ScreenShot
| Created | 2023.09.11 10:28 | Machine | s1_win7_x6401 |
| Filename | Information about the reservation.scr | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 38 detected (Vidar, Zusy, malicious, confidence, 100%, TrojanPSW, CLOUD, qnfza, YXDIJZ, Artemis, Leonem, ai score=87, BScope, Remcos, Chgt, QQPass, QQRob, Ngil, susgen) | ||
| md5 | c932efa508ef39e723186177a7a885f7 | ||
| sha256 | 3a42cc7e2fe0b899116b5e8890d2865f53b29752a56c230caa55a5d02953faa3 | ||
| ssdeep | 24576:pTHiqXUJXXHx1uOb/OWgiAJEvcDdXKZDNC1J8Am1:prDUJnHx1NjOW/AJE0dXKZDNKI | ||
| imphash | a248a167b096530a2f6241dbb2acf9fa | ||
| impfuzzy | 96:+WnkEIXeO8n+DMFLqcfI1W58UfwJjYKtDrTCXZpR:+W3z0l1W58U4hztDih | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 38 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x432080 GetTickCount
0x432084 DuplicateHandle
0x432088 TerminateProcess
0x43208c Sleep
0x432090 WaitForSingleObject
0x432094 SetEvent
0x432098 CreateThread
0x43209c CreateEventW
0x4320a0 DeviceIoControl
0x4320a4 CreateFileW
0x4320a8 QueryDosDeviceW
0x4320ac DeleteAtom
0x4320b0 FindAtomW
0x4320b4 ReleaseMutex
0x4320b8 AddAtomW
0x4320bc OpenThread
0x4320c0 GetAtomNameW
0x4320c4 GetSystemTime
0x4320c8 LocalFree
0x4320cc FormatMessageW
0x4320d0 GetFileSizeEx
0x4320d4 SetFilePointerEx
0x4320d8 LocalFileTimeToFileTime
0x4320dc SystemTimeToFileTime
0x4320e0 ReadFile
0x4320e4 SetEndOfFile
0x4320e8 CreateFileA
0x4320ec WriteConsoleW
0x4320f0 GetConsoleOutputCP
0x4320f4 WriteConsoleA
0x4320f8 FlushFileBuffers
0x4320fc SetStdHandle
0x432100 SetFilePointer
0x432104 GetLocaleInfoA
0x432108 GetStringTypeW
0x43210c GetStringTypeA
0x432110 LCMapStringW
0x432114 LCMapStringA
0x432118 GetConsoleMode
0x43211c GetConsoleCP
0x432120 InitializeCriticalSectionAndSpinCount
0x432124 HeapSize
0x432128 IsValidCodePage
0x43212c GetOEMCP
0x432130 GetACP
0x432134 GetCPInfo
0x432138 HeapReAlloc
0x43213c GetSystemTimeAsFileTime
0x432140 QueryPerformanceCounter
0x432144 HeapCreate
0x432148 TlsFree
0x43214c TlsSetValue
0x432150 TlsAlloc
0x432154 TlsGetValue
0x432158 GetStartupInfoA
0x43215c GetFileType
0x432160 SetHandleCount
0x432164 GetEnvironmentStringsW
0x432168 FreeEnvironmentStringsW
0x43216c GetModuleFileNameA
0x432170 GetStdHandle
0x432174 WriteFile
0x432178 ExitProcess
0x43217c GetProcessHeap
0x432180 HeapAlloc
0x432184 MulDiv
0x432188 GetModuleHandleA
0x43218c GetCurrentProcessId
0x432190 OpenProcess
0x432194 GetVersionExW
0x432198 CloseHandle
0x43219c GetCommandLineW
0x4321a0 GetTempPathW
0x4321a4 GetTempFileNameW
0x4321a8 DeleteFileW
0x4321ac GetModuleHandleW
0x4321b0 LoadLibraryExW
0x4321b4 FindResourceW
0x4321b8 LoadResource
0x4321bc SizeofResource
0x4321c0 MultiByteToWideChar
0x4321c4 FindNextFileW
0x4321c8 FindFirstFileW
0x4321cc FindClose
0x4321d0 OutputDebugStringW
0x4321d4 DebugBreak
0x4321d8 lstrlenA
0x4321dc SetLastError
0x4321e0 lstrcmpiW
0x4321e4 RaiseException
0x4321e8 CreateMutexW
0x4321ec GetLastError
0x4321f0 GetCurrentThreadId
0x4321f4 GetProcAddress
0x4321f8 FreeLibrary
0x4321fc GetModuleFileNameW
0x432200 LoadLibraryW
0x432204 lstrlenW
0x432208 InterlockedDecrement
0x43220c InterlockedIncrement
0x432210 GetCurrentProcess
0x432214 FlushInstructionCache
0x432218 DeleteCriticalSection
0x43221c RtlUnwind
0x432220 IsDebuggerPresent
0x432224 SetUnhandledExceptionFilter
0x432228 UnhandledExceptionFilter
0x43222c GetStartupInfoW
0x432230 WideCharToMultiByte
0x432234 VirtualAlloc
0x432238 VirtualFree
0x43223c IsProcessorFeaturePresent
0x432240 LoadLibraryA
0x432244 HeapFree
0x432248 InterlockedCompareExchange
0x43224c InitializeCriticalSection
0x432250 LeaveCriticalSection
0x432254 EnterCriticalSection
USER32.dll
0x4322e0 RegisterClassW
0x4322e4 GetClassInfoW
0x4322e8 DispatchMessageW
0x4322ec TranslateMessage
0x4322f0 GetMessageW
0x4322f4 PeekMessageW
0x4322f8 SetForegroundWindow
0x4322fc IsWindowVisible
0x432300 FindWindowW
0x432304 ShowWindow
0x432308 UnregisterClassA
0x43230c SetWindowLongW
0x432310 wvsprintfW
0x432314 RegisterWindowMessageW
0x432318 LoadImageW
0x43231c PostQuitMessage
0x432320 GetWindow
0x432324 SetWindowRgn
0x432328 IsDialogMessageW
0x43232c SetDlgItemTextW
0x432330 SetTimer
0x432334 MoveWindow
0x432338 LoadStringW
0x43233c PostMessageW
0x432340 EnumWindows
0x432344 IsIconic
0x432348 GetWindowThreadProcessId
0x43234c FillRect
0x432350 CopyRect
0x432354 DrawIconEx
0x432358 DrawTextW
0x43235c MapWindowPoints
0x432360 IsWindow
0x432364 GetWindowLongW
0x432368 PtInRect
0x43236c RedrawWindow
0x432370 SendMessageW
0x432374 GetClientRect
0x432378 LoadMenuW
0x43237c ClientToScreen
0x432380 SetWindowPos
0x432384 GetDialogBaseUnits
0x432388 GetDC
0x43238c SystemParametersInfoW
0x432390 ReleaseDC
0x432394 AdjustWindowRectEx
0x432398 MonitorFromWindow
0x43239c GetMonitorInfoW
0x4323a0 GetCursorPos
0x4323a4 MonitorFromPoint
0x4323a8 SetRect
0x4323ac MonitorFromRect
0x4323b0 GetSystemMetrics
0x4323b4 EnableWindow
0x4323b8 CharLowerW
0x4323bc CreateWindowExW
0x4323c0 GetDlgItem
0x4323c4 GetWindowRect
0x4323c8 GetParent
0x4323cc InvalidateRect
0x4323d0 ScreenToClient
0x4323d4 DefWindowProcW
0x4323d8 CreateDialogParamW
0x4323dc GetActiveWindow
0x4323e0 MessageBoxW
0x4323e4 DestroyWindow
0x4323e8 CharNextW
0x4323ec SetWindowTextW
GDI32.dll
0x432034 SetBkMode
0x432038 GetObjectType
0x43203c CreateRectRgn
0x432040 CombineRgn
0x432044 CreateSolidBrush
0x432048 CreateCompatibleBitmap
0x43204c DeleteObject
0x432050 CreateCompatibleDC
0x432054 BitBlt
0x432058 DeleteDC
0x43205c GetObjectW
0x432060 CreateFontIndirectW
0x432064 GetDeviceCaps
0x432068 CreateFontW
0x43206c SelectObject
0x432070 GetTextMetricsW
0x432074 GetTextExtentPoint32W
0x432078 EnumFontFamiliesW
ADVAPI32.dll
0x432000 RegQueryValueExW
0x432004 RegDeleteValueW
0x432008 RegQueryValueExA
0x43200c RegCloseKey
0x432010 RegEnumKeyExW
0x432014 RegQueryInfoKeyW
0x432018 RegSetValueExW
0x43201c RegOpenKeyExW
0x432020 RegCreateKeyExW
0x432024 RegDeleteKeyW
SHELL32.dll
0x43228c ExtractIconExW
0x432290 ShellExecuteW
ole32.dll
0x432404 CLSIDFromString
0x432408 CoTaskMemFree
0x43240c CoCreateInstance
0x432410 CoTaskMemRealloc
0x432414 CoUninitialize
0x432418 CoInitialize
0x43241c CoTaskMemAlloc
OLEAUT32.dll
0x43225c VariantClear
0x432260 SysAllocStringByteLen
0x432264 SysStringByteLen
0x432268 VarUI4FromStr
0x43226c SysAllocString
0x432270 SysStringLen
0x432274 SysFreeString
0x432278 VariantInit
SHLWAPI.dll
0x432298 PathRemoveExtensionW
0x43229c StrRChrW
0x4322a0 StrStrW
0x4322a4 StrCmpW
0x4322a8 PathIsDirectoryW
0x4322ac wnsprintfW
0x4322b0 StrCmpIW
0x4322b4 SHSetValueW
0x4322b8 PathRemoveFileSpecW
0x4322bc PathCombineW
0x4322c0 PathIsRelativeW
0x4322c4 PathFindExtensionW
0x4322c8 PathAppendW
0x4322cc PathFindFileNameW
0x4322d0 PathFileExistsW
0x4322d4 SHGetValueW
0x4322d8 StrStrIW
COMCTL32.dll
0x43202c InitCommonControlsEx
VERSION.dll
0x4323f4 GetFileVersionInfoW
0x4323f8 GetFileVersionInfoSizeW
0x4323fc VerQueryValueA
PSAPI.DLL
0x432280 GetModuleFileNameExW
0x432284 GetProcessImageFileNameW
EAT(Export Address Table) is none
KERNEL32.dll
0x432080 GetTickCount
0x432084 DuplicateHandle
0x432088 TerminateProcess
0x43208c Sleep
0x432090 WaitForSingleObject
0x432094 SetEvent
0x432098 CreateThread
0x43209c CreateEventW
0x4320a0 DeviceIoControl
0x4320a4 CreateFileW
0x4320a8 QueryDosDeviceW
0x4320ac DeleteAtom
0x4320b0 FindAtomW
0x4320b4 ReleaseMutex
0x4320b8 AddAtomW
0x4320bc OpenThread
0x4320c0 GetAtomNameW
0x4320c4 GetSystemTime
0x4320c8 LocalFree
0x4320cc FormatMessageW
0x4320d0 GetFileSizeEx
0x4320d4 SetFilePointerEx
0x4320d8 LocalFileTimeToFileTime
0x4320dc SystemTimeToFileTime
0x4320e0 ReadFile
0x4320e4 SetEndOfFile
0x4320e8 CreateFileA
0x4320ec WriteConsoleW
0x4320f0 GetConsoleOutputCP
0x4320f4 WriteConsoleA
0x4320f8 FlushFileBuffers
0x4320fc SetStdHandle
0x432100 SetFilePointer
0x432104 GetLocaleInfoA
0x432108 GetStringTypeW
0x43210c GetStringTypeA
0x432110 LCMapStringW
0x432114 LCMapStringA
0x432118 GetConsoleMode
0x43211c GetConsoleCP
0x432120 InitializeCriticalSectionAndSpinCount
0x432124 HeapSize
0x432128 IsValidCodePage
0x43212c GetOEMCP
0x432130 GetACP
0x432134 GetCPInfo
0x432138 HeapReAlloc
0x43213c GetSystemTimeAsFileTime
0x432140 QueryPerformanceCounter
0x432144 HeapCreate
0x432148 TlsFree
0x43214c TlsSetValue
0x432150 TlsAlloc
0x432154 TlsGetValue
0x432158 GetStartupInfoA
0x43215c GetFileType
0x432160 SetHandleCount
0x432164 GetEnvironmentStringsW
0x432168 FreeEnvironmentStringsW
0x43216c GetModuleFileNameA
0x432170 GetStdHandle
0x432174 WriteFile
0x432178 ExitProcess
0x43217c GetProcessHeap
0x432180 HeapAlloc
0x432184 MulDiv
0x432188 GetModuleHandleA
0x43218c GetCurrentProcessId
0x432190 OpenProcess
0x432194 GetVersionExW
0x432198 CloseHandle
0x43219c GetCommandLineW
0x4321a0 GetTempPathW
0x4321a4 GetTempFileNameW
0x4321a8 DeleteFileW
0x4321ac GetModuleHandleW
0x4321b0 LoadLibraryExW
0x4321b4 FindResourceW
0x4321b8 LoadResource
0x4321bc SizeofResource
0x4321c0 MultiByteToWideChar
0x4321c4 FindNextFileW
0x4321c8 FindFirstFileW
0x4321cc FindClose
0x4321d0 OutputDebugStringW
0x4321d4 DebugBreak
0x4321d8 lstrlenA
0x4321dc SetLastError
0x4321e0 lstrcmpiW
0x4321e4 RaiseException
0x4321e8 CreateMutexW
0x4321ec GetLastError
0x4321f0 GetCurrentThreadId
0x4321f4 GetProcAddress
0x4321f8 FreeLibrary
0x4321fc GetModuleFileNameW
0x432200 LoadLibraryW
0x432204 lstrlenW
0x432208 InterlockedDecrement
0x43220c InterlockedIncrement
0x432210 GetCurrentProcess
0x432214 FlushInstructionCache
0x432218 DeleteCriticalSection
0x43221c RtlUnwind
0x432220 IsDebuggerPresent
0x432224 SetUnhandledExceptionFilter
0x432228 UnhandledExceptionFilter
0x43222c GetStartupInfoW
0x432230 WideCharToMultiByte
0x432234 VirtualAlloc
0x432238 VirtualFree
0x43223c IsProcessorFeaturePresent
0x432240 LoadLibraryA
0x432244 HeapFree
0x432248 InterlockedCompareExchange
0x43224c InitializeCriticalSection
0x432250 LeaveCriticalSection
0x432254 EnterCriticalSection
USER32.dll
0x4322e0 RegisterClassW
0x4322e4 GetClassInfoW
0x4322e8 DispatchMessageW
0x4322ec TranslateMessage
0x4322f0 GetMessageW
0x4322f4 PeekMessageW
0x4322f8 SetForegroundWindow
0x4322fc IsWindowVisible
0x432300 FindWindowW
0x432304 ShowWindow
0x432308 UnregisterClassA
0x43230c SetWindowLongW
0x432310 wvsprintfW
0x432314 RegisterWindowMessageW
0x432318 LoadImageW
0x43231c PostQuitMessage
0x432320 GetWindow
0x432324 SetWindowRgn
0x432328 IsDialogMessageW
0x43232c SetDlgItemTextW
0x432330 SetTimer
0x432334 MoveWindow
0x432338 LoadStringW
0x43233c PostMessageW
0x432340 EnumWindows
0x432344 IsIconic
0x432348 GetWindowThreadProcessId
0x43234c FillRect
0x432350 CopyRect
0x432354 DrawIconEx
0x432358 DrawTextW
0x43235c MapWindowPoints
0x432360 IsWindow
0x432364 GetWindowLongW
0x432368 PtInRect
0x43236c RedrawWindow
0x432370 SendMessageW
0x432374 GetClientRect
0x432378 LoadMenuW
0x43237c ClientToScreen
0x432380 SetWindowPos
0x432384 GetDialogBaseUnits
0x432388 GetDC
0x43238c SystemParametersInfoW
0x432390 ReleaseDC
0x432394 AdjustWindowRectEx
0x432398 MonitorFromWindow
0x43239c GetMonitorInfoW
0x4323a0 GetCursorPos
0x4323a4 MonitorFromPoint
0x4323a8 SetRect
0x4323ac MonitorFromRect
0x4323b0 GetSystemMetrics
0x4323b4 EnableWindow
0x4323b8 CharLowerW
0x4323bc CreateWindowExW
0x4323c0 GetDlgItem
0x4323c4 GetWindowRect
0x4323c8 GetParent
0x4323cc InvalidateRect
0x4323d0 ScreenToClient
0x4323d4 DefWindowProcW
0x4323d8 CreateDialogParamW
0x4323dc GetActiveWindow
0x4323e0 MessageBoxW
0x4323e4 DestroyWindow
0x4323e8 CharNextW
0x4323ec SetWindowTextW
GDI32.dll
0x432034 SetBkMode
0x432038 GetObjectType
0x43203c CreateRectRgn
0x432040 CombineRgn
0x432044 CreateSolidBrush
0x432048 CreateCompatibleBitmap
0x43204c DeleteObject
0x432050 CreateCompatibleDC
0x432054 BitBlt
0x432058 DeleteDC
0x43205c GetObjectW
0x432060 CreateFontIndirectW
0x432064 GetDeviceCaps
0x432068 CreateFontW
0x43206c SelectObject
0x432070 GetTextMetricsW
0x432074 GetTextExtentPoint32W
0x432078 EnumFontFamiliesW
ADVAPI32.dll
0x432000 RegQueryValueExW
0x432004 RegDeleteValueW
0x432008 RegQueryValueExA
0x43200c RegCloseKey
0x432010 RegEnumKeyExW
0x432014 RegQueryInfoKeyW
0x432018 RegSetValueExW
0x43201c RegOpenKeyExW
0x432020 RegCreateKeyExW
0x432024 RegDeleteKeyW
SHELL32.dll
0x43228c ExtractIconExW
0x432290 ShellExecuteW
ole32.dll
0x432404 CLSIDFromString
0x432408 CoTaskMemFree
0x43240c CoCreateInstance
0x432410 CoTaskMemRealloc
0x432414 CoUninitialize
0x432418 CoInitialize
0x43241c CoTaskMemAlloc
OLEAUT32.dll
0x43225c VariantClear
0x432260 SysAllocStringByteLen
0x432264 SysStringByteLen
0x432268 VarUI4FromStr
0x43226c SysAllocString
0x432270 SysStringLen
0x432274 SysFreeString
0x432278 VariantInit
SHLWAPI.dll
0x432298 PathRemoveExtensionW
0x43229c StrRChrW
0x4322a0 StrStrW
0x4322a4 StrCmpW
0x4322a8 PathIsDirectoryW
0x4322ac wnsprintfW
0x4322b0 StrCmpIW
0x4322b4 SHSetValueW
0x4322b8 PathRemoveFileSpecW
0x4322bc PathCombineW
0x4322c0 PathIsRelativeW
0x4322c4 PathFindExtensionW
0x4322c8 PathAppendW
0x4322cc PathFindFileNameW
0x4322d0 PathFileExistsW
0x4322d4 SHGetValueW
0x4322d8 StrStrIW
COMCTL32.dll
0x43202c InitCommonControlsEx
VERSION.dll
0x4323f4 GetFileVersionInfoW
0x4323f8 GetFileVersionInfoSizeW
0x4323fc VerQueryValueA
PSAPI.DLL
0x432280 GetModuleFileNameExW
0x432284 GetProcessImageFileNameW
EAT(Export Address Table) is none