ScreenShot
| Created | 2024.01.11 07:37 | Machine | s1_win7_x6401 |
| Filename | ScholarshipHamilton.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 34 detected (Common, Crysan, MulDrop24, Artemis, unsafe, Vfum, malicious, moderate confidence, 7zip, DB suspicious, DropperX, kgugbu, FalseSign, Fkjl, Nekark, ubnth, Detected, ABRisk, NMPL, Sabsik, K83VAF, score, R630773, Chgt, Behavior) | ||
| md5 | f48ff00102947acd17461bd8cbca9b71 | ||
| sha256 | 9594160451608088b8e987328f0b13fb77d59bc99d27c4faad97e2ad834c5a65 | ||
| ssdeep | 24576:mD3s67DbEXHWA8u5Hhfyip26+rVgINQu1I/N:4X7cXHOM+rKINQlN | ||
| imphash | 714858d86af7839c838d9f014dd17886 | ||
| impfuzzy | 96:d6sNcON+Xldia1gtINc+5MiWthSbPaKAecYy:0G0LiRqSKAecYy | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 34 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
COMCTL32.dll
0x426010 None
KERNEL32.dll
0x426048 GetProcAddress
0x42604c GetDiskFreeSpaceExW
0x426050 SetFileAttributesW
0x426054 Sleep
0x426058 CreateThread
0x42605c GetExitCodeThread
0x426060 GetLocalTime
0x426064 SystemTimeToFileTime
0x426068 GetStdHandle
0x42606c GetEnvironmentVariableW
0x426070 ExpandEnvironmentStringsW
0x426074 SetCurrentDirectoryW
0x426078 GetCurrentDirectoryW
0x42607c CompareFileTime
0x426080 CreateDirectoryW
0x426084 DeleteFileW
0x426088 FindClose
0x42608c FindFirstFileW
0x426090 FindNextFileW
0x426094 GetFileAttributesW
0x426098 RemoveDirectoryW
0x42609c WriteFile
0x4260a0 GetTempPathW
0x4260a4 GetSystemTimeAsFileTime
0x4260a8 GetModuleHandleW
0x4260ac LoadResource
0x4260b0 LockResource
0x4260b4 SizeofResource
0x4260b8 LoadLibraryA
0x4260bc GlobalAlloc
0x4260c0 GlobalFree
0x4260c4 MulDiv
0x4260c8 lstrcmpW
0x4260cc lstrcmpiA
0x4260d0 lstrcmpiW
0x4260d4 lstrlenA
0x4260d8 FindResourceExA
0x4260dc MultiByteToWideChar
0x4260e0 WideCharToMultiByte
0x4260e4 GetLocaleInfoW
0x4260e8 SetThreadLocale
0x4260ec GetSystemDefaultUILanguage
0x4260f0 GetUserDefaultUILanguage
0x4260f4 GetSystemDefaultLCID
0x4260f8 SetEnvironmentVariableW
0x4260fc CreateFileA
0x426100 CreateFileW
0x426104 GetDriveTypeW
0x426108 GetCurrentProcess
0x42610c GetVersionExW
0x426110 VirtualProtect
0x426114 CreateFileMappingW
0x426118 MapViewOfFile
0x42611c FreeLibrary
0x426120 GetModuleFileNameW
0x426124 GetModuleHandleA
0x426128 SetProcessWorkingSetSize
0x42612c FreeConsole
0x426130 InitializeCriticalSection
0x426134 SetEvent
0x426138 ResetEvent
0x42613c CreateEventW
0x426140 GetCurrentThreadId
0x426144 TerminateThread
0x426148 SuspendThread
0x42614c GetSystemDirectoryW
0x426150 LocalFree
0x426154 FormatMessageW
0x426158 AssignProcessToJobObject
0x42615c IsBadReadPtr
0x426160 EnterCriticalSection
0x426164 LeaveCriticalSection
0x426168 DeleteCriticalSection
0x42616c VirtualAlloc
0x426170 VirtualFree
0x426174 GetFileSize
0x426178 ReadFile
0x42617c SetEndOfFile
0x426180 SetFilePointer
0x426184 SetFileTime
0x426188 GetFileInformationByHandle
0x42618c WaitForMultipleObjects
0x426190 RtlUnwind
0x426194 RaiseException
0x426198 EncodePointer
0x42619c InitializeCriticalSectionAndSpinCount
0x4261a0 TlsAlloc
0x4261a4 TlsGetValue
0x4261a8 TlsSetValue
0x4261ac TlsFree
0x4261b0 LoadLibraryExW
0x4261b4 IsProcessorFeaturePresent
0x4261b8 IsDebuggerPresent
0x4261bc UnhandledExceptionFilter
0x4261c0 SetUnhandledExceptionFilter
0x4261c4 QueryPerformanceCounter
0x4261c8 GetCurrentProcessId
0x4261cc InitializeSListHead
0x4261d0 TerminateProcess
0x4261d4 DecodePointer
0x4261d8 SetFilePointerEx
0x4261dc GetConsoleMode
0x4261e0 GetConsoleCP
0x4261e4 FlushFileBuffers
0x4261e8 HeapSize
0x4261ec GetStringTypeW
0x4261f0 WriteConsoleW
0x4261f4 SetStdHandle
0x4261f8 GetProcessHeap
0x4261fc SetEnvironmentVariableA
0x426200 FreeEnvironmentStringsW
0x426204 GetEnvironmentStringsW
0x426208 GetCPInfo
0x42620c GetOEMCP
0x426210 IsValidCodePage
0x426214 FindNextFileA
0x426218 FindFirstFileExA
0x42621c GetFileType
0x426220 HeapReAlloc
0x426224 LCMapStringW
0x426228 CompareStringW
0x42622c HeapFree
0x426230 HeapAlloc
0x426234 GetACP
0x426238 GetCommandLineA
0x42623c GetModuleFileNameA
0x426240 ExitProcess
0x426244 GetModuleHandleExW
0x426248 FreeLibraryAndExitThread
0x42624c ExitThread
0x426250 CreateJobObjectW
0x426254 GetStartupInfoW
0x426258 CreateProcessW
0x42625c ResumeThread
0x426260 SetInformationJobObject
0x426264 GetExitCodeProcess
0x426268 WaitForSingleObject
0x42626c GetQueuedCompletionStatus
0x426270 CreateIoCompletionPort
0x426274 SetLastError
0x426278 GetLastError
0x42627c CloseHandle
0x426280 GetCommandLineW
0x426284 lstrlenW
0x426288 GetTickCount
0x42628c lstrcpyW
USER32.dll
0x4262cc EnableMenuItem
0x4262d0 GetSystemMenu
0x4262d4 GetDC
0x4262d8 GetClientRect
0x4262dc MessageBeep
0x4262e0 ClientToScreen
0x4262e4 PtInRect
0x4262e8 SetWindowLongW
0x4262ec GetWindow
0x4262f0 DrawTextW
0x4262f4 EndDialog
0x4262f8 ShowWindow
0x4262fc BringWindowToTop
0x426300 SendMessageW
0x426304 SetWindowsHookExW
0x426308 UnhookWindowsHookEx
0x42630c CallNextHookEx
0x426310 LoadIconW
0x426314 LoadImageW
0x426318 DrawIconEx
0x42631c SystemParametersInfoW
0x426320 GetSystemMetrics
0x426324 EnableWindow
0x426328 SetFocus
0x42632c GetDlgItem
0x426330 DialogBoxIndirectParamW
0x426334 IsWindow
0x426338 CreateWindowExA
0x42633c CallWindowProcW
0x426340 DefWindowProcW
0x426344 wvsprintfW
0x426348 MessageBoxA
0x42634c GetKeyState
0x426350 CopyImage
0x426354 GetClassNameA
0x426358 GetParent
0x42635c GetDesktopWindow
0x426360 GetWindowLongW
0x426364 GetSysColor
0x426368 ScreenToClient
0x42636c GetWindowRect
0x426370 GetWindowTextLengthW
0x426374 GetWindowTextW
0x426378 SetWindowTextW
0x42637c ReleaseDC
0x426380 GetWindowDC
0x426384 GetMenu
0x426388 KillTimer
0x42638c SetTimer
0x426390 CharUpperW
0x426394 SetWindowPos
0x426398 DestroyWindow
0x42639c CreateWindowExW
0x4263a0 DispatchMessageW
0x4263a4 wsprintfW
0x4263a8 wsprintfA
0x4263ac GetMessageW
GDI32.dll
0x426018 SelectObject
0x42601c StretchBlt
0x426020 GetCurrentObject
0x426024 GetObjectW
0x426028 CreateFontIndirectW
0x42602c DeleteObject
0x426030 DeleteDC
0x426034 CreateCompatibleDC
0x426038 GetDeviceCaps
0x42603c SetStretchBltMode
0x426040 CreateCompatibleBitmap
ADVAPI32.dll
0x426000 FreeSid
0x426004 CheckTokenMembership
0x426008 AllocateAndInitializeSid
SHELL32.dll
0x4262ac SHGetFileInfoW
0x4262b0 SHBrowseForFolderW
0x4262b4 SHGetPathFromIDListW
0x4262b8 SHGetMalloc
0x4262bc ShellExecuteW
0x4262c0 SHGetSpecialFolderPathW
0x4262c4 ShellExecuteExW
ole32.dll
0x4263b4 CreateStreamOnHGlobal
0x4263b8 CoCreateInstance
0x4263bc CoInitialize
OLEAUT32.dll
0x426294 SysAllocStringLen
0x426298 VariantClear
0x42629c SysAllocString
0x4262a0 SysFreeString
0x4262a4 OleLoadPicture
EAT(Export Address Table) is none
COMCTL32.dll
0x426010 None
KERNEL32.dll
0x426048 GetProcAddress
0x42604c GetDiskFreeSpaceExW
0x426050 SetFileAttributesW
0x426054 Sleep
0x426058 CreateThread
0x42605c GetExitCodeThread
0x426060 GetLocalTime
0x426064 SystemTimeToFileTime
0x426068 GetStdHandle
0x42606c GetEnvironmentVariableW
0x426070 ExpandEnvironmentStringsW
0x426074 SetCurrentDirectoryW
0x426078 GetCurrentDirectoryW
0x42607c CompareFileTime
0x426080 CreateDirectoryW
0x426084 DeleteFileW
0x426088 FindClose
0x42608c FindFirstFileW
0x426090 FindNextFileW
0x426094 GetFileAttributesW
0x426098 RemoveDirectoryW
0x42609c WriteFile
0x4260a0 GetTempPathW
0x4260a4 GetSystemTimeAsFileTime
0x4260a8 GetModuleHandleW
0x4260ac LoadResource
0x4260b0 LockResource
0x4260b4 SizeofResource
0x4260b8 LoadLibraryA
0x4260bc GlobalAlloc
0x4260c0 GlobalFree
0x4260c4 MulDiv
0x4260c8 lstrcmpW
0x4260cc lstrcmpiA
0x4260d0 lstrcmpiW
0x4260d4 lstrlenA
0x4260d8 FindResourceExA
0x4260dc MultiByteToWideChar
0x4260e0 WideCharToMultiByte
0x4260e4 GetLocaleInfoW
0x4260e8 SetThreadLocale
0x4260ec GetSystemDefaultUILanguage
0x4260f0 GetUserDefaultUILanguage
0x4260f4 GetSystemDefaultLCID
0x4260f8 SetEnvironmentVariableW
0x4260fc CreateFileA
0x426100 CreateFileW
0x426104 GetDriveTypeW
0x426108 GetCurrentProcess
0x42610c GetVersionExW
0x426110 VirtualProtect
0x426114 CreateFileMappingW
0x426118 MapViewOfFile
0x42611c FreeLibrary
0x426120 GetModuleFileNameW
0x426124 GetModuleHandleA
0x426128 SetProcessWorkingSetSize
0x42612c FreeConsole
0x426130 InitializeCriticalSection
0x426134 SetEvent
0x426138 ResetEvent
0x42613c CreateEventW
0x426140 GetCurrentThreadId
0x426144 TerminateThread
0x426148 SuspendThread
0x42614c GetSystemDirectoryW
0x426150 LocalFree
0x426154 FormatMessageW
0x426158 AssignProcessToJobObject
0x42615c IsBadReadPtr
0x426160 EnterCriticalSection
0x426164 LeaveCriticalSection
0x426168 DeleteCriticalSection
0x42616c VirtualAlloc
0x426170 VirtualFree
0x426174 GetFileSize
0x426178 ReadFile
0x42617c SetEndOfFile
0x426180 SetFilePointer
0x426184 SetFileTime
0x426188 GetFileInformationByHandle
0x42618c WaitForMultipleObjects
0x426190 RtlUnwind
0x426194 RaiseException
0x426198 EncodePointer
0x42619c InitializeCriticalSectionAndSpinCount
0x4261a0 TlsAlloc
0x4261a4 TlsGetValue
0x4261a8 TlsSetValue
0x4261ac TlsFree
0x4261b0 LoadLibraryExW
0x4261b4 IsProcessorFeaturePresent
0x4261b8 IsDebuggerPresent
0x4261bc UnhandledExceptionFilter
0x4261c0 SetUnhandledExceptionFilter
0x4261c4 QueryPerformanceCounter
0x4261c8 GetCurrentProcessId
0x4261cc InitializeSListHead
0x4261d0 TerminateProcess
0x4261d4 DecodePointer
0x4261d8 SetFilePointerEx
0x4261dc GetConsoleMode
0x4261e0 GetConsoleCP
0x4261e4 FlushFileBuffers
0x4261e8 HeapSize
0x4261ec GetStringTypeW
0x4261f0 WriteConsoleW
0x4261f4 SetStdHandle
0x4261f8 GetProcessHeap
0x4261fc SetEnvironmentVariableA
0x426200 FreeEnvironmentStringsW
0x426204 GetEnvironmentStringsW
0x426208 GetCPInfo
0x42620c GetOEMCP
0x426210 IsValidCodePage
0x426214 FindNextFileA
0x426218 FindFirstFileExA
0x42621c GetFileType
0x426220 HeapReAlloc
0x426224 LCMapStringW
0x426228 CompareStringW
0x42622c HeapFree
0x426230 HeapAlloc
0x426234 GetACP
0x426238 GetCommandLineA
0x42623c GetModuleFileNameA
0x426240 ExitProcess
0x426244 GetModuleHandleExW
0x426248 FreeLibraryAndExitThread
0x42624c ExitThread
0x426250 CreateJobObjectW
0x426254 GetStartupInfoW
0x426258 CreateProcessW
0x42625c ResumeThread
0x426260 SetInformationJobObject
0x426264 GetExitCodeProcess
0x426268 WaitForSingleObject
0x42626c GetQueuedCompletionStatus
0x426270 CreateIoCompletionPort
0x426274 SetLastError
0x426278 GetLastError
0x42627c CloseHandle
0x426280 GetCommandLineW
0x426284 lstrlenW
0x426288 GetTickCount
0x42628c lstrcpyW
USER32.dll
0x4262cc EnableMenuItem
0x4262d0 GetSystemMenu
0x4262d4 GetDC
0x4262d8 GetClientRect
0x4262dc MessageBeep
0x4262e0 ClientToScreen
0x4262e4 PtInRect
0x4262e8 SetWindowLongW
0x4262ec GetWindow
0x4262f0 DrawTextW
0x4262f4 EndDialog
0x4262f8 ShowWindow
0x4262fc BringWindowToTop
0x426300 SendMessageW
0x426304 SetWindowsHookExW
0x426308 UnhookWindowsHookEx
0x42630c CallNextHookEx
0x426310 LoadIconW
0x426314 LoadImageW
0x426318 DrawIconEx
0x42631c SystemParametersInfoW
0x426320 GetSystemMetrics
0x426324 EnableWindow
0x426328 SetFocus
0x42632c GetDlgItem
0x426330 DialogBoxIndirectParamW
0x426334 IsWindow
0x426338 CreateWindowExA
0x42633c CallWindowProcW
0x426340 DefWindowProcW
0x426344 wvsprintfW
0x426348 MessageBoxA
0x42634c GetKeyState
0x426350 CopyImage
0x426354 GetClassNameA
0x426358 GetParent
0x42635c GetDesktopWindow
0x426360 GetWindowLongW
0x426364 GetSysColor
0x426368 ScreenToClient
0x42636c GetWindowRect
0x426370 GetWindowTextLengthW
0x426374 GetWindowTextW
0x426378 SetWindowTextW
0x42637c ReleaseDC
0x426380 GetWindowDC
0x426384 GetMenu
0x426388 KillTimer
0x42638c SetTimer
0x426390 CharUpperW
0x426394 SetWindowPos
0x426398 DestroyWindow
0x42639c CreateWindowExW
0x4263a0 DispatchMessageW
0x4263a4 wsprintfW
0x4263a8 wsprintfA
0x4263ac GetMessageW
GDI32.dll
0x426018 SelectObject
0x42601c StretchBlt
0x426020 GetCurrentObject
0x426024 GetObjectW
0x426028 CreateFontIndirectW
0x42602c DeleteObject
0x426030 DeleteDC
0x426034 CreateCompatibleDC
0x426038 GetDeviceCaps
0x42603c SetStretchBltMode
0x426040 CreateCompatibleBitmap
ADVAPI32.dll
0x426000 FreeSid
0x426004 CheckTokenMembership
0x426008 AllocateAndInitializeSid
SHELL32.dll
0x4262ac SHGetFileInfoW
0x4262b0 SHBrowseForFolderW
0x4262b4 SHGetPathFromIDListW
0x4262b8 SHGetMalloc
0x4262bc ShellExecuteW
0x4262c0 SHGetSpecialFolderPathW
0x4262c4 ShellExecuteExW
ole32.dll
0x4263b4 CreateStreamOnHGlobal
0x4263b8 CoCreateInstance
0x4263bc CoInitialize
OLEAUT32.dll
0x426294 SysAllocStringLen
0x426298 VariantClear
0x42629c SysAllocString
0x4262a0 SysFreeString
0x4262a4 OleLoadPicture
EAT(Export Address Table) is none