ScreenShot
| Created | 2023.07.12 17:39 | Machine | s1_win7_x6403 |
| Filename | maintest.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 52 detected (AIDetectMalware, Agentb, malicious, high confidence, GenericKD, Real Protect, Zusy, unsafe, Kryptik, V2u2, ABRisk, MJSN, Attribute, HighConfidence, HTRB, score, CrypterX, Tdkl, bpfsb, AMADEY, YXDGJZ, ai score=87, Rhadamanthys, Detected, Tnega, ZexaCO, CqW@a4Ehx0d, BScope, GdSda, QWunk7ykIWE, susgen, confidence, 100%) | ||
| md5 | 836dfa8ecf57ce861f4cacfe4a85572d | ||
| sha256 | 8af7fadc968927f6d8a4056e3d15808c254bbee4080985d03d377c361e467357 | ||
| ssdeep | 6144:qlE8DIpjK28t4sL4wlp3z/pSZ+pDKpf9EkQbKxVK+PXItNOapG8RuzRiRh3Zc:SEpj7sLLv/cgu4VGn6OaM+ucj | ||
| imphash | fd020041ed8eb76ffbdb414a8b3716f2 | ||
| impfuzzy | 48:/me80Y9hfwq+dZM654H/kevrL8Utm92IAic8YoYp9HWu2:/mv0ehfwqiZMzBvrwgpic8+921 | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 52 AntiVirus engines on VirusTotal as malicious |
| watch | Detects Avast Antivirus through the presence of a library |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Executes one or more WMI queries |
| notice | Executes one or more WMI queries which can be used to identify virtual machines |
| info | One or more processes crashed |
| info | Queries for the computername |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41c1e8 GetSystemInfo
0x41c1ec HeapCreate
0x41c1f0 VirtualQuery
0x41c1f4 OutputDebugStringA
0x41c1f8 WaitForSingleObject
0x41c1fc HeapDestroy
0x41c200 CreateEventW
0x41c204 ExitProcess
0x41c208 WideCharToMultiByte
0x41c20c OutputDebugStringW
0x41c210 CreateFileW
0x41c214 ReadFile
0x41c218 CloseHandle
0x41c21c GetCurrentProcess
0x41c220 MultiByteToWideChar
0x41c224 GetModuleHandleW
0x41c228 InterlockedIncrement
0x41c22c GetModuleFileNameW
0x41c230 lstrlenW
0x41c234 HeapFree
0x41c238 MulDiv
0x41c23c GetProcessHeap
0x41c240 HeapAlloc
0x41c244 VirtualProtect
0x41c248 HeapSize
0x41c24c GetSystemTimeAsFileTime
0x41c250 GetModuleHandleA
0x41c254 GetStartupInfoA
0x41c258 GetCommandLineA
0x41c25c GetVersionExA
0x41c260 TlsAlloc
0x41c264 SetLastError
0x41c268 GetCurrentThreadId
0x41c26c GetLastError
0x41c270 TlsFree
0x41c274 TlsSetValue
0x41c278 TlsGetValue
0x41c27c GetProcAddress
0x41c280 TerminateProcess
0x41c284 WriteFile
0x41c288 GetStdHandle
0x41c28c GetModuleFileNameA
0x41c290 UnhandledExceptionFilter
0x41c294 FreeEnvironmentStringsA
0x41c298 GetEnvironmentStrings
0x41c29c FreeEnvironmentStringsW
0x41c2a0 GetEnvironmentStringsW
0x41c2a4 SetHandleCount
0x41c2a8 GetFileType
0x41c2ac DeleteCriticalSection
0x41c2b0 VirtualFree
0x41c2b4 LeaveCriticalSection
0x41c2b8 EnterCriticalSection
0x41c2bc GetACP
0x41c2c0 GetOEMCP
0x41c2c4 GetCPInfo
0x41c2c8 LoadLibraryA
0x41c2cc InitializeCriticalSection
0x41c2d0 VirtualAlloc
0x41c2d4 HeapReAlloc
0x41c2d8 RtlUnwind
0x41c2dc InterlockedExchange
0x41c2e0 GetLocaleInfoA
0x41c2e4 GetStringTypeA
0x41c2e8 GetStringTypeW
0x41c2ec LCMapStringA
0x41c2f0 LCMapStringW
0x41c2f4 QueryPerformanceCounter
0x41c2f8 GetTickCount
0x41c2fc GetCurrentProcessId
USER32.dll
0x41c30c ReleaseDC
0x41c310 GetDC
0x41c314 GetSystemMetrics
ADVAPI32.dll
0x41c000 RegQueryValueExW
0x41c004 RegCloseKey
0x41c008 RegOpenKeyExW
GDI32.dll
0x41c010 FillRgn
0x41c014 FillPath
0x41c018 SetBkMode
0x41c01c GetObjectType
0x41c020 TextOutW
0x41c024 PtVisible
0x41c028 CreateRectRgn
0x41c02c ExtCreatePen
0x41c030 CreateFontIndirectA
0x41c034 ExtCreateRegion
0x41c038 CreateRectRgnIndirect
0x41c03c CreateEnhMetaFileW
0x41c040 SetWorldTransform
0x41c044 CreatePatternBrush
0x41c048 PolyBezierTo
0x41c04c CreatePalette
0x41c050 GetWindowOrgEx
0x41c054 GetEnhMetaFileHeader
0x41c058 EndPath
0x41c05c CombineRgn
0x41c060 CombineTransform
0x41c064 Polyline
0x41c068 GetViewportOrgEx
0x41c06c Rectangle
0x41c070 GetClipRgn
0x41c074 IntersectClipRect
0x41c078 DPtoLP
0x41c07c GetDeviceCaps
0x41c080 CloseEnhMetaFile
0x41c084 GetROP2
0x41c088 Arc
0x41c08c Chord
0x41c090 GetTextColor
0x41c094 AbortDoc
0x41c098 GetObjectW
0x41c09c PtInRegion
0x41c0a0 RestoreDC
0x41c0a4 GetTextExtentExPointW
0x41c0a8 GetRgnBox
0x41c0ac ResizePalette
0x41c0b0 Polygon
0x41c0b4 MaskBlt
0x41c0b8 EqualRgn
0x41c0bc SetViewportOrgEx
0x41c0c0 SetDIBColorTable
0x41c0c4 GetTextExtentPoint32W
0x41c0c8 GetDIBits
0x41c0cc OffsetRgn
0x41c0d0 PathToRegion
0x41c0d4 StartDocW
0x41c0d8 GetCurrentObject
0x41c0dc SetGraphicsMode
0x41c0e0 LineTo
0x41c0e4 RectVisible
0x41c0e8 GetTextMetricsW
0x41c0ec GetNearestColor
0x41c0f0 ExcludeClipRect
0x41c0f4 DeleteDC
0x41c0f8 SetMetaFileBitsEx
0x41c0fc CreateSolidBrush
0x41c100 DeleteEnhMetaFile
0x41c104 GetBkColor
0x41c108 CreatePolygonRgn
0x41c10c SetMapMode
0x41c110 CreateFontIndirectW
0x41c114 EndDoc
0x41c118 GetWorldTransform
0x41c11c SelectPalette
0x41c120 GetCharacterPlacementW
0x41c124 CreateEllipticRgn
0x41c128 SetWindowExtEx
0x41c12c CopyEnhMetaFileW
0x41c130 GetMapMode
0x41c134 SetROP2
0x41c138 GetEnhMetaFileDescriptionW
0x41c13c BitBlt
0x41c140 SetBkColor
0x41c144 CreateMetaFileW
0x41c148 GetBkMode
0x41c14c SetWinMetaFileBits
0x41c150 CreateDIBSection
0x41c154 EnumFontsW
0x41c158 SelectObject
0x41c15c UnrealizeObject
0x41c160 StretchBlt
0x41c164 ArcTo
0x41c168 PolyBezier
0x41c16c MoveToEx
0x41c170 DeleteMetaFile
0x41c174 EndPage
0x41c178 SetDIBits
0x41c17c SetStretchBltMode
0x41c180 CreateCompatibleBitmap
0x41c184 BeginPath
0x41c188 CreatePen
0x41c18c GetBitmapBits
0x41c190 SetWindowOrgEx
0x41c194 RealizePalette
0x41c198 AngleArc
0x41c19c FrameRgn
0x41c1a0 CreateBitmap
0x41c1a4 SetRectRgn
0x41c1a8 GetStockObject
0x41c1ac PlayEnhMetaFile
0x41c1b0 LPtoDP
0x41c1b4 GetWinMetaFileBits
0x41c1b8 GetClipBox
0x41c1bc DeleteObject
0x41c1c0 GetRandomRgn
0x41c1c4 SetTextColor
0x41c1c8 SaveDC
0x41c1cc CreateHalftonePalette
0x41c1d0 ExtFloodFill
0x41c1d4 CloseMetaFile
0x41c1d8 SetAbortProc
0x41c1dc SetTextJustification
0x41c1e0 SetEnhMetaFileBits
WINMM.dll
0x41c31c sndPlaySoundW
0x41c320 timeGetTime
MSIMG32.dll
0x41c304 GradientFill
EAT(Export Address Table) is none
KERNEL32.dll
0x41c1e8 GetSystemInfo
0x41c1ec HeapCreate
0x41c1f0 VirtualQuery
0x41c1f4 OutputDebugStringA
0x41c1f8 WaitForSingleObject
0x41c1fc HeapDestroy
0x41c200 CreateEventW
0x41c204 ExitProcess
0x41c208 WideCharToMultiByte
0x41c20c OutputDebugStringW
0x41c210 CreateFileW
0x41c214 ReadFile
0x41c218 CloseHandle
0x41c21c GetCurrentProcess
0x41c220 MultiByteToWideChar
0x41c224 GetModuleHandleW
0x41c228 InterlockedIncrement
0x41c22c GetModuleFileNameW
0x41c230 lstrlenW
0x41c234 HeapFree
0x41c238 MulDiv
0x41c23c GetProcessHeap
0x41c240 HeapAlloc
0x41c244 VirtualProtect
0x41c248 HeapSize
0x41c24c GetSystemTimeAsFileTime
0x41c250 GetModuleHandleA
0x41c254 GetStartupInfoA
0x41c258 GetCommandLineA
0x41c25c GetVersionExA
0x41c260 TlsAlloc
0x41c264 SetLastError
0x41c268 GetCurrentThreadId
0x41c26c GetLastError
0x41c270 TlsFree
0x41c274 TlsSetValue
0x41c278 TlsGetValue
0x41c27c GetProcAddress
0x41c280 TerminateProcess
0x41c284 WriteFile
0x41c288 GetStdHandle
0x41c28c GetModuleFileNameA
0x41c290 UnhandledExceptionFilter
0x41c294 FreeEnvironmentStringsA
0x41c298 GetEnvironmentStrings
0x41c29c FreeEnvironmentStringsW
0x41c2a0 GetEnvironmentStringsW
0x41c2a4 SetHandleCount
0x41c2a8 GetFileType
0x41c2ac DeleteCriticalSection
0x41c2b0 VirtualFree
0x41c2b4 LeaveCriticalSection
0x41c2b8 EnterCriticalSection
0x41c2bc GetACP
0x41c2c0 GetOEMCP
0x41c2c4 GetCPInfo
0x41c2c8 LoadLibraryA
0x41c2cc InitializeCriticalSection
0x41c2d0 VirtualAlloc
0x41c2d4 HeapReAlloc
0x41c2d8 RtlUnwind
0x41c2dc InterlockedExchange
0x41c2e0 GetLocaleInfoA
0x41c2e4 GetStringTypeA
0x41c2e8 GetStringTypeW
0x41c2ec LCMapStringA
0x41c2f0 LCMapStringW
0x41c2f4 QueryPerformanceCounter
0x41c2f8 GetTickCount
0x41c2fc GetCurrentProcessId
USER32.dll
0x41c30c ReleaseDC
0x41c310 GetDC
0x41c314 GetSystemMetrics
ADVAPI32.dll
0x41c000 RegQueryValueExW
0x41c004 RegCloseKey
0x41c008 RegOpenKeyExW
GDI32.dll
0x41c010 FillRgn
0x41c014 FillPath
0x41c018 SetBkMode
0x41c01c GetObjectType
0x41c020 TextOutW
0x41c024 PtVisible
0x41c028 CreateRectRgn
0x41c02c ExtCreatePen
0x41c030 CreateFontIndirectA
0x41c034 ExtCreateRegion
0x41c038 CreateRectRgnIndirect
0x41c03c CreateEnhMetaFileW
0x41c040 SetWorldTransform
0x41c044 CreatePatternBrush
0x41c048 PolyBezierTo
0x41c04c CreatePalette
0x41c050 GetWindowOrgEx
0x41c054 GetEnhMetaFileHeader
0x41c058 EndPath
0x41c05c CombineRgn
0x41c060 CombineTransform
0x41c064 Polyline
0x41c068 GetViewportOrgEx
0x41c06c Rectangle
0x41c070 GetClipRgn
0x41c074 IntersectClipRect
0x41c078 DPtoLP
0x41c07c GetDeviceCaps
0x41c080 CloseEnhMetaFile
0x41c084 GetROP2
0x41c088 Arc
0x41c08c Chord
0x41c090 GetTextColor
0x41c094 AbortDoc
0x41c098 GetObjectW
0x41c09c PtInRegion
0x41c0a0 RestoreDC
0x41c0a4 GetTextExtentExPointW
0x41c0a8 GetRgnBox
0x41c0ac ResizePalette
0x41c0b0 Polygon
0x41c0b4 MaskBlt
0x41c0b8 EqualRgn
0x41c0bc SetViewportOrgEx
0x41c0c0 SetDIBColorTable
0x41c0c4 GetTextExtentPoint32W
0x41c0c8 GetDIBits
0x41c0cc OffsetRgn
0x41c0d0 PathToRegion
0x41c0d4 StartDocW
0x41c0d8 GetCurrentObject
0x41c0dc SetGraphicsMode
0x41c0e0 LineTo
0x41c0e4 RectVisible
0x41c0e8 GetTextMetricsW
0x41c0ec GetNearestColor
0x41c0f0 ExcludeClipRect
0x41c0f4 DeleteDC
0x41c0f8 SetMetaFileBitsEx
0x41c0fc CreateSolidBrush
0x41c100 DeleteEnhMetaFile
0x41c104 GetBkColor
0x41c108 CreatePolygonRgn
0x41c10c SetMapMode
0x41c110 CreateFontIndirectW
0x41c114 EndDoc
0x41c118 GetWorldTransform
0x41c11c SelectPalette
0x41c120 GetCharacterPlacementW
0x41c124 CreateEllipticRgn
0x41c128 SetWindowExtEx
0x41c12c CopyEnhMetaFileW
0x41c130 GetMapMode
0x41c134 SetROP2
0x41c138 GetEnhMetaFileDescriptionW
0x41c13c BitBlt
0x41c140 SetBkColor
0x41c144 CreateMetaFileW
0x41c148 GetBkMode
0x41c14c SetWinMetaFileBits
0x41c150 CreateDIBSection
0x41c154 EnumFontsW
0x41c158 SelectObject
0x41c15c UnrealizeObject
0x41c160 StretchBlt
0x41c164 ArcTo
0x41c168 PolyBezier
0x41c16c MoveToEx
0x41c170 DeleteMetaFile
0x41c174 EndPage
0x41c178 SetDIBits
0x41c17c SetStretchBltMode
0x41c180 CreateCompatibleBitmap
0x41c184 BeginPath
0x41c188 CreatePen
0x41c18c GetBitmapBits
0x41c190 SetWindowOrgEx
0x41c194 RealizePalette
0x41c198 AngleArc
0x41c19c FrameRgn
0x41c1a0 CreateBitmap
0x41c1a4 SetRectRgn
0x41c1a8 GetStockObject
0x41c1ac PlayEnhMetaFile
0x41c1b0 LPtoDP
0x41c1b4 GetWinMetaFileBits
0x41c1b8 GetClipBox
0x41c1bc DeleteObject
0x41c1c0 GetRandomRgn
0x41c1c4 SetTextColor
0x41c1c8 SaveDC
0x41c1cc CreateHalftonePalette
0x41c1d0 ExtFloodFill
0x41c1d4 CloseMetaFile
0x41c1d8 SetAbortProc
0x41c1dc SetTextJustification
0x41c1e0 SetEnhMetaFileBits
WINMM.dll
0x41c31c sndPlaySoundW
0x41c320 timeGetTime
MSIMG32.dll
0x41c304 GradientFill
EAT(Export Address Table) is none