SleepEx
0x14016c4f0 WaitForMultipleObjects
0x14016c4f8 PeekNamedPipe
0x14016c500 GetFileType
0x14016c508 GetStdHandle
0x14016c510 GetEnvironmentVariableA
0x14016c518 MoveFileExA
0x14016c520 SetLastError
0x14016c528 LoadLibraryA
0x14016c530 GetModuleHandleA
0x14016c538 FreeLibrary
0x14016c540 GetSystemDirectoryA
0x14016c548 QueryPerformanceFrequency
0x14016c550 AcquireSRWLockExclusive
0x14016c558 ReleaseSRWLockExclusive
0x14016c560 TerminateProcess
0x14016c568 InitializeCriticalSectionEx
0x14016c570 EncodePointer
0x14016c578 DecodePointer
0x14016c580 GetStringTypeW
0x14016c588 GetCPInfo
0x14016c590 InitializeCriticalSectionAndSpinCount
0x14016c598 SetEvent
0x14016c5a0 ResetEvent
0x14016c5a8 CreateEventW
0x14016c5b0 RtlCaptureContext
0x14016c5b8 RtlLookupFunctionEntry
0x14016c5c0 RtlVirtualUnwind
0x14016c5c8 IsDebuggerPresent
0x14016c5d0 UnhandledExceptionFilter
0x14016c5d8 SetUnhandledExceptionFilter
0x14016c5e0 GetStartupInfoW
0x14016c5e8 IsProcessorFeaturePresent
0x14016c5f0 InitializeSListHead
USER32.dll
0x14016c620 EnumWindows
0x14016c628 GetKeyboardLayout
0x14016c630 SwitchToThisWindow
0x14016c638 PostMessageW
0x14016c640 GetClassNameW
0x14016c648 FindWindowW
0x14016c650 GetWindowTextW
ADVAPI32.dll
0x14016c000 CryptEncrypt
0x14016c008 CryptImportKey
0x14016c010 CryptDestroyKey
0x14016c018 CryptDestroyHash
0x14016c020 CryptHashData
0x14016c028 CryptCreateHash
0x14016c030 CryptGetHashParam
0x14016c038 CryptReleaseContext
0x14016c040 CryptAcquireContextA
0x14016c048 CheckTokenMembership
0x14016c050 FreeSid
0x14016c058 RegSetValueExW
0x14016c060 RegCreateKeyExW
0x14016c068 AllocateAndInitializeSid
0x14016c070 RegCloseKey
0x14016c078 RegQueryValueExW
SHELL32.dll
0x14016c600 CommandLineToArgvW
0x14016c608 ShellExecuteExW
0x14016c610 SHGetKnownFolderPath
ole32.dll
0x14016c868 CoTaskMemFree
urlmon.dll
0x14016c878 ObtainUserAgentString
WS2_32.dll
0x14016c6f8 getpeername
0x14016c700 gethostname
0x14016c708 recvfrom
0x14016c710 freeaddrinfo
0x14016c718 getaddrinfo
0x14016c720 recv
0x14016c728 listen
0x14016c730 htonl
0x14016c738 getsockname
0x14016c740 connect
0x14016c748 ind
0x14016c750 accept
0x14016c758 select
0x14016c760 __WSAFDIsSet
0x14016c768 socket
0x14016c770 htons
0x14016c778 WSAIoctl
0x14016c780 setsockopt
0x14016c788 WSACleanup
0x14016c790 WSAStartup
0x14016c798 WSASetLastError
0x14016c7a0 ntohs
0x14016c7a8 WSAGetLastError
0x14016c7b0 closesocket
0x14016c7b8 WSAWaitForMultipleEvents
0x14016c7c0 WSAResetEvent
0x14016c7c8 WSAEventSelect
0x14016c7d0 WSAEnumNetworkEvents
0x14016c7d8 WSACreateEvent
0x14016c7e0 WSACloseEvent
0x14016c7e8 send
0x14016c7f0 getsockopt
0x14016c7f8 ioctlsocket
0x14016c800 sendto
CRYPT32.dll
0x14016c088 CryptDecodeObjectEx
0x14016c090 PFXImportCertStore
0x14016c098 CryptStringToBinaryA
0x14016c0a0 CertFreeCertificateContext
0x14016c0a8 CertFindCertificateInStore
0x14016c0b0 CertEnumCertificatesInStore
0x14016c0b8 CertCloseStore
0x14016c0c0 CertOpenStore
0x14016c0c8 CertFindExtension
0x14016c0d0 CertGetNameStringA
0x14016c0d8 CryptQueryObject
0x14016c0e0 CertCreateCertificateChainEngine
0x14016c0e8 CertFreeCertificateChainEngine
0x14016c0f0 CertGetCertificateChain
0x14016c0f8 CertFreeCertificateChain
0x14016c100 CertAddCertificateContextToStore
WLDAP32.dll
0x14016c660 None
0x14016c668 None
0x14016c670 None
0x14016c678 None
0x14016c680 None
0x14016c688 None
0x14016c690 None
0x14016c698 None
0x14016c6a0 None
0x14016c6a8 None
0x14016c6b0 None
0x14016c6b8 None
0x14016c6c0 None
0x14016c6c8 None
0x14016c6d0 None
0x14016c6d8 None
0x14016c6e0 None
0x14016c6e8 None
crypt.dll
0x14016c810 BCryptGenerateSymmetricKey
0x14016c818 BCryptCreateHash
0x14016c820 BCryptGenRandom
0x14016c828 BCryptFinishHash
0x14016c830 BCryptDestroyKey
0x14016c838 BCryptDecrypt
0x14016c840 BCryptOpenAlgorithmProvider
0x14016c848 BCryptHashData
0x14016c850 BCryptDestroyHash
0x14016c858 BCryptSetProperty
EAT(Export Address Table) is none
KERNEL32.dll
0x14016c110 GetFileAttributesExW
0x14016c118 OutputDebugStringW
0x14016c120 FlushViewOfFile
0x14016c128 CreateFileA
0x14016c130 WaitForSingleObjectEx
0x14016c138 DeleteFileA
0x14016c140 DeleteFileW
0x14016c148 HeapReAlloc
0x14016c150 CloseHandle
0x14016c158 GetSystemInfo
0x14016c160 HeapAlloc
0x14016c168 HeapCompact
0x14016c170 HeapDestroy
0x14016c178 UnlockFile
0x14016c180 LocalFree
0x14016c188 LockFileEx
0x14016c190 GetFileSize
0x14016c198 DeleteCriticalSection
0x14016c1a0 GetCurrentProcessId
0x14016c1a8 GetProcessHeap
0x14016c1b0 SystemTimeToFileTime
0x14016c1b8 WideCharToMultiByte
0x14016c1c0 GetSystemTimeAsFileTime
0x14016c1c8 GetSystemTime
0x14016c1d0 FormatMessageA
0x14016c1d8 CreateFileMappingW
0x14016c1e0 MapViewOfFile
0x14016c1e8 QueryPerformanceCounter
0x14016c1f0 GetTickCount
0x14016c1f8 FlushFileBuffers
0x14016c200 CreateDirectoryW
0x14016c208 GetCurrentProcess
0x14016c210 GetUserDefaultUILanguage
0x14016c218 GetProcAddress
0x14016c220 GetModuleHandleW
0x14016c228 CopyFileW
0x14016c230 QueryFullProcessImageNameW
0x14016c238 AreFileApisANSI
0x14016c240 ReadFile
0x14016c248 TryEnterCriticalSection
0x14016c250 HeapCreate
0x14016c258 HeapFree
0x14016c260 EnterCriticalSection
0x14016c268 GetFullPathNameW
0x14016c270 WriteFile
0x14016c278 GetCurrentDirectoryW
0x14016c280 GetLastError
0x14016c288 GetDiskFreeSpaceA
0x14016c290 FormatMessageW
0x14016c298 GetTempPathA
0x14016c2a0 Sleep
0x14016c2a8 MultiByteToWideChar
0x14016c2b0 HeapSize
0x14016c2b8 HeapValidate
0x14016c2c0 ReadConsoleW
0x14016c2c8 SetEnvironmentVariableW
0x14016c2d0 FreeEnvironmentStringsW
0x14016c2d8 GetEnvironmentStringsW
0x14016c2e0 GetCommandLineW
0x14016c2e8 GetCommandLineA
0x14016c2f0 GetOEMCP
0x14016c2f8 GetACP
0x14016c300 IsValidCodePage
0x14016c308 FindNextFileW
0x14016c310 FindFirstFileExW
0x14016c318 FindClose
0x14016c320 GetTimeZoneInformation
0x14016c328 GetConsoleMode
0x14016c330 GetConsoleOutputCP
0x14016c338 EnumSystemLocalesW
0x14016c340 GetUserDefaultLCID
0x14016c348 IsValidLocale
0x14016c350 GetLocaleInfoW
0x14016c358 LCMapStringW
0x14016c360 CompareStringW
0x14016c368 GetTimeFormatW
0x14016c370 GetDateFormatW
0x14016c378 FlsFree
0x14016c380 FlsSetValue
0x14016c388 FlsGetValue
0x14016c390 FlsAlloc
0x14016c398 SetFilePointerEx
0x14016c3a0 FileTimeToSystemTime
0x14016c3a8 SystemTimeToTzSpecificLocalTime
0x14016c3b0 GetFileInformationByHandle
0x14016c3b8 GetDriveTypeW
0x14016c3c0 GetModuleFileNameW
0x14016c3c8 ExitProcess
0x14016c3d0 GetModuleHandleExW
0x14016c3d8 FreeLibraryAndExitThread
0x14016c3e0 ExitThread
0x14016c3e8 CreateThread
0x14016c3f0 SetStdHandle
0x14016c3f8 RtlUnwind
0x14016c400 UnmapViewOfFile
0x14016c408 GetCurrentThreadId
0x14016c410 GetFileAttributesW
0x14016c418 CreateFileW
0x14016c420 WaitForSingleObject
0x14016c428 CreateMutexW
0x14016c430 GetTempPathW
0x14016c438 UnlockFileEx
0x14016c440 SetEndOfFile
0x14016c448 GetFullPathNameA
0x14016c450 SetFilePointer
0x14016c458 InitializeCriticalSection
0x14016c460 LeaveCriticalSection
0x14016c468 LockFile
0x14016c470 OutputDebugStringA
0x14016c478 GetDiskFreeSpaceW
0x14016c480 GetFileAttributesA
0x14016c488 LoadLibraryExW
0x14016c490 TlsFree
0x14016c498 TlsSetValue
0x14016c4a0 TlsGetValue
0x14016c4a8 TlsAlloc
0x14016c4b0 RaiseException
0x14016c4b8 RtlPcToFileHeader
0x14016c4c0 WriteConsoleW
0x14016c4c8 RtlUnwindEx
0x14016c4d0 GetFileSizeEx
0x14016c4d8 VerifyVersionInfoW
0x14016c4e0 VerSetConditionMask
0x14016c4e8 SleepEx
0x14016c4f0 WaitForMultipleObjects
0x14016c4f8 PeekNamedPipe
0x14016c500 GetFileType
0x14016c508 GetStdHandle
0x14016c510 GetEnvironmentVariableA
0x14016c518 MoveFileExA
0x14016c520 SetLastError
0x14016c528 LoadLibraryA
0x14016c530 GetModuleHandleA
0x14016c538 FreeLibrary
0x14016c540 GetSystemDirectoryA
0x14016c548 QueryPerformanceFrequency
0x14016c550 AcquireSRWLockExclusive
0x14016c558 ReleaseSRWLockExclusive
0x14016c560 TerminateProcess
0x14016c568 InitializeCriticalSectionEx
0x14016c570 EncodePointer
0x14016c578 DecodePointer
0x14016c580 GetStringTypeW
0x14016c588 GetCPInfo
0x14016c590 InitializeCriticalSectionAndSpinCount
0x14016c598 SetEvent
0x14016c5a0 ResetEvent
0x14016c5a8 CreateEventW
0x14016c5b0 RtlCaptureContext
0x14016c5b8 RtlLookupFunctionEntry
0x14016c5c0 RtlVirtualUnwind
0x14016c5c8 IsDebuggerPresent
0x14016c5d0 UnhandledExceptionFilter
0x14016c5d8 SetUnhandledExceptionFilter
0x14016c5e0 GetStartupInfoW
0x14016c5e8 IsProcessorFeaturePresent
0x14016c5f0 InitializeSListHead
USER32.dll
0x14016c620 EnumWindows
0x14016c628 GetKeyboardLayout
0x14016c630 SwitchToThisWindow
0x14016c638 PostMessageW
0x14016c640 GetClassNameW
0x14016c648 FindWindowW
0x14016c650 GetWindowTextW
ADVAPI32.dll
0x14016c000 CryptEncrypt
0x14016c008 CryptImportKey
0x14016c010 CryptDestroyKey
0x14016c018 CryptDestroyHash
0x14016c020 CryptHashData
0x14016c028 CryptCreateHash
0x14016c030 CryptGetHashParam
0x14016c038 CryptReleaseContext
0x14016c040 CryptAcquireContextA
0x14016c048 CheckTokenMembership
0x14016c050 FreeSid
0x14016c058 RegSetValueExW
0x14016c060 RegCreateKeyExW
0x14016c068 AllocateAndInitializeSid
0x14016c070 RegCloseKey
0x14016c078 RegQueryValueExW
SHELL32.dll
0x14016c600 CommandLineToArgvW
0x14016c608 ShellExecuteExW
0x14016c610 SHGetKnownFolderPath
ole32.dll
0x14016c868 CoTaskMemFree
urlmon.dll
0x14016c878 ObtainUserAgentString
WS2_32.dll
0x14016c6f8 getpeername
0x14016c700 gethostname
0x14016c708 recvfrom
0x14016c710 freeaddrinfo
0x14016c718 getaddrinfo
0x14016c720 recv
0x14016c728 listen
0x14016c730 htonl
0x14016c738 getsockname
0x14016c740 connect
0x14016c748 ind
0x14016c750 accept
0x14016c758 select
0x14016c760 __WSAFDIsSet
0x14016c768 socket
0x14016c770 htons
0x14016c778 WSAIoctl
0x14016c780 setsockopt
0x14016c788 WSACleanup
0x14016c790 WSAStartup
0x14016c798 WSASetLastError
0x14016c7a0 ntohs
0x14016c7a8 WSAGetLastError
0x14016c7b0 closesocket
0x14016c7b8 WSAWaitForMultipleEvents
0x14016c7c0 WSAResetEvent
0x14016c7c8 WSAEventSelect
0x14016c7d0 WSAEnumNetworkEvents
0x14016c7d8 WSACreateEvent
0x14016c7e0 WSACloseEvent
0x14016c7e8 send
0x14016c7f0 getsockopt
0x14016c7f8 ioctlsocket
0x14016c800 sendto
CRYPT32.dll
0x14016c088 CryptDecodeObjectEx
0x14016c090 PFXImportCertStore
0x14016c098 CryptStringToBinaryA
0x14016c0a0 CertFreeCertificateContext
0x14016c0a8 CertFindCertificateInStore
0x14016c0b0 CertEnumCertificatesInStore
0x14016c0b8 CertCloseStore
0x14016c0c0 CertOpenStore
0x14016c0c8 CertFindExtension
0x14016c0d0 CertGetNameStringA
0x14016c0d8 CryptQueryObject
0x14016c0e0 CertCreateCertificateChainEngine
0x14016c0e8 CertFreeCertificateChainEngine
0x14016c0f0 CertGetCertificateChain
0x14016c0f8 CertFreeCertificateChain
0x14016c100 CertAddCertificateContextToStore
WLDAP32.dll
0x14016c660 None
0x14016c668 None
0x14016c670 None
0x14016c678 None
0x14016c680 None
0x14016c688 None
0x14016c690 None
0x14016c698 None
0x14016c6a0 None
0x14016c6a8 None
0x14016c6b0 None
0x14016c6b8 None
0x14016c6c0 None
0x14016c6c8 None
0x14016c6d0 None
0x14016c6d8 None
0x14016c6e0 None
0x14016c6e8 None
crypt.dll
0x14016c810 BCryptGenerateSymmetricKey
0x14016c818 BCryptCreateHash
0x14016c820 BCryptGenRandom
0x14016c828 BCryptFinishHash
0x14016c830 BCryptDestroyKey
0x14016c838 BCryptDecrypt
0x14016c840 BCryptOpenAlgorithmProvider
0x14016c848 BCryptHashData
0x14016c850 BCryptDestroyHash
0x14016c858 BCryptSetProperty
EAT(Export Address Table) is none