Report - ttt01.exe

Generic Malware Malicious Library UPX PE File PE32 OS Processor Check
ScreenShot
Created 2024.04.05 23:41 Machine s1_win7_x6401
Filename ttt01.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
6
Behavior Score
1.8
ZERO API file : malware
VT API (file) 53 detected (AIDetectMalware, Pitou, Malicious, score, PitouRI, S28786866, Lazy, unsafe, Vf86, Attribute, HighConfidence, Windows, Threat, GenericRXHQ, jpbcqi, CLASSIC, XPACK, high, Detected, ai score=80, Onkods, Q@52urg7, Eldorado, Tepfer, R96475, General, Bootkit, Genetic, Bkjl, GenAsa, LdWfSJxvz3M, Static AI, Malicious PE)
md5 9185b776b7a981d060b0bb0d7ffed201
sha256 91a45c416324ed3a8c184e349214e7c82d6df0df4fe6d06f3c7818c0d322373b
ssdeep 12288:zZMh/qXO/ljOBYbPUV7TRnP+vacQlokO+bW:Wh/qXIvbPUFxqaQ2W
imphash 32a31bfad8ca2c4b8a1a523b9cceb9d8
impfuzzy 48:vk9+wEl9/YoAZtDVLWMTiZc6dc3/3QpnBz+/iufrZA/150votD5FSelAlnXZWVSp:s9+wEl+oAZVZWEKc2c3oxQP
  Network IP location

Signature (3cnts)

Level Description
danger File has been identified by 53 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer
info This executable has a PDB path

Rules (6cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

COMDLG32.dll
 0x410000 GetOpenFileNameA
 0x410004 GetSaveFileNameA
GDI32.dll
 0x41000c BitBlt
 0x410010 DeleteDC
 0x410014 CreateCompatibleDC
 0x410018 GetStockObject
 0x41001c SetBkColor
 0x410020 SetTextColor
 0x410024 SelectObject
 0x410028 GetDeviceCaps
 0x41002c CreateCompatibleBitmap
 0x410030 CreateBitmap
 0x410034 TextOutA
 0x410038 DeleteObject
KERNEL32.dll
 0x410040 RtlUnwind
 0x410044 SetStdHandle
 0x410048 WideCharToMultiByte
 0x41004c GetSystemTimeAsFileTime
 0x410050 WriteFile
 0x410054 GetModuleHandleW
 0x410058 LeaveCriticalSection
 0x41005c DeleteCriticalSection
 0x410060 GetConsoleCP
 0x410064 SetConsoleCtrlHandler
 0x410068 Sleep
 0x41006c GetCurrentThreadId
 0x410070 RaiseException
 0x410074 GetStdHandle
 0x410078 MultiByteToWideChar
 0x41007c TerminateProcess
 0x410080 GetStringTypeW
 0x410084 EnumSystemLocalesW
 0x410088 LoadLibraryExW
 0x41008c ReadFile
 0x410090 OutputDebugStringW
 0x410094 GetCPInfo
 0x410098 HeapFree
 0x41009c GetModuleFileNameW
 0x4100a0 FormatMessageA
 0x4100a4 GetCurrentProcess
 0x4100a8 GetLastError
 0x4100ac FreeEnvironmentStringsW
 0x4100b0 AreFileApisANSI
 0x4100b4 HeapSize
 0x4100b8 SetUnhandledExceptionFilter
 0x4100bc GetModuleFileNameA
 0x4100c0 GetConsoleMode
 0x4100c4 GetEnvironmentStringsW
 0x4100c8 FlushFileBuffers
 0x4100cc IsValidCodePage
 0x4100d0 CreateSemaphoreW
 0x4100d4 IsProcessorFeaturePresent
 0x4100d8 GetACP
 0x4100dc EnterCriticalSection
 0x4100e0 LCMapStringW
 0x4100e4 FreeLibrary
 0x4100e8 GetProcAddress
 0x4100ec DecodePointer
 0x4100f0 GetFileType
 0x4100f4 EncodePointer
 0x4100f8 CreateFileW
 0x4100fc GetProcessHeap
 0x410100 GetOEMCP
 0x410104 TlsFree
 0x410108 CloseHandle
 0x41010c GetStartupInfoW
 0x410110 SetFilePointerEx
 0x410114 HeapAlloc
 0x410118 QueryPerformanceCounter
 0x41011c IsValidLocale
 0x410120 GetModuleHandleExW
 0x410124 TlsGetValue
 0x410128 GetLocaleInfoW
 0x41012c TlsSetValue
 0x410130 IsDebuggerPresent
 0x410134 CompareStringW
 0x410138 InitializeCriticalSectionAndSpinCount
 0x41013c GetDateFormatW
 0x410140 CreateFileA
 0x410144 UnhandledExceptionFilter
 0x410148 LoadLibraryW
 0x41014c SetPriorityClass
 0x410150 InterlockedDecrement
 0x410154 WriteConsoleW
 0x410158 GetTimeFormatW
 0x41015c GetModuleHandleA
 0x410160 HeapReAlloc
 0x410164 SetLastError
 0x410168 GetCurrentProcessId
 0x41016c GetCurrentThread
 0x410170 GetUserDefaultLCID
 0x410174 ExitProcess
 0x410178 FatalAppExitA
 0x41017c InterlockedExchange
 0x410180 InterlockedIncrement
 0x410184 TlsAlloc
 0x410188 GetCurrentDirectoryA
SHELL32.dll
 0x410190 ShellExecuteA
USER32.dll
 0x410198 GetMessageA
 0x41019c InvalidateRect
 0x4101a0 SetDlgItemTextA
 0x4101a4 PostQuitMessage
 0x4101a8 SetCursor
 0x4101ac PeekMessageA
 0x4101b0 DestroyWindow
 0x4101b4 AdjustWindowRect
 0x4101b8 MessageBoxA
 0x4101bc LoadImageA
 0x4101c0 GetSystemMenu
 0x4101c4 IsIconic
 0x4101c8 DefWindowProcA
 0x4101cc LoadStringA
 0x4101d0 RegisterClassExA
 0x4101d4 SetForegroundWindow
 0x4101d8 CloseWindow
 0x4101dc GetCursorPos
 0x4101e0 ReleaseDC
 0x4101e4 GetSystemMetrics
 0x4101e8 LoadIconA
 0x4101ec CreateWindowExA
 0x4101f0 ShowCursor
 0x4101f4 SetWindowPos
 0x4101f8 GetCursor
 0x4101fc SendMessageA
 0x410200 RemoveMenu
 0x410204 GetDlgItemTextA
 0x410208 EndDialog
 0x41020c DialogBoxParamA
 0x410210 GetDC
 0x410214 LoadCursorA
 0x410218 DispatchMessageA
 0x41021c TranslateMessage
 0x410220 WaitMessage
WINMM.dll
 0x410228 timeKillEvent
 0x41022c PlaySoundA
 0x410230 timeSetEvent

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure