ScreenShot
| Created | 2024.08.05 11:12 | Machine | s1_win7_x6403 |
| Filename | nc.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 55 detected (AIDetectMalware, Agobot, malicious, high confidence, Gaobot, GenericKD, Unsafe, Netcat, Uvx0, Attribute, HighConfidence, RemoteAdmin, AB potentially unsafe, RemAdm, NetTool, eaxow, YzY0Ojzyy1LXh3Ea, Tool, moderate, score, Generic Reputation PUA, Detected, Malware@#hxx6o6x3hn8s, Tiggre, IRCBot, BScope, Shelma, Gencirc, GenAsa, DxFTqIwIx+4, ai score=100, susgen, Hacktool) | ||
| md5 | dc5648020ee3e38a8b716d0f9d2faac2 | ||
| sha256 | aeb1335197aa4892b058ff77c3de3df9f87eac358fd814f991498e829f323c64 | ||
| ssdeep | 1536:4wJQRNWLONcAek9DO73v8KAS37t8vayovKQy52oZUIB:4tPNxet73vWmKtiKQDoZU | ||
| imphash | 41f720bd087649bc119f3acf4b5e4652 | ||
| impfuzzy | 24:YIQbplrb3NEMQOMC0DDRu/epZig8ojOovMyvbFI3/BMDfVVmNAKJOjsk030G83+5:YrNwYepOoCK8/BMDt+Jx303qh | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 55 AntiVirus engines on VirusTotal as malicious |
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| info | Command line console output was observed |
| info | The executable uses a known packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | NMap | NMAP | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x412254 ExitProcess
0x412258 DisconnectNamedPipe
0x41225c TerminateProcess
0x412260 WaitForMultipleObjects
0x412264 TerminateThread
0x412268 GetLastError
0x41226c CreateThread
0x412270 CreatePipe
0x412274 CreateProcessA
0x412278 DuplicateHandle
0x41227c GetCurrentProcess
0x412280 ExitThread
0x412284 Sleep
0x412288 ReadFile
0x41228c PeekNamedPipe
0x412290 WriteFile
0x412294 GetStdHandle
0x412298 FreeConsole
0x41229c GetStartupInfoA
0x4122a0 WideCharToMultiByte
0x4122a4 WriteConsoleA
0x4122a8 CreateFileA
0x4122ac SetEndOfFile
0x4122b0 PeekConsoleInputA
0x4122b4 GetConsoleMode
0x4122b8 GetNumberOfConsoleInputEvents
0x4122bc ReadConsoleInputA
0x4122c0 LCMapStringW
0x4122c4 SetConsoleMode
0x4122c8 LoadLibraryA
0x4122cc GetProcAddress
0x4122d0 LCMapStringA
0x4122d4 GetStringTypeA
0x4122d8 SetFilePointer
0x4122dc GetStringTypeW
0x4122e0 SetEnvironmentVariableA
0x4122e4 GetOEMCP
0x4122e8 SetStdHandle
0x4122ec CompareStringW
0x4122f0 CompareStringA
0x4122f4 GetACP
0x4122f8 MultiByteToWideChar
0x4122fc GetEnvironmentStringsW
0x412300 GetCPInfo
0x412304 FreeEnvironmentStringsW
0x412308 HeapFree
0x41230c HeapAlloc
0x412310 CloseHandle
0x412314 Beep
0x412318 GetTimeZoneInformation
0x41231c GetSystemTime
0x412320 GetLocalTime
0x412324 GetCommandLineA
0x412328 GetVersion
0x41232c SetHandleCount
0x412330 GetFileType
0x412334 FreeEnvironmentStringsA
0x412338 GetEnvironmentStrings
0x41233c HeapDestroy
0x412340 HeapCreate
0x412344 VirtualFree
0x412348 VirtualAlloc
0x41234c HeapReAlloc
0x412350 IsBadWritePtr
0x412354 FlushFileBuffers
0x412358 RtlUnwind
0x41235c UnhandledExceptionFilter
0x412360 GetModuleFileNameA
WSOCK32.dll
0x4123c4 select
0x4123c8 __WSAFDIsSet
0x4123cc recvfrom
0x4123d0 listen
0x4123d4 getsockname
0x4123d8 socket
0x4123dc accept
0x4123e0 WSASetLastError
0x4123e4 connect
0x4123e8 setsockopt
0x4123ec ind
0x4123f0 ntohs
0x4123f4 htons
0x4123f8 getservbyport
0x4123fc gethostbyname
0x412400 getservbyname
0x412404 ioctlsocket
0x412408 WSAGetLastError
0x41240c inet_addr
0x412410 gethostbyaddr
0x412414 recv
0x412418 WSAStartup
0x41241c WSACleanup
0x412420 closesocket
0x412424 send
0x412428 shutdown
EAT(Export Address Table) is none
KERNEL32.dll
0x412254 ExitProcess
0x412258 DisconnectNamedPipe
0x41225c TerminateProcess
0x412260 WaitForMultipleObjects
0x412264 TerminateThread
0x412268 GetLastError
0x41226c CreateThread
0x412270 CreatePipe
0x412274 CreateProcessA
0x412278 DuplicateHandle
0x41227c GetCurrentProcess
0x412280 ExitThread
0x412284 Sleep
0x412288 ReadFile
0x41228c PeekNamedPipe
0x412290 WriteFile
0x412294 GetStdHandle
0x412298 FreeConsole
0x41229c GetStartupInfoA
0x4122a0 WideCharToMultiByte
0x4122a4 WriteConsoleA
0x4122a8 CreateFileA
0x4122ac SetEndOfFile
0x4122b0 PeekConsoleInputA
0x4122b4 GetConsoleMode
0x4122b8 GetNumberOfConsoleInputEvents
0x4122bc ReadConsoleInputA
0x4122c0 LCMapStringW
0x4122c4 SetConsoleMode
0x4122c8 LoadLibraryA
0x4122cc GetProcAddress
0x4122d0 LCMapStringA
0x4122d4 GetStringTypeA
0x4122d8 SetFilePointer
0x4122dc GetStringTypeW
0x4122e0 SetEnvironmentVariableA
0x4122e4 GetOEMCP
0x4122e8 SetStdHandle
0x4122ec CompareStringW
0x4122f0 CompareStringA
0x4122f4 GetACP
0x4122f8 MultiByteToWideChar
0x4122fc GetEnvironmentStringsW
0x412300 GetCPInfo
0x412304 FreeEnvironmentStringsW
0x412308 HeapFree
0x41230c HeapAlloc
0x412310 CloseHandle
0x412314 Beep
0x412318 GetTimeZoneInformation
0x41231c GetSystemTime
0x412320 GetLocalTime
0x412324 GetCommandLineA
0x412328 GetVersion
0x41232c SetHandleCount
0x412330 GetFileType
0x412334 FreeEnvironmentStringsA
0x412338 GetEnvironmentStrings
0x41233c HeapDestroy
0x412340 HeapCreate
0x412344 VirtualFree
0x412348 VirtualAlloc
0x41234c HeapReAlloc
0x412350 IsBadWritePtr
0x412354 FlushFileBuffers
0x412358 RtlUnwind
0x41235c UnhandledExceptionFilter
0x412360 GetModuleFileNameA
WSOCK32.dll
0x4123c4 select
0x4123c8 __WSAFDIsSet
0x4123cc recvfrom
0x4123d0 listen
0x4123d4 getsockname
0x4123d8 socket
0x4123dc accept
0x4123e0 WSASetLastError
0x4123e4 connect
0x4123e8 setsockopt
0x4123ec ind
0x4123f0 ntohs
0x4123f4 htons
0x4123f8 getservbyport
0x4123fc gethostbyname
0x412400 getservbyname
0x412404 ioctlsocket
0x412408 WSAGetLastError
0x41240c inet_addr
0x412410 gethostbyaddr
0x412414 recv
0x412418 WSAStartup
0x41241c WSACleanup
0x412420 closesocket
0x412424 send
0x412428 shutdown
EAT(Export Address Table) is none