ScreenShot
| Created | 2023.07.27 10:45 | Machine | s1_win7_x6401 |
| Filename | buildqwer.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 18 detected (AIDetectMalware, malicious, moderate confidence, Artemis, Vxqq, confidence, Attribute, HighConfidence, score, Infected, ZexaF, iuW@au9N7Dji, BScope, TrojanPSW, Stealerc, Generic@AI, RDML, mv5wUX3lX6XsIkw8pgHiNw) | ||
| md5 | e668ac854e5cdedfc7c2d194f9845614 | ||
| sha256 | ad7e2a59da4a649070c68fdf8c3d6233da0b16b1390fb31a43a5cf3b65f84495 | ||
| ssdeep | 3072:u3A8KaSuCmqO/pL30CgUOOZESk84l2uRclBsAsWmZzP4aWVJ:ukaSG70C9+asxWVJ | ||
| imphash | 0139538a651a21148db92c7ae213c5f3 | ||
| impfuzzy | 24:uwS1jtubJnc+pl3eDo/CZouCSOovbO9ZivFGMM:9S1jtulc+ppmZ83Ag | ||
Network IP location
Signature (10cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | File has been identified by 18 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Sends data using the HTTP POST Method |
| notice | Steals private information from local Internet browsers |
| info | Checks amount of memory in system |
Rules (13cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | infoStealer_browser_b_Zero | browser info stealer | binaries (download) |
| watch | ASPack_Zero | ASPack packed file | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41c000 WriteFile
0x41c004 GetLastError
0x41c008 WriteConsoleW
0x41c00c QueryPerformanceCounter
0x41c010 GetCurrentProcessId
0x41c014 GetCurrentThreadId
0x41c018 GetSystemTimeAsFileTime
0x41c01c InitializeSListHead
0x41c020 IsDebuggerPresent
0x41c024 UnhandledExceptionFilter
0x41c028 SetUnhandledExceptionFilter
0x41c02c GetStartupInfoW
0x41c030 IsProcessorFeaturePresent
0x41c034 GetModuleHandleW
0x41c038 GetCurrentProcess
0x41c03c TerminateProcess
0x41c040 RtlUnwind
0x41c044 SetLastError
0x41c048 EnterCriticalSection
0x41c04c LeaveCriticalSection
0x41c050 DeleteCriticalSection
0x41c054 InitializeCriticalSectionAndSpinCount
0x41c058 TlsAlloc
0x41c05c TlsGetValue
0x41c060 TlsSetValue
0x41c064 TlsFree
0x41c068 FreeLibrary
0x41c06c GetProcAddress
0x41c070 LoadLibraryExW
0x41c074 EncodePointer
0x41c078 RaiseException
0x41c07c GetStdHandle
0x41c080 GetModuleFileNameW
0x41c084 ExitProcess
0x41c088 GetModuleHandleExW
0x41c08c HeapFree
0x41c090 HeapAlloc
0x41c094 HeapReAlloc
0x41c098 LCMapStringW
0x41c09c FindClose
0x41c0a0 FindFirstFileExW
0x41c0a4 FindNextFileW
0x41c0a8 IsValidCodePage
0x41c0ac GetACP
0x41c0b0 GetOEMCP
0x41c0b4 GetCPInfo
0x41c0b8 GetCommandLineA
0x41c0bc GetCommandLineW
0x41c0c0 MultiByteToWideChar
0x41c0c4 WideCharToMultiByte
0x41c0c8 GetEnvironmentStringsW
0x41c0cc FreeEnvironmentStringsW
0x41c0d0 SetStdHandle
0x41c0d4 GetFileType
0x41c0d8 GetStringTypeW
0x41c0dc GetProcessHeap
0x41c0e0 HeapSize
0x41c0e4 FlushFileBuffers
0x41c0e8 GetConsoleOutputCP
0x41c0ec GetConsoleMode
0x41c0f0 SetFilePointerEx
0x41c0f4 CreateFileW
0x41c0f8 CloseHandle
0x41c0fc DecodePointer
EAT(Export Address Table) is none
KERNEL32.dll
0x41c000 WriteFile
0x41c004 GetLastError
0x41c008 WriteConsoleW
0x41c00c QueryPerformanceCounter
0x41c010 GetCurrentProcessId
0x41c014 GetCurrentThreadId
0x41c018 GetSystemTimeAsFileTime
0x41c01c InitializeSListHead
0x41c020 IsDebuggerPresent
0x41c024 UnhandledExceptionFilter
0x41c028 SetUnhandledExceptionFilter
0x41c02c GetStartupInfoW
0x41c030 IsProcessorFeaturePresent
0x41c034 GetModuleHandleW
0x41c038 GetCurrentProcess
0x41c03c TerminateProcess
0x41c040 RtlUnwind
0x41c044 SetLastError
0x41c048 EnterCriticalSection
0x41c04c LeaveCriticalSection
0x41c050 DeleteCriticalSection
0x41c054 InitializeCriticalSectionAndSpinCount
0x41c058 TlsAlloc
0x41c05c TlsGetValue
0x41c060 TlsSetValue
0x41c064 TlsFree
0x41c068 FreeLibrary
0x41c06c GetProcAddress
0x41c070 LoadLibraryExW
0x41c074 EncodePointer
0x41c078 RaiseException
0x41c07c GetStdHandle
0x41c080 GetModuleFileNameW
0x41c084 ExitProcess
0x41c088 GetModuleHandleExW
0x41c08c HeapFree
0x41c090 HeapAlloc
0x41c094 HeapReAlloc
0x41c098 LCMapStringW
0x41c09c FindClose
0x41c0a0 FindFirstFileExW
0x41c0a4 FindNextFileW
0x41c0a8 IsValidCodePage
0x41c0ac GetACP
0x41c0b0 GetOEMCP
0x41c0b4 GetCPInfo
0x41c0b8 GetCommandLineA
0x41c0bc GetCommandLineW
0x41c0c0 MultiByteToWideChar
0x41c0c4 WideCharToMultiByte
0x41c0c8 GetEnvironmentStringsW
0x41c0cc FreeEnvironmentStringsW
0x41c0d0 SetStdHandle
0x41c0d4 GetFileType
0x41c0d8 GetStringTypeW
0x41c0dc GetProcessHeap
0x41c0e0 HeapSize
0x41c0e4 FlushFileBuffers
0x41c0e8 GetConsoleOutputCP
0x41c0ec GetConsoleMode
0x41c0f0 SetFilePointerEx
0x41c0f4 CreateFileW
0x41c0f8 CloseHandle
0x41c0fc DecodePointer
EAT(Export Address Table) is none