Report - esgla2i5.exe

UPX Malicious Library PE File PE64
ScreenShot
Created 2023.09.15 17:27 Machine s1_win7_x6401
Filename esgla2i5.exe
Type PE32+ executable (GUI) x86-64, for MS Windows
AI Score Not founds Behavior Score
1.8
ZERO API file : clean
VT API (file) 38 detected (malicious, moderate confidence, GenericKD, GenKryptik, Attribute, HighConfidence, GLDA, score, Xmhl, htfdt, DownLoader45, PRIVATELOADER, YXDIOZ, Outbreak, Sabsik, Detected, GenericRXAA, ai score=82, unsafe, Chgt, EmnL0dJ0FNC, confidence, 100%)
md5 2273152b5565d0d47b6c59cb5099dc76
sha256 4389fc9e95b214ac7cf515931ae9153450bcd4ccd7b7bad6a498da723ad602af
ssdeep 6144:zFH8RIT6Fam1StJ3rXDW49Vl7SkDHPiaODgKYleQ4S4P:zWdGXDzP7aMAP
imphash ce0c54abf9cb1706cf3f091f1f306b7f
impfuzzy 48:GKo/kNEA+EQbH6UnXyfcyE7le/u8j/9LCAkJE/yLnBn6gIE9oz6UygAwovGfSYkA:GKsY+pbH6UnXyfcyE7lGu8j/e9tWLoNQ
  Network IP location

Signature (4cnts)

Level Description
danger File has been identified by 38 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
info The file contains an unknown PE resource name possibly indicative of a packer
info This executable has a PDB path

Rules (4cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (2cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
z.nnnaajjjgc.com US HK Kwaifong Group Limited 156.236.72.121 malware
156.236.72.121 US HK Kwaifong Group Limited 156.236.72.121 mailcious

Suricata ids

PE API

IAT(Import Address Table) Library

ADVAPI32.dll
 0x100001000 RegCreateKeyExW
 0x100001008 RegCloseKey
 0x100001010 RegSetValueExW
 0x100001018 RegQueryValueExW
 0x100001020 RegDeleteValueW
 0x100001028 RegOpenKeyExW
 0x100001030 RegNotifyChangeKeyValue
 0x100001038 RegFlushKey
KERNEL32.dll
 0x100001080 EnterCriticalSection
 0x100001088 DeleteCriticalSection
 0x100001090 GetCommandLineW
 0x100001098 lstrlenA
 0x1000010a0 FreeLibrary
 0x1000010a8 WaitForSingleObject
 0x1000010b0 SetEvent
 0x1000010b8 RegisterApplicationRestart
 0x1000010c0 LoadLibraryW
 0x1000010c8 Sleep
 0x1000010d0 CreateEventW
 0x1000010d8 WaitForMultipleObjects
 0x1000010e0 HeapSetInformation
 0x1000010e8 GetCurrentThreadId
 0x1000010f0 CloseHandle
 0x1000010f8 GetVersionExW
 0x100001100 GetProcAddress
 0x100001108 GetSystemInfo
 0x100001110 GetFullPathNameW
 0x100001118 WideCharToMultiByte
 0x100001120 ReadFile
 0x100001128 GetProcessHeap
 0x100001130 SetEndOfFile
 0x100001138 GetCurrentDirectoryW
 0x100001140 VirtualQuery
 0x100001148 SetThreadStackGuarantee
 0x100001150 VirtualAlloc
 0x100001158 VirtualProtect
 0x100001160 FlushFileBuffers
 0x100001168 SetStdHandle
 0x100001170 CreateFileW
 0x100001178 GetConsoleMode
 0x100001180 GetConsoleCP
 0x100001188 SetFilePointer
 0x100001190 GetStringTypeW
 0x100001198 MultiByteToWideChar
 0x1000011a0 LCMapStringW
 0x1000011a8 LoadLibraryExW
 0x1000011b0 InitializeCriticalSectionAndSpinCount
 0x1000011b8 HeapSize
 0x1000011c0 GetOEMCP
 0x1000011c8 GetACP
 0x1000011d0 GetCPInfo
 0x1000011d8 OutputDebugStringA
 0x1000011e0 RtlCaptureContext
 0x1000011e8 RtlVirtualUnwind
 0x1000011f0 lstrlenW
 0x1000011f8 GetModuleFileNameW
 0x100001200 GetFileAttributesW
 0x100001208 LeaveCriticalSection
 0x100001210 GetSystemDirectoryW
 0x100001218 InitializeCriticalSection
 0x100001220 WriteConsoleW
 0x100001228 UnhandledExceptionFilter
 0x100001230 GetCurrentProcess
 0x100001238 TerminateProcess
 0x100001240 GetSystemTimeAsFileTime
 0x100001248 GetCurrentProcessId
 0x100001250 GetTickCount
 0x100001258 QueryPerformanceCounter
 0x100001260 HeapCreate
 0x100001268 FlsAlloc
 0x100001270 GetCommandLineA
 0x100001278 GetStartupInfoW
 0x100001280 GetLastError
 0x100001288 HeapFree
 0x100001290 HeapReAlloc
 0x100001298 ExitThread
 0x1000012a0 FlsSetValue
 0x1000012a8 FlsGetValue
 0x1000012b0 CreateThread
 0x1000012b8 RaiseException
 0x1000012c0 RtlPcToFileHeader
 0x1000012c8 RtlLookupFunctionEntry
 0x1000012d0 RtlUnwindEx
 0x1000012d8 HeapAlloc
 0x1000012e0 SetUnhandledExceptionFilter
 0x1000012e8 GetModuleHandleW
 0x1000012f0 ExitProcess
 0x1000012f8 WriteFile
 0x100001300 GetStdHandle
 0x100001308 GetModuleFileNameA
 0x100001310 FreeEnvironmentStringsW
 0x100001318 GetEnvironmentStringsW
 0x100001320 SetHandleCount
 0x100001328 GetFileType
 0x100001330 EncodePointer
 0x100001338 DecodePointer
 0x100001340 FlsFree
 0x100001348 SetLastError
USER32.dll
 0x100001390 UpdateWindow
 0x100001398 SetWindowTextW
 0x1000013a0 DispatchMessageW
 0x1000013a8 EnableWindow
 0x1000013b0 DestroyWindow
 0x1000013b8 SetTimer
 0x1000013c0 GetWindowRect
 0x1000013c8 PostQuitMessage
 0x1000013d0 PostMessageW
 0x1000013d8 KillTimer
 0x1000013e0 MsgWaitForMultipleObjects
 0x1000013e8 GetKeyState
 0x1000013f0 SetForegroundWindow
 0x1000013f8 GetFocus
 0x100001400 DialogBoxParamW
 0x100001408 CallNextHookEx
 0x100001410 IsWindowEnabled
 0x100001418 GetWindowLongPtrW
 0x100001420 GetClientRect
 0x100001428 SetFocus
 0x100001430 TranslateMessage
 0x100001438 IsDialogMessageW
 0x100001440 LoadIconW
 0x100001448 GetWindowLongW
 0x100001450 PeekMessageW
 0x100001458 GetDlgItem
 0x100001460 EndDialog
 0x100001468 GetDesktopWindow
 0x100001470 SetWindowPos
 0x100001478 LoadStringW
 0x100001480 CheckDlgButton
 0x100001488 ShowWindow
 0x100001490 CreateDialogParamW
 0x100001498 SetWindowsHookExW
 0x1000014a0 AdjustWindowRectEx
 0x1000014a8 UnhookWindowsHookEx
 0x1000014b0 MessageBoxW
 0x1000014b8 SendMessageW
COMCTL32.dll
 0x100001048 ImageList_Create
 0x100001050 ImageList_ReplaceIcon
 0x100001058 None
 0x100001060 ImageList_Destroy
COMDLG32.dll
 0x100001070 GetSaveFileNameW
SHELL32.dll
 0x100001380 ShellExecuteW
ole32.dll
 0x1000014c8 CoUninitialize
 0x1000014d0 CoInitialize
 0x1000014d8 CoInitializeSecurity
 0x1000014e0 CoCreateInstance
OLEAUT32.dll
 0x100001358 SysFreeString
 0x100001360 SysAllocString
 0x100001368 VariantInit
 0x100001370 VariantClear

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure