ScreenShot
| Created | 2023.09.06 17:24 | Machine | s1_win7_x6403 |
| Filename | 166.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 48 detected (AIDetectMalware, GenericKD, unsafe, Vt8o, malicious, confidence, 100%, ZexaE, rq0@aC61Mvji, GenusT, DQVS, Kryptik, Eldorado, Attribute, HighConfidence, high confidence, HTUE, score, PWSX, Uimw, cxsth, REDLINE, YXDIDZ, high, Static AI, Malicious PE, Sabsik, Detected, Artemis, ai score=80, Chgt, gnDPbm2Ej4B, Cinoshi) | ||
| md5 | fc5c376212d49e490f9e790b36ea7252 | ||
| sha256 | adcd7d7ac0d1ce2fb231bdf176afded404415a8bab9f9f5224d1d2e9144ceb59 | ||
| ssdeep | 3072:COnWLAq5qeerF6tWKyAmIuZIUmhrsum6wSeV5biIAFtKWILVuY4eMt7JZIEL:xnEKANJLU+snzVAXK/W9 | ||
| imphash | eb431e45ec385f0b5ba62d0fac2cb9db | ||
| impfuzzy | 24:VrymDW9dJejeOMjOov9jMCcfdZ/J3IStsjFQHRyvnRT4ialL3ZA:uddOMCUcfhztsbRclVG | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41501c LoadLibraryA
0x415020 VirtualAlloc
0x415024 LockResource
0x415028 LoadResource
0x41502c SizeofResource
0x415030 FindResourceW
0x415034 GetProcAddress
0x415038 GetLastError
0x41503c CreateMutexA
0x415040 GetModuleHandleA
0x415044 InterlockedExchange
0x415048 FreeConsole
0x41504c VirtualProtect
0x415050 lstrlenW
0x415054 CreateThread
0x415058 WaitForSingleObject
0x41505c Sleep
0x415060 GetModuleHandleW
0x415064 SetFileApisToOEM
0x415068 RtlUnwind
0x41506c RaiseException
0x415070 GetCommandLineA
0x415074 WriteFile
0x415078 WideCharToMultiByte
0x41507c GetConsoleCP
0x415080 GetConsoleMode
0x415084 FlushFileBuffers
0x415088 DeleteCriticalSection
0x41508c LeaveCriticalSection
0x415090 EnterCriticalSection
0x415094 HeapFree
0x415098 TlsGetValue
0x41509c TlsAlloc
0x4150a0 TlsSetValue
0x4150a4 TlsFree
0x4150a8 InterlockedIncrement
0x4150ac SetLastError
0x4150b0 GetCurrentThreadId
0x4150b4 InterlockedDecrement
0x4150b8 HeapAlloc
0x4150bc TerminateProcess
0x4150c0 GetCurrentProcess
0x4150c4 UnhandledExceptionFilter
0x4150c8 SetUnhandledExceptionFilter
0x4150cc IsDebuggerPresent
0x4150d0 ExitProcess
0x4150d4 GetStdHandle
0x4150d8 GetModuleFileNameA
0x4150dc FreeEnvironmentStringsA
0x4150e0 GetEnvironmentStrings
0x4150e4 FreeEnvironmentStringsW
0x4150e8 GetEnvironmentStringsW
0x4150ec SetHandleCount
0x4150f0 GetFileType
0x4150f4 GetStartupInfoA
0x4150f8 HeapCreate
0x4150fc VirtualFree
0x415100 QueryPerformanceCounter
0x415104 GetTickCount
0x415108 GetCurrentProcessId
0x41510c GetSystemTimeAsFileTime
0x415110 GetCPInfo
0x415114 GetACP
0x415118 GetOEMCP
0x41511c IsValidCodePage
0x415120 WriteConsoleA
0x415124 GetConsoleOutputCP
0x415128 WriteConsoleW
0x41512c MultiByteToWideChar
0x415130 SetFilePointer
0x415134 SetStdHandle
0x415138 InitializeCriticalSectionAndSpinCount
0x41513c HeapReAlloc
0x415140 HeapSize
0x415144 LCMapStringA
0x415148 LCMapStringW
0x41514c GetStringTypeA
0x415150 GetStringTypeW
0x415154 GetLocaleInfoA
0x415158 CreateFileA
0x41515c CloseHandle
GDI32.dll
0x415008 SetTextColor
0x41500c CreateFontIndirectA
0x415010 SelectObject
0x415014 SetBkMode
ADVAPI32.dll
0x415000 RegDeleteKeyA
EAT(Export Address Table) is none
KERNEL32.dll
0x41501c LoadLibraryA
0x415020 VirtualAlloc
0x415024 LockResource
0x415028 LoadResource
0x41502c SizeofResource
0x415030 FindResourceW
0x415034 GetProcAddress
0x415038 GetLastError
0x41503c CreateMutexA
0x415040 GetModuleHandleA
0x415044 InterlockedExchange
0x415048 FreeConsole
0x41504c VirtualProtect
0x415050 lstrlenW
0x415054 CreateThread
0x415058 WaitForSingleObject
0x41505c Sleep
0x415060 GetModuleHandleW
0x415064 SetFileApisToOEM
0x415068 RtlUnwind
0x41506c RaiseException
0x415070 GetCommandLineA
0x415074 WriteFile
0x415078 WideCharToMultiByte
0x41507c GetConsoleCP
0x415080 GetConsoleMode
0x415084 FlushFileBuffers
0x415088 DeleteCriticalSection
0x41508c LeaveCriticalSection
0x415090 EnterCriticalSection
0x415094 HeapFree
0x415098 TlsGetValue
0x41509c TlsAlloc
0x4150a0 TlsSetValue
0x4150a4 TlsFree
0x4150a8 InterlockedIncrement
0x4150ac SetLastError
0x4150b0 GetCurrentThreadId
0x4150b4 InterlockedDecrement
0x4150b8 HeapAlloc
0x4150bc TerminateProcess
0x4150c0 GetCurrentProcess
0x4150c4 UnhandledExceptionFilter
0x4150c8 SetUnhandledExceptionFilter
0x4150cc IsDebuggerPresent
0x4150d0 ExitProcess
0x4150d4 GetStdHandle
0x4150d8 GetModuleFileNameA
0x4150dc FreeEnvironmentStringsA
0x4150e0 GetEnvironmentStrings
0x4150e4 FreeEnvironmentStringsW
0x4150e8 GetEnvironmentStringsW
0x4150ec SetHandleCount
0x4150f0 GetFileType
0x4150f4 GetStartupInfoA
0x4150f8 HeapCreate
0x4150fc VirtualFree
0x415100 QueryPerformanceCounter
0x415104 GetTickCount
0x415108 GetCurrentProcessId
0x41510c GetSystemTimeAsFileTime
0x415110 GetCPInfo
0x415114 GetACP
0x415118 GetOEMCP
0x41511c IsValidCodePage
0x415120 WriteConsoleA
0x415124 GetConsoleOutputCP
0x415128 WriteConsoleW
0x41512c MultiByteToWideChar
0x415130 SetFilePointer
0x415134 SetStdHandle
0x415138 InitializeCriticalSectionAndSpinCount
0x41513c HeapReAlloc
0x415140 HeapSize
0x415144 LCMapStringA
0x415148 LCMapStringW
0x41514c GetStringTypeA
0x415150 GetStringTypeW
0x415154 GetLocaleInfoA
0x415158 CreateFileA
0x41515c CloseHandle
GDI32.dll
0x415008 SetTextColor
0x41500c CreateFontIndirectA
0x415010 SelectObject
0x415014 SetBkMode
ADVAPI32.dll
0x415000 RegDeleteKeyA
EAT(Export Address Table) is none