ScreenShot
| Created | 2023.09.26 20:14 | Machine | s1_win7_x6401 |
| Filename | 55aa5e.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 47 detected (AIDetectMalware, malicious, high confidence, GenericKDS, Save, Attribute, HighConfidence, Amadey, score, etrw, BotX, Generic@AI, RDML, Q0HnaifcQC, EZBS5CjynHA, jktuq, Packed2, YXDIEZ, high, Static AI, Malicious PE, Sabsik, GenericS, Artemis, ai score=87, unsafe, Chgt, Swhl, ZexaF, @J0@aeermaai, confidence, 100%) | ||
| md5 | 50b75a2eab39366e1ff40211cf784a29 | ||
| sha256 | 2b152ed690b728c84af5ab78b722120a5385ee1b2938d6ed3d66d10a0ac10a7e | ||
| ssdeep | 196608:+z0ooZ6Zy2UFUrTqsA5QMfMHUUJMVLv72RSSHIUdXJKn:+joZT52TqsA5/MHmv7y2EIn | ||
| imphash | 57d103a83094fa82108ae551b7df13b9 | ||
| impfuzzy | 96:pXS5GjEc+JEtSS1jGoZctWRLoc1AXJ+Zcp+qjwSttLyuua:p1jZcFZ+Ra | ||
Network IP location
Signature (10cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 47 AntiVirus engines on VirusTotal as malicious |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates a suspicious process |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is likely packed with VMProtect |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Checks amount of memory in system |
| info | Command line console output was observed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| watch | VMProtect_Zero | VMProtect packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x7fa000 CloseHandle
0x7fa004 GetSystemInfo
0x7fa008 CreateThread
0x7fa00c GetThreadContext
0x7fa010 GetProcAddress
0x7fa014 VirtualAllocEx
0x7fa018 RemoveDirectoryA
0x7fa01c CreateFileA
0x7fa020 CreateProcessA
0x7fa024 CreateDirectoryA
0x7fa028 SetThreadContext
0x7fa02c SetEndOfFile
0x7fa030 HeapSize
0x7fa034 GetProcessHeap
0x7fa038 SetEnvironmentVariableW
0x7fa03c GetFileAttributesA
0x7fa040 GetLastError
0x7fa044 GetTempPathA
0x7fa048 Sleep
0x7fa04c GetModuleHandleA
0x7fa050 SetCurrentDirectoryA
0x7fa054 ResumeThread
0x7fa058 GetComputerNameExW
0x7fa05c GetVersionExW
0x7fa060 CreateMutexA
0x7fa064 VirtualAlloc
0x7fa068 WriteFile
0x7fa06c VirtualFree
0x7fa070 WriteProcessMemory
0x7fa074 GetModuleFileNameA
0x7fa078 ReadProcessMemory
0x7fa07c ReadFile
0x7fa080 FreeEnvironmentStringsW
0x7fa084 GetEnvironmentStringsW
0x7fa088 GetOEMCP
0x7fa08c GetACP
0x7fa090 IsValidCodePage
0x7fa094 FindNextFileW
0x7fa098 FindFirstFileExW
0x7fa09c FindClose
0x7fa0a0 GetTimeZoneInformation
0x7fa0a4 HeapReAlloc
0x7fa0a8 ReadConsoleW
0x7fa0ac SetStdHandle
0x7fa0b0 GetFullPathNameW
0x7fa0b4 GetCurrentDirectoryW
0x7fa0b8 DeleteFileW
0x7fa0bc EnumSystemLocalesW
0x7fa0c0 GetUserDefaultLCID
0x7fa0c4 IsValidLocale
0x7fa0c8 HeapAlloc
0x7fa0cc HeapFree
0x7fa0d0 GetConsoleMode
0x7fa0d4 GetConsoleCP
0x7fa0d8 FlushFileBuffers
0x7fa0dc SetFilePointerEx
0x7fa0e0 WideCharToMultiByte
0x7fa0e4 EnterCriticalSection
0x7fa0e8 LeaveCriticalSection
0x7fa0ec DeleteCriticalSection
0x7fa0f0 SetLastError
0x7fa0f4 InitializeCriticalSectionAndSpinCount
0x7fa0f8 CreateEventW
0x7fa0fc SwitchToThread
0x7fa100 TlsAlloc
0x7fa104 TlsGetValue
0x7fa108 TlsSetValue
0x7fa10c TlsFree
0x7fa110 GetSystemTimeAsFileTime
0x7fa114 GetModuleHandleW
0x7fa118 EncodePointer
0x7fa11c DecodePointer
0x7fa120 MultiByteToWideChar
0x7fa124 CompareStringW
0x7fa128 LCMapStringW
0x7fa12c GetLocaleInfoW
0x7fa130 GetStringTypeW
0x7fa134 GetCPInfo
0x7fa138 SetEvent
0x7fa13c ResetEvent
0x7fa140 WaitForSingleObjectEx
0x7fa144 IsDebuggerPresent
0x7fa148 UnhandledExceptionFilter
0x7fa14c SetUnhandledExceptionFilter
0x7fa150 GetStartupInfoW
0x7fa154 IsProcessorFeaturePresent
0x7fa158 QueryPerformanceCounter
0x7fa15c GetCurrentProcessId
0x7fa160 GetCurrentThreadId
0x7fa164 InitializeSListHead
0x7fa168 GetCurrentProcess
0x7fa16c TerminateProcess
0x7fa170 RaiseException
0x7fa174 RtlUnwind
0x7fa178 FreeLibrary
0x7fa17c LoadLibraryExW
0x7fa180 ExitProcess
0x7fa184 GetModuleHandleExW
0x7fa188 CreateFileW
0x7fa18c GetDriveTypeW
0x7fa190 GetFileInformationByHandle
0x7fa194 GetFileType
0x7fa198 PeekNamedPipe
0x7fa19c SystemTimeToTzSpecificLocalTime
0x7fa1a0 FileTimeToSystemTime
0x7fa1a4 GetModuleFileNameW
0x7fa1a8 GetStdHandle
0x7fa1ac GetCommandLineA
0x7fa1b0 GetCommandLineW
0x7fa1b4 GetFileSizeEx
0x7fa1b8 WriteConsoleW
ADVAPI32.dll
0x7fa1c0 RegCloseKey
0x7fa1c4 RegQueryValueExA
0x7fa1c8 GetSidSubAuthorityCount
0x7fa1cc GetSidSubAuthority
0x7fa1d0 GetUserNameA
0x7fa1d4 LookupAccountNameA
0x7fa1d8 RegSetValueExA
0x7fa1dc RegOpenKeyExA
0x7fa1e0 GetSidIdentifierAuthority
SHELL32.dll
0x7fa1e8 ShellExecuteA
0x7fa1ec None
0x7fa1f0 SHGetFolderPathA
WININET.dll
0x7fa1f8 HttpOpenRequestA
0x7fa1fc InternetReadFile
0x7fa200 InternetConnectA
0x7fa204 HttpSendRequestA
0x7fa208 InternetCloseHandle
0x7fa20c InternetOpenA
0x7fa210 InternetOpenW
0x7fa214 InternetOpenUrlA
KERNEL32.dll
0x7fa21c GetSystemTimeAsFileTime
0x7fa220 GetModuleHandleA
0x7fa224 CreateEventA
0x7fa228 GetModuleFileNameW
0x7fa22c TerminateProcess
0x7fa230 GetCurrentProcess
0x7fa234 CreateToolhelp32Snapshot
0x7fa238 Thread32First
0x7fa23c GetCurrentProcessId
0x7fa240 GetCurrentThreadId
0x7fa244 OpenThread
0x7fa248 Thread32Next
0x7fa24c CloseHandle
0x7fa250 SuspendThread
0x7fa254 ResumeThread
0x7fa258 WriteProcessMemory
0x7fa25c GetSystemInfo
0x7fa260 VirtualAlloc
0x7fa264 VirtualProtect
0x7fa268 VirtualFree
0x7fa26c GetProcessAffinityMask
0x7fa270 SetProcessAffinityMask
0x7fa274 GetCurrentThread
0x7fa278 SetThreadAffinityMask
0x7fa27c Sleep
0x7fa280 LoadLibraryA
0x7fa284 FreeLibrary
0x7fa288 GetTickCount
0x7fa28c SystemTimeToFileTime
0x7fa290 FileTimeToSystemTime
0x7fa294 GlobalFree
0x7fa298 LocalAlloc
0x7fa29c LocalFree
0x7fa2a0 GetProcAddress
0x7fa2a4 ExitProcess
0x7fa2a8 EnterCriticalSection
0x7fa2ac LeaveCriticalSection
0x7fa2b0 InitializeCriticalSection
0x7fa2b4 DeleteCriticalSection
0x7fa2b8 GetModuleHandleW
0x7fa2bc LoadResource
0x7fa2c0 MultiByteToWideChar
0x7fa2c4 FindResourceExW
0x7fa2c8 FindResourceExA
0x7fa2cc WideCharToMultiByte
0x7fa2d0 GetThreadLocale
0x7fa2d4 GetUserDefaultLCID
0x7fa2d8 GetSystemDefaultLCID
0x7fa2dc EnumResourceNamesA
0x7fa2e0 EnumResourceNamesW
0x7fa2e4 EnumResourceLanguagesA
0x7fa2e8 EnumResourceLanguagesW
0x7fa2ec EnumResourceTypesA
0x7fa2f0 EnumResourceTypesW
0x7fa2f4 CreateFileW
0x7fa2f8 LoadLibraryW
0x7fa2fc GetLastError
0x7fa300 FlushFileBuffers
0x7fa304 WriteConsoleW
0x7fa308 SetStdHandle
0x7fa30c IsProcessorFeaturePresent
0x7fa310 DecodePointer
0x7fa314 GetCommandLineA
0x7fa318 RaiseException
0x7fa31c HeapFree
0x7fa320 GetCPInfo
0x7fa324 InterlockedIncrement
0x7fa328 InterlockedDecrement
0x7fa32c GetACP
0x7fa330 GetOEMCP
0x7fa334 IsValidCodePage
0x7fa338 EncodePointer
0x7fa33c TlsAlloc
0x7fa340 TlsGetValue
0x7fa344 TlsSetValue
0x7fa348 TlsFree
0x7fa34c SetLastError
0x7fa350 UnhandledExceptionFilter
0x7fa354 SetUnhandledExceptionFilter
0x7fa358 IsDebuggerPresent
0x7fa35c HeapAlloc
0x7fa360 LCMapStringW
0x7fa364 GetStringTypeW
0x7fa368 SetHandleCount
0x7fa36c GetStdHandle
0x7fa370 InitializeCriticalSectionAndSpinCount
0x7fa374 GetFileType
0x7fa378 GetStartupInfoW
0x7fa37c GetModuleFileNameA
0x7fa380 FreeEnvironmentStringsW
0x7fa384 GetEnvironmentStringsW
0x7fa388 HeapCreate
0x7fa38c HeapDestroy
0x7fa390 QueryPerformanceCounter
0x7fa394 HeapSize
0x7fa398 WriteFile
0x7fa39c RtlUnwind
0x7fa3a0 SetFilePointer
0x7fa3a4 GetConsoleCP
0x7fa3a8 GetConsoleMode
0x7fa3ac HeapReAlloc
0x7fa3b0 VirtualQuery
USER32.dll
0x7fa3b8 CharUpperBuffW
KERNEL32.dll
0x7fa3c0 LocalAlloc
0x7fa3c4 LocalFree
0x7fa3c8 GetModuleFileNameW
0x7fa3cc ExitProcess
0x7fa3d0 LoadLibraryA
0x7fa3d4 GetModuleHandleA
0x7fa3d8 GetProcAddress
EAT(Export Address Table) is none
KERNEL32.dll
0x7fa000 CloseHandle
0x7fa004 GetSystemInfo
0x7fa008 CreateThread
0x7fa00c GetThreadContext
0x7fa010 GetProcAddress
0x7fa014 VirtualAllocEx
0x7fa018 RemoveDirectoryA
0x7fa01c CreateFileA
0x7fa020 CreateProcessA
0x7fa024 CreateDirectoryA
0x7fa028 SetThreadContext
0x7fa02c SetEndOfFile
0x7fa030 HeapSize
0x7fa034 GetProcessHeap
0x7fa038 SetEnvironmentVariableW
0x7fa03c GetFileAttributesA
0x7fa040 GetLastError
0x7fa044 GetTempPathA
0x7fa048 Sleep
0x7fa04c GetModuleHandleA
0x7fa050 SetCurrentDirectoryA
0x7fa054 ResumeThread
0x7fa058 GetComputerNameExW
0x7fa05c GetVersionExW
0x7fa060 CreateMutexA
0x7fa064 VirtualAlloc
0x7fa068 WriteFile
0x7fa06c VirtualFree
0x7fa070 WriteProcessMemory
0x7fa074 GetModuleFileNameA
0x7fa078 ReadProcessMemory
0x7fa07c ReadFile
0x7fa080 FreeEnvironmentStringsW
0x7fa084 GetEnvironmentStringsW
0x7fa088 GetOEMCP
0x7fa08c GetACP
0x7fa090 IsValidCodePage
0x7fa094 FindNextFileW
0x7fa098 FindFirstFileExW
0x7fa09c FindClose
0x7fa0a0 GetTimeZoneInformation
0x7fa0a4 HeapReAlloc
0x7fa0a8 ReadConsoleW
0x7fa0ac SetStdHandle
0x7fa0b0 GetFullPathNameW
0x7fa0b4 GetCurrentDirectoryW
0x7fa0b8 DeleteFileW
0x7fa0bc EnumSystemLocalesW
0x7fa0c0 GetUserDefaultLCID
0x7fa0c4 IsValidLocale
0x7fa0c8 HeapAlloc
0x7fa0cc HeapFree
0x7fa0d0 GetConsoleMode
0x7fa0d4 GetConsoleCP
0x7fa0d8 FlushFileBuffers
0x7fa0dc SetFilePointerEx
0x7fa0e0 WideCharToMultiByte
0x7fa0e4 EnterCriticalSection
0x7fa0e8 LeaveCriticalSection
0x7fa0ec DeleteCriticalSection
0x7fa0f0 SetLastError
0x7fa0f4 InitializeCriticalSectionAndSpinCount
0x7fa0f8 CreateEventW
0x7fa0fc SwitchToThread
0x7fa100 TlsAlloc
0x7fa104 TlsGetValue
0x7fa108 TlsSetValue
0x7fa10c TlsFree
0x7fa110 GetSystemTimeAsFileTime
0x7fa114 GetModuleHandleW
0x7fa118 EncodePointer
0x7fa11c DecodePointer
0x7fa120 MultiByteToWideChar
0x7fa124 CompareStringW
0x7fa128 LCMapStringW
0x7fa12c GetLocaleInfoW
0x7fa130 GetStringTypeW
0x7fa134 GetCPInfo
0x7fa138 SetEvent
0x7fa13c ResetEvent
0x7fa140 WaitForSingleObjectEx
0x7fa144 IsDebuggerPresent
0x7fa148 UnhandledExceptionFilter
0x7fa14c SetUnhandledExceptionFilter
0x7fa150 GetStartupInfoW
0x7fa154 IsProcessorFeaturePresent
0x7fa158 QueryPerformanceCounter
0x7fa15c GetCurrentProcessId
0x7fa160 GetCurrentThreadId
0x7fa164 InitializeSListHead
0x7fa168 GetCurrentProcess
0x7fa16c TerminateProcess
0x7fa170 RaiseException
0x7fa174 RtlUnwind
0x7fa178 FreeLibrary
0x7fa17c LoadLibraryExW
0x7fa180 ExitProcess
0x7fa184 GetModuleHandleExW
0x7fa188 CreateFileW
0x7fa18c GetDriveTypeW
0x7fa190 GetFileInformationByHandle
0x7fa194 GetFileType
0x7fa198 PeekNamedPipe
0x7fa19c SystemTimeToTzSpecificLocalTime
0x7fa1a0 FileTimeToSystemTime
0x7fa1a4 GetModuleFileNameW
0x7fa1a8 GetStdHandle
0x7fa1ac GetCommandLineA
0x7fa1b0 GetCommandLineW
0x7fa1b4 GetFileSizeEx
0x7fa1b8 WriteConsoleW
ADVAPI32.dll
0x7fa1c0 RegCloseKey
0x7fa1c4 RegQueryValueExA
0x7fa1c8 GetSidSubAuthorityCount
0x7fa1cc GetSidSubAuthority
0x7fa1d0 GetUserNameA
0x7fa1d4 LookupAccountNameA
0x7fa1d8 RegSetValueExA
0x7fa1dc RegOpenKeyExA
0x7fa1e0 GetSidIdentifierAuthority
SHELL32.dll
0x7fa1e8 ShellExecuteA
0x7fa1ec None
0x7fa1f0 SHGetFolderPathA
WININET.dll
0x7fa1f8 HttpOpenRequestA
0x7fa1fc InternetReadFile
0x7fa200 InternetConnectA
0x7fa204 HttpSendRequestA
0x7fa208 InternetCloseHandle
0x7fa20c InternetOpenA
0x7fa210 InternetOpenW
0x7fa214 InternetOpenUrlA
KERNEL32.dll
0x7fa21c GetSystemTimeAsFileTime
0x7fa220 GetModuleHandleA
0x7fa224 CreateEventA
0x7fa228 GetModuleFileNameW
0x7fa22c TerminateProcess
0x7fa230 GetCurrentProcess
0x7fa234 CreateToolhelp32Snapshot
0x7fa238 Thread32First
0x7fa23c GetCurrentProcessId
0x7fa240 GetCurrentThreadId
0x7fa244 OpenThread
0x7fa248 Thread32Next
0x7fa24c CloseHandle
0x7fa250 SuspendThread
0x7fa254 ResumeThread
0x7fa258 WriteProcessMemory
0x7fa25c GetSystemInfo
0x7fa260 VirtualAlloc
0x7fa264 VirtualProtect
0x7fa268 VirtualFree
0x7fa26c GetProcessAffinityMask
0x7fa270 SetProcessAffinityMask
0x7fa274 GetCurrentThread
0x7fa278 SetThreadAffinityMask
0x7fa27c Sleep
0x7fa280 LoadLibraryA
0x7fa284 FreeLibrary
0x7fa288 GetTickCount
0x7fa28c SystemTimeToFileTime
0x7fa290 FileTimeToSystemTime
0x7fa294 GlobalFree
0x7fa298 LocalAlloc
0x7fa29c LocalFree
0x7fa2a0 GetProcAddress
0x7fa2a4 ExitProcess
0x7fa2a8 EnterCriticalSection
0x7fa2ac LeaveCriticalSection
0x7fa2b0 InitializeCriticalSection
0x7fa2b4 DeleteCriticalSection
0x7fa2b8 GetModuleHandleW
0x7fa2bc LoadResource
0x7fa2c0 MultiByteToWideChar
0x7fa2c4 FindResourceExW
0x7fa2c8 FindResourceExA
0x7fa2cc WideCharToMultiByte
0x7fa2d0 GetThreadLocale
0x7fa2d4 GetUserDefaultLCID
0x7fa2d8 GetSystemDefaultLCID
0x7fa2dc EnumResourceNamesA
0x7fa2e0 EnumResourceNamesW
0x7fa2e4 EnumResourceLanguagesA
0x7fa2e8 EnumResourceLanguagesW
0x7fa2ec EnumResourceTypesA
0x7fa2f0 EnumResourceTypesW
0x7fa2f4 CreateFileW
0x7fa2f8 LoadLibraryW
0x7fa2fc GetLastError
0x7fa300 FlushFileBuffers
0x7fa304 WriteConsoleW
0x7fa308 SetStdHandle
0x7fa30c IsProcessorFeaturePresent
0x7fa310 DecodePointer
0x7fa314 GetCommandLineA
0x7fa318 RaiseException
0x7fa31c HeapFree
0x7fa320 GetCPInfo
0x7fa324 InterlockedIncrement
0x7fa328 InterlockedDecrement
0x7fa32c GetACP
0x7fa330 GetOEMCP
0x7fa334 IsValidCodePage
0x7fa338 EncodePointer
0x7fa33c TlsAlloc
0x7fa340 TlsGetValue
0x7fa344 TlsSetValue
0x7fa348 TlsFree
0x7fa34c SetLastError
0x7fa350 UnhandledExceptionFilter
0x7fa354 SetUnhandledExceptionFilter
0x7fa358 IsDebuggerPresent
0x7fa35c HeapAlloc
0x7fa360 LCMapStringW
0x7fa364 GetStringTypeW
0x7fa368 SetHandleCount
0x7fa36c GetStdHandle
0x7fa370 InitializeCriticalSectionAndSpinCount
0x7fa374 GetFileType
0x7fa378 GetStartupInfoW
0x7fa37c GetModuleFileNameA
0x7fa380 FreeEnvironmentStringsW
0x7fa384 GetEnvironmentStringsW
0x7fa388 HeapCreate
0x7fa38c HeapDestroy
0x7fa390 QueryPerformanceCounter
0x7fa394 HeapSize
0x7fa398 WriteFile
0x7fa39c RtlUnwind
0x7fa3a0 SetFilePointer
0x7fa3a4 GetConsoleCP
0x7fa3a8 GetConsoleMode
0x7fa3ac HeapReAlloc
0x7fa3b0 VirtualQuery
USER32.dll
0x7fa3b8 CharUpperBuffW
KERNEL32.dll
0x7fa3c0 LocalAlloc
0x7fa3c4 LocalFree
0x7fa3c8 GetModuleFileNameW
0x7fa3cc ExitProcess
0x7fa3d0 LoadLibraryA
0x7fa3d4 GetModuleHandleA
0x7fa3d8 GetProcAddress
EAT(Export Address Table) is none