ScreenShot
| Created | 2023.09.15 17:27 | Machine | s1_win7_x6401 |
| Filename | esgla2i5.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 38 detected (malicious, moderate confidence, GenericKD, GenKryptik, Attribute, HighConfidence, GLDA, score, Xmhl, htfdt, DownLoader45, PRIVATELOADER, YXDIOZ, Outbreak, Sabsik, Detected, GenericRXAA, ai score=82, unsafe, Chgt, EmnL0dJ0FNC, confidence, 100%) | ||
| md5 | 2273152b5565d0d47b6c59cb5099dc76 | ||
| sha256 | 4389fc9e95b214ac7cf515931ae9153450bcd4ccd7b7bad6a498da723ad602af | ||
| ssdeep | 6144:zFH8RIT6Fam1StJ3rXDW49Vl7SkDHPiaODgKYleQ4S4P:zWdGXDzP7aMAP | ||
| imphash | ce0c54abf9cb1706cf3f091f1f306b7f | ||
| impfuzzy | 48:GKo/kNEA+EQbH6UnXyfcyE7le/u8j/9LCAkJE/yLnBn6gIE9oz6UygAwovGfSYkA:GKsY+pbH6UnXyfcyE7lGu8j/e9tWLoNQ | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 38 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x100001000 RegCreateKeyExW
0x100001008 RegCloseKey
0x100001010 RegSetValueExW
0x100001018 RegQueryValueExW
0x100001020 RegDeleteValueW
0x100001028 RegOpenKeyExW
0x100001030 RegNotifyChangeKeyValue
0x100001038 RegFlushKey
KERNEL32.dll
0x100001080 EnterCriticalSection
0x100001088 DeleteCriticalSection
0x100001090 GetCommandLineW
0x100001098 lstrlenA
0x1000010a0 FreeLibrary
0x1000010a8 WaitForSingleObject
0x1000010b0 SetEvent
0x1000010b8 RegisterApplicationRestart
0x1000010c0 LoadLibraryW
0x1000010c8 Sleep
0x1000010d0 CreateEventW
0x1000010d8 WaitForMultipleObjects
0x1000010e0 HeapSetInformation
0x1000010e8 GetCurrentThreadId
0x1000010f0 CloseHandle
0x1000010f8 GetVersionExW
0x100001100 GetProcAddress
0x100001108 GetSystemInfo
0x100001110 GetFullPathNameW
0x100001118 WideCharToMultiByte
0x100001120 ReadFile
0x100001128 GetProcessHeap
0x100001130 SetEndOfFile
0x100001138 GetCurrentDirectoryW
0x100001140 VirtualQuery
0x100001148 SetThreadStackGuarantee
0x100001150 VirtualAlloc
0x100001158 VirtualProtect
0x100001160 FlushFileBuffers
0x100001168 SetStdHandle
0x100001170 CreateFileW
0x100001178 GetConsoleMode
0x100001180 GetConsoleCP
0x100001188 SetFilePointer
0x100001190 GetStringTypeW
0x100001198 MultiByteToWideChar
0x1000011a0 LCMapStringW
0x1000011a8 LoadLibraryExW
0x1000011b0 InitializeCriticalSectionAndSpinCount
0x1000011b8 HeapSize
0x1000011c0 GetOEMCP
0x1000011c8 GetACP
0x1000011d0 GetCPInfo
0x1000011d8 OutputDebugStringA
0x1000011e0 RtlCaptureContext
0x1000011e8 RtlVirtualUnwind
0x1000011f0 lstrlenW
0x1000011f8 GetModuleFileNameW
0x100001200 GetFileAttributesW
0x100001208 LeaveCriticalSection
0x100001210 GetSystemDirectoryW
0x100001218 InitializeCriticalSection
0x100001220 WriteConsoleW
0x100001228 UnhandledExceptionFilter
0x100001230 GetCurrentProcess
0x100001238 TerminateProcess
0x100001240 GetSystemTimeAsFileTime
0x100001248 GetCurrentProcessId
0x100001250 GetTickCount
0x100001258 QueryPerformanceCounter
0x100001260 HeapCreate
0x100001268 FlsAlloc
0x100001270 GetCommandLineA
0x100001278 GetStartupInfoW
0x100001280 GetLastError
0x100001288 HeapFree
0x100001290 HeapReAlloc
0x100001298 ExitThread
0x1000012a0 FlsSetValue
0x1000012a8 FlsGetValue
0x1000012b0 CreateThread
0x1000012b8 RaiseException
0x1000012c0 RtlPcToFileHeader
0x1000012c8 RtlLookupFunctionEntry
0x1000012d0 RtlUnwindEx
0x1000012d8 HeapAlloc
0x1000012e0 SetUnhandledExceptionFilter
0x1000012e8 GetModuleHandleW
0x1000012f0 ExitProcess
0x1000012f8 WriteFile
0x100001300 GetStdHandle
0x100001308 GetModuleFileNameA
0x100001310 FreeEnvironmentStringsW
0x100001318 GetEnvironmentStringsW
0x100001320 SetHandleCount
0x100001328 GetFileType
0x100001330 EncodePointer
0x100001338 DecodePointer
0x100001340 FlsFree
0x100001348 SetLastError
USER32.dll
0x100001390 UpdateWindow
0x100001398 SetWindowTextW
0x1000013a0 DispatchMessageW
0x1000013a8 EnableWindow
0x1000013b0 DestroyWindow
0x1000013b8 SetTimer
0x1000013c0 GetWindowRect
0x1000013c8 PostQuitMessage
0x1000013d0 PostMessageW
0x1000013d8 KillTimer
0x1000013e0 MsgWaitForMultipleObjects
0x1000013e8 GetKeyState
0x1000013f0 SetForegroundWindow
0x1000013f8 GetFocus
0x100001400 DialogBoxParamW
0x100001408 CallNextHookEx
0x100001410 IsWindowEnabled
0x100001418 GetWindowLongPtrW
0x100001420 GetClientRect
0x100001428 SetFocus
0x100001430 TranslateMessage
0x100001438 IsDialogMessageW
0x100001440 LoadIconW
0x100001448 GetWindowLongW
0x100001450 PeekMessageW
0x100001458 GetDlgItem
0x100001460 EndDialog
0x100001468 GetDesktopWindow
0x100001470 SetWindowPos
0x100001478 LoadStringW
0x100001480 CheckDlgButton
0x100001488 ShowWindow
0x100001490 CreateDialogParamW
0x100001498 SetWindowsHookExW
0x1000014a0 AdjustWindowRectEx
0x1000014a8 UnhookWindowsHookEx
0x1000014b0 MessageBoxW
0x1000014b8 SendMessageW
COMCTL32.dll
0x100001048 ImageList_Create
0x100001050 ImageList_ReplaceIcon
0x100001058 None
0x100001060 ImageList_Destroy
COMDLG32.dll
0x100001070 GetSaveFileNameW
SHELL32.dll
0x100001380 ShellExecuteW
ole32.dll
0x1000014c8 CoUninitialize
0x1000014d0 CoInitialize
0x1000014d8 CoInitializeSecurity
0x1000014e0 CoCreateInstance
OLEAUT32.dll
0x100001358 SysFreeString
0x100001360 SysAllocString
0x100001368 VariantInit
0x100001370 VariantClear
EAT(Export Address Table) is none
ADVAPI32.dll
0x100001000 RegCreateKeyExW
0x100001008 RegCloseKey
0x100001010 RegSetValueExW
0x100001018 RegQueryValueExW
0x100001020 RegDeleteValueW
0x100001028 RegOpenKeyExW
0x100001030 RegNotifyChangeKeyValue
0x100001038 RegFlushKey
KERNEL32.dll
0x100001080 EnterCriticalSection
0x100001088 DeleteCriticalSection
0x100001090 GetCommandLineW
0x100001098 lstrlenA
0x1000010a0 FreeLibrary
0x1000010a8 WaitForSingleObject
0x1000010b0 SetEvent
0x1000010b8 RegisterApplicationRestart
0x1000010c0 LoadLibraryW
0x1000010c8 Sleep
0x1000010d0 CreateEventW
0x1000010d8 WaitForMultipleObjects
0x1000010e0 HeapSetInformation
0x1000010e8 GetCurrentThreadId
0x1000010f0 CloseHandle
0x1000010f8 GetVersionExW
0x100001100 GetProcAddress
0x100001108 GetSystemInfo
0x100001110 GetFullPathNameW
0x100001118 WideCharToMultiByte
0x100001120 ReadFile
0x100001128 GetProcessHeap
0x100001130 SetEndOfFile
0x100001138 GetCurrentDirectoryW
0x100001140 VirtualQuery
0x100001148 SetThreadStackGuarantee
0x100001150 VirtualAlloc
0x100001158 VirtualProtect
0x100001160 FlushFileBuffers
0x100001168 SetStdHandle
0x100001170 CreateFileW
0x100001178 GetConsoleMode
0x100001180 GetConsoleCP
0x100001188 SetFilePointer
0x100001190 GetStringTypeW
0x100001198 MultiByteToWideChar
0x1000011a0 LCMapStringW
0x1000011a8 LoadLibraryExW
0x1000011b0 InitializeCriticalSectionAndSpinCount
0x1000011b8 HeapSize
0x1000011c0 GetOEMCP
0x1000011c8 GetACP
0x1000011d0 GetCPInfo
0x1000011d8 OutputDebugStringA
0x1000011e0 RtlCaptureContext
0x1000011e8 RtlVirtualUnwind
0x1000011f0 lstrlenW
0x1000011f8 GetModuleFileNameW
0x100001200 GetFileAttributesW
0x100001208 LeaveCriticalSection
0x100001210 GetSystemDirectoryW
0x100001218 InitializeCriticalSection
0x100001220 WriteConsoleW
0x100001228 UnhandledExceptionFilter
0x100001230 GetCurrentProcess
0x100001238 TerminateProcess
0x100001240 GetSystemTimeAsFileTime
0x100001248 GetCurrentProcessId
0x100001250 GetTickCount
0x100001258 QueryPerformanceCounter
0x100001260 HeapCreate
0x100001268 FlsAlloc
0x100001270 GetCommandLineA
0x100001278 GetStartupInfoW
0x100001280 GetLastError
0x100001288 HeapFree
0x100001290 HeapReAlloc
0x100001298 ExitThread
0x1000012a0 FlsSetValue
0x1000012a8 FlsGetValue
0x1000012b0 CreateThread
0x1000012b8 RaiseException
0x1000012c0 RtlPcToFileHeader
0x1000012c8 RtlLookupFunctionEntry
0x1000012d0 RtlUnwindEx
0x1000012d8 HeapAlloc
0x1000012e0 SetUnhandledExceptionFilter
0x1000012e8 GetModuleHandleW
0x1000012f0 ExitProcess
0x1000012f8 WriteFile
0x100001300 GetStdHandle
0x100001308 GetModuleFileNameA
0x100001310 FreeEnvironmentStringsW
0x100001318 GetEnvironmentStringsW
0x100001320 SetHandleCount
0x100001328 GetFileType
0x100001330 EncodePointer
0x100001338 DecodePointer
0x100001340 FlsFree
0x100001348 SetLastError
USER32.dll
0x100001390 UpdateWindow
0x100001398 SetWindowTextW
0x1000013a0 DispatchMessageW
0x1000013a8 EnableWindow
0x1000013b0 DestroyWindow
0x1000013b8 SetTimer
0x1000013c0 GetWindowRect
0x1000013c8 PostQuitMessage
0x1000013d0 PostMessageW
0x1000013d8 KillTimer
0x1000013e0 MsgWaitForMultipleObjects
0x1000013e8 GetKeyState
0x1000013f0 SetForegroundWindow
0x1000013f8 GetFocus
0x100001400 DialogBoxParamW
0x100001408 CallNextHookEx
0x100001410 IsWindowEnabled
0x100001418 GetWindowLongPtrW
0x100001420 GetClientRect
0x100001428 SetFocus
0x100001430 TranslateMessage
0x100001438 IsDialogMessageW
0x100001440 LoadIconW
0x100001448 GetWindowLongW
0x100001450 PeekMessageW
0x100001458 GetDlgItem
0x100001460 EndDialog
0x100001468 GetDesktopWindow
0x100001470 SetWindowPos
0x100001478 LoadStringW
0x100001480 CheckDlgButton
0x100001488 ShowWindow
0x100001490 CreateDialogParamW
0x100001498 SetWindowsHookExW
0x1000014a0 AdjustWindowRectEx
0x1000014a8 UnhookWindowsHookEx
0x1000014b0 MessageBoxW
0x1000014b8 SendMessageW
COMCTL32.dll
0x100001048 ImageList_Create
0x100001050 ImageList_ReplaceIcon
0x100001058 None
0x100001060 ImageList_Destroy
COMDLG32.dll
0x100001070 GetSaveFileNameW
SHELL32.dll
0x100001380 ShellExecuteW
ole32.dll
0x1000014c8 CoUninitialize
0x1000014d0 CoInitialize
0x1000014d8 CoInitializeSecurity
0x1000014e0 CoCreateInstance
OLEAUT32.dll
0x100001358 SysFreeString
0x100001360 SysAllocString
0x100001368 VariantInit
0x100001370 VariantClear
EAT(Export Address Table) is none