ScreenShot
| Created | 2024.04.01 07:52 | Machine | s1_win7_x6403 |
| Filename | hghghgfhgfh.EXE | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 93b2a56dbc2bb2a4ee1b4c6f2873b50b | ||
| sha256 | 875a2f8b2193bd50ea6c835859aaa348f0168cd10235b632d7dd95913b6ffba7 | ||
| ssdeep | 6144:66kMYlOIa6VkctankhTl2DGl8HjZRw9w0UUCH:62X8anauZqd | ||
| imphash | cc12e3f394a2cfaeb0c35364d40acf00 | ||
| impfuzzy | 48:3NqpgKfRVuC3tEFK9ZTJ3/KA0WFGKQ/1Wn6gq/gQ0:3wCKfRVuEtEFQZ1UiuabQ0 | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| watch | Created a process named as a common system process |
| watch | Creates or sets a registry key to a long series of bytes |
| watch | Manipulates memory of a non-child process indicative of process injection |
| watch | Stores an executable in the registry |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140036000 WaitForSingleObject
0x140036008 GetWindowsDirectoryW
0x140036010 GetTempPathW
0x140036018 OpenEventW
0x140036020 LoadLibraryW
0x140036028 TerminateProcess
0x140036030 ExitProcess
0x140036038 lstrcpyW
0x140036040 lstrlenW
0x140036048 GetCurrentProcess
0x140036050 GetSystemDirectoryW
0x140036058 GetModuleFileNameW
0x140036060 LocalFree
0x140036068 CreateProcessW
0x140036070 LocalAlloc
0x140036078 lstrcmpiW
0x140036080 lstrcpyA
0x140036088 CloseHandle
0x140036090 GetLastError
0x140036098 GetProcAddress
0x1400360a0 GetModuleHandleW
0x1400360a8 lstrlenA
0x1400360b0 FileTimeToSystemTime
0x1400360b8 CreateThread
0x1400360c0 lstrcmpA
0x1400360c8 SetEvent
0x1400360d0 WaitForMultipleObjects
0x1400360d8 CreateMutexW
0x1400360e0 OpenMutexW
0x1400360e8 GetModuleHandleA
0x1400360f0 VirtualProtect
0x1400360f8 VirtualAlloc
0x140036100 VirtualFree
0x140036108 LoadLibraryA
0x140036110 ReadFile
0x140036118 GetFileSize
0x140036120 CreateFileW
0x140036128 CreateEventW
0x140036130 GetTickCount64
0x140036138 GetCurrentProcessId
0x140036140 ReleaseMutex
0x140036148 Sleep
0x140036150 HeapReAlloc
0x140036158 WriteConsoleW
0x140036160 SetStdHandle
0x140036168 LCMapStringW
0x140036170 GetStringTypeW
0x140036178 HeapSize
0x140036180 MultiByteToWideChar
0x140036188 LeaveCriticalSection
0x140036190 EnterCriticalSection
0x140036198 GetConsoleMode
0x1400361a0 GetConsoleCP
0x1400361a8 SetFilePointer
0x1400361b0 GetSystemTimeAsFileTime
0x1400361b8 GetTickCount
0x1400361c0 FlushFileBuffers
0x1400361c8 RtlLookupFunctionEntry
0x1400361d0 RtlUnwindEx
0x1400361d8 RaiseException
0x1400361e0 RtlPcToFileHeader
0x1400361e8 GetCommandLineA
0x1400361f0 GetStartupInfoW
0x1400361f8 DecodePointer
0x140036200 UnhandledExceptionFilter
0x140036208 SetUnhandledExceptionFilter
0x140036210 IsDebuggerPresent
0x140036218 RtlVirtualUnwind
0x140036220 RtlCaptureContext
0x140036228 EncodePointer
0x140036230 FlsGetValue
0x140036238 FlsSetValue
0x140036240 FlsFree
0x140036248 SetLastError
0x140036250 GetCurrentThreadId
0x140036258 FlsAlloc
0x140036260 HeapFree
0x140036268 HeapAlloc
0x140036270 GetCPInfo
0x140036278 GetACP
0x140036280 GetOEMCP
0x140036288 IsValidCodePage
0x140036290 WriteFile
0x140036298 GetStdHandle
0x1400362a0 GetModuleFileNameA
0x1400362a8 FreeEnvironmentStringsW
0x1400362b0 WideCharToMultiByte
0x1400362b8 GetEnvironmentStringsW
0x1400362c0 SetHandleCount
0x1400362c8 InitializeCriticalSectionAndSpinCount
0x1400362d0 GetFileType
0x1400362d8 DeleteCriticalSection
0x1400362e0 HeapSetInformation
0x1400362e8 GetVersion
0x1400362f0 HeapCreate
0x1400362f8 QueryPerformanceCounter
USER32.dll
0x140036330 DispatchMessageW
0x140036338 wsprintfW
0x140036340 DefWindowProcW
0x140036348 RegisterClassW
0x140036350 GetMessageW
0x140036358 TranslateMessage
0x140036360 wsprintfA
0x140036368 DestroyWindow
0x140036370 UnregisterClassW
0x140036378 PostMessageW
0x140036380 CreateWindowExW
ole32.dll
0x140036390 CoCreateInstance
OLEAUT32.dll
0x140036308 VariantClear
0x140036310 VariantInit
0x140036318 SysFreeString
0x140036320 SysAllocString
EAT(Export Address Table) is none
KERNEL32.dll
0x140036000 WaitForSingleObject
0x140036008 GetWindowsDirectoryW
0x140036010 GetTempPathW
0x140036018 OpenEventW
0x140036020 LoadLibraryW
0x140036028 TerminateProcess
0x140036030 ExitProcess
0x140036038 lstrcpyW
0x140036040 lstrlenW
0x140036048 GetCurrentProcess
0x140036050 GetSystemDirectoryW
0x140036058 GetModuleFileNameW
0x140036060 LocalFree
0x140036068 CreateProcessW
0x140036070 LocalAlloc
0x140036078 lstrcmpiW
0x140036080 lstrcpyA
0x140036088 CloseHandle
0x140036090 GetLastError
0x140036098 GetProcAddress
0x1400360a0 GetModuleHandleW
0x1400360a8 lstrlenA
0x1400360b0 FileTimeToSystemTime
0x1400360b8 CreateThread
0x1400360c0 lstrcmpA
0x1400360c8 SetEvent
0x1400360d0 WaitForMultipleObjects
0x1400360d8 CreateMutexW
0x1400360e0 OpenMutexW
0x1400360e8 GetModuleHandleA
0x1400360f0 VirtualProtect
0x1400360f8 VirtualAlloc
0x140036100 VirtualFree
0x140036108 LoadLibraryA
0x140036110 ReadFile
0x140036118 GetFileSize
0x140036120 CreateFileW
0x140036128 CreateEventW
0x140036130 GetTickCount64
0x140036138 GetCurrentProcessId
0x140036140 ReleaseMutex
0x140036148 Sleep
0x140036150 HeapReAlloc
0x140036158 WriteConsoleW
0x140036160 SetStdHandle
0x140036168 LCMapStringW
0x140036170 GetStringTypeW
0x140036178 HeapSize
0x140036180 MultiByteToWideChar
0x140036188 LeaveCriticalSection
0x140036190 EnterCriticalSection
0x140036198 GetConsoleMode
0x1400361a0 GetConsoleCP
0x1400361a8 SetFilePointer
0x1400361b0 GetSystemTimeAsFileTime
0x1400361b8 GetTickCount
0x1400361c0 FlushFileBuffers
0x1400361c8 RtlLookupFunctionEntry
0x1400361d0 RtlUnwindEx
0x1400361d8 RaiseException
0x1400361e0 RtlPcToFileHeader
0x1400361e8 GetCommandLineA
0x1400361f0 GetStartupInfoW
0x1400361f8 DecodePointer
0x140036200 UnhandledExceptionFilter
0x140036208 SetUnhandledExceptionFilter
0x140036210 IsDebuggerPresent
0x140036218 RtlVirtualUnwind
0x140036220 RtlCaptureContext
0x140036228 EncodePointer
0x140036230 FlsGetValue
0x140036238 FlsSetValue
0x140036240 FlsFree
0x140036248 SetLastError
0x140036250 GetCurrentThreadId
0x140036258 FlsAlloc
0x140036260 HeapFree
0x140036268 HeapAlloc
0x140036270 GetCPInfo
0x140036278 GetACP
0x140036280 GetOEMCP
0x140036288 IsValidCodePage
0x140036290 WriteFile
0x140036298 GetStdHandle
0x1400362a0 GetModuleFileNameA
0x1400362a8 FreeEnvironmentStringsW
0x1400362b0 WideCharToMultiByte
0x1400362b8 GetEnvironmentStringsW
0x1400362c0 SetHandleCount
0x1400362c8 InitializeCriticalSectionAndSpinCount
0x1400362d0 GetFileType
0x1400362d8 DeleteCriticalSection
0x1400362e0 HeapSetInformation
0x1400362e8 GetVersion
0x1400362f0 HeapCreate
0x1400362f8 QueryPerformanceCounter
USER32.dll
0x140036330 DispatchMessageW
0x140036338 wsprintfW
0x140036340 DefWindowProcW
0x140036348 RegisterClassW
0x140036350 GetMessageW
0x140036358 TranslateMessage
0x140036360 wsprintfA
0x140036368 DestroyWindow
0x140036370 UnregisterClassW
0x140036378 PostMessageW
0x140036380 CreateWindowExW
ole32.dll
0x140036390 CoCreateInstance
OLEAUT32.dll
0x140036308 VariantClear
0x140036310 VariantInit
0x140036318 SysFreeString
0x140036320 SysAllocString
EAT(Export Address Table) is none