ScreenShot
| Created | 2023.11.11 16:36 | Machine | s1_win7_x6401 |
| Filename | cfyjsswdds.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 9a39f83bf263a651eab2fed7cbabfb29 | ||
| sha256 | e6ad076db5e1fbbe14d35992f5282676c56e5bda6568d63fab937cf2e7a29dd2 | ||
| ssdeep | 3072:ObjUNyep0fbKB/1gKKdAZlZx3251o51IOZLz345eSUKN7nlr7Ozw:CUppv5KdALPRHIOsBNpj | ||
| imphash | c2f612f67ccf95e5a46ba073ff52d650 | ||
| impfuzzy | 96:i1tSqkgq/rzx9LX3r8weXKYEeHtBXWkle+fcAGSJtoMk53:GtoN5ZL8L6YE4LGsM3 | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40101c WriteConsoleInputW
0x401020 lstrlenA
0x401024 GetConsoleAliasesLengthW
0x401028 EnumDateFormatsExW
0x40102c GetLocaleInfoA
0x401030 GetConsoleAliasExesA
0x401034 GetDriveTypeW
0x401038 _llseek
0x40103c WriteConsoleOutputCharacterA
0x401040 BuildCommDCBAndTimeoutsA
0x401044 WriteConsoleOutputW
0x401048 HeapAlloc
0x40104c DeleteVolumeMountPointA
0x401050 InterlockedIncrement
0x401054 VerSetConditionMask
0x401058 OpenJobObjectA
0x40105c GetCommState
0x401060 GetConsoleAliasA
0x401064 InterlockedDecrement
0x401068 GetCurrentProcess
0x40106c GetSystemWindowsDirectoryW
0x401070 QueryDosDeviceA
0x401074 HeapFree
0x401078 GetEnvironmentStringsW
0x40107c AddConsoleAliasW
0x401080 OpenSemaphoreA
0x401084 CreateHardLinkA
0x401088 SleepEx
0x40108c GetFileAttributesExA
0x401090 _lclose
0x401094 SetTapeParameters
0x401098 MoveFileWithProgressA
0x40109c GetModuleHandleW
0x4010a0 GetCommConfig
0x4010a4 CreateNamedPipeW
0x4010a8 LocalFlags
0x4010ac FindNextVolumeMountPointA
0x4010b0 GetConsoleAliasesLengthA
0x4010b4 ConvertFiberToThread
0x4010b8 ExpandEnvironmentStringsA
0x4010bc ReadConsoleW
0x4010c0 WaitNamedPipeW
0x4010c4 GetUserDefaultLangID
0x4010c8 SetCommState
0x4010cc GetCommandLineA
0x4010d0 CreateActCtxW
0x4010d4 CreateDirectoryExW
0x4010d8 GetDriveTypeA
0x4010dc GetVolumePathNameW
0x4010e0 GetCurrencyFormatW
0x4010e4 ActivateActCtx
0x4010e8 GlobalAlloc
0x4010ec SetFileShortNameW
0x4010f0 LoadLibraryW
0x4010f4 GetConsoleMode
0x4010f8 FatalAppExitW
0x4010fc _hread
0x401100 GetCalendarInfoW
0x401104 GetSystemWindowsDirectoryA
0x401108 SetConsoleCP
0x40110c InterlockedPopEntrySList
0x401110 GetFileAttributesA
0x401114 GlobalFlags
0x401118 HeapCreate
0x40111c EnumSystemCodePagesA
0x401120 SetTimeZoneInformation
0x401124 SetSystemPowerState
0x401128 WritePrivateProfileSectionW
0x40112c TerminateProcess
0x401130 GetCompressedFileSizeA
0x401134 SetLocaleInfoA
0x401138 CreateFileW
0x40113c lstrlenW
0x401140 FindNextVolumeMountPointW
0x401144 ReplaceFileA
0x401148 GlobalUnlock
0x40114c DisconnectNamedPipe
0x401150 GetTempPathW
0x401154 GetNamedPipeHandleStateW
0x401158 EnumSystemLocalesA
0x40115c GetPrivateProfileIntW
0x401160 GetConsoleOutputCP
0x401164 VerifyVersionInfoW
0x401168 GlobalUnfix
0x40116c SetThreadLocale
0x401170 FindFirstFileA
0x401174 GetCurrentDirectoryW
0x401178 GetProcAddress
0x40117c RemoveDirectoryA
0x401180 SetComputerNameA
0x401184 VerLanguageNameW
0x401188 GlobalGetAtomNameA
0x40118c GetProcessVersion
0x401190 GetPrivateProfileStringA
0x401194 OpenWaitableTimerA
0x401198 Process32FirstW
0x40119c IsWow64Process
0x4011a0 BuildCommDCBAndTimeoutsW
0x4011a4 AddAtomW
0x4011a8 CreateEventW
0x4011ac SetThreadIdealProcessor
0x4011b0 FoldStringW
0x4011b4 FoldStringA
0x4011b8 GlobalFindAtomW
0x4011bc FindNextFileA
0x4011c0 _lread
0x4011c4 GetModuleHandleA
0x4011c8 CancelIo
0x4011cc GetProcessAffinityMask
0x4011d0 FindNextFileW
0x4011d4 GetStringTypeW
0x4011d8 VirtualProtect
0x4011dc CompareStringA
0x4011e0 GetConsoleCursorInfo
0x4011e4 QueryPerformanceFrequency
0x4011e8 GetShortPathNameW
0x4011ec SetCalendarInfoA
0x4011f0 SetProcessShutdownParameters
0x4011f4 ReadConsoleInputW
0x4011f8 FindAtomW
0x4011fc GetWindowsDirectoryW
0x401200 MoveFileWithProgressW
0x401204 GetTempPathA
0x401208 ReadConsoleOutputCharacterW
0x40120c InterlockedPushEntrySList
0x401210 TlsFree
0x401214 EnumSystemLocalesW
0x401218 DeleteFileA
0x40121c GetVolumeInformationW
0x401220 lstrcpyA
0x401224 WriteConsoleW
0x401228 FlushFileBuffers
0x40122c GetConsoleCP
0x401230 SetStdHandle
0x401234 IsValidLocale
0x401238 GetUserDefaultLCID
0x40123c FindFirstFileW
0x401240 SetThreadContext
0x401244 DebugActiveProcess
0x401248 GetVolumeNameForVolumeMountPointA
0x40124c GetSystemDirectoryA
0x401250 ExitProcess
0x401254 IsValidCodePage
0x401258 GetOEMCP
0x40125c GetACP
0x401260 HeapSize
0x401264 GetSystemTimeAsFileTime
0x401268 GetCurrentProcessId
0x40126c GetTickCount
0x401270 QueryPerformanceCounter
0x401274 FreeEnvironmentStringsW
0x401278 EncodePointer
0x40127c DecodePointer
0x401280 Sleep
0x401284 InitializeCriticalSection
0x401288 DeleteCriticalSection
0x40128c EnterCriticalSection
0x401290 LeaveCriticalSection
0x401294 GetLastError
0x401298 MoveFileA
0x40129c HeapReAlloc
0x4012a0 GetCommandLineW
0x4012a4 HeapSetInformation
0x4012a8 GetStartupInfoW
0x4012ac RaiseException
0x4012b0 RtlUnwind
0x4012b4 WideCharToMultiByte
0x4012b8 LCMapStringW
0x4012bc MultiByteToWideChar
0x4012c0 GetCPInfo
0x4012c4 IsProcessorFeaturePresent
0x4012c8 WriteFile
0x4012cc GetStdHandle
0x4012d0 GetModuleFileNameW
0x4012d4 SetFilePointer
0x4012d8 SetHandleCount
0x4012dc InitializeCriticalSectionAndSpinCount
0x4012e0 GetFileType
0x4012e4 UnhandledExceptionFilter
0x4012e8 SetUnhandledExceptionFilter
0x4012ec IsDebuggerPresent
0x4012f0 GetLocaleInfoW
0x4012f4 TlsAlloc
0x4012f8 TlsGetValue
0x4012fc TlsSetValue
0x401300 SetLastError
0x401304 GetCurrentThreadId
0x401308 CloseHandle
USER32.dll
0x401318 CharToOemBuffA
0x40131c GetDlgCtrlID
0x401320 CharUpperW
0x401324 DrawCaption
0x401328 GetAltTabInfoA
GDI32.dll
0x401014 GetCharWidthFloatA
ADVAPI32.dll
0x401000 ClearEventLogA
0x401004 RevertToSelf
0x401008 InitiateSystemShutdownA
0x40100c AbortSystemShutdownW
SHELL32.dll
0x401310 DragAcceptFiles
ole32.dll
0x401344 CoGetInstanceFromFile
WINHTTP.dll
0x401330 WinHttpGetProxyForUrl
0x401334 WinHttpWriteData
0x401338 WinHttpReadData
0x40133c WinHttpOpen
EAT(Export Address Table) is none
KERNEL32.dll
0x40101c WriteConsoleInputW
0x401020 lstrlenA
0x401024 GetConsoleAliasesLengthW
0x401028 EnumDateFormatsExW
0x40102c GetLocaleInfoA
0x401030 GetConsoleAliasExesA
0x401034 GetDriveTypeW
0x401038 _llseek
0x40103c WriteConsoleOutputCharacterA
0x401040 BuildCommDCBAndTimeoutsA
0x401044 WriteConsoleOutputW
0x401048 HeapAlloc
0x40104c DeleteVolumeMountPointA
0x401050 InterlockedIncrement
0x401054 VerSetConditionMask
0x401058 OpenJobObjectA
0x40105c GetCommState
0x401060 GetConsoleAliasA
0x401064 InterlockedDecrement
0x401068 GetCurrentProcess
0x40106c GetSystemWindowsDirectoryW
0x401070 QueryDosDeviceA
0x401074 HeapFree
0x401078 GetEnvironmentStringsW
0x40107c AddConsoleAliasW
0x401080 OpenSemaphoreA
0x401084 CreateHardLinkA
0x401088 SleepEx
0x40108c GetFileAttributesExA
0x401090 _lclose
0x401094 SetTapeParameters
0x401098 MoveFileWithProgressA
0x40109c GetModuleHandleW
0x4010a0 GetCommConfig
0x4010a4 CreateNamedPipeW
0x4010a8 LocalFlags
0x4010ac FindNextVolumeMountPointA
0x4010b0 GetConsoleAliasesLengthA
0x4010b4 ConvertFiberToThread
0x4010b8 ExpandEnvironmentStringsA
0x4010bc ReadConsoleW
0x4010c0 WaitNamedPipeW
0x4010c4 GetUserDefaultLangID
0x4010c8 SetCommState
0x4010cc GetCommandLineA
0x4010d0 CreateActCtxW
0x4010d4 CreateDirectoryExW
0x4010d8 GetDriveTypeA
0x4010dc GetVolumePathNameW
0x4010e0 GetCurrencyFormatW
0x4010e4 ActivateActCtx
0x4010e8 GlobalAlloc
0x4010ec SetFileShortNameW
0x4010f0 LoadLibraryW
0x4010f4 GetConsoleMode
0x4010f8 FatalAppExitW
0x4010fc _hread
0x401100 GetCalendarInfoW
0x401104 GetSystemWindowsDirectoryA
0x401108 SetConsoleCP
0x40110c InterlockedPopEntrySList
0x401110 GetFileAttributesA
0x401114 GlobalFlags
0x401118 HeapCreate
0x40111c EnumSystemCodePagesA
0x401120 SetTimeZoneInformation
0x401124 SetSystemPowerState
0x401128 WritePrivateProfileSectionW
0x40112c TerminateProcess
0x401130 GetCompressedFileSizeA
0x401134 SetLocaleInfoA
0x401138 CreateFileW
0x40113c lstrlenW
0x401140 FindNextVolumeMountPointW
0x401144 ReplaceFileA
0x401148 GlobalUnlock
0x40114c DisconnectNamedPipe
0x401150 GetTempPathW
0x401154 GetNamedPipeHandleStateW
0x401158 EnumSystemLocalesA
0x40115c GetPrivateProfileIntW
0x401160 GetConsoleOutputCP
0x401164 VerifyVersionInfoW
0x401168 GlobalUnfix
0x40116c SetThreadLocale
0x401170 FindFirstFileA
0x401174 GetCurrentDirectoryW
0x401178 GetProcAddress
0x40117c RemoveDirectoryA
0x401180 SetComputerNameA
0x401184 VerLanguageNameW
0x401188 GlobalGetAtomNameA
0x40118c GetProcessVersion
0x401190 GetPrivateProfileStringA
0x401194 OpenWaitableTimerA
0x401198 Process32FirstW
0x40119c IsWow64Process
0x4011a0 BuildCommDCBAndTimeoutsW
0x4011a4 AddAtomW
0x4011a8 CreateEventW
0x4011ac SetThreadIdealProcessor
0x4011b0 FoldStringW
0x4011b4 FoldStringA
0x4011b8 GlobalFindAtomW
0x4011bc FindNextFileA
0x4011c0 _lread
0x4011c4 GetModuleHandleA
0x4011c8 CancelIo
0x4011cc GetProcessAffinityMask
0x4011d0 FindNextFileW
0x4011d4 GetStringTypeW
0x4011d8 VirtualProtect
0x4011dc CompareStringA
0x4011e0 GetConsoleCursorInfo
0x4011e4 QueryPerformanceFrequency
0x4011e8 GetShortPathNameW
0x4011ec SetCalendarInfoA
0x4011f0 SetProcessShutdownParameters
0x4011f4 ReadConsoleInputW
0x4011f8 FindAtomW
0x4011fc GetWindowsDirectoryW
0x401200 MoveFileWithProgressW
0x401204 GetTempPathA
0x401208 ReadConsoleOutputCharacterW
0x40120c InterlockedPushEntrySList
0x401210 TlsFree
0x401214 EnumSystemLocalesW
0x401218 DeleteFileA
0x40121c GetVolumeInformationW
0x401220 lstrcpyA
0x401224 WriteConsoleW
0x401228 FlushFileBuffers
0x40122c GetConsoleCP
0x401230 SetStdHandle
0x401234 IsValidLocale
0x401238 GetUserDefaultLCID
0x40123c FindFirstFileW
0x401240 SetThreadContext
0x401244 DebugActiveProcess
0x401248 GetVolumeNameForVolumeMountPointA
0x40124c GetSystemDirectoryA
0x401250 ExitProcess
0x401254 IsValidCodePage
0x401258 GetOEMCP
0x40125c GetACP
0x401260 HeapSize
0x401264 GetSystemTimeAsFileTime
0x401268 GetCurrentProcessId
0x40126c GetTickCount
0x401270 QueryPerformanceCounter
0x401274 FreeEnvironmentStringsW
0x401278 EncodePointer
0x40127c DecodePointer
0x401280 Sleep
0x401284 InitializeCriticalSection
0x401288 DeleteCriticalSection
0x40128c EnterCriticalSection
0x401290 LeaveCriticalSection
0x401294 GetLastError
0x401298 MoveFileA
0x40129c HeapReAlloc
0x4012a0 GetCommandLineW
0x4012a4 HeapSetInformation
0x4012a8 GetStartupInfoW
0x4012ac RaiseException
0x4012b0 RtlUnwind
0x4012b4 WideCharToMultiByte
0x4012b8 LCMapStringW
0x4012bc MultiByteToWideChar
0x4012c0 GetCPInfo
0x4012c4 IsProcessorFeaturePresent
0x4012c8 WriteFile
0x4012cc GetStdHandle
0x4012d0 GetModuleFileNameW
0x4012d4 SetFilePointer
0x4012d8 SetHandleCount
0x4012dc InitializeCriticalSectionAndSpinCount
0x4012e0 GetFileType
0x4012e4 UnhandledExceptionFilter
0x4012e8 SetUnhandledExceptionFilter
0x4012ec IsDebuggerPresent
0x4012f0 GetLocaleInfoW
0x4012f4 TlsAlloc
0x4012f8 TlsGetValue
0x4012fc TlsSetValue
0x401300 SetLastError
0x401304 GetCurrentThreadId
0x401308 CloseHandle
USER32.dll
0x401318 CharToOemBuffA
0x40131c GetDlgCtrlID
0x401320 CharUpperW
0x401324 DrawCaption
0x401328 GetAltTabInfoA
GDI32.dll
0x401014 GetCharWidthFloatA
ADVAPI32.dll
0x401000 ClearEventLogA
0x401004 RevertToSelf
0x401008 InitiateSystemShutdownA
0x40100c AbortSystemShutdownW
SHELL32.dll
0x401310 DragAcceptFiles
ole32.dll
0x401344 CoGetInstanceFromFile
WINHTTP.dll
0x401330 WinHttpGetProxyForUrl
0x401334 WinHttpWriteData
0x401338 WinHttpReadData
0x40133c WinHttpOpen
EAT(Export Address Table) is none