ScreenShot
| Created | 2023.06.30 17:48 | Machine | s1_win7_x6401 |
| Filename | fortnite3.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 55 detected (AIDetectMalware, Tasker, Doina, GenericRXTY, unsafe, Save, ClipBanker, malicious, Eldorado, Attribute, HighConfidence, Windows, score, jqazlz, BankerX, Gencirc, AGEN, DownLoader45, NetLoader, Static AI, Malicious PE, AllCome, Detected, BScope, ai score=87, GdSda, lsD8x0cCYBV, 6kedH1o, AllcomeClipper, susgen, confidence, 100%) | ||
| md5 | ed0a563d3d57d03356187c1a2fbcce3f | ||
| sha256 | ed78295a1b60b7053383c7f2a4837c62cb5625d7d57b5f4121df45660a000c65 | ||
| ssdeep | 3072:kBHLe0crYUAc3W3RBjJ9wUZBva7oRrADruYQLeT8YGjjsxf:k1vcruc3WBBEUy7oL3jjwf | ||
| imphash | ed5e7a68bd9d3fcbe4fc8ca66473351b | ||
| impfuzzy | 24:7ZjCv2MUZHjtMS1OmjsnDYc+MMdlJe1l39ro6XhviSOovbOGA/ZllaDB9+we:ntMS1Otkc+MMWpZNe3GA/Zlla9gwe | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 55 AntiVirus engines on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | ASPack_Zero | ASPack packed file | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x415000 GlobalAlloc
0x415004 GlobalLock
0x415008 GlobalUnlock
0x41500c CopyFileA
0x415010 SetFileAttributesA
0x415014 CreateDirectoryA
0x415018 Process32First
0x41501c CreateMutexA
0x415020 WaitForSingleObject
0x415024 CreateToolhelp32Snapshot
0x415028 Process32Next
0x41502c CloseHandle
0x415030 GetModuleFileNameA
0x415034 MultiByteToWideChar
0x415038 CreateFileW
0x41503c DecodePointer
0x415040 GetConsoleMode
0x415044 GetConsoleOutputCP
0x415048 FlushFileBuffers
0x41504c HeapReAlloc
0x415050 HeapSize
0x415054 SetFilePointerEx
0x415058 GetProcessHeap
0x41505c GetStringTypeW
0x415060 SetStdHandle
0x415064 FreeEnvironmentStringsW
0x415068 GetEnvironmentStringsW
0x41506c WideCharToMultiByte
0x415070 UnhandledExceptionFilter
0x415074 SetUnhandledExceptionFilter
0x415078 GetCurrentProcess
0x41507c TerminateProcess
0x415080 IsProcessorFeaturePresent
0x415084 QueryPerformanceCounter
0x415088 GetCurrentProcessId
0x41508c GetCurrentThreadId
0x415090 GetSystemTimeAsFileTime
0x415094 InitializeSListHead
0x415098 IsDebuggerPresent
0x41509c GetStartupInfoW
0x4150a0 GetModuleHandleW
0x4150a4 QueryPerformanceFrequency
0x4150a8 WaitForSingleObjectEx
0x4150ac Sleep
0x4150b0 GetExitCodeThread
0x4150b4 InitializeCriticalSectionEx
0x4150b8 GetProcAddress
0x4150bc EnterCriticalSection
0x4150c0 LeaveCriticalSection
0x4150c4 DeleteCriticalSection
0x4150c8 RtlUnwind
0x4150cc RaiseException
0x4150d0 GetLastError
0x4150d4 SetLastError
0x4150d8 EncodePointer
0x4150dc InitializeCriticalSectionAndSpinCount
0x4150e0 TlsAlloc
0x4150e4 TlsGetValue
0x4150e8 TlsSetValue
0x4150ec TlsFree
0x4150f0 FreeLibrary
0x4150f4 LoadLibraryExW
0x4150f8 ExitProcess
0x4150fc GetModuleHandleExW
0x415100 CreateThread
0x415104 ExitThread
0x415108 FreeLibraryAndExitThread
0x41510c GetStdHandle
0x415110 WriteFile
0x415114 GetModuleFileNameW
0x415118 HeapFree
0x41511c HeapAlloc
0x415120 GetFileType
0x415124 LCMapStringW
0x415128 FindClose
0x41512c FindFirstFileExW
0x415130 FindNextFileW
0x415134 IsValidCodePage
0x415138 GetACP
0x41513c GetOEMCP
0x415140 GetCPInfo
0x415144 GetCommandLineA
0x415148 GetCommandLineW
0x41514c WriteConsoleW
USER32.dll
0x415160 OpenClipboard
0x415164 GetClipboardData
0x415168 SetClipboardData
0x41516c CloseClipboard
0x415170 EmptyClipboard
0x415174 GetKeyState
0x415178 LoadStringA
SHELL32.dll
0x415154 ShellExecuteA
0x415158 SHGetSpecialFolderPathA
urlmon.dll
0x415194 IsValidURL
WININET.dll
0x415180 InternetCloseHandle
0x415184 InternetOpenUrlA
0x415188 InternetOpenA
0x41518c InternetReadFile
EAT(Export Address Table) is none
KERNEL32.dll
0x415000 GlobalAlloc
0x415004 GlobalLock
0x415008 GlobalUnlock
0x41500c CopyFileA
0x415010 SetFileAttributesA
0x415014 CreateDirectoryA
0x415018 Process32First
0x41501c CreateMutexA
0x415020 WaitForSingleObject
0x415024 CreateToolhelp32Snapshot
0x415028 Process32Next
0x41502c CloseHandle
0x415030 GetModuleFileNameA
0x415034 MultiByteToWideChar
0x415038 CreateFileW
0x41503c DecodePointer
0x415040 GetConsoleMode
0x415044 GetConsoleOutputCP
0x415048 FlushFileBuffers
0x41504c HeapReAlloc
0x415050 HeapSize
0x415054 SetFilePointerEx
0x415058 GetProcessHeap
0x41505c GetStringTypeW
0x415060 SetStdHandle
0x415064 FreeEnvironmentStringsW
0x415068 GetEnvironmentStringsW
0x41506c WideCharToMultiByte
0x415070 UnhandledExceptionFilter
0x415074 SetUnhandledExceptionFilter
0x415078 GetCurrentProcess
0x41507c TerminateProcess
0x415080 IsProcessorFeaturePresent
0x415084 QueryPerformanceCounter
0x415088 GetCurrentProcessId
0x41508c GetCurrentThreadId
0x415090 GetSystemTimeAsFileTime
0x415094 InitializeSListHead
0x415098 IsDebuggerPresent
0x41509c GetStartupInfoW
0x4150a0 GetModuleHandleW
0x4150a4 QueryPerformanceFrequency
0x4150a8 WaitForSingleObjectEx
0x4150ac Sleep
0x4150b0 GetExitCodeThread
0x4150b4 InitializeCriticalSectionEx
0x4150b8 GetProcAddress
0x4150bc EnterCriticalSection
0x4150c0 LeaveCriticalSection
0x4150c4 DeleteCriticalSection
0x4150c8 RtlUnwind
0x4150cc RaiseException
0x4150d0 GetLastError
0x4150d4 SetLastError
0x4150d8 EncodePointer
0x4150dc InitializeCriticalSectionAndSpinCount
0x4150e0 TlsAlloc
0x4150e4 TlsGetValue
0x4150e8 TlsSetValue
0x4150ec TlsFree
0x4150f0 FreeLibrary
0x4150f4 LoadLibraryExW
0x4150f8 ExitProcess
0x4150fc GetModuleHandleExW
0x415100 CreateThread
0x415104 ExitThread
0x415108 FreeLibraryAndExitThread
0x41510c GetStdHandle
0x415110 WriteFile
0x415114 GetModuleFileNameW
0x415118 HeapFree
0x41511c HeapAlloc
0x415120 GetFileType
0x415124 LCMapStringW
0x415128 FindClose
0x41512c FindFirstFileExW
0x415130 FindNextFileW
0x415134 IsValidCodePage
0x415138 GetACP
0x41513c GetOEMCP
0x415140 GetCPInfo
0x415144 GetCommandLineA
0x415148 GetCommandLineW
0x41514c WriteConsoleW
USER32.dll
0x415160 OpenClipboard
0x415164 GetClipboardData
0x415168 SetClipboardData
0x41516c CloseClipboard
0x415170 EmptyClipboard
0x415174 GetKeyState
0x415178 LoadStringA
SHELL32.dll
0x415154 ShellExecuteA
0x415158 SHGetSpecialFolderPathA
urlmon.dll
0x415194 IsValidURL
WININET.dll
0x415180 InternetCloseHandle
0x415184 InternetOpenUrlA
0x415188 InternetOpenA
0x41518c InternetReadFile
EAT(Export Address Table) is none