ScreenShot
| Created | 2023.08.01 08:03 | Machine | s1_win7_x6403 |
| Filename | dasf.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 89ef9f770753ea98cde8dd221b71f510 | ||
| sha256 | 67aa172caed83272300ae72ef7caf0f892170c2bfa347c991b19f7ad3dd3912d | ||
| ssdeep | 24576:2osUGTCe/6HobDxOtTSHEMWTzktQPzMWTX8LsQKAoFUWDNnD1ETq/umX:GZR/6Ho/xOtjwOIQAQ1ET1mX | ||
| imphash | 81ee0d56a4a7333fc5e6209497e45f2f | ||
| impfuzzy | 96:4XY5yaeyPc+p7tGDWqQOfOSMOWkOimauzA+isy:4XmyvctGCyWKP/ | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4cf04c GetLocaleInfoA
0x4cf050 CreateToolhelp32Snapshot
0x4cf054 CreateEventW
0x4cf058 MultiByteToWideChar
0x4cf05c Sleep
0x4cf060 GetTempPathA
0x4cf064 GetModuleHandleExA
0x4cf068 GetTimeZoneInformation
0x4cf06c GetTickCount64
0x4cf070 CopyFileA
0x4cf074 GetLastError
0x4cf078 GetFileAttributesA
0x4cf07c TzSpecificLocalTimeToSystemTime
0x4cf080 CreateFileA
0x4cf084 SetEvent
0x4cf088 LoadLibraryA
0x4cf08c GetVersionExA
0x4cf090 DeleteFileA
0x4cf094 Process32Next
0x4cf098 CloseHandle
0x4cf09c GetSystemInfo
0x4cf0a0 CreateThread
0x4cf0a4 GetWindowsDirectoryA
0x4cf0a8 SetFileAttributesA
0x4cf0ac GetLocalTime
0x4cf0b0 GetProcAddress
0x4cf0b4 LocalFree
0x4cf0b8 IsProcessorFeaturePresent
0x4cf0bc RemoveDirectoryA
0x4cf0c0 ExitProcess
0x4cf0c4 GetCurrentProcessId
0x4cf0c8 GlobalMemoryStatusEx
0x4cf0cc FreeLibrary
0x4cf0d0 WideCharToMultiByte
0x4cf0d4 CreateDirectoryA
0x4cf0d8 GetSystemTime
0x4cf0dc GetPrivateProfileStringA
0x4cf0e0 IsWow64Process
0x4cf0e4 IsDebuggerPresent
0x4cf0e8 GetComputerNameA
0x4cf0ec SetUnhandledExceptionFilter
0x4cf0f0 GetModuleHandleA
0x4cf0f4 lstrcpyA
0x4cf0f8 HeapFree
0x4cf0fc HeapAlloc
0x4cf100 lstrcpynA
0x4cf104 GetProcessHeap
0x4cf108 ReadFile
0x4cf10c SetFilePointer
0x4cf110 CreateFileW
0x4cf114 lstrlenA
0x4cf118 AreFileApisANSI
0x4cf11c EnterCriticalSection
0x4cf120 GetFullPathNameW
0x4cf124 GetDiskFreeSpaceW
0x4cf128 LockFile
0x4cf12c LeaveCriticalSection
0x4cf130 InitializeCriticalSection
0x4cf134 GetFullPathNameA
0x4cf138 SetEndOfFile
0x4cf13c GetTempPathW
0x4cf140 GetFileAttributesW
0x4cf144 FormatMessageW
0x4cf148 GetDiskFreeSpaceA
0x4cf14c DeleteFileW
0x4cf150 UnlockFile
0x4cf154 LockFileEx
0x4cf158 GetFileSize
0x4cf15c DeleteCriticalSection
0x4cf160 GetSystemTimeAsFileTime
0x4cf164 FormatMessageA
0x4cf168 QueryPerformanceCounter
0x4cf16c GetTickCount
0x4cf170 FlushFileBuffers
0x4cf174 WriteConsoleW
0x4cf178 HeapSize
0x4cf17c SetEnvironmentVariableW
0x4cf180 FreeEnvironmentStringsW
0x4cf184 GetEnvironmentStringsW
0x4cf188 GetCommandLineW
0x4cf18c GetCommandLineA
0x4cf190 GetOEMCP
0x4cf194 GetACP
0x4cf198 IsValidCodePage
0x4cf19c GetCurrentThreadId
0x4cf1a0 LocalAlloc
0x4cf1a4 WaitForSingleObject
0x4cf1a8 GetVolumeInformationA
0x4cf1ac lstrcatA
0x4cf1b0 FindClose
0x4cf1b4 InitializeCriticalSectionEx
0x4cf1b8 FindNextFileA
0x4cf1bc GetUserDefaultLocaleName
0x4cf1c0 TerminateProcess
0x4cf1c4 WriteFile
0x4cf1c8 GetCurrentProcess
0x4cf1cc FindFirstFileA
0x4cf1d0 Process32First
0x4cf1d4 GetPrivateProfileSectionNamesA
0x4cf1d8 SetStdHandle
0x4cf1dc HeapReAlloc
0x4cf1e0 EnumSystemLocalesW
0x4cf1e4 GetUserDefaultLCID
0x4cf1e8 IsValidLocale
0x4cf1ec GetLocaleInfoW
0x4cf1f0 LCMapStringW
0x4cf1f4 CompareStringW
0x4cf1f8 GetTimeFormatW
0x4cf1fc GetDateFormatW
0x4cf200 GetModuleFileNameA
0x4cf204 GetFileSizeEx
0x4cf208 GetConsoleOutputCP
0x4cf20c ReadConsoleW
0x4cf210 GetConsoleMode
0x4cf214 GetStdHandle
0x4cf218 GetModuleFileNameW
0x4cf21c GetModuleHandleExW
0x4cf220 GetFileType
0x4cf224 SetFilePointerEx
0x4cf228 LoadLibraryExW
0x4cf22c TlsFree
0x4cf230 TlsSetValue
0x4cf234 TlsGetValue
0x4cf238 TlsAlloc
0x4cf23c SetLastError
0x4cf240 RtlUnwind
0x4cf244 RaiseException
0x4cf248 InitializeSListHead
0x4cf24c GetStartupInfoW
0x4cf250 FindFirstFileW
0x4cf254 FindFirstFileExW
0x4cf258 FindNextFileW
0x4cf25c GetFileAttributesExW
0x4cf260 GetFinalPathNameByHandleW
0x4cf264 GetModuleHandleW
0x4cf268 GetFileInformationByHandleEx
0x4cf26c GetLocaleInfoEx
0x4cf270 InitializeSRWLock
0x4cf274 ReleaseSRWLockExclusive
0x4cf278 AcquireSRWLockExclusive
0x4cf27c TryAcquireSRWLockExclusive
0x4cf280 LCMapStringEx
0x4cf284 EncodePointer
0x4cf288 DecodePointer
0x4cf28c CompareStringEx
0x4cf290 GetCPInfo
0x4cf294 GetStringTypeW
0x4cf298 InitializeCriticalSectionAndSpinCount
0x4cf29c ResetEvent
0x4cf2a0 WaitForSingleObjectEx
0x4cf2a4 UnhandledExceptionFilter
USER32.dll
0x4cf2d4 GetWindowRect
0x4cf2d8 GetSystemMetrics
0x4cf2dc CharNextA
0x4cf2e0 ReleaseDC
0x4cf2e4 GetKeyboardLayoutList
0x4cf2e8 EnumDisplayDevicesA
0x4cf2ec GetDC
0x4cf2f0 GetDesktopWindow
0x4cf2f4 wsprintfA
GDI32.dll
0x4cf034 CreateCompatibleBitmap
0x4cf038 SelectObject
0x4cf03c CreateCompatibleDC
0x4cf040 DeleteObject
0x4cf044 BitBlt
ADVAPI32.dll
0x4cf000 SystemFunction036
0x4cf004 RegOpenKeyExA
0x4cf008 GetUserNameA
0x4cf00c RegCloseKey
0x4cf010 GetCurrentHwProfileA
0x4cf014 RegQueryValueExA
0x4cf018 CredEnumerateA
0x4cf01c RegCreateKeyExA
0x4cf020 CredFree
0x4cf024 RegEnumKeyExA
SHELL32.dll
0x4cf2c0 ShellExecuteA
0x4cf2c4 SHGetFolderPathA
ole32.dll
0x4cf350 CoInitialize
0x4cf354 CoUninitialize
0x4cf358 CoInitializeEx
0x4cf35c CoCreateInstance
WS2_32.dll
0x4cf2fc shutdown
0x4cf300 getaddrinfo
0x4cf304 WSAStartup
0x4cf308 send
0x4cf30c socket
0x4cf310 connect
0x4cf314 recv
0x4cf318 setsockopt
0x4cf31c WSAGetLastError
0x4cf320 WSACleanup
0x4cf324 closesocket
0x4cf328 freeaddrinfo
CRYPT32.dll
0x4cf02c CryptUnprotectData
SHLWAPI.dll
0x4cf2cc PathFindExtensionA
gdiplus.dll
0x4cf330 GdipGetImageEncoders
0x4cf334 GdiplusShutdown
0x4cf338 GdiplusStartup
0x4cf33c GdipSaveImageToFile
0x4cf340 GdipGetImageEncodersSize
0x4cf344 GdipDisposeImage
0x4cf348 GdipCreateBitmapFromHBITMAP
SETUPAPI.dll
0x4cf2ac SetupDiGetDeviceInterfaceDetailA
0x4cf2b0 SetupDiGetClassDevsA
0x4cf2b4 SetupDiEnumDeviceInterfaces
0x4cf2b8 SetupDiEnumDeviceInfo
EAT(Export Address Table) is none
KERNEL32.dll
0x4cf04c GetLocaleInfoA
0x4cf050 CreateToolhelp32Snapshot
0x4cf054 CreateEventW
0x4cf058 MultiByteToWideChar
0x4cf05c Sleep
0x4cf060 GetTempPathA
0x4cf064 GetModuleHandleExA
0x4cf068 GetTimeZoneInformation
0x4cf06c GetTickCount64
0x4cf070 CopyFileA
0x4cf074 GetLastError
0x4cf078 GetFileAttributesA
0x4cf07c TzSpecificLocalTimeToSystemTime
0x4cf080 CreateFileA
0x4cf084 SetEvent
0x4cf088 LoadLibraryA
0x4cf08c GetVersionExA
0x4cf090 DeleteFileA
0x4cf094 Process32Next
0x4cf098 CloseHandle
0x4cf09c GetSystemInfo
0x4cf0a0 CreateThread
0x4cf0a4 GetWindowsDirectoryA
0x4cf0a8 SetFileAttributesA
0x4cf0ac GetLocalTime
0x4cf0b0 GetProcAddress
0x4cf0b4 LocalFree
0x4cf0b8 IsProcessorFeaturePresent
0x4cf0bc RemoveDirectoryA
0x4cf0c0 ExitProcess
0x4cf0c4 GetCurrentProcessId
0x4cf0c8 GlobalMemoryStatusEx
0x4cf0cc FreeLibrary
0x4cf0d0 WideCharToMultiByte
0x4cf0d4 CreateDirectoryA
0x4cf0d8 GetSystemTime
0x4cf0dc GetPrivateProfileStringA
0x4cf0e0 IsWow64Process
0x4cf0e4 IsDebuggerPresent
0x4cf0e8 GetComputerNameA
0x4cf0ec SetUnhandledExceptionFilter
0x4cf0f0 GetModuleHandleA
0x4cf0f4 lstrcpyA
0x4cf0f8 HeapFree
0x4cf0fc HeapAlloc
0x4cf100 lstrcpynA
0x4cf104 GetProcessHeap
0x4cf108 ReadFile
0x4cf10c SetFilePointer
0x4cf110 CreateFileW
0x4cf114 lstrlenA
0x4cf118 AreFileApisANSI
0x4cf11c EnterCriticalSection
0x4cf120 GetFullPathNameW
0x4cf124 GetDiskFreeSpaceW
0x4cf128 LockFile
0x4cf12c LeaveCriticalSection
0x4cf130 InitializeCriticalSection
0x4cf134 GetFullPathNameA
0x4cf138 SetEndOfFile
0x4cf13c GetTempPathW
0x4cf140 GetFileAttributesW
0x4cf144 FormatMessageW
0x4cf148 GetDiskFreeSpaceA
0x4cf14c DeleteFileW
0x4cf150 UnlockFile
0x4cf154 LockFileEx
0x4cf158 GetFileSize
0x4cf15c DeleteCriticalSection
0x4cf160 GetSystemTimeAsFileTime
0x4cf164 FormatMessageA
0x4cf168 QueryPerformanceCounter
0x4cf16c GetTickCount
0x4cf170 FlushFileBuffers
0x4cf174 WriteConsoleW
0x4cf178 HeapSize
0x4cf17c SetEnvironmentVariableW
0x4cf180 FreeEnvironmentStringsW
0x4cf184 GetEnvironmentStringsW
0x4cf188 GetCommandLineW
0x4cf18c GetCommandLineA
0x4cf190 GetOEMCP
0x4cf194 GetACP
0x4cf198 IsValidCodePage
0x4cf19c GetCurrentThreadId
0x4cf1a0 LocalAlloc
0x4cf1a4 WaitForSingleObject
0x4cf1a8 GetVolumeInformationA
0x4cf1ac lstrcatA
0x4cf1b0 FindClose
0x4cf1b4 InitializeCriticalSectionEx
0x4cf1b8 FindNextFileA
0x4cf1bc GetUserDefaultLocaleName
0x4cf1c0 TerminateProcess
0x4cf1c4 WriteFile
0x4cf1c8 GetCurrentProcess
0x4cf1cc FindFirstFileA
0x4cf1d0 Process32First
0x4cf1d4 GetPrivateProfileSectionNamesA
0x4cf1d8 SetStdHandle
0x4cf1dc HeapReAlloc
0x4cf1e0 EnumSystemLocalesW
0x4cf1e4 GetUserDefaultLCID
0x4cf1e8 IsValidLocale
0x4cf1ec GetLocaleInfoW
0x4cf1f0 LCMapStringW
0x4cf1f4 CompareStringW
0x4cf1f8 GetTimeFormatW
0x4cf1fc GetDateFormatW
0x4cf200 GetModuleFileNameA
0x4cf204 GetFileSizeEx
0x4cf208 GetConsoleOutputCP
0x4cf20c ReadConsoleW
0x4cf210 GetConsoleMode
0x4cf214 GetStdHandle
0x4cf218 GetModuleFileNameW
0x4cf21c GetModuleHandleExW
0x4cf220 GetFileType
0x4cf224 SetFilePointerEx
0x4cf228 LoadLibraryExW
0x4cf22c TlsFree
0x4cf230 TlsSetValue
0x4cf234 TlsGetValue
0x4cf238 TlsAlloc
0x4cf23c SetLastError
0x4cf240 RtlUnwind
0x4cf244 RaiseException
0x4cf248 InitializeSListHead
0x4cf24c GetStartupInfoW
0x4cf250 FindFirstFileW
0x4cf254 FindFirstFileExW
0x4cf258 FindNextFileW
0x4cf25c GetFileAttributesExW
0x4cf260 GetFinalPathNameByHandleW
0x4cf264 GetModuleHandleW
0x4cf268 GetFileInformationByHandleEx
0x4cf26c GetLocaleInfoEx
0x4cf270 InitializeSRWLock
0x4cf274 ReleaseSRWLockExclusive
0x4cf278 AcquireSRWLockExclusive
0x4cf27c TryAcquireSRWLockExclusive
0x4cf280 LCMapStringEx
0x4cf284 EncodePointer
0x4cf288 DecodePointer
0x4cf28c CompareStringEx
0x4cf290 GetCPInfo
0x4cf294 GetStringTypeW
0x4cf298 InitializeCriticalSectionAndSpinCount
0x4cf29c ResetEvent
0x4cf2a0 WaitForSingleObjectEx
0x4cf2a4 UnhandledExceptionFilter
USER32.dll
0x4cf2d4 GetWindowRect
0x4cf2d8 GetSystemMetrics
0x4cf2dc CharNextA
0x4cf2e0 ReleaseDC
0x4cf2e4 GetKeyboardLayoutList
0x4cf2e8 EnumDisplayDevicesA
0x4cf2ec GetDC
0x4cf2f0 GetDesktopWindow
0x4cf2f4 wsprintfA
GDI32.dll
0x4cf034 CreateCompatibleBitmap
0x4cf038 SelectObject
0x4cf03c CreateCompatibleDC
0x4cf040 DeleteObject
0x4cf044 BitBlt
ADVAPI32.dll
0x4cf000 SystemFunction036
0x4cf004 RegOpenKeyExA
0x4cf008 GetUserNameA
0x4cf00c RegCloseKey
0x4cf010 GetCurrentHwProfileA
0x4cf014 RegQueryValueExA
0x4cf018 CredEnumerateA
0x4cf01c RegCreateKeyExA
0x4cf020 CredFree
0x4cf024 RegEnumKeyExA
SHELL32.dll
0x4cf2c0 ShellExecuteA
0x4cf2c4 SHGetFolderPathA
ole32.dll
0x4cf350 CoInitialize
0x4cf354 CoUninitialize
0x4cf358 CoInitializeEx
0x4cf35c CoCreateInstance
WS2_32.dll
0x4cf2fc shutdown
0x4cf300 getaddrinfo
0x4cf304 WSAStartup
0x4cf308 send
0x4cf30c socket
0x4cf310 connect
0x4cf314 recv
0x4cf318 setsockopt
0x4cf31c WSAGetLastError
0x4cf320 WSACleanup
0x4cf324 closesocket
0x4cf328 freeaddrinfo
CRYPT32.dll
0x4cf02c CryptUnprotectData
SHLWAPI.dll
0x4cf2cc PathFindExtensionA
gdiplus.dll
0x4cf330 GdipGetImageEncoders
0x4cf334 GdiplusShutdown
0x4cf338 GdiplusStartup
0x4cf33c GdipSaveImageToFile
0x4cf340 GdipGetImageEncodersSize
0x4cf344 GdipDisposeImage
0x4cf348 GdipCreateBitmapFromHBITMAP
SETUPAPI.dll
0x4cf2ac SetupDiGetDeviceInterfaceDetailA
0x4cf2b0 SetupDiGetClassDevsA
0x4cf2b4 SetupDiEnumDeviceInterfaces
0x4cf2b8 SetupDiEnumDeviceInfo
EAT(Export Address Table) is none