ScreenShot
| Created | 2024.08.04 13:30 | Machine | s1_win7_x6403 |
| Filename | 1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 57 detected (AIDetectMalware, lnLK, Malicious, score, Farfli, Ulise, Unsafe, Save, GenericKD, Attribute, HighConfidence, high confidence, VMProtect, cuxb, kqmglo, Zegost, c4oLjg2aC5B, Gh0stCringe, psvbc, ZexaF, dv0@aq28Ytck, Real Protect, high, VProtect, amnmn, Detected, HeurC, KVMH008, Malware@#1ae768no16lui, ABApplication, Artemis, R002H07H224, Ekjl, ai score=87, confidence, 100%, cwve) | ||
| md5 | 0b3e8cba9ade0b3aa878518d0152fa05 | ||
| sha256 | 6dcb8ef81ffb990d544d6ecd9b6339ed96f0697359cc25c866ae0e5d9dafa639 | ||
| ssdeep | 24576:vWldzf8sf+fsntZeFJYFWA60GOSBXHkjBIqClDYGgnxI:Ezx+0ntZeFJYFWn0GOTjGrJjg | ||
| imphash | fa0f17d473d9318889cd521d5e59224e | ||
| impfuzzy | 48:EX1WoOuy2T15+E409IS51W/KAujC4XFyJ/Xx88mb:EX1tty2T15vsr6 | ||
Network IP location
Signature (12cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| danger | File has been identified by 57 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Detects VirtualBox through the presence of a file |
| watch | Detects VMWare through the in instruction feature |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x63a000 LCMapStringW
ADVAPI32.dll
0x63a008 RegOpenKeyExA
KERNEL32.dll
0x538034 GetProcessHeap
0x538038 Sleep
0x53803c ReadFile
0x538040 CreateFileW
0x538044 lstrcatA
0x538048 SetThreadPriority
0x53804c GetHandleInformation
0x538050 GetLastError
0x538054 SetLastError
0x538058 VirtualAlloc
0x53805c CopyFileA
0x538060 LoadLibraryA
0x538064 GetModuleFileNameA
0x538068 GetModuleHandleA
0x53806c IsDebuggerPresent
0x538070 VirtualFree
0x538074 SuspendThread
0x538078 DeleteFileA
0x53807c CreateThread
0x538080 InterlockedDecrement
0x538084 TerminateThread
0x538088 GetProcAddress
0x53808c VirtualProtect
0x538090 lstrlenW
0x538094 GetPrivateProfileIntW
0x538098 VirtualProtectEx
0x53809c UnhandledExceptionFilter
0x5380a0 TerminateProcess
0x5380a4 RtlUnwind
0x5380a8 GetModuleHandleW
0x5380ac OutputDebugStringW
0x5380b0 SetUnhandledExceptionFilter
0x5380b4 WaitForSingleObject
0x5380b8 SetHandleInformation
0x5380bc HeapFree
0x5380c0 GetCurrentProcess
0x5380c4 HeapAlloc
0x5380c8 lstrlenA
0x5380cc CreateMutexW
0x5380d0 GetFileSize
0x5380d4 CreateFileA
0x5380d8 CloseHandle
0x5380dc ExitProcess
USER32.dll
0x538104 LoadCursorW
0x538108 BeginPaint
0x53810c GetDC
0x538110 RegisterClassExW
0x538114 KillTimer
0x538118 EndPaint
0x53811c UnregisterClassW
0x538120 DefWindowProcW
0x538124 MessageBoxA
0x538128 LoadStringW
0x53812c UpdateWindow
0x538130 PeekMessageW
0x538134 CreateWindowExW
0x538138 GetSystemMetrics
0x53813c SetTimer
0x538140 DispatchMessageW
0x538144 DestroyWindow
0x538148 ShowWindow
GDI32.dll
0x538014 DeleteObject
0x538018 SelectObject
0x53801c CreateCompatibleDC
0x538020 BitBlt
0x538024 DeleteDC
0x538028 CreateSolidBrush
0x53802c CreateDIBitmap
ADVAPI32.dll
0x538000 RegCloseKey
SHELL32.dll
0x5380f4 DragQueryFileW
ole32.dll
0x538160 CoInitialize
PSAPI.DLL
0x5380ec GetModuleFileNameExW
imagehlp.dll
0x538158 CheckSumMappedFile
COMCTL32.dll
0x538008 InitCommonControlsEx
0x53800c ImageList_GetIconSize
SHLWAPI.dll
0x5380fc PathFindExtensionW
WS2_32.dll
0x538150 send
MSWSOCK.dll
0x5380e4 AcceptEx
EAT(Export Address Table) is none
KERNEL32.dll
0x63a000 LCMapStringW
ADVAPI32.dll
0x63a008 RegOpenKeyExA
KERNEL32.dll
0x538034 GetProcessHeap
0x538038 Sleep
0x53803c ReadFile
0x538040 CreateFileW
0x538044 lstrcatA
0x538048 SetThreadPriority
0x53804c GetHandleInformation
0x538050 GetLastError
0x538054 SetLastError
0x538058 VirtualAlloc
0x53805c CopyFileA
0x538060 LoadLibraryA
0x538064 GetModuleFileNameA
0x538068 GetModuleHandleA
0x53806c IsDebuggerPresent
0x538070 VirtualFree
0x538074 SuspendThread
0x538078 DeleteFileA
0x53807c CreateThread
0x538080 InterlockedDecrement
0x538084 TerminateThread
0x538088 GetProcAddress
0x53808c VirtualProtect
0x538090 lstrlenW
0x538094 GetPrivateProfileIntW
0x538098 VirtualProtectEx
0x53809c UnhandledExceptionFilter
0x5380a0 TerminateProcess
0x5380a4 RtlUnwind
0x5380a8 GetModuleHandleW
0x5380ac OutputDebugStringW
0x5380b0 SetUnhandledExceptionFilter
0x5380b4 WaitForSingleObject
0x5380b8 SetHandleInformation
0x5380bc HeapFree
0x5380c0 GetCurrentProcess
0x5380c4 HeapAlloc
0x5380c8 lstrlenA
0x5380cc CreateMutexW
0x5380d0 GetFileSize
0x5380d4 CreateFileA
0x5380d8 CloseHandle
0x5380dc ExitProcess
USER32.dll
0x538104 LoadCursorW
0x538108 BeginPaint
0x53810c GetDC
0x538110 RegisterClassExW
0x538114 KillTimer
0x538118 EndPaint
0x53811c UnregisterClassW
0x538120 DefWindowProcW
0x538124 MessageBoxA
0x538128 LoadStringW
0x53812c UpdateWindow
0x538130 PeekMessageW
0x538134 CreateWindowExW
0x538138 GetSystemMetrics
0x53813c SetTimer
0x538140 DispatchMessageW
0x538144 DestroyWindow
0x538148 ShowWindow
GDI32.dll
0x538014 DeleteObject
0x538018 SelectObject
0x53801c CreateCompatibleDC
0x538020 BitBlt
0x538024 DeleteDC
0x538028 CreateSolidBrush
0x53802c CreateDIBitmap
ADVAPI32.dll
0x538000 RegCloseKey
SHELL32.dll
0x5380f4 DragQueryFileW
ole32.dll
0x538160 CoInitialize
PSAPI.DLL
0x5380ec GetModuleFileNameExW
imagehlp.dll
0x538158 CheckSumMappedFile
COMCTL32.dll
0x538008 InitCommonControlsEx
0x53800c ImageList_GetIconSize
SHLWAPI.dll
0x5380fc PathFindExtensionW
WS2_32.dll
0x538150 send
MSWSOCK.dll
0x5380e4 AcceptEx
EAT(Export Address Table) is none