ScreenShot
| Created | 2024.05.16 09:19 | Machine | s1_win7_x6401 |
| Filename | BigProject.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 44 detected (Common, GenericML, malicious, high confidence, score, Lazy, Save, Genus, AGen, DropperX, Generic@AI, RDML, 9JdheAj1jMiIpvrcWfnRNA, rawsq, REDLINE, YXEEOZ, high, Detected, ai score=87, Sonbokli, xnet, Vigorf, ABRisk, OKSD, RedLineStealer, Static AI, Suspicious PE, PossibleThreat, PALLAS) | ||
| md5 | bcc6522e6cd09522a15bd196f39ae6fa | ||
| sha256 | 9fac4bf8a43369d1960401c239e7e04c63613a7209f0b08f39fbd3262d0e555d | ||
| ssdeep | 98304:LkqODj1f4pANcOfq3CG/AZYCtuxkKJAliPD7Wy38nr6KX0dCUh29/qH:YaGnrAH | ||
| imphash | b0c9db535d52c5298922aca6c11bb724 | ||
| impfuzzy | 48:QE2tjBnlXKcpVBS1jtMMDuUSA/KA/gX09KJFSY+nBCES5W:Q7/XKcpVBS1jtMMDu0f3H9 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 44 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | Queries for the computername |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x88b018 WaitForSingleObject
0x88b01c ResumeThread
0x88b020 GetModuleHandleA
0x88b024 OpenProcess
0x88b028 GetFileAttributesA
0x88b02c LoadLibraryA
0x88b030 CloseHandle
0x88b034 LoadLibraryW
0x88b038 CreateThread
0x88b03c GetThreadContext
0x88b040 WriteConsoleW
0x88b044 GetProcAddress
0x88b048 VirtualAllocEx
0x88b04c ReadProcessMemory
0x88b050 GetModuleHandleW
0x88b054 FreeLibrary
0x88b058 CreateProcessA
0x88b05c FindClose
0x88b060 GetComputerNameA
0x88b064 GetExitCodeProcess
0x88b068 HeapSize
0x88b06c SetFilePointerEx
0x88b070 GetFileSizeEx
0x88b074 GetConsoleMode
0x88b078 GetConsoleOutputCP
0x88b07c FlushFileBuffers
0x88b080 GetProcessHeap
0x88b084 SetStdHandle
0x88b088 FreeEnvironmentStringsW
0x88b08c GetEnvironmentStringsW
0x88b090 GetCommandLineW
0x88b094 GetCommandLineA
0x88b098 GetOEMCP
0x88b09c TerminateProcess
0x88b0a0 VirtualAlloc
0x88b0a4 WriteProcessMemory
0x88b0a8 VirtualProtect
0x88b0ac SetThreadContext
0x88b0b0 FindFirstFileW
0x88b0b4 EnterCriticalSection
0x88b0b8 LeaveCriticalSection
0x88b0bc InitializeCriticalSectionEx
0x88b0c0 DeleteCriticalSection
0x88b0c4 EncodePointer
0x88b0c8 DecodePointer
0x88b0cc MultiByteToWideChar
0x88b0d0 WideCharToMultiByte
0x88b0d4 GetStringTypeW
0x88b0d8 GetCPInfo
0x88b0dc IsProcessorFeaturePresent
0x88b0e0 QueryPerformanceCounter
0x88b0e4 GetCurrentProcessId
0x88b0e8 GetCurrentThreadId
0x88b0ec GetSystemTimeAsFileTime
0x88b0f0 InitializeSListHead
0x88b0f4 IsDebuggerPresent
0x88b0f8 UnhandledExceptionFilter
0x88b0fc SetUnhandledExceptionFilter
0x88b100 GetStartupInfoW
0x88b104 GetCurrentProcess
0x88b108 RtlUnwind
0x88b10c RaiseException
0x88b110 GetLastError
0x88b114 SetLastError
0x88b118 InitializeCriticalSectionAndSpinCount
0x88b11c TlsAlloc
0x88b120 TlsGetValue
0x88b124 TlsSetValue
0x88b128 TlsFree
0x88b12c LoadLibraryExW
0x88b130 GetStdHandle
0x88b134 WriteFile
0x88b138 GetModuleFileNameW
0x88b13c ExitProcess
0x88b140 GetModuleHandleExW
0x88b144 HeapAlloc
0x88b148 HeapFree
0x88b14c LCMapStringW
0x88b150 GetFileType
0x88b154 HeapReAlloc
0x88b158 FindFirstFileExW
0x88b15c FindNextFileW
0x88b160 IsValidCodePage
0x88b164 GetACP
0x88b168 CreateFileW
USER32.dll
0x88b170 DefWindowProcW
0x88b174 MessageBoxW
0x88b178 CreateWindowExW
0x88b17c RegisterClassExW
0x88b180 ShowWindow
0x88b184 DispatchMessageW
0x88b188 GetMessageW
0x88b18c LoadIconW
0x88b190 LoadCursorW
0x88b194 PostQuitMessage
0x88b198 UpdateWindow
0x88b19c BeginPaint
0x88b1a0 EndPaint
0x88b1a4 TranslateMessage
GDI32.dll
0x88b008 TextOutW
0x88b00c SetTextColor
0x88b010 Polyline
ADVAPI32.dll
0x88b000 GetUserNameA
EAT(Export Address Table) is none
KERNEL32.dll
0x88b018 WaitForSingleObject
0x88b01c ResumeThread
0x88b020 GetModuleHandleA
0x88b024 OpenProcess
0x88b028 GetFileAttributesA
0x88b02c LoadLibraryA
0x88b030 CloseHandle
0x88b034 LoadLibraryW
0x88b038 CreateThread
0x88b03c GetThreadContext
0x88b040 WriteConsoleW
0x88b044 GetProcAddress
0x88b048 VirtualAllocEx
0x88b04c ReadProcessMemory
0x88b050 GetModuleHandleW
0x88b054 FreeLibrary
0x88b058 CreateProcessA
0x88b05c FindClose
0x88b060 GetComputerNameA
0x88b064 GetExitCodeProcess
0x88b068 HeapSize
0x88b06c SetFilePointerEx
0x88b070 GetFileSizeEx
0x88b074 GetConsoleMode
0x88b078 GetConsoleOutputCP
0x88b07c FlushFileBuffers
0x88b080 GetProcessHeap
0x88b084 SetStdHandle
0x88b088 FreeEnvironmentStringsW
0x88b08c GetEnvironmentStringsW
0x88b090 GetCommandLineW
0x88b094 GetCommandLineA
0x88b098 GetOEMCP
0x88b09c TerminateProcess
0x88b0a0 VirtualAlloc
0x88b0a4 WriteProcessMemory
0x88b0a8 VirtualProtect
0x88b0ac SetThreadContext
0x88b0b0 FindFirstFileW
0x88b0b4 EnterCriticalSection
0x88b0b8 LeaveCriticalSection
0x88b0bc InitializeCriticalSectionEx
0x88b0c0 DeleteCriticalSection
0x88b0c4 EncodePointer
0x88b0c8 DecodePointer
0x88b0cc MultiByteToWideChar
0x88b0d0 WideCharToMultiByte
0x88b0d4 GetStringTypeW
0x88b0d8 GetCPInfo
0x88b0dc IsProcessorFeaturePresent
0x88b0e0 QueryPerformanceCounter
0x88b0e4 GetCurrentProcessId
0x88b0e8 GetCurrentThreadId
0x88b0ec GetSystemTimeAsFileTime
0x88b0f0 InitializeSListHead
0x88b0f4 IsDebuggerPresent
0x88b0f8 UnhandledExceptionFilter
0x88b0fc SetUnhandledExceptionFilter
0x88b100 GetStartupInfoW
0x88b104 GetCurrentProcess
0x88b108 RtlUnwind
0x88b10c RaiseException
0x88b110 GetLastError
0x88b114 SetLastError
0x88b118 InitializeCriticalSectionAndSpinCount
0x88b11c TlsAlloc
0x88b120 TlsGetValue
0x88b124 TlsSetValue
0x88b128 TlsFree
0x88b12c LoadLibraryExW
0x88b130 GetStdHandle
0x88b134 WriteFile
0x88b138 GetModuleFileNameW
0x88b13c ExitProcess
0x88b140 GetModuleHandleExW
0x88b144 HeapAlloc
0x88b148 HeapFree
0x88b14c LCMapStringW
0x88b150 GetFileType
0x88b154 HeapReAlloc
0x88b158 FindFirstFileExW
0x88b15c FindNextFileW
0x88b160 IsValidCodePage
0x88b164 GetACP
0x88b168 CreateFileW
USER32.dll
0x88b170 DefWindowProcW
0x88b174 MessageBoxW
0x88b178 CreateWindowExW
0x88b17c RegisterClassExW
0x88b180 ShowWindow
0x88b184 DispatchMessageW
0x88b188 GetMessageW
0x88b18c LoadIconW
0x88b190 LoadCursorW
0x88b194 PostQuitMessage
0x88b198 UpdateWindow
0x88b19c BeginPaint
0x88b1a0 EndPaint
0x88b1a4 TranslateMessage
GDI32.dll
0x88b008 TextOutW
0x88b00c SetTextColor
0x88b010 Polyline
ADVAPI32.dll
0x88b000 GetUserNameA
EAT(Export Address Table) is none