Report - putty.exe

Gen1 Generic Malware UPX Malicious Library Antivirus OS Processor Check PE File PE32
ScreenShot
Created 2023.08.10 13:34 Machine s1_win7_x6401
Filename putty.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
5
Behavior Score
4.8
ZERO API file : clean
VT API (file) 25 detected (AIDetectMalware, malicious, high confidence, MulDrop22, AveMaria, Vv3u, Attribute, HighConfidence, Kryptik, AGen, score, RATX, MortyStealer, bcmgr, Artemis, WarzoneRAT, Detected, Generic@AI, RDML, AafJao9rBEoWk99mCeG0IA, PossibleThreat, confidence, 100%)
md5 406705c7bfb385b0b4646ba2661c6532
sha256 347a66264aa9b12101ca90765fee13c36974d8d329d442b1c69b1fa0cd266122
ssdeep 12288:KJg9S0iFcxF83b8Jyn9lKTPbrCkIqEim1C5kRQOeuLOUuqnc/7Qqt:KJg9S0iFyFyIJyMEim1lL
imphash 77318e1c6f17adc7650304dd7820eb4f
impfuzzy 96:H4+IXvGXffpq2Hn2pvVLbWVtwGaQh9OQ5R:a/aHWWVaQPOQ5R
  Network IP location

Signature (13cnts)

Level Description
warning File has been identified by 25 AntiVirus engines on VirusTotal as malicious
watch Putty Files
watch The process powershell.exe wrote an executable file to disk
notice Allocates read-write-execute memory (usually to unpack itself)
notice Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice Creates a shortcut to an executable file
notice Creates a suspicious process
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info Queries for the computername
info The file contains an unknown PE resource name possibly indicative of a packer
info This executable has a PDB path
info Uses Windows APIs to generate a cryptographic key

Rules (8cnts)

Level Name Description Collection
danger Win32_Trojan_Gen_1_0904B0_Zero Win32 Trojan Emotet binaries (upload)
warning Generic_Malware_Zero Generic Malware binaries (download)
watch Antivirus Contains references to security software binaries (download)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

WINMM.dll
 0x466360 mciSendCommandA
COMCTL32.dll
 0x466028 None
KERNEL32.dll
 0x4660a0 GetTimeZoneInformation
 0x4660a4 SetFilePointerEx
 0x4660a8 GetFileSizeEx
 0x4660ac GetConsoleMode
 0x4660b0 GetConsoleOutputCP
 0x4660b4 FlushFileBuffers
 0x4660b8 GetStringTypeW
 0x4660bc SetConsoleCtrlHandler
 0x4660c0 SetEnvironmentVariableW
 0x4660c4 FreeEnvironmentStringsW
 0x4660c8 GetEnvironmentStringsW
 0x4660cc GetCommandLineW
 0x4660d0 GetCommandLineA
 0x4660d4 GetCPInfo
 0x4660d8 GetOEMCP
 0x4660dc GetACP
 0x4660e0 IsValidCodePage
 0x4660e4 TlsSetValue
 0x4660e8 FindFirstFileExW
 0x4660ec FindClose
 0x4660f0 SetStdHandle
 0x4660f4 GetFullPathNameW
 0x4660f8 GetCurrentDirectoryW
 0x4660fc SetCurrentDirectoryW
 0x466100 EnumSystemLocalesW
 0x466104 GetUserDefaultLCID
 0x466108 IsValidLocale
 0x46610c GetLocaleInfoW
 0x466110 LCMapStringW
 0x466114 CompareStringW
 0x466118 GetTimeFormatW
 0x46611c GetDateFormatW
 0x466120 HeapReAlloc
 0x466124 HeapSize
 0x466128 GetCurrentThread
 0x46612c WriteFile
 0x466130 GetStdHandle
 0x466134 GetConsoleWindow
 0x466138 SetThreadLocale
 0x46613c GetThreadLocale
 0x466140 IsDBCSLeadByte
 0x466144 WideCharToMultiByte
 0x466148 MultiByteToWideChar
 0x46614c FindResourceA
 0x466150 lstrcmpiA
 0x466154 MulDiv
 0x466158 GlobalLock
 0x46615c GlobalUnlock
 0x466160 GlobalAlloc
 0x466164 WriteConsoleW
 0x466168 SizeofResource
 0x46616c LoadResource
 0x466170 LoadLibraryExA
 0x466174 GetProcAddress
 0x466178 GetModuleHandleW
 0x46617c GetModuleHandleA
 0x466180 GetModuleFileNameA
 0x466184 FreeLibrary
 0x466188 VirtualProtectEx
 0x46618c VirtualAlloc
 0x466190 GetCurrentThreadId
 0x466194 GetCurrentProcess
 0x466198 Sleep
 0x46619c LeaveCriticalSection
 0x4661a0 ReadFile
 0x4661a4 EnterCriticalSection
 0x4661a8 SetLastError
 0x4661ac EncodePointer
 0x4661b0 DeleteCriticalSection
 0x4661b4 InitializeCriticalSectionAndSpinCount
 0x4661b8 GetLastError
 0x4661bc RaiseException
 0x4661c0 DecodePointer
 0x4661c4 ReadConsoleW
 0x4661c8 FindNextFileW
 0x4661cc TlsGetValue
 0x4661d0 TlsAlloc
 0x4661d4 GetModuleFileNameW
 0x4661d8 GetModuleHandleExW
 0x4661dc ExitProcess
 0x4661e0 FileTimeToSystemTime
 0x4661e4 SystemTimeToTzSpecificLocalTime
 0x4661e8 PeekNamedPipe
 0x4661ec GetFileType
 0x4661f0 GetFileInformationByHandle
 0x4661f4 GetDriveTypeW
 0x4661f8 CreateFileW
 0x4661fc VirtualQuery
 0x466200 VirtualProtect
 0x466204 GetSystemInfo
 0x466208 LoadLibraryExW
 0x46620c InterlockedFlushSList
 0x466210 RtlUnwind
 0x466214 GetSystemTimeAsFileTime
 0x466218 GetCurrentProcessId
 0x46621c QueryPerformanceCounter
 0x466220 GetStartupInfoW
 0x466224 CreateEventW
 0x466228 WaitForSingleObjectEx
 0x46622c ResetEvent
 0x466230 SetEvent
 0x466234 CloseHandle
 0x466238 TerminateProcess
 0x46623c SetUnhandledExceptionFilter
 0x466240 UnhandledExceptionFilter
 0x466244 VirtualFree
 0x466248 IsProcessorFeaturePresent
 0x46624c FlushInstructionCache
 0x466250 InterlockedPushEntrySList
 0x466254 IsDebuggerPresent
 0x466258 OutputDebugStringW
 0x46625c HeapAlloc
 0x466260 HeapFree
 0x466264 GetProcessHeap
 0x466268 InitializeSListHead
 0x46626c InterlockedPopEntrySList
 0x466270 TlsFree
USER32.dll
 0x4662c8 MessageBoxA
 0x4662cc UnregisterClassA
 0x4662d0 SendMessageA
 0x4662d4 DefWindowProcA
 0x4662d8 CallWindowProcA
 0x4662dc RegisterClassExA
 0x4662e0 GetClassInfoExA
 0x4662e4 CreateWindowExA
 0x4662e8 IsWindow
 0x4662ec IsChild
 0x4662f0 DestroyWindow
 0x4662f4 ShowWindow
 0x4662f8 SetWindowPos
 0x4662fc CharNextA
 0x466300 SetFocus
 0x466304 FillRect
 0x466308 WindowFromDC
 0x46630c LoadCursorA
 0x466310 GetParent
 0x466314 SetWindowLongA
 0x466318 GetWindowLongA
 0x46631c PtInRect
 0x466320 EqualRect
 0x466324 OffsetRect
 0x466328 UnionRect
 0x46632c IntersectRect
 0x466330 InflateRect
 0x466334 GetFocus
 0x466338 GetClientRect
 0x46633c InvalidateRect
 0x466340 SetWindowRgn
 0x466344 EndPaint
 0x466348 BeginPaint
 0x46634c ReleaseDC
 0x466350 GetDC
 0x466354 GetKeyState
 0x466358 CharNextW
GDI32.dll
 0x466030 MoveToEx
 0x466034 SelectObject
 0x466038 SelectClipRgn
 0x46603c Pie
 0x466040 LineTo
 0x466044 GetStockObject
 0x466048 Ellipse
 0x46604c DeleteObject
 0x466050 CreateRectRgn
 0x466054 CreateCompatibleDC
 0x466058 CreateCompatibleBitmap
 0x46605c CreateBrushIndirect
 0x466060 BitBlt
 0x466064 SetWindowOrgEx
 0x466068 SetViewportOrgEx
 0x46606c LPtoDP
 0x466070 SetMapMode
 0x466074 SaveDC
 0x466078 RestoreDC
 0x46607c GetDeviceCaps
 0x466080 DeleteMetaFile
 0x466084 DeleteDC
 0x466088 CreateRectRgnIndirect
 0x46608c CreateMetaFileA
 0x466090 CreateDCA
 0x466094 CloseMetaFile
 0x466098 SetWindowExtEx
ADVAPI32.dll
 0x466000 RegOpenKeyExA
 0x466004 RegSetValueExA
 0x466008 RegCreateKeyExA
 0x46600c RegDeleteKeyA
 0x466010 RegQueryInfoKeyW
 0x466014 RegQueryInfoKeyA
 0x466018 RegCloseKey
 0x46601c RegEnumKeyExA
 0x466020 RegDeleteValueA
SHELL32.dll
 0x4662c0 SHGetFolderPathA
ole32.dll
 0x466368 StringFromGUID2
 0x46636c CoTaskMemAlloc
 0x466370 CoTaskMemRealloc
 0x466374 CoTaskMemFree
 0x466378 ReadClassStm
 0x46637c WriteClassStm
 0x466380 CreateDataAdviseHolder
 0x466384 OleSaveToStream
 0x466388 CreateOleAdviseHolder
 0x46638c OleRegGetUserType
 0x466390 OleRegGetMiscStatus
 0x466394 OleRegEnumVerbs
 0x466398 CoCreateInstance
OLEAUT32.dll
 0x466278 OleCreatePropertyFrame
 0x46627c UnRegisterTypeLib
 0x466280 RegisterTypeLib
 0x466284 LoadRegTypeLib
 0x466288 LoadTypeLib
 0x46628c VarCmp
 0x466290 VarUI4FromStr
 0x466294 OleTranslateColor
 0x466298 VariantCopy
 0x46629c VariantClear
 0x4662a0 VariantInit
 0x4662a4 SysAllocStringByteLen
 0x4662a8 SysStringByteLen
 0x4662ac SysStringLen
 0x4662b0 SysAllocString
 0x4662b4 SysFreeString
 0x4662b8 VariantChangeType

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure