ScreenShot
| Created | 2023.09.23 09:44 | Machine | s1_win7_x6401 |
| Filename | rh_0.4.9rc1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 58 detected (Common, Mansabo, malicious, high confidence, Packed2, Zusy, GenericRXWG, unsafe, Vz74, confidence, 100%, Genus, Kryptik, Eldorado, Attribute, HighConfidence, HTRB, score, jxjfbc, PWSX, Gencirc, dkjer, RHADAMANTHYS, YXDITZ, ai score=80, Detected, D7OYBgVIcJE, MGtOvPd67SI, susgen) | ||
| md5 | c5c64755f463c91c92f516b3214c5b37 | ||
| sha256 | 57939197bad88b1f26555826a1de37b5527483a5583745cd614aff349cb41ea4 | ||
| ssdeep | 6144:2uWP/BtSnurUylcrGYlnIttxv8HbcLgsd1Gus5psdrvV44dixP+MHDkBYdxtG9+g:2uWP/BZUyoLu8Agsmxwrvejkd2 | ||
| imphash | eca0c30b65294d02a6c6180a6b323b58 | ||
| impfuzzy | 48:BlL6dc1tclqiabVZP0eRZAEMvyyArTCEk10WGiwF4JSQZVn+JPAM5flwA04TIASA:BlL2c1tclVabVLT21MQXO/nSBOP | ||
Network IP location
Signature (10cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| danger | File has been identified by 58 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Detects Avast Antivirus through the presence of a library |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Executes one or more WMI queries |
| notice | Executes one or more WMI queries which can be used to identify virtual machines |
| info | One or more processes crashed |
| info | Queries for the computername |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x420070 VirtualProtect
0x420074 HeapSize
0x420078 GetStringTypeW
0x42007c GetStringTypeA
0x420080 GetLocaleInfoA
0x420084 GetSystemTimeAsFileTime
0x420088 GetCurrentProcessId
0x42008c GetTickCount
0x420090 QueryPerformanceCounter
0x420094 LCMapStringW
0x420098 LCMapStringA
0x42009c InterlockedExchange
0x4200a0 RtlUnwind
0x4200a4 HeapReAlloc
0x4200a8 VirtualAlloc
0x4200ac InitializeCriticalSection
0x4200b0 LoadLibraryA
0x4200b4 GetCPInfo
0x4200b8 GetSystemInfo
0x4200bc GetACP
0x4200c0 EnterCriticalSection
0x4200c4 LeaveCriticalSection
0x4200c8 VirtualFree
0x4200cc DeleteCriticalSection
0x4200d0 GetFileType
0x4200d4 SetHandleCount
0x4200d8 GetEnvironmentStringsW
0x4200dc FreeEnvironmentStringsW
0x4200e0 GetEnvironmentStrings
0x4200e4 FreeEnvironmentStringsA
0x4200e8 UnhandledExceptionFilter
0x4200ec GetModuleFileNameA
0x4200f0 GetStdHandle
0x4200f4 WriteFile
0x4200f8 TerminateProcess
0x4200fc TlsGetValue
0x420100 TlsSetValue
0x420104 TlsFree
0x420108 GetLastError
0x42010c GetCurrentThreadId
0x420110 SetLastError
0x420114 TlsAlloc
0x420118 GetProcAddress
0x42011c HeapCreate
0x420120 VirtualQuery
0x420124 WaitForSingleObject
0x420128 HeapDestroy
0x42012c CreateEventW
0x420130 ExitProcess
0x420134 WideCharToMultiByte
0x420138 OutputDebugStringW
0x42013c CreateFileW
0x420140 ReadFile
0x420144 CloseHandle
0x420148 GetCurrentProcess
0x42014c MultiByteToWideChar
0x420150 GetModuleHandleW
0x420154 InterlockedIncrement
0x420158 GetModuleFileNameW
0x42015c lstrlenW
0x420160 HeapFree
0x420164 OutputDebugStringA
0x420168 MulDiv
0x42016c GetProcessHeap
0x420170 HeapAlloc
0x420174 GetOEMCP
0x420178 GetVersionExA
0x42017c GetCommandLineA
0x420180 GetStartupInfoA
0x420184 GetModuleHandleA
USER32.dll
0x4201d4 GetClassInfoW
0x4201d8 FrameRect
0x4201dc CharUpperBuffW
0x4201e0 IsIconic
0x4201e4 EnableWindow
0x4201e8 DrawIcon
0x4201ec DeleteMenu
0x4201f0 SetTimer
0x4201f4 CreateAcceleratorTableW
0x4201f8 GetSystemMenu
0x4201fc DrawMenuBar
0x420200 SetMenuItemInfoW
0x420204 GetWindowTextW
0x420208 GetDCEx
0x42020c RegisterClassW
0x420210 GetMenuItemInfoW
0x420214 SetScrollPos
0x420218 FillRect
0x42021c GetSystemMetrics
0x420220 GetDC
0x420224 MsgWaitForMultipleObjectsEx
0x420228 EndMenu
0x42022c DestroyCursor
0x420230 IsZoomed
0x420234 GetCursor
0x420238 GetScrollPos
0x42023c DispatchMessageW
0x420240 DefFrameProcW
0x420244 DestroyMenu
0x420248 ReleaseDC
0x42024c IsDialogMessageW
0x420250 GetScrollRange
0x420254 DefMDIChildProcW
0x420258 GetMenuStringW
0x42025c PeekMessageW
0x420260 CopyImage
0x420264 ShowCaret
0x420268 LoadIconW
0x42026c DrawFocusRect
0x420270 LoadBitmapW
0x420274 GetDlgCtrlID
0x420278 LoadStringW
0x42027c GetClassInfoExW
0x420280 DestroyIcon
0x420284 ShowWindow
0x420288 EndPaint
0x42028c PostMessageW
0x420290 CreateWindowExW
0x420294 BeginPaint
0x420298 LoadCursorW
0x42029c GetClientRect
0x4202a0 InsertMenuW
0x4202a4 CreateIcon
0x4202a8 DestroyWindow
0x4202ac KillTimer
0x4202b0 GetScrollInfo
0x4202b4 CreateMenu
ADVAPI32.dll
0x420000 RegCloseKey
0x420004 RegOpenKeyExW
0x420008 RegQueryValueExW
GDI32.dll
0x420010 Pie
0x420014 AngleArc
0x420018 Polygon
0x42001c CreateSolidBrush
0x420020 RectVisible
0x420024 CreateICW
0x420028 CreatePalette
0x42002c PolyBezierTo
0x420030 RoundRect
0x420034 RestoreDC
0x420038 GetWindowOrgEx
0x42003c CreateCompatibleBitmap
0x420040 MoveToEx
0x420044 GetTextMetricsW
0x420048 GetStockObject
0x42004c SetTextColor
0x420050 SetAbortProc
0x420054 SetBkMode
0x420058 StretchBlt
0x42005c CreateDCW
0x420060 GetDeviceCaps
0x420064 SetRectRgn
0x420068 GetEnhMetaFileHeader
ole32.dll
0x4202e4 OleInitialize
0x4202e8 CoUninitialize
0x4202ec OleUninitialize
0x4202f0 CoTaskMemFree
0x4202f4 CoTaskMemAlloc
0x4202f8 IsEqualGUID
0x4202fc CoInitialize
0x420300 CoCreateInstance
OLEAUT32.dll
0x42018c VariantChangeType
0x420190 SafeArrayPutElement
0x420194 VariantCopy
0x420198 VariantClear
0x42019c SafeArrayGetElement
0x4201a0 SafeArrayGetUBound
0x4201a4 SysFreeString
0x4201a8 GetErrorInfo
0x4201ac VariantInit
0x4201b0 SafeArrayPtrOfIndex
0x4201b4 SysAllocStringLen
0x4201b8 SafeArrayGetLBound
0x4201bc SafeArrayAccessData
0x4201c0 VariantCopyInd
0x4201c4 SysReAllocStringLen
0x4201c8 SafeArrayCreate
0x4201cc SafeArrayUnaccessData
VERSION.dll
0x4202bc VerQueryValueW
0x4202c0 GetFileVersionInfoSizeW
0x4202c4 GetFileVersionInfoW
WINSPOOL.DRV
0x4202cc EnumPrintersW
0x4202d0 None
0x4202d4 OpenPrinterW
0x4202d8 ClosePrinter
0x4202dc DocumentPropertiesW
EAT(Export Address Table) is none
KERNEL32.dll
0x420070 VirtualProtect
0x420074 HeapSize
0x420078 GetStringTypeW
0x42007c GetStringTypeA
0x420080 GetLocaleInfoA
0x420084 GetSystemTimeAsFileTime
0x420088 GetCurrentProcessId
0x42008c GetTickCount
0x420090 QueryPerformanceCounter
0x420094 LCMapStringW
0x420098 LCMapStringA
0x42009c InterlockedExchange
0x4200a0 RtlUnwind
0x4200a4 HeapReAlloc
0x4200a8 VirtualAlloc
0x4200ac InitializeCriticalSection
0x4200b0 LoadLibraryA
0x4200b4 GetCPInfo
0x4200b8 GetSystemInfo
0x4200bc GetACP
0x4200c0 EnterCriticalSection
0x4200c4 LeaveCriticalSection
0x4200c8 VirtualFree
0x4200cc DeleteCriticalSection
0x4200d0 GetFileType
0x4200d4 SetHandleCount
0x4200d8 GetEnvironmentStringsW
0x4200dc FreeEnvironmentStringsW
0x4200e0 GetEnvironmentStrings
0x4200e4 FreeEnvironmentStringsA
0x4200e8 UnhandledExceptionFilter
0x4200ec GetModuleFileNameA
0x4200f0 GetStdHandle
0x4200f4 WriteFile
0x4200f8 TerminateProcess
0x4200fc TlsGetValue
0x420100 TlsSetValue
0x420104 TlsFree
0x420108 GetLastError
0x42010c GetCurrentThreadId
0x420110 SetLastError
0x420114 TlsAlloc
0x420118 GetProcAddress
0x42011c HeapCreate
0x420120 VirtualQuery
0x420124 WaitForSingleObject
0x420128 HeapDestroy
0x42012c CreateEventW
0x420130 ExitProcess
0x420134 WideCharToMultiByte
0x420138 OutputDebugStringW
0x42013c CreateFileW
0x420140 ReadFile
0x420144 CloseHandle
0x420148 GetCurrentProcess
0x42014c MultiByteToWideChar
0x420150 GetModuleHandleW
0x420154 InterlockedIncrement
0x420158 GetModuleFileNameW
0x42015c lstrlenW
0x420160 HeapFree
0x420164 OutputDebugStringA
0x420168 MulDiv
0x42016c GetProcessHeap
0x420170 HeapAlloc
0x420174 GetOEMCP
0x420178 GetVersionExA
0x42017c GetCommandLineA
0x420180 GetStartupInfoA
0x420184 GetModuleHandleA
USER32.dll
0x4201d4 GetClassInfoW
0x4201d8 FrameRect
0x4201dc CharUpperBuffW
0x4201e0 IsIconic
0x4201e4 EnableWindow
0x4201e8 DrawIcon
0x4201ec DeleteMenu
0x4201f0 SetTimer
0x4201f4 CreateAcceleratorTableW
0x4201f8 GetSystemMenu
0x4201fc DrawMenuBar
0x420200 SetMenuItemInfoW
0x420204 GetWindowTextW
0x420208 GetDCEx
0x42020c RegisterClassW
0x420210 GetMenuItemInfoW
0x420214 SetScrollPos
0x420218 FillRect
0x42021c GetSystemMetrics
0x420220 GetDC
0x420224 MsgWaitForMultipleObjectsEx
0x420228 EndMenu
0x42022c DestroyCursor
0x420230 IsZoomed
0x420234 GetCursor
0x420238 GetScrollPos
0x42023c DispatchMessageW
0x420240 DefFrameProcW
0x420244 DestroyMenu
0x420248 ReleaseDC
0x42024c IsDialogMessageW
0x420250 GetScrollRange
0x420254 DefMDIChildProcW
0x420258 GetMenuStringW
0x42025c PeekMessageW
0x420260 CopyImage
0x420264 ShowCaret
0x420268 LoadIconW
0x42026c DrawFocusRect
0x420270 LoadBitmapW
0x420274 GetDlgCtrlID
0x420278 LoadStringW
0x42027c GetClassInfoExW
0x420280 DestroyIcon
0x420284 ShowWindow
0x420288 EndPaint
0x42028c PostMessageW
0x420290 CreateWindowExW
0x420294 BeginPaint
0x420298 LoadCursorW
0x42029c GetClientRect
0x4202a0 InsertMenuW
0x4202a4 CreateIcon
0x4202a8 DestroyWindow
0x4202ac KillTimer
0x4202b0 GetScrollInfo
0x4202b4 CreateMenu
ADVAPI32.dll
0x420000 RegCloseKey
0x420004 RegOpenKeyExW
0x420008 RegQueryValueExW
GDI32.dll
0x420010 Pie
0x420014 AngleArc
0x420018 Polygon
0x42001c CreateSolidBrush
0x420020 RectVisible
0x420024 CreateICW
0x420028 CreatePalette
0x42002c PolyBezierTo
0x420030 RoundRect
0x420034 RestoreDC
0x420038 GetWindowOrgEx
0x42003c CreateCompatibleBitmap
0x420040 MoveToEx
0x420044 GetTextMetricsW
0x420048 GetStockObject
0x42004c SetTextColor
0x420050 SetAbortProc
0x420054 SetBkMode
0x420058 StretchBlt
0x42005c CreateDCW
0x420060 GetDeviceCaps
0x420064 SetRectRgn
0x420068 GetEnhMetaFileHeader
ole32.dll
0x4202e4 OleInitialize
0x4202e8 CoUninitialize
0x4202ec OleUninitialize
0x4202f0 CoTaskMemFree
0x4202f4 CoTaskMemAlloc
0x4202f8 IsEqualGUID
0x4202fc CoInitialize
0x420300 CoCreateInstance
OLEAUT32.dll
0x42018c VariantChangeType
0x420190 SafeArrayPutElement
0x420194 VariantCopy
0x420198 VariantClear
0x42019c SafeArrayGetElement
0x4201a0 SafeArrayGetUBound
0x4201a4 SysFreeString
0x4201a8 GetErrorInfo
0x4201ac VariantInit
0x4201b0 SafeArrayPtrOfIndex
0x4201b4 SysAllocStringLen
0x4201b8 SafeArrayGetLBound
0x4201bc SafeArrayAccessData
0x4201c0 VariantCopyInd
0x4201c4 SysReAllocStringLen
0x4201c8 SafeArrayCreate
0x4201cc SafeArrayUnaccessData
VERSION.dll
0x4202bc VerQueryValueW
0x4202c0 GetFileVersionInfoSizeW
0x4202c4 GetFileVersionInfoW
WINSPOOL.DRV
0x4202cc EnumPrintersW
0x4202d0 None
0x4202d4 OpenPrinterW
0x4202d8 ClosePrinter
0x4202dc DocumentPropertiesW
EAT(Export Address Table) is none