ScreenShot
| Created | 2023.10.25 11:22 | Machine | s1_win7_x6403 |
| Filename | FX_432661.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 50 detected (AIDetectMalware, malicious, high confidence, GenericKD, unsafe, Vvk5, confidence, 100%, ZexaE, avW@aShlPPhi, Attribute, HighConfidence, AFVT, Tdkl, mrbbs, Siggen21, score, Static AI, Suspicious PE, ai score=89, GenKD, Detected, ABRisk, GTAZ, Wacatac, Malware@#25r4jjivpccpl, Casdet, R617107, Artemis, Chgt, R014H0DJO23, Generic@AI, RDML, w7xvx4wo2d+WLq4BjTme0g, susgen, MalwareX) | ||
| md5 | 897af5616bfd6af5b687876924f39ee3 | ||
| sha256 | 8a013b99a9b82e0f67b3e472f7627052915507916311f10cac5b69e87f3d19d4 | ||
| ssdeep | 12288:Tq73genXXHoA/of0L4enXXHoA/of0LOOR1:uZnR/eUhnR/eUOG | ||
| imphash | e957e1fac34ad27ace053a2e67ea5b97 | ||
| impfuzzy | 48:EF/KA//gXSv09sjEJzGSY+nB6UyCuqC1tMS175c+ppsX3wU:Gnw941tMS175c+ppsT | ||
Network IP location
Signature (11cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
| watch | Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | The process wscript.exe wrote an executable file to disk |
| watch | Wscript.exe initiated network communications indicative of a script based payload download |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | Yara rule detected in process memory |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (13cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | anti_dbg | Checks if being debugged | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
PE API
IAT(Import Address Table) Library
USER32.dll
0x410130 ShowWindow
0x410134 GetMessageW
0x410138 DefWindowProcW
0x41013c DestroyWindow
0x410140 MessageBoxW
0x410144 CreateWindowExW
0x410148 EndDialog
0x41014c RegisterClassExW
0x410150 LoadAcceleratorsW
0x410154 LoadStringW
0x410158 BeginPaint
0x41015c DispatchMessageW
0x410160 TranslateAcceleratorW
0x410164 TranslateMessage
0x410168 LoadIconW
0x41016c LoadCursorW
0x410170 PostQuitMessage
0x410174 DialogBoxParamW
0x410178 UpdateWindow
0x41017c LoadImageW
GDI32.dll
0x410000 SelectObject
0x410004 CreateCompatibleDC
0x410008 GetObjectW
0x41000c BitBlt
KERNEL32.dll
0x410014 SetFilePointerEx
0x410018 GetConsoleMode
0x41001c GetConsoleOutputCP
0x410020 FlushFileBuffers
0x410024 HeapReAlloc
0x410028 GetProcessHeap
0x41002c LCMapStringW
0x410030 CompareStringW
0x410034 CreateFileW
0x410038 WriteConsoleW
0x41003c DecodePointer
0x410040 HeapSize
0x410044 RaiseException
0x410048 UnhandledExceptionFilter
0x41004c SetUnhandledExceptionFilter
0x410050 GetCurrentProcess
0x410054 TerminateProcess
0x410058 IsProcessorFeaturePresent
0x41005c QueryPerformanceCounter
0x410060 GetCurrentProcessId
0x410064 GetCurrentThreadId
0x410068 GetSystemTimeAsFileTime
0x41006c InitializeSListHead
0x410070 IsDebuggerPresent
0x410074 GetStartupInfoW
0x410078 GetModuleHandleW
0x41007c RtlUnwind
0x410080 GetLastError
0x410084 SetLastError
0x410088 EnterCriticalSection
0x41008c LeaveCriticalSection
0x410090 DeleteCriticalSection
0x410094 InitializeCriticalSectionAndSpinCount
0x410098 TlsAlloc
0x41009c TlsGetValue
0x4100a0 TlsSetValue
0x4100a4 TlsFree
0x4100a8 FreeLibrary
0x4100ac GetProcAddress
0x4100b0 LoadLibraryExW
0x4100b4 EncodePointer
0x4100b8 GetStdHandle
0x4100bc WriteFile
0x4100c0 GetModuleFileNameW
0x4100c4 ExitProcess
0x4100c8 GetModuleHandleExW
0x4100cc HeapFree
0x4100d0 CloseHandle
0x4100d4 WaitForSingleObject
0x4100d8 GetExitCodeProcess
0x4100dc CreateProcessW
0x4100e0 GetFileAttributesExW
0x4100e4 HeapAlloc
0x4100e8 FindClose
0x4100ec FindFirstFileExW
0x4100f0 FindNextFileW
0x4100f4 IsValidCodePage
0x4100f8 GetACP
0x4100fc GetOEMCP
0x410100 GetCPInfo
0x410104 GetCommandLineA
0x410108 GetCommandLineW
0x41010c MultiByteToWideChar
0x410110 WideCharToMultiByte
0x410114 GetEnvironmentStringsW
0x410118 FreeEnvironmentStringsW
0x41011c SetEnvironmentVariableW
0x410120 SetStdHandle
0x410124 GetFileType
0x410128 GetStringTypeW
EAT(Export Address Table) is none
USER32.dll
0x410130 ShowWindow
0x410134 GetMessageW
0x410138 DefWindowProcW
0x41013c DestroyWindow
0x410140 MessageBoxW
0x410144 CreateWindowExW
0x410148 EndDialog
0x41014c RegisterClassExW
0x410150 LoadAcceleratorsW
0x410154 LoadStringW
0x410158 BeginPaint
0x41015c DispatchMessageW
0x410160 TranslateAcceleratorW
0x410164 TranslateMessage
0x410168 LoadIconW
0x41016c LoadCursorW
0x410170 PostQuitMessage
0x410174 DialogBoxParamW
0x410178 UpdateWindow
0x41017c LoadImageW
GDI32.dll
0x410000 SelectObject
0x410004 CreateCompatibleDC
0x410008 GetObjectW
0x41000c BitBlt
KERNEL32.dll
0x410014 SetFilePointerEx
0x410018 GetConsoleMode
0x41001c GetConsoleOutputCP
0x410020 FlushFileBuffers
0x410024 HeapReAlloc
0x410028 GetProcessHeap
0x41002c LCMapStringW
0x410030 CompareStringW
0x410034 CreateFileW
0x410038 WriteConsoleW
0x41003c DecodePointer
0x410040 HeapSize
0x410044 RaiseException
0x410048 UnhandledExceptionFilter
0x41004c SetUnhandledExceptionFilter
0x410050 GetCurrentProcess
0x410054 TerminateProcess
0x410058 IsProcessorFeaturePresent
0x41005c QueryPerformanceCounter
0x410060 GetCurrentProcessId
0x410064 GetCurrentThreadId
0x410068 GetSystemTimeAsFileTime
0x41006c InitializeSListHead
0x410070 IsDebuggerPresent
0x410074 GetStartupInfoW
0x410078 GetModuleHandleW
0x41007c RtlUnwind
0x410080 GetLastError
0x410084 SetLastError
0x410088 EnterCriticalSection
0x41008c LeaveCriticalSection
0x410090 DeleteCriticalSection
0x410094 InitializeCriticalSectionAndSpinCount
0x410098 TlsAlloc
0x41009c TlsGetValue
0x4100a0 TlsSetValue
0x4100a4 TlsFree
0x4100a8 FreeLibrary
0x4100ac GetProcAddress
0x4100b0 LoadLibraryExW
0x4100b4 EncodePointer
0x4100b8 GetStdHandle
0x4100bc WriteFile
0x4100c0 GetModuleFileNameW
0x4100c4 ExitProcess
0x4100c8 GetModuleHandleExW
0x4100cc HeapFree
0x4100d0 CloseHandle
0x4100d4 WaitForSingleObject
0x4100d8 GetExitCodeProcess
0x4100dc CreateProcessW
0x4100e0 GetFileAttributesExW
0x4100e4 HeapAlloc
0x4100e8 FindClose
0x4100ec FindFirstFileExW
0x4100f0 FindNextFileW
0x4100f4 IsValidCodePage
0x4100f8 GetACP
0x4100fc GetOEMCP
0x410100 GetCPInfo
0x410104 GetCommandLineA
0x410108 GetCommandLineW
0x41010c MultiByteToWideChar
0x410110 WideCharToMultiByte
0x410114 GetEnvironmentStringsW
0x410118 FreeEnvironmentStringsW
0x41011c SetEnvironmentVariableW
0x410120 SetStdHandle
0x410124 GetFileType
0x410128 GetStringTypeW
EAT(Export Address Table) is none