ScreenShot
| Created | 2023.05.19 18:02 | Machine | s1_win7_x6401 |
| Filename | 136.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 43 detected (AIDetectMalware, GenericKD, Artemis, Stealerc, V6ku, TrojanPSW, ABRisk, NRAM, Attribute, HighConfidence, malicious, high confidence, score, SpywareX, QQPass, QQRob, Kcnw, waigy, LUMMASTEALER, YXDEQZ, high, Wacatac, Detected, ZexaF, CyW@aC2ovd, ai score=84, unsafe, Chgt, Generic@AI, RDML, G7nKusGuzpM0pwemSQfkGQ, PossibleThreat, PALLAS, confidence, 100%) | ||
| md5 | a1feeca49654dafe62b72623b20cd8bd | ||
| sha256 | f261b983871017c3b616dd7d762602f5d8313c92981706fe587a02efbea23cc5 | ||
| ssdeep | 12288:24LOMyTvlmerfing0sdcQwX3FpTry1af0:2rtTvDrfiU6f3Fp/ | ||
| imphash | 35ef3be2e1db54617ec4882897e31d4b | ||
| impfuzzy | 48:UYXOtCkx3LOn1LqI44rphCbwrjO6rcRgOqyv9DD4rz0F5bMw:lXCCkNOn1LLDrphB/O6rc6rO | ||
Network IP location
Signature (16cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 43 AntiVirus engines on VirusTotal as malicious |
| watch | Appends a known CryptoMix ransomware file extension to files that have been encrypted |
| watch | Attempts to access Bitcoin/ALTCoin wallets |
| watch | Collects information about installed applications |
| watch | Communicates with host for which no DNS query was performed |
| watch | Detects Virtual Machines through their custom firmware |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Queries for potentially installed applications |
| notice | Sends data using the HTTP POST Method |
| notice | Steals private information from local Internet browsers |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | Tries to locate where the browsers are installed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x46f07c CloseHandle
0x46f080 CompareStringW
0x46f084 CreateDirectoryW
0x46f088 CreateFileW
0x46f08c DecodePointer
0x46f090 DeleteCriticalSection
0x46f094 DeleteFileW
0x46f098 EncodePointer
0x46f09c EnterCriticalSection
0x46f0a0 ExitProcess
0x46f0a4 FileTimeToSystemTime
0x46f0a8 FindAtomA
0x46f0ac FindAtomW
0x46f0b0 FindClose
0x46f0b4 FindFirstFileExW
0x46f0b8 FindNextFileW
0x46f0bc FindResourceA
0x46f0c0 FindResourceW
0x46f0c4 FlushFileBuffers
0x46f0c8 FreeEnvironmentStringsW
0x46f0cc FreeLibrary
0x46f0d0 GetACP
0x46f0d4 GetCPInfo
0x46f0d8 GetCommandLineA
0x46f0dc GetCommandLineW
0x46f0e0 GetComputerNameA
0x46f0e4 GetComputerNameW
0x46f0e8 GetConsoleMode
0x46f0ec GetConsoleOutputCP
0x46f0f0 GetCurrentDirectoryA
0x46f0f4 GetCurrentDirectoryW
0x46f0f8 GetCurrentProcess
0x46f0fc GetCurrentProcessId
0x46f100 GetCurrentThreadId
0x46f104 GetDriveTypeW
0x46f108 GetEnvironmentStringsW
0x46f10c GetFileInformationByHandle
0x46f110 GetFileSizeEx
0x46f114 GetFileType
0x46f118 GetFullPathNameW
0x46f11c GetLastError
0x46f120 GetLocalTime
0x46f124 GetModuleFileNameW
0x46f128 GetModuleHandleExW
0x46f12c GetModuleHandleW
0x46f130 GetOEMCP
0x46f134 GetProcAddress
0x46f138 GetProcessHeap
0x46f13c GetProcessId
0x46f140 GetStartupInfoW
0x46f144 GetStdHandle
0x46f148 GetStringTypeW
0x46f14c GetSystemTimeAsFileTime
0x46f150 GetTickCount64
0x46f154 GetTimeZoneInformation
0x46f158 GetUserDefaultLangID
0x46f15c GetUserDefaultUILanguage
0x46f160 HeapAlloc
0x46f164 HeapDestroy
0x46f168 HeapFree
0x46f16c HeapReAlloc
0x46f170 HeapSize
0x46f174 InitializeCriticalSectionAndSpinCount
0x46f178 InitializeSListHead
0x46f17c IsDebuggerPresent
0x46f180 IsProcessorFeaturePresent
0x46f184 IsValidCodePage
0x46f188 LCMapStringW
0x46f18c LeaveCriticalSection
0x46f190 LoadLibraryA
0x46f194 LoadLibraryExW
0x46f198 LoadLibraryW
0x46f19c MultiByteToWideChar
0x46f1a0 OpenMutexA
0x46f1a4 OpenMutexW
0x46f1a8 OutputDebugStringA
0x46f1ac OutputDebugStringW
0x46f1b0 PeekNamedPipe
0x46f1b4 QueryPerformanceCounter
0x46f1b8 RaiseException
0x46f1bc ReadConsoleW
0x46f1c0 ReadFile
0x46f1c4 RtlUnwind
0x46f1c8 SetEndOfFile
0x46f1cc SetEnvironmentVariableW
0x46f1d0 SetFilePointerEx
0x46f1d4 SetFileTime
0x46f1d8 SetLastError
0x46f1dc SetStdHandle
0x46f1e0 SetUnhandledExceptionFilter
0x46f1e4 Sleep
0x46f1e8 SystemTimeToFileTime
0x46f1ec SystemTimeToTzSpecificLocalTime
0x46f1f0 TerminateProcess
0x46f1f4 TlsAlloc
0x46f1f8 TlsFree
0x46f1fc TlsGetValue
0x46f200 TlsSetValue
0x46f204 TzSpecificLocalTimeToSystemTime
0x46f208 UnhandledExceptionFilter
0x46f20c VirtualQuery
0x46f210 WideCharToMultiByte
0x46f214 WriteConsoleW
0x46f218 WriteFile
0x46f21c lstrcatW
0x46f220 lstrcmpW
0x46f224 lstrcmpiW
0x46f228 lstrlenW
ADVAPI32.dll
0x46f230 GetUserNameW
0x46f234 RegCloseKey
0x46f238 RegEnumKeyExW
0x46f23c RegOpenKeyExW
0x46f240 RegQueryValueExW
USER32.dll
0x46f248 EnumDisplayDevicesA
0x46f24c FindWindowA
0x46f250 FindWindowW
0x46f254 GetActiveWindow
0x46f258 GetCursorPos
0x46f25c GetDC
0x46f260 GetDesktopWindow
0x46f264 GetForegroundWindow
0x46f268 GetSystemMetrics
0x46f26c ReleaseDC
0x46f270 SystemParametersInfoW
0x46f274 wsprintfW
GDI32.dll
0x46f27c BitBlt
0x46f280 CreateCompatibleBitmap
0x46f284 CreateCompatibleDC
0x46f288 CreateDCW
0x46f28c DeleteDC
0x46f290 DeleteObject
0x46f294 GetDIBits
0x46f298 GetObjectW
0x46f29c SelectObject
EAT(Export Address Table) is none
KERNEL32.dll
0x46f07c CloseHandle
0x46f080 CompareStringW
0x46f084 CreateDirectoryW
0x46f088 CreateFileW
0x46f08c DecodePointer
0x46f090 DeleteCriticalSection
0x46f094 DeleteFileW
0x46f098 EncodePointer
0x46f09c EnterCriticalSection
0x46f0a0 ExitProcess
0x46f0a4 FileTimeToSystemTime
0x46f0a8 FindAtomA
0x46f0ac FindAtomW
0x46f0b0 FindClose
0x46f0b4 FindFirstFileExW
0x46f0b8 FindNextFileW
0x46f0bc FindResourceA
0x46f0c0 FindResourceW
0x46f0c4 FlushFileBuffers
0x46f0c8 FreeEnvironmentStringsW
0x46f0cc FreeLibrary
0x46f0d0 GetACP
0x46f0d4 GetCPInfo
0x46f0d8 GetCommandLineA
0x46f0dc GetCommandLineW
0x46f0e0 GetComputerNameA
0x46f0e4 GetComputerNameW
0x46f0e8 GetConsoleMode
0x46f0ec GetConsoleOutputCP
0x46f0f0 GetCurrentDirectoryA
0x46f0f4 GetCurrentDirectoryW
0x46f0f8 GetCurrentProcess
0x46f0fc GetCurrentProcessId
0x46f100 GetCurrentThreadId
0x46f104 GetDriveTypeW
0x46f108 GetEnvironmentStringsW
0x46f10c GetFileInformationByHandle
0x46f110 GetFileSizeEx
0x46f114 GetFileType
0x46f118 GetFullPathNameW
0x46f11c GetLastError
0x46f120 GetLocalTime
0x46f124 GetModuleFileNameW
0x46f128 GetModuleHandleExW
0x46f12c GetModuleHandleW
0x46f130 GetOEMCP
0x46f134 GetProcAddress
0x46f138 GetProcessHeap
0x46f13c GetProcessId
0x46f140 GetStartupInfoW
0x46f144 GetStdHandle
0x46f148 GetStringTypeW
0x46f14c GetSystemTimeAsFileTime
0x46f150 GetTickCount64
0x46f154 GetTimeZoneInformation
0x46f158 GetUserDefaultLangID
0x46f15c GetUserDefaultUILanguage
0x46f160 HeapAlloc
0x46f164 HeapDestroy
0x46f168 HeapFree
0x46f16c HeapReAlloc
0x46f170 HeapSize
0x46f174 InitializeCriticalSectionAndSpinCount
0x46f178 InitializeSListHead
0x46f17c IsDebuggerPresent
0x46f180 IsProcessorFeaturePresent
0x46f184 IsValidCodePage
0x46f188 LCMapStringW
0x46f18c LeaveCriticalSection
0x46f190 LoadLibraryA
0x46f194 LoadLibraryExW
0x46f198 LoadLibraryW
0x46f19c MultiByteToWideChar
0x46f1a0 OpenMutexA
0x46f1a4 OpenMutexW
0x46f1a8 OutputDebugStringA
0x46f1ac OutputDebugStringW
0x46f1b0 PeekNamedPipe
0x46f1b4 QueryPerformanceCounter
0x46f1b8 RaiseException
0x46f1bc ReadConsoleW
0x46f1c0 ReadFile
0x46f1c4 RtlUnwind
0x46f1c8 SetEndOfFile
0x46f1cc SetEnvironmentVariableW
0x46f1d0 SetFilePointerEx
0x46f1d4 SetFileTime
0x46f1d8 SetLastError
0x46f1dc SetStdHandle
0x46f1e0 SetUnhandledExceptionFilter
0x46f1e4 Sleep
0x46f1e8 SystemTimeToFileTime
0x46f1ec SystemTimeToTzSpecificLocalTime
0x46f1f0 TerminateProcess
0x46f1f4 TlsAlloc
0x46f1f8 TlsFree
0x46f1fc TlsGetValue
0x46f200 TlsSetValue
0x46f204 TzSpecificLocalTimeToSystemTime
0x46f208 UnhandledExceptionFilter
0x46f20c VirtualQuery
0x46f210 WideCharToMultiByte
0x46f214 WriteConsoleW
0x46f218 WriteFile
0x46f21c lstrcatW
0x46f220 lstrcmpW
0x46f224 lstrcmpiW
0x46f228 lstrlenW
ADVAPI32.dll
0x46f230 GetUserNameW
0x46f234 RegCloseKey
0x46f238 RegEnumKeyExW
0x46f23c RegOpenKeyExW
0x46f240 RegQueryValueExW
USER32.dll
0x46f248 EnumDisplayDevicesA
0x46f24c FindWindowA
0x46f250 FindWindowW
0x46f254 GetActiveWindow
0x46f258 GetCursorPos
0x46f25c GetDC
0x46f260 GetDesktopWindow
0x46f264 GetForegroundWindow
0x46f268 GetSystemMetrics
0x46f26c ReleaseDC
0x46f270 SystemParametersInfoW
0x46f274 wsprintfW
GDI32.dll
0x46f27c BitBlt
0x46f280 CreateCompatibleBitmap
0x46f284 CreateCompatibleDC
0x46f288 CreateDCW
0x46f28c DeleteDC
0x46f290 DeleteObject
0x46f294 GetDIBits
0x46f298 GetObjectW
0x46f29c SelectObject
EAT(Export Address Table) is none