ScreenShot
| Created | 2024.02.04 16:47 | Machine | s1_win7_x6403 |
| Filename | inte.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | fa092cd96d9916f2e247067653cd1110 | ||
| sha256 | 110c64b4a03a6ed6c8ffd2baba0a5831fd8bd59ca6b23d6e885a8f34e13461fc | ||
| ssdeep | 3072:fjJNYb6cSN+tDbI3FUAiJtFej2TUgObqt/Y8O/tOAg0Fuj0thzIt3Za:fjJNYuR0Ifu9TxObNgAOSMZZa | ||
| imphash | 7995552d5727ea28793352af716fab7e | ||
| impfuzzy | 24:GzB81oI1MUpu9QHuOGOovqMcpVWZst0lLjVZDqXCM3Jh9roAkFZMvD1cwxbC02AJ:G6osB0cpVest0MXCM/ZOFZGDdbC07 | ||
Network IP location
Signature (11cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| notice | A process created a hidden window |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a suspicious process |
| notice | Drops an executable to the user AppData folder |
| notice | Executes one or more WMI queries |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Command line console output was observed |
| info | Queries for the computername |
Rules (10cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41d000 GetCurrentProcess
0x41d004 FindClose
0x41d008 OpenProcess
0x41d00c Sleep
0x41d010 GetTempPathA
0x41d014 K32GetModuleFileNameExA
0x41d018 GetLastError
0x41d01c K32GetModuleBaseNameA
0x41d020 GetCurrentProcessId
0x41d024 CreateProcessA
0x41d028 K32EnumProcessModules
0x41d02c CreateDirectoryA
0x41d030 HeapSize
0x41d034 SetFilePointerEx
0x41d038 WideCharToMultiByte
0x41d03c CloseHandle
0x41d040 CreateFileA
0x41d044 MultiByteToWideChar
0x41d048 WriteFile
0x41d04c GetConsoleMode
0x41d050 GetConsoleOutputCP
0x41d054 FlushFileBuffers
0x41d058 CreateFileW
0x41d05c SetStdHandle
0x41d060 GetProcessHeap
0x41d064 SetEnvironmentVariableW
0x41d068 FreeEnvironmentStringsW
0x41d06c GetEnvironmentStringsW
0x41d070 GetCommandLineW
0x41d074 GetCommandLineA
0x41d078 GetOEMCP
0x41d07c GetACP
0x41d080 IsValidCodePage
0x41d084 FindNextFileW
0x41d088 FindFirstFileExW
0x41d08c EnterCriticalSection
0x41d090 LeaveCriticalSection
0x41d094 InitializeCriticalSectionEx
0x41d098 DeleteCriticalSection
0x41d09c EncodePointer
0x41d0a0 DecodePointer
0x41d0a4 LCMapStringEx
0x41d0a8 GetStringTypeW
0x41d0ac GetCPInfo
0x41d0b0 UnhandledExceptionFilter
0x41d0b4 SetUnhandledExceptionFilter
0x41d0b8 TerminateProcess
0x41d0bc IsProcessorFeaturePresent
0x41d0c0 InitializeCriticalSectionAndSpinCount
0x41d0c4 SetEvent
0x41d0c8 ResetEvent
0x41d0cc WaitForSingleObjectEx
0x41d0d0 CreateEventW
0x41d0d4 GetModuleHandleW
0x41d0d8 GetProcAddress
0x41d0dc IsDebuggerPresent
0x41d0e0 GetStartupInfoW
0x41d0e4 QueryPerformanceCounter
0x41d0e8 GetCurrentThreadId
0x41d0ec GetSystemTimeAsFileTime
0x41d0f0 InitializeSListHead
0x41d0f4 RtlUnwind
0x41d0f8 RaiseException
0x41d0fc SetLastError
0x41d100 TlsAlloc
0x41d104 TlsGetValue
0x41d108 TlsSetValue
0x41d10c TlsFree
0x41d110 FreeLibrary
0x41d114 LoadLibraryExW
0x41d118 ExitProcess
0x41d11c GetModuleHandleExW
0x41d120 GetModuleFileNameW
0x41d124 GetStdHandle
0x41d128 HeapAlloc
0x41d12c HeapFree
0x41d130 CompareStringW
0x41d134 LCMapStringW
0x41d138 GetLocaleInfoW
0x41d13c IsValidLocale
0x41d140 GetUserDefaultLCID
0x41d144 EnumSystemLocalesW
0x41d148 GetFileType
0x41d14c HeapReAlloc
0x41d150 WriteConsoleW
SHELL32.dll
0x41d158 SHGetFolderPathA
0x41d15c ShellExecuteA
ole32.dll
0x41d190 CoCreateInstance
0x41d194 CoUninitialize
WININET.dll
0x41d164 InternetSetFilePointer
0x41d168 HttpQueryInfoA
0x41d16c InternetSetOptionA
0x41d170 HttpAddRequestHeadersA
0x41d174 InternetOpenA
0x41d178 InternetCloseHandle
0x41d17c HttpSendRequestA
0x41d180 InternetConnectA
0x41d184 InternetReadFile
0x41d188 HttpOpenRequestA
EAT(Export Address Table) is none
KERNEL32.dll
0x41d000 GetCurrentProcess
0x41d004 FindClose
0x41d008 OpenProcess
0x41d00c Sleep
0x41d010 GetTempPathA
0x41d014 K32GetModuleFileNameExA
0x41d018 GetLastError
0x41d01c K32GetModuleBaseNameA
0x41d020 GetCurrentProcessId
0x41d024 CreateProcessA
0x41d028 K32EnumProcessModules
0x41d02c CreateDirectoryA
0x41d030 HeapSize
0x41d034 SetFilePointerEx
0x41d038 WideCharToMultiByte
0x41d03c CloseHandle
0x41d040 CreateFileA
0x41d044 MultiByteToWideChar
0x41d048 WriteFile
0x41d04c GetConsoleMode
0x41d050 GetConsoleOutputCP
0x41d054 FlushFileBuffers
0x41d058 CreateFileW
0x41d05c SetStdHandle
0x41d060 GetProcessHeap
0x41d064 SetEnvironmentVariableW
0x41d068 FreeEnvironmentStringsW
0x41d06c GetEnvironmentStringsW
0x41d070 GetCommandLineW
0x41d074 GetCommandLineA
0x41d078 GetOEMCP
0x41d07c GetACP
0x41d080 IsValidCodePage
0x41d084 FindNextFileW
0x41d088 FindFirstFileExW
0x41d08c EnterCriticalSection
0x41d090 LeaveCriticalSection
0x41d094 InitializeCriticalSectionEx
0x41d098 DeleteCriticalSection
0x41d09c EncodePointer
0x41d0a0 DecodePointer
0x41d0a4 LCMapStringEx
0x41d0a8 GetStringTypeW
0x41d0ac GetCPInfo
0x41d0b0 UnhandledExceptionFilter
0x41d0b4 SetUnhandledExceptionFilter
0x41d0b8 TerminateProcess
0x41d0bc IsProcessorFeaturePresent
0x41d0c0 InitializeCriticalSectionAndSpinCount
0x41d0c4 SetEvent
0x41d0c8 ResetEvent
0x41d0cc WaitForSingleObjectEx
0x41d0d0 CreateEventW
0x41d0d4 GetModuleHandleW
0x41d0d8 GetProcAddress
0x41d0dc IsDebuggerPresent
0x41d0e0 GetStartupInfoW
0x41d0e4 QueryPerformanceCounter
0x41d0e8 GetCurrentThreadId
0x41d0ec GetSystemTimeAsFileTime
0x41d0f0 InitializeSListHead
0x41d0f4 RtlUnwind
0x41d0f8 RaiseException
0x41d0fc SetLastError
0x41d100 TlsAlloc
0x41d104 TlsGetValue
0x41d108 TlsSetValue
0x41d10c TlsFree
0x41d110 FreeLibrary
0x41d114 LoadLibraryExW
0x41d118 ExitProcess
0x41d11c GetModuleHandleExW
0x41d120 GetModuleFileNameW
0x41d124 GetStdHandle
0x41d128 HeapAlloc
0x41d12c HeapFree
0x41d130 CompareStringW
0x41d134 LCMapStringW
0x41d138 GetLocaleInfoW
0x41d13c IsValidLocale
0x41d140 GetUserDefaultLCID
0x41d144 EnumSystemLocalesW
0x41d148 GetFileType
0x41d14c HeapReAlloc
0x41d150 WriteConsoleW
SHELL32.dll
0x41d158 SHGetFolderPathA
0x41d15c ShellExecuteA
ole32.dll
0x41d190 CoCreateInstance
0x41d194 CoUninitialize
WININET.dll
0x41d164 InternetSetFilePointer
0x41d168 HttpQueryInfoA
0x41d16c InternetSetOptionA
0x41d170 HttpAddRequestHeadersA
0x41d174 InternetOpenA
0x41d178 InternetCloseHandle
0x41d17c HttpSendRequestA
0x41d180 InternetConnectA
0x41d184 InternetReadFile
0x41d188 HttpOpenRequestA
EAT(Export Address Table) is none