ScreenShot
| Created | 2023.12.07 11:48 | Machine | s1_win7_x6403 |
| Filename | libcurl.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 59 detected (AIDetectMalware, Farfli, malicious, high confidence, score, unsafe, Graftor, Save, Attribute, HighConfidence, EGZV, GhostRatCrypt, kersya, Gencirc, AGEN, MulDrop24, R002C0DL223, high, Detected, 155F78N, ABRisk, XBKU, ZexaF, Sq1@aSH0VQfb, ai score=86, BScope, Fsysna, GdSda, Shellex, CLASSIC, gEFqE5AIY78, Static AI, Malicious PE, susgen, confidence, 100%) | ||
| md5 | 10b4dbfc7d9c04e82aff9f6845eabdc7 | ||
| sha256 | 9d544fa5ef49d521c1aaf3b0ddcaa3f268a6c0c8c3e048a6b1b4f0b505ebea64 | ||
| ssdeep | 6144:8sJTwyyCznLTllS74YQot39HTidBTaKHDoehYpgEHNQSM:8yTrvLaFGiwYe9t | ||
| imphash | d7c654835f684e95ab7aff8d635cade8 | ||
| impfuzzy | 48:vQcgYIED8SYrqy9SpUTGLkBJyciXM+mWzrhMYW0b+x02G7eLXF8Qfvy/Umt5ZU4b:vQJyLy9TGLCylMEzrxD+RG7eLXF8Qmr | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 59 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Installs itself for autorun at Windows startup |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Creates a service |
| notice | Foreign language identified in PE resource |
| info | Checks amount of memory in system |
| info | The executable uses a known packer |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
MFC42.DLL
0x407060 None
0x407064 None
0x407068 None
0x40706c None
0x407070 None
0x407074 None
0x407078 None
0x40707c None
0x407080 None
0x407084 None
0x407088 None
0x40708c None
0x407090 None
0x407094 None
0x407098 None
0x40709c None
0x4070a0 None
0x4070a4 None
0x4070a8 None
0x4070ac None
0x4070b0 None
0x4070b4 None
0x4070b8 None
0x4070bc None
0x4070c0 None
0x4070c4 None
0x4070c8 None
0x4070cc None
0x4070d0 None
0x4070d4 None
0x4070d8 None
0x4070dc None
0x4070e0 None
0x4070e4 None
0x4070e8 None
0x4070ec None
0x4070f0 None
0x4070f4 None
0x4070f8 None
0x4070fc None
0x407100 None
0x407104 None
0x407108 None
0x40710c None
0x407110 None
0x407114 None
0x407118 None
0x40711c None
0x407120 None
0x407124 None
0x407128 None
0x40712c None
0x407130 None
0x407134 None
0x407138 None
0x40713c None
0x407140 None
0x407144 None
0x407148 None
0x40714c None
0x407150 None
0x407154 None
0x407158 None
0x40715c None
0x407160 None
0x407164 None
0x407168 None
0x40716c None
0x407170 None
0x407174 None
0x407178 None
0x40717c None
0x407180 None
0x407184 None
0x407188 None
0x40718c None
0x407190 None
0x407194 None
0x407198 None
0x40719c None
0x4071a0 None
0x4071a4 None
0x4071a8 None
0x4071ac None
0x4071b0 None
0x4071b4 None
0x4071b8 None
0x4071bc None
0x4071c0 None
0x4071c4 None
0x4071c8 None
0x4071cc None
0x4071d0 None
0x4071d4 None
0x4071d8 None
0x4071dc None
0x4071e0 None
0x4071e4 None
0x4071e8 None
0x4071ec None
0x4071f0 None
0x4071f4 None
0x4071f8 None
0x4071fc None
0x407200 None
0x407204 None
0x407208 None
0x40720c None
0x407210 None
0x407214 None
0x407218 None
0x40721c None
0x407220 None
0x407224 None
0x407228 None
0x40722c None
0x407230 None
0x407234 None
0x407238 None
0x40723c None
0x407240 None
0x407244 None
0x407248 None
0x40724c None
0x407250 None
0x407254 None
0x407258 None
0x40725c None
0x407260 None
0x407264 None
0x407268 None
0x40726c None
0x407270 None
0x407274 None
0x407278 None
0x40727c None
0x407280 None
0x407284 None
0x407288 None
0x40728c None
0x407290 None
0x407294 None
0x407298 None
0x40729c None
0x4072a0 None
0x4072a4 None
0x4072a8 None
0x4072ac None
0x4072b0 None
0x4072b4 None
0x4072b8 None
0x4072bc None
0x4072c0 None
0x4072c4 None
0x4072c8 None
0x4072cc None
0x4072d0 None
0x4072d4 None
0x4072d8 None
0x4072dc None
0x4072e0 None
0x4072e4 None
0x4072e8 None
0x4072ec None
0x4072f0 None
0x4072f4 None
0x4072f8 None
0x4072fc None
0x407300 None
0x407304 None
0x407308 None
0x40730c None
0x407310 None
0x407314 None
0x407318 None
0x40731c None
0x407320 None
0x407324 None
0x407328 None
0x40732c None
0x407330 None
0x407334 None
0x407338 None
0x40733c None
0x407340 None
0x407344 None
0x407348 None
0x40734c None
0x407350 None
0x407354 None
0x407358 None
0x40735c None
0x407360 None
0x407364 None
0x407368 None
0x40736c None
0x407370 None
0x407374 None
0x407378 None
0x40737c None
0x407380 None
0x407384 None
0x407388 None
0x40738c None
0x407390 None
0x407394 None
0x407398 None
0x40739c None
0x4073a0 None
0x4073a4 None
0x4073a8 None
0x4073ac None
0x4073b0 None
0x4073b4 None
0x4073b8 None
0x4073bc None
0x4073c0 None
0x4073c4 None
0x4073c8 None
0x4073cc None
0x4073d0 None
0x4073d4 None
0x4073d8 None
0x4073dc None
0x4073e0 None
0x4073e4 None
0x4073e8 None
0x4073ec None
0x4073f0 None
0x4073f4 None
0x4073f8 None
0x4073fc None
0x407400 None
0x407404 None
0x407408 None
0x40740c None
0x407410 None
0x407414 None
0x407418 None
0x40741c None
0x407420 None
0x407424 None
0x407428 None
0x40742c None
0x407430 None
0x407434 None
0x407438 None
0x40743c None
0x407440 None
0x407444 None
0x407448 None
0x40744c None
0x407450 None
0x407454 None
0x407458 None
0x40745c None
0x407460 None
0x407464 None
0x407468 None
0x40746c None
0x407470 None
0x407474 None
0x407478 None
0x40747c None
MSVCRT.dll
0x407484 _except_handler3
0x407488 __set_app_type
0x40748c __p__fmode
0x407490 __p__commode
0x407494 _adjust_fdiv
0x407498 __setusermatherr
0x40749c _initterm
0x4074a0 __getmainargs
0x4074a4 _acmdln
0x4074a8 exit
0x4074ac _XcptFilter
0x4074b0 __CxxFrameHandler
0x4074b4 _setmbcp
0x4074b8 _CxxThrowException
0x4074bc memmove
0x4074c0 _mbscmp
0x4074c4 ??1type_info@@UAE@XZ
0x4074c8 __dllonexit
0x4074cc _onexit
0x4074d0 _exit
0x4074d4 _controlfp
KERNEL32.dll
0x40701c VirtualFree
0x407020 FreeLibrary
0x407024 VirtualAlloc
0x407028 IsBadReadPtr
0x40702c HeapReAlloc
0x407030 ExitProcess
0x407034 GetModuleHandleA
0x407038 GetStartupInfoA
0x40703c HeapAlloc
0x407040 GetProcAddress
0x407044 LoadLibraryA
0x407048 CloseHandle
0x40704c WriteFile
0x407050 Sleep
0x407054 GetProcessHeap
0x407058 CreateFileA
USER32.dll
0x4074dc LoadMenuA
0x4074e0 GetMenuStringA
0x4074e4 GetMenuState
0x4074e8 GetMenuItemID
0x4074ec GetMenuItemCount
0x4074f0 ReleaseDC
0x4074f4 ModifyMenuA
0x4074f8 InsertMenuA
0x4074fc GetDC
0x407500 RemoveMenu
0x407504 CopyRect
0x407508 FillRect
0x40750c DrawStateA
0x407510 CreatePopupMenu
0x407514 CreateMenu
0x407518 GetSysColor
0x40751c LoadBitmapA
0x407520 SendMessageA
0x407524 GetWindowRect
0x407528 OffsetRect
0x40752c EnableWindow
0x407530 UpdateWindow
0x407534 GetSubMenu
GDI32.dll
0x407010 GetTextExtentPoint32A
0x407014 Rectangle
COMCTL32.dll
0x407000 ImageList_Draw
0x407004 ImageList_Add
0x407008 ImageList_GetImageInfo
EAT(Export Address Table) is none
MFC42.DLL
0x407060 None
0x407064 None
0x407068 None
0x40706c None
0x407070 None
0x407074 None
0x407078 None
0x40707c None
0x407080 None
0x407084 None
0x407088 None
0x40708c None
0x407090 None
0x407094 None
0x407098 None
0x40709c None
0x4070a0 None
0x4070a4 None
0x4070a8 None
0x4070ac None
0x4070b0 None
0x4070b4 None
0x4070b8 None
0x4070bc None
0x4070c0 None
0x4070c4 None
0x4070c8 None
0x4070cc None
0x4070d0 None
0x4070d4 None
0x4070d8 None
0x4070dc None
0x4070e0 None
0x4070e4 None
0x4070e8 None
0x4070ec None
0x4070f0 None
0x4070f4 None
0x4070f8 None
0x4070fc None
0x407100 None
0x407104 None
0x407108 None
0x40710c None
0x407110 None
0x407114 None
0x407118 None
0x40711c None
0x407120 None
0x407124 None
0x407128 None
0x40712c None
0x407130 None
0x407134 None
0x407138 None
0x40713c None
0x407140 None
0x407144 None
0x407148 None
0x40714c None
0x407150 None
0x407154 None
0x407158 None
0x40715c None
0x407160 None
0x407164 None
0x407168 None
0x40716c None
0x407170 None
0x407174 None
0x407178 None
0x40717c None
0x407180 None
0x407184 None
0x407188 None
0x40718c None
0x407190 None
0x407194 None
0x407198 None
0x40719c None
0x4071a0 None
0x4071a4 None
0x4071a8 None
0x4071ac None
0x4071b0 None
0x4071b4 None
0x4071b8 None
0x4071bc None
0x4071c0 None
0x4071c4 None
0x4071c8 None
0x4071cc None
0x4071d0 None
0x4071d4 None
0x4071d8 None
0x4071dc None
0x4071e0 None
0x4071e4 None
0x4071e8 None
0x4071ec None
0x4071f0 None
0x4071f4 None
0x4071f8 None
0x4071fc None
0x407200 None
0x407204 None
0x407208 None
0x40720c None
0x407210 None
0x407214 None
0x407218 None
0x40721c None
0x407220 None
0x407224 None
0x407228 None
0x40722c None
0x407230 None
0x407234 None
0x407238 None
0x40723c None
0x407240 None
0x407244 None
0x407248 None
0x40724c None
0x407250 None
0x407254 None
0x407258 None
0x40725c None
0x407260 None
0x407264 None
0x407268 None
0x40726c None
0x407270 None
0x407274 None
0x407278 None
0x40727c None
0x407280 None
0x407284 None
0x407288 None
0x40728c None
0x407290 None
0x407294 None
0x407298 None
0x40729c None
0x4072a0 None
0x4072a4 None
0x4072a8 None
0x4072ac None
0x4072b0 None
0x4072b4 None
0x4072b8 None
0x4072bc None
0x4072c0 None
0x4072c4 None
0x4072c8 None
0x4072cc None
0x4072d0 None
0x4072d4 None
0x4072d8 None
0x4072dc None
0x4072e0 None
0x4072e4 None
0x4072e8 None
0x4072ec None
0x4072f0 None
0x4072f4 None
0x4072f8 None
0x4072fc None
0x407300 None
0x407304 None
0x407308 None
0x40730c None
0x407310 None
0x407314 None
0x407318 None
0x40731c None
0x407320 None
0x407324 None
0x407328 None
0x40732c None
0x407330 None
0x407334 None
0x407338 None
0x40733c None
0x407340 None
0x407344 None
0x407348 None
0x40734c None
0x407350 None
0x407354 None
0x407358 None
0x40735c None
0x407360 None
0x407364 None
0x407368 None
0x40736c None
0x407370 None
0x407374 None
0x407378 None
0x40737c None
0x407380 None
0x407384 None
0x407388 None
0x40738c None
0x407390 None
0x407394 None
0x407398 None
0x40739c None
0x4073a0 None
0x4073a4 None
0x4073a8 None
0x4073ac None
0x4073b0 None
0x4073b4 None
0x4073b8 None
0x4073bc None
0x4073c0 None
0x4073c4 None
0x4073c8 None
0x4073cc None
0x4073d0 None
0x4073d4 None
0x4073d8 None
0x4073dc None
0x4073e0 None
0x4073e4 None
0x4073e8 None
0x4073ec None
0x4073f0 None
0x4073f4 None
0x4073f8 None
0x4073fc None
0x407400 None
0x407404 None
0x407408 None
0x40740c None
0x407410 None
0x407414 None
0x407418 None
0x40741c None
0x407420 None
0x407424 None
0x407428 None
0x40742c None
0x407430 None
0x407434 None
0x407438 None
0x40743c None
0x407440 None
0x407444 None
0x407448 None
0x40744c None
0x407450 None
0x407454 None
0x407458 None
0x40745c None
0x407460 None
0x407464 None
0x407468 None
0x40746c None
0x407470 None
0x407474 None
0x407478 None
0x40747c None
MSVCRT.dll
0x407484 _except_handler3
0x407488 __set_app_type
0x40748c __p__fmode
0x407490 __p__commode
0x407494 _adjust_fdiv
0x407498 __setusermatherr
0x40749c _initterm
0x4074a0 __getmainargs
0x4074a4 _acmdln
0x4074a8 exit
0x4074ac _XcptFilter
0x4074b0 __CxxFrameHandler
0x4074b4 _setmbcp
0x4074b8 _CxxThrowException
0x4074bc memmove
0x4074c0 _mbscmp
0x4074c4 ??1type_info@@UAE@XZ
0x4074c8 __dllonexit
0x4074cc _onexit
0x4074d0 _exit
0x4074d4 _controlfp
KERNEL32.dll
0x40701c VirtualFree
0x407020 FreeLibrary
0x407024 VirtualAlloc
0x407028 IsBadReadPtr
0x40702c HeapReAlloc
0x407030 ExitProcess
0x407034 GetModuleHandleA
0x407038 GetStartupInfoA
0x40703c HeapAlloc
0x407040 GetProcAddress
0x407044 LoadLibraryA
0x407048 CloseHandle
0x40704c WriteFile
0x407050 Sleep
0x407054 GetProcessHeap
0x407058 CreateFileA
USER32.dll
0x4074dc LoadMenuA
0x4074e0 GetMenuStringA
0x4074e4 GetMenuState
0x4074e8 GetMenuItemID
0x4074ec GetMenuItemCount
0x4074f0 ReleaseDC
0x4074f4 ModifyMenuA
0x4074f8 InsertMenuA
0x4074fc GetDC
0x407500 RemoveMenu
0x407504 CopyRect
0x407508 FillRect
0x40750c DrawStateA
0x407510 CreatePopupMenu
0x407514 CreateMenu
0x407518 GetSysColor
0x40751c LoadBitmapA
0x407520 SendMessageA
0x407524 GetWindowRect
0x407528 OffsetRect
0x40752c EnableWindow
0x407530 UpdateWindow
0x407534 GetSubMenu
GDI32.dll
0x407010 GetTextExtentPoint32A
0x407014 Rectangle
COMCTL32.dll
0x407000 ImageList_Draw
0x407004 ImageList_Add
0x407008 ImageList_GetImageInfo
EAT(Export Address Table) is none