ScreenShot
| Created | 2024.08.06 09:12 | Machine | s1_win7_x6403 |
| Filename | systems.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 2 detected (Detected) | ||
| md5 | 168fd1d2a0af4fdaa019f351fd03204d | ||
| sha256 | e7d461204302d4ed4f47079a70070da9f6fe10b074c37cf8463f91f4709cdfb8 | ||
| ssdeep | 24576:sgdzT3/M7ucGYEi/G5z7QnTpGMTmy7QYKj9KmfbykE2PwD:s4/M7ucGYEi/GsTwfUQvj9KUby0 | ||
| imphash | acc4c8794a0a85da871307b47dd9a48c | ||
| impfuzzy | 48:jaLBXOToj9NJOD36msx2sJ2TZSpJ/iObGyveOLsCgvRLAD0cv2jSm2:j8BX0ojjAumw6SpJ/iObGyvRLsd5Sm2 | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| watch | Harvests credentials from local FTP client softwares |
| notice | File has been identified by 2 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1400dd308 ClearCommBreak
0x1400dd310 CloseHandle
0x1400dd318 CompareStringW
0x1400dd320 ConnectNamedPipe
0x1400dd328 CreateEventA
0x1400dd330 CreateFileA
0x1400dd338 CreateFileMappingA
0x1400dd340 CreateFileW
0x1400dd348 CreateMutexA
0x1400dd350 CreateNamedPipeA
0x1400dd358 CreatePipe
0x1400dd360 CreateProcessA
0x1400dd368 CreateThread
0x1400dd370 DeleteCriticalSection
0x1400dd378 DeleteFileA
0x1400dd380 EncodePointer
0x1400dd388 EnterCriticalSection
0x1400dd390 EnumSystemLocalesW
0x1400dd398 ExitProcess
0x1400dd3a0 FindClose
0x1400dd3a8 FindFirstFileA
0x1400dd3b0 FindFirstFileExW
0x1400dd3b8 FindNextFileA
0x1400dd3c0 FindNextFileW
0x1400dd3c8 FlsAlloc
0x1400dd3d0 FlsFree
0x1400dd3d8 FlsGetValue
0x1400dd3e0 FlsSetValue
0x1400dd3e8 FlushFileBuffers
0x1400dd3f0 FormatMessageA
0x1400dd3f8 FreeEnvironmentStringsW
0x1400dd400 FreeLibrary
0x1400dd408 GetACP
0x1400dd410 GetCPInfo
0x1400dd418 GetCommState
0x1400dd420 GetCommandLineA
0x1400dd428 GetCommandLineW
0x1400dd430 GetConsoleMode
0x1400dd438 GetConsoleOutputCP
0x1400dd440 GetCurrentProcess
0x1400dd448 GetCurrentProcessId
0x1400dd450 GetCurrentThread
0x1400dd458 GetCurrentThreadId
0x1400dd460 GetDateFormatW
0x1400dd468 GetEnvironmentStringsW
0x1400dd470 GetEnvironmentVariableA
0x1400dd478 GetFileSizeEx
0x1400dd480 GetFileType
0x1400dd488 GetLastError
0x1400dd490 GetLocalTime
0x1400dd498 GetLocaleInfoW
0x1400dd4a0 GetModuleFileNameW
0x1400dd4a8 GetModuleHandleExW
0x1400dd4b0 GetModuleHandleW
0x1400dd4b8 GetOEMCP
0x1400dd4c0 GetOverlappedResult
0x1400dd4c8 GetProcAddress
0x1400dd4d0 GetProcessHeap
0x1400dd4d8 GetProcessTimes
0x1400dd4e0 GetStartupInfoW
0x1400dd4e8 GetStdHandle
0x1400dd4f0 GetStringTypeW
0x1400dd4f8 GetSystemDirectoryA
0x1400dd500 GetSystemTimeAsFileTime
0x1400dd508 GetThreadTimes
0x1400dd510 GetTickCount
0x1400dd518 GetTimeFormatW
0x1400dd520 GetTimeZoneInformation
0x1400dd528 GetUserDefaultLCID
0x1400dd530 GetWindowsDirectoryA
0x1400dd538 GlobalMemoryStatus
0x1400dd540 HeapAlloc
0x1400dd548 HeapFree
0x1400dd550 HeapReAlloc
0x1400dd558 HeapSize
0x1400dd560 InitializeCriticalSection
0x1400dd568 InitializeCriticalSectionAndSpinCount
0x1400dd570 InitializeSListHead
0x1400dd578 IsDebuggerPresent
0x1400dd580 IsProcessorFeaturePresent
0x1400dd588 IsValidCodePage
0x1400dd590 IsValidLocale
0x1400dd598 LCMapStringW
0x1400dd5a0 LeaveCriticalSection
0x1400dd5a8 LoadLibraryA
0x1400dd5b0 LoadLibraryExA
0x1400dd5b8 LoadLibraryExW
0x1400dd5c0 LocalAlloc
0x1400dd5c8 LocalFileTimeToFileTime
0x1400dd5d0 LocalFree
0x1400dd5d8 MapViewOfFile
0x1400dd5e0 MultiByteToWideChar
0x1400dd5e8 OpenProcess
0x1400dd5f0 OutputDebugStringW
0x1400dd5f8 QueryPerformanceCounter
0x1400dd600 RaiseException
0x1400dd608 ReadConsoleW
0x1400dd610 ReadFile
0x1400dd618 ReleaseMutex
0x1400dd620 RtlCaptureContext
0x1400dd628 RtlLookupFunctionEntry
0x1400dd630 RtlPcToFileHeader
0x1400dd638 RtlUnwind
0x1400dd640 RtlUnwindEx
0x1400dd648 RtlVirtualUnwind
0x1400dd650 SetCommBreak
0x1400dd658 SetCommState
0x1400dd660 SetCommTimeouts
0x1400dd668 SetConsoleMode
0x1400dd670 SetEndOfFile
0x1400dd678 SetEnvironmentVariableW
0x1400dd680 SetEvent
0x1400dd688 SetFilePointerEx
0x1400dd690 SetHandleInformation
0x1400dd698 SetLastError
0x1400dd6a0 SetStdHandle
0x1400dd6a8 SetUnhandledExceptionFilter
0x1400dd6b0 TerminateProcess
0x1400dd6b8 TlsAlloc
0x1400dd6c0 TlsFree
0x1400dd6c8 TlsGetValue
0x1400dd6d0 TlsSetValue
0x1400dd6d8 UnhandledExceptionFilter
0x1400dd6e0 UnmapViewOfFile
0x1400dd6e8 WaitForMultipleObjects
0x1400dd6f0 WaitForSingleObject
0x1400dd6f8 WaitNamedPipeA
0x1400dd700 WideCharToMultiByte
0x1400dd708 WriteConsoleW
0x1400dd710 WriteFile
USER32.dll
0x1400dd720 FindWindowA
0x1400dd728 GetCapture
0x1400dd730 GetClipboardOwner
0x1400dd738 GetCursorPos
0x1400dd740 GetForegroundWindow
0x1400dd748 GetQueueStatus
0x1400dd750 SendMessageA
ADVAPI32.dll
0x1400dd760 AllocateAndInitializeSid
0x1400dd768 CopySid
0x1400dd770 EqualSid
0x1400dd778 GetLengthSid
0x1400dd780 GetUserNameA
0x1400dd788 InitializeSecurityDescriptor
0x1400dd790 RegCloseKey
0x1400dd798 RegCreateKeyExA
0x1400dd7a0 RegEnumKeyA
0x1400dd7a8 RegOpenKeyA
0x1400dd7b0 RegOpenKeyExA
0x1400dd7b8 RegQueryValueExA
0x1400dd7c0 RegSetValueExA
0x1400dd7c8 SetSecurityDescriptorDacl
0x1400dd7d0 SetSecurityDescriptorOwner
EAT(Export Address Table) is none
KERNEL32.dll
0x1400dd308 ClearCommBreak
0x1400dd310 CloseHandle
0x1400dd318 CompareStringW
0x1400dd320 ConnectNamedPipe
0x1400dd328 CreateEventA
0x1400dd330 CreateFileA
0x1400dd338 CreateFileMappingA
0x1400dd340 CreateFileW
0x1400dd348 CreateMutexA
0x1400dd350 CreateNamedPipeA
0x1400dd358 CreatePipe
0x1400dd360 CreateProcessA
0x1400dd368 CreateThread
0x1400dd370 DeleteCriticalSection
0x1400dd378 DeleteFileA
0x1400dd380 EncodePointer
0x1400dd388 EnterCriticalSection
0x1400dd390 EnumSystemLocalesW
0x1400dd398 ExitProcess
0x1400dd3a0 FindClose
0x1400dd3a8 FindFirstFileA
0x1400dd3b0 FindFirstFileExW
0x1400dd3b8 FindNextFileA
0x1400dd3c0 FindNextFileW
0x1400dd3c8 FlsAlloc
0x1400dd3d0 FlsFree
0x1400dd3d8 FlsGetValue
0x1400dd3e0 FlsSetValue
0x1400dd3e8 FlushFileBuffers
0x1400dd3f0 FormatMessageA
0x1400dd3f8 FreeEnvironmentStringsW
0x1400dd400 FreeLibrary
0x1400dd408 GetACP
0x1400dd410 GetCPInfo
0x1400dd418 GetCommState
0x1400dd420 GetCommandLineA
0x1400dd428 GetCommandLineW
0x1400dd430 GetConsoleMode
0x1400dd438 GetConsoleOutputCP
0x1400dd440 GetCurrentProcess
0x1400dd448 GetCurrentProcessId
0x1400dd450 GetCurrentThread
0x1400dd458 GetCurrentThreadId
0x1400dd460 GetDateFormatW
0x1400dd468 GetEnvironmentStringsW
0x1400dd470 GetEnvironmentVariableA
0x1400dd478 GetFileSizeEx
0x1400dd480 GetFileType
0x1400dd488 GetLastError
0x1400dd490 GetLocalTime
0x1400dd498 GetLocaleInfoW
0x1400dd4a0 GetModuleFileNameW
0x1400dd4a8 GetModuleHandleExW
0x1400dd4b0 GetModuleHandleW
0x1400dd4b8 GetOEMCP
0x1400dd4c0 GetOverlappedResult
0x1400dd4c8 GetProcAddress
0x1400dd4d0 GetProcessHeap
0x1400dd4d8 GetProcessTimes
0x1400dd4e0 GetStartupInfoW
0x1400dd4e8 GetStdHandle
0x1400dd4f0 GetStringTypeW
0x1400dd4f8 GetSystemDirectoryA
0x1400dd500 GetSystemTimeAsFileTime
0x1400dd508 GetThreadTimes
0x1400dd510 GetTickCount
0x1400dd518 GetTimeFormatW
0x1400dd520 GetTimeZoneInformation
0x1400dd528 GetUserDefaultLCID
0x1400dd530 GetWindowsDirectoryA
0x1400dd538 GlobalMemoryStatus
0x1400dd540 HeapAlloc
0x1400dd548 HeapFree
0x1400dd550 HeapReAlloc
0x1400dd558 HeapSize
0x1400dd560 InitializeCriticalSection
0x1400dd568 InitializeCriticalSectionAndSpinCount
0x1400dd570 InitializeSListHead
0x1400dd578 IsDebuggerPresent
0x1400dd580 IsProcessorFeaturePresent
0x1400dd588 IsValidCodePage
0x1400dd590 IsValidLocale
0x1400dd598 LCMapStringW
0x1400dd5a0 LeaveCriticalSection
0x1400dd5a8 LoadLibraryA
0x1400dd5b0 LoadLibraryExA
0x1400dd5b8 LoadLibraryExW
0x1400dd5c0 LocalAlloc
0x1400dd5c8 LocalFileTimeToFileTime
0x1400dd5d0 LocalFree
0x1400dd5d8 MapViewOfFile
0x1400dd5e0 MultiByteToWideChar
0x1400dd5e8 OpenProcess
0x1400dd5f0 OutputDebugStringW
0x1400dd5f8 QueryPerformanceCounter
0x1400dd600 RaiseException
0x1400dd608 ReadConsoleW
0x1400dd610 ReadFile
0x1400dd618 ReleaseMutex
0x1400dd620 RtlCaptureContext
0x1400dd628 RtlLookupFunctionEntry
0x1400dd630 RtlPcToFileHeader
0x1400dd638 RtlUnwind
0x1400dd640 RtlUnwindEx
0x1400dd648 RtlVirtualUnwind
0x1400dd650 SetCommBreak
0x1400dd658 SetCommState
0x1400dd660 SetCommTimeouts
0x1400dd668 SetConsoleMode
0x1400dd670 SetEndOfFile
0x1400dd678 SetEnvironmentVariableW
0x1400dd680 SetEvent
0x1400dd688 SetFilePointerEx
0x1400dd690 SetHandleInformation
0x1400dd698 SetLastError
0x1400dd6a0 SetStdHandle
0x1400dd6a8 SetUnhandledExceptionFilter
0x1400dd6b0 TerminateProcess
0x1400dd6b8 TlsAlloc
0x1400dd6c0 TlsFree
0x1400dd6c8 TlsGetValue
0x1400dd6d0 TlsSetValue
0x1400dd6d8 UnhandledExceptionFilter
0x1400dd6e0 UnmapViewOfFile
0x1400dd6e8 WaitForMultipleObjects
0x1400dd6f0 WaitForSingleObject
0x1400dd6f8 WaitNamedPipeA
0x1400dd700 WideCharToMultiByte
0x1400dd708 WriteConsoleW
0x1400dd710 WriteFile
USER32.dll
0x1400dd720 FindWindowA
0x1400dd728 GetCapture
0x1400dd730 GetClipboardOwner
0x1400dd738 GetCursorPos
0x1400dd740 GetForegroundWindow
0x1400dd748 GetQueueStatus
0x1400dd750 SendMessageA
ADVAPI32.dll
0x1400dd760 AllocateAndInitializeSid
0x1400dd768 CopySid
0x1400dd770 EqualSid
0x1400dd778 GetLengthSid
0x1400dd780 GetUserNameA
0x1400dd788 InitializeSecurityDescriptor
0x1400dd790 RegCloseKey
0x1400dd798 RegCreateKeyExA
0x1400dd7a0 RegEnumKeyA
0x1400dd7a8 RegOpenKeyA
0x1400dd7b0 RegOpenKeyExA
0x1400dd7b8 RegQueryValueExA
0x1400dd7c0 RegSetValueExA
0x1400dd7c8 SetSecurityDescriptorDacl
0x1400dd7d0 SetSecurityDescriptorOwner
EAT(Export Address Table) is none