ScreenShot
| Created | 2023.05.28 14:19 | Machine | s1_win7_x6403 |
| Filename | p0aw25.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 30 detected (GenericKD, unsafe, Attribute, HighConfidence, malicious, moderate confidence, Badur, Oader, Cdhl, dqohm, ai score=84, Casdet, QMB8W2, Detected, y9pCLMsyKnL) | ||
| md5 | 72fa10bd951a660d3b64696d0ce2398a | ||
| sha256 | 340a91310668a5a9ee94404f9bec196f180c6ea1c3a47124614918e02c480d40 | ||
| ssdeep | 6144:KvY7uKa7GjX7jpbERxpp521t+6mslnCUGwfxIRLtxIRLuovZ3H3AdKy9HGeofJgG:3/04rlwppx6mDaooojmN | ||
| imphash | 415314d0031f15135fbc02f2ca18bb2f | ||
| impfuzzy | 96:rEDqAKsivr90GkjPEdxDHpURc06vgEBnTMsbPz9YqAXzeXZ+hFzfRFGx2At:rEDqbsivGUBnTMsLzpsaXZ+hFzyHt | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x100001000 EventWrite
0x100001008 GetTraceEnableFlags
0x100001010 EventUnregister
0x100001018 GetTraceLoggerHandle
0x100001020 UnregisterTraceGuids
0x100001028 EventRegister
0x100001030 GetTraceEnableLevel
0x100001038 RegisterTraceGuidsW
0x100001040 TraceMessage
0x100001048 RegCreateKeyExW
0x100001050 RegCloseKey
0x100001058 RegSetValueExW
0x100001060 RegQueryValueExW
0x100001068 RegOpenKeyExW
0x100001070 RegDeleteValueW
0x100001078 RegGetValueW
0x100001080 AllocateAndInitializeSid
0x100001088 FreeSid
0x100001090 CheckTokenMembership
KERNEL32.dll
0x100001188 FreeLibrary
0x100001190 WaitForSingleObject
0x100001198 SetEvent
0x1000011a0 LoadLibraryW
0x1000011a8 Sleep
0x1000011b0 GetProcAddress
0x1000011b8 CreateEventW
0x1000011c0 CreateThread
0x1000011c8 GetSystemDefaultLangID
0x1000011d0 GetStringTypeExW
0x1000011d8 GetCurrentProcess
0x1000011e0 IsProcessInJob
0x1000011e8 LoadLibraryExA
0x1000011f0 DelayLoadFailureHook
0x1000011f8 GlobalAddAtomW
0x100001200 GetModuleFileNameW
0x100001208 GlobalDeleteAtom
0x100001210 ExpandEnvironmentStringsW
0x100001218 RegisterApplicationRestart
0x100001220 HeapSize
0x100001228 HeapReAlloc
0x100001230 HeapDestroy
0x100001238 GetVersionExA
0x100001240 GetCurrentProcessId
0x100001248 GetLastError
0x100001250 LockResource
0x100001258 LocaleNameToLCID
0x100001260 ProcessIdToSessionId
0x100001268 RaiseException
0x100001270 lstrlenW
0x100001278 GetUserPreferredUILanguages
0x100001280 MulDiv
0x100001288 GetLocaleInfoEx
0x100001290 ResolveLocaleName
0x100001298 GetTickCount
0x1000012a0 LoadLibraryExW
0x1000012a8 LoadResource
0x1000012b0 FindResourceExW
0x1000012b8 LCIDToLocaleName
0x1000012c0 FreeResource
0x1000012c8 GetProcessHeap
0x1000012d0 HeapAlloc
0x1000012d8 GetTickCount64
0x1000012e0 CloseHandle
0x1000012e8 SetProcessShutdownParameters
0x1000012f0 HeapSetInformation
0x1000012f8 GlobalAlloc
0x100001300 GlobalLock
0x100001308 GlobalUnlock
0x100001310 GlobalFree
0x100001318 GetAtomNameW
0x100001320 DeleteCriticalSection
0x100001328 InitializeCriticalSection
0x100001330 EncodePointer
0x100001338 DecodePointer
0x100001340 GetUserGeoID
0x100001348 DebugBreak
0x100001350 EnterCriticalSection
0x100001358 LeaveCriticalSection
0x100001360 CompareStringOrdinal
0x100001368 GetLocaleInfoW
0x100001370 HeapFree
0x100001378 FindResourceW
0x100001380 SizeofResource
0x100001388 DeactivateActCtx
0x100001390 ActivateActCtx
0x100001398 ReleaseActCtx
0x1000013a0 CreateActCtxW
0x1000013a8 UnhandledExceptionFilter
0x1000013b0 TerminateProcess
0x1000013b8 GetSystemTimeAsFileTime
0x1000013c0 GetCurrentThreadId
0x1000013c8 QueryPerformanceCounter
0x1000013d0 GetModuleHandleW
0x1000013d8 SetUnhandledExceptionFilter
0x1000013e0 GetStartupInfoW
0x1000013e8 CreateMutexW
GDI32.dll
0x1000010b0 DeleteDC
0x1000010b8 TextOutW
0x1000010c0 DeleteObject
0x1000010c8 SelectObject
0x1000010d0 CreateFontIndirectW
0x1000010d8 PatBlt
0x1000010e0 SetBkMode
0x1000010e8 SetTextAlign
0x1000010f0 SetTextColor
0x1000010f8 BitBlt
0x100001100 RestoreDC
0x100001108 SelectClipRgn
0x100001110 SaveDC
0x100001118 OffsetRgn
0x100001120 CreateRoundRectRgn
0x100001128 SetStretchBltMode
0x100001130 GetStretchBltMode
0x100001138 SetPixel
0x100001140 CombineRgn
0x100001148 CreateDIBSection
0x100001150 CreateCompatibleDC
0x100001158 StretchBlt
0x100001160 GetObjectW
0x100001168 GetStockObject
0x100001170 GetDeviceCaps
0x100001178 GdiAlphaBlend
USER32.dll
0x1000014a8 UnregisterClassA
0x1000014b0 RedrawWindow
0x1000014b8 OffsetRect
0x1000014c0 SetRectEmpty
0x1000014c8 IsRectEmpty
0x1000014d0 InvalidateRect
0x1000014d8 CharUpperBuffW
0x1000014e0 IsIconic
0x1000014e8 SetForegroundWindow
0x1000014f0 FindWindowW
0x1000014f8 TranslateMessage
0x100001500 IsDialogMessageW
0x100001508 SetWindowPos
0x100001510 PeekMessageW
0x100001518 LoadStringW
0x100001520 DispatchMessageW
0x100001528 SystemParametersInfoW
0x100001530 KillTimer
0x100001538 LoadImageW
0x100001540 ScreenToClient
0x100001548 SetTimer
0x100001550 GetWindowThreadProcessId
0x100001558 GetPropW
0x100001560 MapWindowPoints
0x100001568 UnhookWindowsHookEx
0x100001570 SetWindowsHookExW
0x100001578 GetSysColor
0x100001580 MapVirtualKeyExW
0x100001588 ReleaseDC
0x100001590 GetClassNameW
0x100001598 GetWindowLongW
0x1000015a0 GetKeyboardLayout
0x1000015a8 SetWinEventHook
0x1000015b0 GetCursorInfo
0x1000015b8 GetCursorPos
0x1000015c0 CreateWindowExW
0x1000015c8 SendMessageW
0x1000015d0 DestroyWindow
0x1000015d8 ShowWindow
0x1000015e0 GetMessageW
0x1000015e8 GetWindowMinimizeRect
0x1000015f0 CreateDialogParamW
0x1000015f8 GetGUIThreadInfo
0x100001600 GetForegroundWindow
0x100001608 GetKeyState
0x100001610 PostQuitMessage
0x100001618 ChangeWindowMessageFilterEx
0x100001620 RegisterClassW
0x100001628 DefWindowProcW
0x100001630 DialogBoxParamW
0x100001638 GetWindowLongPtrW
0x100001640 SetFocus
0x100001648 GetDlgItem
0x100001650 EndDialog
0x100001658 SendDlgItemMessageW
0x100001660 CheckDlgButton
0x100001668 MessageBoxW
0x100001670 SetWindowLongPtrW
0x100001678 SetDlgItemTextW
0x100001680 EnableWindow
0x100001688 SetWindowPlacement
0x100001690 RemovePropW
0x100001698 GetWindowRect
0x1000016a0 MonitorFromPoint
0x1000016a8 SendInput
0x1000016b0 GetMessageExtraInfo
0x1000016b8 GetDoubleClickTime
0x1000016c0 SetPropW
0x1000016c8 LoadIconW
0x1000016d0 SetClassLongPtrW
0x1000016d8 IsWindow
0x1000016e0 AdjustWindowRectEx
0x1000016e8 GetSystemMetrics
0x1000016f0 AllowSetForegroundWindow
0x1000016f8 PostMessageW
0x100001700 GetParent
0x100001708 LoadCursorW
0x100001710 CallNextHookEx
0x100001718 UnhookWinEvent
0x100001720 GetClientRect
0x100001728 PtInRect
0x100001730 GetDC
0x100001738 WindowFromPhysicalPoint
msvcrt.dll
0x100001830 __CxxFrameHandler3
0x100001838 memcmp
0x100001840 _wtoi
0x100001848 _itow
0x100001850 wcstok_s
0x100001858 wcstol
0x100001860 memcpy
0x100001868 floorf
0x100001870 _wcsicmp
0x100001878 _purecall
0x100001880 malloc
0x100001888 _CxxThrowException
0x100001890 memset
0x100001898 ?terminate@@YAXXZ
0x1000018a0 _unlock
0x1000018a8 __dllonexit
0x1000018b0 _lock
0x1000018b8 _onexit
0x1000018c0 ??3@YAXPEAX@Z
0x1000018c8 wcstoul
0x1000018d0 ??_V@YAXPEAX@Z
0x1000018d8 _vsnwprintf
0x1000018e0 memcpy_s
0x1000018e8 ??2@YAPEAX_K@Z
0x1000018f0 memmove_s
0x1000018f8 ??_U@YAPEAX_K@Z
0x100001900 free
0x100001908 calloc
0x100001910 wcsstr
0x100001918 __wgetmainargs
0x100001920 __C_specific_handler
0x100001928 _XcptFilter
0x100001930 __set_app_type
0x100001938 _fmode
0x100001940 _commode
0x100001948 _exit
0x100001950 _cexit
0x100001958 __setusermatherr
0x100001960 _amsg_exit
0x100001968 _initterm
0x100001970 _wcmdln
0x100001978 exit
dwmapi.dll
0x100001768 DwmExtendFrameIntoClientArea
0x100001770 DwmIsCompositionEnabled
0x100001778 DwmSetWindowAttribute
gdiplus.dll
0x100001788 GdipCreateBitmapFromStream
0x100001790 GdipDisposeImage
0x100001798 GdipFillRectangleI
0x1000017a0 GdipDrawLineI
0x1000017a8 GdiplusStartup
0x1000017b0 GdiplusShutdown
0x1000017b8 GdipDrawImageRectI
0x1000017c0 GdipCloneImage
0x1000017c8 GdipCreateHatchBrush
0x1000017d0 GdipCloneBrush
0x1000017d8 GdipCreateFromHDC
0x1000017e0 GdipSetPenColor
0x1000017e8 GdipCreateSolidFill
0x1000017f0 GdipDeleteGraphics
0x1000017f8 GdipDeletePen
0x100001800 GdipCreatePen1
0x100001808 GdipSetSolidFillColor
0x100001810 GdipDeleteBrush
0x100001818 GdipAlloc
0x100001820 GdipFree
ntdll.dll
0x100001988 WinSqmIsOptedIn
0x100001990 WinSqmSetDWORD
0x100001998 RtlVirtualUnwind
0x1000019a0 RtlLookupFunctionEntry
0x1000019a8 RtlCaptureContext
0x1000019b0 WinSqmIncrementDWORD
ole32.dll
0x1000019c0 CoTaskMemFree
0x1000019c8 CoTaskMemAlloc
0x1000019d0 CreateStreamOnHGlobal
0x1000019d8 CoCreateInstance
0x1000019e0 CoUninitialize
0x1000019e8 CoInitialize
OLEACC.dll
0x100001448 AccessibleObjectFromWindow
SHLWAPI.dll
0x100001498 PathFindFileNameW
WMsgAPI.dll
0x100001758 WmsgSendMessage
DUser.dll
0x1000010a0 InvalidateGadget
UxTheme.dll
0x100001748 IsThemeActive
EAT(Export Address Table) is none
ADVAPI32.dll
0x100001000 EventWrite
0x100001008 GetTraceEnableFlags
0x100001010 EventUnregister
0x100001018 GetTraceLoggerHandle
0x100001020 UnregisterTraceGuids
0x100001028 EventRegister
0x100001030 GetTraceEnableLevel
0x100001038 RegisterTraceGuidsW
0x100001040 TraceMessage
0x100001048 RegCreateKeyExW
0x100001050 RegCloseKey
0x100001058 RegSetValueExW
0x100001060 RegQueryValueExW
0x100001068 RegOpenKeyExW
0x100001070 RegDeleteValueW
0x100001078 RegGetValueW
0x100001080 AllocateAndInitializeSid
0x100001088 FreeSid
0x100001090 CheckTokenMembership
KERNEL32.dll
0x100001188 FreeLibrary
0x100001190 WaitForSingleObject
0x100001198 SetEvent
0x1000011a0 LoadLibraryW
0x1000011a8 Sleep
0x1000011b0 GetProcAddress
0x1000011b8 CreateEventW
0x1000011c0 CreateThread
0x1000011c8 GetSystemDefaultLangID
0x1000011d0 GetStringTypeExW
0x1000011d8 GetCurrentProcess
0x1000011e0 IsProcessInJob
0x1000011e8 LoadLibraryExA
0x1000011f0 DelayLoadFailureHook
0x1000011f8 GlobalAddAtomW
0x100001200 GetModuleFileNameW
0x100001208 GlobalDeleteAtom
0x100001210 ExpandEnvironmentStringsW
0x100001218 RegisterApplicationRestart
0x100001220 HeapSize
0x100001228 HeapReAlloc
0x100001230 HeapDestroy
0x100001238 GetVersionExA
0x100001240 GetCurrentProcessId
0x100001248 GetLastError
0x100001250 LockResource
0x100001258 LocaleNameToLCID
0x100001260 ProcessIdToSessionId
0x100001268 RaiseException
0x100001270 lstrlenW
0x100001278 GetUserPreferredUILanguages
0x100001280 MulDiv
0x100001288 GetLocaleInfoEx
0x100001290 ResolveLocaleName
0x100001298 GetTickCount
0x1000012a0 LoadLibraryExW
0x1000012a8 LoadResource
0x1000012b0 FindResourceExW
0x1000012b8 LCIDToLocaleName
0x1000012c0 FreeResource
0x1000012c8 GetProcessHeap
0x1000012d0 HeapAlloc
0x1000012d8 GetTickCount64
0x1000012e0 CloseHandle
0x1000012e8 SetProcessShutdownParameters
0x1000012f0 HeapSetInformation
0x1000012f8 GlobalAlloc
0x100001300 GlobalLock
0x100001308 GlobalUnlock
0x100001310 GlobalFree
0x100001318 GetAtomNameW
0x100001320 DeleteCriticalSection
0x100001328 InitializeCriticalSection
0x100001330 EncodePointer
0x100001338 DecodePointer
0x100001340 GetUserGeoID
0x100001348 DebugBreak
0x100001350 EnterCriticalSection
0x100001358 LeaveCriticalSection
0x100001360 CompareStringOrdinal
0x100001368 GetLocaleInfoW
0x100001370 HeapFree
0x100001378 FindResourceW
0x100001380 SizeofResource
0x100001388 DeactivateActCtx
0x100001390 ActivateActCtx
0x100001398 ReleaseActCtx
0x1000013a0 CreateActCtxW
0x1000013a8 UnhandledExceptionFilter
0x1000013b0 TerminateProcess
0x1000013b8 GetSystemTimeAsFileTime
0x1000013c0 GetCurrentThreadId
0x1000013c8 QueryPerformanceCounter
0x1000013d0 GetModuleHandleW
0x1000013d8 SetUnhandledExceptionFilter
0x1000013e0 GetStartupInfoW
0x1000013e8 CreateMutexW
GDI32.dll
0x1000010b0 DeleteDC
0x1000010b8 TextOutW
0x1000010c0 DeleteObject
0x1000010c8 SelectObject
0x1000010d0 CreateFontIndirectW
0x1000010d8 PatBlt
0x1000010e0 SetBkMode
0x1000010e8 SetTextAlign
0x1000010f0 SetTextColor
0x1000010f8 BitBlt
0x100001100 RestoreDC
0x100001108 SelectClipRgn
0x100001110 SaveDC
0x100001118 OffsetRgn
0x100001120 CreateRoundRectRgn
0x100001128 SetStretchBltMode
0x100001130 GetStretchBltMode
0x100001138 SetPixel
0x100001140 CombineRgn
0x100001148 CreateDIBSection
0x100001150 CreateCompatibleDC
0x100001158 StretchBlt
0x100001160 GetObjectW
0x100001168 GetStockObject
0x100001170 GetDeviceCaps
0x100001178 GdiAlphaBlend
USER32.dll
0x1000014a8 UnregisterClassA
0x1000014b0 RedrawWindow
0x1000014b8 OffsetRect
0x1000014c0 SetRectEmpty
0x1000014c8 IsRectEmpty
0x1000014d0 InvalidateRect
0x1000014d8 CharUpperBuffW
0x1000014e0 IsIconic
0x1000014e8 SetForegroundWindow
0x1000014f0 FindWindowW
0x1000014f8 TranslateMessage
0x100001500 IsDialogMessageW
0x100001508 SetWindowPos
0x100001510 PeekMessageW
0x100001518 LoadStringW
0x100001520 DispatchMessageW
0x100001528 SystemParametersInfoW
0x100001530 KillTimer
0x100001538 LoadImageW
0x100001540 ScreenToClient
0x100001548 SetTimer
0x100001550 GetWindowThreadProcessId
0x100001558 GetPropW
0x100001560 MapWindowPoints
0x100001568 UnhookWindowsHookEx
0x100001570 SetWindowsHookExW
0x100001578 GetSysColor
0x100001580 MapVirtualKeyExW
0x100001588 ReleaseDC
0x100001590 GetClassNameW
0x100001598 GetWindowLongW
0x1000015a0 GetKeyboardLayout
0x1000015a8 SetWinEventHook
0x1000015b0 GetCursorInfo
0x1000015b8 GetCursorPos
0x1000015c0 CreateWindowExW
0x1000015c8 SendMessageW
0x1000015d0 DestroyWindow
0x1000015d8 ShowWindow
0x1000015e0 GetMessageW
0x1000015e8 GetWindowMinimizeRect
0x1000015f0 CreateDialogParamW
0x1000015f8 GetGUIThreadInfo
0x100001600 GetForegroundWindow
0x100001608 GetKeyState
0x100001610 PostQuitMessage
0x100001618 ChangeWindowMessageFilterEx
0x100001620 RegisterClassW
0x100001628 DefWindowProcW
0x100001630 DialogBoxParamW
0x100001638 GetWindowLongPtrW
0x100001640 SetFocus
0x100001648 GetDlgItem
0x100001650 EndDialog
0x100001658 SendDlgItemMessageW
0x100001660 CheckDlgButton
0x100001668 MessageBoxW
0x100001670 SetWindowLongPtrW
0x100001678 SetDlgItemTextW
0x100001680 EnableWindow
0x100001688 SetWindowPlacement
0x100001690 RemovePropW
0x100001698 GetWindowRect
0x1000016a0 MonitorFromPoint
0x1000016a8 SendInput
0x1000016b0 GetMessageExtraInfo
0x1000016b8 GetDoubleClickTime
0x1000016c0 SetPropW
0x1000016c8 LoadIconW
0x1000016d0 SetClassLongPtrW
0x1000016d8 IsWindow
0x1000016e0 AdjustWindowRectEx
0x1000016e8 GetSystemMetrics
0x1000016f0 AllowSetForegroundWindow
0x1000016f8 PostMessageW
0x100001700 GetParent
0x100001708 LoadCursorW
0x100001710 CallNextHookEx
0x100001718 UnhookWinEvent
0x100001720 GetClientRect
0x100001728 PtInRect
0x100001730 GetDC
0x100001738 WindowFromPhysicalPoint
msvcrt.dll
0x100001830 __CxxFrameHandler3
0x100001838 memcmp
0x100001840 _wtoi
0x100001848 _itow
0x100001850 wcstok_s
0x100001858 wcstol
0x100001860 memcpy
0x100001868 floorf
0x100001870 _wcsicmp
0x100001878 _purecall
0x100001880 malloc
0x100001888 _CxxThrowException
0x100001890 memset
0x100001898 ?terminate@@YAXXZ
0x1000018a0 _unlock
0x1000018a8 __dllonexit
0x1000018b0 _lock
0x1000018b8 _onexit
0x1000018c0 ??3@YAXPEAX@Z
0x1000018c8 wcstoul
0x1000018d0 ??_V@YAXPEAX@Z
0x1000018d8 _vsnwprintf
0x1000018e0 memcpy_s
0x1000018e8 ??2@YAPEAX_K@Z
0x1000018f0 memmove_s
0x1000018f8 ??_U@YAPEAX_K@Z
0x100001900 free
0x100001908 calloc
0x100001910 wcsstr
0x100001918 __wgetmainargs
0x100001920 __C_specific_handler
0x100001928 _XcptFilter
0x100001930 __set_app_type
0x100001938 _fmode
0x100001940 _commode
0x100001948 _exit
0x100001950 _cexit
0x100001958 __setusermatherr
0x100001960 _amsg_exit
0x100001968 _initterm
0x100001970 _wcmdln
0x100001978 exit
dwmapi.dll
0x100001768 DwmExtendFrameIntoClientArea
0x100001770 DwmIsCompositionEnabled
0x100001778 DwmSetWindowAttribute
gdiplus.dll
0x100001788 GdipCreateBitmapFromStream
0x100001790 GdipDisposeImage
0x100001798 GdipFillRectangleI
0x1000017a0 GdipDrawLineI
0x1000017a8 GdiplusStartup
0x1000017b0 GdiplusShutdown
0x1000017b8 GdipDrawImageRectI
0x1000017c0 GdipCloneImage
0x1000017c8 GdipCreateHatchBrush
0x1000017d0 GdipCloneBrush
0x1000017d8 GdipCreateFromHDC
0x1000017e0 GdipSetPenColor
0x1000017e8 GdipCreateSolidFill
0x1000017f0 GdipDeleteGraphics
0x1000017f8 GdipDeletePen
0x100001800 GdipCreatePen1
0x100001808 GdipSetSolidFillColor
0x100001810 GdipDeleteBrush
0x100001818 GdipAlloc
0x100001820 GdipFree
ntdll.dll
0x100001988 WinSqmIsOptedIn
0x100001990 WinSqmSetDWORD
0x100001998 RtlVirtualUnwind
0x1000019a0 RtlLookupFunctionEntry
0x1000019a8 RtlCaptureContext
0x1000019b0 WinSqmIncrementDWORD
ole32.dll
0x1000019c0 CoTaskMemFree
0x1000019c8 CoTaskMemAlloc
0x1000019d0 CreateStreamOnHGlobal
0x1000019d8 CoCreateInstance
0x1000019e0 CoUninitialize
0x1000019e8 CoInitialize
OLEACC.dll
0x100001448 AccessibleObjectFromWindow
SHLWAPI.dll
0x100001498 PathFindFileNameW
WMsgAPI.dll
0x100001758 WmsgSendMessage
DUser.dll
0x1000010a0 InvalidateGadget
UxTheme.dll
0x100001748 IsThemeActive
EAT(Export Address Table) is none