ScreenShot
| Created | 2023.09.30 13:17 | Machine | s1_win7_x6403 |
| Filename | verbose.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 44 detected (Common, Penguish, GenericKD, Artemis, ABTrojan, CSKK, Rugmi, Gencirc, fanah, RACCOONSTEALER, YXDIYZ, ai score=88, Casdet, Detected, unsafe, Chgt, CLOUD, Krypt, susgen, GenKryptik, GOEZ, MALICIOUS, confidence, 100%) | ||
| md5 | fd128ec183aa8d4db76e08153a4a43ab | ||
| sha256 | 8d90210125ab2296815f5bdd9af3bbfdcda75d6024e01b078e582d9b0b498e12 | ||
| ssdeep | 98304:HPkOBvvt+WFK+me83iqrWU3NpC1lj/cjh46pRBYVRyz:HPkOBv3L2Gj0N1gRyz | ||
| imphash | 4bb67cff82a9a24c9c7488a5cd9e3b12 | ||
| impfuzzy | 96:LzBdKY7iifW5W5ZXGoH0j3nmZW1vXXJJjxNUi9GyjX1PObKEgF:LzBAaW5WrdUjmWX4WhFOk | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 44 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x1403d7888 CreateProcessAsUserW
0x1403d7890 EventRegister
0x1403d7898 EventSetInformation
0x1403d78a0 EventUnregister
0x1403d78a8 EventWrite
0x1403d78b0 RegCloseKey
0x1403d78b8 RegCreateKeyExW
0x1403d78c0 RegOpenKeyExW
0x1403d78c8 RegQueryValueExW
0x1403d78d0 RegSetValueExW
0x1403d78d8 SystemFunction036
WS2_32.dll
0x1403d78e8 WSACloseEvent
0x1403d78f0 WSACreateEvent
0x1403d78f8 WSAEnumNetworkEvents
0x1403d7900 WSAEventSelect
0x1403d7908 WSAGetLastError
0x1403d7910 WSAGetOverlappedResult
0x1403d7918 WSAResetEvent
0x1403d7920 WSAStartup
0x1403d7928 accept
0x1403d7930 closesocket
0x1403d7938 getsockname
0x1403d7940 ioctlsocket
0x1403d7948 recv
0x1403d7950 recvfrom
0x1403d7958 sendto
0x1403d7960 shutdown
KERNEL32.dll
0x1403d7970 AcquireSRWLockExclusive
0x1403d7978 AcquireSRWLockShared
0x1403d7980 AssignProcessToJobObject
0x1403d7988 CloseHandle
0x1403d7990 CompareStringW
0x1403d7998 CreateEventW
0x1403d79a0 CreateFileW
0x1403d79a8 CreateProcessW
0x1403d79b0 CreateThread
0x1403d79b8 DeleteCriticalSection
0x1403d79c0 DeleteFileW
0x1403d79c8 DeleteProcThreadAttributeList
0x1403d79d0 DuplicateHandle
0x1403d79d8 EncodePointer
0x1403d79e0 EnterCriticalSection
0x1403d79e8 EnumSystemLocalesW
0x1403d79f0 ExitProcess
0x1403d79f8 ExitThread
0x1403d7a00 ExpandEnvironmentStringsW
0x1403d7a08 FindClose
0x1403d7a10 FindFirstFileExW
0x1403d7a18 FindNextFileW
0x1403d7a20 FlsAlloc
0x1403d7a28 FlsFree
0x1403d7a30 FlsGetValue
0x1403d7a38 FlsSetValue
0x1403d7a40 FlushFileBuffers
0x1403d7a48 FormatMessageA
0x1403d7a50 FreeEnvironmentStringsW
0x1403d7a58 FreeLibrary
0x1403d7a60 FreeLibraryAndExitThread
0x1403d7a68 GetACP
0x1403d7a70 GetCPInfo
0x1403d7a78 GetCommandLineA
0x1403d7a80 GetCommandLineW
0x1403d7a88 GetConsoleMode
0x1403d7a90 GetConsoleOutputCP
0x1403d7a98 GetCurrentDirectoryW
0x1403d7aa0 GetCurrentProcess
0x1403d7aa8 GetCurrentProcessId
0x1403d7ab0 GetCurrentThread
0x1403d7ab8 GetCurrentThreadId
0x1403d7ac0 GetDateFormatW
0x1403d7ac8 GetDriveTypeW
0x1403d7ad0 GetEnvironmentStringsW
0x1403d7ad8 GetEnvironmentVariableW
0x1403d7ae0 GetExitCodeProcess
0x1403d7ae8 GetFileAttributesW
0x1403d7af0 GetFileInformationByHandle
0x1403d7af8 GetFileSizeEx
0x1403d7b00 GetFileType
0x1403d7b08 GetFullPathNameW
0x1403d7b10 GetLastError
0x1403d7b18 GetLocalTime
0x1403d7b20 GetLocaleInfoW
0x1403d7b28 GetLogicalProcessorInformation
0x1403d7b30 GetModuleFileNameW
0x1403d7b38 GetModuleHandleA
0x1403d7b40 GetModuleHandleExW
0x1403d7b48 GetModuleHandleW
0x1403d7b50 GetNativeSystemInfo
0x1403d7b58 GetOEMCP
0x1403d7b60 GetProcAddress
0x1403d7b68 GetProcessHeap
0x1403d7b70 GetProcessId
0x1403d7b78 GetProductInfo
0x1403d7b80 GetStartupInfoW
0x1403d7b88 GetStdHandle
0x1403d7b90 GetStringTypeW
0x1403d7b98 GetSystemDirectoryW
0x1403d7ba0 GetSystemInfo
0x1403d7ba8 GetSystemTimeAsFileTime
0x1403d7bb0 GetTempPathW
0x1403d7bb8 GetThreadId
0x1403d7bc0 GetThreadPriority
0x1403d7bc8 GetTickCount
0x1403d7bd0 GetTimeFormatW
0x1403d7bd8 GetTimeZoneInformation
0x1403d7be0 GetUserDefaultLCID
0x1403d7be8 GetVersionExW
0x1403d7bf0 GetWindowsDirectoryW
0x1403d7bf8 InitOnceExecuteOnce
0x1403d7c00 InitializeCriticalSectionAndSpinCount
0x1403d7c08 InitializeProcThreadAttributeList
0x1403d7c10 InitializeSListHead
0x1403d7c18 IsDebuggerPresent
0x1403d7c20 IsProcessorFeaturePresent
0x1403d7c28 IsValidCodePage
0x1403d7c30 IsValidLocale
0x1403d7c38 IsWow64Process
0x1403d7c40 K32QueryWorkingSetEx
0x1403d7c48 LCMapStringW
0x1403d7c50 LeaveCriticalSection
0x1403d7c58 LoadLibraryExA
0x1403d7c60 LoadLibraryExW
0x1403d7c68 LoadLibraryW
0x1403d7c70 LocalFree
0x1403d7c78 MultiByteToWideChar
0x1403d7c80 OutputDebugStringA
0x1403d7c88 QueryPerformanceCounter
0x1403d7c90 QueryPerformanceFrequency
0x1403d7c98 QueryThreadCycleTime
0x1403d7ca0 RaiseException
0x1403d7ca8 ReadConsoleW
0x1403d7cb0 ReadFile
0x1403d7cb8 RegisterWaitForSingleObject
0x1403d7cc0 ReleaseSRWLockExclusive
0x1403d7cc8 ReleaseSRWLockShared
0x1403d7cd0 ResetEvent
0x1403d7cd8 RtlCaptureContext
0x1403d7ce0 RtlCaptureStackBackTrace
0x1403d7ce8 RtlLookupFunctionEntry
0x1403d7cf0 RtlPcToFileHeader
0x1403d7cf8 RtlUnwind
0x1403d7d00 RtlUnwindEx
0x1403d7d08 RtlVirtualUnwind
0x1403d7d10 SetEndOfFile
0x1403d7d18 SetEnvironmentVariableW
0x1403d7d20 SetEvent
0x1403d7d28 SetFilePointerEx
0x1403d7d30 SetHandleInformation
0x1403d7d38 SetLastError
0x1403d7d40 SetStdHandle
0x1403d7d48 SetThreadPriority
0x1403d7d50 SetUnhandledExceptionFilter
0x1403d7d58 Sleep
0x1403d7d60 SleepConditionVariableSRW
0x1403d7d68 SwitchToThread
0x1403d7d70 TerminateProcess
0x1403d7d78 TlsAlloc
0x1403d7d80 TlsFree
0x1403d7d88 TlsGetValue
0x1403d7d90 TlsSetValue
0x1403d7d98 TryAcquireSRWLockExclusive
0x1403d7da0 UnhandledExceptionFilter
0x1403d7da8 UnregisterWaitEx
0x1403d7db0 UpdateProcThreadAttribute
0x1403d7db8 VirtualAlloc
0x1403d7dc0 VirtualFree
0x1403d7dc8 VirtualProtect
0x1403d7dd0 VirtualQuery
0x1403d7dd8 WaitForSingleObject
0x1403d7de0 WaitForSingleObjectEx
0x1403d7de8 WakeAllConditionVariable
0x1403d7df0 WakeConditionVariable
0x1403d7df8 WideCharToMultiByte
0x1403d7e00 WriteConsoleW
0x1403d7e08 WriteFile
0x1403d7e10 lstrlenA
ole32.dll
0x1403d7e20 CoTaskMemFree
WINMM.dll
0x1403d7e30 timeGetTime
USERENV.dll
0x1403d7e40 CreateEnvironmentBlock
0x1403d7e48 DestroyEnvironmentBlock
USER32.dll
0x1403d7e58 AllowSetForegroundWindow
0x1403d7e60 GetActiveWindow
SHELL32.dll
0x1403d7e70 CommandLineToArgvW
0x1403d7e78 SHGetFolderPathW
0x1403d7e80 SHGetKnownFolderPath
0x1403d7e88 ShellExecuteExW
ntdll.dll
0x1403d7e98 NtClose
0x1403d7ea0 NtOpenKeyEx
0x1403d7ea8 NtQueryValueKey
0x1403d7eb0 RtlFormatCurrentUserKeyPath
0x1403d7eb8 RtlFreeUnicodeString
0x1403d7ec0 RtlInitUnicodeString
EAT(Export Address Table) Library
0x140219310 GetHandleVerifier
0x140384bc0 sqlite3_dbdata_init
0x14022ba90 ssl_SecureSend
ADVAPI32.dll
0x1403d7888 CreateProcessAsUserW
0x1403d7890 EventRegister
0x1403d7898 EventSetInformation
0x1403d78a0 EventUnregister
0x1403d78a8 EventWrite
0x1403d78b0 RegCloseKey
0x1403d78b8 RegCreateKeyExW
0x1403d78c0 RegOpenKeyExW
0x1403d78c8 RegQueryValueExW
0x1403d78d0 RegSetValueExW
0x1403d78d8 SystemFunction036
WS2_32.dll
0x1403d78e8 WSACloseEvent
0x1403d78f0 WSACreateEvent
0x1403d78f8 WSAEnumNetworkEvents
0x1403d7900 WSAEventSelect
0x1403d7908 WSAGetLastError
0x1403d7910 WSAGetOverlappedResult
0x1403d7918 WSAResetEvent
0x1403d7920 WSAStartup
0x1403d7928 accept
0x1403d7930 closesocket
0x1403d7938 getsockname
0x1403d7940 ioctlsocket
0x1403d7948 recv
0x1403d7950 recvfrom
0x1403d7958 sendto
0x1403d7960 shutdown
KERNEL32.dll
0x1403d7970 AcquireSRWLockExclusive
0x1403d7978 AcquireSRWLockShared
0x1403d7980 AssignProcessToJobObject
0x1403d7988 CloseHandle
0x1403d7990 CompareStringW
0x1403d7998 CreateEventW
0x1403d79a0 CreateFileW
0x1403d79a8 CreateProcessW
0x1403d79b0 CreateThread
0x1403d79b8 DeleteCriticalSection
0x1403d79c0 DeleteFileW
0x1403d79c8 DeleteProcThreadAttributeList
0x1403d79d0 DuplicateHandle
0x1403d79d8 EncodePointer
0x1403d79e0 EnterCriticalSection
0x1403d79e8 EnumSystemLocalesW
0x1403d79f0 ExitProcess
0x1403d79f8 ExitThread
0x1403d7a00 ExpandEnvironmentStringsW
0x1403d7a08 FindClose
0x1403d7a10 FindFirstFileExW
0x1403d7a18 FindNextFileW
0x1403d7a20 FlsAlloc
0x1403d7a28 FlsFree
0x1403d7a30 FlsGetValue
0x1403d7a38 FlsSetValue
0x1403d7a40 FlushFileBuffers
0x1403d7a48 FormatMessageA
0x1403d7a50 FreeEnvironmentStringsW
0x1403d7a58 FreeLibrary
0x1403d7a60 FreeLibraryAndExitThread
0x1403d7a68 GetACP
0x1403d7a70 GetCPInfo
0x1403d7a78 GetCommandLineA
0x1403d7a80 GetCommandLineW
0x1403d7a88 GetConsoleMode
0x1403d7a90 GetConsoleOutputCP
0x1403d7a98 GetCurrentDirectoryW
0x1403d7aa0 GetCurrentProcess
0x1403d7aa8 GetCurrentProcessId
0x1403d7ab0 GetCurrentThread
0x1403d7ab8 GetCurrentThreadId
0x1403d7ac0 GetDateFormatW
0x1403d7ac8 GetDriveTypeW
0x1403d7ad0 GetEnvironmentStringsW
0x1403d7ad8 GetEnvironmentVariableW
0x1403d7ae0 GetExitCodeProcess
0x1403d7ae8 GetFileAttributesW
0x1403d7af0 GetFileInformationByHandle
0x1403d7af8 GetFileSizeEx
0x1403d7b00 GetFileType
0x1403d7b08 GetFullPathNameW
0x1403d7b10 GetLastError
0x1403d7b18 GetLocalTime
0x1403d7b20 GetLocaleInfoW
0x1403d7b28 GetLogicalProcessorInformation
0x1403d7b30 GetModuleFileNameW
0x1403d7b38 GetModuleHandleA
0x1403d7b40 GetModuleHandleExW
0x1403d7b48 GetModuleHandleW
0x1403d7b50 GetNativeSystemInfo
0x1403d7b58 GetOEMCP
0x1403d7b60 GetProcAddress
0x1403d7b68 GetProcessHeap
0x1403d7b70 GetProcessId
0x1403d7b78 GetProductInfo
0x1403d7b80 GetStartupInfoW
0x1403d7b88 GetStdHandle
0x1403d7b90 GetStringTypeW
0x1403d7b98 GetSystemDirectoryW
0x1403d7ba0 GetSystemInfo
0x1403d7ba8 GetSystemTimeAsFileTime
0x1403d7bb0 GetTempPathW
0x1403d7bb8 GetThreadId
0x1403d7bc0 GetThreadPriority
0x1403d7bc8 GetTickCount
0x1403d7bd0 GetTimeFormatW
0x1403d7bd8 GetTimeZoneInformation
0x1403d7be0 GetUserDefaultLCID
0x1403d7be8 GetVersionExW
0x1403d7bf0 GetWindowsDirectoryW
0x1403d7bf8 InitOnceExecuteOnce
0x1403d7c00 InitializeCriticalSectionAndSpinCount
0x1403d7c08 InitializeProcThreadAttributeList
0x1403d7c10 InitializeSListHead
0x1403d7c18 IsDebuggerPresent
0x1403d7c20 IsProcessorFeaturePresent
0x1403d7c28 IsValidCodePage
0x1403d7c30 IsValidLocale
0x1403d7c38 IsWow64Process
0x1403d7c40 K32QueryWorkingSetEx
0x1403d7c48 LCMapStringW
0x1403d7c50 LeaveCriticalSection
0x1403d7c58 LoadLibraryExA
0x1403d7c60 LoadLibraryExW
0x1403d7c68 LoadLibraryW
0x1403d7c70 LocalFree
0x1403d7c78 MultiByteToWideChar
0x1403d7c80 OutputDebugStringA
0x1403d7c88 QueryPerformanceCounter
0x1403d7c90 QueryPerformanceFrequency
0x1403d7c98 QueryThreadCycleTime
0x1403d7ca0 RaiseException
0x1403d7ca8 ReadConsoleW
0x1403d7cb0 ReadFile
0x1403d7cb8 RegisterWaitForSingleObject
0x1403d7cc0 ReleaseSRWLockExclusive
0x1403d7cc8 ReleaseSRWLockShared
0x1403d7cd0 ResetEvent
0x1403d7cd8 RtlCaptureContext
0x1403d7ce0 RtlCaptureStackBackTrace
0x1403d7ce8 RtlLookupFunctionEntry
0x1403d7cf0 RtlPcToFileHeader
0x1403d7cf8 RtlUnwind
0x1403d7d00 RtlUnwindEx
0x1403d7d08 RtlVirtualUnwind
0x1403d7d10 SetEndOfFile
0x1403d7d18 SetEnvironmentVariableW
0x1403d7d20 SetEvent
0x1403d7d28 SetFilePointerEx
0x1403d7d30 SetHandleInformation
0x1403d7d38 SetLastError
0x1403d7d40 SetStdHandle
0x1403d7d48 SetThreadPriority
0x1403d7d50 SetUnhandledExceptionFilter
0x1403d7d58 Sleep
0x1403d7d60 SleepConditionVariableSRW
0x1403d7d68 SwitchToThread
0x1403d7d70 TerminateProcess
0x1403d7d78 TlsAlloc
0x1403d7d80 TlsFree
0x1403d7d88 TlsGetValue
0x1403d7d90 TlsSetValue
0x1403d7d98 TryAcquireSRWLockExclusive
0x1403d7da0 UnhandledExceptionFilter
0x1403d7da8 UnregisterWaitEx
0x1403d7db0 UpdateProcThreadAttribute
0x1403d7db8 VirtualAlloc
0x1403d7dc0 VirtualFree
0x1403d7dc8 VirtualProtect
0x1403d7dd0 VirtualQuery
0x1403d7dd8 WaitForSingleObject
0x1403d7de0 WaitForSingleObjectEx
0x1403d7de8 WakeAllConditionVariable
0x1403d7df0 WakeConditionVariable
0x1403d7df8 WideCharToMultiByte
0x1403d7e00 WriteConsoleW
0x1403d7e08 WriteFile
0x1403d7e10 lstrlenA
ole32.dll
0x1403d7e20 CoTaskMemFree
WINMM.dll
0x1403d7e30 timeGetTime
USERENV.dll
0x1403d7e40 CreateEnvironmentBlock
0x1403d7e48 DestroyEnvironmentBlock
USER32.dll
0x1403d7e58 AllowSetForegroundWindow
0x1403d7e60 GetActiveWindow
SHELL32.dll
0x1403d7e70 CommandLineToArgvW
0x1403d7e78 SHGetFolderPathW
0x1403d7e80 SHGetKnownFolderPath
0x1403d7e88 ShellExecuteExW
ntdll.dll
0x1403d7e98 NtClose
0x1403d7ea0 NtOpenKeyEx
0x1403d7ea8 NtQueryValueKey
0x1403d7eb0 RtlFormatCurrentUserKeyPath
0x1403d7eb8 RtlFreeUnicodeString
0x1403d7ec0 RtlInitUnicodeString
EAT(Export Address Table) Library
0x140219310 GetHandleVerifier
0x140384bc0 sqlite3_dbdata_init
0x14022ba90 ssl_SecureSend