ScreenShot
| Created | 2023.04.25 17:51 | Machine | s1_win7_x6403 |
| Filename | 4496vTvIHfMUrCXRfmmfIKPViTIY.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 38 detected (Mikey, Malicious, score, unsafe, V3x7, TrojanPSW, MalwareX, confidence, Kryptik, Eldorado, Attribute, HighConfidence, moderate confidence, Agen, Vdkl, BrowseFox, Wacatac, Sabsik, Detected, Artemis, ai score=82, kpRjsb6V97B, susgen) | ||
| md5 | 472582241e1d476578bd3b4dd159fd52 | ||
| sha256 | 8c2f279f19084c2f3e22142293aa362052d74122a46d0bcb8bed5abf3b6c697c | ||
| ssdeep | 24576:bWQ2euysaEizverUghVHRHrWf8RBNOaGChKKmvmC1bV0T2A8kZZzXTVqb85GLcTl:igEQ2YghPHrWf8tGCMKm904kZZ1b5G | ||
| imphash | 0e6e7a2a71494ed0e171c50470a6666b | ||
| impfuzzy | 96:+776E1xQJmD6CCBttYnc0aO1GaQRWbPAtDCfTlqKaci5wKK42a:+7dd6Ltsa8jaWQwTD4K42a | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 38 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14016d118 OutputDebugStringW
0x14016d120 FlushViewOfFile
0x14016d128 CreateFileA
0x14016d130 WaitForSingleObjectEx
0x14016d138 DeleteFileA
0x14016d140 DeleteFileW
0x14016d148 HeapReAlloc
0x14016d150 CloseHandle
0x14016d158 GetSystemInfo
0x14016d160 HeapAlloc
0x14016d168 HeapCompact
0x14016d170 HeapDestroy
0x14016d178 UnlockFile
0x14016d180 LocalFree
0x14016d188 LockFileEx
0x14016d190 GetFileSize
0x14016d198 DeleteCriticalSection
0x14016d1a0 GetCurrentProcessId
0x14016d1a8 GetProcessHeap
0x14016d1b0 SystemTimeToFileTime
0x14016d1b8 WideCharToMultiByte
0x14016d1c0 GetSystemTimeAsFileTime
0x14016d1c8 GetSystemTime
0x14016d1d0 FormatMessageA
0x14016d1d8 CreateFileMappingW
0x14016d1e0 MapViewOfFile
0x14016d1e8 QueryPerformanceCounter
0x14016d1f0 GetTickCount
0x14016d1f8 FlushFileBuffers
0x14016d200 CreateDirectoryW
0x14016d208 GetCurrentProcess
0x14016d210 GetUserDefaultUILanguage
0x14016d218 GetProcAddress
0x14016d220 GetModuleHandleW
0x14016d228 CopyFileW
0x14016d230 QueryFullProcessImageNameW
0x14016d238 GetComputerNameA
0x14016d240 AreFileApisANSI
0x14016d248 ReadFile
0x14016d250 TryEnterCriticalSection
0x14016d258 HeapCreate
0x14016d260 HeapFree
0x14016d268 EnterCriticalSection
0x14016d270 GetFullPathNameW
0x14016d278 WriteFile
0x14016d280 GetCurrentDirectoryW
0x14016d288 GetFileAttributesA
0x14016d290 GetLastError
0x14016d298 GetDiskFreeSpaceA
0x14016d2a0 FormatMessageW
0x14016d2a8 GetTempPathA
0x14016d2b0 Sleep
0x14016d2b8 MultiByteToWideChar
0x14016d2c0 HeapSize
0x14016d2c8 HeapValidate
0x14016d2d0 ReadConsoleW
0x14016d2d8 SetEnvironmentVariableW
0x14016d2e0 FreeEnvironmentStringsW
0x14016d2e8 GetEnvironmentStringsW
0x14016d2f0 GetCommandLineW
0x14016d2f8 GetCommandLineA
0x14016d300 GetOEMCP
0x14016d308 GetACP
0x14016d310 IsValidCodePage
0x14016d318 FindNextFileW
0x14016d320 FindFirstFileExW
0x14016d328 FindClose
0x14016d330 GetTimeZoneInformation
0x14016d338 GetConsoleMode
0x14016d340 GetConsoleOutputCP
0x14016d348 EnumSystemLocalesW
0x14016d350 GetUserDefaultLCID
0x14016d358 IsValidLocale
0x14016d360 GetLocaleInfoW
0x14016d368 LCMapStringW
0x14016d370 CompareStringW
0x14016d378 GetTimeFormatW
0x14016d380 GetDateFormatW
0x14016d388 FlsFree
0x14016d390 FlsSetValue
0x14016d398 FlsGetValue
0x14016d3a0 FlsAlloc
0x14016d3a8 SetFilePointerEx
0x14016d3b0 FileTimeToSystemTime
0x14016d3b8 SystemTimeToTzSpecificLocalTime
0x14016d3c0 GetFileInformationByHandle
0x14016d3c8 GetDriveTypeW
0x14016d3d0 GetModuleFileNameW
0x14016d3d8 ExitProcess
0x14016d3e0 GetModuleHandleExW
0x14016d3e8 FreeLibraryAndExitThread
0x14016d3f0 ExitThread
0x14016d3f8 CreateThread
0x14016d400 SetStdHandle
0x14016d408 RtlUnwind
0x14016d410 UnmapViewOfFile
0x14016d418 GetCurrentThreadId
0x14016d420 GetFileAttributesW
0x14016d428 CreateFileW
0x14016d430 WaitForSingleObject
0x14016d438 CreateMutexW
0x14016d440 GetTempPathW
0x14016d448 UnlockFileEx
0x14016d450 SetEndOfFile
0x14016d458 GetFullPathNameA
0x14016d460 SetFilePointer
0x14016d468 InitializeCriticalSection
0x14016d470 LeaveCriticalSection
0x14016d478 LockFile
0x14016d480 OutputDebugStringA
0x14016d488 GetDiskFreeSpaceW
0x14016d490 GetFileAttributesExW
0x14016d498 LoadLibraryExW
0x14016d4a0 TlsFree
0x14016d4a8 TlsSetValue
0x14016d4b0 TlsGetValue
0x14016d4b8 TlsAlloc
0x14016d4c0 RaiseException
0x14016d4c8 WriteConsoleW
0x14016d4d0 RtlPcToFileHeader
0x14016d4d8 RtlUnwindEx
0x14016d4e0 GetFileSizeEx
0x14016d4e8 VerifyVersionInfoW
0x14016d4f0 VerSetConditionMask
0x14016d4f8 SleepEx
0x14016d500 WaitForMultipleObjects
0x14016d508 PeekNamedPipe
0x14016d510 GetFileType
0x14016d518 GetStdHandle
0x14016d520 GetEnvironmentVariableA
0x14016d528 MoveFileExA
0x14016d530 SetLastError
0x14016d538 LoadLibraryA
0x14016d540 GetModuleHandleA
0x14016d548 FreeLibrary
0x14016d550 GetSystemDirectoryA
0x14016d558 QueryPerformanceFrequency
0x14016d560 AcquireSRWLockExclusive
0x14016d568 ReleaseSRWLockExclusive
0x14016d570 TerminateProcess
0x14016d578 InitializeCriticalSectionEx
0x14016d580 EncodePointer
0x14016d588 DecodePointer
0x14016d590 GetStringTypeW
0x14016d598 GetCPInfo
0x14016d5a0 InitializeCriticalSectionAndSpinCount
0x14016d5a8 SetEvent
0x14016d5b0 ResetEvent
0x14016d5b8 CreateEventW
0x14016d5c0 RtlCaptureContext
0x14016d5c8 RtlLookupFunctionEntry
0x14016d5d0 RtlVirtualUnwind
0x14016d5d8 IsDebuggerPresent
0x14016d5e0 UnhandledExceptionFilter
0x14016d5e8 SetUnhandledExceptionFilter
0x14016d5f0 GetStartupInfoW
0x14016d5f8 IsProcessorFeaturePresent
0x14016d600 InitializeSListHead
USER32.dll
0x14016d630 EnumWindows
0x14016d638 GetKeyboardLayout
0x14016d640 SwitchToThisWindow
0x14016d648 PostMessageW
0x14016d650 GetClassNameW
0x14016d658 FindWindowW
0x14016d660 GetWindowTextW
ADVAPI32.dll
0x14016d000 CryptEncrypt
0x14016d008 CryptImportKey
0x14016d010 CryptDestroyKey
0x14016d018 CryptDestroyHash
0x14016d020 CryptHashData
0x14016d028 CryptCreateHash
0x14016d030 CryptGetHashParam
0x14016d038 CryptReleaseContext
0x14016d040 CryptAcquireContextA
0x14016d048 RegOpenKeyExW
0x14016d050 CheckTokenMembership
0x14016d058 FreeSid
0x14016d060 RegSetValueExW
0x14016d068 RegCreateKeyExW
0x14016d070 AllocateAndInitializeSid
0x14016d078 RegCloseKey
0x14016d080 RegQueryValueExW
SHELL32.dll
0x14016d610 CommandLineToArgvW
0x14016d618 ShellExecuteExW
0x14016d620 SHGetKnownFolderPath
ole32.dll
0x14016d878 CoTaskMemFree
urlmon.dll
0x14016d888 ObtainUserAgentString
WS2_32.dll
0x14016d708 getpeername
0x14016d710 gethostname
0x14016d718 recvfrom
0x14016d720 freeaddrinfo
0x14016d728 getaddrinfo
0x14016d730 recv
0x14016d738 listen
0x14016d740 htonl
0x14016d748 getsockname
0x14016d750 connect
0x14016d758 ind
0x14016d760 accept
0x14016d768 select
0x14016d770 __WSAFDIsSet
0x14016d778 socket
0x14016d780 htons
0x14016d788 WSAIoctl
0x14016d790 setsockopt
0x14016d798 WSACleanup
0x14016d7a0 WSAStartup
0x14016d7a8 WSASetLastError
0x14016d7b0 ntohs
0x14016d7b8 WSAGetLastError
0x14016d7c0 closesocket
0x14016d7c8 WSAWaitForMultipleEvents
0x14016d7d0 WSAResetEvent
0x14016d7d8 WSAEventSelect
0x14016d7e0 WSAEnumNetworkEvents
0x14016d7e8 WSACreateEvent
0x14016d7f0 WSACloseEvent
0x14016d7f8 send
0x14016d800 getsockopt
0x14016d808 ioctlsocket
0x14016d810 sendto
CRYPT32.dll
0x14016d090 PFXImportCertStore
0x14016d098 CryptStringToBinaryA
0x14016d0a0 CertFreeCertificateContext
0x14016d0a8 CertFindCertificateInStore
0x14016d0b0 CertEnumCertificatesInStore
0x14016d0b8 CertCloseStore
0x14016d0c0 CertOpenStore
0x14016d0c8 CertAddCertificateContextToStore
0x14016d0d0 CertFindExtension
0x14016d0d8 CertGetNameStringA
0x14016d0e0 CryptQueryObject
0x14016d0e8 CertCreateCertificateChainEngine
0x14016d0f0 CertFreeCertificateChainEngine
0x14016d0f8 CertGetCertificateChain
0x14016d100 CertFreeCertificateChain
0x14016d108 CryptDecodeObjectEx
WLDAP32.dll
0x14016d670 None
0x14016d678 None
0x14016d680 None
0x14016d688 None
0x14016d690 None
0x14016d698 None
0x14016d6a0 None
0x14016d6a8 None
0x14016d6b0 None
0x14016d6b8 None
0x14016d6c0 None
0x14016d6c8 None
0x14016d6d0 None
0x14016d6d8 None
0x14016d6e0 None
0x14016d6e8 None
0x14016d6f0 None
0x14016d6f8 None
crypt.dll
0x14016d820 BCryptGenerateSymmetricKey
0x14016d828 BCryptCreateHash
0x14016d830 BCryptGenRandom
0x14016d838 BCryptFinishHash
0x14016d840 BCryptDestroyKey
0x14016d848 BCryptDecrypt
0x14016d850 BCryptOpenAlgorithmProvider
0x14016d858 BCryptHashData
0x14016d860 BCryptDestroyHash
0x14016d868 BCryptSetProperty
EAT(Export Address Table) is none
KERNEL32.dll
0x14016d118 OutputDebugStringW
0x14016d120 FlushViewOfFile
0x14016d128 CreateFileA
0x14016d130 WaitForSingleObjectEx
0x14016d138 DeleteFileA
0x14016d140 DeleteFileW
0x14016d148 HeapReAlloc
0x14016d150 CloseHandle
0x14016d158 GetSystemInfo
0x14016d160 HeapAlloc
0x14016d168 HeapCompact
0x14016d170 HeapDestroy
0x14016d178 UnlockFile
0x14016d180 LocalFree
0x14016d188 LockFileEx
0x14016d190 GetFileSize
0x14016d198 DeleteCriticalSection
0x14016d1a0 GetCurrentProcessId
0x14016d1a8 GetProcessHeap
0x14016d1b0 SystemTimeToFileTime
0x14016d1b8 WideCharToMultiByte
0x14016d1c0 GetSystemTimeAsFileTime
0x14016d1c8 GetSystemTime
0x14016d1d0 FormatMessageA
0x14016d1d8 CreateFileMappingW
0x14016d1e0 MapViewOfFile
0x14016d1e8 QueryPerformanceCounter
0x14016d1f0 GetTickCount
0x14016d1f8 FlushFileBuffers
0x14016d200 CreateDirectoryW
0x14016d208 GetCurrentProcess
0x14016d210 GetUserDefaultUILanguage
0x14016d218 GetProcAddress
0x14016d220 GetModuleHandleW
0x14016d228 CopyFileW
0x14016d230 QueryFullProcessImageNameW
0x14016d238 GetComputerNameA
0x14016d240 AreFileApisANSI
0x14016d248 ReadFile
0x14016d250 TryEnterCriticalSection
0x14016d258 HeapCreate
0x14016d260 HeapFree
0x14016d268 EnterCriticalSection
0x14016d270 GetFullPathNameW
0x14016d278 WriteFile
0x14016d280 GetCurrentDirectoryW
0x14016d288 GetFileAttributesA
0x14016d290 GetLastError
0x14016d298 GetDiskFreeSpaceA
0x14016d2a0 FormatMessageW
0x14016d2a8 GetTempPathA
0x14016d2b0 Sleep
0x14016d2b8 MultiByteToWideChar
0x14016d2c0 HeapSize
0x14016d2c8 HeapValidate
0x14016d2d0 ReadConsoleW
0x14016d2d8 SetEnvironmentVariableW
0x14016d2e0 FreeEnvironmentStringsW
0x14016d2e8 GetEnvironmentStringsW
0x14016d2f0 GetCommandLineW
0x14016d2f8 GetCommandLineA
0x14016d300 GetOEMCP
0x14016d308 GetACP
0x14016d310 IsValidCodePage
0x14016d318 FindNextFileW
0x14016d320 FindFirstFileExW
0x14016d328 FindClose
0x14016d330 GetTimeZoneInformation
0x14016d338 GetConsoleMode
0x14016d340 GetConsoleOutputCP
0x14016d348 EnumSystemLocalesW
0x14016d350 GetUserDefaultLCID
0x14016d358 IsValidLocale
0x14016d360 GetLocaleInfoW
0x14016d368 LCMapStringW
0x14016d370 CompareStringW
0x14016d378 GetTimeFormatW
0x14016d380 GetDateFormatW
0x14016d388 FlsFree
0x14016d390 FlsSetValue
0x14016d398 FlsGetValue
0x14016d3a0 FlsAlloc
0x14016d3a8 SetFilePointerEx
0x14016d3b0 FileTimeToSystemTime
0x14016d3b8 SystemTimeToTzSpecificLocalTime
0x14016d3c0 GetFileInformationByHandle
0x14016d3c8 GetDriveTypeW
0x14016d3d0 GetModuleFileNameW
0x14016d3d8 ExitProcess
0x14016d3e0 GetModuleHandleExW
0x14016d3e8 FreeLibraryAndExitThread
0x14016d3f0 ExitThread
0x14016d3f8 CreateThread
0x14016d400 SetStdHandle
0x14016d408 RtlUnwind
0x14016d410 UnmapViewOfFile
0x14016d418 GetCurrentThreadId
0x14016d420 GetFileAttributesW
0x14016d428 CreateFileW
0x14016d430 WaitForSingleObject
0x14016d438 CreateMutexW
0x14016d440 GetTempPathW
0x14016d448 UnlockFileEx
0x14016d450 SetEndOfFile
0x14016d458 GetFullPathNameA
0x14016d460 SetFilePointer
0x14016d468 InitializeCriticalSection
0x14016d470 LeaveCriticalSection
0x14016d478 LockFile
0x14016d480 OutputDebugStringA
0x14016d488 GetDiskFreeSpaceW
0x14016d490 GetFileAttributesExW
0x14016d498 LoadLibraryExW
0x14016d4a0 TlsFree
0x14016d4a8 TlsSetValue
0x14016d4b0 TlsGetValue
0x14016d4b8 TlsAlloc
0x14016d4c0 RaiseException
0x14016d4c8 WriteConsoleW
0x14016d4d0 RtlPcToFileHeader
0x14016d4d8 RtlUnwindEx
0x14016d4e0 GetFileSizeEx
0x14016d4e8 VerifyVersionInfoW
0x14016d4f0 VerSetConditionMask
0x14016d4f8 SleepEx
0x14016d500 WaitForMultipleObjects
0x14016d508 PeekNamedPipe
0x14016d510 GetFileType
0x14016d518 GetStdHandle
0x14016d520 GetEnvironmentVariableA
0x14016d528 MoveFileExA
0x14016d530 SetLastError
0x14016d538 LoadLibraryA
0x14016d540 GetModuleHandleA
0x14016d548 FreeLibrary
0x14016d550 GetSystemDirectoryA
0x14016d558 QueryPerformanceFrequency
0x14016d560 AcquireSRWLockExclusive
0x14016d568 ReleaseSRWLockExclusive
0x14016d570 TerminateProcess
0x14016d578 InitializeCriticalSectionEx
0x14016d580 EncodePointer
0x14016d588 DecodePointer
0x14016d590 GetStringTypeW
0x14016d598 GetCPInfo
0x14016d5a0 InitializeCriticalSectionAndSpinCount
0x14016d5a8 SetEvent
0x14016d5b0 ResetEvent
0x14016d5b8 CreateEventW
0x14016d5c0 RtlCaptureContext
0x14016d5c8 RtlLookupFunctionEntry
0x14016d5d0 RtlVirtualUnwind
0x14016d5d8 IsDebuggerPresent
0x14016d5e0 UnhandledExceptionFilter
0x14016d5e8 SetUnhandledExceptionFilter
0x14016d5f0 GetStartupInfoW
0x14016d5f8 IsProcessorFeaturePresent
0x14016d600 InitializeSListHead
USER32.dll
0x14016d630 EnumWindows
0x14016d638 GetKeyboardLayout
0x14016d640 SwitchToThisWindow
0x14016d648 PostMessageW
0x14016d650 GetClassNameW
0x14016d658 FindWindowW
0x14016d660 GetWindowTextW
ADVAPI32.dll
0x14016d000 CryptEncrypt
0x14016d008 CryptImportKey
0x14016d010 CryptDestroyKey
0x14016d018 CryptDestroyHash
0x14016d020 CryptHashData
0x14016d028 CryptCreateHash
0x14016d030 CryptGetHashParam
0x14016d038 CryptReleaseContext
0x14016d040 CryptAcquireContextA
0x14016d048 RegOpenKeyExW
0x14016d050 CheckTokenMembership
0x14016d058 FreeSid
0x14016d060 RegSetValueExW
0x14016d068 RegCreateKeyExW
0x14016d070 AllocateAndInitializeSid
0x14016d078 RegCloseKey
0x14016d080 RegQueryValueExW
SHELL32.dll
0x14016d610 CommandLineToArgvW
0x14016d618 ShellExecuteExW
0x14016d620 SHGetKnownFolderPath
ole32.dll
0x14016d878 CoTaskMemFree
urlmon.dll
0x14016d888 ObtainUserAgentString
WS2_32.dll
0x14016d708 getpeername
0x14016d710 gethostname
0x14016d718 recvfrom
0x14016d720 freeaddrinfo
0x14016d728 getaddrinfo
0x14016d730 recv
0x14016d738 listen
0x14016d740 htonl
0x14016d748 getsockname
0x14016d750 connect
0x14016d758 ind
0x14016d760 accept
0x14016d768 select
0x14016d770 __WSAFDIsSet
0x14016d778 socket
0x14016d780 htons
0x14016d788 WSAIoctl
0x14016d790 setsockopt
0x14016d798 WSACleanup
0x14016d7a0 WSAStartup
0x14016d7a8 WSASetLastError
0x14016d7b0 ntohs
0x14016d7b8 WSAGetLastError
0x14016d7c0 closesocket
0x14016d7c8 WSAWaitForMultipleEvents
0x14016d7d0 WSAResetEvent
0x14016d7d8 WSAEventSelect
0x14016d7e0 WSAEnumNetworkEvents
0x14016d7e8 WSACreateEvent
0x14016d7f0 WSACloseEvent
0x14016d7f8 send
0x14016d800 getsockopt
0x14016d808 ioctlsocket
0x14016d810 sendto
CRYPT32.dll
0x14016d090 PFXImportCertStore
0x14016d098 CryptStringToBinaryA
0x14016d0a0 CertFreeCertificateContext
0x14016d0a8 CertFindCertificateInStore
0x14016d0b0 CertEnumCertificatesInStore
0x14016d0b8 CertCloseStore
0x14016d0c0 CertOpenStore
0x14016d0c8 CertAddCertificateContextToStore
0x14016d0d0 CertFindExtension
0x14016d0d8 CertGetNameStringA
0x14016d0e0 CryptQueryObject
0x14016d0e8 CertCreateCertificateChainEngine
0x14016d0f0 CertFreeCertificateChainEngine
0x14016d0f8 CertGetCertificateChain
0x14016d100 CertFreeCertificateChain
0x14016d108 CryptDecodeObjectEx
WLDAP32.dll
0x14016d670 None
0x14016d678 None
0x14016d680 None
0x14016d688 None
0x14016d690 None
0x14016d698 None
0x14016d6a0 None
0x14016d6a8 None
0x14016d6b0 None
0x14016d6b8 None
0x14016d6c0 None
0x14016d6c8 None
0x14016d6d0 None
0x14016d6d8 None
0x14016d6e0 None
0x14016d6e8 None
0x14016d6f0 None
0x14016d6f8 None
crypt.dll
0x14016d820 BCryptGenerateSymmetricKey
0x14016d828 BCryptCreateHash
0x14016d830 BCryptGenRandom
0x14016d838 BCryptFinishHash
0x14016d840 BCryptDestroyKey
0x14016d848 BCryptDecrypt
0x14016d850 BCryptOpenAlgorithmProvider
0x14016d858 BCryptHashData
0x14016d860 BCryptDestroyHash
0x14016d868 BCryptSetProperty
EAT(Export Address Table) is none