ScreenShot
| Created | 2023.09.30 12:59 | Machine | s1_win7_x6403 |
| Filename | herom.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 16 detected (AIDetectMalware, malicious, moderate confidence, Kryptik, Eldorado, Zenpak, ccmw, Static AI, Suspicious SFX, Wacapew, Detected, Generic@AI, RDML, zMSm0FO4c8PqehHvUGiUXw, HUEI, ZedlaF, qA8@aa, AY1ni) | ||
| md5 | 38682480c0a22cc8e025f23d78bab140 | ||
| sha256 | b9e5e994a4842267fbbb169667da1a5e19b1be4f10bb8963cf90e9dbf03c2b6b | ||
| ssdeep | 49152:mcBzX10t+zDHZvSy0wcxD+WDoms4WAjrHSROCuiloiBY:myX10035vSdhlQmsd2HcOCuilo1 | ||
| imphash | 32569d67dc210c5cb9a759b08da2bdb3 | ||
| impfuzzy | 48:or+6UyokRjS/Svn6gAkK/glSYIWx02GIeXGSqIYnGeF4yOA9Bfcma:orx4wRGIeXGSqIYnGeF4yV/fc3 | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 16 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Command line console output was observed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
OLEAUT32.dll
0x41b154 SysStringLen
0x41b158 SysAllocStringLen
0x41b15c VariantClear
USER32.dll
0x41b16c DialogBoxParamW
0x41b170 SetWindowLongW
0x41b174 GetWindowLongW
0x41b178 GetDlgItem
0x41b17c LoadStringW
0x41b180 CharUpperW
0x41b184 DestroyWindow
0x41b188 EndDialog
0x41b18c PostMessageW
0x41b190 SetWindowTextW
0x41b194 ShowWindow
0x41b198 MessageBoxW
0x41b19c SendMessageW
0x41b1a0 LoadIconW
0x41b1a4 KillTimer
0x41b1a8 SetTimer
SHELL32.dll
0x41b164 ShellExecuteExW
MSVCRT.dll
0x41b0e4 _controlfp
0x41b0e8 __set_app_type
0x41b0ec __p__fmode
0x41b0f0 __p__commode
0x41b0f4 _adjust_fdiv
0x41b0f8 __setusermatherr
0x41b0fc _initterm
0x41b100 __getmainargs
0x41b104 _acmdln
0x41b108 exit
0x41b10c _XcptFilter
0x41b110 _exit
0x41b114 ?terminate@@YAXXZ
0x41b118 ??1type_info@@UAE@XZ
0x41b11c _except_handler3
0x41b120 _beginthreadex
0x41b124 memset
0x41b128 wcsstr
0x41b12c free
0x41b130 malloc
0x41b134 memcpy
0x41b138 _CxxThrowException
0x41b13c _purecall
0x41b140 memmove
0x41b144 memcmp
0x41b148 wcscmp
0x41b14c __CxxFrameHandler
KERNEL32.dll
0x41b000 WaitForSingleObject
0x41b004 GetStartupInfoA
0x41b008 InitializeCriticalSection
0x41b00c ResetEvent
0x41b010 SetEvent
0x41b014 CreateEventW
0x41b018 lstrlenW
0x41b01c lstrcatW
0x41b020 VirtualFree
0x41b024 VirtualAlloc
0x41b028 Sleep
0x41b02c WaitForMultipleObjects
0x41b030 GetFileInformationByHandle
0x41b034 GetStdHandle
0x41b038 GlobalMemoryStatus
0x41b03c GetSystemInfo
0x41b040 GetCurrentProcess
0x41b044 GetProcessAffinityMask
0x41b048 SetEndOfFile
0x41b04c WriteFile
0x41b050 ReadFile
0x41b054 SetFilePointer
0x41b058 GetFileSize
0x41b05c GetFileAttributesW
0x41b060 GetModuleHandleA
0x41b064 FindNextFileW
0x41b068 FindFirstFileW
0x41b06c FindClose
0x41b070 GetCurrentThreadId
0x41b074 GetTickCount
0x41b078 GetCurrentProcessId
0x41b07c GetTempPathW
0x41b080 GetCurrentDirectoryW
0x41b084 SetCurrentDirectoryW
0x41b088 SetLastError
0x41b08c DeleteFileW
0x41b090 CreateDirectoryW
0x41b094 GetModuleHandleW
0x41b098 GetProcAddress
0x41b09c RemoveDirectoryW
0x41b0a0 SetFileAttributesW
0x41b0a4 CreateFileW
0x41b0a8 SetFileTime
0x41b0ac GetSystemDirectoryW
0x41b0b0 FormatMessageW
0x41b0b4 LocalFree
0x41b0b8 GetModuleFileNameW
0x41b0bc LoadLibraryExW
0x41b0c0 DeleteCriticalSection
0x41b0c4 EnterCriticalSection
0x41b0c8 LeaveCriticalSection
0x41b0cc GetLastError
0x41b0d0 GetVersionExW
0x41b0d4 GetCommandLineW
0x41b0d8 CreateProcessW
0x41b0dc CloseHandle
EAT(Export Address Table) is none
OLEAUT32.dll
0x41b154 SysStringLen
0x41b158 SysAllocStringLen
0x41b15c VariantClear
USER32.dll
0x41b16c DialogBoxParamW
0x41b170 SetWindowLongW
0x41b174 GetWindowLongW
0x41b178 GetDlgItem
0x41b17c LoadStringW
0x41b180 CharUpperW
0x41b184 DestroyWindow
0x41b188 EndDialog
0x41b18c PostMessageW
0x41b190 SetWindowTextW
0x41b194 ShowWindow
0x41b198 MessageBoxW
0x41b19c SendMessageW
0x41b1a0 LoadIconW
0x41b1a4 KillTimer
0x41b1a8 SetTimer
SHELL32.dll
0x41b164 ShellExecuteExW
MSVCRT.dll
0x41b0e4 _controlfp
0x41b0e8 __set_app_type
0x41b0ec __p__fmode
0x41b0f0 __p__commode
0x41b0f4 _adjust_fdiv
0x41b0f8 __setusermatherr
0x41b0fc _initterm
0x41b100 __getmainargs
0x41b104 _acmdln
0x41b108 exit
0x41b10c _XcptFilter
0x41b110 _exit
0x41b114 ?terminate@@YAXXZ
0x41b118 ??1type_info@@UAE@XZ
0x41b11c _except_handler3
0x41b120 _beginthreadex
0x41b124 memset
0x41b128 wcsstr
0x41b12c free
0x41b130 malloc
0x41b134 memcpy
0x41b138 _CxxThrowException
0x41b13c _purecall
0x41b140 memmove
0x41b144 memcmp
0x41b148 wcscmp
0x41b14c __CxxFrameHandler
KERNEL32.dll
0x41b000 WaitForSingleObject
0x41b004 GetStartupInfoA
0x41b008 InitializeCriticalSection
0x41b00c ResetEvent
0x41b010 SetEvent
0x41b014 CreateEventW
0x41b018 lstrlenW
0x41b01c lstrcatW
0x41b020 VirtualFree
0x41b024 VirtualAlloc
0x41b028 Sleep
0x41b02c WaitForMultipleObjects
0x41b030 GetFileInformationByHandle
0x41b034 GetStdHandle
0x41b038 GlobalMemoryStatus
0x41b03c GetSystemInfo
0x41b040 GetCurrentProcess
0x41b044 GetProcessAffinityMask
0x41b048 SetEndOfFile
0x41b04c WriteFile
0x41b050 ReadFile
0x41b054 SetFilePointer
0x41b058 GetFileSize
0x41b05c GetFileAttributesW
0x41b060 GetModuleHandleA
0x41b064 FindNextFileW
0x41b068 FindFirstFileW
0x41b06c FindClose
0x41b070 GetCurrentThreadId
0x41b074 GetTickCount
0x41b078 GetCurrentProcessId
0x41b07c GetTempPathW
0x41b080 GetCurrentDirectoryW
0x41b084 SetCurrentDirectoryW
0x41b088 SetLastError
0x41b08c DeleteFileW
0x41b090 CreateDirectoryW
0x41b094 GetModuleHandleW
0x41b098 GetProcAddress
0x41b09c RemoveDirectoryW
0x41b0a0 SetFileAttributesW
0x41b0a4 CreateFileW
0x41b0a8 SetFileTime
0x41b0ac GetSystemDirectoryW
0x41b0b0 FormatMessageW
0x41b0b4 LocalFree
0x41b0b8 GetModuleFileNameW
0x41b0bc LoadLibraryExW
0x41b0c0 DeleteCriticalSection
0x41b0c4 EnterCriticalSection
0x41b0c8 LeaveCriticalSection
0x41b0cc GetLastError
0x41b0d0 GetVersionExW
0x41b0d4 GetCommandLineW
0x41b0d8 CreateProcessW
0x41b0dc CloseHandle
EAT(Export Address Table) is none