ScreenShot
| Created | 2024.07.11 13:27 | Machine | s1_win7_x6403 |
| Filename | msbuild.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 10 detected (AIDetectMalware, CLOUD, MALICIOUS, Nsmw, susgen, PossibleThreat) | ||
| md5 | 77b8c18bece02b6cfa33f68c743b3c3c | ||
| sha256 | e19de62c82f499f2f3748136c337222c2f67effba91e6252fdc9ece2f20595d9 | ||
| ssdeep | 49152:T13hnx0+HdYgtb20mCnChhO+TA/5oGSWxHP+RJcGZ12yP32aVb5S:pG2n1Si+RJcGy82aVE | ||
| imphash | fc51f74b94b4bc6fd2beb5108763e894 | ||
| impfuzzy | 96:I9/F2Od7gDB/t2LN0L5WXHPZqxxM6a1MPgGY9mE+hX2tnbZO4Am5/:KdM/t2wWBdc53EUX2tbPh | ||
Network IP location
Signature (11cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | File has been identified by 10 AntiVirus engines on VirusTotal as malicious |
| watch | Installs itself for autorun at Windows startup |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates a shortcut to an executable file |
| notice | Creates executable files on the filesystem |
| notice | Resolves a suspicious Top Level Domain (TLD) |
| info | Checks amount of memory in system |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | lnk_file_format | Microsoft Windows Shortcut File Format | binaries (download) |
| info | Lnk_Format_Zero | LNK Format | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
ole32.dll
0x1402247c0 CoInitialize
0x1402247c8 CoCreateInstance
0x1402247d0 CoUninitialize
0x1402247d8 CoTaskMemFree
KERNEL32.dll
0x140224120 CreateProcessW
0x140224128 AssignProcessToJobObject
0x140224130 PeekNamedPipe
0x140224138 GlobalMemoryStatusEx
0x140224140 CreateJobObjectW
0x140224148 GetSystemDirectoryW
0x140224150 GetStartupInfoW
0x140224158 CreatePipe
0x140224160 DeleteCriticalSection
0x140224168 TerminateJobObject
0x140224170 GetConsoleWindow
0x140224178 GetModuleFileNameW
0x140224180 WideCharToMultiByte
0x140224188 LeaveCriticalSection
0x140224190 WriteFile
0x140224198 EnterCriticalSection
0x1402241a0 ReadFile
0x1402241a8 SetEndOfFile
0x1402241b0 WriteConsoleW
0x1402241b8 GetFileSize
0x1402241c0 CreateFileA
0x1402241c8 FindClose
0x1402241d0 FindNextFileA
0x1402241d8 FileTimeToSystemTime
0x1402241e0 FindFirstFileA
0x1402241e8 GetVolumeInformationA
0x1402241f0 GetDiskFreeSpaceExA
0x1402241f8 GetDriveTypeA
0x140224200 GetLogicalDriveStringsA
0x140224208 GetLogicalDriveStringsW
0x140224210 SetEnvironmentVariableW
0x140224218 FreeEnvironmentStringsW
0x140224220 GetEnvironmentStringsW
0x140224228 GetOEMCP
0x140224230 GetACP
0x140224238 IsValidCodePage
0x140224240 FindFirstFileExW
0x140224248 GetFullPathNameW
0x140224250 GetCurrentDirectoryW
0x140224258 SetStdHandle
0x140224260 GetTimeZoneInformation
0x140224268 FlushFileBuffers
0x140224270 SetFilePointerEx
0x140224278 GetFileSizeEx
0x140224280 GetFileAttributesExW
0x140224288 GetExitCodeProcess
0x140224290 EnumSystemLocalesW
0x140224298 GetUserDefaultLCID
0x1402242a0 IsValidLocale
0x1402242a8 GetLocaleInfoW
0x1402242b0 LCMapStringW
0x1402242b8 CompareStringW
0x1402242c0 GetConsoleOutputCP
0x1402242c8 GetCommandLineW
0x1402242d0 GetCommandLineA
0x1402242d8 SystemTimeToTzSpecificLocalTime
0x1402242e0 GetFileInformationByHandle
0x1402242e8 GetDriveTypeW
0x1402242f0 SetConsoleCtrlHandler
0x1402242f8 ExitProcess
0x140224300 GetModuleHandleExW
0x140224308 FreeLibraryAndExitThread
0x140224310 ExitThread
0x140224318 LoadLibraryExW
0x140224320 FreeLibrary
0x140224328 RtlPcToFileHeader
0x140224330 InterlockedPushEntrySList
0x140224338 RtlUnwindEx
0x140224340 OutputDebugStringW
0x140224348 IsDebuggerPresent
0x140224350 IsProcessorFeaturePresent
0x140224358 InitializeCriticalSection
0x140224360 Sleep
0x140224368 WaitForSingleObject
0x140224370 SetEvent
0x140224378 CloseHandle
0x140224380 CreateThread
0x140224388 CreateEventW
0x140224390 TerminateProcess
0x140224398 GetCurrentProcess
0x1402243a0 SetUnhandledExceptionFilter
0x1402243a8 UnhandledExceptionFilter
0x1402243b0 RtlVirtualUnwind
0x1402243b8 RtlLookupFunctionEntry
0x1402243c0 RtlCaptureContext
0x1402243c8 WaitForSingleObjectEx
0x1402243d0 InitializeSListHead
0x1402243d8 ReadConsoleW
0x1402243e0 ReadConsoleA
0x1402243e8 GetSystemTimeAsFileTime
0x1402243f0 InitializeSRWLock
0x1402243f8 ReleaseSRWLockExclusive
0x140224400 AcquireSRWLockExclusive
0x140224408 InitializeCriticalSectionEx
0x140224410 TryEnterCriticalSection
0x140224418 GetCurrentThreadId
0x140224420 FormatMessageA
0x140224428 QueryPerformanceCounter
0x140224430 QueryPerformanceFrequency
0x140224438 FlsAlloc
0x140224440 FlsGetValue
0x140224448 FlsSetValue
0x140224450 FlsFree
0x140224458 GetCurrentProcessorNumber
0x140224460 RtlUnwind
0x140224468 GetModuleHandleW
0x140224470 GetProcAddress
0x140224478 EncodePointer
0x140224480 DecodePointer
0x140224488 MultiByteToWideChar
0x140224490 LCMapStringEx
0x140224498 GetStringTypeW
0x1402244a0 GetCPInfo
0x1402244a8 GetLastError
0x1402244b0 SetLastError
0x1402244b8 TryAcquireSRWLockExclusive
0x1402244c0 TlsGetValue
0x1402244c8 TlsSetValue
0x1402244d0 GetSystemInfo
0x1402244d8 RaiseException
0x1402244e0 HeapDestroy
0x1402244e8 HeapAlloc
0x1402244f0 HeapReAlloc
0x1402244f8 HeapFree
0x140224500 HeapSize
0x140224508 GetProcessHeap
0x140224510 InitializeCriticalSectionAndSpinCount
0x140224518 ResetEvent
0x140224520 VirtualAlloc
0x140224528 VirtualFree
0x140224530 TlsAlloc
0x140224538 SwitchToThread
0x140224540 CreateFileW
0x140224548 CreateFileMappingW
0x140224550 MapViewOfFileEx
0x140224558 lstrlenW
0x140224560 UnmapViewOfFile
0x140224568 TlsFree
0x140224570 GetStdHandle
0x140224578 GetFileType
0x140224580 DeleteFiber
0x140224588 GetSystemTime
0x140224590 SystemTimeToFileTime
0x140224598 FindFirstFileW
0x1402245a0 FindNextFileW
0x1402245a8 GetCurrentProcessId
0x1402245b0 ConvertFiberToThread
0x1402245b8 GetEnvironmentVariableW
0x1402245c0 GetConsoleMode
0x1402245c8 SetConsoleMode
USER32.dll
0x140224608 EnumDisplaySettingsW
0x140224610 EnumDisplayMonitors
0x140224618 GetDC
0x140224620 GetDesktopWindow
0x140224628 ShowWindow
0x140224630 GetWindowLongW
0x140224638 SetWindowLongW
0x140224640 SetWindowPos
0x140224648 MessageBoxW
0x140224650 GetUserObjectInformationW
0x140224658 GetProcessWindowStation
0x140224660 MsgWaitForMultipleObjects
0x140224668 PeekMessageW
0x140224670 DispatchMessageW
0x140224678 TranslateMessage
0x140224680 wsprintfW
0x140224688 GetMonitorInfoW
GDI32.dll
0x1402240e8 CreateCompatibleBitmap
0x1402240f0 SelectObject
0x1402240f8 GetObjectW
0x140224100 GetDIBits
0x140224108 BitBlt
0x140224110 CreateCompatibleDC
ADVAPI32.dll
0x140224000 CryptDestroyHash
0x140224008 CryptGenRandom
0x140224010 CryptAcquireContextA
0x140224018 CryptEnumProvidersW
0x140224020 CryptSignHashW
0x140224028 CryptReleaseContext
0x140224030 CryptAcquireContextW
0x140224038 ReportEventW
0x140224040 RegisterEventSourceW
0x140224048 DeregisterEventSource
0x140224050 CryptSetHashParam
0x140224058 CryptGetProvParam
0x140224060 CryptGetUserKey
0x140224068 RegCloseKey
0x140224070 RegQueryValueExW
0x140224078 RegOpenKeyW
0x140224080 CryptCreateHash
0x140224088 CryptDecrypt
0x140224090 CryptExportKey
0x140224098 CryptDestroyKey
SHELL32.dll
0x1402245e8 SHGetKnownFolderPath
OLEAUT32.dll
0x1402245d8 VariantInit
WS2_32.dll
0x1402246c0 WSAIoctl
0x1402246c8 WSASetLastError
0x1402246d0 shutdown
0x1402246d8 send
0x1402246e0 htons
0x1402246e8 getsockname
0x1402246f0 getpeername
0x1402246f8 closesocket
0x140224700 WSAGetLastError
0x140224708 gethostname
0x140224710 ntohl
0x140224718 ntohs
0x140224720 WSAStringToAddressW
0x140224728 getaddrinfo
0x140224730 freeaddrinfo
0x140224738 InetNtopW
0x140224740 ind
0x140224748 socket
0x140224750 WSAStartup
0x140224758 WSACleanup
0x140224760 connect
0x140224768 recv
0x140224770 WSACloseEvent
0x140224778 WSACreateEvent
0x140224780 WSAEnumNetworkEvents
0x140224788 WSAEventSelect
0x140224790 WSAResetEvent
0x140224798 WSAWaitForMultipleEvents
0x1402247a0 setsockopt
CRYPT32.dll
0x1402240a8 CertOpenStore
0x1402240b0 CertCloseStore
0x1402240b8 CertEnumCertificatesInStore
0x1402240c0 CertFindCertificateInStore
0x1402240c8 CertDuplicateCertificateContext
0x1402240d0 CertFreeCertificateContext
0x1402240d8 CertGetCertificateContextProperty
crypt.dll
0x1402247b0 BCryptGenRandom
SHLWAPI.dll
0x1402245f8 StrChrW
WINMM.dll
0x140224698 timeBeginPeriod
0x1402246a0 timeEndPeriod
0x1402246a8 timeGetDevCaps
0x1402246b0 timeGetTime
EAT(Export Address Table) is none
ole32.dll
0x1402247c0 CoInitialize
0x1402247c8 CoCreateInstance
0x1402247d0 CoUninitialize
0x1402247d8 CoTaskMemFree
KERNEL32.dll
0x140224120 CreateProcessW
0x140224128 AssignProcessToJobObject
0x140224130 PeekNamedPipe
0x140224138 GlobalMemoryStatusEx
0x140224140 CreateJobObjectW
0x140224148 GetSystemDirectoryW
0x140224150 GetStartupInfoW
0x140224158 CreatePipe
0x140224160 DeleteCriticalSection
0x140224168 TerminateJobObject
0x140224170 GetConsoleWindow
0x140224178 GetModuleFileNameW
0x140224180 WideCharToMultiByte
0x140224188 LeaveCriticalSection
0x140224190 WriteFile
0x140224198 EnterCriticalSection
0x1402241a0 ReadFile
0x1402241a8 SetEndOfFile
0x1402241b0 WriteConsoleW
0x1402241b8 GetFileSize
0x1402241c0 CreateFileA
0x1402241c8 FindClose
0x1402241d0 FindNextFileA
0x1402241d8 FileTimeToSystemTime
0x1402241e0 FindFirstFileA
0x1402241e8 GetVolumeInformationA
0x1402241f0 GetDiskFreeSpaceExA
0x1402241f8 GetDriveTypeA
0x140224200 GetLogicalDriveStringsA
0x140224208 GetLogicalDriveStringsW
0x140224210 SetEnvironmentVariableW
0x140224218 FreeEnvironmentStringsW
0x140224220 GetEnvironmentStringsW
0x140224228 GetOEMCP
0x140224230 GetACP
0x140224238 IsValidCodePage
0x140224240 FindFirstFileExW
0x140224248 GetFullPathNameW
0x140224250 GetCurrentDirectoryW
0x140224258 SetStdHandle
0x140224260 GetTimeZoneInformation
0x140224268 FlushFileBuffers
0x140224270 SetFilePointerEx
0x140224278 GetFileSizeEx
0x140224280 GetFileAttributesExW
0x140224288 GetExitCodeProcess
0x140224290 EnumSystemLocalesW
0x140224298 GetUserDefaultLCID
0x1402242a0 IsValidLocale
0x1402242a8 GetLocaleInfoW
0x1402242b0 LCMapStringW
0x1402242b8 CompareStringW
0x1402242c0 GetConsoleOutputCP
0x1402242c8 GetCommandLineW
0x1402242d0 GetCommandLineA
0x1402242d8 SystemTimeToTzSpecificLocalTime
0x1402242e0 GetFileInformationByHandle
0x1402242e8 GetDriveTypeW
0x1402242f0 SetConsoleCtrlHandler
0x1402242f8 ExitProcess
0x140224300 GetModuleHandleExW
0x140224308 FreeLibraryAndExitThread
0x140224310 ExitThread
0x140224318 LoadLibraryExW
0x140224320 FreeLibrary
0x140224328 RtlPcToFileHeader
0x140224330 InterlockedPushEntrySList
0x140224338 RtlUnwindEx
0x140224340 OutputDebugStringW
0x140224348 IsDebuggerPresent
0x140224350 IsProcessorFeaturePresent
0x140224358 InitializeCriticalSection
0x140224360 Sleep
0x140224368 WaitForSingleObject
0x140224370 SetEvent
0x140224378 CloseHandle
0x140224380 CreateThread
0x140224388 CreateEventW
0x140224390 TerminateProcess
0x140224398 GetCurrentProcess
0x1402243a0 SetUnhandledExceptionFilter
0x1402243a8 UnhandledExceptionFilter
0x1402243b0 RtlVirtualUnwind
0x1402243b8 RtlLookupFunctionEntry
0x1402243c0 RtlCaptureContext
0x1402243c8 WaitForSingleObjectEx
0x1402243d0 InitializeSListHead
0x1402243d8 ReadConsoleW
0x1402243e0 ReadConsoleA
0x1402243e8 GetSystemTimeAsFileTime
0x1402243f0 InitializeSRWLock
0x1402243f8 ReleaseSRWLockExclusive
0x140224400 AcquireSRWLockExclusive
0x140224408 InitializeCriticalSectionEx
0x140224410 TryEnterCriticalSection
0x140224418 GetCurrentThreadId
0x140224420 FormatMessageA
0x140224428 QueryPerformanceCounter
0x140224430 QueryPerformanceFrequency
0x140224438 FlsAlloc
0x140224440 FlsGetValue
0x140224448 FlsSetValue
0x140224450 FlsFree
0x140224458 GetCurrentProcessorNumber
0x140224460 RtlUnwind
0x140224468 GetModuleHandleW
0x140224470 GetProcAddress
0x140224478 EncodePointer
0x140224480 DecodePointer
0x140224488 MultiByteToWideChar
0x140224490 LCMapStringEx
0x140224498 GetStringTypeW
0x1402244a0 GetCPInfo
0x1402244a8 GetLastError
0x1402244b0 SetLastError
0x1402244b8 TryAcquireSRWLockExclusive
0x1402244c0 TlsGetValue
0x1402244c8 TlsSetValue
0x1402244d0 GetSystemInfo
0x1402244d8 RaiseException
0x1402244e0 HeapDestroy
0x1402244e8 HeapAlloc
0x1402244f0 HeapReAlloc
0x1402244f8 HeapFree
0x140224500 HeapSize
0x140224508 GetProcessHeap
0x140224510 InitializeCriticalSectionAndSpinCount
0x140224518 ResetEvent
0x140224520 VirtualAlloc
0x140224528 VirtualFree
0x140224530 TlsAlloc
0x140224538 SwitchToThread
0x140224540 CreateFileW
0x140224548 CreateFileMappingW
0x140224550 MapViewOfFileEx
0x140224558 lstrlenW
0x140224560 UnmapViewOfFile
0x140224568 TlsFree
0x140224570 GetStdHandle
0x140224578 GetFileType
0x140224580 DeleteFiber
0x140224588 GetSystemTime
0x140224590 SystemTimeToFileTime
0x140224598 FindFirstFileW
0x1402245a0 FindNextFileW
0x1402245a8 GetCurrentProcessId
0x1402245b0 ConvertFiberToThread
0x1402245b8 GetEnvironmentVariableW
0x1402245c0 GetConsoleMode
0x1402245c8 SetConsoleMode
USER32.dll
0x140224608 EnumDisplaySettingsW
0x140224610 EnumDisplayMonitors
0x140224618 GetDC
0x140224620 GetDesktopWindow
0x140224628 ShowWindow
0x140224630 GetWindowLongW
0x140224638 SetWindowLongW
0x140224640 SetWindowPos
0x140224648 MessageBoxW
0x140224650 GetUserObjectInformationW
0x140224658 GetProcessWindowStation
0x140224660 MsgWaitForMultipleObjects
0x140224668 PeekMessageW
0x140224670 DispatchMessageW
0x140224678 TranslateMessage
0x140224680 wsprintfW
0x140224688 GetMonitorInfoW
GDI32.dll
0x1402240e8 CreateCompatibleBitmap
0x1402240f0 SelectObject
0x1402240f8 GetObjectW
0x140224100 GetDIBits
0x140224108 BitBlt
0x140224110 CreateCompatibleDC
ADVAPI32.dll
0x140224000 CryptDestroyHash
0x140224008 CryptGenRandom
0x140224010 CryptAcquireContextA
0x140224018 CryptEnumProvidersW
0x140224020 CryptSignHashW
0x140224028 CryptReleaseContext
0x140224030 CryptAcquireContextW
0x140224038 ReportEventW
0x140224040 RegisterEventSourceW
0x140224048 DeregisterEventSource
0x140224050 CryptSetHashParam
0x140224058 CryptGetProvParam
0x140224060 CryptGetUserKey
0x140224068 RegCloseKey
0x140224070 RegQueryValueExW
0x140224078 RegOpenKeyW
0x140224080 CryptCreateHash
0x140224088 CryptDecrypt
0x140224090 CryptExportKey
0x140224098 CryptDestroyKey
SHELL32.dll
0x1402245e8 SHGetKnownFolderPath
OLEAUT32.dll
0x1402245d8 VariantInit
WS2_32.dll
0x1402246c0 WSAIoctl
0x1402246c8 WSASetLastError
0x1402246d0 shutdown
0x1402246d8 send
0x1402246e0 htons
0x1402246e8 getsockname
0x1402246f0 getpeername
0x1402246f8 closesocket
0x140224700 WSAGetLastError
0x140224708 gethostname
0x140224710 ntohl
0x140224718 ntohs
0x140224720 WSAStringToAddressW
0x140224728 getaddrinfo
0x140224730 freeaddrinfo
0x140224738 InetNtopW
0x140224740 ind
0x140224748 socket
0x140224750 WSAStartup
0x140224758 WSACleanup
0x140224760 connect
0x140224768 recv
0x140224770 WSACloseEvent
0x140224778 WSACreateEvent
0x140224780 WSAEnumNetworkEvents
0x140224788 WSAEventSelect
0x140224790 WSAResetEvent
0x140224798 WSAWaitForMultipleEvents
0x1402247a0 setsockopt
CRYPT32.dll
0x1402240a8 CertOpenStore
0x1402240b0 CertCloseStore
0x1402240b8 CertEnumCertificatesInStore
0x1402240c0 CertFindCertificateInStore
0x1402240c8 CertDuplicateCertificateContext
0x1402240d0 CertFreeCertificateContext
0x1402240d8 CertGetCertificateContextProperty
crypt.dll
0x1402247b0 BCryptGenRandom
SHLWAPI.dll
0x1402245f8 StrChrW
WINMM.dll
0x140224698 timeBeginPeriod
0x1402246a0 timeEndPeriod
0x1402246a8 timeGetDevCaps
0x1402246b0 timeGetTime
EAT(Export Address Table) is none