ScreenShot
| Created | 2024.06.16 10:00 | Machine | s1_win7_x6401 |
| Filename | x86_0923_1.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 26 detected (AIDetectMalware, malicious, high confidence, Unsafe, Save, Attribute, HighConfidence, TrojanX, score, MalCert, CLASSIC, Real Protect, Static AI, Malicious PE, PossibleThreat, confidence) | ||
| md5 | 95996d628e7f15ed7290902c879aa81b | ||
| sha256 | 580ef11908322d49d35edef4b0dde97deb75a5ead2f2395c64a5935f982c0cb7 | ||
| ssdeep | 12288:3SWRXlSxAT8vKxPl70hXuYV0CsDdflRgvpGuEPf9+NPn7NeVc1:BuxAT8vKxZYkRflAC8Nci | ||
| imphash | 28ad50542f813b012843ce887d0559ea | ||
| impfuzzy | 96:n5KdFzaYHDONGNOHDxABGV3hdcwTgc5tmWtsXW:MnaxYuDxAwv | ||
Network IP location
Signature (14cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| warning | Stops Windows services |
| watch | Communicates with host for which no DNS query was performed |
| watch | Detects Virtual Machines through their custom firmware |
| watch | Installs itself for autorun at Windows startup |
| watch | Loads a driver |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Foreign language identified in PE resource |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| info | Command line console output was observed |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
SHLWAPI.dll
0x466200 PathIsDirectoryA
0x466204 PathFileExistsA
ADVAPI32.dll
0x466000 RegSetValueExW
0x466004 RegSetValueExA
0x466008 OpenProcessToken
0x46600c AdjustTokenPrivileges
0x466010 RegFlushKey
0x466014 RegCreateKeyExW
0x466018 LookupPrivilegeValueA
USER32.dll
0x46620c wsprintfA
0x466210 SetWindowPos
0x466214 IsWindowVisible
0x466218 GetAsyncKeyState
0x46621c MapVirtualKeyA
0x466220 GetSystemMetrics
0x466224 GetWindowRect
0x466228 GetCursorPos
0x46622c EnumWindows
0x466230 GetWindow
0x466234 GetWindowThreadProcessId
0x466238 GetTopWindow
ntdll.dll
0x46627c RtlUnwind
0x466280 RtlInitUnicodeString
0x466284 RtlDosPathNameToNtPathName_U
0x466288 NtLoadDriver
0x46628c NtQuerySystemInformation
WINHTTP.dll
0x466240 WinHttpReceiveResponse
0x466244 WinHttpSendRequest
0x466248 WinHttpOpenRequest
0x46624c WinHttpQueryDataAvailable
0x466250 WinHttpOpen
0x466254 WinHttpCloseHandle
0x466258 WinHttpConnect
0x46625c WinHttpReadData
KERNEL32.dll
0x466020 SetStdHandle
0x466024 QueryDosDeviceA
0x466028 SetEnvironmentVariableW
0x46602c FreeEnvironmentStringsW
0x466030 GetEnvironmentStringsW
0x466034 GetOEMCP
0x466038 GetACP
0x46603c IsValidCodePage
0x466040 ReadConsoleW
0x466044 SetFilePointerEx
0x466048 GetFileSizeEx
0x46604c GetConsoleMode
0x466050 GetConsoleCP
0x466054 FlushFileBuffers
0x466058 GetTimeZoneInformation
0x46605c GetCurrentDirectoryW
0x466060 DeleteFileW
0x466064 GetFileType
0x466068 EnumSystemLocalesW
0x46606c GetUserDefaultLCID
0x466070 IsValidLocale
0x466074 GetLocaleInfoW
0x466078 LCMapStringW
0x46607c CompareStringW
0x466080 GetTimeFormatW
0x466084 GetDateFormatW
0x466088 GetCommandLineW
0x46608c GetCommandLineA
0x466090 GetStdHandle
0x466094 GetModuleFileNameW
0x466098 FileTimeToSystemTime
0x46609c SystemTimeToTzSpecificLocalTime
0x4660a0 FindNextFileW
0x4660a4 FindFirstFileExW
0x4660a8 FindClose
0x4660ac GetFullPathNameW
0x4660b0 GetDriveTypeW
0x4660b4 GetModuleHandleExW
0x4660b8 ExitProcess
0x4660bc LoadLibraryExW
0x4660c0 FreeLibrary
0x4660c4 TlsFree
0x4660c8 TlsSetValue
0x4660cc CreateFileW
0x4660d0 WriteFile
0x4660d4 CloseHandle
0x4660d8 GetCurrentDirectoryA
0x4660dc CreateDirectoryA
0x4660e0 CreateFileA
0x4660e4 GetFileSize
0x4660e8 ReadFile
0x4660ec SetFilePointer
0x4660f0 DecodePointer
0x4660f4 RaiseException
0x4660f8 GetLastError
0x4660fc HeapDestroy
0x466100 HeapAlloc
0x466104 HeapReAlloc
0x466108 HeapFree
0x46610c HeapSize
0x466110 GetProcessHeap
0x466114 InitializeCriticalSectionEx
0x466118 DeleteCriticalSection
0x46611c Sleep
0x466120 GetCurrentProcess
0x466124 GetCurrentProcessId
0x466128 TerminateProcess
0x46612c OpenProcess
0x466130 GetModuleHandleA
0x466134 GetProcAddress
0x466138 LoadResource
0x46613c LockResource
0x466140 SizeofResource
0x466144 lstrcmpiA
0x466148 lstrcpyA
0x46614c lstrcatA
0x466150 lstrlenA
0x466154 GetLogicalDriveStringsA
0x466158 FindResourceA
0x46615c GetPrivateProfileStringA
0x466160 WritePrivateProfileStringA
0x466164 WriteConsoleW
0x466168 CopyFileA
0x46616c IsBadReadPtr
0x466170 MultiByteToWideChar
0x466174 WideCharToMultiByte
0x466178 CreateToolhelp32Snapshot
0x46617c Process32First
0x466180 Process32Next
0x466184 K32GetProcessImageFileNameA
0x466188 EnterCriticalSection
0x46618c LeaveCriticalSection
0x466190 EncodePointer
0x466194 LCMapStringEx
0x466198 GetLocaleInfoEx
0x46619c GetStringTypeW
0x4661a0 CompareStringEx
0x4661a4 GetCPInfo
0x4661a8 InitializeCriticalSectionAndSpinCount
0x4661ac SetEvent
0x4661b0 ResetEvent
0x4661b4 WaitForSingleObjectEx
0x4661b8 CreateEventW
0x4661bc GetModuleHandleW
0x4661c0 UnhandledExceptionFilter
0x4661c4 SetUnhandledExceptionFilter
0x4661c8 IsProcessorFeaturePresent
0x4661cc IsDebuggerPresent
0x4661d0 GetStartupInfoW
0x4661d4 QueryPerformanceCounter
0x4661d8 GetCurrentThreadId
0x4661dc GetSystemTimeAsFileTime
0x4661e0 InitializeSListHead
0x4661e4 OutputDebugStringW
0x4661e8 TlsGetValue
0x4661ec TlsAlloc
0x4661f0 SetLastError
SHELL32.dll
0x4661f8 ShellExecuteA
WININET.dll
0x466264 HttpQueryInfoA
0x466268 InternetCloseHandle
0x46626c InternetOpenUrlA
0x466270 InternetReadFile
0x466274 InternetOpenA
EAT(Export Address Table) is none
SHLWAPI.dll
0x466200 PathIsDirectoryA
0x466204 PathFileExistsA
ADVAPI32.dll
0x466000 RegSetValueExW
0x466004 RegSetValueExA
0x466008 OpenProcessToken
0x46600c AdjustTokenPrivileges
0x466010 RegFlushKey
0x466014 RegCreateKeyExW
0x466018 LookupPrivilegeValueA
USER32.dll
0x46620c wsprintfA
0x466210 SetWindowPos
0x466214 IsWindowVisible
0x466218 GetAsyncKeyState
0x46621c MapVirtualKeyA
0x466220 GetSystemMetrics
0x466224 GetWindowRect
0x466228 GetCursorPos
0x46622c EnumWindows
0x466230 GetWindow
0x466234 GetWindowThreadProcessId
0x466238 GetTopWindow
ntdll.dll
0x46627c RtlUnwind
0x466280 RtlInitUnicodeString
0x466284 RtlDosPathNameToNtPathName_U
0x466288 NtLoadDriver
0x46628c NtQuerySystemInformation
WINHTTP.dll
0x466240 WinHttpReceiveResponse
0x466244 WinHttpSendRequest
0x466248 WinHttpOpenRequest
0x46624c WinHttpQueryDataAvailable
0x466250 WinHttpOpen
0x466254 WinHttpCloseHandle
0x466258 WinHttpConnect
0x46625c WinHttpReadData
KERNEL32.dll
0x466020 SetStdHandle
0x466024 QueryDosDeviceA
0x466028 SetEnvironmentVariableW
0x46602c FreeEnvironmentStringsW
0x466030 GetEnvironmentStringsW
0x466034 GetOEMCP
0x466038 GetACP
0x46603c IsValidCodePage
0x466040 ReadConsoleW
0x466044 SetFilePointerEx
0x466048 GetFileSizeEx
0x46604c GetConsoleMode
0x466050 GetConsoleCP
0x466054 FlushFileBuffers
0x466058 GetTimeZoneInformation
0x46605c GetCurrentDirectoryW
0x466060 DeleteFileW
0x466064 GetFileType
0x466068 EnumSystemLocalesW
0x46606c GetUserDefaultLCID
0x466070 IsValidLocale
0x466074 GetLocaleInfoW
0x466078 LCMapStringW
0x46607c CompareStringW
0x466080 GetTimeFormatW
0x466084 GetDateFormatW
0x466088 GetCommandLineW
0x46608c GetCommandLineA
0x466090 GetStdHandle
0x466094 GetModuleFileNameW
0x466098 FileTimeToSystemTime
0x46609c SystemTimeToTzSpecificLocalTime
0x4660a0 FindNextFileW
0x4660a4 FindFirstFileExW
0x4660a8 FindClose
0x4660ac GetFullPathNameW
0x4660b0 GetDriveTypeW
0x4660b4 GetModuleHandleExW
0x4660b8 ExitProcess
0x4660bc LoadLibraryExW
0x4660c0 FreeLibrary
0x4660c4 TlsFree
0x4660c8 TlsSetValue
0x4660cc CreateFileW
0x4660d0 WriteFile
0x4660d4 CloseHandle
0x4660d8 GetCurrentDirectoryA
0x4660dc CreateDirectoryA
0x4660e0 CreateFileA
0x4660e4 GetFileSize
0x4660e8 ReadFile
0x4660ec SetFilePointer
0x4660f0 DecodePointer
0x4660f4 RaiseException
0x4660f8 GetLastError
0x4660fc HeapDestroy
0x466100 HeapAlloc
0x466104 HeapReAlloc
0x466108 HeapFree
0x46610c HeapSize
0x466110 GetProcessHeap
0x466114 InitializeCriticalSectionEx
0x466118 DeleteCriticalSection
0x46611c Sleep
0x466120 GetCurrentProcess
0x466124 GetCurrentProcessId
0x466128 TerminateProcess
0x46612c OpenProcess
0x466130 GetModuleHandleA
0x466134 GetProcAddress
0x466138 LoadResource
0x46613c LockResource
0x466140 SizeofResource
0x466144 lstrcmpiA
0x466148 lstrcpyA
0x46614c lstrcatA
0x466150 lstrlenA
0x466154 GetLogicalDriveStringsA
0x466158 FindResourceA
0x46615c GetPrivateProfileStringA
0x466160 WritePrivateProfileStringA
0x466164 WriteConsoleW
0x466168 CopyFileA
0x46616c IsBadReadPtr
0x466170 MultiByteToWideChar
0x466174 WideCharToMultiByte
0x466178 CreateToolhelp32Snapshot
0x46617c Process32First
0x466180 Process32Next
0x466184 K32GetProcessImageFileNameA
0x466188 EnterCriticalSection
0x46618c LeaveCriticalSection
0x466190 EncodePointer
0x466194 LCMapStringEx
0x466198 GetLocaleInfoEx
0x46619c GetStringTypeW
0x4661a0 CompareStringEx
0x4661a4 GetCPInfo
0x4661a8 InitializeCriticalSectionAndSpinCount
0x4661ac SetEvent
0x4661b0 ResetEvent
0x4661b4 WaitForSingleObjectEx
0x4661b8 CreateEventW
0x4661bc GetModuleHandleW
0x4661c0 UnhandledExceptionFilter
0x4661c4 SetUnhandledExceptionFilter
0x4661c8 IsProcessorFeaturePresent
0x4661cc IsDebuggerPresent
0x4661d0 GetStartupInfoW
0x4661d4 QueryPerformanceCounter
0x4661d8 GetCurrentThreadId
0x4661dc GetSystemTimeAsFileTime
0x4661e0 InitializeSListHead
0x4661e4 OutputDebugStringW
0x4661e8 TlsGetValue
0x4661ec TlsAlloc
0x4661f0 SetLastError
SHELL32.dll
0x4661f8 ShellExecuteA
WININET.dll
0x466264 HttpQueryInfoA
0x466268 InternetCloseHandle
0x46626c InternetOpenUrlA
0x466270 InternetReadFile
0x466274 InternetOpenA
EAT(Export Address Table) is none