ScreenShot
| Created | 2023.07.31 11:21 | Machine | s1_win7_x6403_us |
| Filename | 002105e21f1bddf68e59743c440e416a.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 10 detected (AIDetectMalware, unsafe, malicious, high confidence, Static AI, Suspicious PE, Genetic, susgen, confidence) | ||
| md5 | 002105e21f1bddf68e59743c440e416a | ||
| sha256 | de4cac7950d1bb99c86ab9ac86d94c3ed48a088b121245c3239f140a8fc2fcc4 | ||
| ssdeep | 3072:N6bmN1BYseC3XSvJGQ+pLAy8+YPHfRRk7l67pQnYXecWbHxGxJl4s:OO7/eC3XSl+3WPHo67hWbm3H | ||
| imphash | f3173778f088ce2b56b8257bfe393419 | ||
| impfuzzy | 48:dBq8fTfuL2rO/pIDxLABc+LPnGHERxK45+hXUXC+09/KA/kHSjqQSYn6gto/glL8:dBq8fnrmpIDxLABc+zGhHdZq6Iqu8uD | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| watch | Disables proxy possibly for traffic interception |
| watch | File has been identified by 10 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Creates (office) documents on the filesystem |
| notice | Creates a suspicious process |
| info | Checks amount of memory in system |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | docx | Word 2007 file format detection | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | zip_file_format | ZIP file format | binaries (download) |
PE API
IAT(Import Address Table) Library
COMCTL32.dll
0x41d018 InitCommonControlsEx
SHLWAPI.dll
0x41d238 SHAutoComplete
KERNEL32.dll
0x41d048 CreateDirectoryW
0x41d04c FindClose
0x41d050 FindNextFileW
0x41d054 FindFirstFileW
0x41d058 GetVersionExW
0x41d05c GetCurrentDirectoryW
0x41d060 GetFullPathNameW
0x41d064 GetModuleFileNameW
0x41d068 FindResourceW
0x41d06c GetModuleHandleW
0x41d070 FreeLibrary
0x41d074 GetProcAddress
0x41d078 LoadLibraryW
0x41d07c GetCurrentProcessId
0x41d080 GetLocaleInfoW
0x41d084 GetNumberFormatW
0x41d088 SetEnvironmentVariableW
0x41d08c ExpandEnvironmentStringsW
0x41d090 WaitForSingleObject
0x41d094 GetDateFormatW
0x41d098 GetTimeFormatW
0x41d09c FileTimeToSystemTime
0x41d0a0 FileTimeToLocalFileTime
0x41d0a4 GetExitCodeProcess
0x41d0a8 GetTempPathW
0x41d0ac MoveFileExW
0x41d0b0 UnmapViewOfFile
0x41d0b4 Sleep
0x41d0b8 MapViewOfFile
0x41d0bc GetCommandLineW
0x41d0c0 CreateFileMappingW
0x41d0c4 GetTickCount
0x41d0c8 OpenFileMappingW
0x41d0cc SystemTimeToFileTime
0x41d0d0 TzSpecificLocalTimeToSystemTime
0x41d0d4 LocalFileTimeToFileTime
0x41d0d8 WideCharToMultiByte
0x41d0dc MultiByteToWideChar
0x41d0e0 CompareStringW
0x41d0e4 IsDBCSLeadByte
0x41d0e8 GetCPInfo
0x41d0ec GlobalAlloc
0x41d0f0 SetCurrentDirectoryW
0x41d0f4 WriteConsoleW
0x41d0f8 DeleteFileW
0x41d0fc WriteConsoleA
0x41d100 SetStdHandle
0x41d104 GetLocaleInfoA
0x41d108 GetStringTypeW
0x41d10c GetStringTypeA
0x41d110 LoadLibraryA
0x41d114 GetConsoleMode
0x41d118 GetConsoleCP
0x41d11c InitializeCriticalSectionAndSpinCount
0x41d120 QueryPerformanceCounter
0x41d124 SetHandleCount
0x41d128 GetEnvironmentStringsW
0x41d12c FreeEnvironmentStringsW
0x41d130 GetEnvironmentStrings
0x41d134 FreeEnvironmentStringsA
0x41d138 GetModuleHandleA
0x41d13c LCMapStringW
0x41d140 LCMapStringA
0x41d144 IsValidCodePage
0x41d148 GetOEMCP
0x41d14c GetACP
0x41d150 HeapSize
0x41d154 GetModuleFileNameA
0x41d158 ExitProcess
0x41d15c IsDebuggerPresent
0x41d160 SetUnhandledExceptionFilter
0x41d164 UnhandledExceptionFilter
0x41d168 GetCurrentProcess
0x41d16c TerminateProcess
0x41d170 InterlockedDecrement
0x41d174 GetCurrentThreadId
0x41d178 InterlockedIncrement
0x41d17c TlsFree
0x41d180 TlsSetValue
0x41d184 TlsAlloc
0x41d188 TlsGetValue
0x41d18c VirtualAlloc
0x41d190 EnterCriticalSection
0x41d194 LeaveCriticalSection
0x41d198 DeleteCriticalSection
0x41d19c VirtualFree
0x41d1a0 MoveFileW
0x41d1a4 SetFileAttributesW
0x41d1a8 GetFileAttributesW
0x41d1ac FlushFileBuffers
0x41d1b0 SetFileTime
0x41d1b4 ReadFile
0x41d1b8 GetFileType
0x41d1bc SetEndOfFile
0x41d1c0 SetFilePointer
0x41d1c4 GetStdHandle
0x41d1c8 CloseHandle
0x41d1cc WriteFile
0x41d1d0 CreateFileW
0x41d1d4 SetLastError
0x41d1d8 GetLastError
0x41d1dc CreateFileA
0x41d1e0 GetConsoleOutputCP
0x41d1e4 HeapCreate
0x41d1e8 GetStartupInfoA
0x41d1ec GetCommandLineA
0x41d1f0 GetSystemTimeAsFileTime
0x41d1f4 HeapAlloc
0x41d1f8 HeapReAlloc
0x41d1fc RaiseException
0x41d200 RtlUnwind
0x41d204 HeapFree
USER32.dll
0x41d240 EnableWindow
0x41d244 GetDlgItem
0x41d248 LoadBitmapW
0x41d24c ShowWindow
0x41d250 GetDC
0x41d254 ReleaseDC
0x41d258 FindWindowExW
0x41d25c GetParent
0x41d260 MapWindowPoints
0x41d264 CreateWindowExW
0x41d268 UpdateWindow
0x41d26c LoadCursorW
0x41d270 RegisterClassExW
0x41d274 DefWindowProcW
0x41d278 DestroyWindow
0x41d27c CopyRect
0x41d280 IsWindow
0x41d284 CharUpperW
0x41d288 OemToCharBuffA
0x41d28c LoadIconW
0x41d290 PostMessageW
0x41d294 GetSysColor
0x41d298 SetForegroundWindow
0x41d29c MessageBoxW
0x41d2a0 WaitForInputIdle
0x41d2a4 IsWindowVisible
0x41d2a8 DialogBoxParamW
0x41d2ac DestroyIcon
0x41d2b0 SetFocus
0x41d2b4 GetClassNameW
0x41d2b8 SendDlgItemMessageW
0x41d2bc EndDialog
0x41d2c0 GetDlgItemTextW
0x41d2c4 SetDlgItemTextW
0x41d2c8 wvsprintfW
0x41d2cc SendMessageW
0x41d2d0 PeekMessageW
0x41d2d4 GetMessageW
0x41d2d8 TranslateMessage
0x41d2dc DispatchMessageW
0x41d2e0 LoadStringW
0x41d2e4 GetWindowRect
0x41d2e8 GetClientRect
0x41d2ec SetWindowPos
0x41d2f0 GetWindowTextW
0x41d2f4 SetWindowTextW
0x41d2f8 GetSystemMetrics
0x41d2fc GetWindow
0x41d300 GetWindowLongW
0x41d304 SetWindowLongW
GDI32.dll
0x41d020 GetDeviceCaps
0x41d024 CreateCompatibleDC
0x41d028 CreateCompatibleBitmap
0x41d02c SelectObject
0x41d030 StretchBlt
0x41d034 DeleteDC
0x41d038 GetObjectW
0x41d03c DeleteObject
0x41d040 CreateDIBSection
ADVAPI32.dll
0x41d000 RegCloseKey
0x41d004 RegOpenKeyExW
0x41d008 RegQueryValueExW
0x41d00c RegCreateKeyExW
0x41d010 RegSetValueExW
SHELL32.dll
0x41d214 SHGetSpecialFolderLocation
0x41d218 SHFileOperationW
0x41d21c SHGetFileInfoW
0x41d220 SHGetMalloc
0x41d224 SHBrowseForFolderW
0x41d228 SHGetPathFromIDListW
0x41d22c SHChangeNotify
0x41d230 ShellExecuteExW
ole32.dll
0x41d30c CreateStreamOnHGlobal
0x41d310 CLSIDFromString
0x41d314 CoCreateInstance
0x41d318 OleInitialize
0x41d31c OleUninitialize
OLEAUT32.dll
0x41d20c VariantInit
EAT(Export Address Table) Library
COMCTL32.dll
0x41d018 InitCommonControlsEx
SHLWAPI.dll
0x41d238 SHAutoComplete
KERNEL32.dll
0x41d048 CreateDirectoryW
0x41d04c FindClose
0x41d050 FindNextFileW
0x41d054 FindFirstFileW
0x41d058 GetVersionExW
0x41d05c GetCurrentDirectoryW
0x41d060 GetFullPathNameW
0x41d064 GetModuleFileNameW
0x41d068 FindResourceW
0x41d06c GetModuleHandleW
0x41d070 FreeLibrary
0x41d074 GetProcAddress
0x41d078 LoadLibraryW
0x41d07c GetCurrentProcessId
0x41d080 GetLocaleInfoW
0x41d084 GetNumberFormatW
0x41d088 SetEnvironmentVariableW
0x41d08c ExpandEnvironmentStringsW
0x41d090 WaitForSingleObject
0x41d094 GetDateFormatW
0x41d098 GetTimeFormatW
0x41d09c FileTimeToSystemTime
0x41d0a0 FileTimeToLocalFileTime
0x41d0a4 GetExitCodeProcess
0x41d0a8 GetTempPathW
0x41d0ac MoveFileExW
0x41d0b0 UnmapViewOfFile
0x41d0b4 Sleep
0x41d0b8 MapViewOfFile
0x41d0bc GetCommandLineW
0x41d0c0 CreateFileMappingW
0x41d0c4 GetTickCount
0x41d0c8 OpenFileMappingW
0x41d0cc SystemTimeToFileTime
0x41d0d0 TzSpecificLocalTimeToSystemTime
0x41d0d4 LocalFileTimeToFileTime
0x41d0d8 WideCharToMultiByte
0x41d0dc MultiByteToWideChar
0x41d0e0 CompareStringW
0x41d0e4 IsDBCSLeadByte
0x41d0e8 GetCPInfo
0x41d0ec GlobalAlloc
0x41d0f0 SetCurrentDirectoryW
0x41d0f4 WriteConsoleW
0x41d0f8 DeleteFileW
0x41d0fc WriteConsoleA
0x41d100 SetStdHandle
0x41d104 GetLocaleInfoA
0x41d108 GetStringTypeW
0x41d10c GetStringTypeA
0x41d110 LoadLibraryA
0x41d114 GetConsoleMode
0x41d118 GetConsoleCP
0x41d11c InitializeCriticalSectionAndSpinCount
0x41d120 QueryPerformanceCounter
0x41d124 SetHandleCount
0x41d128 GetEnvironmentStringsW
0x41d12c FreeEnvironmentStringsW
0x41d130 GetEnvironmentStrings
0x41d134 FreeEnvironmentStringsA
0x41d138 GetModuleHandleA
0x41d13c LCMapStringW
0x41d140 LCMapStringA
0x41d144 IsValidCodePage
0x41d148 GetOEMCP
0x41d14c GetACP
0x41d150 HeapSize
0x41d154 GetModuleFileNameA
0x41d158 ExitProcess
0x41d15c IsDebuggerPresent
0x41d160 SetUnhandledExceptionFilter
0x41d164 UnhandledExceptionFilter
0x41d168 GetCurrentProcess
0x41d16c TerminateProcess
0x41d170 InterlockedDecrement
0x41d174 GetCurrentThreadId
0x41d178 InterlockedIncrement
0x41d17c TlsFree
0x41d180 TlsSetValue
0x41d184 TlsAlloc
0x41d188 TlsGetValue
0x41d18c VirtualAlloc
0x41d190 EnterCriticalSection
0x41d194 LeaveCriticalSection
0x41d198 DeleteCriticalSection
0x41d19c VirtualFree
0x41d1a0 MoveFileW
0x41d1a4 SetFileAttributesW
0x41d1a8 GetFileAttributesW
0x41d1ac FlushFileBuffers
0x41d1b0 SetFileTime
0x41d1b4 ReadFile
0x41d1b8 GetFileType
0x41d1bc SetEndOfFile
0x41d1c0 SetFilePointer
0x41d1c4 GetStdHandle
0x41d1c8 CloseHandle
0x41d1cc WriteFile
0x41d1d0 CreateFileW
0x41d1d4 SetLastError
0x41d1d8 GetLastError
0x41d1dc CreateFileA
0x41d1e0 GetConsoleOutputCP
0x41d1e4 HeapCreate
0x41d1e8 GetStartupInfoA
0x41d1ec GetCommandLineA
0x41d1f0 GetSystemTimeAsFileTime
0x41d1f4 HeapAlloc
0x41d1f8 HeapReAlloc
0x41d1fc RaiseException
0x41d200 RtlUnwind
0x41d204 HeapFree
USER32.dll
0x41d240 EnableWindow
0x41d244 GetDlgItem
0x41d248 LoadBitmapW
0x41d24c ShowWindow
0x41d250 GetDC
0x41d254 ReleaseDC
0x41d258 FindWindowExW
0x41d25c GetParent
0x41d260 MapWindowPoints
0x41d264 CreateWindowExW
0x41d268 UpdateWindow
0x41d26c LoadCursorW
0x41d270 RegisterClassExW
0x41d274 DefWindowProcW
0x41d278 DestroyWindow
0x41d27c CopyRect
0x41d280 IsWindow
0x41d284 CharUpperW
0x41d288 OemToCharBuffA
0x41d28c LoadIconW
0x41d290 PostMessageW
0x41d294 GetSysColor
0x41d298 SetForegroundWindow
0x41d29c MessageBoxW
0x41d2a0 WaitForInputIdle
0x41d2a4 IsWindowVisible
0x41d2a8 DialogBoxParamW
0x41d2ac DestroyIcon
0x41d2b0 SetFocus
0x41d2b4 GetClassNameW
0x41d2b8 SendDlgItemMessageW
0x41d2bc EndDialog
0x41d2c0 GetDlgItemTextW
0x41d2c4 SetDlgItemTextW
0x41d2c8 wvsprintfW
0x41d2cc SendMessageW
0x41d2d0 PeekMessageW
0x41d2d4 GetMessageW
0x41d2d8 TranslateMessage
0x41d2dc DispatchMessageW
0x41d2e0 LoadStringW
0x41d2e4 GetWindowRect
0x41d2e8 GetClientRect
0x41d2ec SetWindowPos
0x41d2f0 GetWindowTextW
0x41d2f4 SetWindowTextW
0x41d2f8 GetSystemMetrics
0x41d2fc GetWindow
0x41d300 GetWindowLongW
0x41d304 SetWindowLongW
GDI32.dll
0x41d020 GetDeviceCaps
0x41d024 CreateCompatibleDC
0x41d028 CreateCompatibleBitmap
0x41d02c SelectObject
0x41d030 StretchBlt
0x41d034 DeleteDC
0x41d038 GetObjectW
0x41d03c DeleteObject
0x41d040 CreateDIBSection
ADVAPI32.dll
0x41d000 RegCloseKey
0x41d004 RegOpenKeyExW
0x41d008 RegQueryValueExW
0x41d00c RegCreateKeyExW
0x41d010 RegSetValueExW
SHELL32.dll
0x41d214 SHGetSpecialFolderLocation
0x41d218 SHFileOperationW
0x41d21c SHGetFileInfoW
0x41d220 SHGetMalloc
0x41d224 SHBrowseForFolderW
0x41d228 SHGetPathFromIDListW
0x41d22c SHChangeNotify
0x41d230 ShellExecuteExW
ole32.dll
0x41d30c CreateStreamOnHGlobal
0x41d310 CLSIDFromString
0x41d314 CoCreateInstance
0x41d318 OleInitialize
0x41d31c OleUninitialize
OLEAUT32.dll
0x41d20c VariantInit
EAT(Export Address Table) Library