ScreenShot
| Created | 2023.08.14 07:41 | Machine | s1_win7_x6401 |
| Filename | build666.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 328064b232879fe34864e9c6d88608ed | ||
| sha256 | ada3f1fca37b6aa5a1b851c10e9d35fb9fd7d757c6e6bcccba173e933ef30837 | ||
| ssdeep | 12288:sl2/13vxcqRQG6KPwy44mYQ6/0hYYVKOOu:DxcqRQGvPD4jYQbYYMOO | ||
| imphash | 2851f76e885446c55a9b6a41d8745a10 | ||
| impfuzzy | 24:2XDoN4DW1//UHTP+ZFkNdZ+fcW0LluGIOovIt/J3OnlyvCOcjMZboHOT4MultwAR:J1/M6Z0dZ+fcqGHnthKK3NcFNyQJ | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | Network activity contains more than one unique useragent |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| info | Collects information to fingerprint the system (MachineGuid |
| info | One or more processes crashed |
| info | Queries for the computername |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (8cnts) ?
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x45c00c VirtualFree
0x45c010 VirtualAlloc
0x45c014 Sleep
0x45c018 GlobalMemoryStatusEx
0x45c01c GetSystemInfo
0x45c020 LocalAlloc
0x45c024 lstrcatA
0x45c028 GetProcAddress
0x45c02c LoadLibraryA
0x45c030 VirtualProtect
0x45c034 lstrlenW
0x45c038 GetCurrentProcess
0x45c03c TerminateProcess
0x45c040 GetLogicalProcessorInformationEx
0x45c044 CloseHandle
0x45c048 Process32Next
0x45c04c Process32First
0x45c050 CreateToolhelp32Snapshot
0x45c054 FindNextFileW
0x45c058 FindFirstFileW
0x45c05c lstrcpynA
0x45c060 CompareStringW
0x45c064 GetProcessHeap
0x45c068 VirtualAllocExNuma
0x45c06c lstrcatW
0x45c070 ExitProcess
0x45c074 SetEndOfFile
0x45c078 CreateFileW
0x45c07c CreateFileA
0x45c080 SetStdHandle
0x45c084 WriteConsoleW
0x45c088 LoadLibraryW
0x45c08c FreeLibrary
0x45c090 SetConsoleCtrlHandler
0x45c094 IsValidLocale
0x45c098 EnumSystemLocalesA
0x45c09c GetLocaleInfoA
0x45c0a0 GetUserDefaultLCID
0x45c0a4 GetLocaleInfoW
0x45c0a8 InterlockedIncrement
0x45c0ac InterlockedDecrement
0x45c0b0 WideCharToMultiByte
0x45c0b4 InterlockedExchange
0x45c0b8 InitializeCriticalSection
0x45c0bc DeleteCriticalSection
0x45c0c0 EnterCriticalSection
0x45c0c4 LeaveCriticalSection
0x45c0c8 EncodePointer
0x45c0cc DecodePointer
0x45c0d0 InterlockedCompareExchange
0x45c0d4 MultiByteToWideChar
0x45c0d8 HeapAlloc
0x45c0dc GetLastError
0x45c0e0 HeapFree
0x45c0e4 RaiseException
0x45c0e8 RtlUnwind
0x45c0ec HeapReAlloc
0x45c0f0 GetSystemTimeAsFileTime
0x45c0f4 GetCommandLineA
0x45c0f8 HeapSetInformation
0x45c0fc GetStartupInfoW
0x45c100 LCMapStringW
0x45c104 GetCPInfo
0x45c108 IsProcessorFeaturePresent
0x45c10c UnhandledExceptionFilter
0x45c110 SetUnhandledExceptionFilter
0x45c114 IsDebuggerPresent
0x45c118 GetModuleHandleW
0x45c11c WriteFile
0x45c120 GetStdHandle
0x45c124 GetModuleFileNameW
0x45c128 HeapCreate
0x45c12c HeapDestroy
0x45c130 TlsAlloc
0x45c134 TlsGetValue
0x45c138 TlsSetValue
0x45c13c TlsFree
0x45c140 SetLastError
0x45c144 GetCurrentThreadId
0x45c148 GetCurrentThread
0x45c14c GetACP
0x45c150 GetOEMCP
0x45c154 IsValidCodePage
0x45c158 HeapSize
0x45c15c SetHandleCount
0x45c160 InitializeCriticalSectionAndSpinCount
0x45c164 GetFileType
0x45c168 FatalAppExitA
0x45c16c GetConsoleCP
0x45c170 GetConsoleMode
0x45c174 FlushFileBuffers
0x45c178 ReadFile
0x45c17c SetFilePointer
0x45c180 GetTimeZoneInformation
0x45c184 GetModuleFileNameA
0x45c188 FreeEnvironmentStringsW
0x45c18c GetEnvironmentStringsW
0x45c190 QueryPerformanceCounter
0x45c194 GetTickCount
0x45c198 GetCurrentProcessId
0x45c19c GetStringTypeW
0x45c1a0 SetEnvironmentVariableA
USER32.dll
0x45c1c8 ReleaseDC
GDI32.dll
0x45c000 GetDeviceCaps
0x45c004 CreateDCA
ole32.dll
0x45c1d0 CoCreateInstance
0x45c1d4 CoInitializeSecurity
0x45c1d8 CoInitializeEx
0x45c1dc CoSetProxyBlanket
OLEAUT32.dll
0x45c1b4 SysFreeString
0x45c1b8 VariantClear
0x45c1bc VariantInit
0x45c1c0 SysAllocString
NETAPI32.dll
0x45c1a8 NetWkstaGetInfo
0x45c1ac NetApiBufferFree
EAT(Export Address Table) is none
KERNEL32.dll
0x45c00c VirtualFree
0x45c010 VirtualAlloc
0x45c014 Sleep
0x45c018 GlobalMemoryStatusEx
0x45c01c GetSystemInfo
0x45c020 LocalAlloc
0x45c024 lstrcatA
0x45c028 GetProcAddress
0x45c02c LoadLibraryA
0x45c030 VirtualProtect
0x45c034 lstrlenW
0x45c038 GetCurrentProcess
0x45c03c TerminateProcess
0x45c040 GetLogicalProcessorInformationEx
0x45c044 CloseHandle
0x45c048 Process32Next
0x45c04c Process32First
0x45c050 CreateToolhelp32Snapshot
0x45c054 FindNextFileW
0x45c058 FindFirstFileW
0x45c05c lstrcpynA
0x45c060 CompareStringW
0x45c064 GetProcessHeap
0x45c068 VirtualAllocExNuma
0x45c06c lstrcatW
0x45c070 ExitProcess
0x45c074 SetEndOfFile
0x45c078 CreateFileW
0x45c07c CreateFileA
0x45c080 SetStdHandle
0x45c084 WriteConsoleW
0x45c088 LoadLibraryW
0x45c08c FreeLibrary
0x45c090 SetConsoleCtrlHandler
0x45c094 IsValidLocale
0x45c098 EnumSystemLocalesA
0x45c09c GetLocaleInfoA
0x45c0a0 GetUserDefaultLCID
0x45c0a4 GetLocaleInfoW
0x45c0a8 InterlockedIncrement
0x45c0ac InterlockedDecrement
0x45c0b0 WideCharToMultiByte
0x45c0b4 InterlockedExchange
0x45c0b8 InitializeCriticalSection
0x45c0bc DeleteCriticalSection
0x45c0c0 EnterCriticalSection
0x45c0c4 LeaveCriticalSection
0x45c0c8 EncodePointer
0x45c0cc DecodePointer
0x45c0d0 InterlockedCompareExchange
0x45c0d4 MultiByteToWideChar
0x45c0d8 HeapAlloc
0x45c0dc GetLastError
0x45c0e0 HeapFree
0x45c0e4 RaiseException
0x45c0e8 RtlUnwind
0x45c0ec HeapReAlloc
0x45c0f0 GetSystemTimeAsFileTime
0x45c0f4 GetCommandLineA
0x45c0f8 HeapSetInformation
0x45c0fc GetStartupInfoW
0x45c100 LCMapStringW
0x45c104 GetCPInfo
0x45c108 IsProcessorFeaturePresent
0x45c10c UnhandledExceptionFilter
0x45c110 SetUnhandledExceptionFilter
0x45c114 IsDebuggerPresent
0x45c118 GetModuleHandleW
0x45c11c WriteFile
0x45c120 GetStdHandle
0x45c124 GetModuleFileNameW
0x45c128 HeapCreate
0x45c12c HeapDestroy
0x45c130 TlsAlloc
0x45c134 TlsGetValue
0x45c138 TlsSetValue
0x45c13c TlsFree
0x45c140 SetLastError
0x45c144 GetCurrentThreadId
0x45c148 GetCurrentThread
0x45c14c GetACP
0x45c150 GetOEMCP
0x45c154 IsValidCodePage
0x45c158 HeapSize
0x45c15c SetHandleCount
0x45c160 InitializeCriticalSectionAndSpinCount
0x45c164 GetFileType
0x45c168 FatalAppExitA
0x45c16c GetConsoleCP
0x45c170 GetConsoleMode
0x45c174 FlushFileBuffers
0x45c178 ReadFile
0x45c17c SetFilePointer
0x45c180 GetTimeZoneInformation
0x45c184 GetModuleFileNameA
0x45c188 FreeEnvironmentStringsW
0x45c18c GetEnvironmentStringsW
0x45c190 QueryPerformanceCounter
0x45c194 GetTickCount
0x45c198 GetCurrentProcessId
0x45c19c GetStringTypeW
0x45c1a0 SetEnvironmentVariableA
USER32.dll
0x45c1c8 ReleaseDC
GDI32.dll
0x45c000 GetDeviceCaps
0x45c004 CreateDCA
ole32.dll
0x45c1d0 CoCreateInstance
0x45c1d4 CoInitializeSecurity
0x45c1d8 CoInitializeEx
0x45c1dc CoSetProxyBlanket
OLEAUT32.dll
0x45c1b4 SysFreeString
0x45c1b8 VariantClear
0x45c1bc VariantInit
0x45c1c0 SysAllocString
NETAPI32.dll
0x45c1a8 NetWkstaGetInfo
0x45c1ac NetApiBufferFree
EAT(Export Address Table) is none