Report - Discord.exe

Gen1 Generic Malware Malicious Library UPX PE File PE64 OS Processor Check DLL ZIP Format
ScreenShot
Created 2023.11.20 09:49 Machine s1_win7_x6403
Filename Discord.exe
Type PE32+ executable (GUI) x86-64, for MS Windows
AI Score
1
Behavior Score
2.2
ZERO API file : malware
VT API (file) 45 detected (AIDetectMalware, tstc, GenericKD, Artemis, PyInstaller, Attribute, HighConfidence, malicious, high confidence, dffz, BDOJ, Simw, lwkun, Python, Muldrop, Detected, Eldorado, GrayWare, Wacapew, BlankGrabber, TCR5QI, score, ai score=81, unsafe, Chgt, CLASSIC, susgen, PackedPyInstaller, confidence, 100%)
md5 5fe0d276069583d186448d4aaf9a2842
sha256 abfae33792c8c075a2993310b182c0090ac9042481f1d7d10e3c72f5bba3680a
ssdeep 196608:+EYS6g9qOshoKMuIkhVastRL5Di3uz1D7c03:FYSd8OshouIkPftRL54aRZ3
imphash 20d446c1cb128febd23deb17efb67cf6
impfuzzy 48:t/gub6EwoQ54rzSv6xvi2ymeV9R+hteS1Xc+pIuCJcgTkOtV0Kq14r:phV9eVuhteS1Xc+pIustkiWHS
  Network IP location

Signature (5cnts)

Level Description
danger File has been identified by 45 AntiVirus engines on VirusTotal as malicious
notice Creates executable files on the filesystem
info Checks amount of memory in system
info One or more processes crashed
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (15cnts)

Level Name Description Collection
danger Win32_Trojan_Gen_1_0904B0_Zero Win32 Trojan Emotet binaries (download)
danger Win32_Trojan_Gen_1_0904B0_Zero Win32 Trojan Emotet binaries (upload)
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (download)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch UPX_Zero UPX packed file binaries (download)
watch UPX_Zero UPX packed file binaries (upload)
info IsDLL (no description) binaries (download)
info IsPE64 (no description) binaries (download)
info IsPE64 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (download)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (download)
info PE_Header_Zero PE File Signature binaries (upload)
info zip_file_format ZIP file format binaries (download)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

USER32.dll
 0x14002b390 CreateWindowExW
 0x14002b398 MessageBoxW
 0x14002b3a0 MessageBoxA
 0x14002b3a8 SystemParametersInfoW
 0x14002b3b0 DestroyIcon
 0x14002b3b8 SetWindowLongPtrW
 0x14002b3c0 GetWindowLongPtrW
 0x14002b3c8 GetClientRect
 0x14002b3d0 InvalidateRect
 0x14002b3d8 ReleaseDC
 0x14002b3e0 GetDC
 0x14002b3e8 DrawTextW
 0x14002b3f0 GetDialogBaseUnits
 0x14002b3f8 EndDialog
 0x14002b400 DialogBoxIndirectParamW
 0x14002b408 MoveWindow
 0x14002b410 SendMessageW
COMCTL32.dll
 0x14002b028 None
KERNEL32.dll
 0x14002b058 GetStringTypeW
 0x14002b060 GetFileAttributesExW
 0x14002b068 HeapReAlloc
 0x14002b070 FlushFileBuffers
 0x14002b078 GetCurrentDirectoryW
 0x14002b080 IsValidCodePage
 0x14002b088 GetACP
 0x14002b090 GetModuleHandleW
 0x14002b098 MulDiv
 0x14002b0a0 GetLastError
 0x14002b0a8 SetDllDirectoryW
 0x14002b0b0 GetModuleFileNameW
 0x14002b0b8 CreateSymbolicLinkW
 0x14002b0c0 GetProcAddress
 0x14002b0c8 GetCommandLineW
 0x14002b0d0 GetEnvironmentVariableW
 0x14002b0d8 GetOEMCP
 0x14002b0e0 ExpandEnvironmentStringsW
 0x14002b0e8 CreateDirectoryW
 0x14002b0f0 GetTempPathW
 0x14002b0f8 WaitForSingleObject
 0x14002b100 Sleep
 0x14002b108 GetExitCodeProcess
 0x14002b110 CreateProcessW
 0x14002b118 GetStartupInfoW
 0x14002b120 FreeLibrary
 0x14002b128 LoadLibraryExW
 0x14002b130 SetConsoleCtrlHandler
 0x14002b138 FindClose
 0x14002b140 FindFirstFileExW
 0x14002b148 CloseHandle
 0x14002b150 GetCurrentProcess
 0x14002b158 LocalFree
 0x14002b160 FormatMessageW
 0x14002b168 MultiByteToWideChar
 0x14002b170 WideCharToMultiByte
 0x14002b178 GetCPInfo
 0x14002b180 GetEnvironmentStringsW
 0x14002b188 FreeEnvironmentStringsW
 0x14002b190 GetProcessHeap
 0x14002b198 GetTimeZoneInformation
 0x14002b1a0 HeapSize
 0x14002b1a8 WriteConsoleW
 0x14002b1b0 SetEnvironmentVariableW
 0x14002b1b8 RtlUnwindEx
 0x14002b1c0 RtlCaptureContext
 0x14002b1c8 RtlLookupFunctionEntry
 0x14002b1d0 RtlVirtualUnwind
 0x14002b1d8 UnhandledExceptionFilter
 0x14002b1e0 SetUnhandledExceptionFilter
 0x14002b1e8 TerminateProcess
 0x14002b1f0 IsProcessorFeaturePresent
 0x14002b1f8 QueryPerformanceCounter
 0x14002b200 GetCurrentProcessId
 0x14002b208 GetCurrentThreadId
 0x14002b210 GetSystemTimeAsFileTime
 0x14002b218 InitializeSListHead
 0x14002b220 IsDebuggerPresent
 0x14002b228 SetEndOfFile
 0x14002b230 SetLastError
 0x14002b238 EnterCriticalSection
 0x14002b240 LeaveCriticalSection
 0x14002b248 DeleteCriticalSection
 0x14002b250 InitializeCriticalSectionAndSpinCount
 0x14002b258 TlsAlloc
 0x14002b260 TlsGetValue
 0x14002b268 TlsSetValue
 0x14002b270 TlsFree
 0x14002b278 EncodePointer
 0x14002b280 RaiseException
 0x14002b288 RtlPcToFileHeader
 0x14002b290 GetCommandLineA
 0x14002b298 CreateFileW
 0x14002b2a0 GetDriveTypeW
 0x14002b2a8 GetFileInformationByHandle
 0x14002b2b0 GetFileType
 0x14002b2b8 PeekNamedPipe
 0x14002b2c0 SystemTimeToTzSpecificLocalTime
 0x14002b2c8 FileTimeToSystemTime
 0x14002b2d0 GetFullPathNameW
 0x14002b2d8 RemoveDirectoryW
 0x14002b2e0 FindNextFileW
 0x14002b2e8 SetStdHandle
 0x14002b2f0 DeleteFileW
 0x14002b2f8 ReadFile
 0x14002b300 GetStdHandle
 0x14002b308 WriteFile
 0x14002b310 ExitProcess
 0x14002b318 GetModuleHandleExW
 0x14002b320 HeapFree
 0x14002b328 GetConsoleMode
 0x14002b330 ReadConsoleW
 0x14002b338 SetFilePointerEx
 0x14002b340 GetConsoleOutputCP
 0x14002b348 GetFileSizeEx
 0x14002b350 HeapAlloc
 0x14002b358 FlsAlloc
 0x14002b360 FlsGetValue
 0x14002b368 FlsSetValue
 0x14002b370 FlsFree
 0x14002b378 CompareStringW
 0x14002b380 LCMapStringW
ADVAPI32.dll
 0x14002b000 OpenProcessToken
 0x14002b008 GetTokenInformation
 0x14002b010 ConvertStringSecurityDescriptorToSecurityDescriptorW
 0x14002b018 ConvertSidToStringSidW
GDI32.dll
 0x14002b038 SelectObject
 0x14002b040 DeleteObject
 0x14002b048 CreateFontIndirectW

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure