ScreenShot
| Created | 2023.06.22 10:37 | Machine | s1_win7_x6401 |
| Filename | qqsrv.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 48 detected (AIDetectMalware, ClipBanker, malicious, high confidence, GenericKD, Artemis, Kryptik, Vgs6, BypassUAC, ABRisk, OTCN, Attribute, HighConfidence, AGen, score, Gencirc, TMLOADER, YXDFIZ, ai score=86, Sabsik, Malgent, Detected, ZexaF, hCW@aqQ593li, BScope, unsafe, Chgt, Generic@AI, RDML, eXtWfiLpw2WVNvZ1OPg8zw, susgen, confidence, 100%) | ||
| md5 | f1bf04ac46c4a9fd55f902d495461147 | ||
| sha256 | bc06890c2b7992e31726f069dfbb6f1fda24601a7538244d44783c5a323d965a | ||
| ssdeep | 3072:/O0mln1RvntAOEiKLvBN1g4sZsGR6pst3:G3nrqRvBQRt3 | ||
| imphash | 7cc3a712b00c184b18453863a1a633b4 | ||
| impfuzzy | 24:pGaSLKek8JlF/gD7ozLjMU5c+5jJtWKC/l39yJE0oVSOovbO9ZY9QKQHk1G:pGabezpsULJc+TtWp/pr0e3OQKQHkg | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
SHLWAPI.dll
0x414150 wnsprintfW
0x414154 StrCmpNA
0x414158 StrChrA
0x41415c StrCmpNW
0x414160 StrStrW
KERNEL32.dll
0x414000 CreateEventW
0x414004 WriteConsoleW
0x414008 CreateFileW
0x41400c SetFilePointerEx
0x414010 HeapFree
0x414014 lstrlenW
0x414018 lstrlenA
0x41401c lstrcmpA
0x414020 GetSystemWow64DirectoryW
0x414024 Sleep
0x414028 GetLastError
0x41402c lstrcpyA
0x414030 GlobalFree
0x414034 HeapReAlloc
0x414038 HeapAlloc
0x41403c lstrcpynA
0x414040 GetProcessHeap
0x414044 lstrcpyW
0x414048 GetTickCount
0x41404c GetCurrentProcess
0x414050 GetCurrentThreadId
0x414054 CloseHandle
0x414058 GetProcAddress
0x41405c GetCurrentProcessId
0x414060 GetModuleHandleW
0x414064 GetModuleFileNameW
0x414068 OpenProcess
0x41406c GetWindowsDirectoryW
0x414070 ReadProcessMemory
0x414074 GetConsoleMode
0x414078 GetConsoleOutputCP
0x41407c FlushFileBuffers
0x414080 HeapSize
0x414084 GetStringTypeW
0x414088 SetStdHandle
0x41408c EnterCriticalSection
0x414090 LeaveCriticalSection
0x414094 DeleteCriticalSection
0x414098 SetEvent
0x41409c ResetEvent
0x4140a0 WaitForSingleObjectEx
0x4140a4 DecodePointer
0x4140a8 UnhandledExceptionFilter
0x4140ac SetUnhandledExceptionFilter
0x4140b0 TerminateProcess
0x4140b4 IsProcessorFeaturePresent
0x4140b8 IsDebuggerPresent
0x4140bc GetStartupInfoW
0x4140c0 QueryPerformanceCounter
0x4140c4 GetSystemTimeAsFileTime
0x4140c8 InitializeSListHead
0x4140cc EncodePointer
0x4140d0 RaiseException
0x4140d4 InitializeCriticalSectionAndSpinCount
0x4140d8 TlsAlloc
0x4140dc TlsGetValue
0x4140e0 TlsSetValue
0x4140e4 TlsFree
0x4140e8 FreeLibrary
0x4140ec LoadLibraryExW
0x4140f0 SetLastError
0x4140f4 RtlUnwind
0x4140f8 ExitProcess
0x4140fc GetModuleHandleExW
0x414100 GetStdHandle
0x414104 WriteFile
0x414108 FindClose
0x41410c FindFirstFileExW
0x414110 FindNextFileW
0x414114 IsValidCodePage
0x414118 GetACP
0x41411c GetOEMCP
0x414120 GetCPInfo
0x414124 GetCommandLineA
0x414128 GetCommandLineW
0x41412c MultiByteToWideChar
0x414130 WideCharToMultiByte
0x414134 GetEnvironmentStringsW
0x414138 FreeEnvironmentStringsW
0x41413c LCMapStringW
0x414140 GetFileType
USER32.dll
0x414168 wsprintfA
0x41416c wsprintfW
SHELL32.dll
0x414148 SHGetFolderPathW
ole32.dll
0x414174 CoInitializeEx
0x414178 CoGetObject
0x41417c CoUninitialize
EAT(Export Address Table) is none
SHLWAPI.dll
0x414150 wnsprintfW
0x414154 StrCmpNA
0x414158 StrChrA
0x41415c StrCmpNW
0x414160 StrStrW
KERNEL32.dll
0x414000 CreateEventW
0x414004 WriteConsoleW
0x414008 CreateFileW
0x41400c SetFilePointerEx
0x414010 HeapFree
0x414014 lstrlenW
0x414018 lstrlenA
0x41401c lstrcmpA
0x414020 GetSystemWow64DirectoryW
0x414024 Sleep
0x414028 GetLastError
0x41402c lstrcpyA
0x414030 GlobalFree
0x414034 HeapReAlloc
0x414038 HeapAlloc
0x41403c lstrcpynA
0x414040 GetProcessHeap
0x414044 lstrcpyW
0x414048 GetTickCount
0x41404c GetCurrentProcess
0x414050 GetCurrentThreadId
0x414054 CloseHandle
0x414058 GetProcAddress
0x41405c GetCurrentProcessId
0x414060 GetModuleHandleW
0x414064 GetModuleFileNameW
0x414068 OpenProcess
0x41406c GetWindowsDirectoryW
0x414070 ReadProcessMemory
0x414074 GetConsoleMode
0x414078 GetConsoleOutputCP
0x41407c FlushFileBuffers
0x414080 HeapSize
0x414084 GetStringTypeW
0x414088 SetStdHandle
0x41408c EnterCriticalSection
0x414090 LeaveCriticalSection
0x414094 DeleteCriticalSection
0x414098 SetEvent
0x41409c ResetEvent
0x4140a0 WaitForSingleObjectEx
0x4140a4 DecodePointer
0x4140a8 UnhandledExceptionFilter
0x4140ac SetUnhandledExceptionFilter
0x4140b0 TerminateProcess
0x4140b4 IsProcessorFeaturePresent
0x4140b8 IsDebuggerPresent
0x4140bc GetStartupInfoW
0x4140c0 QueryPerformanceCounter
0x4140c4 GetSystemTimeAsFileTime
0x4140c8 InitializeSListHead
0x4140cc EncodePointer
0x4140d0 RaiseException
0x4140d4 InitializeCriticalSectionAndSpinCount
0x4140d8 TlsAlloc
0x4140dc TlsGetValue
0x4140e0 TlsSetValue
0x4140e4 TlsFree
0x4140e8 FreeLibrary
0x4140ec LoadLibraryExW
0x4140f0 SetLastError
0x4140f4 RtlUnwind
0x4140f8 ExitProcess
0x4140fc GetModuleHandleExW
0x414100 GetStdHandle
0x414104 WriteFile
0x414108 FindClose
0x41410c FindFirstFileExW
0x414110 FindNextFileW
0x414114 IsValidCodePage
0x414118 GetACP
0x41411c GetOEMCP
0x414120 GetCPInfo
0x414124 GetCommandLineA
0x414128 GetCommandLineW
0x41412c MultiByteToWideChar
0x414130 WideCharToMultiByte
0x414134 GetEnvironmentStringsW
0x414138 FreeEnvironmentStringsW
0x41413c LCMapStringW
0x414140 GetFileType
USER32.dll
0x414168 wsprintfA
0x41416c wsprintfW
SHELL32.dll
0x414148 SHGetFolderPathW
ole32.dll
0x414174 CoInitializeEx
0x414178 CoGetObject
0x41417c CoUninitialize
EAT(Export Address Table) is none