ScreenShot
| Created | 2023.06.16 07:35 | Machine | s1_win7_x6403 |
| Filename | Upshotox64.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 30 detected (AIDetectMalware, unsafe, Save, malicious, confidence, 100%, Eldorado, Attribute, HighConfidence, high confidence, score, Zenpak, PWSX, Obfuscated, Lockbit, high, Static AI, Suspicious PE, STOP, Amadey, Detected, Generic@AI, RDML, dB6ChxfigfGVEcylfLM0, susgen) | ||
| md5 | 8c76e949a6b3bfb992ceb54c3be68f69 | ||
| sha256 | 682dc9f1350f3cfab2740e249fc00639927e0a53e8598e07611425dad2821719 | ||
| ssdeep | 3072:Vlbprkr+kEzf417cGwQyd79mo3VCLtcnxS/s0bQc2poHFh:nbpQr+kwQ18hJzVW+n40poH | ||
| imphash | 99ae33530ebff97e88a1ac2c3129a9f7 | ||
| impfuzzy | 24:pkP8kGM9KTAnRvvmDfBouKCY2dQBXoJ2V4W/+bIv1TWOU4acqOovAKXmtJJ32QIm:XRT0gCT2dscOUqtxtL2HK9rSYX | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x401008 ConvertThreadToFiber
0x40100c GetConsoleAliasExesLengthA
0x401010 InterlockedIncrement
0x401014 InterlockedDecrement
0x401018 WaitNamedPipeA
0x40101c GetCurrentProcess
0x401020 SetMailslotInfo
0x401024 ZombifyActCtx
0x401028 GetModuleHandleW
0x40102c GetTickCount
0x401030 SetFileTime
0x401034 EnumTimeFormatsW
0x401038 GetVolumePathNameW
0x40103c GlobalAlloc
0x401040 GetSystemDirectoryW
0x401044 SetFileShortNameW
0x401048 GetSystemPowerStatus
0x40104c FreeConsole
0x401050 GetCalendarInfoA
0x401054 GetFileAttributesA
0x401058 SetSystemPowerState
0x40105c GetShortPathNameA
0x401060 EnumSystemLocalesA
0x401064 GetProcAddress
0x401068 MoveFileW
0x40106c SetProcessAffinityMask
0x401070 EnterCriticalSection
0x401074 SearchPathA
0x401078 GetDiskFreeSpaceW
0x40107c LoadLibraryA
0x401080 WriteConsoleA
0x401084 GetProcessId
0x401088 InterlockedExchangeAdd
0x40108c DeleteTimerQueue
0x401090 SetCalendarInfoW
0x401094 FindFirstVolumeMountPointW
0x401098 BeginUpdateResourceA
0x40109c AddAtomA
0x4010a0 GetPrivateProfileStructA
0x4010a4 FindNextFileA
0x4010a8 GetModuleHandleA
0x4010ac OpenFileMappingW
0x4010b0 FreeEnvironmentStringsW
0x4010b4 GetCurrentDirectoryA
0x4010b8 GetShortPathNameW
0x4010bc GetVolumeNameForVolumeMountPointW
0x4010c0 EnumCalendarInfoExA
0x4010c4 DeleteFileA
0x4010c8 SetComputerNameA
0x4010cc ExitProcess
0x4010d0 WriteConsoleW
0x4010d4 HeapReAlloc
0x4010d8 GetLastError
0x4010dc MoveFileA
0x4010e0 MultiByteToWideChar
0x4010e4 GetCommandLineA
0x4010e8 HeapSetInformation
0x4010ec GetStartupInfoW
0x4010f0 RaiseException
0x4010f4 HeapAlloc
0x4010f8 HeapFree
0x4010fc IsProcessorFeaturePresent
0x401100 EncodePointer
0x401104 DecodePointer
0x401108 UnhandledExceptionFilter
0x40110c SetUnhandledExceptionFilter
0x401110 IsDebuggerPresent
0x401114 TerminateProcess
0x401118 GetCPInfo
0x40111c GetACP
0x401120 GetOEMCP
0x401124 IsValidCodePage
0x401128 TlsAlloc
0x40112c TlsGetValue
0x401130 TlsSetValue
0x401134 TlsFree
0x401138 SetLastError
0x40113c GetCurrentThreadId
0x401140 LeaveCriticalSection
0x401144 SetHandleCount
0x401148 GetStdHandle
0x40114c InitializeCriticalSectionAndSpinCount
0x401150 GetFileType
0x401154 DeleteCriticalSection
0x401158 CloseHandle
0x40115c WriteFile
0x401160 GetModuleFileNameW
0x401164 GetModuleFileNameA
0x401168 WideCharToMultiByte
0x40116c GetEnvironmentStringsW
0x401170 HeapCreate
0x401174 QueryPerformanceCounter
0x401178 GetCurrentProcessId
0x40117c GetSystemTimeAsFileTime
0x401180 LCMapStringW
0x401184 GetStringTypeW
0x401188 Sleep
0x40118c SetFilePointer
0x401190 GetConsoleCP
0x401194 GetConsoleMode
0x401198 RtlUnwind
0x40119c SetStdHandle
0x4011a0 FlushFileBuffers
0x4011a4 HeapSize
0x4011a8 LoadLibraryW
0x4011ac CreateFileW
GDI32.dll
0x401000 SelectPalette
WINHTTP.dll
0x4011b4 WinHttpGetProxyForUrl
EAT(Export Address Table) is none
KERNEL32.dll
0x401008 ConvertThreadToFiber
0x40100c GetConsoleAliasExesLengthA
0x401010 InterlockedIncrement
0x401014 InterlockedDecrement
0x401018 WaitNamedPipeA
0x40101c GetCurrentProcess
0x401020 SetMailslotInfo
0x401024 ZombifyActCtx
0x401028 GetModuleHandleW
0x40102c GetTickCount
0x401030 SetFileTime
0x401034 EnumTimeFormatsW
0x401038 GetVolumePathNameW
0x40103c GlobalAlloc
0x401040 GetSystemDirectoryW
0x401044 SetFileShortNameW
0x401048 GetSystemPowerStatus
0x40104c FreeConsole
0x401050 GetCalendarInfoA
0x401054 GetFileAttributesA
0x401058 SetSystemPowerState
0x40105c GetShortPathNameA
0x401060 EnumSystemLocalesA
0x401064 GetProcAddress
0x401068 MoveFileW
0x40106c SetProcessAffinityMask
0x401070 EnterCriticalSection
0x401074 SearchPathA
0x401078 GetDiskFreeSpaceW
0x40107c LoadLibraryA
0x401080 WriteConsoleA
0x401084 GetProcessId
0x401088 InterlockedExchangeAdd
0x40108c DeleteTimerQueue
0x401090 SetCalendarInfoW
0x401094 FindFirstVolumeMountPointW
0x401098 BeginUpdateResourceA
0x40109c AddAtomA
0x4010a0 GetPrivateProfileStructA
0x4010a4 FindNextFileA
0x4010a8 GetModuleHandleA
0x4010ac OpenFileMappingW
0x4010b0 FreeEnvironmentStringsW
0x4010b4 GetCurrentDirectoryA
0x4010b8 GetShortPathNameW
0x4010bc GetVolumeNameForVolumeMountPointW
0x4010c0 EnumCalendarInfoExA
0x4010c4 DeleteFileA
0x4010c8 SetComputerNameA
0x4010cc ExitProcess
0x4010d0 WriteConsoleW
0x4010d4 HeapReAlloc
0x4010d8 GetLastError
0x4010dc MoveFileA
0x4010e0 MultiByteToWideChar
0x4010e4 GetCommandLineA
0x4010e8 HeapSetInformation
0x4010ec GetStartupInfoW
0x4010f0 RaiseException
0x4010f4 HeapAlloc
0x4010f8 HeapFree
0x4010fc IsProcessorFeaturePresent
0x401100 EncodePointer
0x401104 DecodePointer
0x401108 UnhandledExceptionFilter
0x40110c SetUnhandledExceptionFilter
0x401110 IsDebuggerPresent
0x401114 TerminateProcess
0x401118 GetCPInfo
0x40111c GetACP
0x401120 GetOEMCP
0x401124 IsValidCodePage
0x401128 TlsAlloc
0x40112c TlsGetValue
0x401130 TlsSetValue
0x401134 TlsFree
0x401138 SetLastError
0x40113c GetCurrentThreadId
0x401140 LeaveCriticalSection
0x401144 SetHandleCount
0x401148 GetStdHandle
0x40114c InitializeCriticalSectionAndSpinCount
0x401150 GetFileType
0x401154 DeleteCriticalSection
0x401158 CloseHandle
0x40115c WriteFile
0x401160 GetModuleFileNameW
0x401164 GetModuleFileNameA
0x401168 WideCharToMultiByte
0x40116c GetEnvironmentStringsW
0x401170 HeapCreate
0x401174 QueryPerformanceCounter
0x401178 GetCurrentProcessId
0x40117c GetSystemTimeAsFileTime
0x401180 LCMapStringW
0x401184 GetStringTypeW
0x401188 Sleep
0x40118c SetFilePointer
0x401190 GetConsoleCP
0x401194 GetConsoleMode
0x401198 RtlUnwind
0x40119c SetStdHandle
0x4011a0 FlushFileBuffers
0x4011a4 HeapSize
0x4011a8 LoadLibraryW
0x4011ac CreateFileW
GDI32.dll
0x401000 SelectPalette
WINHTTP.dll
0x4011b4 WinHttpGetProxyForUrl
EAT(Export Address Table) is none