ScreenShot
| Created | 2024.07.08 09:48 | Machine | s1_win7_x6401 |
| Filename | update.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 45 detected (AIDetectMalware, ClipBanker, malicious, high confidence, score, Razy, Unsafe, V21l, Attribute, HighConfidence, Artemis, MalwareX, abza, CLOUD, vfmnb, Detected, Wacatac, ABTrojan, GEFJ, R002H09G624, ai score=82, confidence) | ||
| md5 | f8ae25eb2bef827759f8cd837ad85bda | ||
| sha256 | 11cd1472cd1cc75245a148d4e9560bf7f7917443b36dec3f92ed79b8e743b399 | ||
| ssdeep | 12288:zKgT0C+p1QJteI+ynEWYgeWYg955/155/Z4ML4nvC66aNAl96acG/Eoz1I+MO/uR:zKe0C+p1QJD05vxP2ltpsj+MO/ucu | ||
| imphash | 9a5829c39073c30fe14404256cbdd15c | ||
| impfuzzy | 96:S2+86EGEDg7LcfesQ9ep5m+xU8Ntme1t0:S2BUULex | ||
Network IP location
Signature (11cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Detects VirtualBox through the presence of a device |
| watch | Detects VMWare through the presence of a registry key |
| notice | An executable file was downloaded by the process update.exe |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | Steals private information from local Internet browsers |
| info | One or more processes crashed |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | infoStealer_browser_b_Zero | browser info stealer | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
USER32.dll
0x140082450 GetSystemMetrics
0x140082458 GetDC
0x140082460 GetDesktopWindow
0x140082468 wsprintfW
0x140082470 GetClientRect
0x140082478 wsprintfA
ADVAPI32.dll
0x140082000 GetUserNameA
0x140082008 CryptAcquireContextA
0x140082010 CryptReleaseContext
0x140082018 CryptGenRandom
0x140082020 GetCurrentHwProfileA
GDI32.dll
0x140082030 CreateCompatibleDC
0x140082038 SelectObject
0x140082040 DeleteObject
0x140082048 CreateCompatibleBitmap
0x140082050 BitBlt
gdiplus.dll
0x140082488 GdipGetImageEncodersSize
0x140082490 GdipAlloc
0x140082498 GdipDisposeImage
0x1400824a0 GdiplusShutdown
0x1400824a8 GdiplusStartup
0x1400824b0 GdipCloneImage
0x1400824b8 GdipSaveImageToFile
0x1400824c0 GdipFree
0x1400824c8 GdipGetImageEncoders
0x1400824d0 GdipCreateBitmapFromHBITMAP
SHLWAPI.dll
0x140082430 StrCmpIW
0x140082438 PathFindExtensionW
0x140082440 PathFileExistsW
SHELL32.dll
0x140082420 ShellExecuteExW
KERNEL32.dll
0x140082060 IsValidLocaleName
0x140082068 EnumSystemLocalesEx
0x140082070 SetStdHandle
0x140082078 WriteConsoleW
0x140082080 GetExitCodeProcess
0x140082088 CreateProcessA
0x140082090 GetFileAttributesExW
0x140082098 SetEnvironmentVariableA
0x1400820a0 SetEndOfFile
0x1400820a8 InitializeCriticalSectionEx
0x1400820b0 LCMapStringEx
0x1400820b8 GetSystemInfo
0x1400820c0 GetUserDefaultLocaleName
0x1400820c8 CompareStringEx
0x1400820d0 OutputDebugStringW
0x1400820d8 LoadLibraryExW
0x1400820e0 GetStringTypeW
0x1400820e8 GetConsoleCP
0x1400820f0 FlushFileBuffers
0x1400820f8 SetFilePointerEx
0x140082100 SetFilePointer
0x140082108 ReadConsoleW
0x140082110 GetConsoleMode
0x140082118 HeapSize
0x140082120 InitializeCriticalSection
0x140082128 LeaveCriticalSection
0x140082130 EnterCriticalSection
0x140082138 FindFirstFileW
0x140082140 FindNextFileW
0x140082148 GlobalLock
0x140082150 GlobalAlloc
0x140082158 GlobalUnlock
0x140082160 GetProcAddress
0x140082168 LoadLibraryA
0x140082170 GetFileSize
0x140082178 lstrlenA
0x140082180 HeapAlloc
0x140082188 GetProcessHeap
0x140082190 Sleep
0x140082198 ReadFile
0x1400821a0 CreateFileW
0x1400821a8 SetCurrentDirectoryW
0x1400821b0 CloseHandle
0x1400821b8 CreateProcessW
0x1400821c0 WriteFile
0x1400821c8 GetNativeSystemInfo
0x1400821d0 FreeLibrary
0x1400821d8 HeapFree
0x1400821e0 VirtualFree
0x1400821e8 IsBadReadPtr
0x1400821f0 SetLastError
0x1400821f8 VirtualAlloc
0x140082200 VirtualProtect
0x140082208 ExitProcess
0x140082210 GetModuleHandleW
0x140082218 RaiseException
0x140082220 GetLastError
0x140082228 DeleteFileW
0x140082230 CreateThread
0x140082238 GetComputerNameA
0x140082240 CreateDirectoryW
0x140082248 WaitForSingleObject
0x140082250 CopyFileW
0x140082258 GetLocaleInfoEx
0x140082260 FindClose
0x140082268 GlobalMemoryStatusEx
0x140082270 GetModuleFileNameA
0x140082278 GetUserDefaultUILanguage
0x140082280 GetVersionExA
0x140082288 GetSystemFirmwareTable
0x140082290 OpenProcess
0x140082298 LoadLibraryW
0x1400822a0 TerminateProcess
0x1400822a8 Process32FirstW
0x1400822b0 RemoveDirectoryW
0x1400822b8 Process32NextW
0x1400822c0 CreateToolhelp32Snapshot
0x1400822c8 FindFirstFileA
0x1400822d0 FindNextFileA
0x1400822d8 QueryPerformanceCounter
0x1400822e0 QueryPerformanceFrequency
0x1400822e8 GetCommandLineW
0x1400822f0 EncodePointer
0x1400822f8 DecodePointer
0x140082300 GetCPInfo
0x140082308 HeapReAlloc
0x140082310 GetSystemTimeAsFileTime
0x140082318 RtlPcToFileHeader
0x140082320 RtlLookupFunctionEntry
0x140082328 RtlUnwindEx
0x140082330 IsDebuggerPresent
0x140082338 IsProcessorFeaturePresent
0x140082340 MultiByteToWideChar
0x140082348 WideCharToMultiByte
0x140082350 GetCurrentThreadId
0x140082358 GetModuleHandleExW
0x140082360 AreFileApisANSI
0x140082368 GetStdHandle
0x140082370 GetModuleFileNameW
0x140082378 GetFileType
0x140082380 InitializeCriticalSectionAndSpinCount
0x140082388 DeleteCriticalSection
0x140082390 InitOnceExecuteOnce
0x140082398 GetStartupInfoW
0x1400823a0 GetTickCount64
0x1400823a8 GetEnvironmentStringsW
0x1400823b0 FreeEnvironmentStringsW
0x1400823b8 RtlCaptureContext
0x1400823c0 RtlVirtualUnwind
0x1400823c8 UnhandledExceptionFilter
0x1400823d0 SetUnhandledExceptionFilter
0x1400823d8 FlsAlloc
0x1400823e0 FlsGetValue
0x1400823e8 FlsSetValue
0x1400823f0 FlsFree
0x1400823f8 GetCurrentProcess
0x140082400 IsValidCodePage
0x140082408 GetACP
0x140082410 GetOEMCP
EAT(Export Address Table) is none
USER32.dll
0x140082450 GetSystemMetrics
0x140082458 GetDC
0x140082460 GetDesktopWindow
0x140082468 wsprintfW
0x140082470 GetClientRect
0x140082478 wsprintfA
ADVAPI32.dll
0x140082000 GetUserNameA
0x140082008 CryptAcquireContextA
0x140082010 CryptReleaseContext
0x140082018 CryptGenRandom
0x140082020 GetCurrentHwProfileA
GDI32.dll
0x140082030 CreateCompatibleDC
0x140082038 SelectObject
0x140082040 DeleteObject
0x140082048 CreateCompatibleBitmap
0x140082050 BitBlt
gdiplus.dll
0x140082488 GdipGetImageEncodersSize
0x140082490 GdipAlloc
0x140082498 GdipDisposeImage
0x1400824a0 GdiplusShutdown
0x1400824a8 GdiplusStartup
0x1400824b0 GdipCloneImage
0x1400824b8 GdipSaveImageToFile
0x1400824c0 GdipFree
0x1400824c8 GdipGetImageEncoders
0x1400824d0 GdipCreateBitmapFromHBITMAP
SHLWAPI.dll
0x140082430 StrCmpIW
0x140082438 PathFindExtensionW
0x140082440 PathFileExistsW
SHELL32.dll
0x140082420 ShellExecuteExW
KERNEL32.dll
0x140082060 IsValidLocaleName
0x140082068 EnumSystemLocalesEx
0x140082070 SetStdHandle
0x140082078 WriteConsoleW
0x140082080 GetExitCodeProcess
0x140082088 CreateProcessA
0x140082090 GetFileAttributesExW
0x140082098 SetEnvironmentVariableA
0x1400820a0 SetEndOfFile
0x1400820a8 InitializeCriticalSectionEx
0x1400820b0 LCMapStringEx
0x1400820b8 GetSystemInfo
0x1400820c0 GetUserDefaultLocaleName
0x1400820c8 CompareStringEx
0x1400820d0 OutputDebugStringW
0x1400820d8 LoadLibraryExW
0x1400820e0 GetStringTypeW
0x1400820e8 GetConsoleCP
0x1400820f0 FlushFileBuffers
0x1400820f8 SetFilePointerEx
0x140082100 SetFilePointer
0x140082108 ReadConsoleW
0x140082110 GetConsoleMode
0x140082118 HeapSize
0x140082120 InitializeCriticalSection
0x140082128 LeaveCriticalSection
0x140082130 EnterCriticalSection
0x140082138 FindFirstFileW
0x140082140 FindNextFileW
0x140082148 GlobalLock
0x140082150 GlobalAlloc
0x140082158 GlobalUnlock
0x140082160 GetProcAddress
0x140082168 LoadLibraryA
0x140082170 GetFileSize
0x140082178 lstrlenA
0x140082180 HeapAlloc
0x140082188 GetProcessHeap
0x140082190 Sleep
0x140082198 ReadFile
0x1400821a0 CreateFileW
0x1400821a8 SetCurrentDirectoryW
0x1400821b0 CloseHandle
0x1400821b8 CreateProcessW
0x1400821c0 WriteFile
0x1400821c8 GetNativeSystemInfo
0x1400821d0 FreeLibrary
0x1400821d8 HeapFree
0x1400821e0 VirtualFree
0x1400821e8 IsBadReadPtr
0x1400821f0 SetLastError
0x1400821f8 VirtualAlloc
0x140082200 VirtualProtect
0x140082208 ExitProcess
0x140082210 GetModuleHandleW
0x140082218 RaiseException
0x140082220 GetLastError
0x140082228 DeleteFileW
0x140082230 CreateThread
0x140082238 GetComputerNameA
0x140082240 CreateDirectoryW
0x140082248 WaitForSingleObject
0x140082250 CopyFileW
0x140082258 GetLocaleInfoEx
0x140082260 FindClose
0x140082268 GlobalMemoryStatusEx
0x140082270 GetModuleFileNameA
0x140082278 GetUserDefaultUILanguage
0x140082280 GetVersionExA
0x140082288 GetSystemFirmwareTable
0x140082290 OpenProcess
0x140082298 LoadLibraryW
0x1400822a0 TerminateProcess
0x1400822a8 Process32FirstW
0x1400822b0 RemoveDirectoryW
0x1400822b8 Process32NextW
0x1400822c0 CreateToolhelp32Snapshot
0x1400822c8 FindFirstFileA
0x1400822d0 FindNextFileA
0x1400822d8 QueryPerformanceCounter
0x1400822e0 QueryPerformanceFrequency
0x1400822e8 GetCommandLineW
0x1400822f0 EncodePointer
0x1400822f8 DecodePointer
0x140082300 GetCPInfo
0x140082308 HeapReAlloc
0x140082310 GetSystemTimeAsFileTime
0x140082318 RtlPcToFileHeader
0x140082320 RtlLookupFunctionEntry
0x140082328 RtlUnwindEx
0x140082330 IsDebuggerPresent
0x140082338 IsProcessorFeaturePresent
0x140082340 MultiByteToWideChar
0x140082348 WideCharToMultiByte
0x140082350 GetCurrentThreadId
0x140082358 GetModuleHandleExW
0x140082360 AreFileApisANSI
0x140082368 GetStdHandle
0x140082370 GetModuleFileNameW
0x140082378 GetFileType
0x140082380 InitializeCriticalSectionAndSpinCount
0x140082388 DeleteCriticalSection
0x140082390 InitOnceExecuteOnce
0x140082398 GetStartupInfoW
0x1400823a0 GetTickCount64
0x1400823a8 GetEnvironmentStringsW
0x1400823b0 FreeEnvironmentStringsW
0x1400823b8 RtlCaptureContext
0x1400823c0 RtlVirtualUnwind
0x1400823c8 UnhandledExceptionFilter
0x1400823d0 SetUnhandledExceptionFilter
0x1400823d8 FlsAlloc
0x1400823e0 FlsGetValue
0x1400823e8 FlsSetValue
0x1400823f0 FlsFree
0x1400823f8 GetCurrentProcess
0x140082400 IsValidCodePage
0x140082408 GetACP
0x140082410 GetOEMCP
EAT(Export Address Table) is none