Report - PAP46E1UkZ.exe

Gen1 Generic Malware Malicious Library UPX Malicious Packer Anti_VM PE64 PE File ftp OS Processor Check DLL PE32 ZIP Format
ScreenShot
Created 2024.04.30 10:06 Machine s1_win7_x6401
Filename PAP46E1UkZ.exe
Type PE32+ executable (GUI) x86-64, for MS Windows
AI Score Not founds Behavior Score
4.0
ZERO API file : malware
VT API (file) 37 detected (AIDetectMalware, Reflo, tszb, Malicious, score, Artemis, unsafe, high confidence, Python, Kryptik, Stubo, eoglj, Disco, Detected, Acll, Cordimik, 4R405K, Eldorado, Rwhl, Static AI, Suspicious PE, susgen)
md5 bb1cb5cd557cac752ccea3f4ba806709
sha256 2ac633521283d233a8478547cb6f8109c6f318a1b0c8e9f822833b5c74c12b39
ssdeep 393216:DEkULrpBciidQuslrfrAZYCuPJO8z19P2uDW8B3+d9vkegs+EjY1:D85BydQu4MJuxZz1RbW8BOd9vkz/yY1
imphash 1af6c885af093afc55142c2f1761dbe8
impfuzzy 48:t/gub6EwoQ54rzSv6xviMqteV9aGhteS1/c+pIuCJcgTkOtV0Kq14r:ph9EeVFhteS1/c+pIustkiWHS
  Network IP location

Signature (8cnts)

Level Description
danger File has been identified by 37 AntiVirus engines on VirusTotal as malicious
watch Appends a known multi-family ransomware file extension to files that have been encrypted
watch Deletes a large number of files from the system indicative of ransomware
watch Drops 61 unknown file mime types indicative of ransomware writing encrypted files back to disk
notice Creates executable files on the filesystem
notice Drops an executable to the user AppData folder
info Checks amount of memory in system
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (19cnts)

Level Name Description Collection
danger Win32_Trojan_Gen_1_0904B0_Zero Win32 Trojan Emotet binaries (download)
warning Generic_Malware_Zero Generic Malware binaries (download)
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (download)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (download)
watch UPX_Zero UPX packed file binaries (download)
watch UPX_Zero UPX packed file binaries (upload)
notice anti_vm_detect Possibly employs anti-virtualization techniques binaries (download)
info ftp_command ftp command binaries (upload)
info IsDLL (no description) binaries (download)
info IsPE32 (no description) binaries (download)
info IsPE64 (no description) binaries (download)
info IsPE64 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (download)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (download)
info PE_Header_Zero PE File Signature binaries (upload)
info zip_file_format ZIP file format binaries (download)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

USER32.dll
 0x14002b390 CreateWindowExW
 0x14002b398 MessageBoxW
 0x14002b3a0 MessageBoxA
 0x14002b3a8 SystemParametersInfoW
 0x14002b3b0 DestroyIcon
 0x14002b3b8 SetWindowLongPtrW
 0x14002b3c0 GetWindowLongPtrW
 0x14002b3c8 GetClientRect
 0x14002b3d0 InvalidateRect
 0x14002b3d8 ReleaseDC
 0x14002b3e0 GetDC
 0x14002b3e8 DrawTextW
 0x14002b3f0 GetDialogBaseUnits
 0x14002b3f8 EndDialog
 0x14002b400 DialogBoxIndirectParamW
 0x14002b408 MoveWindow
 0x14002b410 SendMessageW
COMCTL32.dll
 0x14002b028 None
KERNEL32.dll
 0x14002b058 IsValidCodePage
 0x14002b060 GetStringTypeW
 0x14002b068 GetFileAttributesExW
 0x14002b070 HeapReAlloc
 0x14002b078 FlushFileBuffers
 0x14002b080 GetCurrentDirectoryW
 0x14002b088 GetACP
 0x14002b090 GetOEMCP
 0x14002b098 GetModuleHandleW
 0x14002b0a0 MulDiv
 0x14002b0a8 GetLastError
 0x14002b0b0 SetDllDirectoryW
 0x14002b0b8 GetModuleFileNameW
 0x14002b0c0 CreateSymbolicLinkW
 0x14002b0c8 GetProcAddress
 0x14002b0d0 GetCommandLineW
 0x14002b0d8 GetEnvironmentVariableW
 0x14002b0e0 GetCPInfo
 0x14002b0e8 ExpandEnvironmentStringsW
 0x14002b0f0 CreateDirectoryW
 0x14002b0f8 GetTempPathW
 0x14002b100 WaitForSingleObject
 0x14002b108 Sleep
 0x14002b110 GetExitCodeProcess
 0x14002b118 CreateProcessW
 0x14002b120 GetStartupInfoW
 0x14002b128 FreeLibrary
 0x14002b130 LoadLibraryExW
 0x14002b138 SetConsoleCtrlHandler
 0x14002b140 FindClose
 0x14002b148 FindFirstFileExW
 0x14002b150 CloseHandle
 0x14002b158 GetCurrentProcess
 0x14002b160 LocalFree
 0x14002b168 FormatMessageW
 0x14002b170 MultiByteToWideChar
 0x14002b178 WideCharToMultiByte
 0x14002b180 GetEnvironmentStringsW
 0x14002b188 FreeEnvironmentStringsW
 0x14002b190 GetProcessHeap
 0x14002b198 GetTimeZoneInformation
 0x14002b1a0 HeapSize
 0x14002b1a8 WriteConsoleW
 0x14002b1b0 SetEndOfFile
 0x14002b1b8 SetEnvironmentVariableW
 0x14002b1c0 RtlUnwindEx
 0x14002b1c8 RtlCaptureContext
 0x14002b1d0 RtlLookupFunctionEntry
 0x14002b1d8 RtlVirtualUnwind
 0x14002b1e0 UnhandledExceptionFilter
 0x14002b1e8 SetUnhandledExceptionFilter
 0x14002b1f0 TerminateProcess
 0x14002b1f8 IsProcessorFeaturePresent
 0x14002b200 QueryPerformanceCounter
 0x14002b208 GetCurrentProcessId
 0x14002b210 GetCurrentThreadId
 0x14002b218 GetSystemTimeAsFileTime
 0x14002b220 InitializeSListHead
 0x14002b228 IsDebuggerPresent
 0x14002b230 SetLastError
 0x14002b238 EnterCriticalSection
 0x14002b240 LeaveCriticalSection
 0x14002b248 DeleteCriticalSection
 0x14002b250 InitializeCriticalSectionAndSpinCount
 0x14002b258 TlsAlloc
 0x14002b260 TlsGetValue
 0x14002b268 TlsSetValue
 0x14002b270 TlsFree
 0x14002b278 EncodePointer
 0x14002b280 RaiseException
 0x14002b288 RtlPcToFileHeader
 0x14002b290 GetCommandLineA
 0x14002b298 CreateFileW
 0x14002b2a0 GetDriveTypeW
 0x14002b2a8 GetFileInformationByHandle
 0x14002b2b0 GetFileType
 0x14002b2b8 PeekNamedPipe
 0x14002b2c0 SystemTimeToTzSpecificLocalTime
 0x14002b2c8 FileTimeToSystemTime
 0x14002b2d0 GetFullPathNameW
 0x14002b2d8 RemoveDirectoryW
 0x14002b2e0 FindNextFileW
 0x14002b2e8 SetStdHandle
 0x14002b2f0 DeleteFileW
 0x14002b2f8 ReadFile
 0x14002b300 GetStdHandle
 0x14002b308 WriteFile
 0x14002b310 ExitProcess
 0x14002b318 GetModuleHandleExW
 0x14002b320 HeapFree
 0x14002b328 GetConsoleMode
 0x14002b330 ReadConsoleW
 0x14002b338 SetFilePointerEx
 0x14002b340 GetConsoleOutputCP
 0x14002b348 GetFileSizeEx
 0x14002b350 HeapAlloc
 0x14002b358 FlsAlloc
 0x14002b360 FlsGetValue
 0x14002b368 FlsSetValue
 0x14002b370 FlsFree
 0x14002b378 CompareStringW
 0x14002b380 LCMapStringW
ADVAPI32.dll
 0x14002b000 OpenProcessToken
 0x14002b008 GetTokenInformation
 0x14002b010 ConvertStringSecurityDescriptorToSecurityDescriptorW
 0x14002b018 ConvertSidToStringSidW
GDI32.dll
 0x14002b038 SelectObject
 0x14002b040 DeleteObject
 0x14002b048 CreateFontIndirectW

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure