ScreenShot
Created | 2024.06.19 09:59 | Machine | s1_win7_x6403 |
Filename | bin.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : mailcious | ||
VT API (file) | 59 detected (Deyma, Windows, Threat, Malicious, score, Zusy, Unsafe, Save, Delf, Attribute, HighConfidence, Amadey, Artemis, BotX, Redcap, koqimc, 5qH3vzGUSkV, blcoe, DownLoader47, YXEFQZ, Real Protect, high, Outbreak, Detected, ai score=87, Casdet, Eldorado, R653644, ZexaF, AuW@aOikWCoi, BScope, Chgt, Gencirc, Static AI, Suspicious PE, confidence, 100%) | ||
md5 | 13e5872e9b7c47090e035dc228c5589f | ||
sha256 | d6cfb9d6c862be5a244eb5e4c6339312f74b7eb57cad8d08f56e3de0024b2bbc | ||
ssdeep | 6144:9O1rkNbOFsBuztTfSoRgxX+j14TGYoij7aR1XPQg9TU5YGmvST3h68BoKupOdCHP:3xBuBTExX+AoLzTUKdvST/BoKupOjUz | ||
imphash | 17fdfd4b0f74c4632463578cbbe1a2a0 | ||
impfuzzy | 96:AX3DGKnh5Edcg+JU0tWmuX17fysX+kXpEi0ZFRLnYMI:AKM8hF7fHOk5EbSMI |
Network IP location
Signature (15cnts)
Level | Description |
---|---|
danger | File has been identified by 59 AntiVirus engines on VirusTotal as malicious |
watch | Attempts to identify installed AV products by installation directory |
watch | Communicates with host for which no DNS query was performed |
watch | Installs itself for autorun at Windows startup |
notice | A process attempted to delay the analysis task. |
notice | A process created a hidden window |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | An executable file was downloaded by the process hkbsse.exe |
notice | Creates executable files on the filesystem |
notice | Drops a binary and executes it |
notice | Drops an executable to the user AppData folder |
notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
notice | Performs some HTTP requests |
notice | Resolves a suspicious Top Level Domain (TLD) |
notice | Sends data using the HTTP POST Method |
Rules (18cnts)
Level | Name | Description | Collection |
---|---|---|---|
warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (download) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
watch | Win32_Trojan_PWS_Net_1_Zero | Win32 Trojan PWS .NET Azorult | binaries (download) |
info | Is_DotNET_EXE | (no description) | binaries (download) |
info | IsPE32 | (no description) | binaries (download) |
info | IsPE32 | (no description) | binaries (upload) |
info | IsPE64 | (no description) | binaries (download) |
info | JPEG_Format_Zero | JPEG Format | binaries (download) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (download) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (10cnts) ?
Suricata ids
ET DROP Spamhaus DROP Listed Traffic Inbound group 13
ET DNS Query to a *.top domain - Likely Hostile
ET INFO HTTP Request to a *.top domain
ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
ET POLICY Cryptocurrency Miner Checkin
ET MALWARE Amadey Bot Activity (POST) M1
ET INFO Packed Executable Download
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING Possible EXE Download From Suspicious TLD
ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)
ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2
ET DNS Query to a *.top domain - Likely Hostile
ET INFO HTTP Request to a *.top domain
ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
ET POLICY Cryptocurrency Miner Checkin
ET MALWARE Amadey Bot Activity (POST) M1
ET INFO Packed Executable Download
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING Possible EXE Download From Suspicious TLD
ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)
ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x45204c GetSystemInfo
0x452050 CreateThread
0x452054 GetLocalTime
0x452058 GetThreadContext
0x45205c GetProcAddress
0x452060 VirtualAllocEx
0x452064 RemoveDirectoryA
0x452068 CloseHandle
0x45206c CreateProcessA
0x452070 CreateDirectoryA
0x452074 SetThreadContext
0x452078 SetEndOfFile
0x45207c DecodePointer
0x452080 ReadConsoleW
0x452084 HeapReAlloc
0x452088 HeapSize
0x45208c CreateFileA
0x452090 GetFileAttributesA
0x452094 GetLastError
0x452098 GetTempPathA
0x45209c SetCurrentDirectoryA
0x4520a0 Sleep
0x4520a4 GetModuleHandleA
0x4520a8 ResumeThread
0x4520ac GetComputerNameExW
0x4520b0 GetVersionExW
0x4520b4 WaitForSingleObject
0x4520b8 CreateMutexA
0x4520bc VirtualAlloc
0x4520c0 WriteFile
0x4520c4 VirtualFree
0x4520c8 WriteProcessMemory
0x4520cc GetModuleFileNameA
0x4520d0 ReadProcessMemory
0x4520d4 ReadFile
0x4520d8 GetTimeZoneInformation
0x4520dc GetConsoleMode
0x4520e0 GetConsoleCP
0x4520e4 FlushFileBuffers
0x4520e8 GetStringTypeW
0x4520ec GetProcessHeap
0x4520f0 SetEnvironmentVariableW
0x4520f4 FreeEnvironmentStringsW
0x4520f8 GetEnvironmentStringsW
0x4520fc GetCPInfo
0x452100 GetOEMCP
0x452104 GetACP
0x452108 IsValidCodePage
0x45210c FindNextFileW
0x452110 FindFirstFileExW
0x452114 FindClose
0x452118 SetFilePointerEx
0x45211c SetStdHandle
0x452120 GetFullPathNameW
0x452124 GetCurrentDirectoryW
0x452128 DeleteFileW
0x45212c LCMapStringW
0x452130 CompareStringW
0x452134 MultiByteToWideChar
0x452138 HeapAlloc
0x45213c HeapFree
0x452140 GetCommandLineW
0x452144 GetCommandLineA
0x452148 GetStdHandle
0x45214c FileTimeToSystemTime
0x452150 SystemTimeToTzSpecificLocalTime
0x452154 PeekNamedPipe
0x452158 GetFileType
0x45215c GetFileInformationByHandle
0x452160 GetDriveTypeW
0x452164 RaiseException
0x452168 GetCurrentThreadId
0x45216c IsProcessorFeaturePresent
0x452170 QueueUserWorkItem
0x452174 GetModuleHandleExW
0x452178 FormatMessageW
0x45217c WideCharToMultiByte
0x452180 EnterCriticalSection
0x452184 LeaveCriticalSection
0x452188 TryEnterCriticalSection
0x45218c DeleteCriticalSection
0x452190 SetLastError
0x452194 InitializeCriticalSectionAndSpinCount
0x452198 CreateEventW
0x45219c SwitchToThread
0x4521a0 TlsAlloc
0x4521a4 TlsGetValue
0x4521a8 TlsSetValue
0x4521ac TlsFree
0x4521b0 GetSystemTimeAsFileTime
0x4521b4 GetTickCount
0x4521b8 GetModuleHandleW
0x4521bc WaitForSingleObjectEx
0x4521c0 QueryPerformanceCounter
0x4521c4 SetEvent
0x4521c8 ResetEvent
0x4521cc UnhandledExceptionFilter
0x4521d0 SetUnhandledExceptionFilter
0x4521d4 GetCurrentProcess
0x4521d8 TerminateProcess
0x4521dc IsDebuggerPresent
0x4521e0 GetStartupInfoW
0x4521e4 GetCurrentProcessId
0x4521e8 InitializeSListHead
0x4521ec CreateTimerQueue
0x4521f0 SignalObjectAndWait
0x4521f4 SetThreadPriority
0x4521f8 GetThreadPriority
0x4521fc GetLogicalProcessorInformation
0x452200 CreateTimerQueueTimer
0x452204 ChangeTimerQueueTimer
0x452208 DeleteTimerQueueTimer
0x45220c GetNumaHighestNodeNumber
0x452210 GetProcessAffinityMask
0x452214 SetThreadAffinityMask
0x452218 RegisterWaitForSingleObject
0x45221c UnregisterWait
0x452220 EncodePointer
0x452224 GetCurrentThread
0x452228 GetThreadTimes
0x45222c FreeLibrary
0x452230 FreeLibraryAndExitThread
0x452234 GetModuleFileNameW
0x452238 LoadLibraryExW
0x45223c VirtualProtect
0x452240 DuplicateHandle
0x452244 ReleaseSemaphore
0x452248 InterlockedPopEntrySList
0x45224c InterlockedPushEntrySList
0x452250 InterlockedFlushSList
0x452254 QueryDepthSList
0x452258 UnregisterWaitEx
0x45225c LoadLibraryW
0x452260 RtlUnwind
0x452264 ExitProcess
0x452268 CreateFileW
0x45226c WriteConsoleW
USER32.dll
0x452288 GetSystemMetrics
0x45228c ReleaseDC
0x452290 GetDC
GDI32.dll
0x452034 CreateCompatibleBitmap
0x452038 SelectObject
0x45203c CreateCompatibleDC
0x452040 DeleteObject
0x452044 BitBlt
ADVAPI32.dll
0x452000 RegCloseKey
0x452004 RegQueryInfoKeyW
0x452008 RegGetValueA
0x45200c RegQueryValueExA
0x452010 GetSidSubAuthorityCount
0x452014 GetSidSubAuthority
0x452018 GetUserNameA
0x45201c LookupAccountNameA
0x452020 RegSetValueExA
0x452024 RegOpenKeyExA
0x452028 RegEnumValueW
0x45202c GetSidIdentifierAuthority
SHELL32.dll
0x452274 SHGetFolderPathA
0x452278 ShellExecuteA
0x45227c None
0x452280 SHFileOperationA
ole32.dll
0x452318 CoUninitialize
0x45231c CoCreateInstance
0x452320 CoInitialize
WININET.dll
0x452298 HttpOpenRequestA
0x45229c InternetWriteFile
0x4522a0 InternetOpenUrlA
0x4522a4 InternetOpenW
0x4522a8 HttpEndRequestW
0x4522ac HttpAddRequestHeadersA
0x4522b0 HttpSendRequestExA
0x4522b4 InternetOpenA
0x4522b8 InternetCloseHandle
0x4522bc HttpSendRequestA
0x4522c0 InternetConnectA
0x4522c4 InternetReadFile
gdiplus.dll
0x4522f8 GdipGetImageEncodersSize
0x4522fc GdipDisposeImage
0x452300 GdiplusStartup
0x452304 GdiplusShutdown
0x452308 GdipGetImageEncoders
0x45230c GdipSaveImageToFile
0x452310 GdipCreateBitmapFromHBITMAP
WS2_32.dll
0x4522cc closesocket
0x4522d0 inet_pton
0x4522d4 getaddrinfo
0x4522d8 WSAStartup
0x4522dc send
0x4522e0 socket
0x4522e4 connect
0x4522e8 recv
0x4522ec htons
0x4522f0 freeaddrinfo
EAT(Export Address Table) is none
KERNEL32.dll
0x45204c GetSystemInfo
0x452050 CreateThread
0x452054 GetLocalTime
0x452058 GetThreadContext
0x45205c GetProcAddress
0x452060 VirtualAllocEx
0x452064 RemoveDirectoryA
0x452068 CloseHandle
0x45206c CreateProcessA
0x452070 CreateDirectoryA
0x452074 SetThreadContext
0x452078 SetEndOfFile
0x45207c DecodePointer
0x452080 ReadConsoleW
0x452084 HeapReAlloc
0x452088 HeapSize
0x45208c CreateFileA
0x452090 GetFileAttributesA
0x452094 GetLastError
0x452098 GetTempPathA
0x45209c SetCurrentDirectoryA
0x4520a0 Sleep
0x4520a4 GetModuleHandleA
0x4520a8 ResumeThread
0x4520ac GetComputerNameExW
0x4520b0 GetVersionExW
0x4520b4 WaitForSingleObject
0x4520b8 CreateMutexA
0x4520bc VirtualAlloc
0x4520c0 WriteFile
0x4520c4 VirtualFree
0x4520c8 WriteProcessMemory
0x4520cc GetModuleFileNameA
0x4520d0 ReadProcessMemory
0x4520d4 ReadFile
0x4520d8 GetTimeZoneInformation
0x4520dc GetConsoleMode
0x4520e0 GetConsoleCP
0x4520e4 FlushFileBuffers
0x4520e8 GetStringTypeW
0x4520ec GetProcessHeap
0x4520f0 SetEnvironmentVariableW
0x4520f4 FreeEnvironmentStringsW
0x4520f8 GetEnvironmentStringsW
0x4520fc GetCPInfo
0x452100 GetOEMCP
0x452104 GetACP
0x452108 IsValidCodePage
0x45210c FindNextFileW
0x452110 FindFirstFileExW
0x452114 FindClose
0x452118 SetFilePointerEx
0x45211c SetStdHandle
0x452120 GetFullPathNameW
0x452124 GetCurrentDirectoryW
0x452128 DeleteFileW
0x45212c LCMapStringW
0x452130 CompareStringW
0x452134 MultiByteToWideChar
0x452138 HeapAlloc
0x45213c HeapFree
0x452140 GetCommandLineW
0x452144 GetCommandLineA
0x452148 GetStdHandle
0x45214c FileTimeToSystemTime
0x452150 SystemTimeToTzSpecificLocalTime
0x452154 PeekNamedPipe
0x452158 GetFileType
0x45215c GetFileInformationByHandle
0x452160 GetDriveTypeW
0x452164 RaiseException
0x452168 GetCurrentThreadId
0x45216c IsProcessorFeaturePresent
0x452170 QueueUserWorkItem
0x452174 GetModuleHandleExW
0x452178 FormatMessageW
0x45217c WideCharToMultiByte
0x452180 EnterCriticalSection
0x452184 LeaveCriticalSection
0x452188 TryEnterCriticalSection
0x45218c DeleteCriticalSection
0x452190 SetLastError
0x452194 InitializeCriticalSectionAndSpinCount
0x452198 CreateEventW
0x45219c SwitchToThread
0x4521a0 TlsAlloc
0x4521a4 TlsGetValue
0x4521a8 TlsSetValue
0x4521ac TlsFree
0x4521b0 GetSystemTimeAsFileTime
0x4521b4 GetTickCount
0x4521b8 GetModuleHandleW
0x4521bc WaitForSingleObjectEx
0x4521c0 QueryPerformanceCounter
0x4521c4 SetEvent
0x4521c8 ResetEvent
0x4521cc UnhandledExceptionFilter
0x4521d0 SetUnhandledExceptionFilter
0x4521d4 GetCurrentProcess
0x4521d8 TerminateProcess
0x4521dc IsDebuggerPresent
0x4521e0 GetStartupInfoW
0x4521e4 GetCurrentProcessId
0x4521e8 InitializeSListHead
0x4521ec CreateTimerQueue
0x4521f0 SignalObjectAndWait
0x4521f4 SetThreadPriority
0x4521f8 GetThreadPriority
0x4521fc GetLogicalProcessorInformation
0x452200 CreateTimerQueueTimer
0x452204 ChangeTimerQueueTimer
0x452208 DeleteTimerQueueTimer
0x45220c GetNumaHighestNodeNumber
0x452210 GetProcessAffinityMask
0x452214 SetThreadAffinityMask
0x452218 RegisterWaitForSingleObject
0x45221c UnregisterWait
0x452220 EncodePointer
0x452224 GetCurrentThread
0x452228 GetThreadTimes
0x45222c FreeLibrary
0x452230 FreeLibraryAndExitThread
0x452234 GetModuleFileNameW
0x452238 LoadLibraryExW
0x45223c VirtualProtect
0x452240 DuplicateHandle
0x452244 ReleaseSemaphore
0x452248 InterlockedPopEntrySList
0x45224c InterlockedPushEntrySList
0x452250 InterlockedFlushSList
0x452254 QueryDepthSList
0x452258 UnregisterWaitEx
0x45225c LoadLibraryW
0x452260 RtlUnwind
0x452264 ExitProcess
0x452268 CreateFileW
0x45226c WriteConsoleW
USER32.dll
0x452288 GetSystemMetrics
0x45228c ReleaseDC
0x452290 GetDC
GDI32.dll
0x452034 CreateCompatibleBitmap
0x452038 SelectObject
0x45203c CreateCompatibleDC
0x452040 DeleteObject
0x452044 BitBlt
ADVAPI32.dll
0x452000 RegCloseKey
0x452004 RegQueryInfoKeyW
0x452008 RegGetValueA
0x45200c RegQueryValueExA
0x452010 GetSidSubAuthorityCount
0x452014 GetSidSubAuthority
0x452018 GetUserNameA
0x45201c LookupAccountNameA
0x452020 RegSetValueExA
0x452024 RegOpenKeyExA
0x452028 RegEnumValueW
0x45202c GetSidIdentifierAuthority
SHELL32.dll
0x452274 SHGetFolderPathA
0x452278 ShellExecuteA
0x45227c None
0x452280 SHFileOperationA
ole32.dll
0x452318 CoUninitialize
0x45231c CoCreateInstance
0x452320 CoInitialize
WININET.dll
0x452298 HttpOpenRequestA
0x45229c InternetWriteFile
0x4522a0 InternetOpenUrlA
0x4522a4 InternetOpenW
0x4522a8 HttpEndRequestW
0x4522ac HttpAddRequestHeadersA
0x4522b0 HttpSendRequestExA
0x4522b4 InternetOpenA
0x4522b8 InternetCloseHandle
0x4522bc HttpSendRequestA
0x4522c0 InternetConnectA
0x4522c4 InternetReadFile
gdiplus.dll
0x4522f8 GdipGetImageEncodersSize
0x4522fc GdipDisposeImage
0x452300 GdiplusStartup
0x452304 GdiplusShutdown
0x452308 GdipGetImageEncoders
0x45230c GdipSaveImageToFile
0x452310 GdipCreateBitmapFromHBITMAP
WS2_32.dll
0x4522cc closesocket
0x4522d0 inet_pton
0x4522d4 getaddrinfo
0x4522d8 WSAStartup
0x4522dc send
0x4522e0 socket
0x4522e4 connect
0x4522e8 recv
0x4522ec htons
0x4522f0 freeaddrinfo
EAT(Export Address Table) is none