ScreenShot
| Created | 2024.08.05 10:53 | Machine | s1_win7_x6403 |
| Filename | v.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 45 detected (AIDetectMalware, Phorpiex, malicious, high confidence, score, Unsafe, Vqq8, Attribute, HighConfidence, WormX, Zonidel, xapjy, DLDER, Detected, ai score=88, Zusy, Eldorado, R637818, ZexaF, auW@aikI5Phi, Gdhl, Static AI, Malicious PE, GdSda, confidence, 100%) | ||
| md5 | 5381689d4c9a0ce9d0f67dd8485188d2 | ||
| sha256 | 3860e4bc7a35d52b4193b256bd76e62d98e9d05e504e4871a56585ea56295228 | ||
| ssdeep | 192:3p94aeZmoVfBLMhegdZJJfxMLkWScZqYSi/HX:3p94iQYgOZTxMQWSc9 | ||
| imphash | 38ca2cef077b08d131c2be3bfd70789c | ||
| impfuzzy | 24:yFKKHtNnv5F7GlQSbzxFgabXN/2pdnOzfX8cd9DuKmML:ysKNNnTGlQSbzxFPbdOdnOzfX8Q96Kb | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| watch | Attempts to remove evidence of file being downloaded from the Internet |
| watch | Installs itself for autorun at Windows startup |
| watch | Network activity contains more than one unique useragent |
| notice | Creates hidden or system file |
| notice | Performs some HTTP requests |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
MSVCR90.dll
0x40307c _invoke_watson
0x403080 _except_handler4_common
0x403084 memset
0x403088 _decode_pointer
0x40308c _onexit
0x403090 _lock
0x403094 __dllonexit
0x403098 _unlock
0x40309c ?terminate@@YAXXZ
0x4030a0 _crt_debugger_hook
0x4030a4 __set_app_type
0x4030a8 _encode_pointer
0x4030ac __p__fmode
0x4030b0 __p__commode
0x4030b4 _adjust_fdiv
0x4030b8 __setusermatherr
0x4030bc _configthreadlocale
0x4030c0 _initterm_e
0x4030c4 _initterm
0x4030c8 _acmdln
0x4030cc exit
0x4030d0 _ismbblead
0x4030d4 _XcptFilter
0x4030d8 _exit
0x4030dc _cexit
0x4030e0 __getmainargs
0x4030e4 _amsg_exit
0x4030e8 wcscmp
0x4030ec wcslen
0x4030f0 srand
0x4030f4 rand
0x4030f8 _controlfp_s
urlmon.dll
0x40313c URLDownloadToFileW
WININET.dll
0x40311c InternetOpenUrlW
0x403120 HttpQueryInfoA
0x403124 InternetReadFile
0x403128 InternetOpenA
0x40312c InternetOpenUrlA
0x403130 InternetCloseHandle
0x403134 InternetOpenW
SHLWAPI.dll
0x403108 PathFindFileNameW
0x40310c PathFileExistsW
KERNEL32.dll
0x403010 CreateMutexA
0x403014 GetLastError
0x403018 ExitProcess
0x40301c GetModuleFileNameW
0x403020 CopyFileW
0x403024 SetFileAttributesW
0x403028 GetTickCount
0x40302c ExpandEnvironmentStringsW
0x403030 CreateFileW
0x403034 WriteFile
0x403038 InterlockedExchange
0x40303c DeleteFileW
0x403040 CreateProcessW
0x403044 Sleep
0x403048 SetUnhandledExceptionFilter
0x40304c IsDebuggerPresent
0x403050 QueryPerformanceCounter
0x403054 GetCurrentThreadId
0x403058 GetCurrentProcessId
0x40305c GetCurrentProcess
0x403060 GetSystemTimeAsFileTime
0x403064 InterlockedCompareExchange
0x403068 GetStartupInfoA
0x40306c CloseHandle
0x403070 UnhandledExceptionFilter
0x403074 TerminateProcess
USER32.dll
0x403114 wsprintfW
ADVAPI32.dll
0x403000 RegSetValueExW
0x403004 RegCloseKey
0x403008 RegOpenKeyExW
SHELL32.dll
0x403100 ShellExecuteW
EAT(Export Address Table) is none
MSVCR90.dll
0x40307c _invoke_watson
0x403080 _except_handler4_common
0x403084 memset
0x403088 _decode_pointer
0x40308c _onexit
0x403090 _lock
0x403094 __dllonexit
0x403098 _unlock
0x40309c ?terminate@@YAXXZ
0x4030a0 _crt_debugger_hook
0x4030a4 __set_app_type
0x4030a8 _encode_pointer
0x4030ac __p__fmode
0x4030b0 __p__commode
0x4030b4 _adjust_fdiv
0x4030b8 __setusermatherr
0x4030bc _configthreadlocale
0x4030c0 _initterm_e
0x4030c4 _initterm
0x4030c8 _acmdln
0x4030cc exit
0x4030d0 _ismbblead
0x4030d4 _XcptFilter
0x4030d8 _exit
0x4030dc _cexit
0x4030e0 __getmainargs
0x4030e4 _amsg_exit
0x4030e8 wcscmp
0x4030ec wcslen
0x4030f0 srand
0x4030f4 rand
0x4030f8 _controlfp_s
urlmon.dll
0x40313c URLDownloadToFileW
WININET.dll
0x40311c InternetOpenUrlW
0x403120 HttpQueryInfoA
0x403124 InternetReadFile
0x403128 InternetOpenA
0x40312c InternetOpenUrlA
0x403130 InternetCloseHandle
0x403134 InternetOpenW
SHLWAPI.dll
0x403108 PathFindFileNameW
0x40310c PathFileExistsW
KERNEL32.dll
0x403010 CreateMutexA
0x403014 GetLastError
0x403018 ExitProcess
0x40301c GetModuleFileNameW
0x403020 CopyFileW
0x403024 SetFileAttributesW
0x403028 GetTickCount
0x40302c ExpandEnvironmentStringsW
0x403030 CreateFileW
0x403034 WriteFile
0x403038 InterlockedExchange
0x40303c DeleteFileW
0x403040 CreateProcessW
0x403044 Sleep
0x403048 SetUnhandledExceptionFilter
0x40304c IsDebuggerPresent
0x403050 QueryPerformanceCounter
0x403054 GetCurrentThreadId
0x403058 GetCurrentProcessId
0x40305c GetCurrentProcess
0x403060 GetSystemTimeAsFileTime
0x403064 InterlockedCompareExchange
0x403068 GetStartupInfoA
0x40306c CloseHandle
0x403070 UnhandledExceptionFilter
0x403074 TerminateProcess
USER32.dll
0x403114 wsprintfW
ADVAPI32.dll
0x403000 RegSetValueExW
0x403004 RegCloseKey
0x403008 RegOpenKeyExW
SHELL32.dll
0x403100 ShellExecuteW
EAT(Export Address Table) is none