ScreenShot
| Created | 2023.10.14 12:59 | Machine | s1_win7_x6403 |
| Filename | AppaltQD.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 13 detected (GenericKD, Artemis, unsafe, Vigorf, ai score=80, R002V01JA23, MALICIOUS, grayware, confidence) | ||
| md5 | 1a687a4c22bfcb3fcf4c19a05d6da9e5 | ||
| sha256 | a9e9f0228004dc8b1b76218a91f71612a9ff00fa12f05e048b76a7aa64792c38 | ||
| ssdeep | 6144:cm0fUcaLudpcSVBdtQ+edbC+HuLPyv0no9TBPfUc7WWxa0e3fqexxV:3rchVBcHpC+Hu2vuo9TxvYLz | ||
| imphash | fbe73ebaafab027a78c9c7613f7ead13 | ||
| impfuzzy | 96:rUcRXNsvVAcd+SwVyX5aFLKQoQKkKTv9uBcGa:TaGVy/QQTvY6 | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 13 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x441078 WritePrivateProfileStringW
0x44107c GetVersionExW
0x441080 FreeResource
0x441084 WideCharToMultiByte
0x441088 GetCurrentThreadId
0x44108c GetStartupInfoW
0x441090 SetLastError
0x441094 InterlockedExchange
0x441098 CreateDirectoryW
0x44109c MultiByteToWideChar
0x4410a0 lstrlenA
0x4410a4 LocalFree
0x4410a8 CreateEventW
0x4410ac WaitForSingleObject
0x4410b0 SetEvent
0x4410b4 OpenEventW
0x4410b8 ReadFile
0x4410bc GetWindowsDirectoryW
0x4410c0 GetCurrentThread
0x4410c4 GetLocalTime
0x4410c8 OpenMutexW
0x4410cc GetStdHandle
0x4410d0 PeekNamedPipe
0x4410d4 lstrlenW
0x4410d8 GetSystemWindowsDirectoryW
0x4410dc ResumeThread
0x4410e0 VirtualQuery
0x4410e4 VirtualProtect
0x4410e8 VirtualAlloc
0x4410ec GetThreadContext
0x4410f0 SetThreadContext
0x4410f4 FlushInstructionCache
0x4410f8 SuspendThread
0x4410fc WriteFile
0x441100 SetFilePointer
0x441104 GetFileSize
0x441108 LoadLibraryA
0x44110c ExpandEnvironmentStringsW
0x441110 GetFileSizeEx
0x441114 CreateThread
0x441118 GetPrivateProfileStringW
0x44111c ExitProcess
0x441120 CreateMutexW
0x441124 SetEnvironmentVariableW
0x441128 ProcessIdToSessionId
0x44112c TerminateProcess
0x441130 GetCommandLineW
0x441134 OpenProcess
0x441138 GetLastError
0x44113c GetLongPathNameW
0x441140 Sleep
0x441144 InterlockedCompareExchange
0x441148 IsWow64Process
0x44114c GetCurrentProcess
0x441150 GetTickCount
0x441154 EnterCriticalSection
0x441158 LeaveCriticalSection
0x44115c CreateProcessW
0x441160 InitializeCriticalSection
0x441164 DeleteCriticalSection
0x441168 LoadLibraryExW
0x44116c GetModuleHandleW
0x441170 DeviceIoControl
0x441174 CreateFileW
0x441178 LoadLibraryW
0x44117c GetCurrentProcessId
0x441180 FindNextFileW
0x441184 FindClose
0x441188 FindFirstFileW
0x44118c InterlockedIncrement
0x441190 GetTempPathW
0x441194 GetTempFileNameW
0x441198 DeleteFileW
0x44119c InterlockedDecrement
0x4411a0 GetProcAddress
0x4411a4 FreeLibrary
0x4411a8 CloseHandle
0x4411ac GetModuleFileNameW
0x4411b0 FindResourceExW
0x4411b4 FindResourceW
0x4411b8 LoadResource
0x4411bc GetLocaleInfoA
0x4411c0 GetStringTypeW
0x4411c4 GetStringTypeA
0x4411c8 LCMapStringA
0x4411cc WriteConsoleW
0x4411d0 GetConsoleOutputCP
0x4411d4 WriteConsoleA
0x4411d8 FlushFileBuffers
0x4411dc SetStdHandle
0x4411e0 GetModuleHandleA
0x4411e4 QueryPerformanceCounter
0x4411e8 GetStartupInfoA
0x4411ec GetFileType
0x4411f0 SetHandleCount
0x4411f4 GetEnvironmentStringsW
0x4411f8 FreeEnvironmentStringsW
0x4411fc LCMapStringW
0x441200 InitializeCriticalSectionAndSpinCount
0x441204 IsValidCodePage
0x441208 GetOEMCP
0x44120c GetACP
0x441210 GetCPInfo
0x441214 GetModuleFileNameA
0x441218 GetConsoleMode
0x44121c GetConsoleCP
0x441220 VirtualFree
0x441224 HeapCreate
0x441228 RtlUnwind
0x44122c IsDebuggerPresent
0x441230 SetUnhandledExceptionFilter
0x441234 UnhandledExceptionFilter
0x441238 HeapSize
0x44123c HeapReAlloc
0x441240 LockResource
0x441244 SizeofResource
0x441248 RaiseException
0x44124c HeapDestroy
0x441250 TlsFree
0x441254 TlsAlloc
0x441258 ReleaseMutex
0x44125c CreateFileA
0x441260 SystemTimeToFileTime
0x441264 GetSystemTimeAsFileTime
0x441268 LocalFileTimeToFileTime
0x44126c SetEndOfFile
0x441270 SetFilePointerEx
0x441274 TlsGetValue
0x441278 HeapAlloc
0x44127c HeapFree
0x441280 OutputDebugStringW
0x441284 GetProcessHeap
0x441288 TlsSetValue
0x44128c HeapUnlock
0x441290 OpenThread
0x441294 HeapLock
0x441298 HeapWalk
USER32.dll
0x441320 FindWindowW
0x441324 GetWindowThreadProcessId
ADVAPI32.dll
0x441000 RegisterServiceCtrlHandlerExW
0x441004 RegOpenKeyExW
0x441008 RegQueryValueExW
0x44100c RegCloseKey
0x441010 RegEnumKeyW
0x441014 RegCreateKeyW
0x441018 SetServiceStatus
0x44101c StartServiceCtrlDispatcherW
0x441020 RegEnumValueW
0x441024 GetTokenInformation
0x441028 RegEnumKeyExW
0x44102c RegDeleteKeyW
0x441030 DeleteService
0x441034 ControlService
0x441038 QueryServiceStatus
0x44103c OpenServiceW
0x441040 OpenSCManagerW
0x441044 FreeSid
0x441048 CheckTokenMembership
0x44104c AllocateAndInitializeSid
0x441050 DuplicateToken
0x441054 OpenProcessToken
0x441058 RegSetValueExW
0x44105c RegDeleteValueW
0x441060 RegOpenKeyW
0x441064 CloseServiceHandle
0x441068 RegQueryValueExA
SHELL32.dll
0x4412c8 ShellExecuteExW
0x4412cc SHGetSpecialFolderPathW
0x4412d0 CommandLineToArgvW
ole32.dll
0x441364 CreateStreamOnHGlobal
0x441368 CoInitialize
0x44136c CoUninitialize
0x441370 CoCreateInstance
OLEAUT32.dll
0x4412a0 SysStringLen
0x4412a4 SysFreeString
0x4412a8 SysAllocString
0x4412ac VariantClear
0x4412b0 SysStringByteLen
0x4412b4 SysAllocStringByteLen
0x4412b8 VariantInit
SHLWAPI.dll
0x4412d8 SHDeleteValueW
0x4412dc StrCmpNIW
0x4412e0 PathAddBackslashW
0x4412e4 PathAppendW
0x4412e8 PathIsRelativeW
0x4412ec StrStrIW
0x4412f0 SHGetValueW
0x4412f4 PathCombineW
0x4412f8 PathRemoveFileSpecW
0x4412fc StrStrW
0x441300 StrRChrW
0x441304 StrChrW
0x441308 StrCmpIW
0x44130c PathFindFileNameW
0x441310 PathIsDirectoryW
0x441314 PathFileExistsW
0x441318 SHSetValueW
VERSION.dll
0x441334 VerQueryValueW
IMM32.dll
0x441070 ImmDisableIME
USERENV.dll
0x44132c ExpandEnvironmentStringsForUserW
PSAPI.DLL
0x4412c0 GetModuleFileNameExW
ntdll.dll
0x44133c RtlAllocateHeap
0x441340 ZwProtectVirtualMemory
0x441344 NtDelayExecution
0x441348 ZwAllocateVirtualMemory
0x44134c RtlCreateHeap
0x441350 ZwQuerySystemInformation
0x441354 ZwQueryVirtualMemory
0x441358 ZwFreeVirtualMemory
0x44135c RtlReAllocateHeap
EAT(Export Address Table) is none
KERNEL32.dll
0x441078 WritePrivateProfileStringW
0x44107c GetVersionExW
0x441080 FreeResource
0x441084 WideCharToMultiByte
0x441088 GetCurrentThreadId
0x44108c GetStartupInfoW
0x441090 SetLastError
0x441094 InterlockedExchange
0x441098 CreateDirectoryW
0x44109c MultiByteToWideChar
0x4410a0 lstrlenA
0x4410a4 LocalFree
0x4410a8 CreateEventW
0x4410ac WaitForSingleObject
0x4410b0 SetEvent
0x4410b4 OpenEventW
0x4410b8 ReadFile
0x4410bc GetWindowsDirectoryW
0x4410c0 GetCurrentThread
0x4410c4 GetLocalTime
0x4410c8 OpenMutexW
0x4410cc GetStdHandle
0x4410d0 PeekNamedPipe
0x4410d4 lstrlenW
0x4410d8 GetSystemWindowsDirectoryW
0x4410dc ResumeThread
0x4410e0 VirtualQuery
0x4410e4 VirtualProtect
0x4410e8 VirtualAlloc
0x4410ec GetThreadContext
0x4410f0 SetThreadContext
0x4410f4 FlushInstructionCache
0x4410f8 SuspendThread
0x4410fc WriteFile
0x441100 SetFilePointer
0x441104 GetFileSize
0x441108 LoadLibraryA
0x44110c ExpandEnvironmentStringsW
0x441110 GetFileSizeEx
0x441114 CreateThread
0x441118 GetPrivateProfileStringW
0x44111c ExitProcess
0x441120 CreateMutexW
0x441124 SetEnvironmentVariableW
0x441128 ProcessIdToSessionId
0x44112c TerminateProcess
0x441130 GetCommandLineW
0x441134 OpenProcess
0x441138 GetLastError
0x44113c GetLongPathNameW
0x441140 Sleep
0x441144 InterlockedCompareExchange
0x441148 IsWow64Process
0x44114c GetCurrentProcess
0x441150 GetTickCount
0x441154 EnterCriticalSection
0x441158 LeaveCriticalSection
0x44115c CreateProcessW
0x441160 InitializeCriticalSection
0x441164 DeleteCriticalSection
0x441168 LoadLibraryExW
0x44116c GetModuleHandleW
0x441170 DeviceIoControl
0x441174 CreateFileW
0x441178 LoadLibraryW
0x44117c GetCurrentProcessId
0x441180 FindNextFileW
0x441184 FindClose
0x441188 FindFirstFileW
0x44118c InterlockedIncrement
0x441190 GetTempPathW
0x441194 GetTempFileNameW
0x441198 DeleteFileW
0x44119c InterlockedDecrement
0x4411a0 GetProcAddress
0x4411a4 FreeLibrary
0x4411a8 CloseHandle
0x4411ac GetModuleFileNameW
0x4411b0 FindResourceExW
0x4411b4 FindResourceW
0x4411b8 LoadResource
0x4411bc GetLocaleInfoA
0x4411c0 GetStringTypeW
0x4411c4 GetStringTypeA
0x4411c8 LCMapStringA
0x4411cc WriteConsoleW
0x4411d0 GetConsoleOutputCP
0x4411d4 WriteConsoleA
0x4411d8 FlushFileBuffers
0x4411dc SetStdHandle
0x4411e0 GetModuleHandleA
0x4411e4 QueryPerformanceCounter
0x4411e8 GetStartupInfoA
0x4411ec GetFileType
0x4411f0 SetHandleCount
0x4411f4 GetEnvironmentStringsW
0x4411f8 FreeEnvironmentStringsW
0x4411fc LCMapStringW
0x441200 InitializeCriticalSectionAndSpinCount
0x441204 IsValidCodePage
0x441208 GetOEMCP
0x44120c GetACP
0x441210 GetCPInfo
0x441214 GetModuleFileNameA
0x441218 GetConsoleMode
0x44121c GetConsoleCP
0x441220 VirtualFree
0x441224 HeapCreate
0x441228 RtlUnwind
0x44122c IsDebuggerPresent
0x441230 SetUnhandledExceptionFilter
0x441234 UnhandledExceptionFilter
0x441238 HeapSize
0x44123c HeapReAlloc
0x441240 LockResource
0x441244 SizeofResource
0x441248 RaiseException
0x44124c HeapDestroy
0x441250 TlsFree
0x441254 TlsAlloc
0x441258 ReleaseMutex
0x44125c CreateFileA
0x441260 SystemTimeToFileTime
0x441264 GetSystemTimeAsFileTime
0x441268 LocalFileTimeToFileTime
0x44126c SetEndOfFile
0x441270 SetFilePointerEx
0x441274 TlsGetValue
0x441278 HeapAlloc
0x44127c HeapFree
0x441280 OutputDebugStringW
0x441284 GetProcessHeap
0x441288 TlsSetValue
0x44128c HeapUnlock
0x441290 OpenThread
0x441294 HeapLock
0x441298 HeapWalk
USER32.dll
0x441320 FindWindowW
0x441324 GetWindowThreadProcessId
ADVAPI32.dll
0x441000 RegisterServiceCtrlHandlerExW
0x441004 RegOpenKeyExW
0x441008 RegQueryValueExW
0x44100c RegCloseKey
0x441010 RegEnumKeyW
0x441014 RegCreateKeyW
0x441018 SetServiceStatus
0x44101c StartServiceCtrlDispatcherW
0x441020 RegEnumValueW
0x441024 GetTokenInformation
0x441028 RegEnumKeyExW
0x44102c RegDeleteKeyW
0x441030 DeleteService
0x441034 ControlService
0x441038 QueryServiceStatus
0x44103c OpenServiceW
0x441040 OpenSCManagerW
0x441044 FreeSid
0x441048 CheckTokenMembership
0x44104c AllocateAndInitializeSid
0x441050 DuplicateToken
0x441054 OpenProcessToken
0x441058 RegSetValueExW
0x44105c RegDeleteValueW
0x441060 RegOpenKeyW
0x441064 CloseServiceHandle
0x441068 RegQueryValueExA
SHELL32.dll
0x4412c8 ShellExecuteExW
0x4412cc SHGetSpecialFolderPathW
0x4412d0 CommandLineToArgvW
ole32.dll
0x441364 CreateStreamOnHGlobal
0x441368 CoInitialize
0x44136c CoUninitialize
0x441370 CoCreateInstance
OLEAUT32.dll
0x4412a0 SysStringLen
0x4412a4 SysFreeString
0x4412a8 SysAllocString
0x4412ac VariantClear
0x4412b0 SysStringByteLen
0x4412b4 SysAllocStringByteLen
0x4412b8 VariantInit
SHLWAPI.dll
0x4412d8 SHDeleteValueW
0x4412dc StrCmpNIW
0x4412e0 PathAddBackslashW
0x4412e4 PathAppendW
0x4412e8 PathIsRelativeW
0x4412ec StrStrIW
0x4412f0 SHGetValueW
0x4412f4 PathCombineW
0x4412f8 PathRemoveFileSpecW
0x4412fc StrStrW
0x441300 StrRChrW
0x441304 StrChrW
0x441308 StrCmpIW
0x44130c PathFindFileNameW
0x441310 PathIsDirectoryW
0x441314 PathFileExistsW
0x441318 SHSetValueW
VERSION.dll
0x441334 VerQueryValueW
IMM32.dll
0x441070 ImmDisableIME
USERENV.dll
0x44132c ExpandEnvironmentStringsForUserW
PSAPI.DLL
0x4412c0 GetModuleFileNameExW
ntdll.dll
0x44133c RtlAllocateHeap
0x441340 ZwProtectVirtualMemory
0x441344 NtDelayExecution
0x441348 ZwAllocateVirtualMemory
0x44134c RtlCreateHeap
0x441350 ZwQuerySystemInformation
0x441354 ZwQueryVirtualMemory
0x441358 ZwFreeVirtualMemory
0x44135c RtlReAllocateHeap
EAT(Export Address Table) is none