ScreenShot
| Created | 2023.05.12 09:21 | Machine | s1_win7_x6401 |
| Filename | RKiDaNx.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 23 detected (AIDetectMalware, unsafe, Vzhy, malicious, confidence, 100%, QSetup, AX suspicious, FileRepMalware, Misc, SMOKELOADER, YXDELZ, moderate, score, Phonzy, Sabsik, Artemis, Chgt) | ||
| md5 | fe415fe7497faeb1c84614d9a267b2eb | ||
| sha256 | 5df82a2cbc00d2b5f2075a40eadd4e006569ffc96bf8eb597d7bdd366406e52b | ||
| ssdeep | 49152:FsRXycULLv5AJOzWwKKswtrw2FZZytLJ917OFbH3Ck:FsRCcULLRiwPbM2vZytLvIHyk | ||
| imphash | 4afbc3ea79152c3f8469f1157ab7e53a | ||
| impfuzzy | 96:8cfp95Eo3O5c/4JbOEjBQxU8w1X/K7Sw9cKJ:z3EnQxS1PK7Sw9cKJ | ||
Network IP location
Signature (16cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
| watch | The process powershell.exe wrote an executable file to disk |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a shortcut to an executable file |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (15cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Suspicious_Obfuscation_Script_2 | Suspicious obfuscation script (e.g. executable files) | binaries (download) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | bmp_file_format | bmp file format | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (download) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x42a104 DeleteCriticalSection
0x42a108 LeaveCriticalSection
0x42a10c EnterCriticalSection
0x42a110 InitializeCriticalSection
0x42a114 VirtualFree
0x42a118 VirtualAlloc
0x42a11c LocalFree
0x42a120 LocalAlloc
0x42a124 GetTickCount
0x42a128 QueryPerformanceCounter
0x42a12c GetVersion
0x42a130 GetCurrentThreadId
0x42a134 WideCharToMultiByte
0x42a138 lstrlenA
0x42a13c lstrcpynA
0x42a140 LoadLibraryExA
0x42a144 GetThreadLocale
0x42a148 GetStartupInfoA
0x42a14c GetProcAddress
0x42a150 GetModuleHandleA
0x42a154 GetModuleFileNameA
0x42a158 GetLocaleInfoA
0x42a15c GetLastError
0x42a160 GetCommandLineA
0x42a164 FreeLibrary
0x42a168 FindFirstFileA
0x42a16c FindClose
0x42a170 ExitProcess
0x42a174 WriteFile
0x42a178 UnhandledExceptionFilter
0x42a17c SetFilePointer
0x42a180 SetEndOfFile
0x42a184 RtlUnwind
0x42a188 ReadFile
0x42a18c RaiseException
0x42a190 GetStdHandle
0x42a194 GetFileSize
0x42a198 GetFileType
0x42a19c CreateFileA
0x42a1a0 CloseHandle
user32.dll
0x42a1a8 GetKeyboardType
0x42a1ac LoadStringA
0x42a1b0 MessageBoxA
0x42a1b4 CharNextA
advapi32.dll
0x42a1bc RegQueryValueExA
0x42a1c0 RegOpenKeyExA
0x42a1c4 RegCloseKey
oleaut32.dll
0x42a1cc SysFreeString
0x42a1d0 SysAllocStringLen
kernel32.dll
0x42a1d8 TlsSetValue
0x42a1dc TlsGetValue
0x42a1e0 LocalAlloc
0x42a1e4 GetModuleHandleA
advapi32.dll
0x42a1ec RegQueryValueExA
0x42a1f0 RegOpenKeyExA
0x42a1f4 RegCloseKey
0x42a1f8 LookupAccountNameA
0x42a1fc GetUserNameA
kernel32.dll
0x42a204 WritePrivateProfileStringA
0x42a208 WriteFile
0x42a20c WinExec
0x42a210 VirtualQuery
0x42a214 TerminateProcess
0x42a218 SetFileTime
0x42a21c SetFilePointer
0x42a220 SetFileAttributesA
0x42a224 SetErrorMode
0x42a228 SetCurrentDirectoryA
0x42a22c RemoveDirectoryA
0x42a230 ReadFile
0x42a234 OpenProcess
0x42a238 MulDiv
0x42a23c MoveFileA
0x42a240 LocalFileTimeToFileTime
0x42a244 LoadLibraryA
0x42a248 LeaveCriticalSection
0x42a24c IsDBCSLeadByte
0x42a250 InitializeCriticalSection
0x42a254 GlobalFindAtomA
0x42a258 GlobalDeleteAtom
0x42a25c GlobalAddAtomA
0x42a260 GetWindowsDirectoryA
0x42a264 GetVersionExA
0x42a268 GetTickCount
0x42a26c GetThreadLocale
0x42a270 GetTempPathA
0x42a274 GetSystemDirectoryA
0x42a278 GetStringTypeExA
0x42a27c GetStdHandle
0x42a280 GetShortPathNameA
0x42a284 GetProcAddress
0x42a288 GetPrivateProfileStringA
0x42a28c GetModuleHandleA
0x42a290 GetModuleFileNameA
0x42a294 GetLocaleInfoA
0x42a298 GetLocalTime
0x42a29c GetLastError
0x42a2a0 GetFullPathNameA
0x42a2a4 GetFileSize
0x42a2a8 GetFileAttributesA
0x42a2ac GetExitCodeProcess
0x42a2b0 GetEnvironmentVariableA
0x42a2b4 GetDriveTypeA
0x42a2b8 GetDiskFreeSpaceA
0x42a2bc GetDateFormatA
0x42a2c0 GetCurrentThreadId
0x42a2c4 GetCurrentProcessId
0x42a2c8 GetComputerNameA
0x42a2cc GetCPInfo
0x42a2d0 GetACP
0x42a2d4 FreeLibrary
0x42a2d8 FormatMessageA
0x42a2dc FindNextFileA
0x42a2e0 FindFirstFileA
0x42a2e4 FindClose
0x42a2e8 FileTimeToLocalFileTime
0x42a2ec FileTimeToDosDateTime
0x42a2f0 EnumCalendarInfoA
0x42a2f4 EnterCriticalSection
0x42a2f8 DosDateTimeToFileTime
0x42a2fc DeviceIoControl
0x42a300 DeleteFileA
0x42a304 CreateProcessA
0x42a308 CreateFileA
0x42a30c CreateDirectoryA
0x42a310 CopyFileA
0x42a314 CloseHandle
gdi32.dll
0x42a31c SelectObject
0x42a320 MoveToEx
0x42a324 LineTo
0x42a328 GetTextMetricsA
0x42a32c GetTextExtentPoint32A
0x42a330 GetDeviceCaps
0x42a334 DeleteObject
0x42a338 CreateSolidBrush
0x42a33c CreatePen
0x42a340 CreateFontA
user32.dll
0x42a348 CreateWindowExA
0x42a34c UnregisterClassA
0x42a350 TranslateMessage
0x42a354 SystemParametersInfoA
0x42a358 ShowWindow
0x42a35c SetWindowPos
0x42a360 SetWindowLongA
0x42a364 SetTimer
0x42a368 SetFocus
0x42a36c SetActiveWindow
0x42a370 SendMessageA
0x42a374 ReleaseDC
0x42a378 RegisterWindowMessageA
0x42a37c RegisterClassA
0x42a380 PostQuitMessage
0x42a384 PostMessageA
0x42a388 PeekMessageA
0x42a38c MessageBoxA
0x42a390 LoadStringA
0x42a394 LoadIconA
0x42a398 LoadCursorA
0x42a39c KillTimer
0x42a3a0 IsWindowVisible
0x42a3a4 GetWindowThreadProcessId
0x42a3a8 GetWindowTextA
0x42a3ac GetWindowRect
0x42a3b0 GetWindowLongA
0x42a3b4 GetSystemMetrics
0x42a3b8 GetSystemMenu
0x42a3bc GetSysColor
0x42a3c0 GetWindow
0x42a3c4 GetMessageA
0x42a3c8 GetFocus
0x42a3cc GetDesktopWindow
0x42a3d0 GetDC
0x42a3d4 GetClientRect
0x42a3d8 GetActiveWindow
0x42a3dc FindWindowA
0x42a3e0 FillRect
0x42a3e4 EnumWindows
0x42a3e8 EndPaint
0x42a3ec EnableWindow
0x42a3f0 EnableMenuItem
0x42a3f4 DrawIcon
0x42a3f8 DispatchMessageA
0x42a3fc DefWindowProcA
0x42a400 BeginPaint
0x42a404 CharNextA
0x42a408 CharToOemA
kernel32.dll
0x42a410 Sleep
shell32.dll
0x42a418 ShellExecuteA
comctl32.dll
0x42a420 InitCommonControls
EAT(Export Address Table) is none
kernel32.dll
0x42a104 DeleteCriticalSection
0x42a108 LeaveCriticalSection
0x42a10c EnterCriticalSection
0x42a110 InitializeCriticalSection
0x42a114 VirtualFree
0x42a118 VirtualAlloc
0x42a11c LocalFree
0x42a120 LocalAlloc
0x42a124 GetTickCount
0x42a128 QueryPerformanceCounter
0x42a12c GetVersion
0x42a130 GetCurrentThreadId
0x42a134 WideCharToMultiByte
0x42a138 lstrlenA
0x42a13c lstrcpynA
0x42a140 LoadLibraryExA
0x42a144 GetThreadLocale
0x42a148 GetStartupInfoA
0x42a14c GetProcAddress
0x42a150 GetModuleHandleA
0x42a154 GetModuleFileNameA
0x42a158 GetLocaleInfoA
0x42a15c GetLastError
0x42a160 GetCommandLineA
0x42a164 FreeLibrary
0x42a168 FindFirstFileA
0x42a16c FindClose
0x42a170 ExitProcess
0x42a174 WriteFile
0x42a178 UnhandledExceptionFilter
0x42a17c SetFilePointer
0x42a180 SetEndOfFile
0x42a184 RtlUnwind
0x42a188 ReadFile
0x42a18c RaiseException
0x42a190 GetStdHandle
0x42a194 GetFileSize
0x42a198 GetFileType
0x42a19c CreateFileA
0x42a1a0 CloseHandle
user32.dll
0x42a1a8 GetKeyboardType
0x42a1ac LoadStringA
0x42a1b0 MessageBoxA
0x42a1b4 CharNextA
advapi32.dll
0x42a1bc RegQueryValueExA
0x42a1c0 RegOpenKeyExA
0x42a1c4 RegCloseKey
oleaut32.dll
0x42a1cc SysFreeString
0x42a1d0 SysAllocStringLen
kernel32.dll
0x42a1d8 TlsSetValue
0x42a1dc TlsGetValue
0x42a1e0 LocalAlloc
0x42a1e4 GetModuleHandleA
advapi32.dll
0x42a1ec RegQueryValueExA
0x42a1f0 RegOpenKeyExA
0x42a1f4 RegCloseKey
0x42a1f8 LookupAccountNameA
0x42a1fc GetUserNameA
kernel32.dll
0x42a204 WritePrivateProfileStringA
0x42a208 WriteFile
0x42a20c WinExec
0x42a210 VirtualQuery
0x42a214 TerminateProcess
0x42a218 SetFileTime
0x42a21c SetFilePointer
0x42a220 SetFileAttributesA
0x42a224 SetErrorMode
0x42a228 SetCurrentDirectoryA
0x42a22c RemoveDirectoryA
0x42a230 ReadFile
0x42a234 OpenProcess
0x42a238 MulDiv
0x42a23c MoveFileA
0x42a240 LocalFileTimeToFileTime
0x42a244 LoadLibraryA
0x42a248 LeaveCriticalSection
0x42a24c IsDBCSLeadByte
0x42a250 InitializeCriticalSection
0x42a254 GlobalFindAtomA
0x42a258 GlobalDeleteAtom
0x42a25c GlobalAddAtomA
0x42a260 GetWindowsDirectoryA
0x42a264 GetVersionExA
0x42a268 GetTickCount
0x42a26c GetThreadLocale
0x42a270 GetTempPathA
0x42a274 GetSystemDirectoryA
0x42a278 GetStringTypeExA
0x42a27c GetStdHandle
0x42a280 GetShortPathNameA
0x42a284 GetProcAddress
0x42a288 GetPrivateProfileStringA
0x42a28c GetModuleHandleA
0x42a290 GetModuleFileNameA
0x42a294 GetLocaleInfoA
0x42a298 GetLocalTime
0x42a29c GetLastError
0x42a2a0 GetFullPathNameA
0x42a2a4 GetFileSize
0x42a2a8 GetFileAttributesA
0x42a2ac GetExitCodeProcess
0x42a2b0 GetEnvironmentVariableA
0x42a2b4 GetDriveTypeA
0x42a2b8 GetDiskFreeSpaceA
0x42a2bc GetDateFormatA
0x42a2c0 GetCurrentThreadId
0x42a2c4 GetCurrentProcessId
0x42a2c8 GetComputerNameA
0x42a2cc GetCPInfo
0x42a2d0 GetACP
0x42a2d4 FreeLibrary
0x42a2d8 FormatMessageA
0x42a2dc FindNextFileA
0x42a2e0 FindFirstFileA
0x42a2e4 FindClose
0x42a2e8 FileTimeToLocalFileTime
0x42a2ec FileTimeToDosDateTime
0x42a2f0 EnumCalendarInfoA
0x42a2f4 EnterCriticalSection
0x42a2f8 DosDateTimeToFileTime
0x42a2fc DeviceIoControl
0x42a300 DeleteFileA
0x42a304 CreateProcessA
0x42a308 CreateFileA
0x42a30c CreateDirectoryA
0x42a310 CopyFileA
0x42a314 CloseHandle
gdi32.dll
0x42a31c SelectObject
0x42a320 MoveToEx
0x42a324 LineTo
0x42a328 GetTextMetricsA
0x42a32c GetTextExtentPoint32A
0x42a330 GetDeviceCaps
0x42a334 DeleteObject
0x42a338 CreateSolidBrush
0x42a33c CreatePen
0x42a340 CreateFontA
user32.dll
0x42a348 CreateWindowExA
0x42a34c UnregisterClassA
0x42a350 TranslateMessage
0x42a354 SystemParametersInfoA
0x42a358 ShowWindow
0x42a35c SetWindowPos
0x42a360 SetWindowLongA
0x42a364 SetTimer
0x42a368 SetFocus
0x42a36c SetActiveWindow
0x42a370 SendMessageA
0x42a374 ReleaseDC
0x42a378 RegisterWindowMessageA
0x42a37c RegisterClassA
0x42a380 PostQuitMessage
0x42a384 PostMessageA
0x42a388 PeekMessageA
0x42a38c MessageBoxA
0x42a390 LoadStringA
0x42a394 LoadIconA
0x42a398 LoadCursorA
0x42a39c KillTimer
0x42a3a0 IsWindowVisible
0x42a3a4 GetWindowThreadProcessId
0x42a3a8 GetWindowTextA
0x42a3ac GetWindowRect
0x42a3b0 GetWindowLongA
0x42a3b4 GetSystemMetrics
0x42a3b8 GetSystemMenu
0x42a3bc GetSysColor
0x42a3c0 GetWindow
0x42a3c4 GetMessageA
0x42a3c8 GetFocus
0x42a3cc GetDesktopWindow
0x42a3d0 GetDC
0x42a3d4 GetClientRect
0x42a3d8 GetActiveWindow
0x42a3dc FindWindowA
0x42a3e0 FillRect
0x42a3e4 EnumWindows
0x42a3e8 EndPaint
0x42a3ec EnableWindow
0x42a3f0 EnableMenuItem
0x42a3f4 DrawIcon
0x42a3f8 DispatchMessageA
0x42a3fc DefWindowProcA
0x42a400 BeginPaint
0x42a404 CharNextA
0x42a408 CharToOemA
kernel32.dll
0x42a410 Sleep
shell32.dll
0x42a418 ShellExecuteA
comctl32.dll
0x42a420 InitCommonControls
EAT(Export Address Table) is none