ScreenShot
| Created | 2023.05.30 17:16 | Machine | s1_win7_x6401 |
| Filename | IE_NET.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 33 detected (AIDetectMalware, Stealerc, Zusy, Save, Eldorado, Attribute, HighConfidence, malicious, high confidence, Kryptik, HTQQ, CrypterX, Packed2, high, score, Krypt, Static AI, Suspicious PE, Zenpak, STOP, ai score=89, unsafe, Genetic, Generic@AI, RDML, 0kf1OCkW17PxjAMMaotVAQ, confidence, 100%) | ||
| md5 | aa8062b0fe51ad7da061a51ca03f1ea0 | ||
| sha256 | 09bf1a8e8e0197ab31d521638ac79295e004fe66d6db921326eb7bc1fb8b056f | ||
| ssdeep | 6144:RRpLriIHczy4eNbnQdrI1eHtY9MsBG9qUTXu:RRMYcESi2GXCqUTXu | ||
| imphash | 1552eebb89b3841e6a330c0c93657732 | ||
| impfuzzy | 48:u+un2ycdQhdd91X0JhOSu+fco4GqJtGKUycvZC:NusQLn1X0XHu+fcvGqJtGNychC | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 33 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x401008 ConvertThreadToFiber
0x40100c GetProfileIntW
0x401010 LoadResource
0x401014 InterlockedDecrement
0x401018 QueryDosDeviceA
0x40101c GetProcessPriorityBoost
0x401020 GetModuleHandleW
0x401024 EnumCalendarInfoExW
0x401028 GetSystemTimeAsFileTime
0x40102c EnumTimeFormatsA
0x401030 GetDriveTypeA
0x401034 GetPrivateProfileIntA
0x401038 GetVolumeInformationA
0x40103c GetConsoleAliasExesLengthW
0x401040 WriteConsoleW
0x401044 lstrcatA
0x401048 CompareStringW
0x40104c GetVolumePathNameA
0x401050 EnumSystemLocalesA
0x401054 InterlockedExchange
0x401058 GlobalUnfix
0x40105c FindFirstFileA
0x401060 GetLastError
0x401064 GlobalFix
0x401068 GetProcAddress
0x40106c SetComputerNameA
0x401070 SearchPathA
0x401074 ResetEvent
0x401078 GetLocalTime
0x40107c LoadLibraryA
0x401080 WriteConsoleA
0x401084 InterlockedExchangeAdd
0x401088 LocalAlloc
0x40108c SetFileApisToANSI
0x401090 AddAtomA
0x401094 GetModuleFileNameA
0x401098 FindNextFileA
0x40109c FindFirstVolumeMountPointA
0x4010a0 EnumDateFormatsA
0x4010a4 GetModuleHandleA
0x4010a8 FreeEnvironmentStringsW
0x4010ac GetShortPathNameW
0x4010b0 SetCalendarInfoA
0x4010b4 SetThreadAffinityMask
0x4010b8 OpenSemaphoreW
0x4010bc TerminateJobObject
0x4010c0 FileTimeToLocalFileTime
0x4010c4 MoveFileWithProgressW
0x4010c8 DeleteFileA
0x4010cc GetCurrentDirectoryW
0x4010d0 GetVolumeNameForVolumeMountPointA
0x4010d4 WideCharToMultiByte
0x4010d8 InterlockedIncrement
0x4010dc MultiByteToWideChar
0x4010e0 EncodePointer
0x4010e4 DecodePointer
0x4010e8 Sleep
0x4010ec InitializeCriticalSection
0x4010f0 DeleteCriticalSection
0x4010f4 EnterCriticalSection
0x4010f8 LeaveCriticalSection
0x4010fc MoveFileA
0x401100 HeapFree
0x401104 HeapReAlloc
0x401108 GetCommandLineA
0x40110c HeapSetInformation
0x401110 GetStartupInfoW
0x401114 GetCPInfo
0x401118 RaiseException
0x40111c RtlUnwind
0x401120 HeapAlloc
0x401124 LCMapStringW
0x401128 GetACP
0x40112c GetOEMCP
0x401130 IsValidCodePage
0x401134 TlsAlloc
0x401138 TlsGetValue
0x40113c TlsSetValue
0x401140 TlsFree
0x401144 SetLastError
0x401148 GetCurrentThreadId
0x40114c UnhandledExceptionFilter
0x401150 SetUnhandledExceptionFilter
0x401154 IsDebuggerPresent
0x401158 TerminateProcess
0x40115c GetCurrentProcess
0x401160 IsProcessorFeaturePresent
0x401164 HeapCreate
0x401168 SetHandleCount
0x40116c GetStdHandle
0x401170 InitializeCriticalSectionAndSpinCount
0x401174 GetFileType
0x401178 SetFilePointer
0x40117c CloseHandle
0x401180 ExitProcess
0x401184 WriteFile
0x401188 GetModuleFileNameW
0x40118c GetEnvironmentStringsW
0x401190 QueryPerformanceCounter
0x401194 GetTickCount
0x401198 GetCurrentProcessId
0x40119c GetStringTypeW
0x4011a0 GetLocaleInfoW
0x4011a4 HeapSize
0x4011a8 GetUserDefaultLCID
0x4011ac GetLocaleInfoA
0x4011b0 IsValidLocale
0x4011b4 GetConsoleCP
0x4011b8 GetConsoleMode
0x4011bc SetStdHandle
0x4011c0 FlushFileBuffers
0x4011c4 LoadLibraryW
0x4011c8 CreateFileW
GDI32.dll
0x401000 GetCharABCWidthsW
EAT(Export Address Table) is none
KERNEL32.dll
0x401008 ConvertThreadToFiber
0x40100c GetProfileIntW
0x401010 LoadResource
0x401014 InterlockedDecrement
0x401018 QueryDosDeviceA
0x40101c GetProcessPriorityBoost
0x401020 GetModuleHandleW
0x401024 EnumCalendarInfoExW
0x401028 GetSystemTimeAsFileTime
0x40102c EnumTimeFormatsA
0x401030 GetDriveTypeA
0x401034 GetPrivateProfileIntA
0x401038 GetVolumeInformationA
0x40103c GetConsoleAliasExesLengthW
0x401040 WriteConsoleW
0x401044 lstrcatA
0x401048 CompareStringW
0x40104c GetVolumePathNameA
0x401050 EnumSystemLocalesA
0x401054 InterlockedExchange
0x401058 GlobalUnfix
0x40105c FindFirstFileA
0x401060 GetLastError
0x401064 GlobalFix
0x401068 GetProcAddress
0x40106c SetComputerNameA
0x401070 SearchPathA
0x401074 ResetEvent
0x401078 GetLocalTime
0x40107c LoadLibraryA
0x401080 WriteConsoleA
0x401084 InterlockedExchangeAdd
0x401088 LocalAlloc
0x40108c SetFileApisToANSI
0x401090 AddAtomA
0x401094 GetModuleFileNameA
0x401098 FindNextFileA
0x40109c FindFirstVolumeMountPointA
0x4010a0 EnumDateFormatsA
0x4010a4 GetModuleHandleA
0x4010a8 FreeEnvironmentStringsW
0x4010ac GetShortPathNameW
0x4010b0 SetCalendarInfoA
0x4010b4 SetThreadAffinityMask
0x4010b8 OpenSemaphoreW
0x4010bc TerminateJobObject
0x4010c0 FileTimeToLocalFileTime
0x4010c4 MoveFileWithProgressW
0x4010c8 DeleteFileA
0x4010cc GetCurrentDirectoryW
0x4010d0 GetVolumeNameForVolumeMountPointA
0x4010d4 WideCharToMultiByte
0x4010d8 InterlockedIncrement
0x4010dc MultiByteToWideChar
0x4010e0 EncodePointer
0x4010e4 DecodePointer
0x4010e8 Sleep
0x4010ec InitializeCriticalSection
0x4010f0 DeleteCriticalSection
0x4010f4 EnterCriticalSection
0x4010f8 LeaveCriticalSection
0x4010fc MoveFileA
0x401100 HeapFree
0x401104 HeapReAlloc
0x401108 GetCommandLineA
0x40110c HeapSetInformation
0x401110 GetStartupInfoW
0x401114 GetCPInfo
0x401118 RaiseException
0x40111c RtlUnwind
0x401120 HeapAlloc
0x401124 LCMapStringW
0x401128 GetACP
0x40112c GetOEMCP
0x401130 IsValidCodePage
0x401134 TlsAlloc
0x401138 TlsGetValue
0x40113c TlsSetValue
0x401140 TlsFree
0x401144 SetLastError
0x401148 GetCurrentThreadId
0x40114c UnhandledExceptionFilter
0x401150 SetUnhandledExceptionFilter
0x401154 IsDebuggerPresent
0x401158 TerminateProcess
0x40115c GetCurrentProcess
0x401160 IsProcessorFeaturePresent
0x401164 HeapCreate
0x401168 SetHandleCount
0x40116c GetStdHandle
0x401170 InitializeCriticalSectionAndSpinCount
0x401174 GetFileType
0x401178 SetFilePointer
0x40117c CloseHandle
0x401180 ExitProcess
0x401184 WriteFile
0x401188 GetModuleFileNameW
0x40118c GetEnvironmentStringsW
0x401190 QueryPerformanceCounter
0x401194 GetTickCount
0x401198 GetCurrentProcessId
0x40119c GetStringTypeW
0x4011a0 GetLocaleInfoW
0x4011a4 HeapSize
0x4011a8 GetUserDefaultLCID
0x4011ac GetLocaleInfoA
0x4011b0 IsValidLocale
0x4011b4 GetConsoleCP
0x4011b8 GetConsoleMode
0x4011bc SetStdHandle
0x4011c0 FlushFileBuffers
0x4011c4 LoadLibraryW
0x4011c8 CreateFileW
GDI32.dll
0x401000 GetCharABCWidthsW
EAT(Export Address Table) is none