ScreenShot
| Created | 2023.08.07 09:11 | Machine | s1_win7_x6403 |
| Filename | O77vNQG6.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 49 detected (AIDetectMalware, Windows, Amadey, Malicious, score, FCND, unsafe, Save, Eldorado, Attribute, HighConfidence, Doina, Deyma, BotX, Ff7t0kYd78J, AGEN, YXDHEZ, Static AI, Malicious PE, ai score=88, Detected, ZexaF, ouW@amEIRFpi, Genetic, Ddhl, susgen, confidence, 100%) | ||
| md5 | 90e1482208611ebf4b36413d6bf05f42 | ||
| sha256 | 0e41ffd44bc8a085a3bd49058ff0051538476c8a05f086593b02bc87b30268dc | ||
| ssdeep | 3072:eSO3Te83mI75HrE+kqQUULV5J3T1XiRuiibP5o/l7RSKFyLiJGu7dqvyEzkzwkr8:se83mQ4LBVvZT1ilF/WKFrGu7duMAVa | ||
| imphash | ff195cccada6bfe977f7c90930774f78 | ||
| impfuzzy | 48:ggXgEHG1GOscpe2toS182zZccgTg3NzF57fwwRLP2HN+guPg:pXgJGdcpe2toS182zZcty7RLClSg | ||
Network IP location
Signature (17cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 49 AntiVirus engines on VirusTotal as malicious |
| watch | Attempts to identify installed AV products by installation directory |
| watch | Disables proxy possibly for traffic interception |
| watch | Installs itself for autorun at Windows startup |
| watch | Uses suspicious command line tools or Windows utilities |
| notice | A process attempted to delay the analysis task. |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks whether any human activity is being performed by constantly checking whether the foreground window changed |
| notice | Creates a suspicious process |
| notice | Drops a binary and executes it |
| notice | Drops an executable to the user AppData folder |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Checks amount of memory in system |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (13cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | JPEG_Format_Zero | JPEG Format | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x42e044 CloseHandle
0x42e048 GetSystemInfo
0x42e04c CreateThread
0x42e050 GetThreadContext
0x42e054 GetProcAddress
0x42e058 VirtualAllocEx
0x42e05c RemoveDirectoryA
0x42e060 CreateFileA
0x42e064 CreateProcessA
0x42e068 CreateDirectoryA
0x42e06c SetThreadContext
0x42e070 WriteConsoleW
0x42e074 ReadConsoleW
0x42e078 SetEndOfFile
0x42e07c HeapReAlloc
0x42e080 HeapSize
0x42e084 GetFileAttributesA
0x42e088 GetLastError
0x42e08c GetTempPathA
0x42e090 Sleep
0x42e094 GetModuleHandleA
0x42e098 SetCurrentDirectoryA
0x42e09c ResumeThread
0x42e0a0 GetComputerNameExW
0x42e0a4 GetVersionExW
0x42e0a8 CreateMutexA
0x42e0ac VirtualAlloc
0x42e0b0 WriteFile
0x42e0b4 VirtualFree
0x42e0b8 WriteProcessMemory
0x42e0bc GetModuleFileNameA
0x42e0c0 ReadProcessMemory
0x42e0c4 ReadFile
0x42e0c8 SetFilePointerEx
0x42e0cc GetTimeZoneInformation
0x42e0d0 GetConsoleMode
0x42e0d4 GetConsoleCP
0x42e0d8 FlushFileBuffers
0x42e0dc GetStringTypeW
0x42e0e0 GetProcessHeap
0x42e0e4 SetEnvironmentVariableW
0x42e0e8 FreeEnvironmentStringsW
0x42e0ec GetEnvironmentStringsW
0x42e0f0 WideCharToMultiByte
0x42e0f4 GetCPInfo
0x42e0f8 GetOEMCP
0x42e0fc GetACP
0x42e100 IsValidCodePage
0x42e104 FindNextFileW
0x42e108 FindFirstFileExW
0x42e10c FindClose
0x42e110 SetStdHandle
0x42e114 GetFullPathNameW
0x42e118 GetCurrentDirectoryW
0x42e11c DeleteFileW
0x42e120 EnterCriticalSection
0x42e124 LeaveCriticalSection
0x42e128 InitializeCriticalSectionAndSpinCount
0x42e12c DeleteCriticalSection
0x42e130 SetEvent
0x42e134 ResetEvent
0x42e138 WaitForSingleObjectEx
0x42e13c CreateEventW
0x42e140 GetModuleHandleW
0x42e144 UnhandledExceptionFilter
0x42e148 SetUnhandledExceptionFilter
0x42e14c GetCurrentProcess
0x42e150 TerminateProcess
0x42e154 IsProcessorFeaturePresent
0x42e158 IsDebuggerPresent
0x42e15c GetStartupInfoW
0x42e160 QueryPerformanceCounter
0x42e164 GetCurrentProcessId
0x42e168 GetCurrentThreadId
0x42e16c GetSystemTimeAsFileTime
0x42e170 InitializeSListHead
0x42e174 RaiseException
0x42e178 SetLastError
0x42e17c RtlUnwind
0x42e180 TlsAlloc
0x42e184 TlsGetValue
0x42e188 TlsSetValue
0x42e18c TlsFree
0x42e190 FreeLibrary
0x42e194 LoadLibraryExW
0x42e198 ExitProcess
0x42e19c GetModuleHandleExW
0x42e1a0 CreateFileW
0x42e1a4 GetDriveTypeW
0x42e1a8 GetFileInformationByHandle
0x42e1ac GetFileType
0x42e1b0 PeekNamedPipe
0x42e1b4 SystemTimeToTzSpecificLocalTime
0x42e1b8 FileTimeToSystemTime
0x42e1bc GetModuleFileNameW
0x42e1c0 GetStdHandle
0x42e1c4 GetCommandLineA
0x42e1c8 GetCommandLineW
0x42e1cc HeapFree
0x42e1d0 HeapAlloc
0x42e1d4 MultiByteToWideChar
0x42e1d8 CompareStringW
0x42e1dc LCMapStringW
0x42e1e0 DecodePointer
USER32.dll
0x42e1fc GetSystemMetrics
0x42e200 ReleaseDC
0x42e204 GetDC
GDI32.dll
0x42e02c CreateCompatibleBitmap
0x42e030 SelectObject
0x42e034 CreateCompatibleDC
0x42e038 DeleteObject
0x42e03c BitBlt
ADVAPI32.dll
0x42e000 RegCloseKey
0x42e004 RegGetValueA
0x42e008 RegQueryValueExA
0x42e00c GetSidSubAuthorityCount
0x42e010 GetSidSubAuthority
0x42e014 GetUserNameA
0x42e018 LookupAccountNameA
0x42e01c RegSetValueExA
0x42e020 RegOpenKeyExA
0x42e024 GetSidIdentifierAuthority
SHELL32.dll
0x42e1e8 SHGetFolderPathA
0x42e1ec ShellExecuteA
0x42e1f0 None
0x42e1f4 SHFileOperationA
WININET.dll
0x42e20c HttpOpenRequestA
0x42e210 InternetReadFile
0x42e214 InternetConnectA
0x42e218 HttpSendRequestA
0x42e21c InternetCloseHandle
0x42e220 InternetOpenA
0x42e224 HttpAddRequestHeadersA
0x42e228 HttpSendRequestExW
0x42e22c HttpEndRequestA
0x42e230 InternetOpenW
0x42e234 InternetOpenUrlA
0x42e238 InternetWriteFile
gdiplus.dll
0x42e240 GdipSaveImageToFile
0x42e244 GdipGetImageEncodersSize
0x42e248 GdipDisposeImage
0x42e24c GdipCreateBitmapFromHBITMAP
0x42e250 GdipGetImageEncoders
0x42e254 GdiplusShutdown
0x42e258 GdiplusStartup
EAT(Export Address Table) is none
KERNEL32.dll
0x42e044 CloseHandle
0x42e048 GetSystemInfo
0x42e04c CreateThread
0x42e050 GetThreadContext
0x42e054 GetProcAddress
0x42e058 VirtualAllocEx
0x42e05c RemoveDirectoryA
0x42e060 CreateFileA
0x42e064 CreateProcessA
0x42e068 CreateDirectoryA
0x42e06c SetThreadContext
0x42e070 WriteConsoleW
0x42e074 ReadConsoleW
0x42e078 SetEndOfFile
0x42e07c HeapReAlloc
0x42e080 HeapSize
0x42e084 GetFileAttributesA
0x42e088 GetLastError
0x42e08c GetTempPathA
0x42e090 Sleep
0x42e094 GetModuleHandleA
0x42e098 SetCurrentDirectoryA
0x42e09c ResumeThread
0x42e0a0 GetComputerNameExW
0x42e0a4 GetVersionExW
0x42e0a8 CreateMutexA
0x42e0ac VirtualAlloc
0x42e0b0 WriteFile
0x42e0b4 VirtualFree
0x42e0b8 WriteProcessMemory
0x42e0bc GetModuleFileNameA
0x42e0c0 ReadProcessMemory
0x42e0c4 ReadFile
0x42e0c8 SetFilePointerEx
0x42e0cc GetTimeZoneInformation
0x42e0d0 GetConsoleMode
0x42e0d4 GetConsoleCP
0x42e0d8 FlushFileBuffers
0x42e0dc GetStringTypeW
0x42e0e0 GetProcessHeap
0x42e0e4 SetEnvironmentVariableW
0x42e0e8 FreeEnvironmentStringsW
0x42e0ec GetEnvironmentStringsW
0x42e0f0 WideCharToMultiByte
0x42e0f4 GetCPInfo
0x42e0f8 GetOEMCP
0x42e0fc GetACP
0x42e100 IsValidCodePage
0x42e104 FindNextFileW
0x42e108 FindFirstFileExW
0x42e10c FindClose
0x42e110 SetStdHandle
0x42e114 GetFullPathNameW
0x42e118 GetCurrentDirectoryW
0x42e11c DeleteFileW
0x42e120 EnterCriticalSection
0x42e124 LeaveCriticalSection
0x42e128 InitializeCriticalSectionAndSpinCount
0x42e12c DeleteCriticalSection
0x42e130 SetEvent
0x42e134 ResetEvent
0x42e138 WaitForSingleObjectEx
0x42e13c CreateEventW
0x42e140 GetModuleHandleW
0x42e144 UnhandledExceptionFilter
0x42e148 SetUnhandledExceptionFilter
0x42e14c GetCurrentProcess
0x42e150 TerminateProcess
0x42e154 IsProcessorFeaturePresent
0x42e158 IsDebuggerPresent
0x42e15c GetStartupInfoW
0x42e160 QueryPerformanceCounter
0x42e164 GetCurrentProcessId
0x42e168 GetCurrentThreadId
0x42e16c GetSystemTimeAsFileTime
0x42e170 InitializeSListHead
0x42e174 RaiseException
0x42e178 SetLastError
0x42e17c RtlUnwind
0x42e180 TlsAlloc
0x42e184 TlsGetValue
0x42e188 TlsSetValue
0x42e18c TlsFree
0x42e190 FreeLibrary
0x42e194 LoadLibraryExW
0x42e198 ExitProcess
0x42e19c GetModuleHandleExW
0x42e1a0 CreateFileW
0x42e1a4 GetDriveTypeW
0x42e1a8 GetFileInformationByHandle
0x42e1ac GetFileType
0x42e1b0 PeekNamedPipe
0x42e1b4 SystemTimeToTzSpecificLocalTime
0x42e1b8 FileTimeToSystemTime
0x42e1bc GetModuleFileNameW
0x42e1c0 GetStdHandle
0x42e1c4 GetCommandLineA
0x42e1c8 GetCommandLineW
0x42e1cc HeapFree
0x42e1d0 HeapAlloc
0x42e1d4 MultiByteToWideChar
0x42e1d8 CompareStringW
0x42e1dc LCMapStringW
0x42e1e0 DecodePointer
USER32.dll
0x42e1fc GetSystemMetrics
0x42e200 ReleaseDC
0x42e204 GetDC
GDI32.dll
0x42e02c CreateCompatibleBitmap
0x42e030 SelectObject
0x42e034 CreateCompatibleDC
0x42e038 DeleteObject
0x42e03c BitBlt
ADVAPI32.dll
0x42e000 RegCloseKey
0x42e004 RegGetValueA
0x42e008 RegQueryValueExA
0x42e00c GetSidSubAuthorityCount
0x42e010 GetSidSubAuthority
0x42e014 GetUserNameA
0x42e018 LookupAccountNameA
0x42e01c RegSetValueExA
0x42e020 RegOpenKeyExA
0x42e024 GetSidIdentifierAuthority
SHELL32.dll
0x42e1e8 SHGetFolderPathA
0x42e1ec ShellExecuteA
0x42e1f0 None
0x42e1f4 SHFileOperationA
WININET.dll
0x42e20c HttpOpenRequestA
0x42e210 InternetReadFile
0x42e214 InternetConnectA
0x42e218 HttpSendRequestA
0x42e21c InternetCloseHandle
0x42e220 InternetOpenA
0x42e224 HttpAddRequestHeadersA
0x42e228 HttpSendRequestExW
0x42e22c HttpEndRequestA
0x42e230 InternetOpenW
0x42e234 InternetOpenUrlA
0x42e238 InternetWriteFile
gdiplus.dll
0x42e240 GdipSaveImageToFile
0x42e244 GdipGetImageEncodersSize
0x42e248 GdipDisposeImage
0x42e24c GdipCreateBitmapFromHBITMAP
0x42e250 GdipGetImageEncoders
0x42e254 GdiplusShutdown
0x42e258 GdiplusStartup
EAT(Export Address Table) is none