ScreenShot
| Created | 2024.06.16 10:46 | Machine | s1_win7_x6401 |
| Filename | x86_0929_1.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 30 detected (AIDetectMalware, Malicious, score, Unsafe, Save, Attribute, HighConfidence, high confidence, Jaik, Real Protect, Detected, ai score=81, HeurC, KVM003, Static AI, Malicious PE, MxResIcn, PossibleThreat, Chgt) | ||
| md5 | cedd4cef78da5751af380902c89f1352 | ||
| sha256 | 8f4d090da477195a6fb34b2330c30c22e440ce3c569a24ba630da0def65a8a35 | ||
| ssdeep | 12288:3LE2GKCAvjieDiXWAraJLzKC0/ctP22yBJ/kA0nc/783GRpw9+NPn7BZi:AveDiXWAra9zKt2cr0n88GN+ | ||
| imphash | 28ad50542f813b012843ce887d0559ea | ||
| impfuzzy | 96:n5KdFzaYHDONGNOHDxABGV3hdcwTgc5tmWtsXW:MnaxYuDxAwv | ||
Network IP location
Signature (14cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
| warning | Stops Windows services |
| watch | Communicates with host for which no DNS query was performed |
| watch | Detects Virtual Machines through their custom firmware |
| watch | Installs itself for autorun at Windows startup |
| watch | Loads a driver |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Foreign language identified in PE resource |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| info | Command line console output was observed |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
SHLWAPI.dll
0x467200 PathIsDirectoryA
0x467204 PathFileExistsA
ADVAPI32.dll
0x467000 RegSetValueExW
0x467004 RegSetValueExA
0x467008 OpenProcessToken
0x46700c AdjustTokenPrivileges
0x467010 RegFlushKey
0x467014 RegCreateKeyExW
0x467018 LookupPrivilegeValueA
USER32.dll
0x46720c wsprintfA
0x467210 SetWindowPos
0x467214 IsWindowVisible
0x467218 GetAsyncKeyState
0x46721c MapVirtualKeyA
0x467220 GetSystemMetrics
0x467224 GetWindowRect
0x467228 GetCursorPos
0x46722c EnumWindows
0x467230 GetWindow
0x467234 GetWindowThreadProcessId
0x467238 GetTopWindow
ntdll.dll
0x46727c RtlUnwind
0x467280 RtlInitUnicodeString
0x467284 RtlDosPathNameToNtPathName_U
0x467288 NtLoadDriver
0x46728c NtQuerySystemInformation
WINHTTP.dll
0x467240 WinHttpReceiveResponse
0x467244 WinHttpSendRequest
0x467248 WinHttpOpenRequest
0x46724c WinHttpQueryDataAvailable
0x467250 WinHttpOpen
0x467254 WinHttpCloseHandle
0x467258 WinHttpConnect
0x46725c WinHttpReadData
KERNEL32.dll
0x467020 SetStdHandle
0x467024 QueryDosDeviceA
0x467028 SetEnvironmentVariableW
0x46702c FreeEnvironmentStringsW
0x467030 GetEnvironmentStringsW
0x467034 GetOEMCP
0x467038 GetACP
0x46703c IsValidCodePage
0x467040 ReadConsoleW
0x467044 SetFilePointerEx
0x467048 GetFileSizeEx
0x46704c GetConsoleMode
0x467050 GetConsoleCP
0x467054 FlushFileBuffers
0x467058 GetTimeZoneInformation
0x46705c GetCurrentDirectoryW
0x467060 DeleteFileW
0x467064 GetFileType
0x467068 EnumSystemLocalesW
0x46706c GetUserDefaultLCID
0x467070 IsValidLocale
0x467074 GetLocaleInfoW
0x467078 LCMapStringW
0x46707c CompareStringW
0x467080 GetTimeFormatW
0x467084 GetDateFormatW
0x467088 GetCommandLineW
0x46708c GetCommandLineA
0x467090 GetStdHandle
0x467094 GetModuleFileNameW
0x467098 FileTimeToSystemTime
0x46709c SystemTimeToTzSpecificLocalTime
0x4670a0 FindNextFileW
0x4670a4 FindFirstFileExW
0x4670a8 FindClose
0x4670ac GetFullPathNameW
0x4670b0 GetDriveTypeW
0x4670b4 GetModuleHandleExW
0x4670b8 ExitProcess
0x4670bc LoadLibraryExW
0x4670c0 FreeLibrary
0x4670c4 TlsFree
0x4670c8 TlsSetValue
0x4670cc CreateFileW
0x4670d0 WriteFile
0x4670d4 CloseHandle
0x4670d8 GetCurrentDirectoryA
0x4670dc CreateDirectoryA
0x4670e0 CreateFileA
0x4670e4 GetFileSize
0x4670e8 ReadFile
0x4670ec SetFilePointer
0x4670f0 DecodePointer
0x4670f4 RaiseException
0x4670f8 GetLastError
0x4670fc HeapDestroy
0x467100 HeapAlloc
0x467104 HeapReAlloc
0x467108 HeapFree
0x46710c HeapSize
0x467110 GetProcessHeap
0x467114 InitializeCriticalSectionEx
0x467118 DeleteCriticalSection
0x46711c Sleep
0x467120 GetCurrentProcess
0x467124 GetCurrentProcessId
0x467128 TerminateProcess
0x46712c OpenProcess
0x467130 GetModuleHandleA
0x467134 GetProcAddress
0x467138 LoadResource
0x46713c LockResource
0x467140 SizeofResource
0x467144 lstrcmpiA
0x467148 lstrcpyA
0x46714c lstrcatA
0x467150 lstrlenA
0x467154 GetLogicalDriveStringsA
0x467158 FindResourceA
0x46715c GetPrivateProfileStringA
0x467160 WritePrivateProfileStringA
0x467164 WriteConsoleW
0x467168 CopyFileA
0x46716c IsBadReadPtr
0x467170 MultiByteToWideChar
0x467174 WideCharToMultiByte
0x467178 CreateToolhelp32Snapshot
0x46717c Process32First
0x467180 Process32Next
0x467184 K32GetProcessImageFileNameA
0x467188 EnterCriticalSection
0x46718c LeaveCriticalSection
0x467190 EncodePointer
0x467194 LCMapStringEx
0x467198 GetLocaleInfoEx
0x46719c GetStringTypeW
0x4671a0 CompareStringEx
0x4671a4 GetCPInfo
0x4671a8 InitializeCriticalSectionAndSpinCount
0x4671ac SetEvent
0x4671b0 ResetEvent
0x4671b4 WaitForSingleObjectEx
0x4671b8 CreateEventW
0x4671bc GetModuleHandleW
0x4671c0 UnhandledExceptionFilter
0x4671c4 SetUnhandledExceptionFilter
0x4671c8 IsProcessorFeaturePresent
0x4671cc IsDebuggerPresent
0x4671d0 GetStartupInfoW
0x4671d4 QueryPerformanceCounter
0x4671d8 GetCurrentThreadId
0x4671dc GetSystemTimeAsFileTime
0x4671e0 InitializeSListHead
0x4671e4 OutputDebugStringW
0x4671e8 TlsGetValue
0x4671ec TlsAlloc
0x4671f0 SetLastError
SHELL32.dll
0x4671f8 ShellExecuteA
WININET.dll
0x467264 HttpQueryInfoA
0x467268 InternetCloseHandle
0x46726c InternetOpenUrlA
0x467270 InternetReadFile
0x467274 InternetOpenA
EAT(Export Address Table) is none
SHLWAPI.dll
0x467200 PathIsDirectoryA
0x467204 PathFileExistsA
ADVAPI32.dll
0x467000 RegSetValueExW
0x467004 RegSetValueExA
0x467008 OpenProcessToken
0x46700c AdjustTokenPrivileges
0x467010 RegFlushKey
0x467014 RegCreateKeyExW
0x467018 LookupPrivilegeValueA
USER32.dll
0x46720c wsprintfA
0x467210 SetWindowPos
0x467214 IsWindowVisible
0x467218 GetAsyncKeyState
0x46721c MapVirtualKeyA
0x467220 GetSystemMetrics
0x467224 GetWindowRect
0x467228 GetCursorPos
0x46722c EnumWindows
0x467230 GetWindow
0x467234 GetWindowThreadProcessId
0x467238 GetTopWindow
ntdll.dll
0x46727c RtlUnwind
0x467280 RtlInitUnicodeString
0x467284 RtlDosPathNameToNtPathName_U
0x467288 NtLoadDriver
0x46728c NtQuerySystemInformation
WINHTTP.dll
0x467240 WinHttpReceiveResponse
0x467244 WinHttpSendRequest
0x467248 WinHttpOpenRequest
0x46724c WinHttpQueryDataAvailable
0x467250 WinHttpOpen
0x467254 WinHttpCloseHandle
0x467258 WinHttpConnect
0x46725c WinHttpReadData
KERNEL32.dll
0x467020 SetStdHandle
0x467024 QueryDosDeviceA
0x467028 SetEnvironmentVariableW
0x46702c FreeEnvironmentStringsW
0x467030 GetEnvironmentStringsW
0x467034 GetOEMCP
0x467038 GetACP
0x46703c IsValidCodePage
0x467040 ReadConsoleW
0x467044 SetFilePointerEx
0x467048 GetFileSizeEx
0x46704c GetConsoleMode
0x467050 GetConsoleCP
0x467054 FlushFileBuffers
0x467058 GetTimeZoneInformation
0x46705c GetCurrentDirectoryW
0x467060 DeleteFileW
0x467064 GetFileType
0x467068 EnumSystemLocalesW
0x46706c GetUserDefaultLCID
0x467070 IsValidLocale
0x467074 GetLocaleInfoW
0x467078 LCMapStringW
0x46707c CompareStringW
0x467080 GetTimeFormatW
0x467084 GetDateFormatW
0x467088 GetCommandLineW
0x46708c GetCommandLineA
0x467090 GetStdHandle
0x467094 GetModuleFileNameW
0x467098 FileTimeToSystemTime
0x46709c SystemTimeToTzSpecificLocalTime
0x4670a0 FindNextFileW
0x4670a4 FindFirstFileExW
0x4670a8 FindClose
0x4670ac GetFullPathNameW
0x4670b0 GetDriveTypeW
0x4670b4 GetModuleHandleExW
0x4670b8 ExitProcess
0x4670bc LoadLibraryExW
0x4670c0 FreeLibrary
0x4670c4 TlsFree
0x4670c8 TlsSetValue
0x4670cc CreateFileW
0x4670d0 WriteFile
0x4670d4 CloseHandle
0x4670d8 GetCurrentDirectoryA
0x4670dc CreateDirectoryA
0x4670e0 CreateFileA
0x4670e4 GetFileSize
0x4670e8 ReadFile
0x4670ec SetFilePointer
0x4670f0 DecodePointer
0x4670f4 RaiseException
0x4670f8 GetLastError
0x4670fc HeapDestroy
0x467100 HeapAlloc
0x467104 HeapReAlloc
0x467108 HeapFree
0x46710c HeapSize
0x467110 GetProcessHeap
0x467114 InitializeCriticalSectionEx
0x467118 DeleteCriticalSection
0x46711c Sleep
0x467120 GetCurrentProcess
0x467124 GetCurrentProcessId
0x467128 TerminateProcess
0x46712c OpenProcess
0x467130 GetModuleHandleA
0x467134 GetProcAddress
0x467138 LoadResource
0x46713c LockResource
0x467140 SizeofResource
0x467144 lstrcmpiA
0x467148 lstrcpyA
0x46714c lstrcatA
0x467150 lstrlenA
0x467154 GetLogicalDriveStringsA
0x467158 FindResourceA
0x46715c GetPrivateProfileStringA
0x467160 WritePrivateProfileStringA
0x467164 WriteConsoleW
0x467168 CopyFileA
0x46716c IsBadReadPtr
0x467170 MultiByteToWideChar
0x467174 WideCharToMultiByte
0x467178 CreateToolhelp32Snapshot
0x46717c Process32First
0x467180 Process32Next
0x467184 K32GetProcessImageFileNameA
0x467188 EnterCriticalSection
0x46718c LeaveCriticalSection
0x467190 EncodePointer
0x467194 LCMapStringEx
0x467198 GetLocaleInfoEx
0x46719c GetStringTypeW
0x4671a0 CompareStringEx
0x4671a4 GetCPInfo
0x4671a8 InitializeCriticalSectionAndSpinCount
0x4671ac SetEvent
0x4671b0 ResetEvent
0x4671b4 WaitForSingleObjectEx
0x4671b8 CreateEventW
0x4671bc GetModuleHandleW
0x4671c0 UnhandledExceptionFilter
0x4671c4 SetUnhandledExceptionFilter
0x4671c8 IsProcessorFeaturePresent
0x4671cc IsDebuggerPresent
0x4671d0 GetStartupInfoW
0x4671d4 QueryPerformanceCounter
0x4671d8 GetCurrentThreadId
0x4671dc GetSystemTimeAsFileTime
0x4671e0 InitializeSListHead
0x4671e4 OutputDebugStringW
0x4671e8 TlsGetValue
0x4671ec TlsAlloc
0x4671f0 SetLastError
SHELL32.dll
0x4671f8 ShellExecuteA
WININET.dll
0x467264 HttpQueryInfoA
0x467268 InternetCloseHandle
0x46726c InternetOpenUrlA
0x467270 InternetReadFile
0x467274 InternetOpenA
EAT(Export Address Table) is none