ScreenShot
| Created | 2023.06.30 17:50 | Machine | s1_win7_x6401 |
| Filename | 1500381323.exe | ||
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 46 detected (BroPass, malicious, high confidence, GenericKD, Artemis, Unsafe, Bebra, ZexaF, IMX@aWwIczi, Eldorado, Attribute, HighConfidence, BebraStealer, score, junbmh, FalseSign, Ydkl, DownLoader45, PRIVATELOADER, YXDA4Z, GenericRXUY, AGEN, Convagent, Sabsik, Detected, BScope, ai score=80, PasswordStealer, HtG7rdSXBaB, rRnQbIQZOJ4, Static AI, Suspicious PE, Fragtor, Genetic) | ||
| md5 | 9ddd093cef3f15d6fd8d5d0ec9e0e014 | ||
| sha256 | 8f0fed1d3f086a7f6d26db844963193e1eb5ee0dd53cbd8de2fdc13f95e65479 | ||
| ssdeep | 49152:JTcxIbnTlbPSHifkG/Sc9fAyXhMacjKxqn9qzM8NbUAH16O1Dfr0Wh6b+BzIIWQ:JiEnBmHekGz9fAyhMoOh8NbUAHB1Dfr/ | ||
| imphash | 0e504ec9659601103bf3eb149ebb6cf2 | ||
| impfuzzy | 96:lQB0/X7+bSrNmeTMqHs47xQ/VXiX1PriJGeRlM54qge/UFshp:lQKf7gSrRTMo+VSFJeDMgesWj | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | Drops a binary and executes it |
| notice | Steals private information from local Internet browsers |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Command line console output was observed |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
crypt.dll
0x680404 BCryptDecrypt
0x680408 BCryptGenerateSymmetricKey
0x68040c BCryptOpenAlgorithmProvider
0x680410 BCryptSetProperty
CRYPT32.dll
0x680418 CryptUnprotectData
KERNEL32.dll
0x680420 AddAtomA
0x680424 AddVectoredExceptionHandler
0x680428 AreFileApisANSI
0x68042c CloseHandle
0x680430 CreateEventA
0x680434 CreateFileA
0x680438 CreateFileMappingA
0x68043c CreateFileMappingW
0x680440 CreateFileW
0x680444 CreateMutexA
0x680448 CreateMutexW
0x68044c CreateProcessA
0x680450 CreateSemaphoreA
0x680454 DeleteAtom
0x680458 DeleteCriticalSection
0x68045c DeleteFileA
0x680460 DeleteFileW
0x680464 DuplicateHandle
0x680468 EnterCriticalSection
0x68046c FindAtomA
0x680470 FlushFileBuffers
0x680474 FlushViewOfFile
0x680478 FormatMessageA
0x68047c FormatMessageW
0x680480 FreeLibrary
0x680484 GetAtomNameA
0x680488 GetCurrentProcess
0x68048c GetCurrentProcessId
0x680490 GetCurrentThread
0x680494 GetCurrentThreadId
0x680498 GetDiskFreeSpaceA
0x68049c GetDiskFreeSpaceW
0x6804a0 GetFileAttributesA
0x6804a4 GetFileAttributesExW
0x6804a8 GetFileAttributesW
0x6804ac GetFileSize
0x6804b0 GetFullPathNameA
0x6804b4 GetFullPathNameW
0x6804b8 GetHandleInformation
0x6804bc GetLastError
0x6804c0 GetModuleHandleW
0x6804c4 GetProcAddress
0x6804c8 GetProcessAffinityMask
0x6804cc GetProcessHeap
0x6804d0 GetStartupInfoA
0x6804d4 GetSystemInfo
0x6804d8 GetSystemTime
0x6804dc GetSystemTimeAsFileTime
0x6804e0 GetTempPathA
0x6804e4 GetTempPathW
0x6804e8 GetThreadContext
0x6804ec GetThreadPriority
0x6804f0 GetTickCount
0x6804f4 GetVersionExA
0x6804f8 GetVersionExW
0x6804fc HeapAlloc
0x680500 HeapCompact
0x680504 HeapCreate
0x680508 HeapDestroy
0x68050c HeapFree
0x680510 HeapReAlloc
0x680514 HeapSize
0x680518 HeapValidate
0x68051c InitializeCriticalSection
0x680520 IsDBCSLeadByteEx
0x680524 IsDebuggerPresent
0x680528 LeaveCriticalSection
0x68052c LoadLibraryA
0x680530 LoadLibraryW
0x680534 LocalFree
0x680538 LockFile
0x68053c LockFileEx
0x680540 MapViewOfFile
0x680544 MultiByteToWideChar
0x680548 OpenProcess
0x68054c OutputDebugStringA
0x680550 OutputDebugStringW
0x680554 QueryPerformanceCounter
0x680558 QueryPerformanceFrequency
0x68055c RaiseException
0x680560 ReadFile
0x680564 ReleaseMutex
0x680568 ReleaseSemaphore
0x68056c RemoveVectoredExceptionHandler
0x680570 ResetEvent
0x680574 ResumeThread
0x680578 SetEndOfFile
0x68057c SetEvent
0x680580 SetFilePointer
0x680584 SetLastError
0x680588 SetProcessAffinityMask
0x68058c SetThreadContext
0x680590 SetThreadPriority
0x680594 SetUnhandledExceptionFilter
0x680598 Sleep
0x68059c SuspendThread
0x6805a0 SystemTimeToFileTime
0x6805a4 TlsAlloc
0x6805a8 TlsGetValue
0x6805ac TlsSetValue
0x6805b0 TryEnterCriticalSection
0x6805b4 UnlockFile
0x6805b8 UnlockFileEx
0x6805bc UnmapViewOfFile
0x6805c0 VirtualProtect
0x6805c4 VirtualQuery
0x6805c8 WaitForMultipleObjects
0x6805cc WaitForSingleObject
0x6805d0 WaitForSingleObjectEx
0x6805d4 WideCharToMultiByte
0x6805d8 WriteFile
0x6805dc lstrcatW
msvcrt.dll
0x6805e4 __getmainargs
0x6805e8 __initenv
0x6805ec __lconv_init
0x6805f0 __mb_cur_max
0x6805f4 __p__acmdln
0x6805f8 __p__commode
0x6805fc __p__fmode
0x680600 __set_app_type
0x680604 __setusermatherr
0x680608 _amsg_exit
0x68060c _assert
0x680610 _beginthreadex
0x680614 _cexit
0x680618 _close
0x68061c _endthreadex
0x680620 _errno
0x680624 _fdopen
0x680628 _filelengthi64
0x68062c _fileno
0x680630 _fileno
0x680634 _fstat64
0x680638 _initterm
0x68063c _iob
0x680640 _lseeki64
0x680644 _mbsicmp
0x680648 _onexit
0x68064c _read
0x680650 _memccpy
0x680654 _setjmp3
0x680658 _strdup
0x68065c _strnicmp
0x680660 _ultoa
0x680664 _wfopen
0x680668 _wgetenv_s
0x68066c _write
0x680670 abort
0x680674 atoi
0x680678 calloc
0x68067c exit
0x680680 fclose
0x680684 fflush
0x680688 fgetpos
0x68068c fopen
0x680690 fprintf
0x680694 fputc
0x680698 fputs
0x68069c fputwc
0x6806a0 fread
0x6806a4 free
0x6806a8 fsetpos
0x6806ac fwrite
0x6806b0 fwprintf
0x6806b4 getc
0x6806b8 getwc
0x6806bc isalnum
0x6806c0 isspace
0x6806c4 iswctype
0x6806c8 localtime
0x6806cc localeconv
0x6806d0 longjmp
0x6806d4 malloc
0x6806d8 memchr
0x6806dc memcmp
0x6806e0 memcpy
0x6806e4 memmove
0x6806e8 memset
0x6806ec printf
0x6806f0 putc
0x6806f4 putwc
0x6806f8 realloc
0x6806fc setlocale
0x680700 setvbuf
0x680704 signal
0x680708 strchr
0x68070c strcmp
0x680710 strcoll
0x680714 strcspn
0x680718 strerror
0x68071c strftime
0x680720 strlen
0x680724 strncmp
0x680728 strrchr
0x68072c strxfrm
0x680730 system
0x680734 towlower
0x680738 towupper
0x68073c ungetc
0x680740 ungetwc
0x680744 vfprintf
0x680748 wcscoll
0x68074c wcsftime
0x680750 wcslen
0x680754 wcstombs
0x680758 wcsxfrm
WINHTTP.dll
0x680760 WinHttpAddRequestHeaders
0x680764 WinHttpCloseHandle
0x680768 WinHttpConnect
0x68076c WinHttpOpen
0x680770 WinHttpOpenRequest
0x680774 WinHttpQueryDataAvailable
0x680778 WinHttpQueryHeaders
0x68077c WinHttpReadData
0x680780 WinHttpReceiveResponse
0x680784 WinHttpSendRequest
0x680788 WinHttpSetOption
EAT(Export Address Table) is none
crypt.dll
0x680404 BCryptDecrypt
0x680408 BCryptGenerateSymmetricKey
0x68040c BCryptOpenAlgorithmProvider
0x680410 BCryptSetProperty
CRYPT32.dll
0x680418 CryptUnprotectData
KERNEL32.dll
0x680420 AddAtomA
0x680424 AddVectoredExceptionHandler
0x680428 AreFileApisANSI
0x68042c CloseHandle
0x680430 CreateEventA
0x680434 CreateFileA
0x680438 CreateFileMappingA
0x68043c CreateFileMappingW
0x680440 CreateFileW
0x680444 CreateMutexA
0x680448 CreateMutexW
0x68044c CreateProcessA
0x680450 CreateSemaphoreA
0x680454 DeleteAtom
0x680458 DeleteCriticalSection
0x68045c DeleteFileA
0x680460 DeleteFileW
0x680464 DuplicateHandle
0x680468 EnterCriticalSection
0x68046c FindAtomA
0x680470 FlushFileBuffers
0x680474 FlushViewOfFile
0x680478 FormatMessageA
0x68047c FormatMessageW
0x680480 FreeLibrary
0x680484 GetAtomNameA
0x680488 GetCurrentProcess
0x68048c GetCurrentProcessId
0x680490 GetCurrentThread
0x680494 GetCurrentThreadId
0x680498 GetDiskFreeSpaceA
0x68049c GetDiskFreeSpaceW
0x6804a0 GetFileAttributesA
0x6804a4 GetFileAttributesExW
0x6804a8 GetFileAttributesW
0x6804ac GetFileSize
0x6804b0 GetFullPathNameA
0x6804b4 GetFullPathNameW
0x6804b8 GetHandleInformation
0x6804bc GetLastError
0x6804c0 GetModuleHandleW
0x6804c4 GetProcAddress
0x6804c8 GetProcessAffinityMask
0x6804cc GetProcessHeap
0x6804d0 GetStartupInfoA
0x6804d4 GetSystemInfo
0x6804d8 GetSystemTime
0x6804dc GetSystemTimeAsFileTime
0x6804e0 GetTempPathA
0x6804e4 GetTempPathW
0x6804e8 GetThreadContext
0x6804ec GetThreadPriority
0x6804f0 GetTickCount
0x6804f4 GetVersionExA
0x6804f8 GetVersionExW
0x6804fc HeapAlloc
0x680500 HeapCompact
0x680504 HeapCreate
0x680508 HeapDestroy
0x68050c HeapFree
0x680510 HeapReAlloc
0x680514 HeapSize
0x680518 HeapValidate
0x68051c InitializeCriticalSection
0x680520 IsDBCSLeadByteEx
0x680524 IsDebuggerPresent
0x680528 LeaveCriticalSection
0x68052c LoadLibraryA
0x680530 LoadLibraryW
0x680534 LocalFree
0x680538 LockFile
0x68053c LockFileEx
0x680540 MapViewOfFile
0x680544 MultiByteToWideChar
0x680548 OpenProcess
0x68054c OutputDebugStringA
0x680550 OutputDebugStringW
0x680554 QueryPerformanceCounter
0x680558 QueryPerformanceFrequency
0x68055c RaiseException
0x680560 ReadFile
0x680564 ReleaseMutex
0x680568 ReleaseSemaphore
0x68056c RemoveVectoredExceptionHandler
0x680570 ResetEvent
0x680574 ResumeThread
0x680578 SetEndOfFile
0x68057c SetEvent
0x680580 SetFilePointer
0x680584 SetLastError
0x680588 SetProcessAffinityMask
0x68058c SetThreadContext
0x680590 SetThreadPriority
0x680594 SetUnhandledExceptionFilter
0x680598 Sleep
0x68059c SuspendThread
0x6805a0 SystemTimeToFileTime
0x6805a4 TlsAlloc
0x6805a8 TlsGetValue
0x6805ac TlsSetValue
0x6805b0 TryEnterCriticalSection
0x6805b4 UnlockFile
0x6805b8 UnlockFileEx
0x6805bc UnmapViewOfFile
0x6805c0 VirtualProtect
0x6805c4 VirtualQuery
0x6805c8 WaitForMultipleObjects
0x6805cc WaitForSingleObject
0x6805d0 WaitForSingleObjectEx
0x6805d4 WideCharToMultiByte
0x6805d8 WriteFile
0x6805dc lstrcatW
msvcrt.dll
0x6805e4 __getmainargs
0x6805e8 __initenv
0x6805ec __lconv_init
0x6805f0 __mb_cur_max
0x6805f4 __p__acmdln
0x6805f8 __p__commode
0x6805fc __p__fmode
0x680600 __set_app_type
0x680604 __setusermatherr
0x680608 _amsg_exit
0x68060c _assert
0x680610 _beginthreadex
0x680614 _cexit
0x680618 _close
0x68061c _endthreadex
0x680620 _errno
0x680624 _fdopen
0x680628 _filelengthi64
0x68062c _fileno
0x680630 _fileno
0x680634 _fstat64
0x680638 _initterm
0x68063c _iob
0x680640 _lseeki64
0x680644 _mbsicmp
0x680648 _onexit
0x68064c _read
0x680650 _memccpy
0x680654 _setjmp3
0x680658 _strdup
0x68065c _strnicmp
0x680660 _ultoa
0x680664 _wfopen
0x680668 _wgetenv_s
0x68066c _write
0x680670 abort
0x680674 atoi
0x680678 calloc
0x68067c exit
0x680680 fclose
0x680684 fflush
0x680688 fgetpos
0x68068c fopen
0x680690 fprintf
0x680694 fputc
0x680698 fputs
0x68069c fputwc
0x6806a0 fread
0x6806a4 free
0x6806a8 fsetpos
0x6806ac fwrite
0x6806b0 fwprintf
0x6806b4 getc
0x6806b8 getwc
0x6806bc isalnum
0x6806c0 isspace
0x6806c4 iswctype
0x6806c8 localtime
0x6806cc localeconv
0x6806d0 longjmp
0x6806d4 malloc
0x6806d8 memchr
0x6806dc memcmp
0x6806e0 memcpy
0x6806e4 memmove
0x6806e8 memset
0x6806ec printf
0x6806f0 putc
0x6806f4 putwc
0x6806f8 realloc
0x6806fc setlocale
0x680700 setvbuf
0x680704 signal
0x680708 strchr
0x68070c strcmp
0x680710 strcoll
0x680714 strcspn
0x680718 strerror
0x68071c strftime
0x680720 strlen
0x680724 strncmp
0x680728 strrchr
0x68072c strxfrm
0x680730 system
0x680734 towlower
0x680738 towupper
0x68073c ungetc
0x680740 ungetwc
0x680744 vfprintf
0x680748 wcscoll
0x68074c wcsftime
0x680750 wcslen
0x680754 wcstombs
0x680758 wcsxfrm
WINHTTP.dll
0x680760 WinHttpAddRequestHeaders
0x680764 WinHttpCloseHandle
0x680768 WinHttpConnect
0x68076c WinHttpOpen
0x680770 WinHttpOpenRequest
0x680774 WinHttpQueryDataAvailable
0x680778 WinHttpQueryHeaders
0x68077c WinHttpReadData
0x680780 WinHttpReceiveResponse
0x680784 WinHttpSendRequest
0x680788 WinHttpSetOption
EAT(Export Address Table) is none