ScreenShot
| Created | 2023.09.16 14:15 | Machine | s1_win7_x6401 |
| Filename | etty27.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 36 detected (AIDetectMalware, Fabookie, GenericKD, GenericRXAA, Kryptik, Vlnc, malicious, confidence, 100%, GenKryptik, Attribute, HighConfidence, high confidence, GMIU, Swrort, qqxog, ai score=84, Znyonm, Detected, unsafe, Chgt, EmnL0dJ0FNC) | ||
| md5 | c91dc9548823528f7c4f84f5148f044c | ||
| sha256 | d9e2126f3d0162ce88e0e98217ea8eaba774aa34c5fd7f47e028cf27f15b7e55 | ||
| ssdeep | 6144:hXXy9wUepQcisGiKzD8bFaggXWe0XZEOHHrpm1HUZLxRZEOHHrpm1HUZLx:hH+wUepEv0ptLpm10TtLpm10 | ||
| imphash | 99782e0cdc1c7b57cdc2cde5daff70c0 | ||
| impfuzzy | 192:DF51vryma6TOltxdXX8ZZyf2eCDsPb2Up:z1vrta6TuPXX8ZZyf21DsPn | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| danger | File has been identified by 36 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x100001000 RegQueryValueExW
0x100001008 RegCloseKey
0x100001010 RegGetValueW
0x100001018 RegSetValueExW
0x100001020 RegOpenKeyExW
KERNEL32.dll
0x1000010d8 GetSystemWow64DirectoryW
0x1000010e0 GetModuleHandleW
0x1000010e8 GetPhysicallyInstalledSystemMemory
0x1000010f0 CreateFileW
0x1000010f8 ReadFile
0x100001100 SetFilePointer
0x100001108 FindFirstFileW
0x100001110 FindNextFileW
0x100001118 FindClose
0x100001120 GetTempPathW
0x100001128 CreateDirectoryExW
0x100001130 GetLastError
0x100001138 SetFileAttributesW
0x100001140 DeleteFileW
0x100001148 GetNativeSystemInfo
0x100001150 GetCurrentDirectoryW
0x100001158 SetCurrentDirectoryW
0x100001160 EnterCriticalSection
0x100001168 FormatMessageW
0x100001170 FreeLibrary
0x100001178 InitializeCriticalSection
0x100001180 GlobalUnlock
0x100001188 GetFileSize
0x100001190 LocalFree
0x100001198 GlobalAlloc
0x1000011a0 GetComputerNameW
0x1000011a8 GetCommandLineW
0x1000011b0 HeapSetInformation
0x1000011b8 RegisterApplicationRestart
0x1000011c0 MultiByteToWideChar
0x1000011c8 GetTimeFormatW
0x1000011d0 GetDateFormatW
0x1000011d8 GetNumberFormatW
0x1000011e0 GetLocaleInfoW
0x1000011e8 TerminateThread
0x1000011f0 WaitForSingleObject
0x1000011f8 SetEvent
0x100001200 CreateThread
0x100001208 ResetEvent
0x100001210 CloseHandle
0x100001218 RemoveDirectoryW
0x100001220 DeleteCriticalSection
0x100001228 UnhandledExceptionFilter
0x100001230 GetCurrentProcess
0x100001238 TerminateProcess
0x100001240 GetSystemTimeAsFileTime
0x100001248 GetCurrentProcessId
0x100001250 GetCurrentThreadId
0x100001258 QueryPerformanceCounter
0x100001260 SetUnhandledExceptionFilter
0x100001268 GetStartupInfoW
0x100001270 Sleep
0x100001278 LocalAlloc
0x100001280 CreateEventW
0x100001288 GetTickCount
0x100001290 GetVersionExW
0x100001298 DnsHostnameToComputerNameW
0x1000012a0 GlobalLock
0x1000012a8 lstrlenW
0x1000012b0 LeaveCriticalSection
0x1000012b8 LoadLibraryW
GDI32.dll
0x100001070 GetObjectW
0x100001078 CreateSolidBrush
0x100001080 SetTextColor
0x100001088 EndDoc
0x100001090 EndPage
0x100001098 StartDocW
0x1000010a0 CreateFontW
0x1000010a8 TextOutW
0x1000010b0 StartPage
0x1000010b8 GetDeviceCaps
0x1000010c0 GetTextExtentPoint32W
0x1000010c8 CreateFontIndirectW
USER32.dll
0x1000016b0 CheckDlgButton
0x1000016b8 ReleaseDC
0x1000016c0 DrawFocusRect
0x1000016c8 GetDCEx
0x1000016d0 SetFocus
0x1000016d8 ReleaseCapture
0x1000016e0 SetCapture
0x1000016e8 PtInRect
0x1000016f0 OffsetRect
0x1000016f8 InflateRect
0x100001700 CloseClipboard
0x100001708 GetClipboardData
0x100001710 IsClipboardFormatAvailable
0x100001718 OpenClipboard
0x100001720 IsWindowEnabled
0x100001728 IsWindowVisible
0x100001730 GetFocus
0x100001738 GetSubMenu
0x100001740 SetCursor
0x100001748 ShowWindow
0x100001750 UpdateWindow
0x100001758 FillRect
0x100001760 ScreenToClient
0x100001768 CopyRect
0x100001770 GetClientRect
0x100001778 SetClassLongPtrW
0x100001780 LoadIconW
0x100001788 SetWindowPlacement
0x100001790 SystemParametersInfoW
0x100001798 LoadAcceleratorsW
0x1000017a0 MoveWindow
0x1000017a8 SetMenuItemInfoW
0x1000017b0 EmptyClipboard
0x1000017b8 PostMessageW
0x1000017c0 MessageBoxW
0x1000017c8 LoadMenuW
0x1000017d0 SetMenu
0x1000017d8 SetClipboardData
0x1000017e0 BeginPaint
0x1000017e8 LoadCursorW
0x1000017f0 GetSysColor
0x1000017f8 GetWindowTextW
0x100001800 EnableWindow
0x100001808 CheckRadioButton
0x100001810 SetDlgItemTextW
0x100001818 KillTimer
0x100001820 IsDlgButtonChecked
0x100001828 SetTimer
0x100001830 DialogBoxParamW
0x100001838 EndDialog
0x100001840 RedrawWindow
0x100001848 EndPaint
0x100001850 PostQuitMessage
0x100001858 CreateDialogParamW
0x100001860 GetMessageW
0x100001868 TranslateAcceleratorW
0x100001870 IsDialogMessageW
0x100001878 TranslateMessage
0x100001880 DispatchMessageW
0x100001888 DestroyAcceleratorTable
0x100001890 InvalidateRect
0x100001898 SendMessageW
0x1000018a0 GetDlgItem
0x1000018a8 SetWindowTextW
0x1000018b0 LoadStringW
0x1000018b8 SetRect
0x1000018c0 GetWindowRect
MFC42u.dll
0x1000012c8 None
0x1000012d0 None
0x1000012d8 None
0x1000012e0 None
0x1000012e8 None
0x1000012f0 None
0x1000012f8 None
0x100001300 None
0x100001308 None
0x100001310 None
0x100001318 None
0x100001320 None
0x100001328 None
0x100001330 None
0x100001338 None
0x100001340 None
0x100001348 None
0x100001350 None
0x100001358 None
0x100001360 None
0x100001368 None
0x100001370 None
0x100001378 None
0x100001380 None
0x100001388 None
0x100001390 None
0x100001398 None
0x1000013a0 None
0x1000013a8 None
0x1000013b0 None
0x1000013b8 None
0x1000013c0 None
0x1000013c8 None
0x1000013d0 None
0x1000013d8 None
0x1000013e0 None
0x1000013e8 None
0x1000013f0 None
0x1000013f8 None
0x100001400 None
0x100001408 None
0x100001410 None
0x100001418 None
0x100001420 None
0x100001428 None
0x100001430 None
0x100001438 None
0x100001440 None
0x100001448 None
0x100001450 None
0x100001458 None
0x100001460 None
0x100001468 None
0x100001470 None
0x100001478 None
0x100001480 None
0x100001488 None
0x100001490 None
0x100001498 None
0x1000014a0 None
0x1000014a8 None
0x1000014b0 None
0x1000014b8 None
0x1000014c0 None
0x1000014c8 None
0x1000014d0 None
0x1000014d8 None
0x1000014e0 None
0x1000014e8 None
0x1000014f0 None
0x1000014f8 None
0x100001500 None
0x100001508 None
0x100001510 None
0x100001518 None
0x100001520 None
0x100001528 None
0x100001530 None
0x100001538 None
0x100001540 None
0x100001548 None
0x100001550 None
0x100001558 None
0x100001560 None
0x100001568 None
0x100001570 None
0x100001578 None
0x100001580 None
0x100001588 None
0x100001590 None
0x100001598 None
0x1000015a0 None
0x1000015a8 None
0x1000015b0 None
0x1000015b8 None
0x1000015c0 None
0x1000015c8 None
0x1000015d0 None
0x1000015d8 None
0x1000015e0 None
0x1000015e8 None
0x1000015f0 None
0x1000015f8 None
0x100001600 None
0x100001608 None
0x100001610 None
msvcrt.dll
0x1000018d0 __dllonexit
0x1000018d8 _lock
0x1000018e0 _onexit
0x1000018e8 ??1type_info@@UEAA@XZ
0x1000018f0 _unlock
0x1000018f8 ?terminate@@YAXXZ
0x100001900 memset
0x100001908 __set_app_type
0x100001910 _fmode
0x100001918 _commode
0x100001920 __setusermatherr
0x100001928 _amsg_exit
0x100001930 _initterm
0x100001938 _wcmdln
0x100001940 exit
0x100001948 _cexit
0x100001950 _exit
0x100001958 _XcptFilter
0x100001960 __C_specific_handler
0x100001968 __wgetmainargs
0x100001970 _callnewh
0x100001978 malloc
0x100001980 _CxxThrowException
0x100001988 ??0exception@@QEAA@AEBV0@@Z
0x100001990 ??1exception@@UEAA@XZ
0x100001998 ?what@exception@@UEBAPEBDXZ
0x1000019a0 __CxxFrameHandler3
0x1000019a8 wcsncpy_s
0x1000019b0 wcstod
0x1000019b8 _wtol
0x1000019c0 _wcsupr
0x1000019c8 free
0x1000019d0 iswalpha
0x1000019d8 wcstoul
0x1000019e0 wcstol
0x1000019e8 _wcsicmp
0x1000019f0 swprintf_s
0x1000019f8 _purecall
0x100001a00 _wcsicoll
0x100001a08 _wtoi
0x100001a10 _vsnwprintf
0x100001a18 ??0exception@@QEAA@AEBQEBDH@Z
0x100001a20 memcpy
ATL.DLL
0x100001030 None
ntdll.dll
0x100001a30 RtlVirtualUnwind
0x100001a38 RtlLookupFunctionEntry
0x100001a40 RtlCaptureContext
0x100001a48 WinSqmAddToStream
OLEAUT32.dll
0x100001620 SysFreeString
0x100001628 SysAllocString
0x100001630 VariantInit
0x100001638 SafeArrayGetDim
0x100001640 SafeArrayGetLBound
0x100001648 SafeArrayGetUBound
0x100001650 SafeArrayGetElement
0x100001658 SysStringLen
0x100001660 VariantChangeType
0x100001668 VariantClear
0x100001670 SysAllocStringLen
ole32.dll
0x100001a58 CoInitializeSecurity
0x100001a60 StringFromCLSID
0x100001a68 CoTaskMemFree
0x100001a70 CoInitialize
0x100001a78 CoUninitialize
0x100001a80 CoCreateInstance
0x100001a88 CoCreateGuid
SHLWAPI.dll
0x1000016a0 StrFormatByteSizeEx
SETUPAPI.dll
0x100001680 SetupIterateCabinetW
COMDLG32.dll
0x100001050 PrintDlgExW
0x100001058 GetOpenFileNameW
0x100001060 GetSaveFileNameW
SHELL32.dll
0x100001690 CommandLineToArgvW
COMCTL32.dll
0x100001040 InitCommonControlsEx
EAT(Export Address Table) is none
ADVAPI32.dll
0x100001000 RegQueryValueExW
0x100001008 RegCloseKey
0x100001010 RegGetValueW
0x100001018 RegSetValueExW
0x100001020 RegOpenKeyExW
KERNEL32.dll
0x1000010d8 GetSystemWow64DirectoryW
0x1000010e0 GetModuleHandleW
0x1000010e8 GetPhysicallyInstalledSystemMemory
0x1000010f0 CreateFileW
0x1000010f8 ReadFile
0x100001100 SetFilePointer
0x100001108 FindFirstFileW
0x100001110 FindNextFileW
0x100001118 FindClose
0x100001120 GetTempPathW
0x100001128 CreateDirectoryExW
0x100001130 GetLastError
0x100001138 SetFileAttributesW
0x100001140 DeleteFileW
0x100001148 GetNativeSystemInfo
0x100001150 GetCurrentDirectoryW
0x100001158 SetCurrentDirectoryW
0x100001160 EnterCriticalSection
0x100001168 FormatMessageW
0x100001170 FreeLibrary
0x100001178 InitializeCriticalSection
0x100001180 GlobalUnlock
0x100001188 GetFileSize
0x100001190 LocalFree
0x100001198 GlobalAlloc
0x1000011a0 GetComputerNameW
0x1000011a8 GetCommandLineW
0x1000011b0 HeapSetInformation
0x1000011b8 RegisterApplicationRestart
0x1000011c0 MultiByteToWideChar
0x1000011c8 GetTimeFormatW
0x1000011d0 GetDateFormatW
0x1000011d8 GetNumberFormatW
0x1000011e0 GetLocaleInfoW
0x1000011e8 TerminateThread
0x1000011f0 WaitForSingleObject
0x1000011f8 SetEvent
0x100001200 CreateThread
0x100001208 ResetEvent
0x100001210 CloseHandle
0x100001218 RemoveDirectoryW
0x100001220 DeleteCriticalSection
0x100001228 UnhandledExceptionFilter
0x100001230 GetCurrentProcess
0x100001238 TerminateProcess
0x100001240 GetSystemTimeAsFileTime
0x100001248 GetCurrentProcessId
0x100001250 GetCurrentThreadId
0x100001258 QueryPerformanceCounter
0x100001260 SetUnhandledExceptionFilter
0x100001268 GetStartupInfoW
0x100001270 Sleep
0x100001278 LocalAlloc
0x100001280 CreateEventW
0x100001288 GetTickCount
0x100001290 GetVersionExW
0x100001298 DnsHostnameToComputerNameW
0x1000012a0 GlobalLock
0x1000012a8 lstrlenW
0x1000012b0 LeaveCriticalSection
0x1000012b8 LoadLibraryW
GDI32.dll
0x100001070 GetObjectW
0x100001078 CreateSolidBrush
0x100001080 SetTextColor
0x100001088 EndDoc
0x100001090 EndPage
0x100001098 StartDocW
0x1000010a0 CreateFontW
0x1000010a8 TextOutW
0x1000010b0 StartPage
0x1000010b8 GetDeviceCaps
0x1000010c0 GetTextExtentPoint32W
0x1000010c8 CreateFontIndirectW
USER32.dll
0x1000016b0 CheckDlgButton
0x1000016b8 ReleaseDC
0x1000016c0 DrawFocusRect
0x1000016c8 GetDCEx
0x1000016d0 SetFocus
0x1000016d8 ReleaseCapture
0x1000016e0 SetCapture
0x1000016e8 PtInRect
0x1000016f0 OffsetRect
0x1000016f8 InflateRect
0x100001700 CloseClipboard
0x100001708 GetClipboardData
0x100001710 IsClipboardFormatAvailable
0x100001718 OpenClipboard
0x100001720 IsWindowEnabled
0x100001728 IsWindowVisible
0x100001730 GetFocus
0x100001738 GetSubMenu
0x100001740 SetCursor
0x100001748 ShowWindow
0x100001750 UpdateWindow
0x100001758 FillRect
0x100001760 ScreenToClient
0x100001768 CopyRect
0x100001770 GetClientRect
0x100001778 SetClassLongPtrW
0x100001780 LoadIconW
0x100001788 SetWindowPlacement
0x100001790 SystemParametersInfoW
0x100001798 LoadAcceleratorsW
0x1000017a0 MoveWindow
0x1000017a8 SetMenuItemInfoW
0x1000017b0 EmptyClipboard
0x1000017b8 PostMessageW
0x1000017c0 MessageBoxW
0x1000017c8 LoadMenuW
0x1000017d0 SetMenu
0x1000017d8 SetClipboardData
0x1000017e0 BeginPaint
0x1000017e8 LoadCursorW
0x1000017f0 GetSysColor
0x1000017f8 GetWindowTextW
0x100001800 EnableWindow
0x100001808 CheckRadioButton
0x100001810 SetDlgItemTextW
0x100001818 KillTimer
0x100001820 IsDlgButtonChecked
0x100001828 SetTimer
0x100001830 DialogBoxParamW
0x100001838 EndDialog
0x100001840 RedrawWindow
0x100001848 EndPaint
0x100001850 PostQuitMessage
0x100001858 CreateDialogParamW
0x100001860 GetMessageW
0x100001868 TranslateAcceleratorW
0x100001870 IsDialogMessageW
0x100001878 TranslateMessage
0x100001880 DispatchMessageW
0x100001888 DestroyAcceleratorTable
0x100001890 InvalidateRect
0x100001898 SendMessageW
0x1000018a0 GetDlgItem
0x1000018a8 SetWindowTextW
0x1000018b0 LoadStringW
0x1000018b8 SetRect
0x1000018c0 GetWindowRect
MFC42u.dll
0x1000012c8 None
0x1000012d0 None
0x1000012d8 None
0x1000012e0 None
0x1000012e8 None
0x1000012f0 None
0x1000012f8 None
0x100001300 None
0x100001308 None
0x100001310 None
0x100001318 None
0x100001320 None
0x100001328 None
0x100001330 None
0x100001338 None
0x100001340 None
0x100001348 None
0x100001350 None
0x100001358 None
0x100001360 None
0x100001368 None
0x100001370 None
0x100001378 None
0x100001380 None
0x100001388 None
0x100001390 None
0x100001398 None
0x1000013a0 None
0x1000013a8 None
0x1000013b0 None
0x1000013b8 None
0x1000013c0 None
0x1000013c8 None
0x1000013d0 None
0x1000013d8 None
0x1000013e0 None
0x1000013e8 None
0x1000013f0 None
0x1000013f8 None
0x100001400 None
0x100001408 None
0x100001410 None
0x100001418 None
0x100001420 None
0x100001428 None
0x100001430 None
0x100001438 None
0x100001440 None
0x100001448 None
0x100001450 None
0x100001458 None
0x100001460 None
0x100001468 None
0x100001470 None
0x100001478 None
0x100001480 None
0x100001488 None
0x100001490 None
0x100001498 None
0x1000014a0 None
0x1000014a8 None
0x1000014b0 None
0x1000014b8 None
0x1000014c0 None
0x1000014c8 None
0x1000014d0 None
0x1000014d8 None
0x1000014e0 None
0x1000014e8 None
0x1000014f0 None
0x1000014f8 None
0x100001500 None
0x100001508 None
0x100001510 None
0x100001518 None
0x100001520 None
0x100001528 None
0x100001530 None
0x100001538 None
0x100001540 None
0x100001548 None
0x100001550 None
0x100001558 None
0x100001560 None
0x100001568 None
0x100001570 None
0x100001578 None
0x100001580 None
0x100001588 None
0x100001590 None
0x100001598 None
0x1000015a0 None
0x1000015a8 None
0x1000015b0 None
0x1000015b8 None
0x1000015c0 None
0x1000015c8 None
0x1000015d0 None
0x1000015d8 None
0x1000015e0 None
0x1000015e8 None
0x1000015f0 None
0x1000015f8 None
0x100001600 None
0x100001608 None
0x100001610 None
msvcrt.dll
0x1000018d0 __dllonexit
0x1000018d8 _lock
0x1000018e0 _onexit
0x1000018e8 ??1type_info@@UEAA@XZ
0x1000018f0 _unlock
0x1000018f8 ?terminate@@YAXXZ
0x100001900 memset
0x100001908 __set_app_type
0x100001910 _fmode
0x100001918 _commode
0x100001920 __setusermatherr
0x100001928 _amsg_exit
0x100001930 _initterm
0x100001938 _wcmdln
0x100001940 exit
0x100001948 _cexit
0x100001950 _exit
0x100001958 _XcptFilter
0x100001960 __C_specific_handler
0x100001968 __wgetmainargs
0x100001970 _callnewh
0x100001978 malloc
0x100001980 _CxxThrowException
0x100001988 ??0exception@@QEAA@AEBV0@@Z
0x100001990 ??1exception@@UEAA@XZ
0x100001998 ?what@exception@@UEBAPEBDXZ
0x1000019a0 __CxxFrameHandler3
0x1000019a8 wcsncpy_s
0x1000019b0 wcstod
0x1000019b8 _wtol
0x1000019c0 _wcsupr
0x1000019c8 free
0x1000019d0 iswalpha
0x1000019d8 wcstoul
0x1000019e0 wcstol
0x1000019e8 _wcsicmp
0x1000019f0 swprintf_s
0x1000019f8 _purecall
0x100001a00 _wcsicoll
0x100001a08 _wtoi
0x100001a10 _vsnwprintf
0x100001a18 ??0exception@@QEAA@AEBQEBDH@Z
0x100001a20 memcpy
ATL.DLL
0x100001030 None
ntdll.dll
0x100001a30 RtlVirtualUnwind
0x100001a38 RtlLookupFunctionEntry
0x100001a40 RtlCaptureContext
0x100001a48 WinSqmAddToStream
OLEAUT32.dll
0x100001620 SysFreeString
0x100001628 SysAllocString
0x100001630 VariantInit
0x100001638 SafeArrayGetDim
0x100001640 SafeArrayGetLBound
0x100001648 SafeArrayGetUBound
0x100001650 SafeArrayGetElement
0x100001658 SysStringLen
0x100001660 VariantChangeType
0x100001668 VariantClear
0x100001670 SysAllocStringLen
ole32.dll
0x100001a58 CoInitializeSecurity
0x100001a60 StringFromCLSID
0x100001a68 CoTaskMemFree
0x100001a70 CoInitialize
0x100001a78 CoUninitialize
0x100001a80 CoCreateInstance
0x100001a88 CoCreateGuid
SHLWAPI.dll
0x1000016a0 StrFormatByteSizeEx
SETUPAPI.dll
0x100001680 SetupIterateCabinetW
COMDLG32.dll
0x100001050 PrintDlgExW
0x100001058 GetOpenFileNameW
0x100001060 GetSaveFileNameW
SHELL32.dll
0x100001690 CommandLineToArgvW
COMCTL32.dll
0x100001040 InitCommonControlsEx
EAT(Export Address Table) is none