ScreenShot
| Created | 2023.07.12 17:46 | Machine | s1_win7_x6401 |
| Filename | Historiers.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 31 detected (AIDetectMalware, malicious, high confidence, Loader, Nemesis, Artemis, confidence, IXZN, NSIS, score, Makoob, BadFile, Wacatac, Detected, GuLoader, ai score=80, Igent, b0ttLZ) | ||
| md5 | 109dbd7130e7c7e519eddac87ccbc34c | ||
| sha256 | 40b6dc77998b71663fd29997962bec3b46647e8ee70cf3d579aed14ead46d660 | ||
| ssdeep | 12288:4iuXtDKp9x6t/4W+OzWhYjjK5OuodU8R03xkH:EKr6SOz1jQb8UsMW | ||
| imphash | 17b7d61bda0f7478e36d9ce3d4170680 | ||
| impfuzzy | 48:6+RYCCQl1XOVVSv5L0W8rOAltkz+eOxHALll3XbqQEFzn7+P9KQJ45EQl/KAEowX:jyCCeZYfffH1zlKsq | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 31 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | Queries for potentially installed applications |
| info | Checks amount of memory in system |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (11cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | PNG_Format_Zero | PNG Format | binaries (download) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x407060 CompareFileTime
0x407064 SearchPathW
0x407068 SetFileTime
0x40706c CloseHandle
0x407070 GetShortPathNameW
0x407074 MoveFileW
0x407078 SetCurrentDirectoryW
0x40707c GetFileAttributesW
0x407080 GetLastError
0x407084 GetFullPathNameW
0x407088 CreateDirectoryW
0x40708c Sleep
0x407090 GetTickCount
0x407094 CreateFileW
0x407098 GetFileSize
0x40709c GetModuleFileNameW
0x4070a0 GetCurrentProcess
0x4070a4 CopyFileW
0x4070a8 ExitProcess
0x4070ac SetEnvironmentVariableW
0x4070b0 GetWindowsDirectoryW
0x4070b4 SetFileAttributesW
0x4070b8 ExpandEnvironmentStringsW
0x4070bc SetErrorMode
0x4070c0 LoadLibraryW
0x4070c4 lstrlenW
0x4070c8 lstrcpynW
0x4070cc GetDiskFreeSpaceW
0x4070d0 GlobalUnlock
0x4070d4 GlobalLock
0x4070d8 CreateThread
0x4070dc CreateProcessW
0x4070e0 RemoveDirectoryW
0x4070e4 lstrcmpiA
0x4070e8 GetTempFileNameW
0x4070ec lstrcpyA
0x4070f0 lstrcpyW
0x4070f4 lstrcatW
0x4070f8 GetSystemDirectoryW
0x4070fc GetVersion
0x407100 GetProcAddress
0x407104 LoadLibraryA
0x407108 GetModuleHandleA
0x40710c GetModuleHandleW
0x407110 lstrcmpiW
0x407114 lstrcmpW
0x407118 WaitForSingleObject
0x40711c GlobalFree
0x407120 GlobalAlloc
0x407124 LoadLibraryExW
0x407128 GetExitCodeProcess
0x40712c FreeLibrary
0x407130 WritePrivateProfileStringW
0x407134 GetCommandLineW
0x407138 GetTempPathW
0x40713c GetPrivateProfileStringW
0x407140 FindFirstFileW
0x407144 FindNextFileW
0x407148 DeleteFileW
0x40714c SetFilePointer
0x407150 MultiByteToWideChar
0x407154 FindClose
0x407158 MulDiv
0x40715c ReadFile
0x407160 WriteFile
0x407164 lstrlenA
0x407168 WideCharToMultiByte
USER32.dll
0x40718c EndDialog
0x407190 ScreenToClient
0x407194 GetWindowRect
0x407198 RegisterClassW
0x40719c EnableMenuItem
0x4071a0 GetSystemMenu
0x4071a4 SetClassLongW
0x4071a8 IsWindowEnabled
0x4071ac SetWindowPos
0x4071b0 GetSysColor
0x4071b4 GetWindowLongW
0x4071b8 SetCursor
0x4071bc LoadCursorW
0x4071c0 CheckDlgButton
0x4071c4 GetMessagePos
0x4071c8 LoadBitmapW
0x4071cc CallWindowProcW
0x4071d0 IsWindowVisible
0x4071d4 CloseClipboard
0x4071d8 SetClipboardData
0x4071dc wsprintfW
0x4071e0 CreateWindowExW
0x4071e4 SystemParametersInfoW
0x4071e8 AppendMenuW
0x4071ec CreatePopupMenu
0x4071f0 GetSystemMetrics
0x4071f4 SetDlgItemTextW
0x4071f8 GetDlgItemTextW
0x4071fc MessageBoxIndirectW
0x407200 CharPrevW
0x407204 CharNextA
0x407208 wsprintfA
0x40720c DispatchMessageW
0x407210 PeekMessageW
0x407214 ReleaseDC
0x407218 EnableWindow
0x40721c InvalidateRect
0x407220 SendMessageW
0x407224 DefWindowProcW
0x407228 BeginPaint
0x40722c GetClientRect
0x407230 FillRect
0x407234 DrawTextW
0x407238 GetClassInfoW
0x40723c DialogBoxParamW
0x407240 CharNextW
0x407244 ExitWindowsEx
0x407248 DestroyWindow
0x40724c CreateDialogParamW
0x407250 SetTimer
0x407254 SetWindowTextW
0x407258 PostQuitMessage
0x40725c GetDC
0x407260 SetWindowLongW
0x407264 LoadImageW
0x407268 SendMessageTimeoutW
0x40726c FindWindowExW
0x407270 EmptyClipboard
0x407274 OpenClipboard
0x407278 TrackPopupMenu
0x40727c EndPaint
0x407280 ShowWindow
0x407284 GetDlgItem
0x407288 IsWindow
0x40728c SetForegroundWindow
GDI32.dll
0x40703c SelectObject
0x407040 SetBkMode
0x407044 CreateFontIndirectW
0x407048 SetTextColor
0x40704c DeleteObject
0x407050 GetDeviceCaps
0x407054 CreateBrushIndirect
0x407058 SetBkColor
SHELL32.dll
0x407170 SHGetSpecialFolderLocation
0x407174 SHGetPathFromIDListW
0x407178 SHBrowseForFolderW
0x40717c SHGetFileInfoW
0x407180 ShellExecuteW
0x407184 SHFileOperationW
ADVAPI32.dll
0x407000 RegCloseKey
0x407004 RegOpenKeyExW
0x407008 RegDeleteKeyW
0x40700c RegDeleteValueW
0x407010 RegEnumValueW
0x407014 RegCreateKeyExW
0x407018 RegSetValueExW
0x40701c RegQueryValueExW
0x407020 RegEnumKeyW
COMCTL32.dll
0x407028 ImageList_Create
0x40702c ImageList_AddMasked
0x407030 ImageList_Destroy
0x407034 None
ole32.dll
0x4072a4 CoCreateInstance
0x4072a8 CoTaskMemFree
0x4072ac OleInitialize
0x4072b0 OleUninitialize
VERSION.dll
0x407294 GetFileVersionInfoSizeW
0x407298 GetFileVersionInfoW
0x40729c VerQueryValueW
EAT(Export Address Table) is none
KERNEL32.dll
0x407060 CompareFileTime
0x407064 SearchPathW
0x407068 SetFileTime
0x40706c CloseHandle
0x407070 GetShortPathNameW
0x407074 MoveFileW
0x407078 SetCurrentDirectoryW
0x40707c GetFileAttributesW
0x407080 GetLastError
0x407084 GetFullPathNameW
0x407088 CreateDirectoryW
0x40708c Sleep
0x407090 GetTickCount
0x407094 CreateFileW
0x407098 GetFileSize
0x40709c GetModuleFileNameW
0x4070a0 GetCurrentProcess
0x4070a4 CopyFileW
0x4070a8 ExitProcess
0x4070ac SetEnvironmentVariableW
0x4070b0 GetWindowsDirectoryW
0x4070b4 SetFileAttributesW
0x4070b8 ExpandEnvironmentStringsW
0x4070bc SetErrorMode
0x4070c0 LoadLibraryW
0x4070c4 lstrlenW
0x4070c8 lstrcpynW
0x4070cc GetDiskFreeSpaceW
0x4070d0 GlobalUnlock
0x4070d4 GlobalLock
0x4070d8 CreateThread
0x4070dc CreateProcessW
0x4070e0 RemoveDirectoryW
0x4070e4 lstrcmpiA
0x4070e8 GetTempFileNameW
0x4070ec lstrcpyA
0x4070f0 lstrcpyW
0x4070f4 lstrcatW
0x4070f8 GetSystemDirectoryW
0x4070fc GetVersion
0x407100 GetProcAddress
0x407104 LoadLibraryA
0x407108 GetModuleHandleA
0x40710c GetModuleHandleW
0x407110 lstrcmpiW
0x407114 lstrcmpW
0x407118 WaitForSingleObject
0x40711c GlobalFree
0x407120 GlobalAlloc
0x407124 LoadLibraryExW
0x407128 GetExitCodeProcess
0x40712c FreeLibrary
0x407130 WritePrivateProfileStringW
0x407134 GetCommandLineW
0x407138 GetTempPathW
0x40713c GetPrivateProfileStringW
0x407140 FindFirstFileW
0x407144 FindNextFileW
0x407148 DeleteFileW
0x40714c SetFilePointer
0x407150 MultiByteToWideChar
0x407154 FindClose
0x407158 MulDiv
0x40715c ReadFile
0x407160 WriteFile
0x407164 lstrlenA
0x407168 WideCharToMultiByte
USER32.dll
0x40718c EndDialog
0x407190 ScreenToClient
0x407194 GetWindowRect
0x407198 RegisterClassW
0x40719c EnableMenuItem
0x4071a0 GetSystemMenu
0x4071a4 SetClassLongW
0x4071a8 IsWindowEnabled
0x4071ac SetWindowPos
0x4071b0 GetSysColor
0x4071b4 GetWindowLongW
0x4071b8 SetCursor
0x4071bc LoadCursorW
0x4071c0 CheckDlgButton
0x4071c4 GetMessagePos
0x4071c8 LoadBitmapW
0x4071cc CallWindowProcW
0x4071d0 IsWindowVisible
0x4071d4 CloseClipboard
0x4071d8 SetClipboardData
0x4071dc wsprintfW
0x4071e0 CreateWindowExW
0x4071e4 SystemParametersInfoW
0x4071e8 AppendMenuW
0x4071ec CreatePopupMenu
0x4071f0 GetSystemMetrics
0x4071f4 SetDlgItemTextW
0x4071f8 GetDlgItemTextW
0x4071fc MessageBoxIndirectW
0x407200 CharPrevW
0x407204 CharNextA
0x407208 wsprintfA
0x40720c DispatchMessageW
0x407210 PeekMessageW
0x407214 ReleaseDC
0x407218 EnableWindow
0x40721c InvalidateRect
0x407220 SendMessageW
0x407224 DefWindowProcW
0x407228 BeginPaint
0x40722c GetClientRect
0x407230 FillRect
0x407234 DrawTextW
0x407238 GetClassInfoW
0x40723c DialogBoxParamW
0x407240 CharNextW
0x407244 ExitWindowsEx
0x407248 DestroyWindow
0x40724c CreateDialogParamW
0x407250 SetTimer
0x407254 SetWindowTextW
0x407258 PostQuitMessage
0x40725c GetDC
0x407260 SetWindowLongW
0x407264 LoadImageW
0x407268 SendMessageTimeoutW
0x40726c FindWindowExW
0x407270 EmptyClipboard
0x407274 OpenClipboard
0x407278 TrackPopupMenu
0x40727c EndPaint
0x407280 ShowWindow
0x407284 GetDlgItem
0x407288 IsWindow
0x40728c SetForegroundWindow
GDI32.dll
0x40703c SelectObject
0x407040 SetBkMode
0x407044 CreateFontIndirectW
0x407048 SetTextColor
0x40704c DeleteObject
0x407050 GetDeviceCaps
0x407054 CreateBrushIndirect
0x407058 SetBkColor
SHELL32.dll
0x407170 SHGetSpecialFolderLocation
0x407174 SHGetPathFromIDListW
0x407178 SHBrowseForFolderW
0x40717c SHGetFileInfoW
0x407180 ShellExecuteW
0x407184 SHFileOperationW
ADVAPI32.dll
0x407000 RegCloseKey
0x407004 RegOpenKeyExW
0x407008 RegDeleteKeyW
0x40700c RegDeleteValueW
0x407010 RegEnumValueW
0x407014 RegCreateKeyExW
0x407018 RegSetValueExW
0x40701c RegQueryValueExW
0x407020 RegEnumKeyW
COMCTL32.dll
0x407028 ImageList_Create
0x40702c ImageList_AddMasked
0x407030 ImageList_Destroy
0x407034 None
ole32.dll
0x4072a4 CoCreateInstance
0x4072a8 CoTaskMemFree
0x4072ac OleInitialize
0x4072b0 OleUninitialize
VERSION.dll
0x407294 GetFileVersionInfoSizeW
0x407298 GetFileVersionInfoW
0x40729c VerQueryValueW
EAT(Export Address Table) is none