ScreenShot
| Created | 2024.07.11 13:55 | Machine | s1_win7_x6403 |
| Filename | Session.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 40 detected (AIDetectMalware, malicious, high confidence, score, NetLoader, Lazy, Vl3k, Attribute, HighConfidence, Artemis, MalwareX, CLASSIC, Detected, ai score=85, Sabsik, Casdet, R641715, Chgt, R002H07GA24, PossibleThreat, confidence) | ||
| md5 | f21b99b36592ff7415d56841d4fd62d0 | ||
| sha256 | 6f90f15c3337288d0fc686f6f2e3988043c126c356d6096e99158e60f91c3403 | ||
| ssdeep | 768:IOEXYRpKodXNyVX7FgFrrm4rjO29DnK1JreG7PzGgt4Z6TDQ/wPdPtNR+d7iuhjJ:FkQ7dyVyrrkzF8CPdsiuUzu/ac | ||
| imphash | 14767932c761829cdc869ee3b15e7ec4 | ||
| impfuzzy | 48:5tMS1mgyfmS6J/CTHA1lI0Btt67q9nqjJe78z4GPucstuK:5tMS1mgyfmS4/CrKBjt6elq1e78z4+sP | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 40 AntiVirus engines on VirusTotal as malicious |
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14000e018 MultiByteToWideChar
0x14000e020 GetProcAddress
0x14000e028 LoadLibraryW
0x14000e030 Sleep
0x14000e038 LocalFree
0x14000e040 RtlCaptureContext
0x14000e048 RtlLookupFunctionEntry
0x14000e050 RtlVirtualUnwind
0x14000e058 UnhandledExceptionFilter
0x14000e060 SetUnhandledExceptionFilter
0x14000e068 GetCurrentProcess
0x14000e070 TerminateProcess
0x14000e078 IsProcessorFeaturePresent
0x14000e080 QueryPerformanceCounter
0x14000e088 GetCurrentProcessId
0x14000e090 GetCurrentThreadId
0x14000e098 GetModuleHandleExW
0x14000e0a0 FreeLibrary
0x14000e0a8 ExitProcess
0x14000e0b0 LeaveCriticalSection
0x14000e0b8 EnterCriticalSection
0x14000e0c0 RaiseException
0x14000e0c8 EncodePointer
0x14000e0d0 VirtualQuery
0x14000e0d8 RtlUnwindEx
0x14000e0e0 GetModuleHandleW
0x14000e0e8 IsDebuggerPresent
0x14000e0f0 InitializeSListHead
0x14000e0f8 GetSystemTimeAsFileTime
0x14000e100 GetLastError
ADVAPI32.dll
0x14000e000 RegOpenKeyExW
0x14000e008 RegQueryValueExW
OLEAUT32.dll
0x14000e110 SafeArrayDestroy
0x14000e118 VariantInit
0x14000e120 SafeArrayUnlock
0x14000e128 SysFreeString
0x14000e130 SafeArrayPutElement
0x14000e138 SafeArrayLock
0x14000e140 SafeArrayCreate
0x14000e148 SafeArrayCreateVector
0x14000e150 VariantClear
0x14000e158 SysAllocString
WININET.dll
0x14000e168 InternetOpenA
WS2_32.dll
0x14000e178 recv
0x14000e180 connect
0x14000e188 socket
0x14000e190 send
0x14000e198 inet_addr
0x14000e1a0 WSAStartup
0x14000e1a8 closesocket
0x14000e1b0 WSACleanup
0x14000e1b8 htons
msvcrt.dll
0x14000e1c8 __argc
0x14000e1d0 __argv
0x14000e1d8 ?_set_new_mode@@YAHH@Z
0x14000e1e0 _commode
0x14000e1e8 _msize
0x14000e1f0 ?terminate@@YAXXZ
0x14000e1f8 ___lc_codepage_func
0x14000e200 _isatty
0x14000e208 fflush
0x14000e210 _fileno
0x14000e218 ceil
0x14000e220 log10
0x14000e228 realloc
0x14000e230 _environ
0x14000e238 __pctype_func
0x14000e240 _iob
0x14000e248 _unlock
0x14000e250 _lock
0x14000e258 strcpy_s
0x14000e260 _errno
0x14000e268 abort
0x14000e270 _set_fmode
0x14000e278 _initterm_e
0x14000e280 _initterm
0x14000e288 _callnewh
0x14000e290 malloc
0x14000e298 free
0x14000e2a0 atoi
0x14000e2a8 memmove
0x14000e2b0 _local_unwind
0x14000e2b8 __DestructExceptionObject
0x14000e2c0 _amsg_exit
0x14000e2c8 __C_specific_handler
0x14000e2d0 memset
0x14000e2d8 _CxxThrowException
0x14000e2e0 tolower
0x14000e2e8 __set_app_type
0x14000e2f0 _XcptFilter
0x14000e2f8 wctomb_s
0x14000e300 _mbtowc_l
0x14000e308 strtol
0x14000e310 wcstol
0x14000e318 wcsnlen
0x14000e320 strnlen
0x14000e328 _clearfp
0x14000e330 ___mb_cur_max_func
0x14000e338 __getmainargs
0x14000e340 memcpy
0x14000e348 __CxxFrameHandler3
0x14000e350 strrchr
EAT(Export Address Table) is none
KERNEL32.dll
0x14000e018 MultiByteToWideChar
0x14000e020 GetProcAddress
0x14000e028 LoadLibraryW
0x14000e030 Sleep
0x14000e038 LocalFree
0x14000e040 RtlCaptureContext
0x14000e048 RtlLookupFunctionEntry
0x14000e050 RtlVirtualUnwind
0x14000e058 UnhandledExceptionFilter
0x14000e060 SetUnhandledExceptionFilter
0x14000e068 GetCurrentProcess
0x14000e070 TerminateProcess
0x14000e078 IsProcessorFeaturePresent
0x14000e080 QueryPerformanceCounter
0x14000e088 GetCurrentProcessId
0x14000e090 GetCurrentThreadId
0x14000e098 GetModuleHandleExW
0x14000e0a0 FreeLibrary
0x14000e0a8 ExitProcess
0x14000e0b0 LeaveCriticalSection
0x14000e0b8 EnterCriticalSection
0x14000e0c0 RaiseException
0x14000e0c8 EncodePointer
0x14000e0d0 VirtualQuery
0x14000e0d8 RtlUnwindEx
0x14000e0e0 GetModuleHandleW
0x14000e0e8 IsDebuggerPresent
0x14000e0f0 InitializeSListHead
0x14000e0f8 GetSystemTimeAsFileTime
0x14000e100 GetLastError
ADVAPI32.dll
0x14000e000 RegOpenKeyExW
0x14000e008 RegQueryValueExW
OLEAUT32.dll
0x14000e110 SafeArrayDestroy
0x14000e118 VariantInit
0x14000e120 SafeArrayUnlock
0x14000e128 SysFreeString
0x14000e130 SafeArrayPutElement
0x14000e138 SafeArrayLock
0x14000e140 SafeArrayCreate
0x14000e148 SafeArrayCreateVector
0x14000e150 VariantClear
0x14000e158 SysAllocString
WININET.dll
0x14000e168 InternetOpenA
WS2_32.dll
0x14000e178 recv
0x14000e180 connect
0x14000e188 socket
0x14000e190 send
0x14000e198 inet_addr
0x14000e1a0 WSAStartup
0x14000e1a8 closesocket
0x14000e1b0 WSACleanup
0x14000e1b8 htons
msvcrt.dll
0x14000e1c8 __argc
0x14000e1d0 __argv
0x14000e1d8 ?_set_new_mode@@YAHH@Z
0x14000e1e0 _commode
0x14000e1e8 _msize
0x14000e1f0 ?terminate@@YAXXZ
0x14000e1f8 ___lc_codepage_func
0x14000e200 _isatty
0x14000e208 fflush
0x14000e210 _fileno
0x14000e218 ceil
0x14000e220 log10
0x14000e228 realloc
0x14000e230 _environ
0x14000e238 __pctype_func
0x14000e240 _iob
0x14000e248 _unlock
0x14000e250 _lock
0x14000e258 strcpy_s
0x14000e260 _errno
0x14000e268 abort
0x14000e270 _set_fmode
0x14000e278 _initterm_e
0x14000e280 _initterm
0x14000e288 _callnewh
0x14000e290 malloc
0x14000e298 free
0x14000e2a0 atoi
0x14000e2a8 memmove
0x14000e2b0 _local_unwind
0x14000e2b8 __DestructExceptionObject
0x14000e2c0 _amsg_exit
0x14000e2c8 __C_specific_handler
0x14000e2d0 memset
0x14000e2d8 _CxxThrowException
0x14000e2e0 tolower
0x14000e2e8 __set_app_type
0x14000e2f0 _XcptFilter
0x14000e2f8 wctomb_s
0x14000e300 _mbtowc_l
0x14000e308 strtol
0x14000e310 wcstol
0x14000e318 wcsnlen
0x14000e320 strnlen
0x14000e328 _clearfp
0x14000e330 ___mb_cur_max_func
0x14000e338 __getmainargs
0x14000e340 memcpy
0x14000e348 __CxxFrameHandler3
0x14000e350 strrchr
EAT(Export Address Table) is none