ScreenShot
| Created | 2023.05.03 09:31 | Machine | s1_win7_x6401 |
| Filename | v1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 49 detected (AIDetectMalware, Strab, Jaik, unsafe, Save, malicious, high confidence, GenKryptik, GJED, score, GenericKD, jvwbpx, DropperX, FalseSign, Zmhl, Kryptik, iayeg, VIDAR, YXDEAZ, Artemis, Krypt, Sabsik, Casdet, Detected, ai score=80, BScope, TrojanPSW, RedLine, Chgt, AveMaria, gPYSJezLNfH, Static AI, Suspicious PE, susgen, ZexaF, JvX@aOIJKZeG, confidence, 100%) | ||
| md5 | 2d1952dc0776774b3d9366412a44de4d | ||
| sha256 | 45ac86c9c4501113f3912d513270d66a5c7bf5a6edb0a89fbb23965271b1049f | ||
| ssdeep | 49152:FNwP4UmS2Wa0NwUKx6Zke9JlFRVtrq5cj0d:3wQrS2WQUKx6Zk0p2X | ||
| imphash | 5dbd4b53304dc2aae0c97e1295bb4e1e | ||
| impfuzzy | 48:nZCypVOjBX8tMS175c+ppQycR3AmA2zwSvRGryzzeAV/rzvN:ZCsV0BX8tMS175c+ppQy4p5 | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 49 AntiVirus engines on VirusTotal as malicious |
| watch | One or more of the buffers contains an embedded PE file |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | One or more potentially interesting buffers were extracted |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x54a000 SizeofResource
0x54a004 GetSystemDefaultLCID
0x54a008 SetLastError
0x54a00c lstrlenW
0x54a010 GetFullPathNameA
0x54a014 lstrlenA
0x54a018 LocalAlloc
0x54a01c lstrcmpA
0x54a020 GetModuleHandleA
0x54a024 IsValidCodePage
0x54a028 CompareStringA
0x54a02c DeleteFileW
0x54a030 LoadResource
0x54a034 GetCurrentProcessorNumber
0x54a038 GetProcAddress
0x54a03c CreateFileMappingA
0x54a040 GetProcessHeap
0x54a044 GlobalMemoryStatusEx
0x54a048 CreateRemoteThread
0x54a04c SetThreadContext
0x54a050 OpenThread
0x54a054 CloseHandle
0x54a058 DecodePointer
0x54a05c GetConsoleMode
0x54a060 GetConsoleOutputCP
0x54a064 FlushFileBuffers
0x54a068 SetFilePointerEx
0x54a06c WriteConsoleW
0x54a070 HeapQueryInformation
0x54a074 HeapSize
0x54a078 HeapReAlloc
0x54a07c HeapFree
0x54a080 LCMapStringW
0x54a084 UnhandledExceptionFilter
0x54a088 SetUnhandledExceptionFilter
0x54a08c GetCurrentProcess
0x54a090 TerminateProcess
0x54a094 IsProcessorFeaturePresent
0x54a098 QueryPerformanceCounter
0x54a09c GetCurrentProcessId
0x54a0a0 GetCurrentThreadId
0x54a0a4 GetSystemTimeAsFileTime
0x54a0a8 InitializeSListHead
0x54a0ac IsDebuggerPresent
0x54a0b0 GetStartupInfoW
0x54a0b4 GetModuleHandleW
0x54a0b8 RtlUnwind
0x54a0bc GetLastError
0x54a0c0 EnterCriticalSection
0x54a0c4 LeaveCriticalSection
0x54a0c8 DeleteCriticalSection
0x54a0cc InitializeCriticalSectionAndSpinCount
0x54a0d0 TlsAlloc
0x54a0d4 TlsGetValue
0x54a0d8 TlsSetValue
0x54a0dc TlsFree
0x54a0e0 FreeLibrary
0x54a0e4 LoadLibraryExW
0x54a0e8 EncodePointer
0x54a0ec RaiseException
0x54a0f0 GetStdHandle
0x54a0f4 WriteFile
0x54a0f8 GetModuleFileNameW
0x54a0fc ExitProcess
0x54a100 GetModuleHandleExW
0x54a104 HeapAlloc
0x54a108 HeapValidate
0x54a10c GetSystemInfo
0x54a110 OutputDebugStringW
0x54a114 FindClose
0x54a118 FindFirstFileExW
0x54a11c FindNextFileW
0x54a120 GetACP
0x54a124 GetOEMCP
0x54a128 GetCPInfo
0x54a12c GetCommandLineA
0x54a130 GetCommandLineW
0x54a134 MultiByteToWideChar
0x54a138 WideCharToMultiByte
0x54a13c GetEnvironmentStringsW
0x54a140 FreeEnvironmentStringsW
0x54a144 SetStdHandle
0x54a148 GetFileType
0x54a14c GetStringTypeW
0x54a150 CreateFileW
USER32.dll
0x54a158 OpenIcon
0x54a15c GetFocus
0x54a160 FillRect
0x54a164 EndDialog
0x54a168 GetCapture
0x54a16c GetDlgCtrlID
0x54a170 GetSystemMenu
0x54a174 GetTopWindow
0x54a178 GetDialogBaseUnits
0x54a17c GetUpdateRect
0x54a180 GetWindowDC
0x54a184 IsZoomed
0x54a188 GetCaretBlinkTime
0x54a18c GetDesktopWindow
0x54a190 FindWindowA
0x54a194 GetDoubleClickTime
EAT(Export Address Table) is none
KERNEL32.dll
0x54a000 SizeofResource
0x54a004 GetSystemDefaultLCID
0x54a008 SetLastError
0x54a00c lstrlenW
0x54a010 GetFullPathNameA
0x54a014 lstrlenA
0x54a018 LocalAlloc
0x54a01c lstrcmpA
0x54a020 GetModuleHandleA
0x54a024 IsValidCodePage
0x54a028 CompareStringA
0x54a02c DeleteFileW
0x54a030 LoadResource
0x54a034 GetCurrentProcessorNumber
0x54a038 GetProcAddress
0x54a03c CreateFileMappingA
0x54a040 GetProcessHeap
0x54a044 GlobalMemoryStatusEx
0x54a048 CreateRemoteThread
0x54a04c SetThreadContext
0x54a050 OpenThread
0x54a054 CloseHandle
0x54a058 DecodePointer
0x54a05c GetConsoleMode
0x54a060 GetConsoleOutputCP
0x54a064 FlushFileBuffers
0x54a068 SetFilePointerEx
0x54a06c WriteConsoleW
0x54a070 HeapQueryInformation
0x54a074 HeapSize
0x54a078 HeapReAlloc
0x54a07c HeapFree
0x54a080 LCMapStringW
0x54a084 UnhandledExceptionFilter
0x54a088 SetUnhandledExceptionFilter
0x54a08c GetCurrentProcess
0x54a090 TerminateProcess
0x54a094 IsProcessorFeaturePresent
0x54a098 QueryPerformanceCounter
0x54a09c GetCurrentProcessId
0x54a0a0 GetCurrentThreadId
0x54a0a4 GetSystemTimeAsFileTime
0x54a0a8 InitializeSListHead
0x54a0ac IsDebuggerPresent
0x54a0b0 GetStartupInfoW
0x54a0b4 GetModuleHandleW
0x54a0b8 RtlUnwind
0x54a0bc GetLastError
0x54a0c0 EnterCriticalSection
0x54a0c4 LeaveCriticalSection
0x54a0c8 DeleteCriticalSection
0x54a0cc InitializeCriticalSectionAndSpinCount
0x54a0d0 TlsAlloc
0x54a0d4 TlsGetValue
0x54a0d8 TlsSetValue
0x54a0dc TlsFree
0x54a0e0 FreeLibrary
0x54a0e4 LoadLibraryExW
0x54a0e8 EncodePointer
0x54a0ec RaiseException
0x54a0f0 GetStdHandle
0x54a0f4 WriteFile
0x54a0f8 GetModuleFileNameW
0x54a0fc ExitProcess
0x54a100 GetModuleHandleExW
0x54a104 HeapAlloc
0x54a108 HeapValidate
0x54a10c GetSystemInfo
0x54a110 OutputDebugStringW
0x54a114 FindClose
0x54a118 FindFirstFileExW
0x54a11c FindNextFileW
0x54a120 GetACP
0x54a124 GetOEMCP
0x54a128 GetCPInfo
0x54a12c GetCommandLineA
0x54a130 GetCommandLineW
0x54a134 MultiByteToWideChar
0x54a138 WideCharToMultiByte
0x54a13c GetEnvironmentStringsW
0x54a140 FreeEnvironmentStringsW
0x54a144 SetStdHandle
0x54a148 GetFileType
0x54a14c GetStringTypeW
0x54a150 CreateFileW
USER32.dll
0x54a158 OpenIcon
0x54a15c GetFocus
0x54a160 FillRect
0x54a164 EndDialog
0x54a168 GetCapture
0x54a16c GetDlgCtrlID
0x54a170 GetSystemMenu
0x54a174 GetTopWindow
0x54a178 GetDialogBaseUnits
0x54a17c GetUpdateRect
0x54a180 GetWindowDC
0x54a184 IsZoomed
0x54a188 GetCaretBlinkTime
0x54a18c GetDesktopWindow
0x54a190 FindWindowA
0x54a194 GetDoubleClickTime
EAT(Export Address Table) is none