ScreenShot
| Created | 2023.08.10 13:34 | Machine | s1_win7_x6401 |
| Filename | putty.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 25 detected (AIDetectMalware, malicious, high confidence, MulDrop22, AveMaria, Vv3u, Attribute, HighConfidence, Kryptik, AGen, score, RATX, MortyStealer, bcmgr, Artemis, WarzoneRAT, Detected, Generic@AI, RDML, AafJao9rBEoWk99mCeG0IA, PossibleThreat, confidence, 100%) | ||
| md5 | 406705c7bfb385b0b4646ba2661c6532 | ||
| sha256 | 347a66264aa9b12101ca90765fee13c36974d8d329d442b1c69b1fa0cd266122 | ||
| ssdeep | 12288:KJg9S0iFcxF83b8Jyn9lKTPbrCkIqEim1C5kRQOeuLOUuqnc/7Qqt:KJg9S0iFyFyIJyMEim1lL | ||
| imphash | 77318e1c6f17adc7650304dd7820eb4f | ||
| impfuzzy | 96:H4+IXvGXffpq2Hn2pvVLbWVtwGaQh9OQ5R:a/aHWWVaQPOQ5R | ||
Network IP location
Signature (13cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 25 AntiVirus engines on VirusTotal as malicious |
| watch | Putty Files |
| watch | The process powershell.exe wrote an executable file to disk |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a shortcut to an executable file |
| notice | Creates a suspicious process |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
WINMM.dll
0x466360 mciSendCommandA
COMCTL32.dll
0x466028 None
KERNEL32.dll
0x4660a0 GetTimeZoneInformation
0x4660a4 SetFilePointerEx
0x4660a8 GetFileSizeEx
0x4660ac GetConsoleMode
0x4660b0 GetConsoleOutputCP
0x4660b4 FlushFileBuffers
0x4660b8 GetStringTypeW
0x4660bc SetConsoleCtrlHandler
0x4660c0 SetEnvironmentVariableW
0x4660c4 FreeEnvironmentStringsW
0x4660c8 GetEnvironmentStringsW
0x4660cc GetCommandLineW
0x4660d0 GetCommandLineA
0x4660d4 GetCPInfo
0x4660d8 GetOEMCP
0x4660dc GetACP
0x4660e0 IsValidCodePage
0x4660e4 TlsSetValue
0x4660e8 FindFirstFileExW
0x4660ec FindClose
0x4660f0 SetStdHandle
0x4660f4 GetFullPathNameW
0x4660f8 GetCurrentDirectoryW
0x4660fc SetCurrentDirectoryW
0x466100 EnumSystemLocalesW
0x466104 GetUserDefaultLCID
0x466108 IsValidLocale
0x46610c GetLocaleInfoW
0x466110 LCMapStringW
0x466114 CompareStringW
0x466118 GetTimeFormatW
0x46611c GetDateFormatW
0x466120 HeapReAlloc
0x466124 HeapSize
0x466128 GetCurrentThread
0x46612c WriteFile
0x466130 GetStdHandle
0x466134 GetConsoleWindow
0x466138 SetThreadLocale
0x46613c GetThreadLocale
0x466140 IsDBCSLeadByte
0x466144 WideCharToMultiByte
0x466148 MultiByteToWideChar
0x46614c FindResourceA
0x466150 lstrcmpiA
0x466154 MulDiv
0x466158 GlobalLock
0x46615c GlobalUnlock
0x466160 GlobalAlloc
0x466164 WriteConsoleW
0x466168 SizeofResource
0x46616c LoadResource
0x466170 LoadLibraryExA
0x466174 GetProcAddress
0x466178 GetModuleHandleW
0x46617c GetModuleHandleA
0x466180 GetModuleFileNameA
0x466184 FreeLibrary
0x466188 VirtualProtectEx
0x46618c VirtualAlloc
0x466190 GetCurrentThreadId
0x466194 GetCurrentProcess
0x466198 Sleep
0x46619c LeaveCriticalSection
0x4661a0 ReadFile
0x4661a4 EnterCriticalSection
0x4661a8 SetLastError
0x4661ac EncodePointer
0x4661b0 DeleteCriticalSection
0x4661b4 InitializeCriticalSectionAndSpinCount
0x4661b8 GetLastError
0x4661bc RaiseException
0x4661c0 DecodePointer
0x4661c4 ReadConsoleW
0x4661c8 FindNextFileW
0x4661cc TlsGetValue
0x4661d0 TlsAlloc
0x4661d4 GetModuleFileNameW
0x4661d8 GetModuleHandleExW
0x4661dc ExitProcess
0x4661e0 FileTimeToSystemTime
0x4661e4 SystemTimeToTzSpecificLocalTime
0x4661e8 PeekNamedPipe
0x4661ec GetFileType
0x4661f0 GetFileInformationByHandle
0x4661f4 GetDriveTypeW
0x4661f8 CreateFileW
0x4661fc VirtualQuery
0x466200 VirtualProtect
0x466204 GetSystemInfo
0x466208 LoadLibraryExW
0x46620c InterlockedFlushSList
0x466210 RtlUnwind
0x466214 GetSystemTimeAsFileTime
0x466218 GetCurrentProcessId
0x46621c QueryPerformanceCounter
0x466220 GetStartupInfoW
0x466224 CreateEventW
0x466228 WaitForSingleObjectEx
0x46622c ResetEvent
0x466230 SetEvent
0x466234 CloseHandle
0x466238 TerminateProcess
0x46623c SetUnhandledExceptionFilter
0x466240 UnhandledExceptionFilter
0x466244 VirtualFree
0x466248 IsProcessorFeaturePresent
0x46624c FlushInstructionCache
0x466250 InterlockedPushEntrySList
0x466254 IsDebuggerPresent
0x466258 OutputDebugStringW
0x46625c HeapAlloc
0x466260 HeapFree
0x466264 GetProcessHeap
0x466268 InitializeSListHead
0x46626c InterlockedPopEntrySList
0x466270 TlsFree
USER32.dll
0x4662c8 MessageBoxA
0x4662cc UnregisterClassA
0x4662d0 SendMessageA
0x4662d4 DefWindowProcA
0x4662d8 CallWindowProcA
0x4662dc RegisterClassExA
0x4662e0 GetClassInfoExA
0x4662e4 CreateWindowExA
0x4662e8 IsWindow
0x4662ec IsChild
0x4662f0 DestroyWindow
0x4662f4 ShowWindow
0x4662f8 SetWindowPos
0x4662fc CharNextA
0x466300 SetFocus
0x466304 FillRect
0x466308 WindowFromDC
0x46630c LoadCursorA
0x466310 GetParent
0x466314 SetWindowLongA
0x466318 GetWindowLongA
0x46631c PtInRect
0x466320 EqualRect
0x466324 OffsetRect
0x466328 UnionRect
0x46632c IntersectRect
0x466330 InflateRect
0x466334 GetFocus
0x466338 GetClientRect
0x46633c InvalidateRect
0x466340 SetWindowRgn
0x466344 EndPaint
0x466348 BeginPaint
0x46634c ReleaseDC
0x466350 GetDC
0x466354 GetKeyState
0x466358 CharNextW
GDI32.dll
0x466030 MoveToEx
0x466034 SelectObject
0x466038 SelectClipRgn
0x46603c Pie
0x466040 LineTo
0x466044 GetStockObject
0x466048 Ellipse
0x46604c DeleteObject
0x466050 CreateRectRgn
0x466054 CreateCompatibleDC
0x466058 CreateCompatibleBitmap
0x46605c CreateBrushIndirect
0x466060 BitBlt
0x466064 SetWindowOrgEx
0x466068 SetViewportOrgEx
0x46606c LPtoDP
0x466070 SetMapMode
0x466074 SaveDC
0x466078 RestoreDC
0x46607c GetDeviceCaps
0x466080 DeleteMetaFile
0x466084 DeleteDC
0x466088 CreateRectRgnIndirect
0x46608c CreateMetaFileA
0x466090 CreateDCA
0x466094 CloseMetaFile
0x466098 SetWindowExtEx
ADVAPI32.dll
0x466000 RegOpenKeyExA
0x466004 RegSetValueExA
0x466008 RegCreateKeyExA
0x46600c RegDeleteKeyA
0x466010 RegQueryInfoKeyW
0x466014 RegQueryInfoKeyA
0x466018 RegCloseKey
0x46601c RegEnumKeyExA
0x466020 RegDeleteValueA
SHELL32.dll
0x4662c0 SHGetFolderPathA
ole32.dll
0x466368 StringFromGUID2
0x46636c CoTaskMemAlloc
0x466370 CoTaskMemRealloc
0x466374 CoTaskMemFree
0x466378 ReadClassStm
0x46637c WriteClassStm
0x466380 CreateDataAdviseHolder
0x466384 OleSaveToStream
0x466388 CreateOleAdviseHolder
0x46638c OleRegGetUserType
0x466390 OleRegGetMiscStatus
0x466394 OleRegEnumVerbs
0x466398 CoCreateInstance
OLEAUT32.dll
0x466278 OleCreatePropertyFrame
0x46627c UnRegisterTypeLib
0x466280 RegisterTypeLib
0x466284 LoadRegTypeLib
0x466288 LoadTypeLib
0x46628c VarCmp
0x466290 VarUI4FromStr
0x466294 OleTranslateColor
0x466298 VariantCopy
0x46629c VariantClear
0x4662a0 VariantInit
0x4662a4 SysAllocStringByteLen
0x4662a8 SysStringByteLen
0x4662ac SysStringLen
0x4662b0 SysAllocString
0x4662b4 SysFreeString
0x4662b8 VariantChangeType
EAT(Export Address Table) is none
WINMM.dll
0x466360 mciSendCommandA
COMCTL32.dll
0x466028 None
KERNEL32.dll
0x4660a0 GetTimeZoneInformation
0x4660a4 SetFilePointerEx
0x4660a8 GetFileSizeEx
0x4660ac GetConsoleMode
0x4660b0 GetConsoleOutputCP
0x4660b4 FlushFileBuffers
0x4660b8 GetStringTypeW
0x4660bc SetConsoleCtrlHandler
0x4660c0 SetEnvironmentVariableW
0x4660c4 FreeEnvironmentStringsW
0x4660c8 GetEnvironmentStringsW
0x4660cc GetCommandLineW
0x4660d0 GetCommandLineA
0x4660d4 GetCPInfo
0x4660d8 GetOEMCP
0x4660dc GetACP
0x4660e0 IsValidCodePage
0x4660e4 TlsSetValue
0x4660e8 FindFirstFileExW
0x4660ec FindClose
0x4660f0 SetStdHandle
0x4660f4 GetFullPathNameW
0x4660f8 GetCurrentDirectoryW
0x4660fc SetCurrentDirectoryW
0x466100 EnumSystemLocalesW
0x466104 GetUserDefaultLCID
0x466108 IsValidLocale
0x46610c GetLocaleInfoW
0x466110 LCMapStringW
0x466114 CompareStringW
0x466118 GetTimeFormatW
0x46611c GetDateFormatW
0x466120 HeapReAlloc
0x466124 HeapSize
0x466128 GetCurrentThread
0x46612c WriteFile
0x466130 GetStdHandle
0x466134 GetConsoleWindow
0x466138 SetThreadLocale
0x46613c GetThreadLocale
0x466140 IsDBCSLeadByte
0x466144 WideCharToMultiByte
0x466148 MultiByteToWideChar
0x46614c FindResourceA
0x466150 lstrcmpiA
0x466154 MulDiv
0x466158 GlobalLock
0x46615c GlobalUnlock
0x466160 GlobalAlloc
0x466164 WriteConsoleW
0x466168 SizeofResource
0x46616c LoadResource
0x466170 LoadLibraryExA
0x466174 GetProcAddress
0x466178 GetModuleHandleW
0x46617c GetModuleHandleA
0x466180 GetModuleFileNameA
0x466184 FreeLibrary
0x466188 VirtualProtectEx
0x46618c VirtualAlloc
0x466190 GetCurrentThreadId
0x466194 GetCurrentProcess
0x466198 Sleep
0x46619c LeaveCriticalSection
0x4661a0 ReadFile
0x4661a4 EnterCriticalSection
0x4661a8 SetLastError
0x4661ac EncodePointer
0x4661b0 DeleteCriticalSection
0x4661b4 InitializeCriticalSectionAndSpinCount
0x4661b8 GetLastError
0x4661bc RaiseException
0x4661c0 DecodePointer
0x4661c4 ReadConsoleW
0x4661c8 FindNextFileW
0x4661cc TlsGetValue
0x4661d0 TlsAlloc
0x4661d4 GetModuleFileNameW
0x4661d8 GetModuleHandleExW
0x4661dc ExitProcess
0x4661e0 FileTimeToSystemTime
0x4661e4 SystemTimeToTzSpecificLocalTime
0x4661e8 PeekNamedPipe
0x4661ec GetFileType
0x4661f0 GetFileInformationByHandle
0x4661f4 GetDriveTypeW
0x4661f8 CreateFileW
0x4661fc VirtualQuery
0x466200 VirtualProtect
0x466204 GetSystemInfo
0x466208 LoadLibraryExW
0x46620c InterlockedFlushSList
0x466210 RtlUnwind
0x466214 GetSystemTimeAsFileTime
0x466218 GetCurrentProcessId
0x46621c QueryPerformanceCounter
0x466220 GetStartupInfoW
0x466224 CreateEventW
0x466228 WaitForSingleObjectEx
0x46622c ResetEvent
0x466230 SetEvent
0x466234 CloseHandle
0x466238 TerminateProcess
0x46623c SetUnhandledExceptionFilter
0x466240 UnhandledExceptionFilter
0x466244 VirtualFree
0x466248 IsProcessorFeaturePresent
0x46624c FlushInstructionCache
0x466250 InterlockedPushEntrySList
0x466254 IsDebuggerPresent
0x466258 OutputDebugStringW
0x46625c HeapAlloc
0x466260 HeapFree
0x466264 GetProcessHeap
0x466268 InitializeSListHead
0x46626c InterlockedPopEntrySList
0x466270 TlsFree
USER32.dll
0x4662c8 MessageBoxA
0x4662cc UnregisterClassA
0x4662d0 SendMessageA
0x4662d4 DefWindowProcA
0x4662d8 CallWindowProcA
0x4662dc RegisterClassExA
0x4662e0 GetClassInfoExA
0x4662e4 CreateWindowExA
0x4662e8 IsWindow
0x4662ec IsChild
0x4662f0 DestroyWindow
0x4662f4 ShowWindow
0x4662f8 SetWindowPos
0x4662fc CharNextA
0x466300 SetFocus
0x466304 FillRect
0x466308 WindowFromDC
0x46630c LoadCursorA
0x466310 GetParent
0x466314 SetWindowLongA
0x466318 GetWindowLongA
0x46631c PtInRect
0x466320 EqualRect
0x466324 OffsetRect
0x466328 UnionRect
0x46632c IntersectRect
0x466330 InflateRect
0x466334 GetFocus
0x466338 GetClientRect
0x46633c InvalidateRect
0x466340 SetWindowRgn
0x466344 EndPaint
0x466348 BeginPaint
0x46634c ReleaseDC
0x466350 GetDC
0x466354 GetKeyState
0x466358 CharNextW
GDI32.dll
0x466030 MoveToEx
0x466034 SelectObject
0x466038 SelectClipRgn
0x46603c Pie
0x466040 LineTo
0x466044 GetStockObject
0x466048 Ellipse
0x46604c DeleteObject
0x466050 CreateRectRgn
0x466054 CreateCompatibleDC
0x466058 CreateCompatibleBitmap
0x46605c CreateBrushIndirect
0x466060 BitBlt
0x466064 SetWindowOrgEx
0x466068 SetViewportOrgEx
0x46606c LPtoDP
0x466070 SetMapMode
0x466074 SaveDC
0x466078 RestoreDC
0x46607c GetDeviceCaps
0x466080 DeleteMetaFile
0x466084 DeleteDC
0x466088 CreateRectRgnIndirect
0x46608c CreateMetaFileA
0x466090 CreateDCA
0x466094 CloseMetaFile
0x466098 SetWindowExtEx
ADVAPI32.dll
0x466000 RegOpenKeyExA
0x466004 RegSetValueExA
0x466008 RegCreateKeyExA
0x46600c RegDeleteKeyA
0x466010 RegQueryInfoKeyW
0x466014 RegQueryInfoKeyA
0x466018 RegCloseKey
0x46601c RegEnumKeyExA
0x466020 RegDeleteValueA
SHELL32.dll
0x4662c0 SHGetFolderPathA
ole32.dll
0x466368 StringFromGUID2
0x46636c CoTaskMemAlloc
0x466370 CoTaskMemRealloc
0x466374 CoTaskMemFree
0x466378 ReadClassStm
0x46637c WriteClassStm
0x466380 CreateDataAdviseHolder
0x466384 OleSaveToStream
0x466388 CreateOleAdviseHolder
0x46638c OleRegGetUserType
0x466390 OleRegGetMiscStatus
0x466394 OleRegEnumVerbs
0x466398 CoCreateInstance
OLEAUT32.dll
0x466278 OleCreatePropertyFrame
0x46627c UnRegisterTypeLib
0x466280 RegisterTypeLib
0x466284 LoadRegTypeLib
0x466288 LoadTypeLib
0x46628c VarCmp
0x466290 VarUI4FromStr
0x466294 OleTranslateColor
0x466298 VariantCopy
0x46629c VariantClear
0x4662a0 VariantInit
0x4662a4 SysAllocStringByteLen
0x4662a8 SysStringByteLen
0x4662ac SysStringLen
0x4662b0 SysAllocString
0x4662b4 SysFreeString
0x4662b8 VariantChangeType
EAT(Export Address Table) is none