ScreenShot
| Created | 2023.05.18 09:36 | Machine | s1_win7_x6403 |
| Filename | Firefox.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 30 detected (AIDetectMalware, Babar, unsafe, Vsnj, Kryptik, Attribute, HighConfidence, malicious, high confidence, HTLQ, FileRepMalware, Misc, Artemis, high, score, Woreflint, ai score=80, Chgt, Generic@AI, RDML, cQk1Ont4jEFKFW8JDd7fNg, confidence) | ||
| md5 | c0ff2a9d710fc2f524d781dbf2d89e21 | ||
| sha256 | bcc8671116930bf6f9819cbd6fcebf1a5612ed32bb417eaff633ed11ad301059 | ||
| ssdeep | 6144:ciSbJLNNhLuEF0uVcT4jKTOybaOPo0jkAf6V5Ap+6:cH1hLuEFZ+T4jI1baOPo0oD5A | ||
| imphash | 48bbb53d48cf64caf9731094b8a1c9d0 | ||
| impfuzzy | 24:LPDZk+dZ+fcMMZt/Oov1lrEJ3duFQHRyvnRT4YjMZvZA7OlI1grzjfq8zA:tdZ+fcMMZt2K8dKRcVZZprzjV0 | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Command line console output was observed |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x424028 CreateFileA
0x42402c AddAtomW
0x424030 GetConsoleWindow
0x424034 MultiByteToWideChar
0x424038 GetModuleHandleA
0x42403c GetProcAddress
0x424040 InterlockedIncrement
0x424044 InterlockedDecrement
0x424048 WideCharToMultiByte
0x42404c Sleep
0x424050 InterlockedExchange
0x424054 InitializeCriticalSection
0x424058 DeleteCriticalSection
0x42405c EnterCriticalSection
0x424060 LeaveCriticalSection
0x424064 RtlUnwind
0x424068 RaiseException
0x42406c TerminateProcess
0x424070 GetCurrentProcess
0x424074 UnhandledExceptionFilter
0x424078 SetUnhandledExceptionFilter
0x42407c IsDebuggerPresent
0x424080 GetCommandLineA
0x424084 GetLastError
0x424088 HeapFree
0x42408c GetCPInfo
0x424090 LCMapStringA
0x424094 LCMapStringW
0x424098 GetModuleHandleW
0x42409c TlsGetValue
0x4240a0 TlsAlloc
0x4240a4 TlsSetValue
0x4240a8 TlsFree
0x4240ac SetLastError
0x4240b0 GetCurrentThreadId
0x4240b4 WriteFile
0x4240b8 GetStdHandle
0x4240bc GetModuleFileNameA
0x4240c0 HeapAlloc
0x4240c4 ExitProcess
0x4240c8 FreeEnvironmentStringsA
0x4240cc GetEnvironmentStrings
0x4240d0 FreeEnvironmentStringsW
0x4240d4 GetEnvironmentStringsW
0x4240d8 SetHandleCount
0x4240dc GetFileType
0x4240e0 GetStartupInfoA
0x4240e4 HeapCreate
0x4240e8 VirtualFree
0x4240ec QueryPerformanceCounter
0x4240f0 GetTickCount
0x4240f4 GetCurrentProcessId
0x4240f8 GetSystemTimeAsFileTime
0x4240fc VirtualAlloc
0x424100 HeapReAlloc
0x424104 GetConsoleCP
0x424108 GetConsoleMode
0x42410c FlushFileBuffers
0x424110 ReadFile
0x424114 SetFilePointer
0x424118 CloseHandle
0x42411c HeapSize
0x424120 GetACP
0x424124 GetOEMCP
0x424128 IsValidCodePage
0x42412c GetUserDefaultLCID
0x424130 GetLocaleInfoA
0x424134 EnumSystemLocalesA
0x424138 IsValidLocale
0x42413c GetStringTypeA
0x424140 GetStringTypeW
0x424144 LoadLibraryA
0x424148 GetLocaleInfoW
0x42414c InitializeCriticalSectionAndSpinCount
0x424150 WriteConsoleA
0x424154 GetConsoleOutputCP
0x424158 WriteConsoleW
0x42415c SetStdHandle
USER32.dll
0x424164 GetDesktopWindow
0x424168 GetWindowThreadProcessId
0x42416c ShowWindow
GDI32.dll
0x424008 GetObjectA
0x42400c GetStockObject
0x424010 DeleteObject
0x424014 SetBkMode
0x424018 SetTextColor
0x42401c CreateFontIndirectA
0x424020 SelectObject
ADVAPI32.dll
0x424000 RegDeleteKeyA
EAT(Export Address Table) is none
KERNEL32.dll
0x424028 CreateFileA
0x42402c AddAtomW
0x424030 GetConsoleWindow
0x424034 MultiByteToWideChar
0x424038 GetModuleHandleA
0x42403c GetProcAddress
0x424040 InterlockedIncrement
0x424044 InterlockedDecrement
0x424048 WideCharToMultiByte
0x42404c Sleep
0x424050 InterlockedExchange
0x424054 InitializeCriticalSection
0x424058 DeleteCriticalSection
0x42405c EnterCriticalSection
0x424060 LeaveCriticalSection
0x424064 RtlUnwind
0x424068 RaiseException
0x42406c TerminateProcess
0x424070 GetCurrentProcess
0x424074 UnhandledExceptionFilter
0x424078 SetUnhandledExceptionFilter
0x42407c IsDebuggerPresent
0x424080 GetCommandLineA
0x424084 GetLastError
0x424088 HeapFree
0x42408c GetCPInfo
0x424090 LCMapStringA
0x424094 LCMapStringW
0x424098 GetModuleHandleW
0x42409c TlsGetValue
0x4240a0 TlsAlloc
0x4240a4 TlsSetValue
0x4240a8 TlsFree
0x4240ac SetLastError
0x4240b0 GetCurrentThreadId
0x4240b4 WriteFile
0x4240b8 GetStdHandle
0x4240bc GetModuleFileNameA
0x4240c0 HeapAlloc
0x4240c4 ExitProcess
0x4240c8 FreeEnvironmentStringsA
0x4240cc GetEnvironmentStrings
0x4240d0 FreeEnvironmentStringsW
0x4240d4 GetEnvironmentStringsW
0x4240d8 SetHandleCount
0x4240dc GetFileType
0x4240e0 GetStartupInfoA
0x4240e4 HeapCreate
0x4240e8 VirtualFree
0x4240ec QueryPerformanceCounter
0x4240f0 GetTickCount
0x4240f4 GetCurrentProcessId
0x4240f8 GetSystemTimeAsFileTime
0x4240fc VirtualAlloc
0x424100 HeapReAlloc
0x424104 GetConsoleCP
0x424108 GetConsoleMode
0x42410c FlushFileBuffers
0x424110 ReadFile
0x424114 SetFilePointer
0x424118 CloseHandle
0x42411c HeapSize
0x424120 GetACP
0x424124 GetOEMCP
0x424128 IsValidCodePage
0x42412c GetUserDefaultLCID
0x424130 GetLocaleInfoA
0x424134 EnumSystemLocalesA
0x424138 IsValidLocale
0x42413c GetStringTypeA
0x424140 GetStringTypeW
0x424144 LoadLibraryA
0x424148 GetLocaleInfoW
0x42414c InitializeCriticalSectionAndSpinCount
0x424150 WriteConsoleA
0x424154 GetConsoleOutputCP
0x424158 WriteConsoleW
0x42415c SetStdHandle
USER32.dll
0x424164 GetDesktopWindow
0x424168 GetWindowThreadProcessId
0x42416c ShowWindow
GDI32.dll
0x424008 GetObjectA
0x42400c GetStockObject
0x424010 DeleteObject
0x424014 SetBkMode
0x424018 SetTextColor
0x42401c CreateFontIndirectA
0x424020 SelectObject
ADVAPI32.dll
0x424000 RegDeleteKeyA
EAT(Export Address Table) is none