ScreenShot
| Created | 2023.06.28 07:28 | Machine | s1_win7_x6401 |
| Filename | rh1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 41 detected (AIDetectMalware, malicious, high confidence, GenericRXWD, GenericML, confidence, Zusy, Genus, Kryptik, Eldorado, HTRB, Agentb, Packed2, jwjzpi, CrypterX, score, ai score=83, Rhadamanthys, Detected, R584878, ZexaCO, BqW@a86OxTc, BScope, unsafe, GdSda, zDppI4axvVC, susgen) | ||
| md5 | af1efddb3afaf3bf4d121a9d4c7e7d68 | ||
| sha256 | 7d2102bb62f4eb41eac647e66f4f37eabce90eece6e0589603108b03ebfe300c | ||
| ssdeep | 6144:IjKvnAzRPqkroWhcrTIhB1uA2dOJhhgWbMbitWGFNuldsfiy3NiGA:Ijzgk06oIuA6ahE+F0/y36 | ||
| imphash | c304949191802a43e7e86d8fe3dcaf65 | ||
| impfuzzy | 48:/me80Y9hfwq+dZM654H/BC9tMkz8bitoEoKeRaNIcohiYM5:/mv0ehfwqiZMzWtMuWSoEleMqZW | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 41 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Detects Avast Antivirus through the presence of a library |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Executes one or more WMI queries |
| notice | Executes one or more WMI queries which can be used to identify virtual machines |
| info | One or more processes crashed |
| info | Queries for the computername |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41b238 GetSystemInfo
0x41b23c HeapCreate
0x41b240 VirtualQuery
0x41b244 OutputDebugStringA
0x41b248 WaitForSingleObject
0x41b24c HeapDestroy
0x41b250 CreateEventW
0x41b254 ExitProcess
0x41b258 WideCharToMultiByte
0x41b25c OutputDebugStringW
0x41b260 CreateFileW
0x41b264 ReadFile
0x41b268 CloseHandle
0x41b26c GetCurrentProcess
0x41b270 MultiByteToWideChar
0x41b274 GetModuleHandleW
0x41b278 InterlockedIncrement
0x41b27c GetModuleFileNameW
0x41b280 lstrlenW
0x41b284 HeapFree
0x41b288 MulDiv
0x41b28c GetProcessHeap
0x41b290 HeapAlloc
0x41b294 VirtualProtect
0x41b298 HeapSize
0x41b29c GetSystemTimeAsFileTime
0x41b2a0 GetModuleHandleA
0x41b2a4 GetStartupInfoA
0x41b2a8 GetCommandLineA
0x41b2ac GetVersionExA
0x41b2b0 TlsAlloc
0x41b2b4 SetLastError
0x41b2b8 GetCurrentThreadId
0x41b2bc GetLastError
0x41b2c0 TlsFree
0x41b2c4 TlsSetValue
0x41b2c8 TlsGetValue
0x41b2cc GetProcAddress
0x41b2d0 TerminateProcess
0x41b2d4 WriteFile
0x41b2d8 GetStdHandle
0x41b2dc GetModuleFileNameA
0x41b2e0 UnhandledExceptionFilter
0x41b2e4 FreeEnvironmentStringsA
0x41b2e8 GetEnvironmentStrings
0x41b2ec FreeEnvironmentStringsW
0x41b2f0 GetEnvironmentStringsW
0x41b2f4 SetHandleCount
0x41b2f8 GetFileType
0x41b2fc DeleteCriticalSection
0x41b300 VirtualFree
0x41b304 LeaveCriticalSection
0x41b308 EnterCriticalSection
0x41b30c GetACP
0x41b310 GetOEMCP
0x41b314 GetCPInfo
0x41b318 LoadLibraryA
0x41b31c InitializeCriticalSection
0x41b320 VirtualAlloc
0x41b324 HeapReAlloc
0x41b328 RtlUnwind
0x41b32c InterlockedExchange
0x41b330 GetLocaleInfoA
0x41b334 GetStringTypeA
0x41b338 GetStringTypeW
0x41b33c LCMapStringA
0x41b340 LCMapStringW
0x41b344 QueryPerformanceCounter
0x41b348 GetTickCount
0x41b34c GetCurrentProcessId
USER32.dll
0x41b35c ReleaseDC
0x41b360 GetDC
0x41b364 GetSystemMetrics
ADVAPI32.dll
0x41b000 RegQueryValueExW
0x41b004 RegCloseKey
0x41b008 RegOpenKeyExW
GDI32.dll
0x41b010 CreatePen
0x41b014 CloseMetaFile
0x41b018 CreatePolygonRgn
0x41b01c Pie
0x41b020 Chord
0x41b024 RealizePalette
0x41b028 GetCharacterPlacementW
0x41b02c GetObjectW
0x41b030 DPtoLP
0x41b034 StartDocW
0x41b038 RectVisible
0x41b03c GetStockObject
0x41b040 SaveDC
0x41b044 GetTextMetricsA
0x41b048 EndPath
0x41b04c GetNearestColor
0x41b050 CreatePenIndirect
0x41b054 CreateHalftonePalette
0x41b058 GetDIBColorTable
0x41b05c PolyBezier
0x41b060 SetWinMetaFileBits
0x41b064 FillRgn
0x41b068 RectInRegion
0x41b06c CreateFontIndirectW
0x41b070 ExtFloodFill
0x41b074 PtInRegion
0x41b078 GetBitmapBits
0x41b07c GetDeviceCaps
0x41b080 CopyEnhMetaFileW
0x41b084 GetEnhMetaFileHeader
0x41b088 SetRectRgn
0x41b08c StartPage
0x41b090 CreatePatternBrush
0x41b094 EndPage
0x41b098 EqualRgn
0x41b09c TextOutW
0x41b0a0 Rectangle
0x41b0a4 SetStretchBltMode
0x41b0a8 GetWorldTransform
0x41b0ac GetDIBits
0x41b0b0 BeginPath
0x41b0b4 SetAbortProc
0x41b0b8 StretchBlt
0x41b0bc GetROP2
0x41b0c0 SetWorldTransform
0x41b0c4 CreateDIBitmap
0x41b0c8 CreatePalette
0x41b0cc GetViewportOrgEx
0x41b0d0 GetClipBox
0x41b0d4 ExtCreateRegion
0x41b0d8 SetMetaFileBitsEx
0x41b0dc SetBkMode
0x41b0e0 CombineTransform
0x41b0e4 DeleteObject
0x41b0e8 SelectObject
0x41b0ec Polyline
0x41b0f0 CreateFontIndirectA
0x41b0f4 SelectPalette
0x41b0f8 SetTextJustification
0x41b0fc CreateBrushIndirect
0x41b100 SetTextColor
0x41b104 GetBkMode
0x41b108 MoveToEx
0x41b10c AbortDoc
0x41b110 GetSystemPaletteEntries
0x41b114 SetMapMode
0x41b118 CreateEnhMetaFileW
0x41b11c CombineRgn
0x41b120 SetWindowExtEx
0x41b124 GetTextMetricsW
0x41b128 GetEnhMetaFilePaletteEntries
0x41b12c GetMapMode
0x41b130 SetEnhMetaFileBits
0x41b134 EnumFontsW
0x41b138 AngleArc
0x41b13c RoundRect
0x41b140 RestoreDC
0x41b144 LineTo
0x41b148 ModifyWorldTransform
0x41b14c SetBkColor
0x41b150 ExtSelectClipRgn
0x41b154 SetViewportOrgEx
0x41b158 CreateBitmap
0x41b15c GetCurrentObject
0x41b160 GetEnhMetaFileDescriptionW
0x41b164 FrameRgn
0x41b168 PatBlt
0x41b16c CreateDIBSection
0x41b170 CreateCompatibleBitmap
0x41b174 CreateSolidBrush
0x41b178 PlayEnhMetaFile
0x41b17c GetEnhMetaFileBits
0x41b180 SetROP2
0x41b184 SetDIBits
0x41b188 GetBkColor
0x41b18c PathToRegion
0x41b190 DeleteMetaFile
0x41b194 GetTextExtentExPointW
0x41b198 ExcludeClipRect
0x41b19c DeleteDC
0x41b1a0 CreateDCW
0x41b1a4 GetWinMetaFileBits
0x41b1a8 SetWindowOrgEx
0x41b1ac CreateRectRgn
0x41b1b0 GetStretchBltMode
0x41b1b4 GetTextColor
0x41b1b8 CreateICW
0x41b1bc CreateRectRgnIndirect
0x41b1c0 DeleteEnhMetaFile
0x41b1c4 GetObjectType
0x41b1c8 GetTextExtentPoint32W
0x41b1cc CreateMetaFileW
0x41b1d0 SelectClipRgn
0x41b1d4 FillPath
0x41b1d8 CloseEnhMetaFile
0x41b1dc EndDoc
0x41b1e0 SetDIBColorTable
0x41b1e4 UnrealizeObject
0x41b1e8 ExtCreatePen
0x41b1ec LPtoDP
0x41b1f0 MaskBlt
0x41b1f4 CreateEllipticRgn
0x41b1f8 GetClipRgn
0x41b1fc GetRgnBox
0x41b200 GetWindowOrgEx
0x41b204 BitBlt
0x41b208 PolyBezierTo
0x41b20c Polygon
0x41b210 PtVisible
0x41b214 ResizePalette
0x41b218 Ellipse
0x41b21c ArcTo
0x41b220 SetGraphicsMode
0x41b224 IntersectClipRect
0x41b228 Arc
0x41b22c OffsetRgn
0x41b230 GetRandomRgn
WINMM.dll
0x41b36c timeGetTime
0x41b370 sndPlaySoundW
MSIMG32.dll
0x41b354 GradientFill
EAT(Export Address Table) is none
KERNEL32.dll
0x41b238 GetSystemInfo
0x41b23c HeapCreate
0x41b240 VirtualQuery
0x41b244 OutputDebugStringA
0x41b248 WaitForSingleObject
0x41b24c HeapDestroy
0x41b250 CreateEventW
0x41b254 ExitProcess
0x41b258 WideCharToMultiByte
0x41b25c OutputDebugStringW
0x41b260 CreateFileW
0x41b264 ReadFile
0x41b268 CloseHandle
0x41b26c GetCurrentProcess
0x41b270 MultiByteToWideChar
0x41b274 GetModuleHandleW
0x41b278 InterlockedIncrement
0x41b27c GetModuleFileNameW
0x41b280 lstrlenW
0x41b284 HeapFree
0x41b288 MulDiv
0x41b28c GetProcessHeap
0x41b290 HeapAlloc
0x41b294 VirtualProtect
0x41b298 HeapSize
0x41b29c GetSystemTimeAsFileTime
0x41b2a0 GetModuleHandleA
0x41b2a4 GetStartupInfoA
0x41b2a8 GetCommandLineA
0x41b2ac GetVersionExA
0x41b2b0 TlsAlloc
0x41b2b4 SetLastError
0x41b2b8 GetCurrentThreadId
0x41b2bc GetLastError
0x41b2c0 TlsFree
0x41b2c4 TlsSetValue
0x41b2c8 TlsGetValue
0x41b2cc GetProcAddress
0x41b2d0 TerminateProcess
0x41b2d4 WriteFile
0x41b2d8 GetStdHandle
0x41b2dc GetModuleFileNameA
0x41b2e0 UnhandledExceptionFilter
0x41b2e4 FreeEnvironmentStringsA
0x41b2e8 GetEnvironmentStrings
0x41b2ec FreeEnvironmentStringsW
0x41b2f0 GetEnvironmentStringsW
0x41b2f4 SetHandleCount
0x41b2f8 GetFileType
0x41b2fc DeleteCriticalSection
0x41b300 VirtualFree
0x41b304 LeaveCriticalSection
0x41b308 EnterCriticalSection
0x41b30c GetACP
0x41b310 GetOEMCP
0x41b314 GetCPInfo
0x41b318 LoadLibraryA
0x41b31c InitializeCriticalSection
0x41b320 VirtualAlloc
0x41b324 HeapReAlloc
0x41b328 RtlUnwind
0x41b32c InterlockedExchange
0x41b330 GetLocaleInfoA
0x41b334 GetStringTypeA
0x41b338 GetStringTypeW
0x41b33c LCMapStringA
0x41b340 LCMapStringW
0x41b344 QueryPerformanceCounter
0x41b348 GetTickCount
0x41b34c GetCurrentProcessId
USER32.dll
0x41b35c ReleaseDC
0x41b360 GetDC
0x41b364 GetSystemMetrics
ADVAPI32.dll
0x41b000 RegQueryValueExW
0x41b004 RegCloseKey
0x41b008 RegOpenKeyExW
GDI32.dll
0x41b010 CreatePen
0x41b014 CloseMetaFile
0x41b018 CreatePolygonRgn
0x41b01c Pie
0x41b020 Chord
0x41b024 RealizePalette
0x41b028 GetCharacterPlacementW
0x41b02c GetObjectW
0x41b030 DPtoLP
0x41b034 StartDocW
0x41b038 RectVisible
0x41b03c GetStockObject
0x41b040 SaveDC
0x41b044 GetTextMetricsA
0x41b048 EndPath
0x41b04c GetNearestColor
0x41b050 CreatePenIndirect
0x41b054 CreateHalftonePalette
0x41b058 GetDIBColorTable
0x41b05c PolyBezier
0x41b060 SetWinMetaFileBits
0x41b064 FillRgn
0x41b068 RectInRegion
0x41b06c CreateFontIndirectW
0x41b070 ExtFloodFill
0x41b074 PtInRegion
0x41b078 GetBitmapBits
0x41b07c GetDeviceCaps
0x41b080 CopyEnhMetaFileW
0x41b084 GetEnhMetaFileHeader
0x41b088 SetRectRgn
0x41b08c StartPage
0x41b090 CreatePatternBrush
0x41b094 EndPage
0x41b098 EqualRgn
0x41b09c TextOutW
0x41b0a0 Rectangle
0x41b0a4 SetStretchBltMode
0x41b0a8 GetWorldTransform
0x41b0ac GetDIBits
0x41b0b0 BeginPath
0x41b0b4 SetAbortProc
0x41b0b8 StretchBlt
0x41b0bc GetROP2
0x41b0c0 SetWorldTransform
0x41b0c4 CreateDIBitmap
0x41b0c8 CreatePalette
0x41b0cc GetViewportOrgEx
0x41b0d0 GetClipBox
0x41b0d4 ExtCreateRegion
0x41b0d8 SetMetaFileBitsEx
0x41b0dc SetBkMode
0x41b0e0 CombineTransform
0x41b0e4 DeleteObject
0x41b0e8 SelectObject
0x41b0ec Polyline
0x41b0f0 CreateFontIndirectA
0x41b0f4 SelectPalette
0x41b0f8 SetTextJustification
0x41b0fc CreateBrushIndirect
0x41b100 SetTextColor
0x41b104 GetBkMode
0x41b108 MoveToEx
0x41b10c AbortDoc
0x41b110 GetSystemPaletteEntries
0x41b114 SetMapMode
0x41b118 CreateEnhMetaFileW
0x41b11c CombineRgn
0x41b120 SetWindowExtEx
0x41b124 GetTextMetricsW
0x41b128 GetEnhMetaFilePaletteEntries
0x41b12c GetMapMode
0x41b130 SetEnhMetaFileBits
0x41b134 EnumFontsW
0x41b138 AngleArc
0x41b13c RoundRect
0x41b140 RestoreDC
0x41b144 LineTo
0x41b148 ModifyWorldTransform
0x41b14c SetBkColor
0x41b150 ExtSelectClipRgn
0x41b154 SetViewportOrgEx
0x41b158 CreateBitmap
0x41b15c GetCurrentObject
0x41b160 GetEnhMetaFileDescriptionW
0x41b164 FrameRgn
0x41b168 PatBlt
0x41b16c CreateDIBSection
0x41b170 CreateCompatibleBitmap
0x41b174 CreateSolidBrush
0x41b178 PlayEnhMetaFile
0x41b17c GetEnhMetaFileBits
0x41b180 SetROP2
0x41b184 SetDIBits
0x41b188 GetBkColor
0x41b18c PathToRegion
0x41b190 DeleteMetaFile
0x41b194 GetTextExtentExPointW
0x41b198 ExcludeClipRect
0x41b19c DeleteDC
0x41b1a0 CreateDCW
0x41b1a4 GetWinMetaFileBits
0x41b1a8 SetWindowOrgEx
0x41b1ac CreateRectRgn
0x41b1b0 GetStretchBltMode
0x41b1b4 GetTextColor
0x41b1b8 CreateICW
0x41b1bc CreateRectRgnIndirect
0x41b1c0 DeleteEnhMetaFile
0x41b1c4 GetObjectType
0x41b1c8 GetTextExtentPoint32W
0x41b1cc CreateMetaFileW
0x41b1d0 SelectClipRgn
0x41b1d4 FillPath
0x41b1d8 CloseEnhMetaFile
0x41b1dc EndDoc
0x41b1e0 SetDIBColorTable
0x41b1e4 UnrealizeObject
0x41b1e8 ExtCreatePen
0x41b1ec LPtoDP
0x41b1f0 MaskBlt
0x41b1f4 CreateEllipticRgn
0x41b1f8 GetClipRgn
0x41b1fc GetRgnBox
0x41b200 GetWindowOrgEx
0x41b204 BitBlt
0x41b208 PolyBezierTo
0x41b20c Polygon
0x41b210 PtVisible
0x41b214 ResizePalette
0x41b218 Ellipse
0x41b21c ArcTo
0x41b220 SetGraphicsMode
0x41b224 IntersectClipRect
0x41b228 Arc
0x41b22c OffsetRgn
0x41b230 GetRandomRgn
WINMM.dll
0x41b36c timeGetTime
0x41b370 sndPlaySoundW
MSIMG32.dll
0x41b354 GradientFill
EAT(Export Address Table) is none