ScreenShot
| Created | 2023.09.04 17:10 | Machine | s1_win7_x6403 |
| Filename | @interpoIpanic_alice.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 28 detected (AIDetectMalware, RedLineNET, Lazy, ZexaF, 5XW@auO5wyhi, Attribute, HighConfidence, malicious, high confidence, Kryptik, HUBU, score, PWSX, Jaik, Static AI, Suspicious PE, Sabsik, BScope, TrojanPSW, RedLine, Convagent, XaY1QmCWFxH, ai score=80, HUKQ) | ||
| md5 | d9109db79ab552695a226bd2bde10c92 | ||
| sha256 | 1405601f7d6dde64021d6ee307c7fbf7b7f00d62a90404bbd685c225b49fdbc3 | ||
| ssdeep | 12288:mHE/mUJhyiZGbBgi2CIP7J5B3CR11PT/NLEXWDBovXgdaywjBRuoWs+DgwFpdy83:xoiZGFgi2CIP7bBXWDBUXGaPW8d4d | ||
| imphash | 58d286054e67e82e980e73e5f69f8740 | ||
| impfuzzy | 48:3orIoWJcpH+PdD9vrxQSXtXqScGtTzba63lbuFZWL:SIoWJcpH+P51rxHXtXqScGtTPaZm | ||
Network IP location
Signature (17cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| danger | Executed a process and injected code into it |
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Communicates with host for which no DNS query was performed |
| watch | One or more of the buffers contains an embedded PE file |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | Used NtSetContextThread to modify a thread in a remote process indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | One or more potentially interesting buffers were extracted |
| notice | Yara rule detected in process memory |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (13cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | anti_dbg | Checks if being debugged | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
PE API
IAT(Import Address Table) Library
USER32.dll
0x4d92f0 ReleaseDC
0x4d92f4 GetDC
GDI32.dll
0x4d9000 PolyBezier
0x4d9004 SetGraphicsMode
0x4d9008 GetDeviceCaps
KERNEL32.dll
0x4d9038 HeapSize
0x4d903c CreateFileW
0x4d9040 CompareStringEx
0x4d9044 RaiseException
0x4d9048 InitializeSRWLock
0x4d904c ReleaseSRWLockExclusive
0x4d9050 AcquireSRWLockExclusive
0x4d9054 EnterCriticalSection
0x4d9058 LeaveCriticalSection
0x4d905c InitializeCriticalSectionEx
0x4d9060 TryEnterCriticalSection
0x4d9064 DeleteCriticalSection
0x4d9068 GetCurrentThreadId
0x4d906c InitializeConditionVariable
0x4d9070 WakeConditionVariable
0x4d9074 WakeAllConditionVariable
0x4d9078 SleepConditionVariableCS
0x4d907c SleepConditionVariableSRW
0x4d9080 FormatMessageA
0x4d9084 WideCharToMultiByte
0x4d9088 MultiByteToWideChar
0x4d908c GetStringTypeW
0x4d9090 InitOnceBeginInitialize
0x4d9094 InitOnceComplete
0x4d9098 GetLastError
0x4d909c FreeLibraryWhenCallbackReturns
0x4d90a0 CreateThreadpoolWork
0x4d90a4 SubmitThreadpoolWork
0x4d90a8 CloseThreadpoolWork
0x4d90ac GetModuleHandleExW
0x4d90b0 RtlCaptureStackBackTrace
0x4d90b4 IsProcessorFeaturePresent
0x4d90b8 QueryPerformanceCounter
0x4d90bc QueryPerformanceFrequency
0x4d90c0 SetFileInformationByHandle
0x4d90c4 FlsAlloc
0x4d90c8 FlsGetValue
0x4d90cc FlsSetValue
0x4d90d0 FlsFree
0x4d90d4 InitOnceExecuteOnce
0x4d90d8 CreateEventExW
0x4d90dc CreateSemaphoreExW
0x4d90e0 FlushProcessWriteBuffers
0x4d90e4 GetCurrentProcessorNumber
0x4d90e8 GetSystemTimeAsFileTime
0x4d90ec GetTickCount64
0x4d90f0 CreateThreadpoolTimer
0x4d90f4 SetThreadpoolTimer
0x4d90f8 WaitForThreadpoolTimerCallbacks
0x4d90fc CloseThreadpoolTimer
0x4d9100 CreateThreadpoolWait
0x4d9104 SetThreadpoolWait
0x4d9108 CloseThreadpoolWait
0x4d910c GetModuleHandleW
0x4d9110 GetProcAddress
0x4d9114 GetFileInformationByHandleEx
0x4d9118 CreateSymbolicLinkW
0x4d911c CloseHandle
0x4d9120 WaitForSingleObjectEx
0x4d9124 Sleep
0x4d9128 SwitchToThread
0x4d912c GetExitCodeThread
0x4d9130 GetNativeSystemInfo
0x4d9134 LocalFree
0x4d9138 EncodePointer
0x4d913c DecodePointer
0x4d9140 LCMapStringEx
0x4d9144 GetLocaleInfoEx
0x4d9148 WriteConsoleW
0x4d914c GetCPInfo
0x4d9150 InitializeCriticalSectionAndSpinCount
0x4d9154 SetEvent
0x4d9158 ResetEvent
0x4d915c CreateEventW
0x4d9160 GetCurrentProcessId
0x4d9164 InitializeSListHead
0x4d9168 IsDebuggerPresent
0x4d916c UnhandledExceptionFilter
0x4d9170 SetUnhandledExceptionFilter
0x4d9174 GetStartupInfoW
0x4d9178 GetCurrentProcess
0x4d917c TerminateProcess
0x4d9180 GetProcessHeap
0x4d9184 RtlUnwind
0x4d9188 InterlockedPushEntrySList
0x4d918c InterlockedFlushSList
0x4d9190 SetLastError
0x4d9194 TlsAlloc
0x4d9198 TlsGetValue
0x4d919c TlsSetValue
0x4d91a0 TlsFree
0x4d91a4 FreeLibrary
0x4d91a8 LoadLibraryExW
0x4d91ac CreateThread
0x4d91b0 ExitThread
0x4d91b4 ResumeThread
0x4d91b8 FreeLibraryAndExitThread
0x4d91bc GetStdHandle
0x4d91c0 WriteFile
0x4d91c4 GetModuleFileNameW
0x4d91c8 ExitProcess
0x4d91cc GetCommandLineA
0x4d91d0 GetCommandLineW
0x4d91d4 GetCurrentThread
0x4d91d8 HeapAlloc
0x4d91dc HeapFree
0x4d91e0 SetConsoleCtrlHandler
0x4d91e4 GetFileType
0x4d91e8 GetDateFormatW
0x4d91ec GetTimeFormatW
0x4d91f0 CompareStringW
0x4d91f4 LCMapStringW
0x4d91f8 GetLocaleInfoW
0x4d91fc IsValidLocale
0x4d9200 GetUserDefaultLCID
0x4d9204 EnumSystemLocalesW
0x4d9208 GetFileSizeEx
0x4d920c SetFilePointerEx
0x4d9210 FlushFileBuffers
0x4d9214 GetConsoleOutputCP
0x4d9218 GetConsoleMode
0x4d921c ReadFile
0x4d9220 ReadConsoleW
0x4d9224 HeapReAlloc
0x4d9228 GetTimeZoneInformation
0x4d922c OutputDebugStringW
0x4d9230 FindClose
0x4d9234 FindFirstFileExW
0x4d9238 FindNextFileW
0x4d923c IsValidCodePage
0x4d9240 GetACP
0x4d9244 GetOEMCP
0x4d9248 GetEnvironmentStringsW
0x4d924c FreeEnvironmentStringsW
0x4d9250 SetEnvironmentVariableW
0x4d9254 SetStdHandle
EAT(Export Address Table) is none
USER32.dll
0x4d92f0 ReleaseDC
0x4d92f4 GetDC
GDI32.dll
0x4d9000 PolyBezier
0x4d9004 SetGraphicsMode
0x4d9008 GetDeviceCaps
KERNEL32.dll
0x4d9038 HeapSize
0x4d903c CreateFileW
0x4d9040 CompareStringEx
0x4d9044 RaiseException
0x4d9048 InitializeSRWLock
0x4d904c ReleaseSRWLockExclusive
0x4d9050 AcquireSRWLockExclusive
0x4d9054 EnterCriticalSection
0x4d9058 LeaveCriticalSection
0x4d905c InitializeCriticalSectionEx
0x4d9060 TryEnterCriticalSection
0x4d9064 DeleteCriticalSection
0x4d9068 GetCurrentThreadId
0x4d906c InitializeConditionVariable
0x4d9070 WakeConditionVariable
0x4d9074 WakeAllConditionVariable
0x4d9078 SleepConditionVariableCS
0x4d907c SleepConditionVariableSRW
0x4d9080 FormatMessageA
0x4d9084 WideCharToMultiByte
0x4d9088 MultiByteToWideChar
0x4d908c GetStringTypeW
0x4d9090 InitOnceBeginInitialize
0x4d9094 InitOnceComplete
0x4d9098 GetLastError
0x4d909c FreeLibraryWhenCallbackReturns
0x4d90a0 CreateThreadpoolWork
0x4d90a4 SubmitThreadpoolWork
0x4d90a8 CloseThreadpoolWork
0x4d90ac GetModuleHandleExW
0x4d90b0 RtlCaptureStackBackTrace
0x4d90b4 IsProcessorFeaturePresent
0x4d90b8 QueryPerformanceCounter
0x4d90bc QueryPerformanceFrequency
0x4d90c0 SetFileInformationByHandle
0x4d90c4 FlsAlloc
0x4d90c8 FlsGetValue
0x4d90cc FlsSetValue
0x4d90d0 FlsFree
0x4d90d4 InitOnceExecuteOnce
0x4d90d8 CreateEventExW
0x4d90dc CreateSemaphoreExW
0x4d90e0 FlushProcessWriteBuffers
0x4d90e4 GetCurrentProcessorNumber
0x4d90e8 GetSystemTimeAsFileTime
0x4d90ec GetTickCount64
0x4d90f0 CreateThreadpoolTimer
0x4d90f4 SetThreadpoolTimer
0x4d90f8 WaitForThreadpoolTimerCallbacks
0x4d90fc CloseThreadpoolTimer
0x4d9100 CreateThreadpoolWait
0x4d9104 SetThreadpoolWait
0x4d9108 CloseThreadpoolWait
0x4d910c GetModuleHandleW
0x4d9110 GetProcAddress
0x4d9114 GetFileInformationByHandleEx
0x4d9118 CreateSymbolicLinkW
0x4d911c CloseHandle
0x4d9120 WaitForSingleObjectEx
0x4d9124 Sleep
0x4d9128 SwitchToThread
0x4d912c GetExitCodeThread
0x4d9130 GetNativeSystemInfo
0x4d9134 LocalFree
0x4d9138 EncodePointer
0x4d913c DecodePointer
0x4d9140 LCMapStringEx
0x4d9144 GetLocaleInfoEx
0x4d9148 WriteConsoleW
0x4d914c GetCPInfo
0x4d9150 InitializeCriticalSectionAndSpinCount
0x4d9154 SetEvent
0x4d9158 ResetEvent
0x4d915c CreateEventW
0x4d9160 GetCurrentProcessId
0x4d9164 InitializeSListHead
0x4d9168 IsDebuggerPresent
0x4d916c UnhandledExceptionFilter
0x4d9170 SetUnhandledExceptionFilter
0x4d9174 GetStartupInfoW
0x4d9178 GetCurrentProcess
0x4d917c TerminateProcess
0x4d9180 GetProcessHeap
0x4d9184 RtlUnwind
0x4d9188 InterlockedPushEntrySList
0x4d918c InterlockedFlushSList
0x4d9190 SetLastError
0x4d9194 TlsAlloc
0x4d9198 TlsGetValue
0x4d919c TlsSetValue
0x4d91a0 TlsFree
0x4d91a4 FreeLibrary
0x4d91a8 LoadLibraryExW
0x4d91ac CreateThread
0x4d91b0 ExitThread
0x4d91b4 ResumeThread
0x4d91b8 FreeLibraryAndExitThread
0x4d91bc GetStdHandle
0x4d91c0 WriteFile
0x4d91c4 GetModuleFileNameW
0x4d91c8 ExitProcess
0x4d91cc GetCommandLineA
0x4d91d0 GetCommandLineW
0x4d91d4 GetCurrentThread
0x4d91d8 HeapAlloc
0x4d91dc HeapFree
0x4d91e0 SetConsoleCtrlHandler
0x4d91e4 GetFileType
0x4d91e8 GetDateFormatW
0x4d91ec GetTimeFormatW
0x4d91f0 CompareStringW
0x4d91f4 LCMapStringW
0x4d91f8 GetLocaleInfoW
0x4d91fc IsValidLocale
0x4d9200 GetUserDefaultLCID
0x4d9204 EnumSystemLocalesW
0x4d9208 GetFileSizeEx
0x4d920c SetFilePointerEx
0x4d9210 FlushFileBuffers
0x4d9214 GetConsoleOutputCP
0x4d9218 GetConsoleMode
0x4d921c ReadFile
0x4d9220 ReadConsoleW
0x4d9224 HeapReAlloc
0x4d9228 GetTimeZoneInformation
0x4d922c OutputDebugStringW
0x4d9230 FindClose
0x4d9234 FindFirstFileExW
0x4d9238 FindNextFileW
0x4d923c IsValidCodePage
0x4d9240 GetACP
0x4d9244 GetOEMCP
0x4d9248 GetEnvironmentStringsW
0x4d924c FreeEnvironmentStringsW
0x4d9250 SetEnvironmentVariableW
0x4d9254 SetStdHandle
EAT(Export Address Table) is none