ScreenShot
| Created | 2024.03.29 09:40 | Machine | s1_win7_x6401 |
| Filename | hola.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 6 detected (AIDetectMalware, Casdet, BScope, Penguish) | ||
| md5 | 7b91d2784eaef8f79e4d60c1c1145d8b | ||
| sha256 | 4f76cd6ec7222833969dcad5f71ab7cbddfd3714bc9adda334413c66c2826209 | ||
| ssdeep | 98304:zuwg7O8YO6xtedsiMV6oaNIwkmTFfYURRHbry7/bGaas3RW1PfR/yxkBfPy8Sh:ARdsiAkJQi/y7yzs3RWVfJyxafp | ||
| imphash | d20f31098a0b3dab0560ee6731ee6405 | ||
| impfuzzy | 96:jfy23MxQX11vmchLqnJZALPmDtqysX+kN6nxoVLkcAn02VytgqKkWd:7yUVFlg/HqHOkMnxoVLkcAn5VytYkU | ||
Network IP location
Signature (12cnts)
| Level | Description |
|---|---|
| watch | Attempts to remove evidence of file being downloaded from the Internet |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Drops an executable to the user AppData folder |
| notice | Encryption keys have been identified in this analysis |
| notice | File has been identified by 6 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Checks amount of memory in system |
| info | Queries for the computername |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (11cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | PNG_Format_Zero | PNG Format | binaries (download) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x468064 CreateFileW
0x468068 GetSystemTimeAsFileTime
0x46806c GetCommandLineW
0x468070 GetCurrentThreadId
0x468074 SetEvent
0x468078 DeleteFileW
0x46807c CopyFileW
0x468080 GetDiskFreeSpaceExW
0x468084 CreateDirectoryW
0x468088 RemoveDirectoryW
0x46808c GetTempPathW
0x468090 GetFileAttributesW
0x468094 GetTickCount
0x468098 GetACP
0x46809c SetLastError
0x4680a0 HeapFree
0x4680a4 HeapSize
0x4680a8 HeapReAlloc
0x4680ac HeapAlloc
0x4680b0 GetProcessHeap
0x4680b4 InterlockedCompareExchange
0x4680b8 MultiByteToWideChar
0x4680bc WideCharToMultiByte
0x4680c0 GetCurrentProcess
0x4680c4 GetVersionExW
0x4680c8 GetNativeSystemInfo
0x4680cc WaitForSingleObject
0x4680d0 GetStartupInfoW
0x4680d4 CreateProcessW
0x4680d8 LocalFree
0x4680dc InitializeCriticalSection
0x4680e0 FormatMessageW
0x4680e4 FindClose
0x4680e8 FindFirstFileExW
0x4680ec FindNextFileW
0x4680f0 CreateEventA
0x4680f4 DuplicateHandle
0x4680f8 ReleaseSemaphore
0x4680fc QueryPerformanceCounter
0x468100 QueryPerformanceFrequency
0x468104 WaitForSingleObjectEx
0x468108 InterlockedDecrement
0x46810c GlobalAlloc
0x468110 GlobalLock
0x468114 InterlockedIncrement
0x468118 GlobalUnlock
0x46811c lstrcmpW
0x468120 MulDiv
0x468124 ReadFile
0x468128 SetFilePointer
0x46812c WriteFile
0x468130 EncodePointer
0x468134 SetThreadPriority
0x468138 SignalObjectAndWait
0x46813c WriteConsoleW
0x468140 SetStdHandle
0x468144 FreeEnvironmentStringsW
0x468148 GetEnvironmentStringsW
0x46814c GetCommandLineA
0x468150 GetOEMCP
0x468154 IsValidCodePage
0x468158 DecodePointer
0x46815c EnumSystemLocalesW
0x468160 IsValidLocale
0x468164 GetConsoleCP
0x468168 FlushFileBuffers
0x46816c GetFileType
0x468170 ReadConsoleW
0x468174 GetConsoleMode
0x468178 GetCurrentThread
0x46817c FreeLibraryAndExitThread
0x468180 CreateThread
0x468184 GetStdHandle
0x468188 GetModuleHandleExW
0x46818c ExitProcess
0x468190 LoadLibraryExW
0x468194 InterlockedFlushSList
0x468198 RtlUnwind
0x46819c GetModuleHandleA
0x4681a0 GetLogicalProcessorInformation
0x4681a4 OpenEventA
0x4681a8 GetUserDefaultLCID
0x4681ac Sleep
0x4681b0 SetFilePointerEx
0x4681b4 SetEndOfFile
0x4681b8 LeaveCriticalSection
0x4681bc GetModuleFileNameW
0x4681c0 EnterCriticalSection
0x4681c4 GetPhysicallyInstalledSystemMemory
0x4681c8 GetModuleHandleW
0x4681cc CreateEventW
0x4681d0 GetExitCodeProcess
0x4681d4 CloseHandle
0x4681d8 FreeLibrary
0x4681dc GetProcAddress
0x4681e0 LoadLibraryW
0x4681e4 GetFileSize
0x4681e8 GetStringTypeW
0x4681ec TryEnterCriticalSection
0x4681f0 InitializeSListHead
0x4681f4 GetCurrentProcessId
0x4681f8 FormatMessageA
0x4681fc VirtualFree
0x468200 VirtualAlloc
0x468204 FlushInstructionCache
0x468208 InterlockedPushEntrySList
0x46820c InterlockedPopEntrySList
0x468210 OutputDebugStringW
0x468214 GetCPInfo
0x468218 GetLocaleInfoW
0x46821c LCMapStringW
0x468220 IsDebuggerPresent
0x468224 IsProcessorFeaturePresent
0x468228 TerminateProcess
0x46822c SetUnhandledExceptionFilter
0x468230 UnhandledExceptionFilter
0x468234 ResetEvent
0x468238 LoadLibraryExA
0x46823c VirtualQuery
0x468240 VirtualProtect
0x468244 GetSystemInfo
0x468248 TlsAlloc
0x46824c TlsGetValue
0x468250 TlsSetValue
0x468254 TlsFree
0x468258 DeleteCriticalSection
0x46825c RaiseException
0x468260 GetLastError
0x468264 InitializeCriticalSectionAndSpinCount
0x468268 GetThreadPriority
0x46826c CreateTimerQueueTimer
0x468270 ChangeTimerQueueTimer
0x468274 DeleteTimerQueueTimer
0x468278 GetNumaHighestNodeNumber
0x46827c GetProcessAffinityMask
0x468280 SetThreadAffinityMask
0x468284 RegisterWaitForSingleObject
0x468288 UnregisterWait
0x46828c GetThreadTimes
0x468290 QueryDepthSList
0x468294 UnregisterWaitEx
0x468298 CreateTimerQueue
0x46829c SwitchToThread
USER32.dll
0x4682f4 RegisterClassExW
0x4682f8 PeekMessageW
0x4682fc TranslateMessage
0x468300 DispatchMessageW
0x468304 SetWindowLongW
0x468308 DestroyWindow
0x46830c GetWindowLongW
0x468310 SetTimer
0x468314 KillTimer
0x468318 UnregisterClassW
0x46831c GetCursorPos
0x468320 SendMessageW
0x468324 PostThreadMessageW
0x468328 wsprintfW
0x46832c DefWindowProcW
0x468330 GetDesktopWindow
0x468334 MsgWaitForMultipleObjects
0x468338 GetWindowTextLengthW
0x46833c GetWindow
0x468340 GetFocus
0x468344 GetDC
0x468348 SetWindowPos
0x46834c SetWindowRgn
0x468350 FillRect
0x468354 ScreenToClient
0x468358 GetSystemMetrics
0x46835c SetWindowTextW
0x468360 ShowWindow
0x468364 IsWindow
0x468368 InvalidateRgn
0x46836c RedrawWindow
0x468370 ClientToScreen
0x468374 DestroyAcceleratorTable
0x468378 IsChild
0x46837c GetSysColor
0x468380 MoveWindow
0x468384 CreateAcceleratorTableW
0x468388 SetFocus
0x46838c CharNextW
0x468390 GetClassNameW
0x468394 SetCapture
0x468398 GetClientRect
0x46839c GetDlgItem
0x4683a0 PostQuitMessage
0x4683a4 SystemParametersInfoW
0x4683a8 GetParent
0x4683ac RegisterWindowMessageW
0x4683b0 ReleaseCapture
0x4683b4 InvalidateRect
0x4683b8 ReleaseDC
0x4683bc BeginPaint
0x4683c0 EndPaint
0x4683c4 GetWindowTextW
0x4683c8 CallWindowProcW
0x4683cc CreateWindowExW
0x4683d0 GetClassInfoExW
0x4683d4 LoadCursorW
GDI32.dll
0x468034 BitBlt
0x468038 CreateCompatibleBitmap
0x46803c SelectObject
0x468040 CreateCompatibleDC
0x468044 GetStockObject
0x468048 CreateRoundRectRgn
0x46804c GetDeviceCaps
0x468050 DeleteDC
0x468054 GetObjectW
0x468058 DeleteObject
0x46805c CreateSolidBrush
SHELL32.dll
0x4682e0 SHGetFolderPathW
0x4682e4 CommandLineToArgvW
ole32.dll
0x4683e4 OleUninitialize
0x4683e8 CoCreateInstance
0x4683ec CoAddRefServerProcess
0x4683f0 CoTaskMemFree
0x4683f4 CoCreateGuid
0x4683f8 CoGetClassObject
0x4683fc CoTaskMemAlloc
0x468400 StringFromGUID2
0x468404 CLSIDFromProgID
0x468408 CreateStreamOnHGlobal
0x46840c CLSIDFromString
0x468410 OleLockRunning
0x468414 CoReleaseServerProcess
0x468418 OleInitialize
0x46841c StringFromCLSID
OLEAUT32.dll
0x4682a4 DispCallFunc
0x4682a8 VariantChangeType
0x4682ac LoadRegTypeLib
0x4682b0 VariantInit
0x4682b4 LoadTypeLib
0x4682b8 SysStringByteLen
0x4682bc OleCreateFontIndirect
0x4682c0 SysAllocString
0x4682c4 VariantCopy
0x4682c8 SysStringLen
0x4682cc SysAllocStringLen
0x4682d0 VariantClear
0x4682d4 SysFreeString
0x4682d8 SysAllocStringByteLen
ADVAPI32.dll
0x468000 CryptDestroyKey
0x468004 CryptVerifySignatureW
0x468008 CryptCreateHash
0x46800c CryptHashData
0x468010 CryptDestroyHash
0x468014 CryptReleaseContext
0x468018 RegSetValueExW
0x46801c RegNotifyChangeKeyValue
0x468020 RegCreateKeyExW
0x468024 RegQueryValueExW
0x468028 RegCloseKey
0x46802c CryptAcquireContextW
SHLWAPI.dll
0x4682ec PathFindFileNameW
WS2_32.dll
0x4683dc ntohl
EAT(Export Address Table) is none
KERNEL32.dll
0x468064 CreateFileW
0x468068 GetSystemTimeAsFileTime
0x46806c GetCommandLineW
0x468070 GetCurrentThreadId
0x468074 SetEvent
0x468078 DeleteFileW
0x46807c CopyFileW
0x468080 GetDiskFreeSpaceExW
0x468084 CreateDirectoryW
0x468088 RemoveDirectoryW
0x46808c GetTempPathW
0x468090 GetFileAttributesW
0x468094 GetTickCount
0x468098 GetACP
0x46809c SetLastError
0x4680a0 HeapFree
0x4680a4 HeapSize
0x4680a8 HeapReAlloc
0x4680ac HeapAlloc
0x4680b0 GetProcessHeap
0x4680b4 InterlockedCompareExchange
0x4680b8 MultiByteToWideChar
0x4680bc WideCharToMultiByte
0x4680c0 GetCurrentProcess
0x4680c4 GetVersionExW
0x4680c8 GetNativeSystemInfo
0x4680cc WaitForSingleObject
0x4680d0 GetStartupInfoW
0x4680d4 CreateProcessW
0x4680d8 LocalFree
0x4680dc InitializeCriticalSection
0x4680e0 FormatMessageW
0x4680e4 FindClose
0x4680e8 FindFirstFileExW
0x4680ec FindNextFileW
0x4680f0 CreateEventA
0x4680f4 DuplicateHandle
0x4680f8 ReleaseSemaphore
0x4680fc QueryPerformanceCounter
0x468100 QueryPerformanceFrequency
0x468104 WaitForSingleObjectEx
0x468108 InterlockedDecrement
0x46810c GlobalAlloc
0x468110 GlobalLock
0x468114 InterlockedIncrement
0x468118 GlobalUnlock
0x46811c lstrcmpW
0x468120 MulDiv
0x468124 ReadFile
0x468128 SetFilePointer
0x46812c WriteFile
0x468130 EncodePointer
0x468134 SetThreadPriority
0x468138 SignalObjectAndWait
0x46813c WriteConsoleW
0x468140 SetStdHandle
0x468144 FreeEnvironmentStringsW
0x468148 GetEnvironmentStringsW
0x46814c GetCommandLineA
0x468150 GetOEMCP
0x468154 IsValidCodePage
0x468158 DecodePointer
0x46815c EnumSystemLocalesW
0x468160 IsValidLocale
0x468164 GetConsoleCP
0x468168 FlushFileBuffers
0x46816c GetFileType
0x468170 ReadConsoleW
0x468174 GetConsoleMode
0x468178 GetCurrentThread
0x46817c FreeLibraryAndExitThread
0x468180 CreateThread
0x468184 GetStdHandle
0x468188 GetModuleHandleExW
0x46818c ExitProcess
0x468190 LoadLibraryExW
0x468194 InterlockedFlushSList
0x468198 RtlUnwind
0x46819c GetModuleHandleA
0x4681a0 GetLogicalProcessorInformation
0x4681a4 OpenEventA
0x4681a8 GetUserDefaultLCID
0x4681ac Sleep
0x4681b0 SetFilePointerEx
0x4681b4 SetEndOfFile
0x4681b8 LeaveCriticalSection
0x4681bc GetModuleFileNameW
0x4681c0 EnterCriticalSection
0x4681c4 GetPhysicallyInstalledSystemMemory
0x4681c8 GetModuleHandleW
0x4681cc CreateEventW
0x4681d0 GetExitCodeProcess
0x4681d4 CloseHandle
0x4681d8 FreeLibrary
0x4681dc GetProcAddress
0x4681e0 LoadLibraryW
0x4681e4 GetFileSize
0x4681e8 GetStringTypeW
0x4681ec TryEnterCriticalSection
0x4681f0 InitializeSListHead
0x4681f4 GetCurrentProcessId
0x4681f8 FormatMessageA
0x4681fc VirtualFree
0x468200 VirtualAlloc
0x468204 FlushInstructionCache
0x468208 InterlockedPushEntrySList
0x46820c InterlockedPopEntrySList
0x468210 OutputDebugStringW
0x468214 GetCPInfo
0x468218 GetLocaleInfoW
0x46821c LCMapStringW
0x468220 IsDebuggerPresent
0x468224 IsProcessorFeaturePresent
0x468228 TerminateProcess
0x46822c SetUnhandledExceptionFilter
0x468230 UnhandledExceptionFilter
0x468234 ResetEvent
0x468238 LoadLibraryExA
0x46823c VirtualQuery
0x468240 VirtualProtect
0x468244 GetSystemInfo
0x468248 TlsAlloc
0x46824c TlsGetValue
0x468250 TlsSetValue
0x468254 TlsFree
0x468258 DeleteCriticalSection
0x46825c RaiseException
0x468260 GetLastError
0x468264 InitializeCriticalSectionAndSpinCount
0x468268 GetThreadPriority
0x46826c CreateTimerQueueTimer
0x468270 ChangeTimerQueueTimer
0x468274 DeleteTimerQueueTimer
0x468278 GetNumaHighestNodeNumber
0x46827c GetProcessAffinityMask
0x468280 SetThreadAffinityMask
0x468284 RegisterWaitForSingleObject
0x468288 UnregisterWait
0x46828c GetThreadTimes
0x468290 QueryDepthSList
0x468294 UnregisterWaitEx
0x468298 CreateTimerQueue
0x46829c SwitchToThread
USER32.dll
0x4682f4 RegisterClassExW
0x4682f8 PeekMessageW
0x4682fc TranslateMessage
0x468300 DispatchMessageW
0x468304 SetWindowLongW
0x468308 DestroyWindow
0x46830c GetWindowLongW
0x468310 SetTimer
0x468314 KillTimer
0x468318 UnregisterClassW
0x46831c GetCursorPos
0x468320 SendMessageW
0x468324 PostThreadMessageW
0x468328 wsprintfW
0x46832c DefWindowProcW
0x468330 GetDesktopWindow
0x468334 MsgWaitForMultipleObjects
0x468338 GetWindowTextLengthW
0x46833c GetWindow
0x468340 GetFocus
0x468344 GetDC
0x468348 SetWindowPos
0x46834c SetWindowRgn
0x468350 FillRect
0x468354 ScreenToClient
0x468358 GetSystemMetrics
0x46835c SetWindowTextW
0x468360 ShowWindow
0x468364 IsWindow
0x468368 InvalidateRgn
0x46836c RedrawWindow
0x468370 ClientToScreen
0x468374 DestroyAcceleratorTable
0x468378 IsChild
0x46837c GetSysColor
0x468380 MoveWindow
0x468384 CreateAcceleratorTableW
0x468388 SetFocus
0x46838c CharNextW
0x468390 GetClassNameW
0x468394 SetCapture
0x468398 GetClientRect
0x46839c GetDlgItem
0x4683a0 PostQuitMessage
0x4683a4 SystemParametersInfoW
0x4683a8 GetParent
0x4683ac RegisterWindowMessageW
0x4683b0 ReleaseCapture
0x4683b4 InvalidateRect
0x4683b8 ReleaseDC
0x4683bc BeginPaint
0x4683c0 EndPaint
0x4683c4 GetWindowTextW
0x4683c8 CallWindowProcW
0x4683cc CreateWindowExW
0x4683d0 GetClassInfoExW
0x4683d4 LoadCursorW
GDI32.dll
0x468034 BitBlt
0x468038 CreateCompatibleBitmap
0x46803c SelectObject
0x468040 CreateCompatibleDC
0x468044 GetStockObject
0x468048 CreateRoundRectRgn
0x46804c GetDeviceCaps
0x468050 DeleteDC
0x468054 GetObjectW
0x468058 DeleteObject
0x46805c CreateSolidBrush
SHELL32.dll
0x4682e0 SHGetFolderPathW
0x4682e4 CommandLineToArgvW
ole32.dll
0x4683e4 OleUninitialize
0x4683e8 CoCreateInstance
0x4683ec CoAddRefServerProcess
0x4683f0 CoTaskMemFree
0x4683f4 CoCreateGuid
0x4683f8 CoGetClassObject
0x4683fc CoTaskMemAlloc
0x468400 StringFromGUID2
0x468404 CLSIDFromProgID
0x468408 CreateStreamOnHGlobal
0x46840c CLSIDFromString
0x468410 OleLockRunning
0x468414 CoReleaseServerProcess
0x468418 OleInitialize
0x46841c StringFromCLSID
OLEAUT32.dll
0x4682a4 DispCallFunc
0x4682a8 VariantChangeType
0x4682ac LoadRegTypeLib
0x4682b0 VariantInit
0x4682b4 LoadTypeLib
0x4682b8 SysStringByteLen
0x4682bc OleCreateFontIndirect
0x4682c0 SysAllocString
0x4682c4 VariantCopy
0x4682c8 SysStringLen
0x4682cc SysAllocStringLen
0x4682d0 VariantClear
0x4682d4 SysFreeString
0x4682d8 SysAllocStringByteLen
ADVAPI32.dll
0x468000 CryptDestroyKey
0x468004 CryptVerifySignatureW
0x468008 CryptCreateHash
0x46800c CryptHashData
0x468010 CryptDestroyHash
0x468014 CryptReleaseContext
0x468018 RegSetValueExW
0x46801c RegNotifyChangeKeyValue
0x468020 RegCreateKeyExW
0x468024 RegQueryValueExW
0x468028 RegCloseKey
0x46802c CryptAcquireContextW
SHLWAPI.dll
0x4682ec PathFindFileNameW
WS2_32.dll
0x4683dc ntohl
EAT(Export Address Table) is none