ScreenShot
| Created | 2023.11.12 14:46 | Machine | s1_win7_x6401 |
| Filename | ACR.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 4247de093585ea6db6b6c520ca81247d | ||
| sha256 | f8fe61e04324bca052cb7a6808c0e15502128106028e9cd9bbca5426ee2b568f | ||
| ssdeep | 6144:qJR3JY53d1R0vyZyBgCI3YhOaxHnp0CHnAWxZ+IAOGu+3EA:1s+qpnp7hrgu/ | ||
| imphash | fbead5cf30fac8e550ee40c1e88200b2 | ||
| impfuzzy | 24:XuzojD75j64yb5Du9QHuOGOovGtucplEMXXv7ZXGbJh9AvXo1GMxFZk1E9I5C:Xus6xBNtucpe2XvlXGDUXaFZkW9I5C | ||
Network IP location
Signature (12cnts)
| Level | Description |
|---|---|
| watch | Appends a known CryptoMix ransomware file extension to files that have been encrypted |
| watch | Attempts to access Bitcoin/ALTCoin wallets |
| watch | Communicates with host for which no DNS query was performed |
| watch | Disables proxy possibly for traffic interception |
| watch | Harvests credentials from local FTP client softwares |
| watch | Harvests information related to installed instant messenger clients |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Sends data using the HTTP POST Method |
| notice | Steals private information from local Internet browsers |
| info | Checks amount of memory in system |
| info | Queries for the computername |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x43c008 lstrlenA
0x43c00c OpenProcess
0x43c010 LoadLibraryW
0x43c014 HeapAlloc
0x43c018 GetProcAddress
0x43c01c GetCurrentProcessId
0x43c020 GetProcessHeap
0x43c024 GetCurrentProcess
0x43c028 TerminateProcess
0x43c02c WaitForSingleObject
0x43c030 Sleep
0x43c034 CloseHandle
0x43c038 GetNativeSystemInfo
0x43c03c HeapFree
0x43c040 OutputDebugStringA
0x43c044 ReadFile
0x43c048 GetLastError
0x43c04c GetModuleHandleW
0x43c050 WideCharToMultiByte
0x43c054 HeapSize
0x43c058 SetEnvironmentVariableW
0x43c05c FreeEnvironmentStringsW
0x43c060 GetEnvironmentStringsW
0x43c064 GetCommandLineW
0x43c068 GetCommandLineA
0x43c06c GetOEMCP
0x43c070 GetACP
0x43c074 MultiByteToWideChar
0x43c078 UnhandledExceptionFilter
0x43c07c SetUnhandledExceptionFilter
0x43c080 IsProcessorFeaturePresent
0x43c084 EnterCriticalSection
0x43c088 LeaveCriticalSection
0x43c08c InitializeCriticalSectionAndSpinCount
0x43c090 DeleteCriticalSection
0x43c094 CreateEventW
0x43c098 IsDebuggerPresent
0x43c09c GetStartupInfoW
0x43c0a0 QueryPerformanceCounter
0x43c0a4 GetCurrentThreadId
0x43c0a8 GetSystemTimeAsFileTime
0x43c0ac InitializeSListHead
0x43c0b0 GetStringTypeW
0x43c0b4 InitializeCriticalSectionEx
0x43c0b8 EncodePointer
0x43c0bc DecodePointer
0x43c0c0 LCMapStringEx
0x43c0c4 GetCPInfo
0x43c0c8 RaiseException
0x43c0cc RtlUnwind
0x43c0d0 SetLastError
0x43c0d4 TlsAlloc
0x43c0d8 TlsGetValue
0x43c0dc TlsSetValue
0x43c0e0 TlsFree
0x43c0e4 FreeLibrary
0x43c0e8 LoadLibraryExW
0x43c0ec SetEndOfFile
0x43c0f0 CreateFileW
0x43c0f4 GetFileType
0x43c0f8 ExitProcess
0x43c0fc GetModuleHandleExW
0x43c100 GetModuleFileNameW
0x43c104 GetStdHandle
0x43c108 WriteFile
0x43c10c SetStdHandle
0x43c110 GetConsoleOutputCP
0x43c114 GetConsoleMode
0x43c118 SetFilePointerEx
0x43c11c CompareStringW
0x43c120 LCMapStringW
0x43c124 GetLocaleInfoW
0x43c128 IsValidLocale
0x43c12c GetUserDefaultLCID
0x43c130 EnumSystemLocalesW
0x43c134 GetTimeZoneInformation
0x43c138 FlushFileBuffers
0x43c13c HeapReAlloc
0x43c140 ReadConsoleW
0x43c144 FindClose
0x43c148 FindFirstFileExW
0x43c14c FindNextFileW
0x43c150 IsValidCodePage
0x43c154 WriteConsoleW
SHELL32.dll
0x43c170 SHGetFolderPathA
ntdll.dll
0x43c178 RtlInitUnicodeString
RstrtMgr.DLL
0x43c15c RmGetList
0x43c160 RmRegisterResources
0x43c164 RmStartSession
0x43c168 RmEndSession
CRYPT32.dll
0x43c000 CryptUnprotectData
EAT(Export Address Table) is none
KERNEL32.dll
0x43c008 lstrlenA
0x43c00c OpenProcess
0x43c010 LoadLibraryW
0x43c014 HeapAlloc
0x43c018 GetProcAddress
0x43c01c GetCurrentProcessId
0x43c020 GetProcessHeap
0x43c024 GetCurrentProcess
0x43c028 TerminateProcess
0x43c02c WaitForSingleObject
0x43c030 Sleep
0x43c034 CloseHandle
0x43c038 GetNativeSystemInfo
0x43c03c HeapFree
0x43c040 OutputDebugStringA
0x43c044 ReadFile
0x43c048 GetLastError
0x43c04c GetModuleHandleW
0x43c050 WideCharToMultiByte
0x43c054 HeapSize
0x43c058 SetEnvironmentVariableW
0x43c05c FreeEnvironmentStringsW
0x43c060 GetEnvironmentStringsW
0x43c064 GetCommandLineW
0x43c068 GetCommandLineA
0x43c06c GetOEMCP
0x43c070 GetACP
0x43c074 MultiByteToWideChar
0x43c078 UnhandledExceptionFilter
0x43c07c SetUnhandledExceptionFilter
0x43c080 IsProcessorFeaturePresent
0x43c084 EnterCriticalSection
0x43c088 LeaveCriticalSection
0x43c08c InitializeCriticalSectionAndSpinCount
0x43c090 DeleteCriticalSection
0x43c094 CreateEventW
0x43c098 IsDebuggerPresent
0x43c09c GetStartupInfoW
0x43c0a0 QueryPerformanceCounter
0x43c0a4 GetCurrentThreadId
0x43c0a8 GetSystemTimeAsFileTime
0x43c0ac InitializeSListHead
0x43c0b0 GetStringTypeW
0x43c0b4 InitializeCriticalSectionEx
0x43c0b8 EncodePointer
0x43c0bc DecodePointer
0x43c0c0 LCMapStringEx
0x43c0c4 GetCPInfo
0x43c0c8 RaiseException
0x43c0cc RtlUnwind
0x43c0d0 SetLastError
0x43c0d4 TlsAlloc
0x43c0d8 TlsGetValue
0x43c0dc TlsSetValue
0x43c0e0 TlsFree
0x43c0e4 FreeLibrary
0x43c0e8 LoadLibraryExW
0x43c0ec SetEndOfFile
0x43c0f0 CreateFileW
0x43c0f4 GetFileType
0x43c0f8 ExitProcess
0x43c0fc GetModuleHandleExW
0x43c100 GetModuleFileNameW
0x43c104 GetStdHandle
0x43c108 WriteFile
0x43c10c SetStdHandle
0x43c110 GetConsoleOutputCP
0x43c114 GetConsoleMode
0x43c118 SetFilePointerEx
0x43c11c CompareStringW
0x43c120 LCMapStringW
0x43c124 GetLocaleInfoW
0x43c128 IsValidLocale
0x43c12c GetUserDefaultLCID
0x43c130 EnumSystemLocalesW
0x43c134 GetTimeZoneInformation
0x43c138 FlushFileBuffers
0x43c13c HeapReAlloc
0x43c140 ReadConsoleW
0x43c144 FindClose
0x43c148 FindFirstFileExW
0x43c14c FindNextFileW
0x43c150 IsValidCodePage
0x43c154 WriteConsoleW
SHELL32.dll
0x43c170 SHGetFolderPathA
ntdll.dll
0x43c178 RtlInitUnicodeString
RstrtMgr.DLL
0x43c15c RmGetList
0x43c160 RmRegisterResources
0x43c164 RmStartSession
0x43c168 RmEndSession
CRYPT32.dll
0x43c000 CryptUnprotectData
EAT(Export Address Table) is none