popup

Report - clp6.exe

UPX Malicious Library OS Processor Check PE64 PE File
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.05.30 09:36 Machine s1_win7_x6401
Filename clp6.exe
Type PE32+ executable (GUI) x86-64, for MS Windows
AI Score
2
 Behavior Score
2.2
ZERO API file : clean
VT API (file)
md5 d6c0b5e502d7816fa0eb105b10dfa481
sha256 f66b8ab3449dd88d3abd537fa6bd5595a6f499248bb83ee27d05487d254d4867
ssdeep 98304:xniYKBKcQH0BcNgrGAFcznoomNJVNWG7lw5rxdIMaD5yMpGV3Usq8D:xnix1QH07rpFcdOh7yr7aD5yMsSz8
imphash fe63e322309337ee09a198afe547e82e
impfuzzy 96:0VIHJcpVYMS1YtuBgPpXHNI1AXJ4Zcp+AjxtvuGzvVq:IkWX3Z4pgc
  Network IP location

Signature (4cnts)

Level Description
danger Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually)
watch Communicates with host for which no DNS query was performed
notice The binary likely contains encrypted or compressed data indicative of a packer
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (5cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE64 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (1cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
194.50.153.131
whois
Unknown 194.50.153.131 clean

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x140589000 Process32NextW
 0x140589008 GlobalSize
 0x140589010 GetSystemDirectoryA
 0x140589018 GlobalAlloc
 0x140589020 Process32FirstW
 0x140589028 CloseHandle
 0x140589030 GlobalLock
 0x140589038 GlobalUnlock
 0x140589040 WriteConsoleW
 0x140589048 GetConsoleMode
 0x140589050 GetConsoleOutputCP
 0x140589058 FlushFileBuffers
 0x140589060 HeapSize
 0x140589068 GetLastError
 0x140589070 CopyFileA
 0x140589078 Sleep
 0x140589080 CreateToolhelp32Snapshot
 0x140589088 CreateMutexA
 0x140589090 WinExec
 0x140589098 GetModuleFileNameA
 0x1405890a0 MultiByteToWideChar
 0x1405890a8 LocalFree
 0x1405890b0 FormatMessageA
 0x1405890b8 CreateDirectoryW
 0x1405890c0 CreateFileW
 0x1405890c8 FindClose
 0x1405890d0 FindFirstFileExW
 0x1405890d8 FindNextFileW
 0x1405890e0 SetFilePointerEx
 0x1405890e8 AreFileApisANSI
 0x1405890f0 WideCharToMultiByte
 0x1405890f8 GetStringTypeW
 0x140589100 LCMapStringEx
 0x140589108 EnterCriticalSection
 0x140589110 LeaveCriticalSection
 0x140589118 InitializeCriticalSectionEx
 0x140589120 DeleteCriticalSection
 0x140589128 EncodePointer
 0x140589130 DecodePointer
 0x140589138 CompareStringEx
 0x140589140 GetCPInfo
 0x140589148 QueryPerformanceCounter
 0x140589150 GetCurrentProcessId
 0x140589158 GetCurrentThreadId
 0x140589160 GetSystemTimeAsFileTime
 0x140589168 InitializeSListHead
 0x140589170 RtlCaptureContext
 0x140589178 RtlLookupFunctionEntry
 0x140589180 RtlVirtualUnwind
 0x140589188 IsDebuggerPresent
 0x140589190 UnhandledExceptionFilter
 0x140589198 SetUnhandledExceptionFilter
 0x1405891a0 GetStartupInfoW
 0x1405891a8 IsProcessorFeaturePresent
 0x1405891b0 GetModuleHandleW
 0x1405891b8 GetCurrentProcess
 0x1405891c0 TerminateProcess
 0x1405891c8 RtlUnwindEx
 0x1405891d0 RtlPcToFileHeader
 0x1405891d8 RaiseException
 0x1405891e0 SetLastError
 0x1405891e8 InitializeCriticalSectionAndSpinCount
 0x1405891f0 TlsAlloc
 0x1405891f8 TlsGetValue
 0x140589200 TlsSetValue
 0x140589208 TlsFree
 0x140589210 FreeLibrary
 0x140589218 GetProcAddress
 0x140589220 LoadLibraryExW
 0x140589228 ExitProcess
 0x140589230 GetModuleHandleExW
 0x140589238 GetStdHandle
 0x140589240 WriteFile
 0x140589248 GetModuleFileNameW
 0x140589250 GetCommandLineA
 0x140589258 GetCommandLineW
 0x140589260 HeapReAlloc
 0x140589268 FlsAlloc
 0x140589270 FlsGetValue
 0x140589278 FlsSetValue
 0x140589280 FlsFree
 0x140589288 CompareStringW
 0x140589290 LCMapStringW
 0x140589298 GetLocaleInfoW
 0x1405892a0 IsValidLocale
 0x1405892a8 GetUserDefaultLCID
 0x1405892b0 EnumSystemLocalesW
 0x1405892b8 HeapFree
 0x1405892c0 HeapAlloc
 0x1405892c8 GetFileType
 0x1405892d0 IsValidCodePage
 0x1405892d8 GetACP
 0x1405892e0 GetOEMCP
 0x1405892e8 GetEnvironmentStringsW
 0x1405892f0 FreeEnvironmentStringsW
 0x1405892f8 SetEnvironmentVariableW
 0x140589300 SetStdHandle
 0x140589308 GetProcessHeap
USER32.dll
 0x140589318 EmptyClipboard
 0x140589320 GetClipboardData
 0x140589328 SetClipboardData
 0x140589330 CloseClipboard
 0x140589338 OpenClipboard
ADVAPI32.dll
 0x140589348 RegQueryInfoKeyW
 0x140589350 RegCreateKeyExA
 0x140589358 RegSetValueExA
 0x140589360 RegOpenKeyExA
 0x140589368 RegEnumKeyExA
 0x140589370 RegCloseKey
KERNEL32.dll
 0x140589380 GetSystemTimeAsFileTime
 0x140589388 CreateEventA
 0x140589390 GetModuleHandleA
 0x140589398 TerminateProcess
 0x1405893a0 GetCurrentProcess
 0x1405893a8 CreateToolhelp32Snapshot
 0x1405893b0 Thread32First
 0x1405893b8 GetCurrentProcessId
 0x1405893c0 GetCurrentThreadId
 0x1405893c8 OpenThread
 0x1405893d0 Thread32Next
 0x1405893d8 CloseHandle
 0x1405893e0 SuspendThread
 0x1405893e8 ResumeThread
 0x1405893f0 WriteProcessMemory
 0x1405893f8 GetSystemInfo
 0x140589400 VirtualAlloc
 0x140589408 VirtualProtect
 0x140589410 VirtualFree
 0x140589418 GetProcessAffinityMask
 0x140589420 SetProcessAffinityMask
 0x140589428 GetCurrentThread
 0x140589430 SetThreadAffinityMask
 0x140589438 Sleep
 0x140589440 LoadLibraryA
 0x140589448 FreeLibrary
 0x140589450 GetTickCount
 0x140589458 SystemTimeToFileTime
 0x140589460 FileTimeToSystemTime
 0x140589468 GlobalFree
 0x140589470 HeapAlloc
 0x140589478 HeapFree
 0x140589480 GetProcAddress
 0x140589488 ExitProcess
 0x140589490 EnterCriticalSection
 0x140589498 LeaveCriticalSection
 0x1405894a0 InitializeCriticalSection
 0x1405894a8 DeleteCriticalSection
 0x1405894b0 MultiByteToWideChar
 0x1405894b8 GetModuleHandleW
 0x1405894c0 LoadResource
 0x1405894c8 FindResourceExW
 0x1405894d0 FindResourceExA
 0x1405894d8 WideCharToMultiByte
 0x1405894e0 GetThreadLocale
 0x1405894e8 GetUserDefaultLCID
 0x1405894f0 GetSystemDefaultLCID
 0x1405894f8 EnumResourceNamesA
 0x140589500 EnumResourceNamesW
 0x140589508 EnumResourceLanguagesA
 0x140589510 EnumResourceLanguagesW
 0x140589518 EnumResourceTypesA
 0x140589520 EnumResourceTypesW
 0x140589528 CreateFileW
 0x140589530 LoadLibraryW
 0x140589538 GetLastError
 0x140589540 FlushFileBuffers
 0x140589548 FlsSetValue
 0x140589550 GetCommandLineA
 0x140589558 GetCPInfo
 0x140589560 GetACP
 0x140589568 GetOEMCP
 0x140589570 IsValidCodePage
 0x140589578 EncodePointer
 0x140589580 DecodePointer
 0x140589588 FlsGetValue
 0x140589590 FlsFree
 0x140589598 SetLastError
 0x1405895a0 FlsAlloc
 0x1405895a8 UnhandledExceptionFilter
 0x1405895b0 SetUnhandledExceptionFilter
 0x1405895b8 IsDebuggerPresent
 0x1405895c0 RtlVirtualUnwind
 0x1405895c8 RtlLookupFunctionEntry
 0x1405895d0 RtlCaptureContext
 0x1405895d8 RaiseException
 0x1405895e0 RtlPcToFileHeader
 0x1405895e8 RtlUnwindEx
 0x1405895f0 LCMapStringA
 0x1405895f8 LCMapStringW
 0x140589600 SetHandleCount
 0x140589608 GetStdHandle
 0x140589610 GetFileType
 0x140589618 GetStartupInfoA
 0x140589620 GetModuleFileNameA
 0x140589628 FreeEnvironmentStringsA
 0x140589630 GetEnvironmentStrings
 0x140589638 FreeEnvironmentStringsW
 0x140589640 GetEnvironmentStringsW
 0x140589648 HeapSetInformation
 0x140589650 HeapCreate
 0x140589658 HeapDestroy
 0x140589660 QueryPerformanceCounter
 0x140589668 GetStringTypeA
 0x140589670 GetStringTypeW
 0x140589678 GetLocaleInfoA
 0x140589680 HeapSize
 0x140589688 WriteFile
 0x140589690 SetFilePointer
 0x140589698 GetConsoleCP
 0x1405896a0 GetConsoleMode
 0x1405896a8 HeapReAlloc
 0x1405896b0 InitializeCriticalSectionAndSpinCount
 0x1405896b8 SetStdHandle
 0x1405896c0 WriteConsoleA
 0x1405896c8 GetConsoleOutputCP
 0x1405896d0 WriteConsoleW
 0x1405896d8 CreateFileA

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure