popup

Report - fmodstudio64.exe

Malicious Library UPX PE File PE32 OS Processor Check
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.10.04 07:42 Machine s1_win7_x6403
Filename fmodstudio64.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
1
 Behavior Score
4.6
ZERO API file : malware
VT API (file) 15 detected (V7hh, Penguish, FileRepMalware, Misc, LUMMASTEALER, YXDJCZ, Artemis, Phonzy, BScope, Chgt, MALICIOUS)
md5 5f32065d2330cb09aee6ed9fa7ed1c21
sha256 4a35f8134f64ad28c5fe261d7cf15256ecd758566c2ddbf4bd962925502ade41
ssdeep 98304:UVHFXSCmqsSgfkV9ft9gnOMmgqT6d9y426tTB:UVHFXSCmqsMXl9oPfCzB09
imphash 9e604fa03f90625680ac2f8bef162aff
impfuzzy 192:nKShpnn5YGe7S/YFv5c979U44ECpKa5DZlig2:nKSqGe7c+v5cox0a5u
  Network IP location

Signature (12cnts)

Level Description
watch Attempts to create or modify system certificates
watch File has been identified by 15 AntiVirus engines on VirusTotal as malicious
notice A process created a hidden window
notice Allocates read-write-execute memory (usually to unpack itself)
notice Creates a suspicious process
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests
notice The binary likely contains encrypted or compressed data indicative of a packer
info Checks amount of memory in system
info Queries for the computername
info The file contains an unknown PE resource name possibly indicative of a packer

Rules (5cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (6cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
https://passport.weibo.com/visitor/visitor?entry=miniblog&a=enter&url=https%3A%2F%2Fweibo.com%2F&domain=weibo.com&_rand=1696372813674&sudaref=
whois
Unknown 36.51.224.27 clean
https://weibo.com/
whois
Unknown 36.51.224.53 clean
passport.weibo.com
whois
Unknown 36.51.224.27 clean
weibo.com
whois
Unknown 36.51.224.114 clean
36.51.224.27
whois
Unknown 36.51.224.27 clean
36.51.224.53
whois
Unknown 36.51.224.53 clean

Suricata ids

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

PE API

IAT(Import Address Table) Library

WSOCK32.dll
 0x53d53c setsockopt
 0x53d540 gethostbyname
 0x53d544 htonl
 0x53d548 ioctlsocket
 0x53d54c htons
 0x53d550 WSAStartup
 0x53d554 ntohl
 0x53d558 WSACleanup
WININET.dll
 0x53d4d0 HttpQueryInfoA
CRYPT32.dll
 0x53d024 CertFreeCertificateContext
 0x53d028 CertVerifySubjectCertificateContext
 0x53d02c CertFindCertificateInStore
 0x53d030 CertCreateCertificateContext
 0x53d034 CryptGetMessageCertificates
 0x53d038 CryptVerifyMessageSignature
 0x53d03c CertCloseStore
VERSION.dll
 0x53d4c0 GetFileVersionInfoA
 0x53d4c4 VerQueryValueA
 0x53d4c8 GetFileVersionInfoSizeA
WINMM.dll
 0x53d4d8 waveInStop
 0x53d4dc waveInAddBuffer
 0x53d4e0 waveInStart
 0x53d4e4 waveInGetNumDevs
 0x53d4e8 waveOutGetNumDevs
 0x53d4ec waveInClose
 0x53d4f0 waveOutGetDevCapsA
 0x53d4f4 waveOutPrepareHeader
 0x53d4f8 waveOutWrite
 0x53d4fc waveOutReset
 0x53d500 waveOutUnprepareHeader
 0x53d504 waveInReset
 0x53d508 waveInUnprepareHeader
 0x53d50c waveInPrepareHeader
 0x53d510 waveInOpen
 0x53d514 waveInGetDevCapsA
 0x53d518 timeGetTime
 0x53d51c waveOutClose
 0x53d520 waveOutOpen
 0x53d524 timeKillEvent
 0x53d528 timeSetEvent
 0x53d52c timeGetDevCaps
 0x53d530 timeBeginPeriod
 0x53d534 timeEndPeriod
KERNEL32.dll
 0x53d134 GetSystemInfo
 0x53d138 GetUserDefaultLangID
 0x53d13c ExitThread
 0x53d140 GlobalFree
 0x53d144 GetFileAttributesA
 0x53d148 GetFileAttributesW
 0x53d14c LockResource
 0x53d150 LoadResource
 0x53d154 FindResourceExA
 0x53d158 FindResourceExW
 0x53d15c GlobalAlloc
 0x53d160 CreateThread
 0x53d164 GetTimeZoneInformation
 0x53d168 GetSystemTime
 0x53d16c SystemTimeToFileTime
 0x53d170 DeleteFileA
 0x53d174 DeleteFileW
 0x53d178 MoveFileA
 0x53d17c VirtualQuery
 0x53d180 RemoveDirectoryA
 0x53d184 RemoveDirectoryW
 0x53d188 CreateDirectoryA
 0x53d18c CreateDirectoryW
 0x53d190 CreateFileA
 0x53d194 CreateFileW
 0x53d198 ReadFile
 0x53d19c WriteFile
 0x53d1a0 GetTempFileNameA
 0x53d1a4 GetTempPathA
 0x53d1a8 GetTempFileNameW
 0x53d1ac GetTempPathW
 0x53d1b0 SetFilePointer
 0x53d1b4 GetFileSize
 0x53d1b8 GetFileAttributesExA
 0x53d1bc GetFileAttributesExW
 0x53d1c0 FindFirstFileA
 0x53d1c4 FindFirstFileW
 0x53d1c8 FindNextFileA
 0x53d1cc FindNextFileW
 0x53d1d0 FindClose
 0x53d1d4 GetSystemDirectoryA
 0x53d1d8 GetModuleFileNameA
 0x53d1dc MoveFileExA
 0x53d1e0 CreateMutexA
 0x53d1e4 ReleaseMutex
 0x53d1e8 UnmapViewOfFile
 0x53d1ec MapViewOfFile
 0x53d1f0 CreateFileMappingA
 0x53d1f4 WaitForSingleObject
 0x53d1f8 WideCharToMultiByte
 0x53d1fc GlobalUnlock
 0x53d200 GlobalLock
 0x53d204 IsDBCSLeadByteEx
 0x53d208 lstrlenA
 0x53d20c SetEndOfFile
 0x53d210 CopyFileA
 0x53d214 CopyFileW
 0x53d218 GetModuleFileNameW
 0x53d21c GetCommandLineW
 0x53d220 ExitProcess
 0x53d224 GetModuleHandleA
 0x53d228 GetCommandLineA
 0x53d22c GetProcessTimes
 0x53d230 GetCurrentProcess
 0x53d234 CreateEventA
 0x53d238 SetEvent
 0x53d23c TlsAlloc
 0x53d240 SetThreadPriority
 0x53d244 InterlockedIncrement
 0x53d248 InterlockedDecrement
 0x53d24c ResetEvent
 0x53d250 WaitForMultipleObjects
 0x53d254 VirtualFree
 0x53d258 VirtualAlloc
 0x53d25c GetThreadPriority
 0x53d260 GetCurrentThread
 0x53d264 GetSystemDefaultLangID
 0x53d268 FreeLibrary
 0x53d26c GetLastError
 0x53d270 GetStartupInfoA
 0x53d274 CreateProcessA
 0x53d278 CloseHandle
 0x53d27c LCMapStringW
 0x53d280 LCMapStringA
 0x53d284 GetTickCount
 0x53d288 GetCurrentThreadId
 0x53d28c GetLocaleInfoA
 0x53d290 SetErrorMode
 0x53d294 LoadLibraryA
 0x53d298 GetProcAddress
 0x53d29c QueryPerformanceCounter
 0x53d2a0 QueryPerformanceFrequency
 0x53d2a4 IsDBCSLeadByte
 0x53d2a8 GetACP
 0x53d2ac GetCPInfo
 0x53d2b0 MultiByteToWideChar
 0x53d2b4 GetVersionExA
 0x53d2b8 InterlockedExchange
 0x53d2bc InterlockedCompareExchange
 0x53d2c0 Sleep
 0x53d2c4 LeaveCriticalSection
 0x53d2c8 EnterCriticalSection
 0x53d2cc DeleteCriticalSection
 0x53d2d0 InitializeCriticalSection
 0x53d2d4 HeapAlloc
 0x53d2d8 GetProcessHeap
 0x53d2dc MoveFileW
 0x53d2e0 HeapFree
USER32.dll
 0x53d310 GetSubMenu
 0x53d314 LoadMenuA
 0x53d318 SetTimer
 0x53d31c KillTimer
 0x53d320 GetClientRect
 0x53d324 ScreenToClient
 0x53d328 GetCursorPos
 0x53d32c SetCursor
 0x53d330 LoadCursorA
 0x53d334 EndPaint
 0x53d338 BeginPaint
 0x53d33c GetMenu
 0x53d340 DestroyWindow
 0x53d344 GetFocus
 0x53d348 WindowFromPoint
 0x53d34c GetCapture
 0x53d350 ReleaseCapture
 0x53d354 SetCapture
 0x53d358 TrackPopupMenu
 0x53d35c ClientToScreen
 0x53d360 DeleteMenu
 0x53d364 GetMenuItemID
 0x53d368 IsWindow
 0x53d36c DefWindowProcA
 0x53d370 GetWindowLongA
 0x53d374 CreateWindowExA
 0x53d378 RegisterClipboardFormatA
 0x53d37c CloseClipboard
 0x53d380 GetClipboardData
 0x53d384 IsClipboardFormatAvailable
 0x53d388 OpenClipboard
 0x53d38c SetClipboardData
 0x53d390 EmptyClipboard
 0x53d394 InsertMenuA
 0x53d398 InsertMenuW
 0x53d39c RemoveMenu
 0x53d3a0 GetWindow
 0x53d3a4 UnregisterClassA
 0x53d3a8 LoadStringW
 0x53d3ac MoveWindow
 0x53d3b0 SetMenu
 0x53d3b4 UpdateWindow
 0x53d3b8 ShowWindow
 0x53d3bc SetDlgItemTextA
 0x53d3c0 SetDlgItemTextW
 0x53d3c4 EnableWindow
 0x53d3c8 GetDlgItemTextA
 0x53d3cc GetWindowTextLengthA
 0x53d3d0 DestroyMenu
 0x53d3d4 GetWindowTextLengthW
 0x53d3d8 PostQuitMessage
 0x53d3dc GetMenuStringA
 0x53d3e0 GetMenuStringW
 0x53d3e4 RegisterClassA
 0x53d3e8 DispatchMessageA
 0x53d3ec TranslateMessage
 0x53d3f0 TranslateAcceleratorA
 0x53d3f4 GetMessageA
 0x53d3f8 LoadAcceleratorsA
 0x53d3fc PostThreadMessageA
 0x53d400 GetQueueStatus
 0x53d404 PeekMessageA
 0x53d408 MsgWaitForMultipleObjects
 0x53d40c RegisterWindowMessageA
 0x53d410 SystemParametersInfoA
 0x53d414 DialogBoxIndirectParamW
 0x53d418 DialogBoxIndirectParamA
 0x53d41c PostMessageA
 0x53d420 EndDialog
 0x53d424 SetWindowLongA
 0x53d428 GetParent
 0x53d42c GetWindowRect
 0x53d430 GetDesktopWindow
 0x53d434 SetWindowPos
 0x53d438 LoadIconA
 0x53d43c GetDlgItem
 0x53d440 SendMessageA
 0x53d444 SetWindowTextA
 0x53d448 SetFocus
 0x53d44c GetMenuItemCount
 0x53d450 GetMenuItemInfoA
 0x53d454 GetSystemMetrics
 0x53d458 InsertMenuItemA
 0x53d45c DdeInitializeA
 0x53d460 DdeCreateStringHandleA
 0x53d464 DdeConnect
 0x53d468 DdeClientTransaction
 0x53d46c DdeDisconnect
 0x53d470 DdeFreeStringHandle
 0x53d474 DdeUninitialize
 0x53d478 SendInput
 0x53d47c GetKeyboardLayout
 0x53d480 GetDC
 0x53d484 ReleaseDC
 0x53d488 GetDoubleClickTime
 0x53d48c LoadStringA
 0x53d490 EnableMenuItem
 0x53d494 CheckMenuItem
 0x53d498 InvalidateRect
 0x53d49c WaitForInputIdle
 0x53d4a0 MapVirtualKeyA
 0x53d4a4 FillRect
 0x53d4a8 GetKeyState
 0x53d4ac DialogBoxParamW
 0x53d4b0 DialogBoxParamA
 0x53d4b4 GetDlgItemTextW
 0x53d4b8 MessageBoxA
GDI32.dll
 0x53d044 GetTextMetricsA
 0x53d048 GetClipRgn
 0x53d04c SetTextColor
 0x53d050 ExtTextOutW
 0x53d054 ExtTextOutA
 0x53d058 CreateRectRgn
 0x53d05c GetTextAlign
 0x53d060 GetBkMode
 0x53d064 GetTextColor
 0x53d068 EnumFontFamiliesA
 0x53d06c SetTextCharacterExtra
 0x53d070 BeginPath
 0x53d074 EndPage
 0x53d078 DPtoLP
 0x53d07c FillPath
 0x53d080 ExtCreatePen
 0x53d084 StrokePath
 0x53d088 EndDoc
 0x53d08c StartDocA
 0x53d090 LPtoDP
 0x53d094 CreateSolidBrush
 0x53d098 GetClipBox
 0x53d09c GetSystemPaletteEntries
 0x53d0a0 CreatePalette
 0x53d0a4 GetTextExtentPoint32A
 0x53d0a8 CreatePen
 0x53d0ac GetBkColor
 0x53d0b0 SetBkColor
 0x53d0b4 GetCurrentObject
 0x53d0b8 GetTextExtentPoint32W
 0x53d0bc EndPath
 0x53d0c0 SetPolyFillMode
 0x53d0c4 MoveToEx
 0x53d0c8 LineTo
 0x53d0cc PolyBezierTo
 0x53d0d0 SelectClipPath
 0x53d0d4 SaveDC
 0x53d0d8 RestoreDC
 0x53d0dc GdiFlush
 0x53d0e0 DeleteObject
 0x53d0e4 SelectObject
 0x53d0e8 StretchDIBits
 0x53d0ec SetDIBitsToDevice
 0x53d0f0 CreateCompatibleBitmap
 0x53d0f4 GetObjectA
 0x53d0f8 CreateCompatibleDC
 0x53d0fc DeleteDC
 0x53d100 CreateDIBSection
 0x53d104 GetDeviceCaps
 0x53d108 BitBlt
 0x53d10c RealizePalette
 0x53d110 SelectPalette
 0x53d114 GetStockObject
 0x53d118 CreateFontIndirectA
 0x53d11c SetBkMode
 0x53d120 SetTextAlign
 0x53d124 IntersectClipRect
 0x53d128 SelectClipRgn
 0x53d12c StartPage
comdlg32.dll
 0x53d560 GetOpenFileNameA
 0x53d564 PrintDlgA
 0x53d568 GetOpenFileNameW
 0x53d56c GetSaveFileNameW
 0x53d570 CommDlgExtendedError
 0x53d574 GetSaveFileNameA
ADVAPI32.dll
 0x53d000 RegCloseKey
 0x53d004 RegQueryValueExA
 0x53d008 RegOpenKeyExA
 0x53d00c RegQueryValueExW
 0x53d010 RegOpenKeyExW
 0x53d014 RegSetValueExA
 0x53d018 RegCreateKeyA
 0x53d01c RegSetValueA
SHELL32.dll
 0x53d2f0 DragQueryFileA
 0x53d2f4 DragAcceptFiles
 0x53d2f8 SHBrowseForFolderA
 0x53d2fc SHGetSpecialFolderLocation
 0x53d300 SHGetPathFromIDListA
 0x53d304 SHAppBarMessage
 0x53d308 DragQueryFileW
ole32.dll
 0x53d57c CoTaskMemAlloc
 0x53d580 CoFreeUnusedLibraries
 0x53d584 CoInitialize
 0x53d588 CoUninitialize
 0x53d58c CoCreateInstance
 0x53d590 CoTaskMemFree
OLEAUT32.dll
 0x53d2e8 SysFreeString

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure