ScreenShot
| Created | 2024.07.02 15:45 | Machine | s1_win7_x6401 |
| Filename | Content_497179.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 52070a9adf4787ece9b80af208603030 | ||
| sha256 | c41e5e851e0d62fe837b2b44ec114ae83a2dde3ef3943fbe37efaec94b0b6202 | ||
| ssdeep | 196608:u288p8RT3OgtMwVajd4nXhE7OUGCZvb+CV4i8JRzY6SKg:u288+T3O6I2nXhE7OUGClb+CV4vDc | ||
| imphash | 3edeaff8abef40c004b6f29fa270bade | ||
| impfuzzy | 96:oEqaXrgDZLI1UqIlWa+X6BT1JGm/B4Q/y:Yy+WaNjtD/y | ||
Network IP location
Signature (16cnts)
| Level | Description |
|---|---|
| watch | Creates known SpyNet files |
| watch | Detects the presence of Wine emulator |
| watch | Enumerates services |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | Sends data using the HTTP POST Method |
| notice | Starts servers listening |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
Rules (14cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| warning | NSIS_Installer | Null Soft Installer | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | bmp_file_format | bmp file format | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x52e008 GetStartupInfoW
0x52e00c LCMapStringW
0x52e010 SetStdHandle
0x52e014 FindClose
0x52e018 VirtualAlloc
0x52e01c TlsFree
0x52e020 GetTickCount
0x52e024 SetEvent
0x52e028 MoveFileExW
0x52e02c EnterCriticalSection
0x52e030 CreateFileW
0x52e034 GetCurrentDirectoryA
0x52e038 GetProcessAffinityMask
0x52e03c FindFirstFileW
0x52e040 SetLastError
0x52e044 GetProcAddress
0x52e048 FindNextFileW
0x52e04c SetFileAttributesW
0x52e050 GetSystemDirectoryW
0x52e054 GetModuleHandleW
0x52e058 HeapReAlloc
0x52e05c FormatMessageW
0x52e060 SetCurrentDirectoryW
0x52e064 RemoveDirectoryA
0x52e068 FreeEnvironmentStringsW
0x52e06c GetFileSize
0x52e070 UnhandledExceptionFilter
0x52e074 LoadLibraryA
0x52e078 ReadFile
0x52e07c WideCharToMultiByte
0x52e080 WakeAllConditionVariable
0x52e084 FreeLibraryAndExitThread
0x52e088 GetTempPathW
0x52e08c WriteConsoleW
0x52e090 GetACP
0x52e094 ReleaseSemaphore
0x52e098 TryAcquireSRWLockExclusive
0x52e09c HeapAlloc
0x52e0a0 SetFilePointerEx
0x52e0a4 CreateThread
0x52e0a8 TlsSetValue
0x52e0ac GetCurrentThreadId
0x52e0b0 LocalFree
0x52e0b4 WaitForSingleObject
0x52e0b8 GetSystemInfo
0x52e0bc IsProcessorFeaturePresent
0x52e0c0 GetVersionExA
0x52e0c4 TlsGetValue
0x52e0c8 LeaveCriticalSection
0x52e0cc FindNextFileA
0x52e0d0 GlobalMemoryStatus
0x52e0d4 CloseHandle
0x52e0d8 CreateDirectoryA
0x52e0dc GetFileType
0x52e0e0 CreateFileA
0x52e0e4 VirtualFree
0x52e0e8 HeapSize
0x52e0ec GetCurrentDirectoryW
0x52e0f0 GetCurrentProcess
0x52e0f4 RaiseException
0x52e0f8 FindFirstFileA
0x52e0fc GetModuleFileNameW
0x52e100 IsDebuggerPresent
0x52e104 QueryPerformanceFrequency
0x52e108 GetEnvironmentStringsW
0x52e10c LoadLibraryExW
0x52e110 SetCurrentDirectoryA
0x52e114 DeleteCriticalSection
0x52e118 GetProcessHeap
0x52e11c GetModuleFileNameA
0x52e120 GetCPInfo
0x52e124 CreateSemaphoreA
0x52e128 GetCommandLineA
0x52e12c SetUnhandledExceptionFilter
0x52e130 FreeLibrary
0x52e134 GetConsoleMode
0x52e138 RemoveDirectoryW
0x52e13c RtlUnwind
0x52e140 GetFileAttributesA
0x52e144 AcquireSRWLockExclusive
0x52e148 GetFileInformationByHandle
0x52e14c DeleteFileW
0x52e150 FlushFileBuffers
0x52e154 GetTickCount64
0x52e158 FindFirstFileExA
0x52e15c SetFilePointer
0x52e160 GetLastError
0x52e164 QueryPerformanceCounter
0x52e168 GetModuleHandleA
0x52e16c EncodePointer
0x52e170 InitializeCriticalSection
0x52e174 GetCurrentProcessId
0x52e178 LoadLibraryW
0x52e17c SetFileAttributesA
0x52e180 AreFileApisANSI
0x52e184 DecodePointer
0x52e188 GetModuleHandleExW
0x52e18c SetFileTime
0x52e190 CreateEventA
0x52e194 CreateDirectoryW
0x52e198 CreateProcessA
0x52e19c SetEndOfFile
0x52e1a0 ExitProcess
0x52e1a4 ResetEvent
0x52e1a8 IsBadReadPtr
0x52e1ac DeleteFileA
0x52e1b0 IsValidCodePage
0x52e1b4 GetTempPathA
0x52e1b8 ReleaseSRWLockExclusive
0x52e1bc GetSystemTimeAsFileTime
0x52e1c0 TerminateProcess
0x52e1c4 InitializeCriticalSectionEx
0x52e1c8 GetFileAttributesW
0x52e1cc HeapFree
0x52e1d0 GetTempFileNameW
0x52e1d4 FormatMessageA
0x52e1d8 Sleep
0x52e1dc GetOEMCP
0x52e1e0 WriteFile
0x52e1e4 GetStdHandle
0x52e1e8 GetVersion
0x52e1ec GetCommandLineW
0x52e1f0 TlsAlloc
0x52e1f4 GetConsoleCP
0x52e1f8 GetStringTypeW
0x52e1fc MultiByteToWideChar
0x52e200 InitializeSListHead
0x52e204 ExitThread
0x52e208 InitializeCriticalSectionAndSpinCount
USER32.dll
0x52e228 DialogBoxParamA
0x52e22c CharUpperW
0x52e230 LoadStringA
0x52e234 LoadIconA
0x52e238 SetWindowTextA
0x52e23c CharUpperA
0x52e240 KillTimer
0x52e244 GetDlgItem
0x52e248 DialogBoxParamW
0x52e24c EndDialog
0x52e250 MessageBoxA
0x52e254 GetWindowLongA
0x52e258 SetTimer
0x52e25c ShowWindow
0x52e260 LoadStringW
0x52e264 SetWindowLongA
0x52e268 MessageBoxW
0x52e26c SendMessageA
0x52e270 PostMessageA
0x52e274 DestroyWindow
0x52e278 SetWindowTextW
SHELL32.dll
0x52e220 ShellExecuteExA
OLEAUT32.dll
0x52e210 VariantClear
0x52e214 SysAllocStringLen
0x52e218 SysStringLen
ADVAPI32.dll
0x52e000 CloseServiceHandle
EAT(Export Address Table) is none
KERNEL32.dll
0x52e008 GetStartupInfoW
0x52e00c LCMapStringW
0x52e010 SetStdHandle
0x52e014 FindClose
0x52e018 VirtualAlloc
0x52e01c TlsFree
0x52e020 GetTickCount
0x52e024 SetEvent
0x52e028 MoveFileExW
0x52e02c EnterCriticalSection
0x52e030 CreateFileW
0x52e034 GetCurrentDirectoryA
0x52e038 GetProcessAffinityMask
0x52e03c FindFirstFileW
0x52e040 SetLastError
0x52e044 GetProcAddress
0x52e048 FindNextFileW
0x52e04c SetFileAttributesW
0x52e050 GetSystemDirectoryW
0x52e054 GetModuleHandleW
0x52e058 HeapReAlloc
0x52e05c FormatMessageW
0x52e060 SetCurrentDirectoryW
0x52e064 RemoveDirectoryA
0x52e068 FreeEnvironmentStringsW
0x52e06c GetFileSize
0x52e070 UnhandledExceptionFilter
0x52e074 LoadLibraryA
0x52e078 ReadFile
0x52e07c WideCharToMultiByte
0x52e080 WakeAllConditionVariable
0x52e084 FreeLibraryAndExitThread
0x52e088 GetTempPathW
0x52e08c WriteConsoleW
0x52e090 GetACP
0x52e094 ReleaseSemaphore
0x52e098 TryAcquireSRWLockExclusive
0x52e09c HeapAlloc
0x52e0a0 SetFilePointerEx
0x52e0a4 CreateThread
0x52e0a8 TlsSetValue
0x52e0ac GetCurrentThreadId
0x52e0b0 LocalFree
0x52e0b4 WaitForSingleObject
0x52e0b8 GetSystemInfo
0x52e0bc IsProcessorFeaturePresent
0x52e0c0 GetVersionExA
0x52e0c4 TlsGetValue
0x52e0c8 LeaveCriticalSection
0x52e0cc FindNextFileA
0x52e0d0 GlobalMemoryStatus
0x52e0d4 CloseHandle
0x52e0d8 CreateDirectoryA
0x52e0dc GetFileType
0x52e0e0 CreateFileA
0x52e0e4 VirtualFree
0x52e0e8 HeapSize
0x52e0ec GetCurrentDirectoryW
0x52e0f0 GetCurrentProcess
0x52e0f4 RaiseException
0x52e0f8 FindFirstFileA
0x52e0fc GetModuleFileNameW
0x52e100 IsDebuggerPresent
0x52e104 QueryPerformanceFrequency
0x52e108 GetEnvironmentStringsW
0x52e10c LoadLibraryExW
0x52e110 SetCurrentDirectoryA
0x52e114 DeleteCriticalSection
0x52e118 GetProcessHeap
0x52e11c GetModuleFileNameA
0x52e120 GetCPInfo
0x52e124 CreateSemaphoreA
0x52e128 GetCommandLineA
0x52e12c SetUnhandledExceptionFilter
0x52e130 FreeLibrary
0x52e134 GetConsoleMode
0x52e138 RemoveDirectoryW
0x52e13c RtlUnwind
0x52e140 GetFileAttributesA
0x52e144 AcquireSRWLockExclusive
0x52e148 GetFileInformationByHandle
0x52e14c DeleteFileW
0x52e150 FlushFileBuffers
0x52e154 GetTickCount64
0x52e158 FindFirstFileExA
0x52e15c SetFilePointer
0x52e160 GetLastError
0x52e164 QueryPerformanceCounter
0x52e168 GetModuleHandleA
0x52e16c EncodePointer
0x52e170 InitializeCriticalSection
0x52e174 GetCurrentProcessId
0x52e178 LoadLibraryW
0x52e17c SetFileAttributesA
0x52e180 AreFileApisANSI
0x52e184 DecodePointer
0x52e188 GetModuleHandleExW
0x52e18c SetFileTime
0x52e190 CreateEventA
0x52e194 CreateDirectoryW
0x52e198 CreateProcessA
0x52e19c SetEndOfFile
0x52e1a0 ExitProcess
0x52e1a4 ResetEvent
0x52e1a8 IsBadReadPtr
0x52e1ac DeleteFileA
0x52e1b0 IsValidCodePage
0x52e1b4 GetTempPathA
0x52e1b8 ReleaseSRWLockExclusive
0x52e1bc GetSystemTimeAsFileTime
0x52e1c0 TerminateProcess
0x52e1c4 InitializeCriticalSectionEx
0x52e1c8 GetFileAttributesW
0x52e1cc HeapFree
0x52e1d0 GetTempFileNameW
0x52e1d4 FormatMessageA
0x52e1d8 Sleep
0x52e1dc GetOEMCP
0x52e1e0 WriteFile
0x52e1e4 GetStdHandle
0x52e1e8 GetVersion
0x52e1ec GetCommandLineW
0x52e1f0 TlsAlloc
0x52e1f4 GetConsoleCP
0x52e1f8 GetStringTypeW
0x52e1fc MultiByteToWideChar
0x52e200 InitializeSListHead
0x52e204 ExitThread
0x52e208 InitializeCriticalSectionAndSpinCount
USER32.dll
0x52e228 DialogBoxParamA
0x52e22c CharUpperW
0x52e230 LoadStringA
0x52e234 LoadIconA
0x52e238 SetWindowTextA
0x52e23c CharUpperA
0x52e240 KillTimer
0x52e244 GetDlgItem
0x52e248 DialogBoxParamW
0x52e24c EndDialog
0x52e250 MessageBoxA
0x52e254 GetWindowLongA
0x52e258 SetTimer
0x52e25c ShowWindow
0x52e260 LoadStringW
0x52e264 SetWindowLongA
0x52e268 MessageBoxW
0x52e26c SendMessageA
0x52e270 PostMessageA
0x52e274 DestroyWindow
0x52e278 SetWindowTextW
SHELL32.dll
0x52e220 ShellExecuteExA
OLEAUT32.dll
0x52e210 VariantClear
0x52e214 SysAllocStringLen
0x52e218 SysStringLen
ADVAPI32.dll
0x52e000 CloseServiceHandle
EAT(Export Address Table) is none