ScreenShot
| Created | 2024.06.17 13:37 | Machine | s1_win7_x6403 |
| Filename | NewKindR.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 50 detected (AIDetectMalware, Tepfer, malicious, high confidence, score, Unsafe, Save, GenKryptik, GYST, Artemis, RATX, Fareit, Generic@AI, RDML, 8SqVc3u, QAKRFeabwXAg, Redcap, vrjeb, Steam, AMADEY, YXEFNZ, Real Protect, high, Krypt, Detected, ai score=80, ASGK, 8WHVJ3, R653711, ZexaF, Eu0@ay3SxmiG, BScope, Klubdepa, Static AI, Suspicious PE, Kryptik, HBBY, confidence, 100%) | ||
| md5 | fdafb92fc1868e533daa18f318d8e322 | ||
| sha256 | 20c1e1afe90bdcf0f52211ad57c0b44bf2657eee63057b503ca6f3efeeb9a828 | ||
| ssdeep | 6144:5pPjLfMHsP9QLw5bB4DOmfG6i2wGWPgEammKW4g0l6zkLL3QxWP1IIL4qb:5pbMHwIwt0XG6OPg/mmSFl6zk/gxoIv | ||
| imphash | d9461cba2555202112b06a068732496e | ||
| impfuzzy | 24:VbG2Akrk1kH6MTkkrvN9I71oOJHvCDYpiOIcsge+6MG/DRiQcfwj+yv5HuO2SBVZ:waIA19Ie+T0O/ZG/IQcfEHL2SBVBSm | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x414000 SetVolumeLabelA
0x414004 SetDefaultCommConfigA
0x414008 GetConsoleAliasesLengthW
0x41400c GetLocaleInfoA
0x414010 GetStringTypeA
0x414014 InterlockedDecrement
0x414018 CreateJobObjectW
0x41401c SetVolumeMountPointW
0x414020 SetCommBreak
0x414024 GetModuleHandleW
0x414028 GetTickCount
0x41402c EnumCalendarInfoExW
0x414030 GetConsoleAliasesA
0x414034 ReadConsoleOutputA
0x414038 GlobalAlloc
0x41403c LoadLibraryW
0x414040 FormatMessageW
0x414044 GetStringTypeExW
0x414048 lstrcpynW
0x41404c GetTimeFormatW
0x414050 SetConsoleTitleA
0x414054 CreateJobObjectA
0x414058 GetNamedPipeHandleStateW
0x41405c SetLastError
0x414060 GetThreadLocale
0x414064 GetProcAddress
0x414068 BuildCommDCBW
0x41406c LoadLibraryA
0x414070 WriteConsoleA
0x414074 UnhandledExceptionFilter
0x414078 RegisterWaitForSingleObject
0x41407c SetFileApisToANSI
0x414080 OpenJobObjectW
0x414084 FindAtomA
0x414088 GetModuleFileNameA
0x41408c lstrcatW
0x414090 OpenFileMappingW
0x414094 SetCalendarInfoA
0x414098 GlobalAddAtomW
0x41409c FindNextVolumeA
0x4140a0 LocalFileTimeToFileTime
0x4140a4 MultiByteToWideChar
0x4140a8 HeapAlloc
0x4140ac GetLastError
0x4140b0 HeapReAlloc
0x4140b4 GetStartupInfoW
0x4140b8 RaiseException
0x4140bc RtlUnwind
0x4140c0 TerminateProcess
0x4140c4 GetCurrentProcess
0x4140c8 SetUnhandledExceptionFilter
0x4140cc IsDebuggerPresent
0x4140d0 HeapFree
0x4140d4 GetCPInfo
0x4140d8 InterlockedIncrement
0x4140dc GetACP
0x4140e0 GetOEMCP
0x4140e4 IsValidCodePage
0x4140e8 TlsGetValue
0x4140ec TlsAlloc
0x4140f0 TlsSetValue
0x4140f4 TlsFree
0x4140f8 GetCurrentThreadId
0x4140fc DeleteCriticalSection
0x414100 LeaveCriticalSection
0x414104 EnterCriticalSection
0x414108 VirtualFree
0x41410c VirtualAlloc
0x414110 HeapCreate
0x414114 Sleep
0x414118 ExitProcess
0x41411c WriteFile
0x414120 GetStdHandle
0x414124 SetHandleCount
0x414128 GetFileType
0x41412c GetStartupInfoA
0x414130 GetModuleFileNameW
0x414134 FreeEnvironmentStringsW
0x414138 GetEnvironmentStringsW
0x41413c GetCommandLineW
0x414140 QueryPerformanceCounter
0x414144 GetCurrentProcessId
0x414148 GetSystemTimeAsFileTime
0x41414c LCMapStringA
0x414150 WideCharToMultiByte
0x414154 LCMapStringW
0x414158 GetStringTypeW
0x41415c InitializeCriticalSectionAndSpinCount
0x414160 ReadFile
0x414164 HeapSize
0x414168 GetConsoleCP
0x41416c GetConsoleMode
0x414170 FlushFileBuffers
0x414174 SetFilePointer
0x414178 SetStdHandle
0x41417c CloseHandle
0x414180 GetConsoleOutputCP
0x414184 WriteConsoleW
0x414188 CreateFileA
0x41418c GetModuleHandleA
USER32.dll
0x414194 LoadIconW
EAT(Export Address Table) is none
KERNEL32.dll
0x414000 SetVolumeLabelA
0x414004 SetDefaultCommConfigA
0x414008 GetConsoleAliasesLengthW
0x41400c GetLocaleInfoA
0x414010 GetStringTypeA
0x414014 InterlockedDecrement
0x414018 CreateJobObjectW
0x41401c SetVolumeMountPointW
0x414020 SetCommBreak
0x414024 GetModuleHandleW
0x414028 GetTickCount
0x41402c EnumCalendarInfoExW
0x414030 GetConsoleAliasesA
0x414034 ReadConsoleOutputA
0x414038 GlobalAlloc
0x41403c LoadLibraryW
0x414040 FormatMessageW
0x414044 GetStringTypeExW
0x414048 lstrcpynW
0x41404c GetTimeFormatW
0x414050 SetConsoleTitleA
0x414054 CreateJobObjectA
0x414058 GetNamedPipeHandleStateW
0x41405c SetLastError
0x414060 GetThreadLocale
0x414064 GetProcAddress
0x414068 BuildCommDCBW
0x41406c LoadLibraryA
0x414070 WriteConsoleA
0x414074 UnhandledExceptionFilter
0x414078 RegisterWaitForSingleObject
0x41407c SetFileApisToANSI
0x414080 OpenJobObjectW
0x414084 FindAtomA
0x414088 GetModuleFileNameA
0x41408c lstrcatW
0x414090 OpenFileMappingW
0x414094 SetCalendarInfoA
0x414098 GlobalAddAtomW
0x41409c FindNextVolumeA
0x4140a0 LocalFileTimeToFileTime
0x4140a4 MultiByteToWideChar
0x4140a8 HeapAlloc
0x4140ac GetLastError
0x4140b0 HeapReAlloc
0x4140b4 GetStartupInfoW
0x4140b8 RaiseException
0x4140bc RtlUnwind
0x4140c0 TerminateProcess
0x4140c4 GetCurrentProcess
0x4140c8 SetUnhandledExceptionFilter
0x4140cc IsDebuggerPresent
0x4140d0 HeapFree
0x4140d4 GetCPInfo
0x4140d8 InterlockedIncrement
0x4140dc GetACP
0x4140e0 GetOEMCP
0x4140e4 IsValidCodePage
0x4140e8 TlsGetValue
0x4140ec TlsAlloc
0x4140f0 TlsSetValue
0x4140f4 TlsFree
0x4140f8 GetCurrentThreadId
0x4140fc DeleteCriticalSection
0x414100 LeaveCriticalSection
0x414104 EnterCriticalSection
0x414108 VirtualFree
0x41410c VirtualAlloc
0x414110 HeapCreate
0x414114 Sleep
0x414118 ExitProcess
0x41411c WriteFile
0x414120 GetStdHandle
0x414124 SetHandleCount
0x414128 GetFileType
0x41412c GetStartupInfoA
0x414130 GetModuleFileNameW
0x414134 FreeEnvironmentStringsW
0x414138 GetEnvironmentStringsW
0x41413c GetCommandLineW
0x414140 QueryPerformanceCounter
0x414144 GetCurrentProcessId
0x414148 GetSystemTimeAsFileTime
0x41414c LCMapStringA
0x414150 WideCharToMultiByte
0x414154 LCMapStringW
0x414158 GetStringTypeW
0x41415c InitializeCriticalSectionAndSpinCount
0x414160 ReadFile
0x414164 HeapSize
0x414168 GetConsoleCP
0x41416c GetConsoleMode
0x414170 FlushFileBuffers
0x414174 SetFilePointer
0x414178 SetStdHandle
0x41417c CloseHandle
0x414180 GetConsoleOutputCP
0x414184 WriteConsoleW
0x414188 CreateFileA
0x41418c GetModuleHandleA
USER32.dll
0x414194 LoadIconW
EAT(Export Address Table) is none