ScreenShot
| Created | 2023.06.09 11:06 | Machine | s1_win7_x6401 |
| Filename | 64.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 65 detected (FamVT, Renamer1, Siscos, tpvk, malicious, high confidence, GenericKD, VenikRI, S16788663, unsafe, Save, None, ZexaF, hy0@am1sDGne, Dnldr23, CGCL, Eldorado, Attribute, HighConfidence, Farfli, score, Gh0stRAT, enrcbv, Farli, CoinminerX, AutoG, cznig, DownLoader23, ZEGOST, SM35, GenericRXBH, Static AI, Suspicious PE, GameThief, Magania, ~NWABU@18g2sq, Detected, R199489, ai score=100, BScope, Genetic, KTSE, GenAsa, I74Hu0e5Xnc, susgen, confidence, 100%) | ||
| md5 | 67dfc7730a6d14715de7b28db5f23c0b | ||
| sha256 | 47adf8083f73c20364fb88abce106f4e2126dbb08be18d0a066a9a8fc10ec436 | ||
| ssdeep | 1536:vqEA70HzLJksPEOajozLElnqiO27dJ/tHi:vXTLJkQ7zAV3HtC | ||
| imphash | 7e3107c64f6a7a76d8463e3f374f74af | ||
| impfuzzy | 48:VIEDwjQfccA/JT5KBW3d4Nv5bSUGL71SIjMSihAk3lx02G+R+mnOwX1KKQy:zwjQfcpTP3dOxGLRdoRG+R+mn1X1lD | ||
Network IP location
Signature (15cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 65 AntiVirus engines on VirusTotal as malicious |
| watch | Deletes executed files from disk |
| watch | Installs itself for autorun at Windows startup |
| notice | A process created a hidden window |
| notice | Creates a service |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | Resolves a suspicious Top Level Domain (TLD) |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Checks amount of memory in system |
| info | Command line console output was observed |
| info | The executable uses a known packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (12cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | hide_executable_file | Hide executable file | binaries (download) |
| warning | hide_executable_file | Hide executable file | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
MFC42.DLL
0x415824 None
0x415828 None
0x41582c None
0x415830 None
0x415834 None
0x415838 None
0x41583c None
0x415840 None
0x415844 None
0x415848 None
0x41584c None
0x415850 None
0x415854 None
0x415858 None
0x41585c None
0x415860 None
0x415864 None
0x415868 None
0x41586c None
0x415870 None
0x415874 None
0x415878 None
0x41587c None
0x415880 None
0x415884 None
0x415888 None
0x41588c None
0x415890 None
0x415894 None
0x415898 None
0x41589c None
0x4158a0 None
0x4158a4 None
0x4158a8 None
0x4158ac None
0x4158b0 None
0x4158b4 None
0x4158b8 None
0x4158bc None
0x4158c0 None
0x4158c4 None
0x4158c8 None
0x4158cc None
0x4158d0 None
0x4158d4 None
0x4158d8 None
0x4158dc None
0x4158e0 None
0x4158e4 None
0x4158e8 None
0x4158ec None
0x4158f0 None
0x4158f4 None
0x4158f8 None
0x4158fc None
0x415900 None
0x415904 None
0x415908 None
0x41590c None
0x415910 None
0x415914 None
0x415918 None
0x41591c None
0x415920 None
0x415924 None
0x415928 None
0x41592c None
0x415930 None
0x415934 None
0x415938 None
0x41593c None
0x415940 None
0x415944 None
0x415948 None
0x41594c None
0x415950 None
0x415954 None
0x415958 None
0x41595c None
0x415960 None
0x415964 None
0x415968 None
0x41596c None
0x415970 None
0x415974 None
0x415978 None
0x41597c None
0x415980 None
0x415984 None
0x415988 None
0x41598c None
0x415990 None
0x415994 None
0x415998 None
0x41599c None
0x4159a0 None
0x4159a4 None
0x4159a8 None
0x4159ac None
0x4159b0 None
0x4159b4 None
0x4159b8 None
0x4159bc None
0x4159c0 None
0x4159c4 None
0x4159c8 None
0x4159cc None
0x4159d0 None
0x4159d4 None
0x4159d8 None
0x4159dc None
0x4159e0 None
0x4159e4 None
0x4159e8 None
0x4159ec None
0x4159f0 None
0x4159f4 None
0x4159f8 None
0x4159fc None
0x415a00 None
0x415a04 None
0x415a08 None
0x415a0c None
0x415a10 None
0x415a14 None
0x415a18 None
0x415a1c None
0x415a20 None
0x415a24 None
0x415a28 None
0x415a2c None
0x415a30 None
0x415a34 None
0x415a38 None
0x415a3c None
0x415a40 None
0x415a44 None
0x415a48 None
0x415a4c None
0x415a50 None
0x415a54 None
0x415a58 None
0x415a5c None
0x415a60 None
0x415a64 None
0x415a68 None
0x415a6c None
0x415a70 None
0x415a74 None
0x415a78 None
0x415a7c None
0x415a80 None
0x415a84 None
0x415a88 None
0x415a8c None
0x415a90 None
0x415a94 None
0x415a98 None
0x415a9c None
0x415aa0 None
0x415aa4 None
0x415aa8 None
0x415aac None
0x415ab0 None
0x415ab4 None
0x415ab8 None
0x415abc None
0x415ac0 None
0x415ac4 None
0x415ac8 None
0x415acc None
0x415ad0 None
0x415ad4 None
0x415ad8 None
0x415adc None
0x415ae0 None
0x415ae4 None
0x415ae8 None
0x415aec None
0x415af0 None
0x415af4 None
0x415af8 None
0x415afc None
0x415b00 None
0x415b04 None
0x415b08 None
0x415b0c None
0x415b10 None
0x415b14 None
0x415b18 None
0x415b1c None
0x415b20 None
0x415b24 None
0x415b28 None
0x415b2c None
0x415b30 None
0x415b34 None
0x415b38 None
0x415b3c None
0x415b40 None
0x415b44 None
0x415b48 None
0x415b4c None
0x415b50 None
0x415b54 None
0x415b58 None
0x415b5c None
0x415b60 None
0x415b64 None
0x415b68 None
0x415b6c None
0x415b70 None
0x415b74 None
0x415b78 None
0x415b7c None
0x415b80 None
0x415b84 None
0x415b88 None
0x415b8c None
0x415b90 None
0x415b94 None
0x415b98 None
0x415b9c None
0x415ba0 None
0x415ba4 None
0x415ba8 None
0x415bac None
0x415bb0 None
0x415bb4 None
0x415bb8 None
0x415bbc None
0x415bc0 None
0x415bc4 None
0x415bc8 None
0x415bcc None
0x415bd0 None
0x415bd4 None
0x415bd8 None
0x415bdc None
0x415be0 None
0x415be4 None
0x415be8 None
0x415bec None
0x415bf0 None
0x415bf4 None
0x415bf8 None
0x415bfc None
0x415c00 None
0x415c04 None
0x415c08 None
0x415c0c None
0x415c10 None
0x415c14 None
0x415c18 None
0x415c1c None
0x415c20 None
0x415c24 None
0x415c28 None
0x415c2c None
0x415c30 None
0x415c34 None
0x415c38 None
0x415c3c None
0x415c40 None
0x415c44 None
0x415c48 None
0x415c4c None
0x415c50 None
0x415c54 None
0x415c58 None
0x415c5c None
0x415c60 None
0x415c64 None
0x415c68 None
0x415c6c None
0x415c70 None
0x415c74 None
0x415c78 None
0x415c7c None
0x415c80 None
0x415c84 None
0x415c88 None
0x415c8c None
0x415c90 None
0x415c94 None
0x415c98 None
0x415c9c None
0x415ca0 None
0x415ca4 None
0x415ca8 None
0x415cac None
0x415cb0 None
0x415cb4 None
0x415cb8 None
0x415cbc None
0x415cc0 None
0x415cc4 None
0x415cc8 None
0x415ccc None
0x415cd0 None
0x415cd4 None
0x415cd8 None
0x415cdc None
MSVCRT.dll
0x415dfc __set_app_type
0x415e00 __p__fmode
0x415e04 __p__commode
0x415e08 _adjust_fdiv
0x415e0c __setusermatherr
0x415e10 _initterm
0x415e14 __getmainargs
0x415e18 _acmdln
0x415e1c exit
0x415e20 _XcptFilter
0x415e24 _exit
0x415e28 _onexit
0x415e2c __dllonexit
0x415e30 _except_handler3
0x415e34 memset
0x415e38 __p__pgmptr
0x415e3c sprintf
0x415e40 memcpy
0x415e44 _access
0x415e48 strstr
0x415e4c __CxxFrameHandler
0x415e50 _setmbcp
0x415e54 _mkdir
0x415e58 _controlfp
KERNEL32.dll
0x415798 CloseHandle
0x41579c CreateFileA
0x4157a0 FreeLibrary
0x4157a4 GetTickCount
0x4157a8 GetFileAttributesA
0x4157ac ExpandEnvironmentStringsA
0x4157b0 GetLastError
0x4157b4 GetProcAddress
0x4157b8 LoadLibraryA
0x4157bc lstrcpyA
0x4157c0 GetCommandLineA
0x4157c4 Sleep
0x4157c8 lstrcmpiA
0x4157cc SetThreadPriority
0x4157d0 GetCurrentThread
0x4157d4 SetPriorityClass
0x4157d8 GetCurrentProcess
0x4157dc GetModuleHandleA
0x4157e0 GetStartupInfoA
0x4157e4 WriteFile
USER32.dll
0x415e98 wsprintfA
0x415e9c EnableWindow
EAT(Export Address Table) is none
MFC42.DLL
0x415824 None
0x415828 None
0x41582c None
0x415830 None
0x415834 None
0x415838 None
0x41583c None
0x415840 None
0x415844 None
0x415848 None
0x41584c None
0x415850 None
0x415854 None
0x415858 None
0x41585c None
0x415860 None
0x415864 None
0x415868 None
0x41586c None
0x415870 None
0x415874 None
0x415878 None
0x41587c None
0x415880 None
0x415884 None
0x415888 None
0x41588c None
0x415890 None
0x415894 None
0x415898 None
0x41589c None
0x4158a0 None
0x4158a4 None
0x4158a8 None
0x4158ac None
0x4158b0 None
0x4158b4 None
0x4158b8 None
0x4158bc None
0x4158c0 None
0x4158c4 None
0x4158c8 None
0x4158cc None
0x4158d0 None
0x4158d4 None
0x4158d8 None
0x4158dc None
0x4158e0 None
0x4158e4 None
0x4158e8 None
0x4158ec None
0x4158f0 None
0x4158f4 None
0x4158f8 None
0x4158fc None
0x415900 None
0x415904 None
0x415908 None
0x41590c None
0x415910 None
0x415914 None
0x415918 None
0x41591c None
0x415920 None
0x415924 None
0x415928 None
0x41592c None
0x415930 None
0x415934 None
0x415938 None
0x41593c None
0x415940 None
0x415944 None
0x415948 None
0x41594c None
0x415950 None
0x415954 None
0x415958 None
0x41595c None
0x415960 None
0x415964 None
0x415968 None
0x41596c None
0x415970 None
0x415974 None
0x415978 None
0x41597c None
0x415980 None
0x415984 None
0x415988 None
0x41598c None
0x415990 None
0x415994 None
0x415998 None
0x41599c None
0x4159a0 None
0x4159a4 None
0x4159a8 None
0x4159ac None
0x4159b0 None
0x4159b4 None
0x4159b8 None
0x4159bc None
0x4159c0 None
0x4159c4 None
0x4159c8 None
0x4159cc None
0x4159d0 None
0x4159d4 None
0x4159d8 None
0x4159dc None
0x4159e0 None
0x4159e4 None
0x4159e8 None
0x4159ec None
0x4159f0 None
0x4159f4 None
0x4159f8 None
0x4159fc None
0x415a00 None
0x415a04 None
0x415a08 None
0x415a0c None
0x415a10 None
0x415a14 None
0x415a18 None
0x415a1c None
0x415a20 None
0x415a24 None
0x415a28 None
0x415a2c None
0x415a30 None
0x415a34 None
0x415a38 None
0x415a3c None
0x415a40 None
0x415a44 None
0x415a48 None
0x415a4c None
0x415a50 None
0x415a54 None
0x415a58 None
0x415a5c None
0x415a60 None
0x415a64 None
0x415a68 None
0x415a6c None
0x415a70 None
0x415a74 None
0x415a78 None
0x415a7c None
0x415a80 None
0x415a84 None
0x415a88 None
0x415a8c None
0x415a90 None
0x415a94 None
0x415a98 None
0x415a9c None
0x415aa0 None
0x415aa4 None
0x415aa8 None
0x415aac None
0x415ab0 None
0x415ab4 None
0x415ab8 None
0x415abc None
0x415ac0 None
0x415ac4 None
0x415ac8 None
0x415acc None
0x415ad0 None
0x415ad4 None
0x415ad8 None
0x415adc None
0x415ae0 None
0x415ae4 None
0x415ae8 None
0x415aec None
0x415af0 None
0x415af4 None
0x415af8 None
0x415afc None
0x415b00 None
0x415b04 None
0x415b08 None
0x415b0c None
0x415b10 None
0x415b14 None
0x415b18 None
0x415b1c None
0x415b20 None
0x415b24 None
0x415b28 None
0x415b2c None
0x415b30 None
0x415b34 None
0x415b38 None
0x415b3c None
0x415b40 None
0x415b44 None
0x415b48 None
0x415b4c None
0x415b50 None
0x415b54 None
0x415b58 None
0x415b5c None
0x415b60 None
0x415b64 None
0x415b68 None
0x415b6c None
0x415b70 None
0x415b74 None
0x415b78 None
0x415b7c None
0x415b80 None
0x415b84 None
0x415b88 None
0x415b8c None
0x415b90 None
0x415b94 None
0x415b98 None
0x415b9c None
0x415ba0 None
0x415ba4 None
0x415ba8 None
0x415bac None
0x415bb0 None
0x415bb4 None
0x415bb8 None
0x415bbc None
0x415bc0 None
0x415bc4 None
0x415bc8 None
0x415bcc None
0x415bd0 None
0x415bd4 None
0x415bd8 None
0x415bdc None
0x415be0 None
0x415be4 None
0x415be8 None
0x415bec None
0x415bf0 None
0x415bf4 None
0x415bf8 None
0x415bfc None
0x415c00 None
0x415c04 None
0x415c08 None
0x415c0c None
0x415c10 None
0x415c14 None
0x415c18 None
0x415c1c None
0x415c20 None
0x415c24 None
0x415c28 None
0x415c2c None
0x415c30 None
0x415c34 None
0x415c38 None
0x415c3c None
0x415c40 None
0x415c44 None
0x415c48 None
0x415c4c None
0x415c50 None
0x415c54 None
0x415c58 None
0x415c5c None
0x415c60 None
0x415c64 None
0x415c68 None
0x415c6c None
0x415c70 None
0x415c74 None
0x415c78 None
0x415c7c None
0x415c80 None
0x415c84 None
0x415c88 None
0x415c8c None
0x415c90 None
0x415c94 None
0x415c98 None
0x415c9c None
0x415ca0 None
0x415ca4 None
0x415ca8 None
0x415cac None
0x415cb0 None
0x415cb4 None
0x415cb8 None
0x415cbc None
0x415cc0 None
0x415cc4 None
0x415cc8 None
0x415ccc None
0x415cd0 None
0x415cd4 None
0x415cd8 None
0x415cdc None
MSVCRT.dll
0x415dfc __set_app_type
0x415e00 __p__fmode
0x415e04 __p__commode
0x415e08 _adjust_fdiv
0x415e0c __setusermatherr
0x415e10 _initterm
0x415e14 __getmainargs
0x415e18 _acmdln
0x415e1c exit
0x415e20 _XcptFilter
0x415e24 _exit
0x415e28 _onexit
0x415e2c __dllonexit
0x415e30 _except_handler3
0x415e34 memset
0x415e38 __p__pgmptr
0x415e3c sprintf
0x415e40 memcpy
0x415e44 _access
0x415e48 strstr
0x415e4c __CxxFrameHandler
0x415e50 _setmbcp
0x415e54 _mkdir
0x415e58 _controlfp
KERNEL32.dll
0x415798 CloseHandle
0x41579c CreateFileA
0x4157a0 FreeLibrary
0x4157a4 GetTickCount
0x4157a8 GetFileAttributesA
0x4157ac ExpandEnvironmentStringsA
0x4157b0 GetLastError
0x4157b4 GetProcAddress
0x4157b8 LoadLibraryA
0x4157bc lstrcpyA
0x4157c0 GetCommandLineA
0x4157c4 Sleep
0x4157c8 lstrcmpiA
0x4157cc SetThreadPriority
0x4157d0 GetCurrentThread
0x4157d4 SetPriorityClass
0x4157d8 GetCurrentProcess
0x4157dc GetModuleHandleA
0x4157e0 GetStartupInfoA
0x4157e4 WriteFile
USER32.dll
0x415e98 wsprintfA
0x415e9c EnableWindow
EAT(Export Address Table) is none