ScreenShot
| Created | 2023.09.07 07:46 | Machine | s1_win7_x6403 |
| Filename | %d0%a1hr%d0%bem%d0%b5U%d1%80d%d0%b0t%d0%b5.exe | ||
| Type | PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | ab21fb252180c05311c10a70dd9d7ca3 | ||
| sha256 | dac1bd40799564288bf55874543196c4ef6265d89e3228864be4d475258b9062 | ||
| ssdeep | 98304:o3R5MWLcg2HZe47W8GTDJ/RizBMs5U+ROjqO6a/uZdUqa:m5MWLSfwTDlg9MsGCauZha | ||
| imphash | 500322c0645738ca4a802cc46aed20aa | ||
| impfuzzy | 96:8shXQcoDLmY4rNmwpB7xQbZUXhX1yno2ljvLPQObve:8sZ5oDl4x1MSRFn2pPQObve | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| watch | Detects the presence of Wine emulator |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32
0x90c098 RegCloseKey
0x90c0a0 RegOpenKeyExW
0x90c0a8 RegQueryValueExW
KERNEL32
0x90c508 AddVectoredExceptionHandler
0x90c510 CloseHandle
0x90c518 CompareStringA
0x90c520 CompareStringW
0x90c528 CreateDirectoryA
0x90c530 CreateEventW
0x90c538 CreateFileA
0x90c540 CreateFileW
0x90c548 CreateMutexA
0x90c550 CreateSemaphoreA
0x90c558 CreateThread
0x90c560 DeleteCriticalSection
0x90c568 DeleteFileA
0x90c570 DuplicateHandle
0x90c578 EnterCriticalSection
0x90c580 EnumCalendarInfoW
0x90c588 EnumSystemLocalesW
0x90c590 ExitProcess
0x90c598 ExitThread
0x90c5a0 FindClose
0x90c5a8 FindFirstFileW
0x90c5b0 FindResourceA
0x90c5b8 FormatMessageW
0x90c5c0 FreeEnvironmentStringsA
0x90c5c8 FreeLibrary
0x90c5d0 FreeResource
0x90c5d8 GetACP
0x90c5e0 GetCPInfo
0x90c5e8 GetCPInfoExW
0x90c5f0 GetCommandLineA
0x90c5f8 GetCommandLineW
0x90c600 GetConsoleWindow
0x90c608 GetCurrentProcess
0x90c610 GetCurrentProcessId
0x90c618 GetCurrentThread
0x90c620 GetCurrentThreadId
0x90c628 GetDateFormatW
0x90c630 GetDiskFreeSpaceW
0x90c638 GetEnvironmentStrings
0x90c640 GetExitCodeThread
0x90c648 GetFileAttributesA
0x90c650 GetFileAttributesW
0x90c658 GetFileSize
0x90c660 GetFileType
0x90c668 GetFullPathNameW
0x90c670 GetLastError
0x90c678 GetLocalTime
0x90c680 GetLocaleInfoA
0x90c688 GetLocaleInfoW
0x90c690 GetModuleFileNameA
0x90c698 GetModuleFileNameW
0x90c6a0 GetModuleHandleA
0x90c6a8 GetModuleHandleW
0x90c6b0 GetOEMCP
0x90c6b8 GetProcAddress
0x90c6c0 GetProcessHeap
0x90c6c8 GetStartupInfoA
0x90c6d0 GetStartupInfoW
0x90c6d8 GetStdHandle
0x90c6e0 GetStringTypeA
0x90c6e8 GetStringTypeW
0x90c6f0 GetSystemDefaultLangID
0x90c6f8 GetSystemDefaultUILanguage
0x90c700 GetSystemInfo
0x90c708 GetSystemTimeAsFileTime
0x90c710 GetThreadLocale
0x90c718 GetThreadPriority
0x90c720 GetTickCount
0x90c728 GetTimeZoneInformation
0x90c730 GetUserDefaultLCID
0x90c738 GetUserDefaultUILanguage
0x90c740 GetVersion
0x90c748 GetVersionExA
0x90c750 GetVersionExW
0x90c758 HeapAlloc
0x90c760 HeapCreate
0x90c768 HeapDestroy
0x90c770 HeapFree
0x90c778 InitializeCriticalSection
0x90c780 IsDBCSLeadByteEx
0x90c788 IsDebuggerPresent
0x90c790 IsValidLocale
0x90c798 LCMapStringA
0x90c7a0 LCMapStringW
0x90c7a8 LeaveCriticalSection
0x90c7b0 LoadLibraryA
0x90c7b8 LoadLibraryExW
0x90c7c0 LoadLibraryW
0x90c7c8 LoadResource
0x90c7d0 LocalAlloc
0x90c7d8 LocalFileTimeToFileTime
0x90c7e0 LocalFree
0x90c7e8 LockResource
0x90c7f0 MultiByteToWideChar
0x90c7f8 QueryPerformanceCounter
0x90c800 QueryPerformanceFrequency
0x90c808 RaiseException
0x90c810 ReadFile
0x90c818 ReleaseMutex
0x90c820 ReleaseSemaphore
0x90c828 RemoveDirectoryA
0x90c830 RemoveVectoredExceptionHandler
0x90c838 ResetEvent
0x90c840 ResumeThread
0x90c848 RtlCaptureContext
0x90c850 RtlUnwind
0x90c858 SetConsoleCtrlHandler
0x90c860 SetEndOfFile
0x90c868 SetEvent
0x90c870 SetFilePointer
0x90c878 SetFileTime
0x90c880 SetHandleCount
0x90c888 SetLastError
0x90c890 SetThreadLocale
0x90c898 SetThreadPriority
0x90c8a0 Sleep
0x90c8a8 SuspendThread
0x90c8b0 SwitchToThread
0x90c8b8 SystemTimeToFileTime
0x90c8c0 TlsAlloc
0x90c8c8 TlsFree
0x90c8d0 TlsGetValue
0x90c8d8 TlsSetValue
0x90c8e0 UnhandledExceptionFilter
0x90c8e8 VerSetConditionMask
0x90c8f0 VerifyVersionInfoW
0x90c8f8 VirtualAlloc
0x90c900 VirtualFree
0x90c908 VirtualQuery
0x90c910 VirtualQueryEx
0x90c918 WaitForSingleObject
0x90c920 WaitForSingleObjectEx
0x90c928 WideCharToMultiByte
0x90c930 WriteFile
0x90c938 lstrlenW
0x90c940 RtlRestoreContext
0x90c948 RtlUnwindEx
USER32
0x90c9d0 CharLowerBuffA
0x90c9d8 CharLowerBuffW
0x90c9e0 CharNextW
0x90c9e8 CharUpperBuffA
0x90c9f0 CharUpperBuffW
0x90c9f8 CharUpperW
0x90ca00 EnumThreadWindows
0x90ca08 GetSystemMetrics
0x90ca10 LoadStringW
0x90ca18 MessageBoxW
0x90ca20 MsgWaitForMultipleObjects
0x90ca28 PeekMessageW
0x90ca30 ShowWindow
0x90ca38 wsprintfA
OLEAUT32
0x90caa8 SafeArrayCreate
0x90cab0 SafeArrayGetLBound
0x90cab8 SafeArrayGetUBound
0x90cac0 SafeArrayPtrOfIndex
0x90cac8 SysAllocStringLen
0x90cad0 SysFreeString
0x90cad8 SysReAllocStringLen
0x90cae0 VariantChangeType
0x90cae8 VariantClear
0x90caf0 VariantCopy
0x90caf8 VariantInit
Bcrypt
0x90cb60 BCryptCloseAlgorithmProvider
0x90cb68 BCryptCreateHash
0x90cb70 BCryptDecrypt
0x90cb78 BCryptDestroyHash
0x90cb80 BCryptDestroyKey
0x90cb88 BCryptFinishHash
0x90cb90 BCryptGenerateSymmetricKey
0x90cb98 BCryptHashData
0x90cba0 BCryptOpenAlgorithmProvider
0x90cba8 BCryptSetProperty
EAT(Export Address Table) Library
0x8c3660 __CPPdebugHook
0x4f0500 __setRaiseListFuncAddr
ADVAPI32
0x90c098 RegCloseKey
0x90c0a0 RegOpenKeyExW
0x90c0a8 RegQueryValueExW
KERNEL32
0x90c508 AddVectoredExceptionHandler
0x90c510 CloseHandle
0x90c518 CompareStringA
0x90c520 CompareStringW
0x90c528 CreateDirectoryA
0x90c530 CreateEventW
0x90c538 CreateFileA
0x90c540 CreateFileW
0x90c548 CreateMutexA
0x90c550 CreateSemaphoreA
0x90c558 CreateThread
0x90c560 DeleteCriticalSection
0x90c568 DeleteFileA
0x90c570 DuplicateHandle
0x90c578 EnterCriticalSection
0x90c580 EnumCalendarInfoW
0x90c588 EnumSystemLocalesW
0x90c590 ExitProcess
0x90c598 ExitThread
0x90c5a0 FindClose
0x90c5a8 FindFirstFileW
0x90c5b0 FindResourceA
0x90c5b8 FormatMessageW
0x90c5c0 FreeEnvironmentStringsA
0x90c5c8 FreeLibrary
0x90c5d0 FreeResource
0x90c5d8 GetACP
0x90c5e0 GetCPInfo
0x90c5e8 GetCPInfoExW
0x90c5f0 GetCommandLineA
0x90c5f8 GetCommandLineW
0x90c600 GetConsoleWindow
0x90c608 GetCurrentProcess
0x90c610 GetCurrentProcessId
0x90c618 GetCurrentThread
0x90c620 GetCurrentThreadId
0x90c628 GetDateFormatW
0x90c630 GetDiskFreeSpaceW
0x90c638 GetEnvironmentStrings
0x90c640 GetExitCodeThread
0x90c648 GetFileAttributesA
0x90c650 GetFileAttributesW
0x90c658 GetFileSize
0x90c660 GetFileType
0x90c668 GetFullPathNameW
0x90c670 GetLastError
0x90c678 GetLocalTime
0x90c680 GetLocaleInfoA
0x90c688 GetLocaleInfoW
0x90c690 GetModuleFileNameA
0x90c698 GetModuleFileNameW
0x90c6a0 GetModuleHandleA
0x90c6a8 GetModuleHandleW
0x90c6b0 GetOEMCP
0x90c6b8 GetProcAddress
0x90c6c0 GetProcessHeap
0x90c6c8 GetStartupInfoA
0x90c6d0 GetStartupInfoW
0x90c6d8 GetStdHandle
0x90c6e0 GetStringTypeA
0x90c6e8 GetStringTypeW
0x90c6f0 GetSystemDefaultLangID
0x90c6f8 GetSystemDefaultUILanguage
0x90c700 GetSystemInfo
0x90c708 GetSystemTimeAsFileTime
0x90c710 GetThreadLocale
0x90c718 GetThreadPriority
0x90c720 GetTickCount
0x90c728 GetTimeZoneInformation
0x90c730 GetUserDefaultLCID
0x90c738 GetUserDefaultUILanguage
0x90c740 GetVersion
0x90c748 GetVersionExA
0x90c750 GetVersionExW
0x90c758 HeapAlloc
0x90c760 HeapCreate
0x90c768 HeapDestroy
0x90c770 HeapFree
0x90c778 InitializeCriticalSection
0x90c780 IsDBCSLeadByteEx
0x90c788 IsDebuggerPresent
0x90c790 IsValidLocale
0x90c798 LCMapStringA
0x90c7a0 LCMapStringW
0x90c7a8 LeaveCriticalSection
0x90c7b0 LoadLibraryA
0x90c7b8 LoadLibraryExW
0x90c7c0 LoadLibraryW
0x90c7c8 LoadResource
0x90c7d0 LocalAlloc
0x90c7d8 LocalFileTimeToFileTime
0x90c7e0 LocalFree
0x90c7e8 LockResource
0x90c7f0 MultiByteToWideChar
0x90c7f8 QueryPerformanceCounter
0x90c800 QueryPerformanceFrequency
0x90c808 RaiseException
0x90c810 ReadFile
0x90c818 ReleaseMutex
0x90c820 ReleaseSemaphore
0x90c828 RemoveDirectoryA
0x90c830 RemoveVectoredExceptionHandler
0x90c838 ResetEvent
0x90c840 ResumeThread
0x90c848 RtlCaptureContext
0x90c850 RtlUnwind
0x90c858 SetConsoleCtrlHandler
0x90c860 SetEndOfFile
0x90c868 SetEvent
0x90c870 SetFilePointer
0x90c878 SetFileTime
0x90c880 SetHandleCount
0x90c888 SetLastError
0x90c890 SetThreadLocale
0x90c898 SetThreadPriority
0x90c8a0 Sleep
0x90c8a8 SuspendThread
0x90c8b0 SwitchToThread
0x90c8b8 SystemTimeToFileTime
0x90c8c0 TlsAlloc
0x90c8c8 TlsFree
0x90c8d0 TlsGetValue
0x90c8d8 TlsSetValue
0x90c8e0 UnhandledExceptionFilter
0x90c8e8 VerSetConditionMask
0x90c8f0 VerifyVersionInfoW
0x90c8f8 VirtualAlloc
0x90c900 VirtualFree
0x90c908 VirtualQuery
0x90c910 VirtualQueryEx
0x90c918 WaitForSingleObject
0x90c920 WaitForSingleObjectEx
0x90c928 WideCharToMultiByte
0x90c930 WriteFile
0x90c938 lstrlenW
0x90c940 RtlRestoreContext
0x90c948 RtlUnwindEx
USER32
0x90c9d0 CharLowerBuffA
0x90c9d8 CharLowerBuffW
0x90c9e0 CharNextW
0x90c9e8 CharUpperBuffA
0x90c9f0 CharUpperBuffW
0x90c9f8 CharUpperW
0x90ca00 EnumThreadWindows
0x90ca08 GetSystemMetrics
0x90ca10 LoadStringW
0x90ca18 MessageBoxW
0x90ca20 MsgWaitForMultipleObjects
0x90ca28 PeekMessageW
0x90ca30 ShowWindow
0x90ca38 wsprintfA
OLEAUT32
0x90caa8 SafeArrayCreate
0x90cab0 SafeArrayGetLBound
0x90cab8 SafeArrayGetUBound
0x90cac0 SafeArrayPtrOfIndex
0x90cac8 SysAllocStringLen
0x90cad0 SysFreeString
0x90cad8 SysReAllocStringLen
0x90cae0 VariantChangeType
0x90cae8 VariantClear
0x90caf0 VariantCopy
0x90caf8 VariantInit
Bcrypt
0x90cb60 BCryptCloseAlgorithmProvider
0x90cb68 BCryptCreateHash
0x90cb70 BCryptDecrypt
0x90cb78 BCryptDestroyHash
0x90cb80 BCryptDestroyKey
0x90cb88 BCryptFinishHash
0x90cb90 BCryptGenerateSymmetricKey
0x90cb98 BCryptHashData
0x90cba0 BCryptOpenAlgorithmProvider
0x90cba8 BCryptSetProperty
EAT(Export Address Table) Library
0x8c3660 __CPPdebugHook
0x4f0500 __setRaiseListFuncAddr