ScreenShot
| Created | 2024.07.26 12:09 | Machine | s1_win7_x6401 |
| Filename | peinf.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 54 detected (AIDetectMalware, trwY, Malicious, score, GandCrab, Unsafe, Vslo, Attribute, HighConfidence, high confidence, AGen, FWOA, MalwareX, Zeropi, Phorpiex, CLASSIC, ybjxr, DownLoader46, AgentAGen, R002C0DGP24, Detected, ai score=84, 17C6J32, BScope, Propriex, Krypt, GdSda, Gencirc, MalDownload, GrandCrab, NM8PHU) | ||
| md5 | eed7347593de2141727d3960041d8c8e | ||
| sha256 | 6c19c61dd69a8628e38246fc2ce05cee66967eb36f49bde4797892f441b10cad | ||
| ssdeep | 384:D/piPNDeVU9iCUAdAAtlYxJ4JVB00FXMSKR:EPNaVUhU+LYOvFX | ||
| imphash | fb0ee5bafbb99ce467989526f0be15c6 | ||
| impfuzzy | 24:6a2KktNnv5F7Wt40771Bz9vUdRkHlldvCAlUdMI15E:6aHYNnTWt4U71l98dyHDBd+R5E | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 54 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
SHLWAPI.dll
0x40411c PathCombineW
0x404120 StrCmpNW
MSVCR90.dll
0x4040a0 _crt_debugger_hook
0x4040a4 _controlfp_s
0x4040a8 _invoke_watson
0x4040ac _except_handler4_common
0x4040b0 _decode_pointer
0x4040b4 _onexit
0x4040b8 _lock
0x4040bc __dllonexit
0x4040c0 _unlock
0x4040c4 ?terminate@@YAXXZ
0x4040c8 __set_app_type
0x4040cc _encode_pointer
0x4040d0 __p__fmode
0x4040d4 __p__commode
0x4040d8 _adjust_fdiv
0x4040dc __setusermatherr
0x4040e0 _configthreadlocale
0x4040e4 _initterm_e
0x4040e8 _initterm
0x4040ec _acmdln
0x4040f0 exit
0x4040f4 _ismbblead
0x4040f8 _XcptFilter
0x4040fc _exit
0x404100 _cexit
0x404104 __getmainargs
0x404108 _amsg_exit
0x40410c wcsstr
0x404110 memcpy
0x404114 memset
KERNEL32.dll
0x404010 IsDebuggerPresent
0x404014 UnhandledExceptionFilter
0x404018 GetCurrentProcess
0x40401c TerminateProcess
0x404020 GetSystemTimeAsFileTime
0x404024 GetCurrentProcessId
0x404028 GetCurrentThreadId
0x40402c GetTickCount
0x404030 QueryPerformanceCounter
0x404034 SetUnhandledExceptionFilter
0x404038 GetStartupInfoA
0x40403c InterlockedCompareExchange
0x404040 InterlockedExchange
0x404044 ExitThread
0x404048 FindFirstFileW
0x40404c lstrcmpW
0x404050 FindNextFileW
0x404054 GetLogicalDrives
0x404058 GetDriveTypeW
0x40405c QueryDosDeviceW
0x404060 lstrcpyW
0x404064 GetFileSize
0x404068 CreateFileMappingA
0x40406c MapViewOfFile
0x404070 FlushViewOfFile
0x404074 UnmapViewOfFile
0x404078 SetFilePointer
0x40407c SetEndOfFile
0x404080 CreateFileW
0x404084 CloseHandle
0x404088 CreateThread
0x40408c ExitProcess
0x404090 GetLastError
0x404094 CreateMutexA
0x404098 Sleep
USER32.dll
0x404128 CharLowerW
ADVAPI32.dll
0x404000 RegCloseKey
0x404004 RegOpenKeyExW
0x404008 RegQueryValueExW
ole32.dll
0x404130 CoInitializeEx
EAT(Export Address Table) is none
SHLWAPI.dll
0x40411c PathCombineW
0x404120 StrCmpNW
MSVCR90.dll
0x4040a0 _crt_debugger_hook
0x4040a4 _controlfp_s
0x4040a8 _invoke_watson
0x4040ac _except_handler4_common
0x4040b0 _decode_pointer
0x4040b4 _onexit
0x4040b8 _lock
0x4040bc __dllonexit
0x4040c0 _unlock
0x4040c4 ?terminate@@YAXXZ
0x4040c8 __set_app_type
0x4040cc _encode_pointer
0x4040d0 __p__fmode
0x4040d4 __p__commode
0x4040d8 _adjust_fdiv
0x4040dc __setusermatherr
0x4040e0 _configthreadlocale
0x4040e4 _initterm_e
0x4040e8 _initterm
0x4040ec _acmdln
0x4040f0 exit
0x4040f4 _ismbblead
0x4040f8 _XcptFilter
0x4040fc _exit
0x404100 _cexit
0x404104 __getmainargs
0x404108 _amsg_exit
0x40410c wcsstr
0x404110 memcpy
0x404114 memset
KERNEL32.dll
0x404010 IsDebuggerPresent
0x404014 UnhandledExceptionFilter
0x404018 GetCurrentProcess
0x40401c TerminateProcess
0x404020 GetSystemTimeAsFileTime
0x404024 GetCurrentProcessId
0x404028 GetCurrentThreadId
0x40402c GetTickCount
0x404030 QueryPerformanceCounter
0x404034 SetUnhandledExceptionFilter
0x404038 GetStartupInfoA
0x40403c InterlockedCompareExchange
0x404040 InterlockedExchange
0x404044 ExitThread
0x404048 FindFirstFileW
0x40404c lstrcmpW
0x404050 FindNextFileW
0x404054 GetLogicalDrives
0x404058 GetDriveTypeW
0x40405c QueryDosDeviceW
0x404060 lstrcpyW
0x404064 GetFileSize
0x404068 CreateFileMappingA
0x40406c MapViewOfFile
0x404070 FlushViewOfFile
0x404074 UnmapViewOfFile
0x404078 SetFilePointer
0x40407c SetEndOfFile
0x404080 CreateFileW
0x404084 CloseHandle
0x404088 CreateThread
0x40408c ExitProcess
0x404090 GetLastError
0x404094 CreateMutexA
0x404098 Sleep
USER32.dll
0x404128 CharLowerW
ADVAPI32.dll
0x404000 RegCloseKey
0x404004 RegOpenKeyExW
0x404008 RegQueryValueExW
ole32.dll
0x404130 CoInitializeEx
EAT(Export Address Table) is none