ScreenShot
| Created | 2024.07.12 16:00 | Machine | s1_win7_x6401 |
| Filename | node.js.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 7 detected (Agentb, Casdet, susgen) | ||
| md5 | 9e6ba754b50c865d54a69075a65620ae | ||
| sha256 | 46e1f4257b5fbfbfbdcdb11eeafa0b91893385cf28972eb672ffc9fe906175ab | ||
| ssdeep | 1572864:Sjdd8sMGv6fdWfu7QcQx4wFnrUY2asfgEdjrFQcIubVxqGZ6c7:O8sHSFiquBFwL9gujRQcFTL6c7 | ||
| imphash | b34f154ec913d2d2c435cbd644e91687 | ||
| impfuzzy | 48:JBeZv2GaOIzYArO8Altkz+eOxHALlla/5LRFzn7+P9KQJ45EQl/KAEowrSv0WbXy:n+v3aVz0H1Wx94pKsU | ||
Network IP location
Signature (11cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | Deletes a large number of files from the system indicative of ransomware |
| watch | Deletes executed files from disk |
| watch | Drops 62 unknown file mime types indicative of ransomware writing encrypted files back to disk |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | File has been identified by 7 AntiVirus engines on VirusTotal as malicious |
| info | Checks amount of memory in system |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (21cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | RedLine_Stealer_b_Zero | RedLine stealer | binaries (download) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | NSIS_Installer | Null Soft Installer | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | Obsidium_Zero | Obsidium protector file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (download) |
| notice | Javascript_Blob | use blob(Binary Large Objec) javascript | binaries (download) |
| info | ftp_command | ftp command | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x408070 SetEnvironmentVariableW
0x408074 SetFileAttributesW
0x408078 Sleep
0x40807c GetTickCount
0x408080 GetFileSize
0x408084 GetModuleFileNameW
0x408088 GetCurrentProcess
0x40808c CopyFileW
0x408090 SetCurrentDirectoryW
0x408094 GetFileAttributesW
0x408098 GetWindowsDirectoryW
0x40809c GetTempPathW
0x4080a0 GetCommandLineW
0x4080a4 GetVersion
0x4080a8 SetErrorMode
0x4080ac lstrlenW
0x4080b0 lstrcpynW
0x4080b4 GetDiskFreeSpaceW
0x4080b8 ExitProcess
0x4080bc GetShortPathNameW
0x4080c0 CreateThread
0x4080c4 GetLastError
0x4080c8 CreateDirectoryW
0x4080cc CreateProcessW
0x4080d0 RemoveDirectoryW
0x4080d4 lstrcmpiA
0x4080d8 CreateFileW
0x4080dc GetTempFileNameW
0x4080e0 WriteFile
0x4080e4 lstrcpyA
0x4080e8 MoveFileExW
0x4080ec lstrcatW
0x4080f0 GetSystemDirectoryW
0x4080f4 GetProcAddress
0x4080f8 GetModuleHandleA
0x4080fc GetExitCodeProcess
0x408100 WaitForSingleObject
0x408104 lstrcmpiW
0x408108 MoveFileW
0x40810c GetFullPathNameW
0x408110 SetFileTime
0x408114 SearchPathW
0x408118 CompareFileTime
0x40811c lstrcmpW
0x408120 CloseHandle
0x408124 ExpandEnvironmentStringsW
0x408128 GlobalFree
0x40812c GlobalLock
0x408130 GlobalUnlock
0x408134 GlobalAlloc
0x408138 FindFirstFileW
0x40813c FindNextFileW
0x408140 DeleteFileW
0x408144 SetFilePointer
0x408148 ReadFile
0x40814c FindClose
0x408150 lstrlenA
0x408154 MulDiv
0x408158 MultiByteToWideChar
0x40815c WideCharToMultiByte
0x408160 GetPrivateProfileStringW
0x408164 WritePrivateProfileStringW
0x408168 FreeLibrary
0x40816c LoadLibraryExW
0x408170 GetModuleHandleW
USER32.dll
0x408194 GetSystemMenu
0x408198 SetClassLongW
0x40819c EnableMenuItem
0x4081a0 IsWindowEnabled
0x4081a4 SetWindowPos
0x4081a8 GetSysColor
0x4081ac GetWindowLongW
0x4081b0 SetCursor
0x4081b4 LoadCursorW
0x4081b8 CheckDlgButton
0x4081bc GetMessagePos
0x4081c0 LoadBitmapW
0x4081c4 CallWindowProcW
0x4081c8 IsWindowVisible
0x4081cc CloseClipboard
0x4081d0 SetClipboardData
0x4081d4 EmptyClipboard
0x4081d8 OpenClipboard
0x4081dc ScreenToClient
0x4081e0 GetWindowRect
0x4081e4 GetDlgItem
0x4081e8 GetSystemMetrics
0x4081ec SetDlgItemTextW
0x4081f0 GetDlgItemTextW
0x4081f4 MessageBoxIndirectW
0x4081f8 CharPrevW
0x4081fc CharNextA
0x408200 wsprintfA
0x408204 DispatchMessageW
0x408208 PeekMessageW
0x40820c ReleaseDC
0x408210 EnableWindow
0x408214 InvalidateRect
0x408218 SendMessageW
0x40821c DefWindowProcW
0x408220 BeginPaint
0x408224 GetClientRect
0x408228 FillRect
0x40822c DrawTextW
0x408230 EndDialog
0x408234 RegisterClassW
0x408238 SystemParametersInfoW
0x40823c CreateWindowExW
0x408240 GetClassInfoW
0x408244 DialogBoxParamW
0x408248 CharNextW
0x40824c ExitWindowsEx
0x408250 DestroyWindow
0x408254 GetDC
0x408258 SetTimer
0x40825c SetWindowTextW
0x408260 LoadImageW
0x408264 SetForegroundWindow
0x408268 ShowWindow
0x40826c IsWindow
0x408270 SetWindowLongW
0x408274 FindWindowExW
0x408278 TrackPopupMenu
0x40827c AppendMenuW
0x408280 CreatePopupMenu
0x408284 EndPaint
0x408288 CreateDialogParamW
0x40828c SendMessageTimeoutW
0x408290 wsprintfW
0x408294 PostQuitMessage
GDI32.dll
0x40804c SelectObject
0x408050 SetBkMode
0x408054 CreateFontIndirectW
0x408058 SetTextColor
0x40805c DeleteObject
0x408060 GetDeviceCaps
0x408064 CreateBrushIndirect
0x408068 SetBkColor
SHELL32.dll
0x408178 SHGetSpecialFolderLocation
0x40817c ShellExecuteExW
0x408180 SHGetPathFromIDListW
0x408184 SHBrowseForFolderW
0x408188 SHGetFileInfoW
0x40818c SHFileOperationW
ADVAPI32.dll
0x408000 AdjustTokenPrivileges
0x408004 RegCreateKeyExW
0x408008 RegOpenKeyExW
0x40800c SetFileSecurityW
0x408010 OpenProcessToken
0x408014 LookupPrivilegeValueW
0x408018 RegEnumValueW
0x40801c RegDeleteKeyW
0x408020 RegDeleteValueW
0x408024 RegCloseKey
0x408028 RegSetValueExW
0x40802c RegQueryValueExW
0x408030 RegEnumKeyW
COMCTL32.dll
0x408038 ImageList_Create
0x40803c ImageList_AddMasked
0x408040 ImageList_Destroy
0x408044 None
ole32.dll
0x40829c OleUninitialize
0x4082a0 OleInitialize
0x4082a4 CoTaskMemFree
0x4082a8 CoCreateInstance
EAT(Export Address Table) is none
KERNEL32.dll
0x408070 SetEnvironmentVariableW
0x408074 SetFileAttributesW
0x408078 Sleep
0x40807c GetTickCount
0x408080 GetFileSize
0x408084 GetModuleFileNameW
0x408088 GetCurrentProcess
0x40808c CopyFileW
0x408090 SetCurrentDirectoryW
0x408094 GetFileAttributesW
0x408098 GetWindowsDirectoryW
0x40809c GetTempPathW
0x4080a0 GetCommandLineW
0x4080a4 GetVersion
0x4080a8 SetErrorMode
0x4080ac lstrlenW
0x4080b0 lstrcpynW
0x4080b4 GetDiskFreeSpaceW
0x4080b8 ExitProcess
0x4080bc GetShortPathNameW
0x4080c0 CreateThread
0x4080c4 GetLastError
0x4080c8 CreateDirectoryW
0x4080cc CreateProcessW
0x4080d0 RemoveDirectoryW
0x4080d4 lstrcmpiA
0x4080d8 CreateFileW
0x4080dc GetTempFileNameW
0x4080e0 WriteFile
0x4080e4 lstrcpyA
0x4080e8 MoveFileExW
0x4080ec lstrcatW
0x4080f0 GetSystemDirectoryW
0x4080f4 GetProcAddress
0x4080f8 GetModuleHandleA
0x4080fc GetExitCodeProcess
0x408100 WaitForSingleObject
0x408104 lstrcmpiW
0x408108 MoveFileW
0x40810c GetFullPathNameW
0x408110 SetFileTime
0x408114 SearchPathW
0x408118 CompareFileTime
0x40811c lstrcmpW
0x408120 CloseHandle
0x408124 ExpandEnvironmentStringsW
0x408128 GlobalFree
0x40812c GlobalLock
0x408130 GlobalUnlock
0x408134 GlobalAlloc
0x408138 FindFirstFileW
0x40813c FindNextFileW
0x408140 DeleteFileW
0x408144 SetFilePointer
0x408148 ReadFile
0x40814c FindClose
0x408150 lstrlenA
0x408154 MulDiv
0x408158 MultiByteToWideChar
0x40815c WideCharToMultiByte
0x408160 GetPrivateProfileStringW
0x408164 WritePrivateProfileStringW
0x408168 FreeLibrary
0x40816c LoadLibraryExW
0x408170 GetModuleHandleW
USER32.dll
0x408194 GetSystemMenu
0x408198 SetClassLongW
0x40819c EnableMenuItem
0x4081a0 IsWindowEnabled
0x4081a4 SetWindowPos
0x4081a8 GetSysColor
0x4081ac GetWindowLongW
0x4081b0 SetCursor
0x4081b4 LoadCursorW
0x4081b8 CheckDlgButton
0x4081bc GetMessagePos
0x4081c0 LoadBitmapW
0x4081c4 CallWindowProcW
0x4081c8 IsWindowVisible
0x4081cc CloseClipboard
0x4081d0 SetClipboardData
0x4081d4 EmptyClipboard
0x4081d8 OpenClipboard
0x4081dc ScreenToClient
0x4081e0 GetWindowRect
0x4081e4 GetDlgItem
0x4081e8 GetSystemMetrics
0x4081ec SetDlgItemTextW
0x4081f0 GetDlgItemTextW
0x4081f4 MessageBoxIndirectW
0x4081f8 CharPrevW
0x4081fc CharNextA
0x408200 wsprintfA
0x408204 DispatchMessageW
0x408208 PeekMessageW
0x40820c ReleaseDC
0x408210 EnableWindow
0x408214 InvalidateRect
0x408218 SendMessageW
0x40821c DefWindowProcW
0x408220 BeginPaint
0x408224 GetClientRect
0x408228 FillRect
0x40822c DrawTextW
0x408230 EndDialog
0x408234 RegisterClassW
0x408238 SystemParametersInfoW
0x40823c CreateWindowExW
0x408240 GetClassInfoW
0x408244 DialogBoxParamW
0x408248 CharNextW
0x40824c ExitWindowsEx
0x408250 DestroyWindow
0x408254 GetDC
0x408258 SetTimer
0x40825c SetWindowTextW
0x408260 LoadImageW
0x408264 SetForegroundWindow
0x408268 ShowWindow
0x40826c IsWindow
0x408270 SetWindowLongW
0x408274 FindWindowExW
0x408278 TrackPopupMenu
0x40827c AppendMenuW
0x408280 CreatePopupMenu
0x408284 EndPaint
0x408288 CreateDialogParamW
0x40828c SendMessageTimeoutW
0x408290 wsprintfW
0x408294 PostQuitMessage
GDI32.dll
0x40804c SelectObject
0x408050 SetBkMode
0x408054 CreateFontIndirectW
0x408058 SetTextColor
0x40805c DeleteObject
0x408060 GetDeviceCaps
0x408064 CreateBrushIndirect
0x408068 SetBkColor
SHELL32.dll
0x408178 SHGetSpecialFolderLocation
0x40817c ShellExecuteExW
0x408180 SHGetPathFromIDListW
0x408184 SHBrowseForFolderW
0x408188 SHGetFileInfoW
0x40818c SHFileOperationW
ADVAPI32.dll
0x408000 AdjustTokenPrivileges
0x408004 RegCreateKeyExW
0x408008 RegOpenKeyExW
0x40800c SetFileSecurityW
0x408010 OpenProcessToken
0x408014 LookupPrivilegeValueW
0x408018 RegEnumValueW
0x40801c RegDeleteKeyW
0x408020 RegDeleteValueW
0x408024 RegCloseKey
0x408028 RegSetValueExW
0x40802c RegQueryValueExW
0x408030 RegEnumKeyW
COMCTL32.dll
0x408038 ImageList_Create
0x40803c ImageList_AddMasked
0x408040 ImageList_Destroy
0x408044 None
ole32.dll
0x40829c OleUninitialize
0x4082a0 OleInitialize
0x4082a4 CoTaskMemFree
0x4082a8 CoCreateInstance
EAT(Export Address Table) is none