ScreenShot
| Created | 2023.05.04 17:59 | Machine | s1_win7_x6403 |
| Filename | distributive095.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 21 detected (AIDetectMalware, malicious, high confidence, Artemis, unsafe, Save, confidence, 100%, VMProtect, AU suspicious, TrojanX, Generic@AI, RDMK, cmRtazpPx4RVPnTvt8Y8uVyceUtb, Seheq, ZexaF, @JW@aqTzQ4fi, susgen) | ||
| md5 | 5a2548ee26c5b3613a8096befe770a0f | ||
| sha256 | be23d93128af34f8a0c84faeb605c524906d7d0f1f88ee3c3e50e2419819042b | ||
| ssdeep | 196608:sWtV7YeiolI0wtfX+wZIX2frbwMXmbwnsbMi3oqLNkE:r7YtolIl5XmskQmEns4i3nLNkE | ||
| imphash | ce1caa42157340f3d78c9dc597bc1009 | ||
| impfuzzy | 96:SYYStWcpeiS1nxWZPozGonC2de1AXJ+Zcp+qjwSttLyuua:RCWanCIZ+Ra | ||
Network IP location
Signature (11cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 21 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a shortcut to an executable file |
| notice | Drops an executable to the user AppData folder |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (14cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | CoinMiner_IN | CoinMiner | binaries (download) |
| danger | CoinMiner_IN | CoinMiner | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (7cnts) ?
Suricata ids
ET HUNTING EXE Base64 Encoded potential malware
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x7c4000 GetLastError
0x7c4004 SetLastError
0x7c4008 WaitForSingleObject
0x7c400c CreateEventA
0x7c4010 HeapAlloc
0x7c4014 HeapFree
0x7c4018 GetProcessHeap
0x7c401c GetNativeSystemInfo
0x7c4020 VirtualAlloc
0x7c4024 VirtualProtect
0x7c4028 VirtualFree
0x7c402c Beep
0x7c4030 GetModuleHandleA
0x7c4034 GetProcAddress
0x7c4038 IsBadReadPtr
0x7c403c WriteConsoleW
0x7c4040 CreateFileW
0x7c4044 HeapSize
0x7c4048 SetStdHandle
0x7c404c FreeLibrary
0x7c4050 LoadLibraryA
0x7c4054 FreeEnvironmentStringsW
0x7c4058 GetEnvironmentStringsW
0x7c405c GetCommandLineW
0x7c4060 GetCommandLineA
0x7c4064 GetOEMCP
0x7c4068 GetACP
0x7c406c IsValidCodePage
0x7c4070 FindNextFileW
0x7c4074 FindFirstFileExW
0x7c4078 FindClose
0x7c407c HeapReAlloc
0x7c4080 ReadConsoleW
0x7c4084 SetFilePointerEx
0x7c4088 GetFileSizeEx
0x7c408c ReadFile
0x7c4090 GetConsoleMode
0x7c4094 GetConsoleOutputCP
0x7c4098 FlushFileBuffers
0x7c409c GetFileType
0x7c40a0 EnumSystemLocalesW
0x7c40a4 GetUserDefaultLCID
0x7c40a8 IsValidLocale
0x7c40ac GetLocaleInfoW
0x7c40b0 UnhandledExceptionFilter
0x7c40b4 SetUnhandledExceptionFilter
0x7c40b8 GetCurrentProcess
0x7c40bc TerminateProcess
0x7c40c0 IsProcessorFeaturePresent
0x7c40c4 CloseHandle
0x7c40c8 EnterCriticalSection
0x7c40cc LeaveCriticalSection
0x7c40d0 InitializeCriticalSectionAndSpinCount
0x7c40d4 DeleteCriticalSection
0x7c40d8 SetEvent
0x7c40dc ResetEvent
0x7c40e0 WaitForSingleObjectEx
0x7c40e4 CreateEventW
0x7c40e8 GetModuleHandleW
0x7c40ec IsDebuggerPresent
0x7c40f0 GetStartupInfoW
0x7c40f4 QueryPerformanceCounter
0x7c40f8 GetCurrentProcessId
0x7c40fc GetCurrentThreadId
0x7c4100 GetSystemTimeAsFileTime
0x7c4104 InitializeSListHead
0x7c4108 QueryPerformanceFrequency
0x7c410c Sleep
0x7c4110 InitializeSRWLock
0x7c4114 ReleaseSRWLockExclusive
0x7c4118 AcquireSRWLockExclusive
0x7c411c TryAcquireSRWLockExclusive
0x7c4120 InitializeCriticalSectionEx
0x7c4124 EncodePointer
0x7c4128 DecodePointer
0x7c412c MultiByteToWideChar
0x7c4130 WideCharToMultiByte
0x7c4134 LCMapStringEx
0x7c4138 CompareStringEx
0x7c413c GetCPInfo
0x7c4140 GetStringTypeW
0x7c4144 RaiseException
0x7c4148 RtlUnwind
0x7c414c TlsAlloc
0x7c4150 TlsGetValue
0x7c4154 TlsSetValue
0x7c4158 TlsFree
0x7c415c LoadLibraryExW
0x7c4160 CreateThread
0x7c4164 ExitThread
0x7c4168 FreeLibraryAndExitThread
0x7c416c GetModuleHandleExW
0x7c4170 ExitProcess
0x7c4174 GetModuleFileNameW
0x7c4178 GetStdHandle
0x7c417c WriteFile
0x7c4180 LCMapStringW
0x7c4184 SetEndOfFile
USER32.dll
0x7c418c LoadIconA
0x7c4190 LoadCursorA
0x7c4194 CreateWindowExA
0x7c4198 DefWindowProcA
0x7c419c RegisterClassA
GDI32.dll
0x7c41a4 CreateSolidBrush
SHELL32.dll
0x7c41ac ShellExecuteA
WS2_32.dll
0x7c41b4 setsockopt
0x7c41b8 send
0x7c41bc select
0x7c41c0 recv
0x7c41c4 ntohs
0x7c41c8 socket
0x7c41cc getsockname
0x7c41d0 getpeername
0x7c41d4 ioctlsocket
0x7c41d8 connect
0x7c41dc closesocket
0x7c41e0 __WSAFDIsSet
0x7c41e4 WSAStartup
0x7c41e8 WSACleanup
0x7c41ec shutdown
0x7c41f0 WSAGetLastError
0x7c41f4 WSASocketW
0x7c41f8 getaddrinfo
0x7c41fc getnameinfo
0x7c4200 freeaddrinfo
0x7c4204 getsockopt
KERNEL32.dll
0x7c420c GetSystemTimeAsFileTime
0x7c4210 GetModuleHandleA
0x7c4214 CreateEventA
0x7c4218 GetModuleFileNameW
0x7c421c TerminateProcess
0x7c4220 GetCurrentProcess
0x7c4224 CreateToolhelp32Snapshot
0x7c4228 Thread32First
0x7c422c GetCurrentProcessId
0x7c4230 GetCurrentThreadId
0x7c4234 OpenThread
0x7c4238 Thread32Next
0x7c423c CloseHandle
0x7c4240 SuspendThread
0x7c4244 ResumeThread
0x7c4248 WriteProcessMemory
0x7c424c GetSystemInfo
0x7c4250 VirtualAlloc
0x7c4254 VirtualProtect
0x7c4258 VirtualFree
0x7c425c GetProcessAffinityMask
0x7c4260 SetProcessAffinityMask
0x7c4264 GetCurrentThread
0x7c4268 SetThreadAffinityMask
0x7c426c Sleep
0x7c4270 LoadLibraryA
0x7c4274 FreeLibrary
0x7c4278 GetTickCount
0x7c427c SystemTimeToFileTime
0x7c4280 FileTimeToSystemTime
0x7c4284 GlobalFree
0x7c4288 LocalAlloc
0x7c428c LocalFree
0x7c4290 GetProcAddress
0x7c4294 ExitProcess
0x7c4298 EnterCriticalSection
0x7c429c LeaveCriticalSection
0x7c42a0 InitializeCriticalSection
0x7c42a4 DeleteCriticalSection
0x7c42a8 GetModuleHandleW
0x7c42ac LoadResource
0x7c42b0 MultiByteToWideChar
0x7c42b4 FindResourceExW
0x7c42b8 FindResourceExA
0x7c42bc WideCharToMultiByte
0x7c42c0 GetThreadLocale
0x7c42c4 GetUserDefaultLCID
0x7c42c8 GetSystemDefaultLCID
0x7c42cc EnumResourceNamesA
0x7c42d0 EnumResourceNamesW
0x7c42d4 EnumResourceLanguagesA
0x7c42d8 EnumResourceLanguagesW
0x7c42dc EnumResourceTypesA
0x7c42e0 EnumResourceTypesW
0x7c42e4 CreateFileW
0x7c42e8 LoadLibraryW
0x7c42ec GetLastError
0x7c42f0 FlushFileBuffers
0x7c42f4 WriteConsoleW
0x7c42f8 SetStdHandle
0x7c42fc IsProcessorFeaturePresent
0x7c4300 DecodePointer
0x7c4304 GetCommandLineA
0x7c4308 RaiseException
0x7c430c HeapFree
0x7c4310 GetCPInfo
0x7c4314 InterlockedIncrement
0x7c4318 InterlockedDecrement
0x7c431c GetACP
0x7c4320 GetOEMCP
0x7c4324 IsValidCodePage
0x7c4328 EncodePointer
0x7c432c TlsAlloc
0x7c4330 TlsGetValue
0x7c4334 TlsSetValue
0x7c4338 TlsFree
0x7c433c SetLastError
0x7c4340 UnhandledExceptionFilter
0x7c4344 SetUnhandledExceptionFilter
0x7c4348 IsDebuggerPresent
0x7c434c HeapAlloc
0x7c4350 LCMapStringW
0x7c4354 GetStringTypeW
0x7c4358 SetHandleCount
0x7c435c GetStdHandle
0x7c4360 InitializeCriticalSectionAndSpinCount
0x7c4364 GetFileType
0x7c4368 GetStartupInfoW
0x7c436c GetModuleFileNameA
0x7c4370 FreeEnvironmentStringsW
0x7c4374 GetEnvironmentStringsW
0x7c4378 HeapCreate
0x7c437c HeapDestroy
0x7c4380 QueryPerformanceCounter
0x7c4384 HeapSize
0x7c4388 WriteFile
0x7c438c RtlUnwind
0x7c4390 SetFilePointer
0x7c4394 GetConsoleCP
0x7c4398 GetConsoleMode
0x7c439c HeapReAlloc
0x7c43a0 VirtualQuery
USER32.dll
0x7c43a8 CharUpperBuffW
KERNEL32.dll
0x7c43b0 LocalAlloc
0x7c43b4 LocalFree
0x7c43b8 GetModuleFileNameW
0x7c43bc ExitProcess
0x7c43c0 LoadLibraryA
0x7c43c4 GetModuleHandleA
0x7c43c8 GetProcAddress
EAT(Export Address Table) is none
KERNEL32.dll
0x7c4000 GetLastError
0x7c4004 SetLastError
0x7c4008 WaitForSingleObject
0x7c400c CreateEventA
0x7c4010 HeapAlloc
0x7c4014 HeapFree
0x7c4018 GetProcessHeap
0x7c401c GetNativeSystemInfo
0x7c4020 VirtualAlloc
0x7c4024 VirtualProtect
0x7c4028 VirtualFree
0x7c402c Beep
0x7c4030 GetModuleHandleA
0x7c4034 GetProcAddress
0x7c4038 IsBadReadPtr
0x7c403c WriteConsoleW
0x7c4040 CreateFileW
0x7c4044 HeapSize
0x7c4048 SetStdHandle
0x7c404c FreeLibrary
0x7c4050 LoadLibraryA
0x7c4054 FreeEnvironmentStringsW
0x7c4058 GetEnvironmentStringsW
0x7c405c GetCommandLineW
0x7c4060 GetCommandLineA
0x7c4064 GetOEMCP
0x7c4068 GetACP
0x7c406c IsValidCodePage
0x7c4070 FindNextFileW
0x7c4074 FindFirstFileExW
0x7c4078 FindClose
0x7c407c HeapReAlloc
0x7c4080 ReadConsoleW
0x7c4084 SetFilePointerEx
0x7c4088 GetFileSizeEx
0x7c408c ReadFile
0x7c4090 GetConsoleMode
0x7c4094 GetConsoleOutputCP
0x7c4098 FlushFileBuffers
0x7c409c GetFileType
0x7c40a0 EnumSystemLocalesW
0x7c40a4 GetUserDefaultLCID
0x7c40a8 IsValidLocale
0x7c40ac GetLocaleInfoW
0x7c40b0 UnhandledExceptionFilter
0x7c40b4 SetUnhandledExceptionFilter
0x7c40b8 GetCurrentProcess
0x7c40bc TerminateProcess
0x7c40c0 IsProcessorFeaturePresent
0x7c40c4 CloseHandle
0x7c40c8 EnterCriticalSection
0x7c40cc LeaveCriticalSection
0x7c40d0 InitializeCriticalSectionAndSpinCount
0x7c40d4 DeleteCriticalSection
0x7c40d8 SetEvent
0x7c40dc ResetEvent
0x7c40e0 WaitForSingleObjectEx
0x7c40e4 CreateEventW
0x7c40e8 GetModuleHandleW
0x7c40ec IsDebuggerPresent
0x7c40f0 GetStartupInfoW
0x7c40f4 QueryPerformanceCounter
0x7c40f8 GetCurrentProcessId
0x7c40fc GetCurrentThreadId
0x7c4100 GetSystemTimeAsFileTime
0x7c4104 InitializeSListHead
0x7c4108 QueryPerformanceFrequency
0x7c410c Sleep
0x7c4110 InitializeSRWLock
0x7c4114 ReleaseSRWLockExclusive
0x7c4118 AcquireSRWLockExclusive
0x7c411c TryAcquireSRWLockExclusive
0x7c4120 InitializeCriticalSectionEx
0x7c4124 EncodePointer
0x7c4128 DecodePointer
0x7c412c MultiByteToWideChar
0x7c4130 WideCharToMultiByte
0x7c4134 LCMapStringEx
0x7c4138 CompareStringEx
0x7c413c GetCPInfo
0x7c4140 GetStringTypeW
0x7c4144 RaiseException
0x7c4148 RtlUnwind
0x7c414c TlsAlloc
0x7c4150 TlsGetValue
0x7c4154 TlsSetValue
0x7c4158 TlsFree
0x7c415c LoadLibraryExW
0x7c4160 CreateThread
0x7c4164 ExitThread
0x7c4168 FreeLibraryAndExitThread
0x7c416c GetModuleHandleExW
0x7c4170 ExitProcess
0x7c4174 GetModuleFileNameW
0x7c4178 GetStdHandle
0x7c417c WriteFile
0x7c4180 LCMapStringW
0x7c4184 SetEndOfFile
USER32.dll
0x7c418c LoadIconA
0x7c4190 LoadCursorA
0x7c4194 CreateWindowExA
0x7c4198 DefWindowProcA
0x7c419c RegisterClassA
GDI32.dll
0x7c41a4 CreateSolidBrush
SHELL32.dll
0x7c41ac ShellExecuteA
WS2_32.dll
0x7c41b4 setsockopt
0x7c41b8 send
0x7c41bc select
0x7c41c0 recv
0x7c41c4 ntohs
0x7c41c8 socket
0x7c41cc getsockname
0x7c41d0 getpeername
0x7c41d4 ioctlsocket
0x7c41d8 connect
0x7c41dc closesocket
0x7c41e0 __WSAFDIsSet
0x7c41e4 WSAStartup
0x7c41e8 WSACleanup
0x7c41ec shutdown
0x7c41f0 WSAGetLastError
0x7c41f4 WSASocketW
0x7c41f8 getaddrinfo
0x7c41fc getnameinfo
0x7c4200 freeaddrinfo
0x7c4204 getsockopt
KERNEL32.dll
0x7c420c GetSystemTimeAsFileTime
0x7c4210 GetModuleHandleA
0x7c4214 CreateEventA
0x7c4218 GetModuleFileNameW
0x7c421c TerminateProcess
0x7c4220 GetCurrentProcess
0x7c4224 CreateToolhelp32Snapshot
0x7c4228 Thread32First
0x7c422c GetCurrentProcessId
0x7c4230 GetCurrentThreadId
0x7c4234 OpenThread
0x7c4238 Thread32Next
0x7c423c CloseHandle
0x7c4240 SuspendThread
0x7c4244 ResumeThread
0x7c4248 WriteProcessMemory
0x7c424c GetSystemInfo
0x7c4250 VirtualAlloc
0x7c4254 VirtualProtect
0x7c4258 VirtualFree
0x7c425c GetProcessAffinityMask
0x7c4260 SetProcessAffinityMask
0x7c4264 GetCurrentThread
0x7c4268 SetThreadAffinityMask
0x7c426c Sleep
0x7c4270 LoadLibraryA
0x7c4274 FreeLibrary
0x7c4278 GetTickCount
0x7c427c SystemTimeToFileTime
0x7c4280 FileTimeToSystemTime
0x7c4284 GlobalFree
0x7c4288 LocalAlloc
0x7c428c LocalFree
0x7c4290 GetProcAddress
0x7c4294 ExitProcess
0x7c4298 EnterCriticalSection
0x7c429c LeaveCriticalSection
0x7c42a0 InitializeCriticalSection
0x7c42a4 DeleteCriticalSection
0x7c42a8 GetModuleHandleW
0x7c42ac LoadResource
0x7c42b0 MultiByteToWideChar
0x7c42b4 FindResourceExW
0x7c42b8 FindResourceExA
0x7c42bc WideCharToMultiByte
0x7c42c0 GetThreadLocale
0x7c42c4 GetUserDefaultLCID
0x7c42c8 GetSystemDefaultLCID
0x7c42cc EnumResourceNamesA
0x7c42d0 EnumResourceNamesW
0x7c42d4 EnumResourceLanguagesA
0x7c42d8 EnumResourceLanguagesW
0x7c42dc EnumResourceTypesA
0x7c42e0 EnumResourceTypesW
0x7c42e4 CreateFileW
0x7c42e8 LoadLibraryW
0x7c42ec GetLastError
0x7c42f0 FlushFileBuffers
0x7c42f4 WriteConsoleW
0x7c42f8 SetStdHandle
0x7c42fc IsProcessorFeaturePresent
0x7c4300 DecodePointer
0x7c4304 GetCommandLineA
0x7c4308 RaiseException
0x7c430c HeapFree
0x7c4310 GetCPInfo
0x7c4314 InterlockedIncrement
0x7c4318 InterlockedDecrement
0x7c431c GetACP
0x7c4320 GetOEMCP
0x7c4324 IsValidCodePage
0x7c4328 EncodePointer
0x7c432c TlsAlloc
0x7c4330 TlsGetValue
0x7c4334 TlsSetValue
0x7c4338 TlsFree
0x7c433c SetLastError
0x7c4340 UnhandledExceptionFilter
0x7c4344 SetUnhandledExceptionFilter
0x7c4348 IsDebuggerPresent
0x7c434c HeapAlloc
0x7c4350 LCMapStringW
0x7c4354 GetStringTypeW
0x7c4358 SetHandleCount
0x7c435c GetStdHandle
0x7c4360 InitializeCriticalSectionAndSpinCount
0x7c4364 GetFileType
0x7c4368 GetStartupInfoW
0x7c436c GetModuleFileNameA
0x7c4370 FreeEnvironmentStringsW
0x7c4374 GetEnvironmentStringsW
0x7c4378 HeapCreate
0x7c437c HeapDestroy
0x7c4380 QueryPerformanceCounter
0x7c4384 HeapSize
0x7c4388 WriteFile
0x7c438c RtlUnwind
0x7c4390 SetFilePointer
0x7c4394 GetConsoleCP
0x7c4398 GetConsoleMode
0x7c439c HeapReAlloc
0x7c43a0 VirtualQuery
USER32.dll
0x7c43a8 CharUpperBuffW
KERNEL32.dll
0x7c43b0 LocalAlloc
0x7c43b4 LocalFree
0x7c43b8 GetModuleFileNameW
0x7c43bc ExitProcess
0x7c43c0 LoadLibraryA
0x7c43c4 GetModuleHandleA
0x7c43c8 GetProcAddress
EAT(Export Address Table) is none