ScreenShot
| Created | 2024.03.31 11:27 | Machine | s1_win7_x6403 |
| Filename | nikon.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 44 detected (AIDetectMalware, Zbot, m5ir, malicious, high confidence, score, Lockbit, unsafe, Save, Fragtor, Attribute, HighConfidence, GenKryptik, GVSW, Artemis, TrojanX, Stealerc, SmokeLoader, CLASSIC, hvbpu, PRIVATELOADER, YXEC4Z, moderate, Detected, ai score=87, RisePro, Amadey, X98OY8, Kryptik, Eldorado, PWSX, R642038, ZexaF, 4q0@aSOhZSR, MachineLearning, Anomalous, Chgt, Static AI, Malicious PE, susgen, HCOV, confidence, 100%) | ||
| md5 | 4673027c92dbac1d082d3b8754a43de1 | ||
| sha256 | ac285068acce8f4243892ccc2130abb931cd664c7c4d6fab7e2fe9b4d7a4a049 | ||
| ssdeep | 24576:r3hIOb0z/dixAzpymW4YYUZ7fSc7u4MXnZZ:r3fgzQAVymxY5Z7ffutX | ||
| imphash | dfd9e96c2643a560f1d88ff6b08a3ecb | ||
| impfuzzy | 24:arlckrkIOnFXcTgVakaH1VV4WcHvCDhPgWbKPv9CsZLOtZacrliJ3I+HRyv0T4Q9:arlztyh156tZacrcC0cg/xkSeVo | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 44 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x411000 GetSystemDefaultLangID
0x411004 DebugActiveProcess
0x411008 CreateFileA
0x41100c GetConsoleAliasesLengthW
0x411010 GetNumaProcessorNode
0x411014 SetUnhandledExceptionFilter
0x411018 InterlockedIncrement
0x41101c HeapFree
0x411020 SetComputerNameW
0x411024 ConnectNamedPipe
0x411028 GetModuleHandleW
0x41102c ReadConsoleOutputA
0x411030 GlobalAlloc
0x411034 GlobalFindAtomA
0x411038 LoadLibraryW
0x41103c GetLocaleInfoW
0x411040 GetConsoleAliasExesLengthW
0x411044 GetFileAttributesA
0x411048 HeapCreate
0x41104c lstrcpynW
0x411050 GetAtomNameW
0x411054 GetModuleFileNameW
0x411058 FindNextVolumeMountPointW
0x41105c SetConsoleTitleA
0x411060 WritePrivateProfileStringW
0x411064 GetLastError
0x411068 GetThreadLocale
0x41106c GetProcAddress
0x411070 SetCalendarInfoW
0x411074 CreateHardLinkW
0x411078 SetConsoleDisplayMode
0x41107c FindAtomA
0x411080 WaitForMultipleObjects
0x411084 SetSystemTime
0x411088 SetConsoleTitleW
0x41108c HeapSetInformation
0x411090 VirtualProtect
0x411094 GetCurrentDirectoryA
0x411098 DeleteCriticalSection
0x41109c CreateFileW
0x4110a0 ReadFile
0x4110a4 FlushFileBuffers
0x4110a8 HeapAlloc
0x4110ac EncodePointer
0x4110b0 DecodePointer
0x4110b4 ExitProcess
0x4110b8 GetCommandLineW
0x4110bc GetStartupInfoW
0x4110c0 RaiseException
0x4110c4 TerminateProcess
0x4110c8 GetCurrentProcess
0x4110cc UnhandledExceptionFilter
0x4110d0 IsDebuggerPresent
0x4110d4 IsProcessorFeaturePresent
0x4110d8 WriteFile
0x4110dc GetStdHandle
0x4110e0 EnterCriticalSection
0x4110e4 LeaveCriticalSection
0x4110e8 Sleep
0x4110ec HeapSize
0x4110f0 InitializeCriticalSectionAndSpinCount
0x4110f4 TlsAlloc
0x4110f8 TlsGetValue
0x4110fc TlsSetValue
0x411100 TlsFree
0x411104 SetLastError
0x411108 GetCurrentThreadId
0x41110c InterlockedDecrement
0x411110 FreeEnvironmentStringsW
0x411114 GetEnvironmentStringsW
0x411118 SetHandleCount
0x41111c GetFileType
0x411120 QueryPerformanceCounter
0x411124 GetTickCount
0x411128 GetCurrentProcessId
0x41112c GetSystemTimeAsFileTime
0x411130 SetFilePointer
0x411134 WideCharToMultiByte
0x411138 GetConsoleCP
0x41113c GetConsoleMode
0x411140 GetCPInfo
0x411144 GetACP
0x411148 GetOEMCP
0x41114c IsValidCodePage
0x411150 RtlUnwind
0x411154 MultiByteToWideChar
0x411158 HeapReAlloc
0x41115c SetStdHandle
0x411160 WriteConsoleW
0x411164 LCMapStringW
0x411168 GetStringTypeW
0x41116c CloseHandle
USER32.dll
0x411174 GetMonitorInfoW
0x411178 LoadIconA
0x41117c CopyRect
WINHTTP.dll
0x411184 WinHttpCloseHandle
0x411188 WinHttpAddRequestHeaders
EAT(Export Address Table) is none
KERNEL32.dll
0x411000 GetSystemDefaultLangID
0x411004 DebugActiveProcess
0x411008 CreateFileA
0x41100c GetConsoleAliasesLengthW
0x411010 GetNumaProcessorNode
0x411014 SetUnhandledExceptionFilter
0x411018 InterlockedIncrement
0x41101c HeapFree
0x411020 SetComputerNameW
0x411024 ConnectNamedPipe
0x411028 GetModuleHandleW
0x41102c ReadConsoleOutputA
0x411030 GlobalAlloc
0x411034 GlobalFindAtomA
0x411038 LoadLibraryW
0x41103c GetLocaleInfoW
0x411040 GetConsoleAliasExesLengthW
0x411044 GetFileAttributesA
0x411048 HeapCreate
0x41104c lstrcpynW
0x411050 GetAtomNameW
0x411054 GetModuleFileNameW
0x411058 FindNextVolumeMountPointW
0x41105c SetConsoleTitleA
0x411060 WritePrivateProfileStringW
0x411064 GetLastError
0x411068 GetThreadLocale
0x41106c GetProcAddress
0x411070 SetCalendarInfoW
0x411074 CreateHardLinkW
0x411078 SetConsoleDisplayMode
0x41107c FindAtomA
0x411080 WaitForMultipleObjects
0x411084 SetSystemTime
0x411088 SetConsoleTitleW
0x41108c HeapSetInformation
0x411090 VirtualProtect
0x411094 GetCurrentDirectoryA
0x411098 DeleteCriticalSection
0x41109c CreateFileW
0x4110a0 ReadFile
0x4110a4 FlushFileBuffers
0x4110a8 HeapAlloc
0x4110ac EncodePointer
0x4110b0 DecodePointer
0x4110b4 ExitProcess
0x4110b8 GetCommandLineW
0x4110bc GetStartupInfoW
0x4110c0 RaiseException
0x4110c4 TerminateProcess
0x4110c8 GetCurrentProcess
0x4110cc UnhandledExceptionFilter
0x4110d0 IsDebuggerPresent
0x4110d4 IsProcessorFeaturePresent
0x4110d8 WriteFile
0x4110dc GetStdHandle
0x4110e0 EnterCriticalSection
0x4110e4 LeaveCriticalSection
0x4110e8 Sleep
0x4110ec HeapSize
0x4110f0 InitializeCriticalSectionAndSpinCount
0x4110f4 TlsAlloc
0x4110f8 TlsGetValue
0x4110fc TlsSetValue
0x411100 TlsFree
0x411104 SetLastError
0x411108 GetCurrentThreadId
0x41110c InterlockedDecrement
0x411110 FreeEnvironmentStringsW
0x411114 GetEnvironmentStringsW
0x411118 SetHandleCount
0x41111c GetFileType
0x411120 QueryPerformanceCounter
0x411124 GetTickCount
0x411128 GetCurrentProcessId
0x41112c GetSystemTimeAsFileTime
0x411130 SetFilePointer
0x411134 WideCharToMultiByte
0x411138 GetConsoleCP
0x41113c GetConsoleMode
0x411140 GetCPInfo
0x411144 GetACP
0x411148 GetOEMCP
0x41114c IsValidCodePage
0x411150 RtlUnwind
0x411154 MultiByteToWideChar
0x411158 HeapReAlloc
0x41115c SetStdHandle
0x411160 WriteConsoleW
0x411164 LCMapStringW
0x411168 GetStringTypeW
0x41116c CloseHandle
USER32.dll
0x411174 GetMonitorInfoW
0x411178 LoadIconA
0x41117c CopyRect
WINHTTP.dll
0x411184 WinHttpCloseHandle
0x411188 WinHttpAddRequestHeaders
EAT(Export Address Table) is none