ScreenShot
| Created | 2024.08.08 07:51 | Machine | s1_win7_x6401 |
| Filename | 0x3fg.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | |||
| md5 | c4aeaafc0507785736e000ff7e823f5e | ||
| sha256 | b1d5b1e480a5731caacc65609eaf069622f1129965819079aa09bc9d96dadde5 | ||
| ssdeep | 12288:pfSPtGpmLb84Jjzo6yrBuKuJ+ITOClUd:ktGpmf8edykhVlUd | ||
| imphash | 39e221da42b9cac717741c15ca264eb9 | ||
| impfuzzy | 96:AX3DGKnh5Edcg+JU0tWmuX17fysX+kXpEi0ZRLnW:AKM8hF7fHOk5EbO | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| warning | Generates some ICMP traffic |
| watch | Attempts to identify installed AV products by installation directory |
| watch | Installs itself for autorun at Windows startup |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Drops a binary and executes it |
| notice | Drops an executable to the user AppData folder |
| notice | Resolves a suspicious Top Level Domain (TLD) |
Rules (14cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x450030 GetSystemInfo
0x450034 CreateThread
0x450038 GetLocalTime
0x45003c GetThreadContext
0x450040 GetProcAddress
0x450044 VirtualAllocEx
0x450048 RemoveDirectoryA
0x45004c CloseHandle
0x450050 CreateProcessA
0x450054 CreateDirectoryA
0x450058 SetThreadContext
0x45005c SetEndOfFile
0x450060 DecodePointer
0x450064 ReadConsoleW
0x450068 HeapReAlloc
0x45006c HeapSize
0x450070 CreateFileA
0x450074 GetFileAttributesA
0x450078 GetLastError
0x45007c GetTempPathA
0x450080 SetCurrentDirectoryA
0x450084 Sleep
0x450088 GetModuleHandleA
0x45008c ResumeThread
0x450090 GetComputerNameExW
0x450094 GetVersionExW
0x450098 WaitForSingleObject
0x45009c CreateMutexA
0x4500a0 VirtualAlloc
0x4500a4 WriteFile
0x4500a8 VirtualFree
0x4500ac WriteProcessMemory
0x4500b0 GetModuleFileNameA
0x4500b4 ReadProcessMemory
0x4500b8 ReadFile
0x4500bc GetTimeZoneInformation
0x4500c0 GetConsoleMode
0x4500c4 GetConsoleCP
0x4500c8 FlushFileBuffers
0x4500cc GetStringTypeW
0x4500d0 GetProcessHeap
0x4500d4 SetEnvironmentVariableW
0x4500d8 FreeEnvironmentStringsW
0x4500dc GetEnvironmentStringsW
0x4500e0 GetCPInfo
0x4500e4 GetOEMCP
0x4500e8 GetACP
0x4500ec IsValidCodePage
0x4500f0 FindNextFileW
0x4500f4 FindFirstFileExW
0x4500f8 FindClose
0x4500fc SetFilePointerEx
0x450100 SetStdHandle
0x450104 GetFullPathNameW
0x450108 GetCurrentDirectoryW
0x45010c DeleteFileW
0x450110 LCMapStringW
0x450114 CompareStringW
0x450118 MultiByteToWideChar
0x45011c HeapAlloc
0x450120 HeapFree
0x450124 GetCommandLineW
0x450128 GetCommandLineA
0x45012c GetStdHandle
0x450130 FileTimeToSystemTime
0x450134 SystemTimeToTzSpecificLocalTime
0x450138 PeekNamedPipe
0x45013c GetFileType
0x450140 GetFileInformationByHandle
0x450144 GetDriveTypeW
0x450148 RaiseException
0x45014c GetCurrentThreadId
0x450150 IsProcessorFeaturePresent
0x450154 QueueUserWorkItem
0x450158 GetModuleHandleExW
0x45015c FormatMessageW
0x450160 WideCharToMultiByte
0x450164 EnterCriticalSection
0x450168 LeaveCriticalSection
0x45016c TryEnterCriticalSection
0x450170 DeleteCriticalSection
0x450174 SetLastError
0x450178 InitializeCriticalSectionAndSpinCount
0x45017c CreateEventW
0x450180 SwitchToThread
0x450184 TlsAlloc
0x450188 TlsGetValue
0x45018c TlsSetValue
0x450190 TlsFree
0x450194 GetSystemTimeAsFileTime
0x450198 GetTickCount
0x45019c GetModuleHandleW
0x4501a0 WaitForSingleObjectEx
0x4501a4 QueryPerformanceCounter
0x4501a8 SetEvent
0x4501ac ResetEvent
0x4501b0 UnhandledExceptionFilter
0x4501b4 SetUnhandledExceptionFilter
0x4501b8 GetCurrentProcess
0x4501bc TerminateProcess
0x4501c0 IsDebuggerPresent
0x4501c4 GetStartupInfoW
0x4501c8 GetCurrentProcessId
0x4501cc InitializeSListHead
0x4501d0 CreateTimerQueue
0x4501d4 SignalObjectAndWait
0x4501d8 SetThreadPriority
0x4501dc GetThreadPriority
0x4501e0 GetLogicalProcessorInformation
0x4501e4 CreateTimerQueueTimer
0x4501e8 ChangeTimerQueueTimer
0x4501ec DeleteTimerQueueTimer
0x4501f0 GetNumaHighestNodeNumber
0x4501f4 GetProcessAffinityMask
0x4501f8 SetThreadAffinityMask
0x4501fc RegisterWaitForSingleObject
0x450200 UnregisterWait
0x450204 EncodePointer
0x450208 GetCurrentThread
0x45020c GetThreadTimes
0x450210 FreeLibrary
0x450214 FreeLibraryAndExitThread
0x450218 GetModuleFileNameW
0x45021c LoadLibraryExW
0x450220 VirtualProtect
0x450224 DuplicateHandle
0x450228 ReleaseSemaphore
0x45022c InterlockedPopEntrySList
0x450230 InterlockedPushEntrySList
0x450234 InterlockedFlushSList
0x450238 QueryDepthSList
0x45023c UnregisterWaitEx
0x450240 LoadLibraryW
0x450244 RtlUnwind
0x450248 ExitProcess
0x45024c CreateFileW
0x450250 WriteConsoleW
ADVAPI32.dll
0x450000 RegCloseKey
0x450004 RegQueryInfoKeyW
0x450008 RegQueryValueExA
0x45000c GetSidSubAuthorityCount
0x450010 GetSidSubAuthority
0x450014 GetUserNameA
0x450018 LookupAccountNameA
0x45001c RegSetValueExA
0x450020 RegOpenKeyExA
0x450024 RegEnumValueW
0x450028 GetSidIdentifierAuthority
SHELL32.dll
0x450258 SHGetFolderPathA
0x45025c ShellExecuteA
0x450260 None
0x450264 SHFileOperationA
ole32.dll
0x4502bc CoUninitialize
0x4502c0 CoCreateInstance
0x4502c4 CoInitialize
WININET.dll
0x45026c HttpOpenRequestA
0x450270 InternetOpenUrlA
0x450274 InternetOpenW
0x450278 InternetOpenA
0x45027c InternetCloseHandle
0x450280 HttpSendRequestA
0x450284 InternetConnectA
0x450288 InternetReadFile
WS2_32.dll
0x450290 closesocket
0x450294 inet_pton
0x450298 getaddrinfo
0x45029c WSAStartup
0x4502a0 send
0x4502a4 socket
0x4502a8 connect
0x4502ac recv
0x4502b0 htons
0x4502b4 freeaddrinfo
EAT(Export Address Table) is none
KERNEL32.dll
0x450030 GetSystemInfo
0x450034 CreateThread
0x450038 GetLocalTime
0x45003c GetThreadContext
0x450040 GetProcAddress
0x450044 VirtualAllocEx
0x450048 RemoveDirectoryA
0x45004c CloseHandle
0x450050 CreateProcessA
0x450054 CreateDirectoryA
0x450058 SetThreadContext
0x45005c SetEndOfFile
0x450060 DecodePointer
0x450064 ReadConsoleW
0x450068 HeapReAlloc
0x45006c HeapSize
0x450070 CreateFileA
0x450074 GetFileAttributesA
0x450078 GetLastError
0x45007c GetTempPathA
0x450080 SetCurrentDirectoryA
0x450084 Sleep
0x450088 GetModuleHandleA
0x45008c ResumeThread
0x450090 GetComputerNameExW
0x450094 GetVersionExW
0x450098 WaitForSingleObject
0x45009c CreateMutexA
0x4500a0 VirtualAlloc
0x4500a4 WriteFile
0x4500a8 VirtualFree
0x4500ac WriteProcessMemory
0x4500b0 GetModuleFileNameA
0x4500b4 ReadProcessMemory
0x4500b8 ReadFile
0x4500bc GetTimeZoneInformation
0x4500c0 GetConsoleMode
0x4500c4 GetConsoleCP
0x4500c8 FlushFileBuffers
0x4500cc GetStringTypeW
0x4500d0 GetProcessHeap
0x4500d4 SetEnvironmentVariableW
0x4500d8 FreeEnvironmentStringsW
0x4500dc GetEnvironmentStringsW
0x4500e0 GetCPInfo
0x4500e4 GetOEMCP
0x4500e8 GetACP
0x4500ec IsValidCodePage
0x4500f0 FindNextFileW
0x4500f4 FindFirstFileExW
0x4500f8 FindClose
0x4500fc SetFilePointerEx
0x450100 SetStdHandle
0x450104 GetFullPathNameW
0x450108 GetCurrentDirectoryW
0x45010c DeleteFileW
0x450110 LCMapStringW
0x450114 CompareStringW
0x450118 MultiByteToWideChar
0x45011c HeapAlloc
0x450120 HeapFree
0x450124 GetCommandLineW
0x450128 GetCommandLineA
0x45012c GetStdHandle
0x450130 FileTimeToSystemTime
0x450134 SystemTimeToTzSpecificLocalTime
0x450138 PeekNamedPipe
0x45013c GetFileType
0x450140 GetFileInformationByHandle
0x450144 GetDriveTypeW
0x450148 RaiseException
0x45014c GetCurrentThreadId
0x450150 IsProcessorFeaturePresent
0x450154 QueueUserWorkItem
0x450158 GetModuleHandleExW
0x45015c FormatMessageW
0x450160 WideCharToMultiByte
0x450164 EnterCriticalSection
0x450168 LeaveCriticalSection
0x45016c TryEnterCriticalSection
0x450170 DeleteCriticalSection
0x450174 SetLastError
0x450178 InitializeCriticalSectionAndSpinCount
0x45017c CreateEventW
0x450180 SwitchToThread
0x450184 TlsAlloc
0x450188 TlsGetValue
0x45018c TlsSetValue
0x450190 TlsFree
0x450194 GetSystemTimeAsFileTime
0x450198 GetTickCount
0x45019c GetModuleHandleW
0x4501a0 WaitForSingleObjectEx
0x4501a4 QueryPerformanceCounter
0x4501a8 SetEvent
0x4501ac ResetEvent
0x4501b0 UnhandledExceptionFilter
0x4501b4 SetUnhandledExceptionFilter
0x4501b8 GetCurrentProcess
0x4501bc TerminateProcess
0x4501c0 IsDebuggerPresent
0x4501c4 GetStartupInfoW
0x4501c8 GetCurrentProcessId
0x4501cc InitializeSListHead
0x4501d0 CreateTimerQueue
0x4501d4 SignalObjectAndWait
0x4501d8 SetThreadPriority
0x4501dc GetThreadPriority
0x4501e0 GetLogicalProcessorInformation
0x4501e4 CreateTimerQueueTimer
0x4501e8 ChangeTimerQueueTimer
0x4501ec DeleteTimerQueueTimer
0x4501f0 GetNumaHighestNodeNumber
0x4501f4 GetProcessAffinityMask
0x4501f8 SetThreadAffinityMask
0x4501fc RegisterWaitForSingleObject
0x450200 UnregisterWait
0x450204 EncodePointer
0x450208 GetCurrentThread
0x45020c GetThreadTimes
0x450210 FreeLibrary
0x450214 FreeLibraryAndExitThread
0x450218 GetModuleFileNameW
0x45021c LoadLibraryExW
0x450220 VirtualProtect
0x450224 DuplicateHandle
0x450228 ReleaseSemaphore
0x45022c InterlockedPopEntrySList
0x450230 InterlockedPushEntrySList
0x450234 InterlockedFlushSList
0x450238 QueryDepthSList
0x45023c UnregisterWaitEx
0x450240 LoadLibraryW
0x450244 RtlUnwind
0x450248 ExitProcess
0x45024c CreateFileW
0x450250 WriteConsoleW
ADVAPI32.dll
0x450000 RegCloseKey
0x450004 RegQueryInfoKeyW
0x450008 RegQueryValueExA
0x45000c GetSidSubAuthorityCount
0x450010 GetSidSubAuthority
0x450014 GetUserNameA
0x450018 LookupAccountNameA
0x45001c RegSetValueExA
0x450020 RegOpenKeyExA
0x450024 RegEnumValueW
0x450028 GetSidIdentifierAuthority
SHELL32.dll
0x450258 SHGetFolderPathA
0x45025c ShellExecuteA
0x450260 None
0x450264 SHFileOperationA
ole32.dll
0x4502bc CoUninitialize
0x4502c0 CoCreateInstance
0x4502c4 CoInitialize
WININET.dll
0x45026c HttpOpenRequestA
0x450270 InternetOpenUrlA
0x450274 InternetOpenW
0x450278 InternetOpenA
0x45027c InternetCloseHandle
0x450280 HttpSendRequestA
0x450284 InternetConnectA
0x450288 InternetReadFile
WS2_32.dll
0x450290 closesocket
0x450294 inet_pton
0x450298 getaddrinfo
0x45029c WSAStartup
0x4502a0 send
0x4502a4 socket
0x4502a8 connect
0x4502ac recv
0x4502b0 htons
0x4502b4 freeaddrinfo
EAT(Export Address Table) is none