ScreenShot
| Created | 2024.07.27 20:30 | Machine | s1_win7_x6401 |
| Filename | YesTraderRun.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 2 detected (Unsafe, BScope, TrojanBanker, ClipBanker) | ||
| md5 | 0c95469e9ee3bc62c0678d7ae0bed71c | ||
| sha256 | 48a6c314ac7ce2ae781a998c3435cb5504827ff65101857cc6f9ede52292dd0f | ||
| ssdeep | 49152:o9NAuIyhKdCyAQwBffAHTCzCfA6my8dHF9dSV/ALHHoIRLAiq/G3dTAQLEczqYI:Cq8yjqffvzQt8H9ctAoIhLNU | ||
| imphash | fd0c40ccba748d8b655ce28c438e9662 | ||
| impfuzzy | 48:RwIAQkkc34hQ2eb4b91mn1qZ31Kla3gkFS82v6qyGEyRae90Mnj06FMZ:OQkkc34e9U9knMCla3gkw82v61GpR/PA | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 2 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| warning | themida_packer | themida packer | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x63514e90 GetModuleHandleA
WS2_32.dll
0x63514e98 getsockname
WINMM.dll
0x63514ea0 PlaySoundA
mfc100.dll
0x63514ea8 None
MSVCR100.dll
0x63514eb0 _setmbcp
USER32.dll
0x63514eb8 InflateRect
GDI32.dll
0x63514ec0 Rectangle
WINSPOOL.DRV
0x63514ec8 ClosePrinter
ADVAPI32.dll
0x63514ed0 RegCloseKey
SHELL32.dll
0x63514ed8 ShellExecuteA
COMCTL32.dll
0x63514ee0 _TrackMouseEvent
SHLWAPI.dll
0x63514ee8 PathRemoveFileSpecA
ole32.dll
0x63514ef0 CoInitialize
OLEAUT32.dll
0x63514ef8 VariantTimeToSystemTime
YesToolkitPro.dll
0x63514f00 ?SetColorShadow@CXTButton@@UAEXK@Z
YesTraderLibrary.dll
0x63514f08 ?GetMessageMap@CLimitRequestManSise@@MBEPBUAFX_MSGMAP@@XZ
Dock.dll
0x63514f10 ?InitCommandBars@?$CXTPCommandBarsSiteBase@VCMDIChildWnd@@@@UAEHPAUCRuntimeClass@@@Z
JongMokMan.dll
0x63514f18 ?SetCodeSelectType@CJongCodeSelect@@QAEXI@Z
ControlsEx.dll
0x63514f20 ?GetThisClass@CTextDropDownBtn@@SGPAUCRuntimeClass@@XZ
CommonGrid.dll
0x63514f28 ?GotoCell@CUGCtrl@@QAEHHJ@Z
MenuManager.dll
0x63514f30 ?SetOthermenuVisible@CScreenSearch@@QAEXHHHH@Z
CodeManager.dll
0x63514f38 ?SetBizDate@CCodeTableMan@@SAXJ@Z
YesCommMan20.dll
0x63514f40 ?GetSocketHandle@CCommRcvDataManThread@@QAEIXZ
Controls20.dll
0x63514f48 ?GetButtonHitTest@CYesCaption@@MAEHUtagPOINT@@@Z
OrderManager.dll
0x63514f50 ?CreatePopupControlTitleBar@CYesPopupControl@@QAEHVCRect@@PBD@Z
OrderBasicLib.dll
0x63514f58 ?ChangeKejaList@CKejaListDlg@@SAXAAUKEJA_INFO@@PAD@Z
Information.dll
0x63514f60 ?OnSessionConnect@CDockTicker@@QAEXXZ
PrivateTrading.dll
0x63514f68 ?CreatePT@COcxMan@@QAEHPAVCWnd@@@Z
SplitOrder.dll
0x63514f70 ?GetThisClass@CSplitOrderScreen@@SGPAUCRuntimeClass@@XZ
StopOrder.dll
0x63514f78 ?GetThisClass@CStopOrderWnd@@SGPAUCRuntimeClass@@XZ
PackageOrder.dll
0x63514f80 ?GetThisClass@CPackageOrderMan@@SGPAUCRuntimeClass@@XZ
AutoModifyOneShot.dll
0x63514f88 ?GetThisClass@CAutoModifyOneShotMan@@SGPAUCRuntimeClass@@XZ
ClickOrder.dll
0x63514f90 ?GetThisClass@CClickOrderGrid@@SGPAUCRuntimeClass@@XZ
MultiKejaOrder.dll
0x63514f98 ?GetThisClass@CHokaOrderGridCtrl@@SGPAUCRuntimeClass@@XZ
ReferenceView.dll
0x63514fa0 ?GetThisClass@COptionReferEx@@SGPAUCRuntimeClass@@XZ
YesScriptScreen.dll
0x63514fa8 ??1CScriptBaseWnd@@UAE@XZ
CurrentPriceMan.dll
0x63514fb0 ?GetThisClass@CItemView@@SGPAUCRuntimeClass@@XZ
Trade.dll
0x63514fb8 ?GetThisClass@COptionSiseViewerScreen@@SGPAUCRuntimeClass@@XZ
HighClassOrder.dll
0x63514fc0 ?GetThisClass@CTotalOrder@@SGPAUCRuntimeClass@@XZ
YesPowerSearchItem.dll
0x63514fc8 ?GetThisClass@CPowerSearchItem@@SGPAUCRuntimeClass@@XZ
ItemSearch.dll
0x63514fd0 ?GetThisClass@CJongmokSearch@@SGPAUCRuntimeClass@@XZ
YesChartLibrary.dll
0x63514fd8 ?GetThisClass@CFormulaWizardScreen@@SGPAUCRuntimeClass@@XZ
SystemTools.dll
0x63514fe0 ?GetThisClass@CSystemMonitor@@SGPAUCRuntimeClass@@XZ
YesSpotScreen.dll
0x63514fe8 ??0CISpotAccountInfoManager@@QAE@XZ
YesLangRef.dll
0x63514ff0 ?AddUserfunctionFolder@CExecuteLang@@SAHV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
ChartShare.dll
0x63514ff8 ?GetThisClass@CChartShareChart@@SGPAUCRuntimeClass@@XZ
WMOrderManager.dll
0x63515000 ??0CIFundAccountInfoManager@@QAE@XZ
WINTRUST.dll
0x63515008 WinVerifyTrust
dbghelp.dll
0x63515010 MakeSureDirectoryPathExists
EAT(Export Address Table) is none
kernel32.dll
0x63514e90 GetModuleHandleA
WS2_32.dll
0x63514e98 getsockname
WINMM.dll
0x63514ea0 PlaySoundA
mfc100.dll
0x63514ea8 None
MSVCR100.dll
0x63514eb0 _setmbcp
USER32.dll
0x63514eb8 InflateRect
GDI32.dll
0x63514ec0 Rectangle
WINSPOOL.DRV
0x63514ec8 ClosePrinter
ADVAPI32.dll
0x63514ed0 RegCloseKey
SHELL32.dll
0x63514ed8 ShellExecuteA
COMCTL32.dll
0x63514ee0 _TrackMouseEvent
SHLWAPI.dll
0x63514ee8 PathRemoveFileSpecA
ole32.dll
0x63514ef0 CoInitialize
OLEAUT32.dll
0x63514ef8 VariantTimeToSystemTime
YesToolkitPro.dll
0x63514f00 ?SetColorShadow@CXTButton@@UAEXK@Z
YesTraderLibrary.dll
0x63514f08 ?GetMessageMap@CLimitRequestManSise@@MBEPBUAFX_MSGMAP@@XZ
Dock.dll
0x63514f10 ?InitCommandBars@?$CXTPCommandBarsSiteBase@VCMDIChildWnd@@@@UAEHPAUCRuntimeClass@@@Z
JongMokMan.dll
0x63514f18 ?SetCodeSelectType@CJongCodeSelect@@QAEXI@Z
ControlsEx.dll
0x63514f20 ?GetThisClass@CTextDropDownBtn@@SGPAUCRuntimeClass@@XZ
CommonGrid.dll
0x63514f28 ?GotoCell@CUGCtrl@@QAEHHJ@Z
MenuManager.dll
0x63514f30 ?SetOthermenuVisible@CScreenSearch@@QAEXHHHH@Z
CodeManager.dll
0x63514f38 ?SetBizDate@CCodeTableMan@@SAXJ@Z
YesCommMan20.dll
0x63514f40 ?GetSocketHandle@CCommRcvDataManThread@@QAEIXZ
Controls20.dll
0x63514f48 ?GetButtonHitTest@CYesCaption@@MAEHUtagPOINT@@@Z
OrderManager.dll
0x63514f50 ?CreatePopupControlTitleBar@CYesPopupControl@@QAEHVCRect@@PBD@Z
OrderBasicLib.dll
0x63514f58 ?ChangeKejaList@CKejaListDlg@@SAXAAUKEJA_INFO@@PAD@Z
Information.dll
0x63514f60 ?OnSessionConnect@CDockTicker@@QAEXXZ
PrivateTrading.dll
0x63514f68 ?CreatePT@COcxMan@@QAEHPAVCWnd@@@Z
SplitOrder.dll
0x63514f70 ?GetThisClass@CSplitOrderScreen@@SGPAUCRuntimeClass@@XZ
StopOrder.dll
0x63514f78 ?GetThisClass@CStopOrderWnd@@SGPAUCRuntimeClass@@XZ
PackageOrder.dll
0x63514f80 ?GetThisClass@CPackageOrderMan@@SGPAUCRuntimeClass@@XZ
AutoModifyOneShot.dll
0x63514f88 ?GetThisClass@CAutoModifyOneShotMan@@SGPAUCRuntimeClass@@XZ
ClickOrder.dll
0x63514f90 ?GetThisClass@CClickOrderGrid@@SGPAUCRuntimeClass@@XZ
MultiKejaOrder.dll
0x63514f98 ?GetThisClass@CHokaOrderGridCtrl@@SGPAUCRuntimeClass@@XZ
ReferenceView.dll
0x63514fa0 ?GetThisClass@COptionReferEx@@SGPAUCRuntimeClass@@XZ
YesScriptScreen.dll
0x63514fa8 ??1CScriptBaseWnd@@UAE@XZ
CurrentPriceMan.dll
0x63514fb0 ?GetThisClass@CItemView@@SGPAUCRuntimeClass@@XZ
Trade.dll
0x63514fb8 ?GetThisClass@COptionSiseViewerScreen@@SGPAUCRuntimeClass@@XZ
HighClassOrder.dll
0x63514fc0 ?GetThisClass@CTotalOrder@@SGPAUCRuntimeClass@@XZ
YesPowerSearchItem.dll
0x63514fc8 ?GetThisClass@CPowerSearchItem@@SGPAUCRuntimeClass@@XZ
ItemSearch.dll
0x63514fd0 ?GetThisClass@CJongmokSearch@@SGPAUCRuntimeClass@@XZ
YesChartLibrary.dll
0x63514fd8 ?GetThisClass@CFormulaWizardScreen@@SGPAUCRuntimeClass@@XZ
SystemTools.dll
0x63514fe0 ?GetThisClass@CSystemMonitor@@SGPAUCRuntimeClass@@XZ
YesSpotScreen.dll
0x63514fe8 ??0CISpotAccountInfoManager@@QAE@XZ
YesLangRef.dll
0x63514ff0 ?AddUserfunctionFolder@CExecuteLang@@SAHV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
ChartShare.dll
0x63514ff8 ?GetThisClass@CChartShareChart@@SGPAUCRuntimeClass@@XZ
WMOrderManager.dll
0x63515000 ??0CIFundAccountInfoManager@@QAE@XZ
WINTRUST.dll
0x63515008 WinVerifyTrust
dbghelp.dll
0x63515010 MakeSureDirectoryPathExists
EAT(Export Address Table) is none