ScreenShot
| Created | 2023.12.18 08:00 | Machine | s1_win7_x6403 |
| Filename | rise.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | |||
| md5 | 4e4e4a779e9e0e970184db551ec00e5a | ||
| sha256 | 7151d1b29551e0e3f68d13e8aa1bf70abdf74314ed1e7cc2c52bdbf5f3cdc1c2 | ||
| ssdeep | 49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uFnTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u | ||
| imphash | a391c991ba6330d6ddb5beaa15ef064c | ||
| impfuzzy | 96:IjEtkowOPc+p7tGOWqR0G66wbmGGBWkOQ26Nca24TSln:BuoIctGHD9iW02iLc | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x55c054 WaitForSingleObject
0x55c058 LocalAlloc
0x55c05c GetCurrentThreadId
0x55c060 GetModuleHandleA
0x55c064 GetLocaleInfoA
0x55c068 OpenProcess
0x55c06c CreateToolhelp32Snapshot
0x55c070 MultiByteToWideChar
0x55c074 Sleep
0x55c078 GetTempPathA
0x55c07c GetModuleHandleExA
0x55c080 GetTimeZoneInformation
0x55c084 GetTickCount64
0x55c088 CopyFileA
0x55c08c GetLastError
0x55c090 GetFileAttributesA
0x55c094 TzSpecificLocalTimeToSystemTime
0x55c098 CreateFileA
0x55c09c SetEvent
0x55c0a0 TerminateThread
0x55c0a4 LoadLibraryA
0x55c0a8 GetVersionExA
0x55c0ac DeleteFileA
0x55c0b0 Process32Next
0x55c0b4 CloseHandle
0x55c0b8 GetSystemInfo
0x55c0bc CreateThread
0x55c0c0 ResetEvent
0x55c0c4 GetWindowsDirectoryA
0x55c0c8 HeapAlloc
0x55c0cc SetFileAttributesA
0x55c0d0 GetLocalTime
0x55c0d4 GetProcAddress
0x55c0d8 VirtualAllocEx
0x55c0dc LocalFree
0x55c0e0 IsProcessorFeaturePresent
0x55c0e4 GetFileSize
0x55c0e8 RemoveDirectoryA
0x55c0ec ReadProcessMemory
0x55c0f0 GetCurrentProcessId
0x55c0f4 GetProcessHeap
0x55c0f8 GlobalMemoryStatusEx
0x55c0fc FreeLibrary
0x55c100 WideCharToMultiByte
0x55c104 CreateRemoteThread
0x55c108 CreateProcessA
0x55c10c CreateDirectoryA
0x55c110 GetSystemTime
0x55c114 GetVolumeInformationA
0x55c118 CreateEventA
0x55c11c GetPrivateProfileStringA
0x55c120 IsWow64Process
0x55c124 IsDebuggerPresent
0x55c128 VirtualQueryEx
0x55c12c GetComputerNameA
0x55c130 SetUnhandledExceptionFilter
0x55c134 FindNextFileA
0x55c138 lstrcpynA
0x55c13c SetFilePointer
0x55c140 CreateFileW
0x55c144 AreFileApisANSI
0x55c148 EnterCriticalSection
0x55c14c GetFullPathNameW
0x55c150 GetDiskFreeSpaceW
0x55c154 LockFile
0x55c158 LeaveCriticalSection
0x55c15c InitializeCriticalSection
0x55c160 GetFullPathNameA
0x55c164 SetEndOfFile
0x55c168 GetTempPathW
0x55c16c GetFileAttributesW
0x55c170 FormatMessageW
0x55c174 GetDiskFreeSpaceA
0x55c178 DeleteFileW
0x55c17c UnlockFile
0x55c180 LockFileEx
0x55c184 DeleteCriticalSection
0x55c188 GetSystemTimeAsFileTime
0x55c18c FormatMessageA
0x55c190 QueryPerformanceCounter
0x55c194 GetTickCount
0x55c198 FlushFileBuffers
0x55c19c WriteConsoleW
0x55c1a0 HeapSize
0x55c1a4 SetEnvironmentVariableW
0x55c1a8 FreeEnvironmentStringsW
0x55c1ac GetEnvironmentStringsW
0x55c1b0 GetCommandLineW
0x55c1b4 GetCommandLineA
0x55c1b8 GetOEMCP
0x55c1bc GetACP
0x55c1c0 IsValidCodePage
0x55c1c4 CreateMutexA
0x55c1c8 FindClose
0x55c1cc lstrlenA
0x55c1d0 VirtualFreeEx
0x55c1d4 InitializeCriticalSectionEx
0x55c1d8 GetUserDefaultLocaleName
0x55c1dc TerminateProcess
0x55c1e0 OutputDebugStringA
0x55c1e4 WriteFile
0x55c1e8 GetCurrentProcess
0x55c1ec HeapFree
0x55c1f0 FindFirstFileA
0x55c1f4 WriteProcessMemory
0x55c1f8 Process32First
0x55c1fc GetPrivateProfileSectionNamesA
0x55c200 SetStdHandle
0x55c204 HeapReAlloc
0x55c208 ReadFile
0x55c20c EnumSystemLocalesW
0x55c210 GetUserDefaultLCID
0x55c214 IsValidLocale
0x55c218 GetLocaleInfoW
0x55c21c LCMapStringW
0x55c220 CompareStringW
0x55c224 GetTimeFormatW
0x55c228 GetDateFormatW
0x55c22c GetFileSizeEx
0x55c230 GetConsoleOutputCP
0x55c234 ReadConsoleW
0x55c238 GetConsoleMode
0x55c23c GetStdHandle
0x55c240 GetModuleFileNameW
0x55c244 GetModuleHandleExW
0x55c248 ExitProcess
0x55c24c GetFileType
0x55c250 GetModuleFileNameA
0x55c254 SetFilePointerEx
0x55c258 LoadLibraryExW
0x55c25c TlsFree
0x55c260 TlsSetValue
0x55c264 TlsGetValue
0x55c268 TlsAlloc
0x55c26c InitializeCriticalSectionAndSpinCount
0x55c270 SetLastError
0x55c274 RaiseException
0x55c278 RtlUnwind
0x55c27c InitializeSListHead
0x55c280 GetStartupInfoW
0x55c284 UnhandledExceptionFilter
0x55c288 FindFirstFileW
0x55c28c FindFirstFileExW
0x55c290 FindNextFileW
0x55c294 GetFileAttributesExW
0x55c298 GetFinalPathNameByHandleW
0x55c29c GetModuleHandleW
0x55c2a0 GetFileInformationByHandleEx
0x55c2a4 GetLocaleInfoEx
0x55c2a8 InitializeSRWLock
0x55c2ac ReleaseSRWLockExclusive
0x55c2b0 AcquireSRWLockExclusive
0x55c2b4 TryAcquireSRWLockExclusive
0x55c2b8 LCMapStringEx
0x55c2bc EncodePointer
0x55c2c0 DecodePointer
0x55c2c4 CompareStringEx
0x55c2c8 GetCPInfo
0x55c2cc GetStringTypeW
USER32.dll
0x55c2fc GetSystemMetrics
0x55c300 GetDC
0x55c304 GetKeyboardLayoutList
0x55c308 EnumDisplayDevicesA
0x55c30c CharNextA
0x55c310 GetWindowRect
0x55c314 wsprintfA
0x55c318 GetDesktopWindow
0x55c31c ReleaseDC
GDI32.dll
0x55c03c CreateCompatibleBitmap
0x55c040 SelectObject
0x55c044 CreateCompatibleDC
0x55c048 DeleteObject
0x55c04c BitBlt
ADVAPI32.dll
0x55c000 SystemFunction036
0x55c004 RegOpenKeyExA
0x55c008 RegSetValueExA
0x55c00c RegEnumKeyA
0x55c010 RegCloseKey
0x55c014 GetCurrentHwProfileA
0x55c018 RegQueryValueExA
0x55c01c CredEnumerateA
0x55c020 RegCreateKeyExA
0x55c024 CredFree
0x55c028 GetUserNameA
0x55c02c RegEnumKeyExA
SHELL32.dll
0x55c2e8 ShellExecuteA
0x55c2ec SHGetFolderPathA
ole32.dll
0x55c38c CoInitialize
0x55c390 CoUninitialize
0x55c394 CoCreateInstance
0x55c398 CoInitializeEx
WS2_32.dll
0x55c324 closesocket
0x55c328 shutdown
0x55c32c getaddrinfo
0x55c330 WSAStartup
0x55c334 send
0x55c338 socket
0x55c33c connect
0x55c340 recv
0x55c344 freeaddrinfo
0x55c348 setsockopt
0x55c34c WSAGetLastError
0x55c350 WSACleanup
CRYPT32.dll
0x55c034 CryptUnprotectData
SHLWAPI.dll
0x55c2f4 PathFindExtensionA
gdiplus.dll
0x55c358 GdipAlloc
0x55c35c GdiplusStartup
0x55c360 GdiplusShutdown
0x55c364 GdipCloneImage
0x55c368 GdipDisposeImage
0x55c36c GdipSaveImageToFile
0x55c370 GdipGetImageEncodersSize
0x55c374 GdipFree
0x55c378 GdipCreateBitmapFromHBITMAP
0x55c37c GdipGetImageEncoders
SETUPAPI.dll
0x55c2d4 SetupDiGetClassDevsA
0x55c2d8 SetupDiEnumDeviceInfo
0x55c2dc SetupDiGetDeviceInterfaceDetailA
0x55c2e0 SetupDiEnumDeviceInterfaces
ntdll.dll
0x55c384 RtlUnicodeStringToAnsiString
EAT(Export Address Table) is none
KERNEL32.dll
0x55c054 WaitForSingleObject
0x55c058 LocalAlloc
0x55c05c GetCurrentThreadId
0x55c060 GetModuleHandleA
0x55c064 GetLocaleInfoA
0x55c068 OpenProcess
0x55c06c CreateToolhelp32Snapshot
0x55c070 MultiByteToWideChar
0x55c074 Sleep
0x55c078 GetTempPathA
0x55c07c GetModuleHandleExA
0x55c080 GetTimeZoneInformation
0x55c084 GetTickCount64
0x55c088 CopyFileA
0x55c08c GetLastError
0x55c090 GetFileAttributesA
0x55c094 TzSpecificLocalTimeToSystemTime
0x55c098 CreateFileA
0x55c09c SetEvent
0x55c0a0 TerminateThread
0x55c0a4 LoadLibraryA
0x55c0a8 GetVersionExA
0x55c0ac DeleteFileA
0x55c0b0 Process32Next
0x55c0b4 CloseHandle
0x55c0b8 GetSystemInfo
0x55c0bc CreateThread
0x55c0c0 ResetEvent
0x55c0c4 GetWindowsDirectoryA
0x55c0c8 HeapAlloc
0x55c0cc SetFileAttributesA
0x55c0d0 GetLocalTime
0x55c0d4 GetProcAddress
0x55c0d8 VirtualAllocEx
0x55c0dc LocalFree
0x55c0e0 IsProcessorFeaturePresent
0x55c0e4 GetFileSize
0x55c0e8 RemoveDirectoryA
0x55c0ec ReadProcessMemory
0x55c0f0 GetCurrentProcessId
0x55c0f4 GetProcessHeap
0x55c0f8 GlobalMemoryStatusEx
0x55c0fc FreeLibrary
0x55c100 WideCharToMultiByte
0x55c104 CreateRemoteThread
0x55c108 CreateProcessA
0x55c10c CreateDirectoryA
0x55c110 GetSystemTime
0x55c114 GetVolumeInformationA
0x55c118 CreateEventA
0x55c11c GetPrivateProfileStringA
0x55c120 IsWow64Process
0x55c124 IsDebuggerPresent
0x55c128 VirtualQueryEx
0x55c12c GetComputerNameA
0x55c130 SetUnhandledExceptionFilter
0x55c134 FindNextFileA
0x55c138 lstrcpynA
0x55c13c SetFilePointer
0x55c140 CreateFileW
0x55c144 AreFileApisANSI
0x55c148 EnterCriticalSection
0x55c14c GetFullPathNameW
0x55c150 GetDiskFreeSpaceW
0x55c154 LockFile
0x55c158 LeaveCriticalSection
0x55c15c InitializeCriticalSection
0x55c160 GetFullPathNameA
0x55c164 SetEndOfFile
0x55c168 GetTempPathW
0x55c16c GetFileAttributesW
0x55c170 FormatMessageW
0x55c174 GetDiskFreeSpaceA
0x55c178 DeleteFileW
0x55c17c UnlockFile
0x55c180 LockFileEx
0x55c184 DeleteCriticalSection
0x55c188 GetSystemTimeAsFileTime
0x55c18c FormatMessageA
0x55c190 QueryPerformanceCounter
0x55c194 GetTickCount
0x55c198 FlushFileBuffers
0x55c19c WriteConsoleW
0x55c1a0 HeapSize
0x55c1a4 SetEnvironmentVariableW
0x55c1a8 FreeEnvironmentStringsW
0x55c1ac GetEnvironmentStringsW
0x55c1b0 GetCommandLineW
0x55c1b4 GetCommandLineA
0x55c1b8 GetOEMCP
0x55c1bc GetACP
0x55c1c0 IsValidCodePage
0x55c1c4 CreateMutexA
0x55c1c8 FindClose
0x55c1cc lstrlenA
0x55c1d0 VirtualFreeEx
0x55c1d4 InitializeCriticalSectionEx
0x55c1d8 GetUserDefaultLocaleName
0x55c1dc TerminateProcess
0x55c1e0 OutputDebugStringA
0x55c1e4 WriteFile
0x55c1e8 GetCurrentProcess
0x55c1ec HeapFree
0x55c1f0 FindFirstFileA
0x55c1f4 WriteProcessMemory
0x55c1f8 Process32First
0x55c1fc GetPrivateProfileSectionNamesA
0x55c200 SetStdHandle
0x55c204 HeapReAlloc
0x55c208 ReadFile
0x55c20c EnumSystemLocalesW
0x55c210 GetUserDefaultLCID
0x55c214 IsValidLocale
0x55c218 GetLocaleInfoW
0x55c21c LCMapStringW
0x55c220 CompareStringW
0x55c224 GetTimeFormatW
0x55c228 GetDateFormatW
0x55c22c GetFileSizeEx
0x55c230 GetConsoleOutputCP
0x55c234 ReadConsoleW
0x55c238 GetConsoleMode
0x55c23c GetStdHandle
0x55c240 GetModuleFileNameW
0x55c244 GetModuleHandleExW
0x55c248 ExitProcess
0x55c24c GetFileType
0x55c250 GetModuleFileNameA
0x55c254 SetFilePointerEx
0x55c258 LoadLibraryExW
0x55c25c TlsFree
0x55c260 TlsSetValue
0x55c264 TlsGetValue
0x55c268 TlsAlloc
0x55c26c InitializeCriticalSectionAndSpinCount
0x55c270 SetLastError
0x55c274 RaiseException
0x55c278 RtlUnwind
0x55c27c InitializeSListHead
0x55c280 GetStartupInfoW
0x55c284 UnhandledExceptionFilter
0x55c288 FindFirstFileW
0x55c28c FindFirstFileExW
0x55c290 FindNextFileW
0x55c294 GetFileAttributesExW
0x55c298 GetFinalPathNameByHandleW
0x55c29c GetModuleHandleW
0x55c2a0 GetFileInformationByHandleEx
0x55c2a4 GetLocaleInfoEx
0x55c2a8 InitializeSRWLock
0x55c2ac ReleaseSRWLockExclusive
0x55c2b0 AcquireSRWLockExclusive
0x55c2b4 TryAcquireSRWLockExclusive
0x55c2b8 LCMapStringEx
0x55c2bc EncodePointer
0x55c2c0 DecodePointer
0x55c2c4 CompareStringEx
0x55c2c8 GetCPInfo
0x55c2cc GetStringTypeW
USER32.dll
0x55c2fc GetSystemMetrics
0x55c300 GetDC
0x55c304 GetKeyboardLayoutList
0x55c308 EnumDisplayDevicesA
0x55c30c CharNextA
0x55c310 GetWindowRect
0x55c314 wsprintfA
0x55c318 GetDesktopWindow
0x55c31c ReleaseDC
GDI32.dll
0x55c03c CreateCompatibleBitmap
0x55c040 SelectObject
0x55c044 CreateCompatibleDC
0x55c048 DeleteObject
0x55c04c BitBlt
ADVAPI32.dll
0x55c000 SystemFunction036
0x55c004 RegOpenKeyExA
0x55c008 RegSetValueExA
0x55c00c RegEnumKeyA
0x55c010 RegCloseKey
0x55c014 GetCurrentHwProfileA
0x55c018 RegQueryValueExA
0x55c01c CredEnumerateA
0x55c020 RegCreateKeyExA
0x55c024 CredFree
0x55c028 GetUserNameA
0x55c02c RegEnumKeyExA
SHELL32.dll
0x55c2e8 ShellExecuteA
0x55c2ec SHGetFolderPathA
ole32.dll
0x55c38c CoInitialize
0x55c390 CoUninitialize
0x55c394 CoCreateInstance
0x55c398 CoInitializeEx
WS2_32.dll
0x55c324 closesocket
0x55c328 shutdown
0x55c32c getaddrinfo
0x55c330 WSAStartup
0x55c334 send
0x55c338 socket
0x55c33c connect
0x55c340 recv
0x55c344 freeaddrinfo
0x55c348 setsockopt
0x55c34c WSAGetLastError
0x55c350 WSACleanup
CRYPT32.dll
0x55c034 CryptUnprotectData
SHLWAPI.dll
0x55c2f4 PathFindExtensionA
gdiplus.dll
0x55c358 GdipAlloc
0x55c35c GdiplusStartup
0x55c360 GdiplusShutdown
0x55c364 GdipCloneImage
0x55c368 GdipDisposeImage
0x55c36c GdipSaveImageToFile
0x55c370 GdipGetImageEncodersSize
0x55c374 GdipFree
0x55c378 GdipCreateBitmapFromHBITMAP
0x55c37c GdipGetImageEncoders
SETUPAPI.dll
0x55c2d4 SetupDiGetClassDevsA
0x55c2d8 SetupDiEnumDeviceInfo
0x55c2dc SetupDiGetDeviceInterfaceDetailA
0x55c2e0 SetupDiEnumDeviceInterfaces
ntdll.dll
0x55c384 RtlUnicodeStringToAnsiString
EAT(Export Address Table) is none