ScreenShot
| Created | 2024.07.18 23:00 | Machine | s1_win7_x6401 |
| Filename | FAKE BTC SENDER zip.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 48 detected (NanoBot, trQD, malicious, high confidence, score, MsilFC, S23227671, Jalapeno, unsafe, Redline, V5k9, many, Artemis, MalwareX, Reline, TrojanPSW, SectopRAT, CLASSIC, AGEN, RedLineNET, Detected, ai score=85, pswtroj, atmn, Eldorado, QQPass, QQRob, Vmhl, Ax+rEXWNMxo, Static AI, Malicious SFX, confidence, 100%) | ||
| md5 | 3a7da416e0ed02e02fa874f3ae09e9a2 | ||
| sha256 | 41cb5ed0263f85315caa04884a4c1afd191f5b3896e9e55bda08fe1b05780fc5 | ||
| ssdeep | 49152:t84yXpij2ZI9iAnQXC4aOLCXlhv0/xK9h162t/7qgptEunf7q677wgIVacP5blXA:tEAaI9uCWG1tzqK7q677wgI7P5blw | ||
| imphash | fcf1390e9ce472c7270447fc5c61a0c1 | ||
| impfuzzy | 48:J9jOX8LKc1XFjsX1Pfc++6WQYgeBtDXMunCHFa:JdJLKc1XFgX1Pfc++VVdBtDXMunMFa | ||
Network IP location
Signature (14cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Creates executable files on the filesystem |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (22cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | detect_Redline_Stealer_V2 | (no description) | binaries (download) |
| danger | MALWARE_Win_VT_RedLine | Detects RedLine infostealer | binaries (download) |
| danger | NorthKorea_Zero | Maybe it's North Korea File | binaries (download) |
| danger | RedLine_Stealer_b_Zero | RedLine stealer | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| watch | Win32_Trojan_PWS_Net_1_Zero | Win32 Trojan PWS .NET Azorult | binaries (download) |
| watch | Win32_WinRAR_SFX_Zero | Win32 WinRAR SFX | binaries (upload) |
| info | Is_DotNET_DLL | (no description) | binaries (download) |
| info | Is_DotNET_EXE | (no description) | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x433000 GetLastError
0x433004 SetLastError
0x433008 FormatMessageW
0x43300c GetCurrentProcess
0x433010 DeviceIoControl
0x433014 SetFileTime
0x433018 CloseHandle
0x43301c CreateDirectoryW
0x433020 RemoveDirectoryW
0x433024 CreateFileW
0x433028 DeleteFileW
0x43302c CreateHardLinkW
0x433030 GetShortPathNameW
0x433034 GetLongPathNameW
0x433038 MoveFileW
0x43303c GetFileType
0x433040 GetStdHandle
0x433044 WriteFile
0x433048 ReadFile
0x43304c FlushFileBuffers
0x433050 SetEndOfFile
0x433054 SetFilePointer
0x433058 SetFileAttributesW
0x43305c GetFileAttributesW
0x433060 FindClose
0x433064 FindFirstFileW
0x433068 FindNextFileW
0x43306c GetVersionExW
0x433070 GetCurrentDirectoryW
0x433074 GetFullPathNameW
0x433078 FoldStringW
0x43307c GetModuleFileNameW
0x433080 GetModuleHandleW
0x433084 FindResourceW
0x433088 FreeLibrary
0x43308c GetProcAddress
0x433090 GetCurrentProcessId
0x433094 ExitProcess
0x433098 SetThreadExecutionState
0x43309c Sleep
0x4330a0 LoadLibraryW
0x4330a4 GetSystemDirectoryW
0x4330a8 CompareStringW
0x4330ac AllocConsole
0x4330b0 FreeConsole
0x4330b4 AttachConsole
0x4330b8 WriteConsoleW
0x4330bc GetProcessAffinityMask
0x4330c0 CreateThread
0x4330c4 SetThreadPriority
0x4330c8 InitializeCriticalSection
0x4330cc EnterCriticalSection
0x4330d0 LeaveCriticalSection
0x4330d4 DeleteCriticalSection
0x4330d8 SetEvent
0x4330dc ResetEvent
0x4330e0 ReleaseSemaphore
0x4330e4 WaitForSingleObject
0x4330e8 CreateEventW
0x4330ec CreateSemaphoreW
0x4330f0 GetSystemTime
0x4330f4 SystemTimeToTzSpecificLocalTime
0x4330f8 TzSpecificLocalTimeToSystemTime
0x4330fc SystemTimeToFileTime
0x433100 FileTimeToLocalFileTime
0x433104 LocalFileTimeToFileTime
0x433108 FileTimeToSystemTime
0x43310c GetCPInfo
0x433110 IsDBCSLeadByte
0x433114 MultiByteToWideChar
0x433118 WideCharToMultiByte
0x43311c GlobalAlloc
0x433120 LockResource
0x433124 GlobalLock
0x433128 GlobalUnlock
0x43312c GlobalFree
0x433130 LoadResource
0x433134 SizeofResource
0x433138 SetCurrentDirectoryW
0x43313c GetExitCodeProcess
0x433140 GetLocalTime
0x433144 GetTickCount
0x433148 MapViewOfFile
0x43314c UnmapViewOfFile
0x433150 CreateFileMappingW
0x433154 OpenFileMappingW
0x433158 GetCommandLineW
0x43315c SetEnvironmentVariableW
0x433160 ExpandEnvironmentStringsW
0x433164 GetTempPathW
0x433168 MoveFileExW
0x43316c GetLocaleInfoW
0x433170 GetTimeFormatW
0x433174 GetDateFormatW
0x433178 GetNumberFormatW
0x43317c SetFilePointerEx
0x433180 GetConsoleMode
0x433184 GetConsoleCP
0x433188 HeapSize
0x43318c SetStdHandle
0x433190 GetProcessHeap
0x433194 RaiseException
0x433198 GetSystemInfo
0x43319c VirtualProtect
0x4331a0 VirtualQuery
0x4331a4 LoadLibraryExA
0x4331a8 IsProcessorFeaturePresent
0x4331ac IsDebuggerPresent
0x4331b0 UnhandledExceptionFilter
0x4331b4 SetUnhandledExceptionFilter
0x4331b8 GetStartupInfoW
0x4331bc QueryPerformanceCounter
0x4331c0 GetCurrentThreadId
0x4331c4 GetSystemTimeAsFileTime
0x4331c8 InitializeSListHead
0x4331cc TerminateProcess
0x4331d0 RtlUnwind
0x4331d4 EncodePointer
0x4331d8 InitializeCriticalSectionAndSpinCount
0x4331dc TlsAlloc
0x4331e0 TlsGetValue
0x4331e4 TlsSetValue
0x4331e8 TlsFree
0x4331ec LoadLibraryExW
0x4331f0 QueryPerformanceFrequency
0x4331f4 GetModuleHandleExW
0x4331f8 GetModuleFileNameA
0x4331fc GetACP
0x433200 HeapFree
0x433204 HeapAlloc
0x433208 HeapReAlloc
0x43320c GetStringTypeW
0x433210 LCMapStringW
0x433214 FindFirstFileExA
0x433218 FindNextFileA
0x43321c IsValidCodePage
0x433220 GetOEMCP
0x433224 GetCommandLineA
0x433228 GetEnvironmentStringsW
0x43322c FreeEnvironmentStringsW
0x433230 DecodePointer
gdiplus.dll
0x433238 GdiplusShutdown
0x43323c GdiplusStartup
0x433240 GdipCreateHBITMAPFromBitmap
0x433244 GdipCreateBitmapFromStreamICM
0x433248 GdipCreateBitmapFromStream
0x43324c GdipDisposeImage
0x433250 GdipCloneImage
0x433254 GdipFree
0x433258 GdipAlloc
EAT(Export Address Table) Library
KERNEL32.dll
0x433000 GetLastError
0x433004 SetLastError
0x433008 FormatMessageW
0x43300c GetCurrentProcess
0x433010 DeviceIoControl
0x433014 SetFileTime
0x433018 CloseHandle
0x43301c CreateDirectoryW
0x433020 RemoveDirectoryW
0x433024 CreateFileW
0x433028 DeleteFileW
0x43302c CreateHardLinkW
0x433030 GetShortPathNameW
0x433034 GetLongPathNameW
0x433038 MoveFileW
0x43303c GetFileType
0x433040 GetStdHandle
0x433044 WriteFile
0x433048 ReadFile
0x43304c FlushFileBuffers
0x433050 SetEndOfFile
0x433054 SetFilePointer
0x433058 SetFileAttributesW
0x43305c GetFileAttributesW
0x433060 FindClose
0x433064 FindFirstFileW
0x433068 FindNextFileW
0x43306c GetVersionExW
0x433070 GetCurrentDirectoryW
0x433074 GetFullPathNameW
0x433078 FoldStringW
0x43307c GetModuleFileNameW
0x433080 GetModuleHandleW
0x433084 FindResourceW
0x433088 FreeLibrary
0x43308c GetProcAddress
0x433090 GetCurrentProcessId
0x433094 ExitProcess
0x433098 SetThreadExecutionState
0x43309c Sleep
0x4330a0 LoadLibraryW
0x4330a4 GetSystemDirectoryW
0x4330a8 CompareStringW
0x4330ac AllocConsole
0x4330b0 FreeConsole
0x4330b4 AttachConsole
0x4330b8 WriteConsoleW
0x4330bc GetProcessAffinityMask
0x4330c0 CreateThread
0x4330c4 SetThreadPriority
0x4330c8 InitializeCriticalSection
0x4330cc EnterCriticalSection
0x4330d0 LeaveCriticalSection
0x4330d4 DeleteCriticalSection
0x4330d8 SetEvent
0x4330dc ResetEvent
0x4330e0 ReleaseSemaphore
0x4330e4 WaitForSingleObject
0x4330e8 CreateEventW
0x4330ec CreateSemaphoreW
0x4330f0 GetSystemTime
0x4330f4 SystemTimeToTzSpecificLocalTime
0x4330f8 TzSpecificLocalTimeToSystemTime
0x4330fc SystemTimeToFileTime
0x433100 FileTimeToLocalFileTime
0x433104 LocalFileTimeToFileTime
0x433108 FileTimeToSystemTime
0x43310c GetCPInfo
0x433110 IsDBCSLeadByte
0x433114 MultiByteToWideChar
0x433118 WideCharToMultiByte
0x43311c GlobalAlloc
0x433120 LockResource
0x433124 GlobalLock
0x433128 GlobalUnlock
0x43312c GlobalFree
0x433130 LoadResource
0x433134 SizeofResource
0x433138 SetCurrentDirectoryW
0x43313c GetExitCodeProcess
0x433140 GetLocalTime
0x433144 GetTickCount
0x433148 MapViewOfFile
0x43314c UnmapViewOfFile
0x433150 CreateFileMappingW
0x433154 OpenFileMappingW
0x433158 GetCommandLineW
0x43315c SetEnvironmentVariableW
0x433160 ExpandEnvironmentStringsW
0x433164 GetTempPathW
0x433168 MoveFileExW
0x43316c GetLocaleInfoW
0x433170 GetTimeFormatW
0x433174 GetDateFormatW
0x433178 GetNumberFormatW
0x43317c SetFilePointerEx
0x433180 GetConsoleMode
0x433184 GetConsoleCP
0x433188 HeapSize
0x43318c SetStdHandle
0x433190 GetProcessHeap
0x433194 RaiseException
0x433198 GetSystemInfo
0x43319c VirtualProtect
0x4331a0 VirtualQuery
0x4331a4 LoadLibraryExA
0x4331a8 IsProcessorFeaturePresent
0x4331ac IsDebuggerPresent
0x4331b0 UnhandledExceptionFilter
0x4331b4 SetUnhandledExceptionFilter
0x4331b8 GetStartupInfoW
0x4331bc QueryPerformanceCounter
0x4331c0 GetCurrentThreadId
0x4331c4 GetSystemTimeAsFileTime
0x4331c8 InitializeSListHead
0x4331cc TerminateProcess
0x4331d0 RtlUnwind
0x4331d4 EncodePointer
0x4331d8 InitializeCriticalSectionAndSpinCount
0x4331dc TlsAlloc
0x4331e0 TlsGetValue
0x4331e4 TlsSetValue
0x4331e8 TlsFree
0x4331ec LoadLibraryExW
0x4331f0 QueryPerformanceFrequency
0x4331f4 GetModuleHandleExW
0x4331f8 GetModuleFileNameA
0x4331fc GetACP
0x433200 HeapFree
0x433204 HeapAlloc
0x433208 HeapReAlloc
0x43320c GetStringTypeW
0x433210 LCMapStringW
0x433214 FindFirstFileExA
0x433218 FindNextFileA
0x43321c IsValidCodePage
0x433220 GetOEMCP
0x433224 GetCommandLineA
0x433228 GetEnvironmentStringsW
0x43322c FreeEnvironmentStringsW
0x433230 DecodePointer
gdiplus.dll
0x433238 GdiplusShutdown
0x43323c GdiplusStartup
0x433240 GdipCreateHBITMAPFromBitmap
0x433244 GdipCreateBitmapFromStreamICM
0x433248 GdipCreateBitmapFromStream
0x43324c GdipDisposeImage
0x433250 GdipCloneImage
0x433254 GdipFree
0x433258 GdipAlloc
EAT(Export Address Table) Library