ScreenShot
| Created | 2023.09.04 09:37 | Machine | s1_win7_x6403 |
| Filename | Amadey.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 55 detected (AIDetectMalware, Malicious, score, Zusy, unsafe, Save, ZexaF, tuW@aCnjzBai, Genus, Amadey, Eldorado, Windows, BotX, Bdhl, AGEN, YXDICZ, Static AI, Malicious PE, aiip, Detected, FCND, ai score=89, Chgt, vioPZYstJuD, susgen, confidence) | ||
| md5 | 5f7b99739158d0b321c6c1e673365956 | ||
| sha256 | 33cbdeba761fab35dfa4e60a03d0625ec53f77b17148385548a763b888c9b221 | ||
| ssdeep | 6144:bkj0Jco5KtqvwxpMlMiXXwlnnN1Rm/HoVwu00SATNVuubFD2NfJLAOMJK7Xc:oj0+oo1KlXwlnN1R2oNVuubFqNfJLKys | ||
| imphash | b5701a03716cd526591d6ce95c5326c3 | ||
| impfuzzy | 48:ggXSEHhwGOKZEc+JyNtSS1jGoZccgTg3yAF57fwwRLPwNWOmg:pXS5GjEc+JEtSS1jGoZctG7RLodmg | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 55 AntiVirus engines on VirusTotal as malicious |
| notice | A process created a hidden window |
| notice | Creates a suspicious process |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Checks amount of memory in system |
| info | Command line console output was observed |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x43b044 CloseHandle
0x43b048 GetSystemInfo
0x43b04c CreateThread
0x43b050 GetThreadContext
0x43b054 GetProcAddress
0x43b058 VirtualAllocEx
0x43b05c RemoveDirectoryA
0x43b060 CreateFileA
0x43b064 CreateProcessA
0x43b068 CreateDirectoryA
0x43b06c SetThreadContext
0x43b070 SetEndOfFile
0x43b074 HeapSize
0x43b078 GetProcessHeap
0x43b07c SetEnvironmentVariableW
0x43b080 GetFileAttributesA
0x43b084 GetLastError
0x43b088 GetTempPathA
0x43b08c Sleep
0x43b090 GetModuleHandleA
0x43b094 SetCurrentDirectoryA
0x43b098 ResumeThread
0x43b09c GetComputerNameExW
0x43b0a0 GetVersionExW
0x43b0a4 CreateMutexA
0x43b0a8 VirtualAlloc
0x43b0ac WriteFile
0x43b0b0 VirtualFree
0x43b0b4 WriteProcessMemory
0x43b0b8 GetModuleFileNameA
0x43b0bc ReadProcessMemory
0x43b0c0 ReadFile
0x43b0c4 FreeEnvironmentStringsW
0x43b0c8 GetEnvironmentStringsW
0x43b0cc GetOEMCP
0x43b0d0 GetACP
0x43b0d4 IsValidCodePage
0x43b0d8 FindNextFileW
0x43b0dc FindFirstFileExW
0x43b0e0 FindClose
0x43b0e4 GetTimeZoneInformation
0x43b0e8 HeapReAlloc
0x43b0ec ReadConsoleW
0x43b0f0 SetStdHandle
0x43b0f4 GetFullPathNameW
0x43b0f8 GetCurrentDirectoryW
0x43b0fc DeleteFileW
0x43b100 EnumSystemLocalesW
0x43b104 GetUserDefaultLCID
0x43b108 IsValidLocale
0x43b10c HeapAlloc
0x43b110 HeapFree
0x43b114 GetConsoleMode
0x43b118 GetConsoleCP
0x43b11c FlushFileBuffers
0x43b120 SetFilePointerEx
0x43b124 WideCharToMultiByte
0x43b128 EnterCriticalSection
0x43b12c LeaveCriticalSection
0x43b130 DeleteCriticalSection
0x43b134 SetLastError
0x43b138 InitializeCriticalSectionAndSpinCount
0x43b13c CreateEventW
0x43b140 SwitchToThread
0x43b144 TlsAlloc
0x43b148 TlsGetValue
0x43b14c TlsSetValue
0x43b150 TlsFree
0x43b154 GetSystemTimeAsFileTime
0x43b158 GetModuleHandleW
0x43b15c EncodePointer
0x43b160 DecodePointer
0x43b164 MultiByteToWideChar
0x43b168 CompareStringW
0x43b16c LCMapStringW
0x43b170 GetLocaleInfoW
0x43b174 GetStringTypeW
0x43b178 GetCPInfo
0x43b17c SetEvent
0x43b180 ResetEvent
0x43b184 WaitForSingleObjectEx
0x43b188 IsDebuggerPresent
0x43b18c UnhandledExceptionFilter
0x43b190 SetUnhandledExceptionFilter
0x43b194 GetStartupInfoW
0x43b198 IsProcessorFeaturePresent
0x43b19c QueryPerformanceCounter
0x43b1a0 GetCurrentProcessId
0x43b1a4 GetCurrentThreadId
0x43b1a8 InitializeSListHead
0x43b1ac GetCurrentProcess
0x43b1b0 TerminateProcess
0x43b1b4 RaiseException
0x43b1b8 RtlUnwind
0x43b1bc FreeLibrary
0x43b1c0 LoadLibraryExW
0x43b1c4 ExitProcess
0x43b1c8 GetModuleHandleExW
0x43b1cc CreateFileW
0x43b1d0 GetDriveTypeW
0x43b1d4 GetFileInformationByHandle
0x43b1d8 GetFileType
0x43b1dc PeekNamedPipe
0x43b1e0 SystemTimeToTzSpecificLocalTime
0x43b1e4 FileTimeToSystemTime
0x43b1e8 GetModuleFileNameW
0x43b1ec GetStdHandle
0x43b1f0 GetCommandLineA
0x43b1f4 GetCommandLineW
0x43b1f8 GetFileSizeEx
0x43b1fc WriteConsoleW
USER32.dll
0x43b214 GetSystemMetrics
0x43b218 ReleaseDC
0x43b21c GetDC
GDI32.dll
0x43b02c CreateCompatibleBitmap
0x43b030 SelectObject
0x43b034 CreateCompatibleDC
0x43b038 DeleteObject
0x43b03c BitBlt
ADVAPI32.dll
0x43b000 RegCloseKey
0x43b004 RegGetValueA
0x43b008 RegQueryValueExA
0x43b00c GetSidSubAuthorityCount
0x43b010 GetSidSubAuthority
0x43b014 GetUserNameA
0x43b018 LookupAccountNameA
0x43b01c RegSetValueExA
0x43b020 RegOpenKeyExA
0x43b024 GetSidIdentifierAuthority
SHELL32.dll
0x43b204 ShellExecuteA
0x43b208 None
0x43b20c SHGetFolderPathA
WININET.dll
0x43b224 HttpOpenRequestA
0x43b228 InternetWriteFile
0x43b22c InternetReadFile
0x43b230 InternetConnectA
0x43b234 HttpSendRequestA
0x43b238 InternetCloseHandle
0x43b23c InternetOpenA
0x43b240 HttpAddRequestHeadersA
0x43b244 HttpSendRequestExW
0x43b248 HttpEndRequestA
0x43b24c InternetOpenW
0x43b250 InternetOpenUrlA
gdiplus.dll
0x43b258 GdipSaveImageToFile
0x43b25c GdipGetImageEncodersSize
0x43b260 GdipDisposeImage
0x43b264 GdipCreateBitmapFromHBITMAP
0x43b268 GdipGetImageEncoders
0x43b26c GdiplusShutdown
0x43b270 GdiplusStartup
EAT(Export Address Table) is none
KERNEL32.dll
0x43b044 CloseHandle
0x43b048 GetSystemInfo
0x43b04c CreateThread
0x43b050 GetThreadContext
0x43b054 GetProcAddress
0x43b058 VirtualAllocEx
0x43b05c RemoveDirectoryA
0x43b060 CreateFileA
0x43b064 CreateProcessA
0x43b068 CreateDirectoryA
0x43b06c SetThreadContext
0x43b070 SetEndOfFile
0x43b074 HeapSize
0x43b078 GetProcessHeap
0x43b07c SetEnvironmentVariableW
0x43b080 GetFileAttributesA
0x43b084 GetLastError
0x43b088 GetTempPathA
0x43b08c Sleep
0x43b090 GetModuleHandleA
0x43b094 SetCurrentDirectoryA
0x43b098 ResumeThread
0x43b09c GetComputerNameExW
0x43b0a0 GetVersionExW
0x43b0a4 CreateMutexA
0x43b0a8 VirtualAlloc
0x43b0ac WriteFile
0x43b0b0 VirtualFree
0x43b0b4 WriteProcessMemory
0x43b0b8 GetModuleFileNameA
0x43b0bc ReadProcessMemory
0x43b0c0 ReadFile
0x43b0c4 FreeEnvironmentStringsW
0x43b0c8 GetEnvironmentStringsW
0x43b0cc GetOEMCP
0x43b0d0 GetACP
0x43b0d4 IsValidCodePage
0x43b0d8 FindNextFileW
0x43b0dc FindFirstFileExW
0x43b0e0 FindClose
0x43b0e4 GetTimeZoneInformation
0x43b0e8 HeapReAlloc
0x43b0ec ReadConsoleW
0x43b0f0 SetStdHandle
0x43b0f4 GetFullPathNameW
0x43b0f8 GetCurrentDirectoryW
0x43b0fc DeleteFileW
0x43b100 EnumSystemLocalesW
0x43b104 GetUserDefaultLCID
0x43b108 IsValidLocale
0x43b10c HeapAlloc
0x43b110 HeapFree
0x43b114 GetConsoleMode
0x43b118 GetConsoleCP
0x43b11c FlushFileBuffers
0x43b120 SetFilePointerEx
0x43b124 WideCharToMultiByte
0x43b128 EnterCriticalSection
0x43b12c LeaveCriticalSection
0x43b130 DeleteCriticalSection
0x43b134 SetLastError
0x43b138 InitializeCriticalSectionAndSpinCount
0x43b13c CreateEventW
0x43b140 SwitchToThread
0x43b144 TlsAlloc
0x43b148 TlsGetValue
0x43b14c TlsSetValue
0x43b150 TlsFree
0x43b154 GetSystemTimeAsFileTime
0x43b158 GetModuleHandleW
0x43b15c EncodePointer
0x43b160 DecodePointer
0x43b164 MultiByteToWideChar
0x43b168 CompareStringW
0x43b16c LCMapStringW
0x43b170 GetLocaleInfoW
0x43b174 GetStringTypeW
0x43b178 GetCPInfo
0x43b17c SetEvent
0x43b180 ResetEvent
0x43b184 WaitForSingleObjectEx
0x43b188 IsDebuggerPresent
0x43b18c UnhandledExceptionFilter
0x43b190 SetUnhandledExceptionFilter
0x43b194 GetStartupInfoW
0x43b198 IsProcessorFeaturePresent
0x43b19c QueryPerformanceCounter
0x43b1a0 GetCurrentProcessId
0x43b1a4 GetCurrentThreadId
0x43b1a8 InitializeSListHead
0x43b1ac GetCurrentProcess
0x43b1b0 TerminateProcess
0x43b1b4 RaiseException
0x43b1b8 RtlUnwind
0x43b1bc FreeLibrary
0x43b1c0 LoadLibraryExW
0x43b1c4 ExitProcess
0x43b1c8 GetModuleHandleExW
0x43b1cc CreateFileW
0x43b1d0 GetDriveTypeW
0x43b1d4 GetFileInformationByHandle
0x43b1d8 GetFileType
0x43b1dc PeekNamedPipe
0x43b1e0 SystemTimeToTzSpecificLocalTime
0x43b1e4 FileTimeToSystemTime
0x43b1e8 GetModuleFileNameW
0x43b1ec GetStdHandle
0x43b1f0 GetCommandLineA
0x43b1f4 GetCommandLineW
0x43b1f8 GetFileSizeEx
0x43b1fc WriteConsoleW
USER32.dll
0x43b214 GetSystemMetrics
0x43b218 ReleaseDC
0x43b21c GetDC
GDI32.dll
0x43b02c CreateCompatibleBitmap
0x43b030 SelectObject
0x43b034 CreateCompatibleDC
0x43b038 DeleteObject
0x43b03c BitBlt
ADVAPI32.dll
0x43b000 RegCloseKey
0x43b004 RegGetValueA
0x43b008 RegQueryValueExA
0x43b00c GetSidSubAuthorityCount
0x43b010 GetSidSubAuthority
0x43b014 GetUserNameA
0x43b018 LookupAccountNameA
0x43b01c RegSetValueExA
0x43b020 RegOpenKeyExA
0x43b024 GetSidIdentifierAuthority
SHELL32.dll
0x43b204 ShellExecuteA
0x43b208 None
0x43b20c SHGetFolderPathA
WININET.dll
0x43b224 HttpOpenRequestA
0x43b228 InternetWriteFile
0x43b22c InternetReadFile
0x43b230 InternetConnectA
0x43b234 HttpSendRequestA
0x43b238 InternetCloseHandle
0x43b23c InternetOpenA
0x43b240 HttpAddRequestHeadersA
0x43b244 HttpSendRequestExW
0x43b248 HttpEndRequestA
0x43b24c InternetOpenW
0x43b250 InternetOpenUrlA
gdiplus.dll
0x43b258 GdipSaveImageToFile
0x43b25c GdipGetImageEncodersSize
0x43b260 GdipDisposeImage
0x43b264 GdipCreateBitmapFromHBITMAP
0x43b268 GdipGetImageEncoders
0x43b26c GdiplusShutdown
0x43b270 GdiplusStartup
EAT(Export Address Table) is none