ScreenShot
| Created | 2023.06.14 09:39 | Machine | s1_win7_x6403 |
| Filename | remcos_a.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 52 detected (AIDetectMalware, DeepScan, Dacic, Remcos, PasswordStealer, Rescoms, Save, malicious, confidence, ZexaF, ACW@ayBGBkhi, GenusT, EFVK, Eldorado, Attribute, HighConfidence, high confidence, score, jvkjil, RATX, Static AI, Suspicious PE, ai score=85, Detected, RemcosRAT, R574748, GenericRXSQ, BScope, Wacatac, unsafe, Genetic, CLASSIC, susgen) | ||
| md5 | 1c9ff0b44e4db1fc5a2f5a84c6add5af | ||
| sha256 | c3f58fc7e4e51a2d4c6551fd6cebac7d8c0bf79d83f1235e7570c2db574df0f6 | ||
| ssdeep | 6144:DrLmBOdXFrVRWdPBraNM6inbujnJwHXkVrVGb7FhHI2PuAO2SBX3W+cUdWS:DrLmBOrVmpCMLulOXkVrV2DEASFW4WS | ||
| imphash | 91377a95157c806dfb0314e0cc3b67cc | ||
| impfuzzy | 96:lS7foujcp+UhMaOHZdSnXfVLMFt5KNUz7KgKd3YdBjfG1:lNheZwut9PiFW61 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 52 AntiVirus engines on VirusTotal as malicious |
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| notice | A process attempted to delay the analysis task. |
| info | Checks if process is being debugged by a debugger |
| info | Command line console output was observed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x44c0b0 VirtualFree
0x44c0b4 VirtualAlloc
0x44c0b8 LoadLibraryA
0x44c0bc GetNativeSystemInfo
0x44c0c0 HeapAlloc
0x44c0c4 GetProcAddress
0x44c0c8 GetProcessHeap
0x44c0cc FreeLibrary
0x44c0d0 IsBadReadPtr
0x44c0d4 GetCurrentProcess
0x44c0d8 GetSystemDirectoryA
0x44c0dc GlobalAlloc
0x44c0e0 GlobalLock
0x44c0e4 GetCurrentProcessId
0x44c0e8 GetTickCount
0x44c0ec GlobalUnlock
0x44c0f0 LocalAlloc
0x44c0f4 GetModuleHandleA
0x44c0f8 GlobalFree
0x44c0fc MulDiv
0x44c100 SizeofResource
0x44c104 GetConsoleScreenBufferInfo
0x44c108 SetConsoleTextAttribute
0x44c10c GetStdHandle
0x44c110 RemoveDirectoryW
0x44c114 FindResourceA
0x44c118 OpenProcess
0x44c11c LockResource
0x44c120 LoadResource
0x44c124 LocalFree
0x44c128 GetFileSize
0x44c12c SetConsoleOutputCP
0x44c130 FormatMessageA
0x44c134 AllocConsole
0x44c138 GetModuleFileNameA
0x44c13c lstrcpynA
0x44c140 SetLastError
0x44c144 ExpandEnvironmentStringsA
0x44c148 EnterCriticalSection
0x44c14c LeaveCriticalSection
0x44c150 InitializeCriticalSection
0x44c154 DeleteCriticalSection
0x44c158 HeapSize
0x44c15c WriteConsoleW
0x44c160 SetStdHandle
0x44c164 SetEnvironmentVariableW
0x44c168 SetEnvironmentVariableA
0x44c16c FreeEnvironmentStringsW
0x44c170 GetEnvironmentStringsW
0x44c174 GetCommandLineW
0x44c178 GetCommandLineA
0x44c17c GetOEMCP
0x44c180 IsValidCodePage
0x44c184 FindFirstFileExA
0x44c188 ReadConsoleW
0x44c18c GetConsoleMode
0x44c190 GetConsoleCP
0x44c194 FlushFileBuffers
0x44c198 GetFileType
0x44c19c EnumSystemLocalesW
0x44c1a0 GetUserDefaultLCID
0x44c1a4 IsValidLocale
0x44c1a8 HeapReAlloc
0x44c1ac GetACP
0x44c1b0 GetModuleHandleExW
0x44c1b4 MoveFileExW
0x44c1b8 RtlUnwind
0x44c1bc RaiseException
0x44c1c0 VirtualProtect
0x44c1c4 Process32FirstW
0x44c1c8 Process32NextW
0x44c1cc CreateToolhelp32Snapshot
0x44c1d0 GetLocaleInfoA
0x44c1d4 ExitProcess
0x44c1d8 CreateMutexA
0x44c1dc GetModuleFileNameW
0x44c1e0 GetLongPathNameW
0x44c1e4 QueryPerformanceFrequency
0x44c1e8 GetLastError
0x44c1ec FindNextFileA
0x44c1f0 FindFirstFileA
0x44c1f4 MoveFileW
0x44c1f8 SetFilePointerEx
0x44c1fc WaitForSingleObject
0x44c200 GetLogicalDriveStringsA
0x44c204 DeleteFileW
0x44c208 DeleteFileA
0x44c20c SetFileAttributesW
0x44c210 GetFileAttributesW
0x44c214 CreateFileW
0x44c218 FindClose
0x44c21c lstrlenA
0x44c220 GetDriveTypeA
0x44c224 FindNextFileW
0x44c228 GetFileSizeEx
0x44c22c FindFirstFileW
0x44c230 CreateDirectoryW
0x44c234 CreateProcessA
0x44c238 Sleep
0x44c23c PeekNamedPipe
0x44c240 CreatePipe
0x44c244 TerminateProcess
0x44c248 WriteFile
0x44c24c ReadFile
0x44c250 HeapFree
0x44c254 HeapCreate
0x44c258 CreateEventA
0x44c25c GetLocalTime
0x44c260 CreateThread
0x44c264 CloseHandle
0x44c268 SetEvent
0x44c26c CreateEventW
0x44c270 QueryPerformanceCounter
0x44c274 LoadLibraryExW
0x44c278 GetCPInfo
0x44c27c GetStringTypeW
0x44c280 GetLocaleInfoW
0x44c284 LCMapStringW
0x44c288 CompareStringW
0x44c28c TlsFree
0x44c290 TlsSetValue
0x44c294 TlsGetValue
0x44c298 TlsAlloc
0x44c29c InitializeCriticalSectionAndSpinCount
0x44c2a0 MultiByteToWideChar
0x44c2a4 DecodePointer
0x44c2a8 EncodePointer
0x44c2ac WideCharToMultiByte
0x44c2b0 InitializeSListHead
0x44c2b4 GetSystemTimeAsFileTime
0x44c2b8 GetCurrentThreadId
0x44c2bc GetStartupInfoW
0x44c2c0 SetUnhandledExceptionFilter
0x44c2c4 UnhandledExceptionFilter
0x44c2c8 IsDebuggerPresent
0x44c2cc IsProcessorFeaturePresent
0x44c2d0 GetModuleHandleW
0x44c2d4 WaitForSingleObjectEx
0x44c2d8 ResetEvent
0x44c2dc SetEndOfFile
USER32.dll
0x44c308 EnumWindows
0x44c30c TranslateMessage
0x44c310 DispatchMessageA
0x44c314 GetMessageA
0x44c318 GetWindowTextW
0x44c31c SetForegroundWindow
0x44c320 SetClipboardData
0x44c324 GetClipboardData
0x44c328 MessageBoxW
0x44c32c IsWindowVisible
0x44c330 CloseWindow
0x44c334 GetWindowThreadProcessId
0x44c338 SendInput
0x44c33c EnumDisplaySettingsW
0x44c340 mouse_event
0x44c344 DrawIcon
0x44c348 GetSystemMetrics
0x44c34c GetIconInfo
0x44c350 SystemParametersInfoW
0x44c354 GetForegroundWindow
0x44c358 GetCursorPos
0x44c35c RegisterClassExA
0x44c360 AppendMenuA
0x44c364 CreateWindowExA
0x44c368 DefWindowProcA
0x44c36c TrackPopupMenu
0x44c370 CreatePopupMenu
0x44c374 ShowWindow
0x44c378 OpenClipboard
0x44c37c SetWindowTextW
0x44c380 ExitWindowsEx
0x44c384 EmptyClipboard
0x44c388 CloseClipboard
GDI32.dll
0x44c088 CreateCompatibleBitmap
0x44c08c SelectObject
0x44c090 CreateCompatibleDC
0x44c094 StretchBlt
0x44c098 GetDIBits
0x44c09c DeleteDC
0x44c0a0 DeleteObject
0x44c0a4 CreateDCA
0x44c0a8 GetObjectA
ADVAPI32.dll
0x44c000 RegCreateKeyW
0x44c004 CryptAcquireContextA
0x44c008 CryptGenRandom
0x44c00c CryptReleaseContext
0x44c010 GetUserNameW
0x44c014 RegEnumKeyExA
0x44c018 QueryServiceStatus
0x44c01c CloseServiceHandle
0x44c020 OpenSCManagerW
0x44c024 OpenSCManagerA
0x44c028 ControlService
0x44c02c StartServiceW
0x44c030 QueryServiceConfigW
0x44c034 ChangeServiceConfigW
0x44c038 OpenServiceW
0x44c03c EnumServicesStatusW
0x44c040 AdjustTokenPrivileges
0x44c044 LookupPrivilegeValueA
0x44c048 OpenProcessToken
0x44c04c RegCreateKeyA
0x44c050 RegCloseKey
0x44c054 RegQueryInfoKeyW
0x44c058 RegQueryValueExA
0x44c05c RegCreateKeyExW
0x44c060 RegEnumKeyExW
0x44c064 RegSetValueExW
0x44c068 RegSetValueExA
0x44c06c RegOpenKeyExA
0x44c070 RegOpenKeyExW
0x44c074 RegDeleteValueW
0x44c078 RegEnumValueW
0x44c07c RegQueryValueExW
0x44c080 RegDeleteKeyA
SHELL32.dll
0x44c2e4 ShellExecuteExA
0x44c2e8 Shell_NotifyIconA
0x44c2ec ExtractIconA
0x44c2f0 ShellExecuteW
SHLWAPI.dll
0x44c2f8 StrToIntA
0x44c2fc PathFileExistsA
0x44c300 PathFileExistsW
WINMM.dll
0x44c3a4 PlaySoundW
0x44c3a8 mciSendStringA
0x44c3ac mciSendStringW
WS2_32.dll
0x44c3b4 connect
0x44c3b8 socket
0x44c3bc send
0x44c3c0 WSAStartup
0x44c3c4 recv
0x44c3c8 htons
0x44c3cc htonl
0x44c3d0 getservbyname
0x44c3d4 inet_ntoa
0x44c3d8 ntohs
0x44c3dc getservbyport
0x44c3e0 gethostbyaddr
0x44c3e4 WSAGetLastError
0x44c3e8 WSASetLastError
0x44c3ec inet_addr
0x44c3f0 closesocket
0x44c3f4 gethostbyname
urlmon.dll
0x44c424 URLOpenBlockingStreamW
0x44c428 URLDownloadToFileW
gdiplus.dll
0x44c3fc GdiplusStartup
0x44c400 GdipDisposeImage
0x44c404 GdipLoadImageFromStream
0x44c408 GdipSaveImageToStream
0x44c40c GdipGetImageEncodersSize
0x44c410 GdipFree
0x44c414 GdipGetImageEncoders
0x44c418 GdipCloneImage
0x44c41c GdipAlloc
WININET.dll
0x44c390 InternetOpenW
0x44c394 InternetCloseHandle
0x44c398 InternetReadFile
0x44c39c InternetOpenUrlW
EAT(Export Address Table) is none
KERNEL32.dll
0x44c0b0 VirtualFree
0x44c0b4 VirtualAlloc
0x44c0b8 LoadLibraryA
0x44c0bc GetNativeSystemInfo
0x44c0c0 HeapAlloc
0x44c0c4 GetProcAddress
0x44c0c8 GetProcessHeap
0x44c0cc FreeLibrary
0x44c0d0 IsBadReadPtr
0x44c0d4 GetCurrentProcess
0x44c0d8 GetSystemDirectoryA
0x44c0dc GlobalAlloc
0x44c0e0 GlobalLock
0x44c0e4 GetCurrentProcessId
0x44c0e8 GetTickCount
0x44c0ec GlobalUnlock
0x44c0f0 LocalAlloc
0x44c0f4 GetModuleHandleA
0x44c0f8 GlobalFree
0x44c0fc MulDiv
0x44c100 SizeofResource
0x44c104 GetConsoleScreenBufferInfo
0x44c108 SetConsoleTextAttribute
0x44c10c GetStdHandle
0x44c110 RemoveDirectoryW
0x44c114 FindResourceA
0x44c118 OpenProcess
0x44c11c LockResource
0x44c120 LoadResource
0x44c124 LocalFree
0x44c128 GetFileSize
0x44c12c SetConsoleOutputCP
0x44c130 FormatMessageA
0x44c134 AllocConsole
0x44c138 GetModuleFileNameA
0x44c13c lstrcpynA
0x44c140 SetLastError
0x44c144 ExpandEnvironmentStringsA
0x44c148 EnterCriticalSection
0x44c14c LeaveCriticalSection
0x44c150 InitializeCriticalSection
0x44c154 DeleteCriticalSection
0x44c158 HeapSize
0x44c15c WriteConsoleW
0x44c160 SetStdHandle
0x44c164 SetEnvironmentVariableW
0x44c168 SetEnvironmentVariableA
0x44c16c FreeEnvironmentStringsW
0x44c170 GetEnvironmentStringsW
0x44c174 GetCommandLineW
0x44c178 GetCommandLineA
0x44c17c GetOEMCP
0x44c180 IsValidCodePage
0x44c184 FindFirstFileExA
0x44c188 ReadConsoleW
0x44c18c GetConsoleMode
0x44c190 GetConsoleCP
0x44c194 FlushFileBuffers
0x44c198 GetFileType
0x44c19c EnumSystemLocalesW
0x44c1a0 GetUserDefaultLCID
0x44c1a4 IsValidLocale
0x44c1a8 HeapReAlloc
0x44c1ac GetACP
0x44c1b0 GetModuleHandleExW
0x44c1b4 MoveFileExW
0x44c1b8 RtlUnwind
0x44c1bc RaiseException
0x44c1c0 VirtualProtect
0x44c1c4 Process32FirstW
0x44c1c8 Process32NextW
0x44c1cc CreateToolhelp32Snapshot
0x44c1d0 GetLocaleInfoA
0x44c1d4 ExitProcess
0x44c1d8 CreateMutexA
0x44c1dc GetModuleFileNameW
0x44c1e0 GetLongPathNameW
0x44c1e4 QueryPerformanceFrequency
0x44c1e8 GetLastError
0x44c1ec FindNextFileA
0x44c1f0 FindFirstFileA
0x44c1f4 MoveFileW
0x44c1f8 SetFilePointerEx
0x44c1fc WaitForSingleObject
0x44c200 GetLogicalDriveStringsA
0x44c204 DeleteFileW
0x44c208 DeleteFileA
0x44c20c SetFileAttributesW
0x44c210 GetFileAttributesW
0x44c214 CreateFileW
0x44c218 FindClose
0x44c21c lstrlenA
0x44c220 GetDriveTypeA
0x44c224 FindNextFileW
0x44c228 GetFileSizeEx
0x44c22c FindFirstFileW
0x44c230 CreateDirectoryW
0x44c234 CreateProcessA
0x44c238 Sleep
0x44c23c PeekNamedPipe
0x44c240 CreatePipe
0x44c244 TerminateProcess
0x44c248 WriteFile
0x44c24c ReadFile
0x44c250 HeapFree
0x44c254 HeapCreate
0x44c258 CreateEventA
0x44c25c GetLocalTime
0x44c260 CreateThread
0x44c264 CloseHandle
0x44c268 SetEvent
0x44c26c CreateEventW
0x44c270 QueryPerformanceCounter
0x44c274 LoadLibraryExW
0x44c278 GetCPInfo
0x44c27c GetStringTypeW
0x44c280 GetLocaleInfoW
0x44c284 LCMapStringW
0x44c288 CompareStringW
0x44c28c TlsFree
0x44c290 TlsSetValue
0x44c294 TlsGetValue
0x44c298 TlsAlloc
0x44c29c InitializeCriticalSectionAndSpinCount
0x44c2a0 MultiByteToWideChar
0x44c2a4 DecodePointer
0x44c2a8 EncodePointer
0x44c2ac WideCharToMultiByte
0x44c2b0 InitializeSListHead
0x44c2b4 GetSystemTimeAsFileTime
0x44c2b8 GetCurrentThreadId
0x44c2bc GetStartupInfoW
0x44c2c0 SetUnhandledExceptionFilter
0x44c2c4 UnhandledExceptionFilter
0x44c2c8 IsDebuggerPresent
0x44c2cc IsProcessorFeaturePresent
0x44c2d0 GetModuleHandleW
0x44c2d4 WaitForSingleObjectEx
0x44c2d8 ResetEvent
0x44c2dc SetEndOfFile
USER32.dll
0x44c308 EnumWindows
0x44c30c TranslateMessage
0x44c310 DispatchMessageA
0x44c314 GetMessageA
0x44c318 GetWindowTextW
0x44c31c SetForegroundWindow
0x44c320 SetClipboardData
0x44c324 GetClipboardData
0x44c328 MessageBoxW
0x44c32c IsWindowVisible
0x44c330 CloseWindow
0x44c334 GetWindowThreadProcessId
0x44c338 SendInput
0x44c33c EnumDisplaySettingsW
0x44c340 mouse_event
0x44c344 DrawIcon
0x44c348 GetSystemMetrics
0x44c34c GetIconInfo
0x44c350 SystemParametersInfoW
0x44c354 GetForegroundWindow
0x44c358 GetCursorPos
0x44c35c RegisterClassExA
0x44c360 AppendMenuA
0x44c364 CreateWindowExA
0x44c368 DefWindowProcA
0x44c36c TrackPopupMenu
0x44c370 CreatePopupMenu
0x44c374 ShowWindow
0x44c378 OpenClipboard
0x44c37c SetWindowTextW
0x44c380 ExitWindowsEx
0x44c384 EmptyClipboard
0x44c388 CloseClipboard
GDI32.dll
0x44c088 CreateCompatibleBitmap
0x44c08c SelectObject
0x44c090 CreateCompatibleDC
0x44c094 StretchBlt
0x44c098 GetDIBits
0x44c09c DeleteDC
0x44c0a0 DeleteObject
0x44c0a4 CreateDCA
0x44c0a8 GetObjectA
ADVAPI32.dll
0x44c000 RegCreateKeyW
0x44c004 CryptAcquireContextA
0x44c008 CryptGenRandom
0x44c00c CryptReleaseContext
0x44c010 GetUserNameW
0x44c014 RegEnumKeyExA
0x44c018 QueryServiceStatus
0x44c01c CloseServiceHandle
0x44c020 OpenSCManagerW
0x44c024 OpenSCManagerA
0x44c028 ControlService
0x44c02c StartServiceW
0x44c030 QueryServiceConfigW
0x44c034 ChangeServiceConfigW
0x44c038 OpenServiceW
0x44c03c EnumServicesStatusW
0x44c040 AdjustTokenPrivileges
0x44c044 LookupPrivilegeValueA
0x44c048 OpenProcessToken
0x44c04c RegCreateKeyA
0x44c050 RegCloseKey
0x44c054 RegQueryInfoKeyW
0x44c058 RegQueryValueExA
0x44c05c RegCreateKeyExW
0x44c060 RegEnumKeyExW
0x44c064 RegSetValueExW
0x44c068 RegSetValueExA
0x44c06c RegOpenKeyExA
0x44c070 RegOpenKeyExW
0x44c074 RegDeleteValueW
0x44c078 RegEnumValueW
0x44c07c RegQueryValueExW
0x44c080 RegDeleteKeyA
SHELL32.dll
0x44c2e4 ShellExecuteExA
0x44c2e8 Shell_NotifyIconA
0x44c2ec ExtractIconA
0x44c2f0 ShellExecuteW
SHLWAPI.dll
0x44c2f8 StrToIntA
0x44c2fc PathFileExistsA
0x44c300 PathFileExistsW
WINMM.dll
0x44c3a4 PlaySoundW
0x44c3a8 mciSendStringA
0x44c3ac mciSendStringW
WS2_32.dll
0x44c3b4 connect
0x44c3b8 socket
0x44c3bc send
0x44c3c0 WSAStartup
0x44c3c4 recv
0x44c3c8 htons
0x44c3cc htonl
0x44c3d0 getservbyname
0x44c3d4 inet_ntoa
0x44c3d8 ntohs
0x44c3dc getservbyport
0x44c3e0 gethostbyaddr
0x44c3e4 WSAGetLastError
0x44c3e8 WSASetLastError
0x44c3ec inet_addr
0x44c3f0 closesocket
0x44c3f4 gethostbyname
urlmon.dll
0x44c424 URLOpenBlockingStreamW
0x44c428 URLDownloadToFileW
gdiplus.dll
0x44c3fc GdiplusStartup
0x44c400 GdipDisposeImage
0x44c404 GdipLoadImageFromStream
0x44c408 GdipSaveImageToStream
0x44c40c GdipGetImageEncodersSize
0x44c410 GdipFree
0x44c414 GdipGetImageEncoders
0x44c418 GdipCloneImage
0x44c41c GdipAlloc
WININET.dll
0x44c390 InternetOpenW
0x44c394 InternetCloseHandle
0x44c398 InternetReadFile
0x44c39c InternetOpenUrlW
EAT(Export Address Table) is none