ScreenShot
| Created | 2024.06.17 13:31 | Machine | s1_win7_x6403 |
| Filename | b2c2c1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 51 detected (AIDetectMalware, Convagent, malicious, high confidence, score, Stop, Lockbit, GenericKD, Unsafe, Save, Attribute, HighConfidence, GenKryptik, GYTZ, Artemis, BotX, Injuke, FalDesc, MulDrop27, AMADEY, YXEFPZ, high, Outbreak, Detected, ai score=86, Sabsik, Kryptik, BPT99E, ZexaF, Cq0@aiWOoomG, Chgt, Obfuscated, Static AI, Malicious PE, MxResIcn, PossibleThreat, confidence, 100%) | ||
| md5 | f8ec725e4b969f157fd70166e73a56a3 | ||
| sha256 | eb74efaf4832a80809815051fc97704819fbc4b1d57f07faf39746a02ed1dd10 | ||
| ssdeep | 12288:DDFoUhzIra7duGLyU99EsNOt44wvprxZD3d//:eUhzoaR1Np4w75N3 | ||
| imphash | 038fd82a29b15c409ae8a61e434d0fd1 | ||
| impfuzzy | 24:VYykbrjx0fcMulJcDYpEdQBoYC7yOf7oOu1lEcfjtDhIuHRyv0SJyU:8rjifXa6dBpOOTnoecfjtN40SJyU | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x445000 LoadLibraryExW
0x445004 GetComputerNameW
0x445008 GetTickCount
0x44500c GetNumberFormatA
0x445010 GetWindowsDirectoryA
0x445014 GetUserDefaultLangID
0x445018 SetProcessPriorityBoost
0x44501c TlsSetValue
0x445020 GlobalAlloc
0x445024 LoadLibraryW
0x445028 AssignProcessToJobObject
0x44502c GetACP
0x445030 IsBadStringPtrA
0x445034 OpenMutexW
0x445038 GetLastError
0x44503c SetLastError
0x445040 GetProcAddress
0x445044 BuildCommDCBW
0x445048 LoadLibraryA
0x44504c InterlockedExchangeAdd
0x445050 GetDiskFreeSpaceA
0x445054 FoldStringA
0x445058 GetModuleFileNameA
0x44505c FindFirstVolumeMountPointA
0x445060 lstrcatW
0x445064 OutputDebugStringA
0x445068 WriteProcessMemory
0x44506c HeapFree
0x445070 HeapReAlloc
0x445074 GetModuleHandleW
0x445078 ExitProcess
0x44507c DecodePointer
0x445080 GetCommandLineW
0x445084 HeapSetInformation
0x445088 GetStartupInfoW
0x44508c HeapAlloc
0x445090 HeapCreate
0x445094 EncodePointer
0x445098 InitializeCriticalSectionAndSpinCount
0x44509c DeleteCriticalSection
0x4450a0 LeaveCriticalSection
0x4450a4 EnterCriticalSection
0x4450a8 UnhandledExceptionFilter
0x4450ac SetUnhandledExceptionFilter
0x4450b0 IsDebuggerPresent
0x4450b4 TerminateProcess
0x4450b8 GetCurrentProcess
0x4450bc TlsAlloc
0x4450c0 TlsGetValue
0x4450c4 TlsFree
0x4450c8 InterlockedIncrement
0x4450cc GetCurrentThreadId
0x4450d0 InterlockedDecrement
0x4450d4 WriteFile
0x4450d8 GetStdHandle
0x4450dc GetModuleFileNameW
0x4450e0 FreeEnvironmentStringsW
0x4450e4 GetEnvironmentStringsW
0x4450e8 SetHandleCount
0x4450ec GetFileType
0x4450f0 QueryPerformanceCounter
0x4450f4 GetCurrentProcessId
0x4450f8 GetSystemTimeAsFileTime
0x4450fc RtlUnwind
0x445100 Sleep
0x445104 WideCharToMultiByte
0x445108 GetCPInfo
0x44510c GetOEMCP
0x445110 IsValidCodePage
0x445114 HeapSize
0x445118 RaiseException
0x44511c IsProcessorFeaturePresent
0x445120 LCMapStringW
0x445124 MultiByteToWideChar
0x445128 GetStringTypeW
EAT(Export Address Table) is none
KERNEL32.dll
0x445000 LoadLibraryExW
0x445004 GetComputerNameW
0x445008 GetTickCount
0x44500c GetNumberFormatA
0x445010 GetWindowsDirectoryA
0x445014 GetUserDefaultLangID
0x445018 SetProcessPriorityBoost
0x44501c TlsSetValue
0x445020 GlobalAlloc
0x445024 LoadLibraryW
0x445028 AssignProcessToJobObject
0x44502c GetACP
0x445030 IsBadStringPtrA
0x445034 OpenMutexW
0x445038 GetLastError
0x44503c SetLastError
0x445040 GetProcAddress
0x445044 BuildCommDCBW
0x445048 LoadLibraryA
0x44504c InterlockedExchangeAdd
0x445050 GetDiskFreeSpaceA
0x445054 FoldStringA
0x445058 GetModuleFileNameA
0x44505c FindFirstVolumeMountPointA
0x445060 lstrcatW
0x445064 OutputDebugStringA
0x445068 WriteProcessMemory
0x44506c HeapFree
0x445070 HeapReAlloc
0x445074 GetModuleHandleW
0x445078 ExitProcess
0x44507c DecodePointer
0x445080 GetCommandLineW
0x445084 HeapSetInformation
0x445088 GetStartupInfoW
0x44508c HeapAlloc
0x445090 HeapCreate
0x445094 EncodePointer
0x445098 InitializeCriticalSectionAndSpinCount
0x44509c DeleteCriticalSection
0x4450a0 LeaveCriticalSection
0x4450a4 EnterCriticalSection
0x4450a8 UnhandledExceptionFilter
0x4450ac SetUnhandledExceptionFilter
0x4450b0 IsDebuggerPresent
0x4450b4 TerminateProcess
0x4450b8 GetCurrentProcess
0x4450bc TlsAlloc
0x4450c0 TlsGetValue
0x4450c4 TlsFree
0x4450c8 InterlockedIncrement
0x4450cc GetCurrentThreadId
0x4450d0 InterlockedDecrement
0x4450d4 WriteFile
0x4450d8 GetStdHandle
0x4450dc GetModuleFileNameW
0x4450e0 FreeEnvironmentStringsW
0x4450e4 GetEnvironmentStringsW
0x4450e8 SetHandleCount
0x4450ec GetFileType
0x4450f0 QueryPerformanceCounter
0x4450f4 GetCurrentProcessId
0x4450f8 GetSystemTimeAsFileTime
0x4450fc RtlUnwind
0x445100 Sleep
0x445104 WideCharToMultiByte
0x445108 GetCPInfo
0x44510c GetOEMCP
0x445110 IsValidCodePage
0x445114 HeapSize
0x445118 RaiseException
0x44511c IsProcessorFeaturePresent
0x445120 LCMapStringW
0x445124 MultiByteToWideChar
0x445128 GetStringTypeW
EAT(Export Address Table) is none