Report - ZeroBOX

ScreenShot

Info
Location map


Created	2024.06.16 10:19	Machine	s1_win7_x6401
Filename	163.exe
Type	PE32 executable (GUI) Intel 80386, for MS Windows
AI Score	11	Behavior Score	6.4
ZERO API	file : mailcious
VT API (file)	65 detected (FamVT, DumpModuleInfectiousNME, Nimnul, malicious, high confidence, score, VJadtre, Unsafe, Save, Otwycal, Wapomi, Mikcer, Banload, cstqaj, Roue, CLASSIC, Jadtre, Darkshell, FileInfector, Real Protect, high, Detected, Wali, KA@558nxg, Ramnit, PatchLoad, Kudj, Pcarrier, Probably Heur, ExeHeaderL, ai score=81, CoinMiner, confidence, 100%)
md5	8e4c0eeb469f011e6aea3dbd07106515
sha256	624ff6d75bbbab4429dac47cee8b2f1ae95358915442021f80ded0eeb1110188
ssdeep	12288:2b3SYdqsagim+du0LstUe+C3r4XWSOv1kbe/7gcq6guES:K35qsDifdu0AtV+Vu7TQBS
imphash	68539159d0bebdf7d36de41eb894c1ec
impfuzzy	192:M9qE+0RCKw9wUqT0wM4zSAcRcxcqAHhEQPb3AFrh:y+yfTHES3QPbQNh

Network IP location

Signature (15cnts)

Level	Description
danger	File has been identified by 65 AntiVirus engines on VirusTotal as malicious
watch	Deletes executed files from disk
watch	Makes SMTP requests
notice	A process created a hidden window
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice	Creates executable files on the filesystem
notice	Drops a binary and executes it
notice	Drops an executable to the user AppData folder
notice	Foreign language identified in PE resource
notice	Uses Windows utilities for basic Windows functionality
info	Command line console output was observed
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)
info	The file contains an unknown PE resource name possibly indicative of a packer
info	Tries to locate where the browsers are installed

Rules (19cnts)

Level	Name	Description	Collection
warning	Generic_Malware_Zero	Generic Malware	binaries (download)
warning	Generic_Malware_Zero	Generic Malware	binaries (upload)
watch	ASPack_Zero	ASPack packed file	binaries (download)
watch	ASPack_Zero	ASPack packed file	binaries (upload)
watch	Malicious_Library_Zero	Malicious_Library	binaries (download)
watch	Malicious_Library_Zero	Malicious_Library	binaries (upload)
watch	Malicious_Packer_Zero	Malicious Packer	binaries (download)
watch	Network_Downloader	File Downloader	binaries (download)
watch	Network_Downloader	File Downloader	binaries (upload)
watch	UPX_Zero	UPX packed file	binaries (download)
watch	UPX_Zero	UPX packed file	binaries (upload)
notice	anti_vm_detect	Possibly employs anti-virtualization techniques	binaries (download)
info	DllRegisterServer_Zero	execute regsvr32.exe	binaries (upload)
info	IsPE32	(no description)	binaries (download)
info	IsPE32	(no description)	binaries (upload)
info	OS_Processor_Check_Zero	OS Processor Check	binaries (download)
info	OS_Processor_Check_Zero	OS Processor Check	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (download)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (7cnts) ?

Request	ASN Co	IP4	ZERO ?
http://ddos.dnsnb8.net:799/cj//k1.rar whois	AMAZON-AES	44.221.84.105	mailcious
http://ddos.dnsnb8.net:799/cj//k2.rar whois	AMAZON-AES	44.221.84.105	mailcious
http://ddos.dnsnb8.net:799/cj//k3.rar whois	AMAZON-AES	44.221.84.105	mailcious
ddos.dnsnb8.net whois	AMAZON-AES	44.221.84.105	mailcious
smtp.163.com whois	NETEASE HONG KONG LIMITED	103.129.252.45	clean
103.129.252.45 whois	NETEASE HONG KONG LIMITED	103.129.252.45	clean
44.221.84.105 whois	AMAZON-AES	44.221.84.105	clean

Suricata ids

PE API

IAT(Import Address Table) Library

RASAPI32.dll
0x4a43b0 RasHangUpA
0x4a43b4 RasGetConnectStatusA
KERNEL32.dll
0x4a4170 SetEndOfFile
0x4a4174 UnlockFile
0x4a4178 LockFile
0x4a417c FlushFileBuffers
0x4a4180 SetFilePointer
0x4a4184 GetCurrentProcess
0x4a4188 SuspendThread
0x4a418c TerminateThread
0x4a4190 ReleaseMutex
0x4a4194 CreateMutexA
0x4a4198 SetLastError
0x4a419c GetTimeZoneInformation
0x4a41a0 FileTimeToSystemTime
0x4a41a4 CreateSemaphoreA
0x4a41a8 ResumeThread
0x4a41ac ReleaseSemaphore
0x4a41b0 EnterCriticalSection
0x4a41b4 LeaveCriticalSection
0x4a41b8 GetProfileStringA
0x4a41bc WriteFile
0x4a41c0 WaitForMultipleObjects
0x4a41c4 CreateFileA
0x4a41c8 SetEvent
0x4a41cc FindResourceA
0x4a41d0 LoadResource
0x4a41d4 LockResource
0x4a41d8 IsBadCodePtr
0x4a41dc IsBadReadPtr
0x4a41e0 CompareStringW
0x4a41e4 CompareStringA
0x4a41e8 SetUnhandledExceptionFilter
0x4a41ec InterlockedIncrement
0x4a41f0 GetStringTypeA
0x4a41f4 IsBadWritePtr
0x4a41f8 VirtualAlloc
0x4a41fc LCMapStringW
0x4a4200 LCMapStringA
0x4a4204 SetEnvironmentVariableA
0x4a4208 VirtualFree
0x4a420c HeapCreate
0x4a4210 HeapDestroy
0x4a4214 GetEnvironmentVariableA
0x4a4218 GetStdHandle
0x4a421c SetHandleCount
0x4a4220 GetEnvironmentStringsW
0x4a4224 GetEnvironmentStrings
0x4a4228 FreeEnvironmentStringsW
0x4a422c FreeEnvironmentStringsA
0x4a4230 UnhandledExceptionFilter
0x4a4234 GetFileType
0x4a4238 SetStdHandle
0x4a423c GetACP
0x4a4240 HeapSize
0x4a4244 TerminateProcess
0x4a4248 RaiseException
0x4a424c ReadFile
0x4a4250 lstrlenW
0x4a4254 GetModuleFileNameA
0x4a4258 WideCharToMultiByte
0x4a425c MultiByteToWideChar
0x4a4260 GetCurrentThreadId
0x4a4264 ExitProcess
0x4a4268 GlobalSize
0x4a426c GlobalFree
0x4a4270 DeleteCriticalSection
0x4a4274 InitializeCriticalSection
0x4a4278 lstrcatA
0x4a427c lstrlenA
0x4a4280 WinExec
0x4a4284 lstrcpyA
0x4a4288 FindNextFileA
0x4a428c GlobalReAlloc
0x4a4290 HeapFree
0x4a4294 HeapReAlloc
0x4a4298 GetProcessHeap
0x4a429c HeapAlloc
0x4a42a0 GetUserDefaultLCID
0x4a42a4 GetFullPathNameA
0x4a42a8 FreeLibrary
0x4a42ac LoadLibraryA
0x4a42b0 GetLastError
0x4a42b4 GetVersionExA
0x4a42b8 WritePrivateProfileStringA
0x4a42bc CreateThread
0x4a42c0 CreateEventA
0x4a42c4 Sleep
0x4a42c8 GlobalAlloc
0x4a42cc GlobalLock
0x4a42d0 GlobalUnlock
0x4a42d4 FindFirstFileA
0x4a42d8 FindClose
0x4a42dc GetFileAttributesA
0x4a42e0 SetCurrentDirectoryA
0x4a42e4 GetVolumeInformationA
0x4a42e8 GetModuleHandleA
0x4a42ec GetProcAddress
0x4a42f0 MulDiv
0x4a42f4 GetCommandLineA
0x4a42f8 GetTickCount
0x4a42fc GetLocalTime
0x4a4300 GetSystemTime
0x4a4304 RtlUnwind
0x4a4308 GetStartupInfoA
0x4a430c GetOEMCP
0x4a4310 GetCPInfo
0x4a4314 GetProcessVersion
0x4a4318 SetErrorMode
0x4a431c GlobalFlags
0x4a4320 GetCurrentThread
0x4a4324 GetFileTime
0x4a4328 GetFileSize
0x4a432c TlsGetValue
0x4a4330 LocalReAlloc
0x4a4334 TlsSetValue
0x4a4338 TlsFree
0x4a433c GlobalHandle
0x4a4340 TlsAlloc
0x4a4344 LocalAlloc
0x4a4348 lstrcmpA
0x4a434c GetVersion
0x4a4350 GlobalGetAtomNameA
0x4a4354 GlobalAddAtomA
0x4a4358 GlobalFindAtomA
0x4a435c GlobalDeleteAtom
0x4a4360 WaitForSingleObject
0x4a4364 CloseHandle
0x4a4368 DuplicateHandle
0x4a436c lstrcpynA
0x4a4370 FileTimeToLocalFileTime
0x4a4374 LocalFree
0x4a4378 InterlockedDecrement
0x4a437c GetStringTypeW
0x4a4380 lstrcmpiA
USER32.dll
0x4a43c8 OpenClipboard
0x4a43cc SetClipboardData
0x4a43d0 EmptyClipboard
0x4a43d4 GetSystemMetrics
0x4a43d8 GetCursorPos
0x4a43dc MessageBoxA
0x4a43e0 SetWindowPos
0x4a43e4 SendMessageA
0x4a43e8 DestroyCursor
0x4a43ec SetParent
0x4a43f0 IsWindow
0x4a43f4 PostMessageA
0x4a43f8 GetTopWindow
0x4a43fc GetParent
0x4a4400 GetClipboardData
0x4a4404 CloseClipboard
0x4a4408 GetFocus
0x4a440c GetClientRect
0x4a4410 InvalidateRect
0x4a4414 ValidateRect
0x4a4418 UpdateWindow
0x4a441c EqualRect
0x4a4420 GetWindowRect
0x4a4424 SetForegroundWindow
0x4a4428 DestroyMenu
0x4a442c IsChild
0x4a4430 ReleaseDC
0x4a4434 IsRectEmpty
0x4a4438 wsprintfA
0x4a443c GetDC
0x4a4440 SetCursor
0x4a4444 LoadCursorA
0x4a4448 SetCursorPos
0x4a444c SetActiveWindow
0x4a4450 GetSysColor
0x4a4454 SetWindowLongA
0x4a4458 GetWindowLongA
0x4a445c RedrawWindow
0x4a4460 EnableWindow
0x4a4464 IsWindowVisible
0x4a4468 OffsetRect
0x4a446c PtInRect
0x4a4470 DestroyIcon
0x4a4474 IntersectRect
0x4a4478 InflateRect
0x4a447c SetRect
0x4a4480 SetScrollPos
0x4a4484 SetScrollRange
0x4a4488 GetScrollRange
0x4a448c SetCapture
0x4a4490 GetCapture
0x4a4494 ReleaseCapture
0x4a4498 SetTimer
0x4a449c KillTimer
0x4a44a0 WinHelpA
0x4a44a4 LoadBitmapA
0x4a44a8 CopyRect
0x4a44ac ChildWindowFromPointEx
0x4a44b0 ScreenToClient
0x4a44b4 GetMessagePos
0x4a44b8 SetWindowRgn
0x4a44bc DestroyAcceleratorTable
0x4a44c0 GetWindow
0x4a44c4 GetActiveWindow
0x4a44c8 SetFocus
0x4a44cc IsIconic
0x4a44d0 FillRect
0x4a44d4 DrawTextA
0x4a44d8 GetSysColorBrush
0x4a44dc LoadStringA
0x4a44e0 GetDesktopWindow
0x4a44e4 GetClassNameA
0x4a44e8 GetMenuCheckMarkDimensions
0x4a44ec GetMenuState
0x4a44f0 SetMenuItemBitmaps
0x4a44f4 CheckMenuItem
0x4a44f8 MoveWindow
0x4a44fc IsDialogMessageA
0x4a4500 ScrollWindowEx
0x4a4504 SendDlgItemMessageA
0x4a4508 MapWindowPoints
0x4a450c AdjustWindowRectEx
0x4a4510 SetWindowTextA
0x4a4514 LoadIconA
0x4a4518 TranslateMessage
0x4a451c DrawFrameControl
0x4a4520 DrawEdge
0x4a4524 DrawFocusRect
0x4a4528 WindowFromPoint
0x4a452c GetMessageA
0x4a4530 DispatchMessageA
0x4a4534 SetRectEmpty
0x4a4538 RegisterClipboardFormatA
0x4a453c CreateIconFromResourceEx
0x4a4540 CreateIconFromResource
0x4a4544 DrawIconEx
0x4a4548 CreatePopupMenu
0x4a454c AppendMenuA
0x4a4550 ModifyMenuA
0x4a4554 CreateMenu
0x4a4558 CreateAcceleratorTableA
0x4a455c GetDlgCtrlID
0x4a4560 GetSubMenu
0x4a4564 EnableMenuItem
0x4a4568 ClientToScreen
0x4a456c EnumDisplaySettingsA
0x4a4570 LoadImageA
0x4a4574 SystemParametersInfoA
0x4a4578 ShowWindow
0x4a457c IsWindowEnabled
0x4a4580 TranslateAcceleratorA
0x4a4584 GetKeyState
0x4a4588 CopyAcceleratorTableA
0x4a458c PostQuitMessage
0x4a4590 IsZoomed
0x4a4594 GetClassInfoA
0x4a4598 DefWindowProcA
0x4a459c GetSystemMenu
0x4a45a0 DeleteMenu
0x4a45a4 GetMenu
0x4a45a8 SetMenu
0x4a45ac PeekMessageA
0x4a45b0 GetWindowTextA
0x4a45b4 GetWindowTextLengthA
0x4a45b8 CharUpperA
0x4a45bc GetWindowDC
0x4a45c0 BeginPaint
0x4a45c4 EndPaint
0x4a45c8 TabbedTextOutA
0x4a45cc UnregisterClassA
0x4a45d0 GrayStringA
0x4a45d4 GetDlgItem
0x4a45d8 DestroyWindow
0x4a45dc CreateDialogIndirectParamA
0x4a45e0 EndDialog
0x4a45e4 GetNextDlgTabItem
0x4a45e8 GetWindowPlacement
0x4a45ec RegisterWindowMessageA
0x4a45f0 GetForegroundWindow
0x4a45f4 GetLastActivePopup
0x4a45f8 GetMessageTime
0x4a45fc RemovePropA
0x4a4600 CallWindowProcA
0x4a4604 GetPropA
0x4a4608 UnhookWindowsHookEx
0x4a460c SetPropA
0x4a4610 GetClassLongA
0x4a4614 CallNextHookEx
0x4a4618 SetWindowsHookExA
0x4a461c CreateWindowExA
0x4a4620 GetMenuItemID
0x4a4624 GetMenuItemCount
0x4a4628 RegisterClassA
0x4a462c GetScrollPos
GDI32.dll
0x4a4024 SelectPalette
0x4a4028 RealizePalette
0x4a402c GetDIBits
0x4a4030 GetWindowExtEx
0x4a4034 GetViewportOrgEx
0x4a4038 GetWindowOrgEx
0x4a403c BeginPath
0x4a4040 EndPath
0x4a4044 PathToRegion
0x4a4048 CreateEllipticRgn
0x4a404c CreateRoundRectRgn
0x4a4050 GetTextColor
0x4a4054 GetBkMode
0x4a4058 GetBkColor
0x4a405c GetROP2
0x4a4060 GetStretchBltMode
0x4a4064 GetPolyFillMode
0x4a4068 CreateCompatibleBitmap
0x4a406c CreateDCA
0x4a4070 CreateBitmap
0x4a4074 SelectObject
0x4a4078 CreatePen
0x4a407c PatBlt
0x4a4080 CombineRgn
0x4a4084 CreateRectRgn
0x4a4088 FillRgn
0x4a408c CreateSolidBrush
0x4a4090 CreateFontIndirectA
0x4a4094 GetStockObject
0x4a4098 GetObjectA
0x4a409c EndPage
0x4a40a0 EndDoc
0x4a40a4 DeleteDC
0x4a40a8 StartDocA
0x4a40ac StartPage
0x4a40b0 BitBlt
0x4a40b4 CreateCompatibleDC
0x4a40b8 StretchBlt
0x4a40bc Rectangle
0x4a40c0 LPtoDP
0x4a40c4 DPtoLP
0x4a40c8 GetCurrentObject
0x4a40cc RoundRect
0x4a40d0 GetTextExtentPoint32A
0x4a40d4 GetDeviceCaps
0x4a40d8 SaveDC
0x4a40dc RestoreDC
0x4a40e0 SetBkMode
0x4a40e4 SetPolyFillMode
0x4a40e8 SetROP2
0x4a40ec SetTextColor
0x4a40f0 SetMapMode
0x4a40f4 SetViewportOrgEx
0x4a40f8 OffsetViewportOrgEx
0x4a40fc SetViewportExtEx
0x4a4100 ScaleViewportExtEx
0x4a4104 SetWindowOrgEx
0x4a4108 SetWindowExtEx
0x4a410c ScaleWindowExtEx
0x4a4110 GetClipBox
0x4a4114 ExcludeClipRect
0x4a4118 MoveToEx
0x4a411c LineTo
0x4a4120 CreatePalette
0x4a4124 GetSystemPaletteEntries
0x4a4128 CreateDIBitmap
0x4a412c DeleteObject
0x4a4130 SelectClipRgn
0x4a4134 CreatePolygonRgn
0x4a4138 GetClipRgn
0x4a413c SetStretchBltMode
0x4a4140 CreateRectRgnIndirect
0x4a4144 ExtSelectClipRgn
0x4a4148 GetViewportExtEx
0x4a414c SetBkColor
0x4a4150 Ellipse
0x4a4154 GetTextMetricsA
0x4a4158 Escape
0x4a415c ExtTextOutA
0x4a4160 TextOutA
0x4a4164 RectVisible
0x4a4168 PtVisible
WINMM.dll
0x4a463c waveOutRestart
0x4a4640 midiStreamRestart
0x4a4644 waveOutUnprepareHeader
0x4a4648 waveOutPrepareHeader
0x4a464c waveOutWrite
0x4a4650 waveOutPause
0x4a4654 waveOutReset
0x4a4658 waveOutClose
0x4a465c waveOutGetNumDevs
0x4a4660 waveOutOpen
0x4a4664 midiOutUnprepareHeader
0x4a4668 midiStreamOpen
0x4a466c midiStreamProperty
0x4a4670 midiOutPrepareHeader
0x4a4674 midiStreamOut
0x4a4678 midiStreamStop
0x4a467c midiOutReset
0x4a4680 midiStreamClose
WINSPOOL.DRV
0x4a4688 DocumentPropertiesA
0x4a468c OpenPrinterA
0x4a4690 ClosePrinter
ADVAPI32.dll
0x4a4000 RegQueryValueA
0x4a4004 RegSetValueExA
0x4a4008 RegOpenKeyExA
0x4a400c RegCloseKey
0x4a4010 RegCreateKeyExA
SHELL32.dll
0x4a43bc ShellExecuteA
0x4a43c0 Shell_NotifyIconA
ole32.dll
0x4a4704 CLSIDFromProgID
0x4a4708 OleRun
0x4a470c CoCreateInstance
0x4a4710 CLSIDFromString
0x4a4714 OleUninitialize
0x4a4718 OleInitialize
OLEAUT32.dll
0x4a4388 VariantClear
0x4a438c VariantChangeType
0x4a4390 VariantCopyInd
0x4a4394 VariantInit
0x4a4398 RegisterTypeLib
0x4a439c LHashValOfNameSys
0x4a43a0 LoadTypeLib
0x4a43a4 UnRegisterTypeLib
0x4a43a8 SysAllocString
COMCTL32.dll
0x4a4018 None
0x4a401c ImageList_Destroy
WS2_32.dll
0x4a4698 WSAAsyncSelect
0x4a469c htons
0x4a46a0 socket
0x4a46a4 closesocket
0x4a46a8 send
0x4a46ac gethostname
0x4a46b0 inet_addr
0x4a46b4 inet_ntoa
0x4a46b8 setsockopt
0x4a46bc recvfrom
0x4a46c0 ioctlsocket
0x4a46c4 connect
0x4a46c8 recv
0x4a46cc getpeername
0x4a46d0 accept
0x4a46d4 gethostbyname
0x4a46d8 WSAStartup
0x4a46dc WSACleanup
0x4a46e0 WSASetLastError
0x4a46e4 select
0x4a46e8 ntohl
WININET.dll
0x4a4634 InternetCloseHandle
comdlg32.dll
0x4a46f0 ChooseColorA
0x4a46f4 GetSaveFileNameA
0x4a46f8 GetOpenFileNameA
0x4a46fc GetFileTitleA

EAT(Export Address Table) is none

Report - 163.exe

Signature (15cnts)

Rules (19cnts)

Network (7cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure