ScreenShot
| Created | 2023.05.14 17:02 | Machine | s1_win7_x6401 |
| Filename | ProtonVPN_v3.0.5.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 23 detected (unsafe, Kryptik, V7fb, Tofsee, Attribute, HighConfidence, HTMP, FileRepMalware, Misc, Uimw, Artemis, Krypt, Casdet, Detected, Chgt, R002H0DED23, Generic@AI, RDML, at723IiFFBuV4ByF7PWA, MALICIOUS, confidence, 100%) | ||
| md5 | 8589fe09a6ad2bdc47a753125086f742 | ||
| sha256 | d4923d3747714d0d8c1f6a2ceec5ec15c6290b030e828429fd39edcd49ccf27d | ||
| ssdeep | 196608:WcywI4gKOVUosfPfgy4f1SEmaa7jgs2EnIyolKU72urtYF6N6YHYU4vcv0NXAAqL:0wI4Zhoc0AAEnwluI0Y4UKXxUsDcFn | ||
| imphash | 4d363d3b473a6c355539abd95921390d | ||
| impfuzzy | 48:JOUcSpvEdTsQYbRqoH9swUwrkrha9xvCrwYUrUvZk78:JHcSpvEdTsQYoMSPwrkrGxvo7UrWt | ||
Network IP location
Signature (13cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a shortcut to an executable file |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
| info | This executable has a PDB path |
| info | Tries to locate where the browsers are installed |
Rules (20cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | CAB_file_format | CAB archive file | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | Microsoft_Office_File_Zero | Microsoft Office File | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (download) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x65f000 CreateFileW
0x65f004 CloseHandle
0x65f008 WriteFile
0x65f00c DeleteFileW
0x65f010 HeapDestroy
0x65f014 HeapSize
0x65f018 HeapReAlloc
0x65f01c HeapFree
0x65f020 HeapAlloc
0x65f024 GetProcessHeap
0x65f028 SizeofResource
0x65f02c LockResource
0x65f030 LoadResource
0x65f034 FindResourceW
0x65f038 FindResourceExW
0x65f03c CreateEventExW
0x65f040 WaitForSingleObject
0x65f044 CreateProcessW
0x65f048 GetLastError
0x65f04c GetExitCodeProcess
0x65f050 SetEvent
0x65f054 RemoveDirectoryW
0x65f058 GetProcAddress
0x65f05c GetModuleHandleW
0x65f060 GetWindowsDirectoryW
0x65f064 CreateDirectoryW
0x65f068 GetTempPathW
0x65f06c GetTempFileNameW
0x65f070 MoveFileW
0x65f074 EnterCriticalSection
0x65f078 LeaveCriticalSection
0x65f07c GetModuleFileNameW
0x65f080 DeleteCriticalSection
0x65f084 InitializeCriticalSectionAndSpinCount
0x65f088 GetCurrentThreadId
0x65f08c RaiseException
0x65f090 SetLastError
0x65f094 GlobalUnlock
0x65f098 GlobalLock
0x65f09c GlobalAlloc
0x65f0a0 MulDiv
0x65f0a4 lstrcmpW
0x65f0a8 CreateEventW
0x65f0ac FindClose
0x65f0b0 FindFirstFileW
0x65f0b4 GetFullPathNameW
0x65f0b8 InitializeCriticalSection
0x65f0bc lstrcpynW
0x65f0c0 CreateThread
0x65f0c4 LoadLibraryExW
0x65f0c8 GetCurrentProcess
0x65f0cc Sleep
0x65f0d0 WideCharToMultiByte
0x65f0d4 GetDiskFreeSpaceExW
0x65f0d8 DecodePointer
0x65f0dc GetExitCodeThread
0x65f0e0 GetCurrentProcessId
0x65f0e4 FreeLibrary
0x65f0e8 GetSystemDirectoryW
0x65f0ec lstrlenW
0x65f0f0 VerifyVersionInfoW
0x65f0f4 VerSetConditionMask
0x65f0f8 lstrcmpiW
0x65f0fc LoadLibraryW
0x65f100 GetDriveTypeW
0x65f104 CompareStringW
0x65f108 FindNextFileW
0x65f10c GetLogicalDriveStringsW
0x65f110 GetFileSize
0x65f114 GetFileAttributesW
0x65f118 GetShortPathNameW
0x65f11c SetFileAttributesW
0x65f120 GetFileTime
0x65f124 CopyFileW
0x65f128 ReadFile
0x65f12c SetFilePointer
0x65f130 SetFileTime
0x65f134 SystemTimeToFileTime
0x65f138 MultiByteToWideChar
0x65f13c GetSystemInfo
0x65f140 WaitForMultipleObjects
0x65f144 GetVersionExW
0x65f148 VirtualProtect
0x65f14c VirtualQuery
0x65f150 LoadLibraryExA
0x65f154 GetStringTypeW
0x65f158 LocalFree
0x65f15c LocalAlloc
0x65f160 SetUnhandledExceptionFilter
0x65f164 FileTimeToSystemTime
0x65f168 GetEnvironmentVariableW
0x65f16c GetSystemTime
0x65f170 GetDateFormatW
0x65f174 GetTimeFormatW
0x65f178 GetLocaleInfoW
0x65f17c CreateToolhelp32Snapshot
0x65f180 Process32FirstW
0x65f184 Process32NextW
0x65f188 FormatMessageW
0x65f18c GetEnvironmentStringsW
0x65f190 InitializeCriticalSectionEx
0x65f194 LoadLibraryA
0x65f198 GetModuleFileNameA
0x65f19c GetCurrentThread
0x65f1a0 GetConsoleOutputCP
0x65f1a4 FlushFileBuffers
0x65f1a8 Wow64DisableWow64FsRedirection
0x65f1ac Wow64RevertWow64FsRedirection
0x65f1b0 IsWow64Process
0x65f1b4 SetConsoleTextAttribute
0x65f1b8 GetStdHandle
0x65f1bc GetConsoleScreenBufferInfo
0x65f1c0 OutputDebugStringW
0x65f1c4 GetTickCount
0x65f1c8 GetCommandLineW
0x65f1cc SetCurrentDirectoryW
0x65f1d0 SetEndOfFile
0x65f1d4 EnumResourceLanguagesW
0x65f1d8 GetSystemDefaultLangID
0x65f1dc GetUserDefaultLangID
0x65f1e0 GetLocalTime
0x65f1e4 ResetEvent
0x65f1e8 GlobalFree
0x65f1ec GetPrivateProfileStringW
0x65f1f0 GetPrivateProfileSectionNamesW
0x65f1f4 WritePrivateProfileStringW
0x65f1f8 CreateNamedPipeW
0x65f1fc ConnectNamedPipe
0x65f200 TerminateThread
0x65f204 CompareFileTime
0x65f208 CopyFileExW
0x65f20c OpenEventW
0x65f210 PeekNamedPipe
0x65f214 WaitForSingleObjectEx
0x65f218 QueryPerformanceCounter
0x65f21c QueryPerformanceFrequency
0x65f220 EncodePointer
0x65f224 LCMapStringEx
0x65f228 CompareStringEx
0x65f22c GetCPInfo
0x65f230 GetSystemTimeAsFileTime
0x65f234 IsDebuggerPresent
0x65f238 InitializeSListHead
0x65f23c InterlockedPopEntrySList
0x65f240 InterlockedPushEntrySList
0x65f244 FlushInstructionCache
0x65f248 IsProcessorFeaturePresent
0x65f24c VirtualAlloc
0x65f250 VirtualFree
0x65f254 UnhandledExceptionFilter
0x65f258 TerminateProcess
0x65f25c GetStartupInfoW
0x65f260 RtlUnwind
0x65f264 TlsAlloc
0x65f268 TlsGetValue
0x65f26c TlsSetValue
0x65f270 TlsFree
0x65f274 ExitThread
0x65f278 FreeLibraryAndExitThread
0x65f27c GetModuleHandleExW
0x65f280 ExitProcess
0x65f284 GetFileType
0x65f288 LCMapStringW
0x65f28c IsValidLocale
0x65f290 GetUserDefaultLCID
0x65f294 EnumSystemLocalesW
0x65f298 GetTimeZoneInformation
0x65f29c GetConsoleMode
0x65f2a0 GetFileSizeEx
0x65f2a4 SetFilePointerEx
0x65f2a8 FindFirstFileExW
0x65f2ac IsValidCodePage
0x65f2b0 GetACP
0x65f2b4 GetOEMCP
0x65f2b8 GetCommandLineA
0x65f2bc FreeEnvironmentStringsW
0x65f2c0 SetEnvironmentVariableW
0x65f2c4 SetStdHandle
0x65f2c8 ReadConsoleW
0x65f2cc WriteConsoleW
0x65f2d0 GetProcessAffinityMask
0x65f2d4 GetModuleHandleA
0x65f2d8 GlobalMemoryStatus
0x65f2dc ReleaseSemaphore
0x65f2e0 CreateSemaphoreW
EAT(Export Address Table) is none
KERNEL32.dll
0x65f000 CreateFileW
0x65f004 CloseHandle
0x65f008 WriteFile
0x65f00c DeleteFileW
0x65f010 HeapDestroy
0x65f014 HeapSize
0x65f018 HeapReAlloc
0x65f01c HeapFree
0x65f020 HeapAlloc
0x65f024 GetProcessHeap
0x65f028 SizeofResource
0x65f02c LockResource
0x65f030 LoadResource
0x65f034 FindResourceW
0x65f038 FindResourceExW
0x65f03c CreateEventExW
0x65f040 WaitForSingleObject
0x65f044 CreateProcessW
0x65f048 GetLastError
0x65f04c GetExitCodeProcess
0x65f050 SetEvent
0x65f054 RemoveDirectoryW
0x65f058 GetProcAddress
0x65f05c GetModuleHandleW
0x65f060 GetWindowsDirectoryW
0x65f064 CreateDirectoryW
0x65f068 GetTempPathW
0x65f06c GetTempFileNameW
0x65f070 MoveFileW
0x65f074 EnterCriticalSection
0x65f078 LeaveCriticalSection
0x65f07c GetModuleFileNameW
0x65f080 DeleteCriticalSection
0x65f084 InitializeCriticalSectionAndSpinCount
0x65f088 GetCurrentThreadId
0x65f08c RaiseException
0x65f090 SetLastError
0x65f094 GlobalUnlock
0x65f098 GlobalLock
0x65f09c GlobalAlloc
0x65f0a0 MulDiv
0x65f0a4 lstrcmpW
0x65f0a8 CreateEventW
0x65f0ac FindClose
0x65f0b0 FindFirstFileW
0x65f0b4 GetFullPathNameW
0x65f0b8 InitializeCriticalSection
0x65f0bc lstrcpynW
0x65f0c0 CreateThread
0x65f0c4 LoadLibraryExW
0x65f0c8 GetCurrentProcess
0x65f0cc Sleep
0x65f0d0 WideCharToMultiByte
0x65f0d4 GetDiskFreeSpaceExW
0x65f0d8 DecodePointer
0x65f0dc GetExitCodeThread
0x65f0e0 GetCurrentProcessId
0x65f0e4 FreeLibrary
0x65f0e8 GetSystemDirectoryW
0x65f0ec lstrlenW
0x65f0f0 VerifyVersionInfoW
0x65f0f4 VerSetConditionMask
0x65f0f8 lstrcmpiW
0x65f0fc LoadLibraryW
0x65f100 GetDriveTypeW
0x65f104 CompareStringW
0x65f108 FindNextFileW
0x65f10c GetLogicalDriveStringsW
0x65f110 GetFileSize
0x65f114 GetFileAttributesW
0x65f118 GetShortPathNameW
0x65f11c SetFileAttributesW
0x65f120 GetFileTime
0x65f124 CopyFileW
0x65f128 ReadFile
0x65f12c SetFilePointer
0x65f130 SetFileTime
0x65f134 SystemTimeToFileTime
0x65f138 MultiByteToWideChar
0x65f13c GetSystemInfo
0x65f140 WaitForMultipleObjects
0x65f144 GetVersionExW
0x65f148 VirtualProtect
0x65f14c VirtualQuery
0x65f150 LoadLibraryExA
0x65f154 GetStringTypeW
0x65f158 LocalFree
0x65f15c LocalAlloc
0x65f160 SetUnhandledExceptionFilter
0x65f164 FileTimeToSystemTime
0x65f168 GetEnvironmentVariableW
0x65f16c GetSystemTime
0x65f170 GetDateFormatW
0x65f174 GetTimeFormatW
0x65f178 GetLocaleInfoW
0x65f17c CreateToolhelp32Snapshot
0x65f180 Process32FirstW
0x65f184 Process32NextW
0x65f188 FormatMessageW
0x65f18c GetEnvironmentStringsW
0x65f190 InitializeCriticalSectionEx
0x65f194 LoadLibraryA
0x65f198 GetModuleFileNameA
0x65f19c GetCurrentThread
0x65f1a0 GetConsoleOutputCP
0x65f1a4 FlushFileBuffers
0x65f1a8 Wow64DisableWow64FsRedirection
0x65f1ac Wow64RevertWow64FsRedirection
0x65f1b0 IsWow64Process
0x65f1b4 SetConsoleTextAttribute
0x65f1b8 GetStdHandle
0x65f1bc GetConsoleScreenBufferInfo
0x65f1c0 OutputDebugStringW
0x65f1c4 GetTickCount
0x65f1c8 GetCommandLineW
0x65f1cc SetCurrentDirectoryW
0x65f1d0 SetEndOfFile
0x65f1d4 EnumResourceLanguagesW
0x65f1d8 GetSystemDefaultLangID
0x65f1dc GetUserDefaultLangID
0x65f1e0 GetLocalTime
0x65f1e4 ResetEvent
0x65f1e8 GlobalFree
0x65f1ec GetPrivateProfileStringW
0x65f1f0 GetPrivateProfileSectionNamesW
0x65f1f4 WritePrivateProfileStringW
0x65f1f8 CreateNamedPipeW
0x65f1fc ConnectNamedPipe
0x65f200 TerminateThread
0x65f204 CompareFileTime
0x65f208 CopyFileExW
0x65f20c OpenEventW
0x65f210 PeekNamedPipe
0x65f214 WaitForSingleObjectEx
0x65f218 QueryPerformanceCounter
0x65f21c QueryPerformanceFrequency
0x65f220 EncodePointer
0x65f224 LCMapStringEx
0x65f228 CompareStringEx
0x65f22c GetCPInfo
0x65f230 GetSystemTimeAsFileTime
0x65f234 IsDebuggerPresent
0x65f238 InitializeSListHead
0x65f23c InterlockedPopEntrySList
0x65f240 InterlockedPushEntrySList
0x65f244 FlushInstructionCache
0x65f248 IsProcessorFeaturePresent
0x65f24c VirtualAlloc
0x65f250 VirtualFree
0x65f254 UnhandledExceptionFilter
0x65f258 TerminateProcess
0x65f25c GetStartupInfoW
0x65f260 RtlUnwind
0x65f264 TlsAlloc
0x65f268 TlsGetValue
0x65f26c TlsSetValue
0x65f270 TlsFree
0x65f274 ExitThread
0x65f278 FreeLibraryAndExitThread
0x65f27c GetModuleHandleExW
0x65f280 ExitProcess
0x65f284 GetFileType
0x65f288 LCMapStringW
0x65f28c IsValidLocale
0x65f290 GetUserDefaultLCID
0x65f294 EnumSystemLocalesW
0x65f298 GetTimeZoneInformation
0x65f29c GetConsoleMode
0x65f2a0 GetFileSizeEx
0x65f2a4 SetFilePointerEx
0x65f2a8 FindFirstFileExW
0x65f2ac IsValidCodePage
0x65f2b0 GetACP
0x65f2b4 GetOEMCP
0x65f2b8 GetCommandLineA
0x65f2bc FreeEnvironmentStringsW
0x65f2c0 SetEnvironmentVariableW
0x65f2c4 SetStdHandle
0x65f2c8 ReadConsoleW
0x65f2cc WriteConsoleW
0x65f2d0 GetProcessAffinityMask
0x65f2d4 GetModuleHandleA
0x65f2d8 GlobalMemoryStatus
0x65f2dc ReleaseSemaphore
0x65f2e0 CreateSemaphoreW
EAT(Export Address Table) is none