ScreenShot
| Created | 2023.04.28 09:10 | Machine | s1_win7_x6401 |
| Filename | ads.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 12 detected (AIDetectMalware, malicious, high confidence, Artemis, grayware, confidence, ZexaF, KqW@aWfUwri, score, CoinMiner, Casdet, unsafe, Generic@AI, RDML, 6CuGhmdCs0h3xcUHU+xOwg) | ||
| md5 | cd675f6fa51e9a1bca95f3eb11c78fc2 | ||
| sha256 | 30db12742dfdfa1551ea1001dfd45124be0bfb183e4204a9e7eeee1dee29eed6 | ||
| ssdeep | 6144:MTOuy+iTPC6i7u+W/XkbZpOXYicJMYgTsGSH8BZImxw+V2oUg8lLLtoatc:qes4kkBTHb7Wq | ||
| imphash | bc995d314526062de9c69ce50fed50d5 | ||
| impfuzzy | 24:hrOov0JKh+fXDBvelEu7XZaN8Xcbv2GZ2jMbyOjzaglhcETQ54RMI1HtD4sBd:Aameeu7kSXcXZsePS5499F | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | Detects Avast Antivirus through the presence of a library |
| watch | File has been identified by 12 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x472058 HeapCreate
0x47205c GetTickCount
0x472060 GetCommandLineA
0x472064 IsProcessorFeaturePresent
0x472068 SetLastError
0x47206c InterlockedDecrement
0x472070 GetCurrentThreadId
0x472074 IsDebuggerPresent
0x472078 EncodePointer
0x47207c DecodePointer
0x472080 GetModuleHandleExW
0x472084 GetProcAddress
0x472088 GetStdHandle
0x47208c WriteFile
0x472090 GetFileType
0x472094 InitializeCriticalSectionAndSpinCount
0x472098 DeleteCriticalSection
0x47209c InitOnceExecuteOnce
0x4720a0 GetStartupInfoW
0x4720a4 GetModuleFileNameA
0x4720a8 QueryPerformanceCounter
0x4720ac GetSystemTimeAsFileTime
0x4720b0 GetTickCount64
0x4720b4 GetEnvironmentStringsW
0x4720b8 FreeEnvironmentStringsW
0x4720bc UnhandledExceptionFilter
0x4720c0 FlsAlloc
0x4720c4 FlsGetValue
0x4720c8 FlsSetValue
0x4720cc FlsFree
0x4720d0 SetUnhandledExceptionFilter
0x4720d4 EnterCriticalSection
0x4720d8 LeaveCriticalSection
0x4720dc Sleep
0x4720e0 IsValidCodePage
0x4720e4 GetACP
0x4720e8 GetOEMCP
0x4720ec GetCPInfo
0x4720f0 LoadLibraryExW
0x4720f4 OutputDebugStringW
0x4720f8 LoadLibraryW
0x4720fc RtlUnwind
0x472100 HeapReAlloc
0x472104 GetStringTypeW
0x472108 HeapSize
0x47210c LCMapStringEx
0x472110 FlushFileBuffers
0x472114 GetConsoleCP
0x472118 GetConsoleMode
0x47211c SetStdHandle
0x472120 SetFilePointerEx
0x472124 WriteConsoleW
0x472128 OutputDebugStringA
0x47212c WaitForSingleObject
0x472130 IsBadWritePtr
0x472134 HeapDestroy
0x472138 CreateEventW
0x47213c ExitProcess
0x472140 GetLastError
0x472144 WideCharToMultiByte
0x472148 CreateFileW
0x47214c ReadFile
0x472150 CloseHandle
0x472154 GetCurrentProcess
0x472158 MultiByteToWideChar
0x47215c GetModuleHandleW
0x472160 InterlockedIncrement
0x472164 GetModuleFileNameW
0x472168 lstrlenW
0x47216c HeapFree
0x472170 MulDiv
0x472174 GetProcessHeap
0x472178 TerminateProcess
0x47217c HeapAlloc
USER32.dll
0x47218c ReleaseDC
0x472190 GetDC
0x472194 GetSystemMetrics
ADVAPI32.dll
0x472000 RegCloseKey
0x472004 RegOpenKeyExW
0x472008 RegQueryValueExW
GDI32.dll
0x472010 StretchBlt
0x472014 SelectObject
0x472018 CreateCompatibleDC
0x47201c CreateCompatibleBitmap
0x472020 SelectClipRgn
0x472024 LineTo
0x472028 SetStretchBltMode
0x47202c MoveToEx
0x472030 GetDeviceCaps
0x472034 ExtTextOutW
0x472038 TextOutW
0x47203c BitBlt
0x472040 ExtSelectClipRgn
0x472044 DeleteDC
0x472048 DeleteObject
0x47204c GdiFlush
0x472050 CreateDIBSection
WINMM.dll
0x47219c waveOutOpen
0x4721a0 waveOutClose
0x4721a4 waveOutGetVolume
0x4721a8 PlaySoundW
MSIMG32.dll
0x472184 GradientFill
EAT(Export Address Table) is none
KERNEL32.dll
0x472058 HeapCreate
0x47205c GetTickCount
0x472060 GetCommandLineA
0x472064 IsProcessorFeaturePresent
0x472068 SetLastError
0x47206c InterlockedDecrement
0x472070 GetCurrentThreadId
0x472074 IsDebuggerPresent
0x472078 EncodePointer
0x47207c DecodePointer
0x472080 GetModuleHandleExW
0x472084 GetProcAddress
0x472088 GetStdHandle
0x47208c WriteFile
0x472090 GetFileType
0x472094 InitializeCriticalSectionAndSpinCount
0x472098 DeleteCriticalSection
0x47209c InitOnceExecuteOnce
0x4720a0 GetStartupInfoW
0x4720a4 GetModuleFileNameA
0x4720a8 QueryPerformanceCounter
0x4720ac GetSystemTimeAsFileTime
0x4720b0 GetTickCount64
0x4720b4 GetEnvironmentStringsW
0x4720b8 FreeEnvironmentStringsW
0x4720bc UnhandledExceptionFilter
0x4720c0 FlsAlloc
0x4720c4 FlsGetValue
0x4720c8 FlsSetValue
0x4720cc FlsFree
0x4720d0 SetUnhandledExceptionFilter
0x4720d4 EnterCriticalSection
0x4720d8 LeaveCriticalSection
0x4720dc Sleep
0x4720e0 IsValidCodePage
0x4720e4 GetACP
0x4720e8 GetOEMCP
0x4720ec GetCPInfo
0x4720f0 LoadLibraryExW
0x4720f4 OutputDebugStringW
0x4720f8 LoadLibraryW
0x4720fc RtlUnwind
0x472100 HeapReAlloc
0x472104 GetStringTypeW
0x472108 HeapSize
0x47210c LCMapStringEx
0x472110 FlushFileBuffers
0x472114 GetConsoleCP
0x472118 GetConsoleMode
0x47211c SetStdHandle
0x472120 SetFilePointerEx
0x472124 WriteConsoleW
0x472128 OutputDebugStringA
0x47212c WaitForSingleObject
0x472130 IsBadWritePtr
0x472134 HeapDestroy
0x472138 CreateEventW
0x47213c ExitProcess
0x472140 GetLastError
0x472144 WideCharToMultiByte
0x472148 CreateFileW
0x47214c ReadFile
0x472150 CloseHandle
0x472154 GetCurrentProcess
0x472158 MultiByteToWideChar
0x47215c GetModuleHandleW
0x472160 InterlockedIncrement
0x472164 GetModuleFileNameW
0x472168 lstrlenW
0x47216c HeapFree
0x472170 MulDiv
0x472174 GetProcessHeap
0x472178 TerminateProcess
0x47217c HeapAlloc
USER32.dll
0x47218c ReleaseDC
0x472190 GetDC
0x472194 GetSystemMetrics
ADVAPI32.dll
0x472000 RegCloseKey
0x472004 RegOpenKeyExW
0x472008 RegQueryValueExW
GDI32.dll
0x472010 StretchBlt
0x472014 SelectObject
0x472018 CreateCompatibleDC
0x47201c CreateCompatibleBitmap
0x472020 SelectClipRgn
0x472024 LineTo
0x472028 SetStretchBltMode
0x47202c MoveToEx
0x472030 GetDeviceCaps
0x472034 ExtTextOutW
0x472038 TextOutW
0x47203c BitBlt
0x472040 ExtSelectClipRgn
0x472044 DeleteDC
0x472048 DeleteObject
0x47204c GdiFlush
0x472050 CreateDIBSection
WINMM.dll
0x47219c waveOutOpen
0x4721a0 waveOutClose
0x4721a4 waveOutGetVolume
0x4721a8 PlaySoundW
MSIMG32.dll
0x472184 GradientFill
EAT(Export Address Table) is none