ScreenShot
| Created | 2023.04.27 16:45 | Machine | s1_win7_x6403 |
| Filename | Thallium.exe | ||
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 52 detected (AIDetect, malware2, DiskWriter, Fragtor, unsafe, Killmbr, V6by, malicious, confidence, 100%, ABRisk, CJHS, Attribute, HighConfidence, high confidence, score, Abobus, Sgil, AGEN, R002C0PDH23, mclg, Wacatac, Malware@#2eqgf4e35nimo, Detected, ai score=83, GdSda, CLOUD, Er8bCOSztGc, susgen) | ||
| md5 | 8edbcdafc2b2752bb2391b62e9093218 | ||
| sha256 | 3fdd327bf4c63a7b2a531571e5cb2aedf4bb57345fff941ed167181ec6de0365 | ||
| ssdeep | 384:xtNmj7gve8AWE0prvzaRsayXJ+Gij0ubE1HO0x+bIyBlkNUclTJxqh+sKlO1Nf:xtNmfl8AWE0Lh0bICl8lTJDO | ||
| imphash | 10b588c378272a13512785afbf09165f | ||
| impfuzzy | 48:RfCq1ccJ9r8ADPh3LJGVEk1koqd4rzFAQ/gB:RfCq1ccJ9rJPh3LJGGk1RqUle | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 52 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | One or more processes crashed |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | PhysicalDrive_20181001 | (no description) | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4101f4 CloseHandle
0x4101f8 CreateFileW
0x4101fc CreateThread
0x410200 DeleteCriticalSection
0x410204 EnterCriticalSection
0x410208 ExitProcess
0x41020c GetCurrentProcess
0x410210 GetCurrentProcessId
0x410214 GetCurrentThreadId
0x410218 GetLastError
0x41021c GetStartupInfoA
0x410220 GetSystemTimeAsFileTime
0x410224 GetTickCount
0x410228 InitializeCriticalSection
0x41022c LeaveCriticalSection
0x410230 QueryPerformanceCounter
0x410234 SetUnhandledExceptionFilter
0x410238 Sleep
0x41023c TerminateProcess
0x410240 TerminateThread
0x410244 TlsGetValue
0x410248 UnhandledExceptionFilter
0x41024c VirtualAlloc
0x410250 VirtualProtect
0x410254 VirtualQuery
0x410258 WriteFile
ntdll.dll
0x410260 NtRaiseHardError
0x410264 RtlAdjustPrivilege
0x410268 memcpy
0x41026c memset
0x410270 strlen
0x410274 wcslen
WINMM.DLL
0x41027c PlaySoundW
0x410280 waveOutClose
0x410284 waveOutOpen
0x410288 waveOutPrepareHeader
0x41028c waveOutUnprepareHeader
0x410290 waveOutWrite
GDI32.dll
0x410298 BitBlt
0x41029c CreateBitmap
0x4102a0 CreateCompatibleDC
0x4102a4 CreateSolidBrush
0x4102a8 DeleteObject
0x4102ac GetBitmapBits
0x4102b0 PatBlt
0x4102b4 SelectObject
0x4102b8 SetBitmapBits
0x4102bc SetBkColor
0x4102c0 SetTextColor
0x4102c4 StretchBlt
0x4102c8 TextOutW
msvcrt.dll
0x4102d0 __dllonexit
0x4102d4 __getmainargs
0x4102d8 __initenv
0x4102dc __lconv_init
0x4102e0 __set_app_type
0x4102e4 __setusermatherr
0x4102e8 _acmdln
0x4102ec _amsg_exit
0x4102f0 _cexit
0x4102f4 _fmode
0x4102f8 _initterm
0x4102fc _iob
0x410300 _lock
0x410304 _onexit
0x410308 _unlock
0x41030c abort
0x410310 calloc
0x410314 exit
0x410318 fprintf
0x41031c free
0x410320 fwrite
0x410324 malloc
0x410328 rand
0x41032c signal
0x410330 strncmp
0x410334 vfprintf
USER32.dll
0x41033c GetDC
0x410340 GetDesktopWindow
0x410344 GetSystemMetrics
0x410348 GetWindowDC
0x41034c InvalidateRect
0x410350 MessageBoxW
0x410354 ReleaseDC
EAT(Export Address Table) is none
KERNEL32.dll
0x4101f4 CloseHandle
0x4101f8 CreateFileW
0x4101fc CreateThread
0x410200 DeleteCriticalSection
0x410204 EnterCriticalSection
0x410208 ExitProcess
0x41020c GetCurrentProcess
0x410210 GetCurrentProcessId
0x410214 GetCurrentThreadId
0x410218 GetLastError
0x41021c GetStartupInfoA
0x410220 GetSystemTimeAsFileTime
0x410224 GetTickCount
0x410228 InitializeCriticalSection
0x41022c LeaveCriticalSection
0x410230 QueryPerformanceCounter
0x410234 SetUnhandledExceptionFilter
0x410238 Sleep
0x41023c TerminateProcess
0x410240 TerminateThread
0x410244 TlsGetValue
0x410248 UnhandledExceptionFilter
0x41024c VirtualAlloc
0x410250 VirtualProtect
0x410254 VirtualQuery
0x410258 WriteFile
ntdll.dll
0x410260 NtRaiseHardError
0x410264 RtlAdjustPrivilege
0x410268 memcpy
0x41026c memset
0x410270 strlen
0x410274 wcslen
WINMM.DLL
0x41027c PlaySoundW
0x410280 waveOutClose
0x410284 waveOutOpen
0x410288 waveOutPrepareHeader
0x41028c waveOutUnprepareHeader
0x410290 waveOutWrite
GDI32.dll
0x410298 BitBlt
0x41029c CreateBitmap
0x4102a0 CreateCompatibleDC
0x4102a4 CreateSolidBrush
0x4102a8 DeleteObject
0x4102ac GetBitmapBits
0x4102b0 PatBlt
0x4102b4 SelectObject
0x4102b8 SetBitmapBits
0x4102bc SetBkColor
0x4102c0 SetTextColor
0x4102c4 StretchBlt
0x4102c8 TextOutW
msvcrt.dll
0x4102d0 __dllonexit
0x4102d4 __getmainargs
0x4102d8 __initenv
0x4102dc __lconv_init
0x4102e0 __set_app_type
0x4102e4 __setusermatherr
0x4102e8 _acmdln
0x4102ec _amsg_exit
0x4102f0 _cexit
0x4102f4 _fmode
0x4102f8 _initterm
0x4102fc _iob
0x410300 _lock
0x410304 _onexit
0x410308 _unlock
0x41030c abort
0x410310 calloc
0x410314 exit
0x410318 fprintf
0x41031c free
0x410320 fwrite
0x410324 malloc
0x410328 rand
0x41032c signal
0x410330 strncmp
0x410334 vfprintf
USER32.dll
0x41033c GetDC
0x410340 GetDesktopWindow
0x410344 GetSystemMetrics
0x410348 GetWindowDC
0x41034c InvalidateRect
0x410350 MessageBoxW
0x410354 ReleaseDC
EAT(Export Address Table) is none