ScreenShot
| Created | 2023.06.20 07:36 | Machine | s1_win7_x6401 |
| Filename | Connector.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 4 detected (Strab, malicious, moderate, score, ZexaF, @tZ@aOKqrdbi) | ||
| md5 | e3712d22893f309738fd59d00ced152f | ||
| sha256 | d9e54f6fa96be453706495c9282a926667f750d348bdb9ea47c4a9fa93f80ab2 | ||
| ssdeep | 49152:xpfdVYHLKk3+0U0cP8F1iHO73/wl/PVjeWVDz:xpfdKekuF06+1UO8VjeWt | ||
| imphash | 069f6c9fc62e38acc1fe87eb9669ac66 | ||
| impfuzzy | 48:qWTYb04BO7OtrGX8voL5cpeaKGKQJjj/4v6U0nLxHBf9+tRuECAC54oEpNpSv1xk:qWTB4BO7wGX8voL5cpeh0GhrArXQx | ||
Network IP location
Signature (12cnts)
| Level | Description |
|---|---|
| watch | Appends a known CryptoMix ransomware file extension to files that have been encrypted |
| watch | Attempts to access Bitcoin/ALTCoin wallets |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | File has been identified by 4 AntiVirus engines on VirusTotal as malicious |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Sends data using the HTTP POST Method |
| notice | Steals private information from local Internet browsers |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x425078 GetEnvironmentVariableA
0x42507c GetDiskFreeSpaceA
0x425080 GetTempPathA
0x425084 GetCurrentProcess
0x425088 OpenProcess
0x42508c GetModuleFileNameA
0x425090 VerifyVersionInfoW
0x425094 MultiByteToWideChar
0x425098 GetCurrentDirectoryA
0x42509c LocalFileTimeToFileTime
0x4250a0 SetFileTime
0x4250a4 SystemTimeToFileTime
0x4250a8 WriteConsoleW
0x4250ac CreateFileW
0x4250b0 DecodePointer
0x4250b4 GetConsoleMode
0x4250b8 GetConsoleCP
0x4250bc FlushFileBuffers
0x4250c0 HeapReAlloc
0x4250c4 HeapSize
0x4250c8 SetFilePointerEx
0x4250cc GetStringTypeW
0x4250d0 SetStdHandle
0x4250d4 GetProcessHeap
0x4250d8 FreeEnvironmentStringsW
0x4250dc VerSetConditionMask
0x4250e0 WriteFile
0x4250e4 GetCommandLineA
0x4250e8 GetCPInfo
0x4250ec GetOEMCP
0x4250f0 GetACP
0x4250f4 IsValidCodePage
0x4250f8 FindNextFileW
0x4250fc FindFirstFileExW
0x425100 LCMapStringW
0x425104 GetFileType
0x425108 HeapAlloc
0x42510c HeapFree
0x425110 GetStdHandle
0x425114 GetModuleFileNameW
0x425118 GetCurrentDirectoryW
0x42511c SetCurrentDirectoryW
0x425120 SetEnvironmentVariableW
0x425124 ExitProcess
0x425128 GetModuleHandleExW
0x42512c FreeLibraryAndExitThread
0x425130 ResumeThread
0x425134 ExitThread
0x425138 CreateThread
0x42513c LoadLibraryExW
0x425140 FreeLibrary
0x425144 GetWindowsDirectoryA
0x425148 GetSystemDirectoryA
0x42514c CopyFileA
0x425150 FindResourceA
0x425154 SizeofResource
0x425158 LockResource
0x42515c LoadResource
0x425160 GetEnvironmentStringsW
0x425164 GetLastError
0x425168 SetFilePointer
0x42516c ReadFile
0x425170 GetFileSize
0x425174 GetFileAttributesExA
0x425178 CreateDirectoryA
0x42517c CreateFileA
0x425180 MoveFileExA
0x425184 GetProcAddress
0x425188 GetModuleHandleA
0x42518c CreateProcessA
0x425190 GetExitCodeProcess
0x425194 TerminateProcess
0x425198 Sleep
0x42519c DeleteFileA
0x4251a0 CloseHandle
0x4251a4 RemoveDirectoryA
0x4251a8 GetFileAttributesA
0x4251ac FindNextFileA
0x4251b0 FindFirstFileA
0x4251b4 FindClose
0x4251b8 GetCommandLineW
0x4251bc TlsFree
0x4251c0 TlsSetValue
0x4251c4 TlsGetValue
0x4251c8 TlsAlloc
0x4251cc EncodePointer
0x4251d0 SetLastError
0x4251d4 RaiseException
0x4251d8 RtlUnwind
0x4251dc LocalFree
0x4251e0 WideCharToMultiByte
0x4251e4 InitializeSListHead
0x4251e8 GetSystemTimeAsFileTime
0x4251ec GetCurrentThreadId
0x4251f0 GetCurrentProcessId
0x4251f4 QueryPerformanceCounter
0x4251f8 GetStartupInfoW
0x4251fc IsDebuggerPresent
0x425200 IsProcessorFeaturePresent
0x425204 SetUnhandledExceptionFilter
0x425208 UnhandledExceptionFilter
0x42520c GetModuleHandleW
0x425210 CreateEventW
0x425214 EnterCriticalSection
0x425218 LeaveCriticalSection
0x42521c InitializeCriticalSectionAndSpinCount
0x425220 DeleteCriticalSection
0x425224 SetEvent
0x425228 ResetEvent
0x42522c WaitForSingleObjectEx
USER32.dll
0x42527c ShowWindow
0x425280 CallWindowProcA
0x425284 wsprintfA
0x425288 SetProcessDPIAware
0x42528c GetWindowThreadProcessId
0x425290 GetClassNameA
0x425294 EnumWindows
0x425298 FindWindowExA
0x42529c FindWindowA
0x4252a0 DialogBoxParamA
0x4252a4 MonitorFromWindow
0x4252a8 SystemParametersInfoA
0x4252ac DrawIconEx
0x4252b0 LoadImageA
0x4252b4 EnumChildWindows
0x4252b8 SetClassLongA
0x4252bc GetDlgItem
0x4252c0 MessageBoxA
0x4252c4 GetWindowTextA
0x4252c8 SetWindowTextA
0x4252cc ReleaseDC
0x4252d0 GetDC
0x4252d4 SetForegroundWindow
0x4252d8 EnableWindow
0x4252dc SendDlgItemMessageA
0x4252e0 SetDlgItemTextA
0x4252e4 EndDialog
0x4252e8 CreateDialogParamA
0x4252ec PostMessageA
0x4252f0 PeekMessageA
0x4252f4 DispatchMessageA
0x4252f8 TranslateMessage
0x4252fc LoadStringA
0x425300 SendMessageA
0x425304 LoadCursorA
0x425308 SetWindowLongA
0x42530c GetWindowLongA
0x425310 FillRect
0x425314 DrawFocusRect
0x425318 SetCursor
0x42531c GetClientRect
0x425320 InvalidateRect
0x425324 EndPaint
0x425328 BeginPaint
0x42532c DrawTextA
0x425330 GetFocus
0x425334 SetFocus
0x425338 GetDlgItemTextA
GDI32.dll
0x425054 DeleteObject
0x425058 CreateSolidBrush
0x42505c CreateFontA
0x425060 CreateFontIndirectA
0x425064 SetTextColor
0x425068 SetBkMode
0x42506c SelectObject
0x425070 GetDeviceCaps
ADVAPI32.dll
0x425000 OpenSCManagerA
0x425004 GetUserNameA
0x425008 RevertToSelf
0x42500c ImpersonateLoggedOnUser
0x425010 DuplicateTokenEx
0x425014 OpenProcessToken
0x425018 OpenServiceA
0x42501c ControlService
0x425020 CloseServiceHandle
0x425024 RegSetValueExA
0x425028 RegQueryValueExA
0x42502c RegOpenKeyExA
0x425030 RegEnumValueA
0x425034 RegEnumKeyExA
0x425038 RegDeleteValueA
0x42503c RegCreateKeyExA
0x425040 RegCloseKey
0x425044 LookupAccountSidW
0x425048 FreeSid
0x42504c AllocateAndInitializeSid
SHELL32.dll
0x425248 SHGetPathFromIDListA
0x42524c SHBrowseForFolderA
0x425250 None
0x425254 SHFileOperationA
0x425258 ShellExecuteA
0x42525c SHGetMalloc
0x425260 SHGetSpecialFolderLocation
0x425264 SHChangeNotify
ole32.dll
0x425340 CoInitializeSecurity
0x425344 CoCreateInstance
0x425348 CoInitialize
0x42534c CoUninitialize
0x425350 CoInitializeEx
OLEAUT32.dll
0x425234 VariantClear
0x425238 VariantInit
0x42523c SysFreeString
0x425240 SysAllocString
SHLWAPI.dll
0x42526c PathIsRelativeA
0x425270 SHDeleteKeyA
0x425274 PathIsNetworkPathA
EAT(Export Address Table) is none
KERNEL32.dll
0x425078 GetEnvironmentVariableA
0x42507c GetDiskFreeSpaceA
0x425080 GetTempPathA
0x425084 GetCurrentProcess
0x425088 OpenProcess
0x42508c GetModuleFileNameA
0x425090 VerifyVersionInfoW
0x425094 MultiByteToWideChar
0x425098 GetCurrentDirectoryA
0x42509c LocalFileTimeToFileTime
0x4250a0 SetFileTime
0x4250a4 SystemTimeToFileTime
0x4250a8 WriteConsoleW
0x4250ac CreateFileW
0x4250b0 DecodePointer
0x4250b4 GetConsoleMode
0x4250b8 GetConsoleCP
0x4250bc FlushFileBuffers
0x4250c0 HeapReAlloc
0x4250c4 HeapSize
0x4250c8 SetFilePointerEx
0x4250cc GetStringTypeW
0x4250d0 SetStdHandle
0x4250d4 GetProcessHeap
0x4250d8 FreeEnvironmentStringsW
0x4250dc VerSetConditionMask
0x4250e0 WriteFile
0x4250e4 GetCommandLineA
0x4250e8 GetCPInfo
0x4250ec GetOEMCP
0x4250f0 GetACP
0x4250f4 IsValidCodePage
0x4250f8 FindNextFileW
0x4250fc FindFirstFileExW
0x425100 LCMapStringW
0x425104 GetFileType
0x425108 HeapAlloc
0x42510c HeapFree
0x425110 GetStdHandle
0x425114 GetModuleFileNameW
0x425118 GetCurrentDirectoryW
0x42511c SetCurrentDirectoryW
0x425120 SetEnvironmentVariableW
0x425124 ExitProcess
0x425128 GetModuleHandleExW
0x42512c FreeLibraryAndExitThread
0x425130 ResumeThread
0x425134 ExitThread
0x425138 CreateThread
0x42513c LoadLibraryExW
0x425140 FreeLibrary
0x425144 GetWindowsDirectoryA
0x425148 GetSystemDirectoryA
0x42514c CopyFileA
0x425150 FindResourceA
0x425154 SizeofResource
0x425158 LockResource
0x42515c LoadResource
0x425160 GetEnvironmentStringsW
0x425164 GetLastError
0x425168 SetFilePointer
0x42516c ReadFile
0x425170 GetFileSize
0x425174 GetFileAttributesExA
0x425178 CreateDirectoryA
0x42517c CreateFileA
0x425180 MoveFileExA
0x425184 GetProcAddress
0x425188 GetModuleHandleA
0x42518c CreateProcessA
0x425190 GetExitCodeProcess
0x425194 TerminateProcess
0x425198 Sleep
0x42519c DeleteFileA
0x4251a0 CloseHandle
0x4251a4 RemoveDirectoryA
0x4251a8 GetFileAttributesA
0x4251ac FindNextFileA
0x4251b0 FindFirstFileA
0x4251b4 FindClose
0x4251b8 GetCommandLineW
0x4251bc TlsFree
0x4251c0 TlsSetValue
0x4251c4 TlsGetValue
0x4251c8 TlsAlloc
0x4251cc EncodePointer
0x4251d0 SetLastError
0x4251d4 RaiseException
0x4251d8 RtlUnwind
0x4251dc LocalFree
0x4251e0 WideCharToMultiByte
0x4251e4 InitializeSListHead
0x4251e8 GetSystemTimeAsFileTime
0x4251ec GetCurrentThreadId
0x4251f0 GetCurrentProcessId
0x4251f4 QueryPerformanceCounter
0x4251f8 GetStartupInfoW
0x4251fc IsDebuggerPresent
0x425200 IsProcessorFeaturePresent
0x425204 SetUnhandledExceptionFilter
0x425208 UnhandledExceptionFilter
0x42520c GetModuleHandleW
0x425210 CreateEventW
0x425214 EnterCriticalSection
0x425218 LeaveCriticalSection
0x42521c InitializeCriticalSectionAndSpinCount
0x425220 DeleteCriticalSection
0x425224 SetEvent
0x425228 ResetEvent
0x42522c WaitForSingleObjectEx
USER32.dll
0x42527c ShowWindow
0x425280 CallWindowProcA
0x425284 wsprintfA
0x425288 SetProcessDPIAware
0x42528c GetWindowThreadProcessId
0x425290 GetClassNameA
0x425294 EnumWindows
0x425298 FindWindowExA
0x42529c FindWindowA
0x4252a0 DialogBoxParamA
0x4252a4 MonitorFromWindow
0x4252a8 SystemParametersInfoA
0x4252ac DrawIconEx
0x4252b0 LoadImageA
0x4252b4 EnumChildWindows
0x4252b8 SetClassLongA
0x4252bc GetDlgItem
0x4252c0 MessageBoxA
0x4252c4 GetWindowTextA
0x4252c8 SetWindowTextA
0x4252cc ReleaseDC
0x4252d0 GetDC
0x4252d4 SetForegroundWindow
0x4252d8 EnableWindow
0x4252dc SendDlgItemMessageA
0x4252e0 SetDlgItemTextA
0x4252e4 EndDialog
0x4252e8 CreateDialogParamA
0x4252ec PostMessageA
0x4252f0 PeekMessageA
0x4252f4 DispatchMessageA
0x4252f8 TranslateMessage
0x4252fc LoadStringA
0x425300 SendMessageA
0x425304 LoadCursorA
0x425308 SetWindowLongA
0x42530c GetWindowLongA
0x425310 FillRect
0x425314 DrawFocusRect
0x425318 SetCursor
0x42531c GetClientRect
0x425320 InvalidateRect
0x425324 EndPaint
0x425328 BeginPaint
0x42532c DrawTextA
0x425330 GetFocus
0x425334 SetFocus
0x425338 GetDlgItemTextA
GDI32.dll
0x425054 DeleteObject
0x425058 CreateSolidBrush
0x42505c CreateFontA
0x425060 CreateFontIndirectA
0x425064 SetTextColor
0x425068 SetBkMode
0x42506c SelectObject
0x425070 GetDeviceCaps
ADVAPI32.dll
0x425000 OpenSCManagerA
0x425004 GetUserNameA
0x425008 RevertToSelf
0x42500c ImpersonateLoggedOnUser
0x425010 DuplicateTokenEx
0x425014 OpenProcessToken
0x425018 OpenServiceA
0x42501c ControlService
0x425020 CloseServiceHandle
0x425024 RegSetValueExA
0x425028 RegQueryValueExA
0x42502c RegOpenKeyExA
0x425030 RegEnumValueA
0x425034 RegEnumKeyExA
0x425038 RegDeleteValueA
0x42503c RegCreateKeyExA
0x425040 RegCloseKey
0x425044 LookupAccountSidW
0x425048 FreeSid
0x42504c AllocateAndInitializeSid
SHELL32.dll
0x425248 SHGetPathFromIDListA
0x42524c SHBrowseForFolderA
0x425250 None
0x425254 SHFileOperationA
0x425258 ShellExecuteA
0x42525c SHGetMalloc
0x425260 SHGetSpecialFolderLocation
0x425264 SHChangeNotify
ole32.dll
0x425340 CoInitializeSecurity
0x425344 CoCreateInstance
0x425348 CoInitialize
0x42534c CoUninitialize
0x425350 CoInitializeEx
OLEAUT32.dll
0x425234 VariantClear
0x425238 VariantInit
0x42523c SysFreeString
0x425240 SysAllocString
SHLWAPI.dll
0x42526c PathIsRelativeA
0x425270 SHDeleteKeyA
0x425274 PathIsNetworkPathA
EAT(Export Address Table) is none