ScreenShot
| Created | 2023.12.11 19:22 | Machine | s1_win7_x6401 |
| Filename | Application.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 28 detected (AIDetectMalware, puW@bS@FGQfi, AdwareLinkury, unsafe, malicious, confidence, Attribute, HighConfidence, high confidence, AGEN, score, Generic ML PUA, BScope, Wacatac, ai score=81, Generic@AI, RDML, KkcdlBva+xskWtDEn+wO, Static AI, Malicious PE) | ||
| md5 | dc9d29d62659c29eb6edd2295ad0c4ce | ||
| sha256 | fcd9e18762ea954d1170359c067f1bfa966998829b8dadde20f5ecb968a08ed9 | ||
| ssdeep | 6144:cdfmiZ2OlpN7LKWwgfwE2oKNUJgodswXE+AOT94e:cdf9h1LKWwgfwE3JJ | ||
| imphash | 2a105b20a85ac021c3548de1c44e2116 | ||
| impfuzzy | 24:T6M4rpM8zWsu9QHZGNcpVWcjeDhtCM3JBl39ro6LOovbOxv1GM+HFZxNM1wudVSP:TGpMwGNcpV5jStCMPpZO3RaFZij+gHK | ||
Network IP location
Signature (11cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| watch | Checks the version of Bios |
| watch | Communicates with host for which no DNS query was performed |
| watch | Harvests credentials from local email clients |
| notice | A process attempted to delay the analysis task. |
| notice | Executes one or more WMI queries |
| notice | Executes one or more WMI queries which can be used to identify virtual machines |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| info | Queries for the computername |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (4cnts) ?
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x42c018 GetModuleFileNameA
0x42c01c CreateMutexA
0x42c020 Sleep
0x42c024 CopyFileA
0x42c028 GetCurrentProcessId
0x42c02c CreateDirectoryA
0x42c030 GetCurrentProcess
0x42c034 GetComputerNameA
0x42c038 CheckRemoteDebuggerPresent
0x42c03c WriteConsoleW
0x42c040 K32EnumProcesses
0x42c044 CloseHandle
0x42c048 K32GetModuleFileNameExA
0x42c04c OpenProcess
0x42c050 GetLastError
0x42c054 TerminateProcess
0x42c058 HeapSize
0x42c05c CreateFileW
0x42c060 GetProcessHeap
0x42c064 SetStdHandle
0x42c068 SetEnvironmentVariableW
0x42c06c FreeEnvironmentStringsW
0x42c070 GetEnvironmentStringsW
0x42c074 GetOEMCP
0x42c078 GetACP
0x42c07c IsValidCodePage
0x42c080 FindNextFileW
0x42c084 FindFirstFileExW
0x42c088 FindClose
0x42c08c HeapReAlloc
0x42c090 ReadConsoleW
0x42c094 WideCharToMultiByte
0x42c098 GetCurrentThreadId
0x42c09c EnterCriticalSection
0x42c0a0 LeaveCriticalSection
0x42c0a4 InitializeCriticalSectionEx
0x42c0a8 DeleteCriticalSection
0x42c0ac EncodePointer
0x42c0b0 DecodePointer
0x42c0b4 MultiByteToWideChar
0x42c0b8 LCMapStringEx
0x42c0bc QueryPerformanceCounter
0x42c0c0 GetSystemTimeAsFileTime
0x42c0c4 GetModuleHandleW
0x42c0c8 GetProcAddress
0x42c0cc GetStringTypeW
0x42c0d0 GetCPInfo
0x42c0d4 UnhandledExceptionFilter
0x42c0d8 SetUnhandledExceptionFilter
0x42c0dc IsProcessorFeaturePresent
0x42c0e0 InitializeSListHead
0x42c0e4 IsDebuggerPresent
0x42c0e8 GetStartupInfoW
0x42c0ec RtlUnwind
0x42c0f0 RaiseException
0x42c0f4 SetLastError
0x42c0f8 InitializeCriticalSectionAndSpinCount
0x42c0fc TlsAlloc
0x42c100 TlsGetValue
0x42c104 TlsSetValue
0x42c108 TlsFree
0x42c10c FreeLibrary
0x42c110 LoadLibraryExW
0x42c114 ExitProcess
0x42c118 GetModuleHandleExW
0x42c11c CreateThread
0x42c120 ExitThread
0x42c124 FreeLibraryAndExitThread
0x42c128 GetStdHandle
0x42c12c WriteFile
0x42c130 GetModuleFileNameW
0x42c134 GetCommandLineA
0x42c138 GetCommandLineW
0x42c13c GetFileSizeEx
0x42c140 SetFilePointerEx
0x42c144 GetFileType
0x42c148 FlushFileBuffers
0x42c14c GetConsoleOutputCP
0x42c150 GetConsoleMode
0x42c154 HeapFree
0x42c158 HeapAlloc
0x42c15c CompareStringW
0x42c160 LCMapStringW
0x42c164 GetLocaleInfoW
0x42c168 IsValidLocale
0x42c16c GetUserDefaultLCID
0x42c170 EnumSystemLocalesW
0x42c174 ReadFile
0x42c178 SetEndOfFile
ADVAPI32.dll
0x42c000 RegCloseKey
0x42c004 RegQueryValueExA
0x42c008 RegSetValueExA
0x42c00c RegOpenKeyExA
0x42c010 GetUserNameA
SHELL32.dll
0x42c194 ShellExecuteA
ole32.dll
0x42c1b0 CoUninitialize
0x42c1b4 CoSetProxyBlanket
0x42c1b8 CoInitializeSecurity
0x42c1bc CoInitializeEx
0x42c1c0 CoCreateInstance
OLEAUT32.dll
0x42c180 VariantClear
0x42c184 SysAllocString
0x42c188 SysFreeString
0x42c18c VariantInit
WININET.dll
0x42c19c InternetCloseHandle
0x42c1a0 InternetReadFile
0x42c1a4 InternetOpenW
0x42c1a8 InternetOpenUrlA
EAT(Export Address Table) is none
KERNEL32.dll
0x42c018 GetModuleFileNameA
0x42c01c CreateMutexA
0x42c020 Sleep
0x42c024 CopyFileA
0x42c028 GetCurrentProcessId
0x42c02c CreateDirectoryA
0x42c030 GetCurrentProcess
0x42c034 GetComputerNameA
0x42c038 CheckRemoteDebuggerPresent
0x42c03c WriteConsoleW
0x42c040 K32EnumProcesses
0x42c044 CloseHandle
0x42c048 K32GetModuleFileNameExA
0x42c04c OpenProcess
0x42c050 GetLastError
0x42c054 TerminateProcess
0x42c058 HeapSize
0x42c05c CreateFileW
0x42c060 GetProcessHeap
0x42c064 SetStdHandle
0x42c068 SetEnvironmentVariableW
0x42c06c FreeEnvironmentStringsW
0x42c070 GetEnvironmentStringsW
0x42c074 GetOEMCP
0x42c078 GetACP
0x42c07c IsValidCodePage
0x42c080 FindNextFileW
0x42c084 FindFirstFileExW
0x42c088 FindClose
0x42c08c HeapReAlloc
0x42c090 ReadConsoleW
0x42c094 WideCharToMultiByte
0x42c098 GetCurrentThreadId
0x42c09c EnterCriticalSection
0x42c0a0 LeaveCriticalSection
0x42c0a4 InitializeCriticalSectionEx
0x42c0a8 DeleteCriticalSection
0x42c0ac EncodePointer
0x42c0b0 DecodePointer
0x42c0b4 MultiByteToWideChar
0x42c0b8 LCMapStringEx
0x42c0bc QueryPerformanceCounter
0x42c0c0 GetSystemTimeAsFileTime
0x42c0c4 GetModuleHandleW
0x42c0c8 GetProcAddress
0x42c0cc GetStringTypeW
0x42c0d0 GetCPInfo
0x42c0d4 UnhandledExceptionFilter
0x42c0d8 SetUnhandledExceptionFilter
0x42c0dc IsProcessorFeaturePresent
0x42c0e0 InitializeSListHead
0x42c0e4 IsDebuggerPresent
0x42c0e8 GetStartupInfoW
0x42c0ec RtlUnwind
0x42c0f0 RaiseException
0x42c0f4 SetLastError
0x42c0f8 InitializeCriticalSectionAndSpinCount
0x42c0fc TlsAlloc
0x42c100 TlsGetValue
0x42c104 TlsSetValue
0x42c108 TlsFree
0x42c10c FreeLibrary
0x42c110 LoadLibraryExW
0x42c114 ExitProcess
0x42c118 GetModuleHandleExW
0x42c11c CreateThread
0x42c120 ExitThread
0x42c124 FreeLibraryAndExitThread
0x42c128 GetStdHandle
0x42c12c WriteFile
0x42c130 GetModuleFileNameW
0x42c134 GetCommandLineA
0x42c138 GetCommandLineW
0x42c13c GetFileSizeEx
0x42c140 SetFilePointerEx
0x42c144 GetFileType
0x42c148 FlushFileBuffers
0x42c14c GetConsoleOutputCP
0x42c150 GetConsoleMode
0x42c154 HeapFree
0x42c158 HeapAlloc
0x42c15c CompareStringW
0x42c160 LCMapStringW
0x42c164 GetLocaleInfoW
0x42c168 IsValidLocale
0x42c16c GetUserDefaultLCID
0x42c170 EnumSystemLocalesW
0x42c174 ReadFile
0x42c178 SetEndOfFile
ADVAPI32.dll
0x42c000 RegCloseKey
0x42c004 RegQueryValueExA
0x42c008 RegSetValueExA
0x42c00c RegOpenKeyExA
0x42c010 GetUserNameA
SHELL32.dll
0x42c194 ShellExecuteA
ole32.dll
0x42c1b0 CoUninitialize
0x42c1b4 CoSetProxyBlanket
0x42c1b8 CoInitializeSecurity
0x42c1bc CoInitializeEx
0x42c1c0 CoCreateInstance
OLEAUT32.dll
0x42c180 VariantClear
0x42c184 SysAllocString
0x42c188 SysFreeString
0x42c18c VariantInit
WININET.dll
0x42c19c InternetCloseHandle
0x42c1a0 InternetReadFile
0x42c1a4 InternetOpenW
0x42c1a8 InternetOpenUrlA
EAT(Export Address Table) is none