ScreenShot
| Created | 2023.08.21 09:56 | Machine | s1_win7_x6401 |
| Filename | okka25.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 7 detected (malicious, high confidence, Neshta, FileInfector, GenKryptik, GMHM) | ||
| md5 | 9a3d39a36e8da1542ed79190e778b587 | ||
| sha256 | 81b5941968b524ce0c043f6a431d362ae347d9c25e7b1b1fde151241abd68056 | ||
| ssdeep | 12288:uqGetS/ITJqrraq/t2qny6xdRhMAK4vcmPEl0Io:auS/UEn/tUIMGPEl0I | ||
| imphash | 02bc376d1ae63a2fef892492d891a666 | ||
| impfuzzy | 96:oKDTNqb1Ol90nCm8P87DG9zF6/HUp/B3EGbZpq9iDuDrvtKuXsE9:DDTm1XFDozF6/HUp/7lU9iDSKu8E9 | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 7 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x100001000 RegCloseKey
0x100001008 RegQueryInfoKeyW
0x100001010 RegEnumKeyExW
0x100001018 RegOpenKeyExW
0x100001020 RegSetValueExW
0x100001028 RegCreateKeyExW
0x100001030 RegDeleteValueW
0x100001038 EventRegister
0x100001040 EventUnregister
0x100001048 EventWrite
0x100001050 RegQueryValueExW
KERNEL32.dll
0x100001120 FlushInstructionCache
0x100001128 CreateFileW
0x100001130 WriteFile
0x100001138 CopyFileW
0x100001140 GetSystemTime
0x100001148 WideCharToMultiByte
0x100001150 GetSystemDirectoryW
0x100001158 GetCurrentProcess
0x100001160 LocalFree
0x100001168 GlobalAlloc
0x100001170 GlobalLock
0x100001178 GlobalUnlock
0x100001180 GlobalFree
0x100001188 LockResource
0x100001190 EnterCriticalSection
0x100001198 CloseHandle
0x1000011a0 ReleaseMutex
0x1000011a8 WaitForSingleObject
0x1000011b0 CreateMutexW
0x1000011b8 InitializeCriticalSection
0x1000011c0 GetModuleFileNameW
0x1000011c8 LoadLibraryExW
0x1000011d0 FindResourceW
0x1000011d8 GetLastError
0x1000011e0 LoadResource
0x1000011e8 SizeofResource
0x1000011f0 MultiByteToWideChar
0x1000011f8 lstrcmpiW
0x100001200 GetModuleHandleW
0x100001208 LoadLibraryW
0x100001210 GetProcAddress
0x100001218 lstrlenW
0x100001220 FreeLibrary
0x100001228 FormatMessageW
0x100001230 GetSystemTimeAsFileTime
0x100001238 GetCurrentProcessId
0x100001240 GetTickCount
0x100001248 QueryPerformanceCounter
0x100001250 SetUnhandledExceptionFilter
0x100001258 GetStartupInfoW
0x100001260 Sleep
0x100001268 InterlockedPushEntrySList
0x100001270 VirtualAlloc
0x100001278 InterlockedPopEntrySList
0x100001280 GetProcessHeap
0x100001288 VirtualFree
0x100001290 HeapFree
0x100001298 HeapAlloc
0x1000012a0 GetVersionExA
0x1000012a8 UnhandledExceptionFilter
0x1000012b0 OutputDebugStringA
0x1000012b8 LeaveCriticalSection
0x1000012c0 RaiseException
0x1000012c8 DeleteCriticalSection
0x1000012d0 GetCurrentThreadId
0x1000012d8 TerminateProcess
GDI32.dll
0x100001088 GetStockObject
0x100001090 StretchBlt
0x100001098 CreateCompatibleBitmap
0x1000010a0 SetStretchBltMode
0x1000010a8 SelectObject
0x1000010b0 CreateCompatibleDC
0x1000010b8 GetObjectW
0x1000010c0 GetTextExtentPoint32W
0x1000010c8 SetDeviceGammaRamp
0x1000010d0 GetDeviceGammaRamp
0x1000010d8 SetBkMode
0x1000010e0 SetBkColor
0x1000010e8 SetTextColor
0x1000010f0 CreateSolidBrush
0x1000010f8 GetDeviceCaps
0x100001100 CreateDCW
0x100001108 DeleteDC
0x100001110 DeleteObject
USER32.dll
0x100001318 GetWindowTextLengthW
0x100001320 GetWindowTextW
0x100001328 ReleaseDC
0x100001330 MessageBoxW
0x100001338 ShowWindow
0x100001340 GetWindow
0x100001348 GetWindowLongW
0x100001350 DestroyWindow
0x100001358 CharNextW
0x100001360 GetSystemMetrics
0x100001368 GetActiveWindow
0x100001370 RegisterWindowMessageW
0x100001378 FindWindowW
0x100001380 GetWindowThreadProcessId
0x100001388 AllowSetForegroundWindow
0x100001390 SendMessageTimeoutW
0x100001398 MonitorFromRect
0x1000013a0 EnumChildWindows
0x1000013a8 GetWindowLongPtrW
0x1000013b0 SetWindowLongPtrW
0x1000013b8 OpenIcon
0x1000013c0 GetDC
0x1000013c8 SetWindowPos
0x1000013d0 CallWindowProcW
0x1000013d8 SendMessageW
0x1000013e0 DefWindowProcW
0x1000013e8 GetDlgItem
0x1000013f0 GetWindowRect
0x1000013f8 MapWindowPoints
0x100001400 MoveWindow
0x100001408 InvalidateRect
0x100001410 GetParent
0x100001418 KillTimer
0x100001420 SetTimer
0x100001428 SetWindowTextW
0x100001430 PostMessageW
0x100001438 MonitorFromWindow
0x100001440 EnumDisplayMonitors
0x100001448 UnregisterClassA
0x100001450 GetMonitorInfoW
0x100001458 SetCursor
0x100001460 LoadCursorW
0x100001468 ShowCursor
0x100001470 EnumDisplayDevicesW
0x100001478 SetForegroundWindow
0x100001480 MapDialogRect
0x100001488 LoadStringW
msvcrt.dll
0x100001608 _vsnwprintf
0x100001610 powf
0x100001618 ?terminate@@YAXXZ
0x100001620 _errno
0x100001628 realloc
0x100001630 _onexit
0x100001638 _lock
0x100001640 __dllonexit
0x100001648 _unlock
0x100001650 __set_app_type
0x100001658 _fmode
0x100001660 _commode
0x100001668 __setusermatherr
0x100001670 _amsg_exit
0x100001678 _initterm
0x100001680 _wcmdln
0x100001688 exit
0x100001690 _cexit
0x100001698 _exit
0x1000016a0 _XcptFilter
0x1000016a8 __wgetmainargs
0x1000016b0 __C_specific_handler
0x1000016b8 memset
0x1000016c0 swscanf_s
0x1000016c8 _wcsupr
0x1000016d0 _purecall
0x1000016d8 ??_U@YAPEAX_K@Z
0x1000016e0 memcpy_s
0x1000016e8 malloc
0x1000016f0 wcsncpy_s
0x1000016f8 free
0x100001700 ??2@YAPEAX_K@Z
0x100001708 ??_V@YAXPEAX@Z
0x100001710 ??3@YAXPEAX@Z
0x100001718 wcsstr
0x100001720 memcpy
ntdll.dll
0x100001730 RtlLookupFunctionEntry
0x100001738 RtlCaptureContext
0x100001740 WinSqmAddToStream
0x100001748 RtlVirtualUnwind
dxva2.dll
0x100001498 GetNumberOfPhysicalMonitorsFromHMONITOR
0x1000014a0 GetPhysicalMonitorsFromHMONITOR
0x1000014a8 DestroyPhysicalMonitors
0x1000014b0 GetMonitorBrightness
0x1000014b8 SetMonitorBrightness
0x1000014c0 GetMonitorContrast
0x1000014c8 SetMonitorContrast
0x1000014d0 GetVCPFeatureAndVCPFeatureReply
0x1000014d8 SetVCPFeature
mscms.dll
0x100001560 DccwReleaseDisplayProfileAssociationList
0x100001568 SetColorProfileElementSize
0x100001570 SetColorProfileElement
0x100001578 WcsDisassociateColorProfileFromDevice
0x100001580 WcsSetDefaultColorProfile
0x100001588 UninstallColorProfileW
0x100001590 DccwGetDisplayProfileAssociationList
0x100001598 DccwCreateDisplayProfileAssociationList
0x1000015a0 DccwGetGamutSize
0x1000015a8 WcsOpenColorProfileW
0x1000015b0 WcsGetDefaultColorProfile
0x1000015b8 WcsGetUsePerUserProfiles
0x1000015c0 DccwSetDisplayProfileAssociationList
0x1000015c8 CloseColorProfile
0x1000015d0 InstallColorProfileW
0x1000015d8 GetColorProfileFromHandle
0x1000015e0 WcsCreateIccProfile
0x1000015e8 WcsSetCalibrationManagementState
0x1000015f0 WcsGetCalibrationManagementState
0x1000015f8 GetColorDirectoryW
SHELL32.dll
0x100001308 ShellExecuteW
gdiplus.dll
0x1000014e8 GdipCloneImage
0x1000014f0 GdipCreateBitmapFromStream
0x1000014f8 GdipFree
0x100001500 GdipCreateLineBrushI
0x100001508 GdipFillRectangleI
0x100001510 GdipAlloc
0x100001518 GdipDeleteBrush
0x100001520 GdipCreateSolidFill
0x100001528 GdipDeleteGraphics
0x100001530 GdipCreateFromHDC
0x100001538 GdiplusShutdown
0x100001540 GdipDisposeImage
0x100001548 GdiplusStartup
0x100001550 GdipCreateHBITMAPFromBitmap
COMCTL32.dll
0x100001060 DestroyPropertySheetPage
0x100001068 CreatePropertySheetPageW
0x100001070 None
0x100001078 PropertySheetW
ole32.dll
0x100001758 CoTaskMemAlloc
0x100001760 CoCreateInstance
0x100001768 StringFromCLSID
0x100001770 CreateStreamOnHGlobal
0x100001778 CoTaskMemFree
0x100001780 CoTaskMemRealloc
OLEAUT32.dll
0x1000012e8 SysFreeString
0x1000012f0 VarUI4FromStr
0x1000012f8 SysAllocString
EAT(Export Address Table) is none
ADVAPI32.dll
0x100001000 RegCloseKey
0x100001008 RegQueryInfoKeyW
0x100001010 RegEnumKeyExW
0x100001018 RegOpenKeyExW
0x100001020 RegSetValueExW
0x100001028 RegCreateKeyExW
0x100001030 RegDeleteValueW
0x100001038 EventRegister
0x100001040 EventUnregister
0x100001048 EventWrite
0x100001050 RegQueryValueExW
KERNEL32.dll
0x100001120 FlushInstructionCache
0x100001128 CreateFileW
0x100001130 WriteFile
0x100001138 CopyFileW
0x100001140 GetSystemTime
0x100001148 WideCharToMultiByte
0x100001150 GetSystemDirectoryW
0x100001158 GetCurrentProcess
0x100001160 LocalFree
0x100001168 GlobalAlloc
0x100001170 GlobalLock
0x100001178 GlobalUnlock
0x100001180 GlobalFree
0x100001188 LockResource
0x100001190 EnterCriticalSection
0x100001198 CloseHandle
0x1000011a0 ReleaseMutex
0x1000011a8 WaitForSingleObject
0x1000011b0 CreateMutexW
0x1000011b8 InitializeCriticalSection
0x1000011c0 GetModuleFileNameW
0x1000011c8 LoadLibraryExW
0x1000011d0 FindResourceW
0x1000011d8 GetLastError
0x1000011e0 LoadResource
0x1000011e8 SizeofResource
0x1000011f0 MultiByteToWideChar
0x1000011f8 lstrcmpiW
0x100001200 GetModuleHandleW
0x100001208 LoadLibraryW
0x100001210 GetProcAddress
0x100001218 lstrlenW
0x100001220 FreeLibrary
0x100001228 FormatMessageW
0x100001230 GetSystemTimeAsFileTime
0x100001238 GetCurrentProcessId
0x100001240 GetTickCount
0x100001248 QueryPerformanceCounter
0x100001250 SetUnhandledExceptionFilter
0x100001258 GetStartupInfoW
0x100001260 Sleep
0x100001268 InterlockedPushEntrySList
0x100001270 VirtualAlloc
0x100001278 InterlockedPopEntrySList
0x100001280 GetProcessHeap
0x100001288 VirtualFree
0x100001290 HeapFree
0x100001298 HeapAlloc
0x1000012a0 GetVersionExA
0x1000012a8 UnhandledExceptionFilter
0x1000012b0 OutputDebugStringA
0x1000012b8 LeaveCriticalSection
0x1000012c0 RaiseException
0x1000012c8 DeleteCriticalSection
0x1000012d0 GetCurrentThreadId
0x1000012d8 TerminateProcess
GDI32.dll
0x100001088 GetStockObject
0x100001090 StretchBlt
0x100001098 CreateCompatibleBitmap
0x1000010a0 SetStretchBltMode
0x1000010a8 SelectObject
0x1000010b0 CreateCompatibleDC
0x1000010b8 GetObjectW
0x1000010c0 GetTextExtentPoint32W
0x1000010c8 SetDeviceGammaRamp
0x1000010d0 GetDeviceGammaRamp
0x1000010d8 SetBkMode
0x1000010e0 SetBkColor
0x1000010e8 SetTextColor
0x1000010f0 CreateSolidBrush
0x1000010f8 GetDeviceCaps
0x100001100 CreateDCW
0x100001108 DeleteDC
0x100001110 DeleteObject
USER32.dll
0x100001318 GetWindowTextLengthW
0x100001320 GetWindowTextW
0x100001328 ReleaseDC
0x100001330 MessageBoxW
0x100001338 ShowWindow
0x100001340 GetWindow
0x100001348 GetWindowLongW
0x100001350 DestroyWindow
0x100001358 CharNextW
0x100001360 GetSystemMetrics
0x100001368 GetActiveWindow
0x100001370 RegisterWindowMessageW
0x100001378 FindWindowW
0x100001380 GetWindowThreadProcessId
0x100001388 AllowSetForegroundWindow
0x100001390 SendMessageTimeoutW
0x100001398 MonitorFromRect
0x1000013a0 EnumChildWindows
0x1000013a8 GetWindowLongPtrW
0x1000013b0 SetWindowLongPtrW
0x1000013b8 OpenIcon
0x1000013c0 GetDC
0x1000013c8 SetWindowPos
0x1000013d0 CallWindowProcW
0x1000013d8 SendMessageW
0x1000013e0 DefWindowProcW
0x1000013e8 GetDlgItem
0x1000013f0 GetWindowRect
0x1000013f8 MapWindowPoints
0x100001400 MoveWindow
0x100001408 InvalidateRect
0x100001410 GetParent
0x100001418 KillTimer
0x100001420 SetTimer
0x100001428 SetWindowTextW
0x100001430 PostMessageW
0x100001438 MonitorFromWindow
0x100001440 EnumDisplayMonitors
0x100001448 UnregisterClassA
0x100001450 GetMonitorInfoW
0x100001458 SetCursor
0x100001460 LoadCursorW
0x100001468 ShowCursor
0x100001470 EnumDisplayDevicesW
0x100001478 SetForegroundWindow
0x100001480 MapDialogRect
0x100001488 LoadStringW
msvcrt.dll
0x100001608 _vsnwprintf
0x100001610 powf
0x100001618 ?terminate@@YAXXZ
0x100001620 _errno
0x100001628 realloc
0x100001630 _onexit
0x100001638 _lock
0x100001640 __dllonexit
0x100001648 _unlock
0x100001650 __set_app_type
0x100001658 _fmode
0x100001660 _commode
0x100001668 __setusermatherr
0x100001670 _amsg_exit
0x100001678 _initterm
0x100001680 _wcmdln
0x100001688 exit
0x100001690 _cexit
0x100001698 _exit
0x1000016a0 _XcptFilter
0x1000016a8 __wgetmainargs
0x1000016b0 __C_specific_handler
0x1000016b8 memset
0x1000016c0 swscanf_s
0x1000016c8 _wcsupr
0x1000016d0 _purecall
0x1000016d8 ??_U@YAPEAX_K@Z
0x1000016e0 memcpy_s
0x1000016e8 malloc
0x1000016f0 wcsncpy_s
0x1000016f8 free
0x100001700 ??2@YAPEAX_K@Z
0x100001708 ??_V@YAXPEAX@Z
0x100001710 ??3@YAXPEAX@Z
0x100001718 wcsstr
0x100001720 memcpy
ntdll.dll
0x100001730 RtlLookupFunctionEntry
0x100001738 RtlCaptureContext
0x100001740 WinSqmAddToStream
0x100001748 RtlVirtualUnwind
dxva2.dll
0x100001498 GetNumberOfPhysicalMonitorsFromHMONITOR
0x1000014a0 GetPhysicalMonitorsFromHMONITOR
0x1000014a8 DestroyPhysicalMonitors
0x1000014b0 GetMonitorBrightness
0x1000014b8 SetMonitorBrightness
0x1000014c0 GetMonitorContrast
0x1000014c8 SetMonitorContrast
0x1000014d0 GetVCPFeatureAndVCPFeatureReply
0x1000014d8 SetVCPFeature
mscms.dll
0x100001560 DccwReleaseDisplayProfileAssociationList
0x100001568 SetColorProfileElementSize
0x100001570 SetColorProfileElement
0x100001578 WcsDisassociateColorProfileFromDevice
0x100001580 WcsSetDefaultColorProfile
0x100001588 UninstallColorProfileW
0x100001590 DccwGetDisplayProfileAssociationList
0x100001598 DccwCreateDisplayProfileAssociationList
0x1000015a0 DccwGetGamutSize
0x1000015a8 WcsOpenColorProfileW
0x1000015b0 WcsGetDefaultColorProfile
0x1000015b8 WcsGetUsePerUserProfiles
0x1000015c0 DccwSetDisplayProfileAssociationList
0x1000015c8 CloseColorProfile
0x1000015d0 InstallColorProfileW
0x1000015d8 GetColorProfileFromHandle
0x1000015e0 WcsCreateIccProfile
0x1000015e8 WcsSetCalibrationManagementState
0x1000015f0 WcsGetCalibrationManagementState
0x1000015f8 GetColorDirectoryW
SHELL32.dll
0x100001308 ShellExecuteW
gdiplus.dll
0x1000014e8 GdipCloneImage
0x1000014f0 GdipCreateBitmapFromStream
0x1000014f8 GdipFree
0x100001500 GdipCreateLineBrushI
0x100001508 GdipFillRectangleI
0x100001510 GdipAlloc
0x100001518 GdipDeleteBrush
0x100001520 GdipCreateSolidFill
0x100001528 GdipDeleteGraphics
0x100001530 GdipCreateFromHDC
0x100001538 GdiplusShutdown
0x100001540 GdipDisposeImage
0x100001548 GdiplusStartup
0x100001550 GdipCreateHBITMAPFromBitmap
COMCTL32.dll
0x100001060 DestroyPropertySheetPage
0x100001068 CreatePropertySheetPageW
0x100001070 None
0x100001078 PropertySheetW
ole32.dll
0x100001758 CoTaskMemAlloc
0x100001760 CoCreateInstance
0x100001768 StringFromCLSID
0x100001770 CreateStreamOnHGlobal
0x100001778 CoTaskMemFree
0x100001780 CoTaskMemRealloc
OLEAUT32.dll
0x1000012e8 SysFreeString
0x1000012f0 VarUI4FromStr
0x1000012f8 SysAllocString
EAT(Export Address Table) is none