ScreenShot
| Created | 2024.05.31 10:17 | Machine | s1_win7_x6403 |
| Filename | A.I_1003H.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 54 detected (Common, Fsysna, malicious, moderate confidence, Sality, Misc, HackTool, WinActivator, unsafe, GenericKD, Vewe, CEBR, FlyStudio potentially unwanted, Artemis, MiscX, fcwp, HiddenStart, Diple, dhccqd, Siggen1, 0NA003H718, Generic Reputation PUA, ATRAPS, ai score=100, Patcher, FraudLoad, R@1cogfd, WindowsActivator, HStart, Detected, Crack, TScope, Delf, WpaKill, I3pNDh9G1KU, Static AI, Suspicious PE, susgen, confidence) | ||
| md5 | 3d5fa6d9aa8cf0087e59296463598c2e | ||
| sha256 | 2ba75db3ee21d26878eb02ce7aa6b01e334fd7a811809ff2d0fd6cf5736890ba | ||
| ssdeep | 196608:ZDxmNUHnMa8w2PsKp1p8kI+Ogkn8sheTjc9wPFi7D9uxwxHPDi+/u:ZDxmN2ewMsg1p8kZW9eTQ9wAMiveL | ||
| imphash | e731a0eb5a871c8e2bac936ab9cfdd3d | ||
| impfuzzy | 48:dBOwO1ApwHV4bQhkSjqQDEQ4j54XKQpSv6pNV6U0Lltn6GmvbcQ4jSXUlCAC40vT:dB7wiw14khZqnPX/DWBfZFgsD | ||
Network IP location
Signature (16cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 54 AntiVirus engines on VirusTotal as malicious |
| watch | Attempts to stop active services |
| watch | Drops 100 unknown file mime types indicative of ransomware writing encrypted files back to disk |
| watch | Uses suspicious command line tools or Windows utilities |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates executable files on the filesystem |
| notice | Drops a binary and executes it |
| notice | Drops an executable to the user AppData folder |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Checks amount of memory in system |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (25cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (download) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| danger | Win_PWS_Dexter_Zero | Win PWS Dexter | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| warning | PhysicalDrive_20181001 | (no description) | binaries (download) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (download) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (download) |
| info | CAB_file_format | CAB archive file | binaries (download) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (download) |
| info | Microsoft_Office_File_Zero | Microsoft Office File | binaries (download) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
COMCTL32.dll
0x40d018 None
KERNEL32.dll
0x40d044 SetFileAttributesW
0x40d048 GetFullPathNameA
0x40d04c MoveFileA
0x40d050 DeleteFileA
0x40d054 DeleteFileW
0x40d058 CreateDirectoryA
0x40d05c CreateDirectoryW
0x40d060 FindClose
0x40d064 FindNextFileA
0x40d068 FindFirstFileA
0x40d06c FindNextFileW
0x40d070 FindFirstFileW
0x40d074 GetTickCount
0x40d078 WideCharToMultiByte
0x40d07c MultiByteToWideChar
0x40d080 GetVersionExA
0x40d084 GlobalAlloc
0x40d088 lstrlenA
0x40d08c GetModuleFileNameA
0x40d090 FindResourceA
0x40d094 GetModuleHandleA
0x40d098 HeapAlloc
0x40d09c GetProcessHeap
0x40d0a0 HeapFree
0x40d0a4 HeapReAlloc
0x40d0a8 CompareStringA
0x40d0ac ExitProcess
0x40d0b0 SetFileAttributesA
0x40d0b4 GetNumberFormatA
0x40d0b8 lstrcmpiA
0x40d0bc GetProcAddress
0x40d0c0 DosDateTimeToFileTime
0x40d0c4 GetDateFormatA
0x40d0c8 GetTimeFormatA
0x40d0cc FileTimeToSystemTime
0x40d0d0 FileTimeToLocalFileTime
0x40d0d4 ExpandEnvironmentStringsA
0x40d0d8 WaitForSingleObject
0x40d0dc SetCurrentDirectoryA
0x40d0e0 Sleep
0x40d0e4 GetTempPathA
0x40d0e8 MoveFileExA
0x40d0ec GetModuleFileNameW
0x40d0f0 SetEnvironmentVariableA
0x40d0f4 GetCommandLineA
0x40d0f8 LocalFileTimeToFileTime
0x40d0fc SystemTimeToFileTime
0x40d100 IsDBCSLeadByte
0x40d104 GetCPInfo
0x40d108 FreeLibrary
0x40d10c LoadLibraryA
0x40d110 GetCurrentDirectoryA
0x40d114 GetFileAttributesW
0x40d118 GetFileAttributesA
0x40d11c WriteFile
0x40d120 SetFileTime
0x40d124 GetStdHandle
0x40d128 ReadFile
0x40d12c SetLastError
0x40d130 CreateFileW
0x40d134 CreateFileA
0x40d138 GetFileType
0x40d13c SetFilePointer
0x40d140 CloseHandle
0x40d144 SetEndOfFile
0x40d148 GetLastError
0x40d14c GetLocaleInfoA
USER32.dll
0x40d180 OemToCharBuffA
0x40d184 CharLowerA
0x40d188 wvsprintfA
0x40d18c FindWindowExA
0x40d190 GetClassNameA
0x40d194 ReleaseDC
0x40d198 GetDC
0x40d19c SendMessageA
0x40d1a0 wsprintfA
0x40d1a4 SetDlgItemTextA
0x40d1a8 EndDialog
0x40d1ac DestroyIcon
0x40d1b0 SendDlgItemMessageA
0x40d1b4 GetDlgItemTextA
0x40d1b8 DialogBoxParamA
0x40d1bc IsWindowVisible
0x40d1c0 WaitForInputIdle
0x40d1c4 GetSysColor
0x40d1c8 PostMessageA
0x40d1cc SetMenu
0x40d1d0 SetFocus
0x40d1d4 LoadBitmapA
0x40d1d8 CharToOemBuffA
0x40d1dc CharToOemA
0x40d1e0 OemToCharA
0x40d1e4 MapWindowPoints
0x40d1e8 CreateWindowExA
0x40d1ec UpdateWindow
0x40d1f0 SetWindowTextA
0x40d1f4 LoadCursorA
0x40d1f8 RegisterClassExA
0x40d1fc SetWindowLongA
0x40d200 GetWindowLongA
0x40d204 DefWindowProcA
0x40d208 PeekMessageA
0x40d20c GetMessageA
0x40d210 TranslateMessage
0x40d214 DestroyWindow
0x40d218 GetClientRect
0x40d21c CopyRect
0x40d220 IsWindow
0x40d224 MessageBoxA
0x40d228 ShowWindow
0x40d22c GetDlgItem
0x40d230 LoadStringA
0x40d234 SetWindowPos
0x40d238 GetWindowTextA
0x40d23c GetSystemMetrics
0x40d240 GetWindow
0x40d244 CharUpperA
0x40d248 GetWindowRect
0x40d24c LoadIconA
0x40d250 GetParent
0x40d254 EnableWindow
0x40d258 DispatchMessageA
GDI32.dll
0x40d020 GetDeviceCaps
0x40d024 CreateCompatibleDC
0x40d028 GetObjectA
0x40d02c CreateCompatibleBitmap
0x40d030 SelectObject
0x40d034 StretchBlt
0x40d038 DeleteObject
0x40d03c DeleteDC
ADVAPI32.dll
0x40d000 RegCloseKey
0x40d004 RegOpenKeyExA
0x40d008 RegQueryValueExA
0x40d00c RegCreateKeyExA
0x40d010 RegSetValueExA
SHELL32.dll
0x40d15c ShellExecuteExA
0x40d160 SHFileOperationA
0x40d164 SHGetFileInfoA
0x40d168 SHGetSpecialFolderLocation
0x40d16c SHGetMalloc
0x40d170 SHBrowseForFolderA
0x40d174 SHGetPathFromIDListA
0x40d178 SHChangeNotify
ole32.dll
0x40d260 CreateStreamOnHGlobal
0x40d264 OleInitialize
0x40d268 CoCreateInstance
0x40d26c OleUninitialize
0x40d270 CLSIDFromString
OLEAUT32.dll
0x40d154 VariantInit
EAT(Export Address Table) Library
COMCTL32.dll
0x40d018 None
KERNEL32.dll
0x40d044 SetFileAttributesW
0x40d048 GetFullPathNameA
0x40d04c MoveFileA
0x40d050 DeleteFileA
0x40d054 DeleteFileW
0x40d058 CreateDirectoryA
0x40d05c CreateDirectoryW
0x40d060 FindClose
0x40d064 FindNextFileA
0x40d068 FindFirstFileA
0x40d06c FindNextFileW
0x40d070 FindFirstFileW
0x40d074 GetTickCount
0x40d078 WideCharToMultiByte
0x40d07c MultiByteToWideChar
0x40d080 GetVersionExA
0x40d084 GlobalAlloc
0x40d088 lstrlenA
0x40d08c GetModuleFileNameA
0x40d090 FindResourceA
0x40d094 GetModuleHandleA
0x40d098 HeapAlloc
0x40d09c GetProcessHeap
0x40d0a0 HeapFree
0x40d0a4 HeapReAlloc
0x40d0a8 CompareStringA
0x40d0ac ExitProcess
0x40d0b0 SetFileAttributesA
0x40d0b4 GetNumberFormatA
0x40d0b8 lstrcmpiA
0x40d0bc GetProcAddress
0x40d0c0 DosDateTimeToFileTime
0x40d0c4 GetDateFormatA
0x40d0c8 GetTimeFormatA
0x40d0cc FileTimeToSystemTime
0x40d0d0 FileTimeToLocalFileTime
0x40d0d4 ExpandEnvironmentStringsA
0x40d0d8 WaitForSingleObject
0x40d0dc SetCurrentDirectoryA
0x40d0e0 Sleep
0x40d0e4 GetTempPathA
0x40d0e8 MoveFileExA
0x40d0ec GetModuleFileNameW
0x40d0f0 SetEnvironmentVariableA
0x40d0f4 GetCommandLineA
0x40d0f8 LocalFileTimeToFileTime
0x40d0fc SystemTimeToFileTime
0x40d100 IsDBCSLeadByte
0x40d104 GetCPInfo
0x40d108 FreeLibrary
0x40d10c LoadLibraryA
0x40d110 GetCurrentDirectoryA
0x40d114 GetFileAttributesW
0x40d118 GetFileAttributesA
0x40d11c WriteFile
0x40d120 SetFileTime
0x40d124 GetStdHandle
0x40d128 ReadFile
0x40d12c SetLastError
0x40d130 CreateFileW
0x40d134 CreateFileA
0x40d138 GetFileType
0x40d13c SetFilePointer
0x40d140 CloseHandle
0x40d144 SetEndOfFile
0x40d148 GetLastError
0x40d14c GetLocaleInfoA
USER32.dll
0x40d180 OemToCharBuffA
0x40d184 CharLowerA
0x40d188 wvsprintfA
0x40d18c FindWindowExA
0x40d190 GetClassNameA
0x40d194 ReleaseDC
0x40d198 GetDC
0x40d19c SendMessageA
0x40d1a0 wsprintfA
0x40d1a4 SetDlgItemTextA
0x40d1a8 EndDialog
0x40d1ac DestroyIcon
0x40d1b0 SendDlgItemMessageA
0x40d1b4 GetDlgItemTextA
0x40d1b8 DialogBoxParamA
0x40d1bc IsWindowVisible
0x40d1c0 WaitForInputIdle
0x40d1c4 GetSysColor
0x40d1c8 PostMessageA
0x40d1cc SetMenu
0x40d1d0 SetFocus
0x40d1d4 LoadBitmapA
0x40d1d8 CharToOemBuffA
0x40d1dc CharToOemA
0x40d1e0 OemToCharA
0x40d1e4 MapWindowPoints
0x40d1e8 CreateWindowExA
0x40d1ec UpdateWindow
0x40d1f0 SetWindowTextA
0x40d1f4 LoadCursorA
0x40d1f8 RegisterClassExA
0x40d1fc SetWindowLongA
0x40d200 GetWindowLongA
0x40d204 DefWindowProcA
0x40d208 PeekMessageA
0x40d20c GetMessageA
0x40d210 TranslateMessage
0x40d214 DestroyWindow
0x40d218 GetClientRect
0x40d21c CopyRect
0x40d220 IsWindow
0x40d224 MessageBoxA
0x40d228 ShowWindow
0x40d22c GetDlgItem
0x40d230 LoadStringA
0x40d234 SetWindowPos
0x40d238 GetWindowTextA
0x40d23c GetSystemMetrics
0x40d240 GetWindow
0x40d244 CharUpperA
0x40d248 GetWindowRect
0x40d24c LoadIconA
0x40d250 GetParent
0x40d254 EnableWindow
0x40d258 DispatchMessageA
GDI32.dll
0x40d020 GetDeviceCaps
0x40d024 CreateCompatibleDC
0x40d028 GetObjectA
0x40d02c CreateCompatibleBitmap
0x40d030 SelectObject
0x40d034 StretchBlt
0x40d038 DeleteObject
0x40d03c DeleteDC
ADVAPI32.dll
0x40d000 RegCloseKey
0x40d004 RegOpenKeyExA
0x40d008 RegQueryValueExA
0x40d00c RegCreateKeyExA
0x40d010 RegSetValueExA
SHELL32.dll
0x40d15c ShellExecuteExA
0x40d160 SHFileOperationA
0x40d164 SHGetFileInfoA
0x40d168 SHGetSpecialFolderLocation
0x40d16c SHGetMalloc
0x40d170 SHBrowseForFolderA
0x40d174 SHGetPathFromIDListA
0x40d178 SHChangeNotify
ole32.dll
0x40d260 CreateStreamOnHGlobal
0x40d264 OleInitialize
0x40d268 CoCreateInstance
0x40d26c OleUninitialize
0x40d270 CLSIDFromString
OLEAUT32.dll
0x40d154 VariantInit
EAT(Export Address Table) Library