ScreenShot
| Created | 2024.08.08 14:07 | Machine | s1_win7_x6401 |
| Filename | Dropper.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 32 detected (AIDetectMalware, Stealerc, malicious, high confidence, Obfuscated, Unsafe, V72q, Artemis, Revoked, AnyDesk, Compromise, TrojanPSW, CLOUD, Redcap, wybab, Penguish, Detected, Sonbokli, Wacatac, Rugmi, Chgt, QQPass, QQRob, Dnhl, susgen, PossibleThreat) | ||
| md5 | 5341c5bb13ae2b2753b2fdadcf93aa51 | ||
| sha256 | 492223cd623e3f64dc873274ac477a1aa2985c50fb5d7b6e45384bf900302d60 | ||
| ssdeep | 49152:be0sDhG00c3iN1lTG+fyOadB/g/NaCYyG6VuO2kcpTaX:beBDheNrzNa3yNhc5aX | ||
| imphash | 0822adb3cfecfd0eef67bc6e89aaf7d9 | ||
| impfuzzy | 48:rLF9FS92cpe9tSS1MWBgv0bTL3ooOqc6uFZf1:XF+Ycpe9tSS11Bg8vso1c7f1 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 32 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x1400f9000 RegQueryInfoKeyW
0x1400f9008 RegOpenKeyExW
0x1400f9010 RegCloseKey
VERSION.dll
0x1400f9420 GetFileVersionInfoW
0x1400f9428 GetFileVersionInfoSizeW
0x1400f9430 VerQueryValueW
KERNEL32.dll
0x1400f9020 WriteConsoleW
0x1400f9028 SetEndOfFile
0x1400f9030 HeapSize
0x1400f9038 GetTempPathW
0x1400f9040 SetStdHandle
0x1400f9048 GetStdHandle
0x1400f9050 GetModuleFileNameW
0x1400f9058 GetShortPathNameW
0x1400f9060 MultiByteToWideChar
0x1400f9068 LoadLibraryW
0x1400f9070 GetThreadLocale
0x1400f9078 GetModuleFileNameA
0x1400f9080 CloseHandle
0x1400f9088 UnmapViewOfFile
0x1400f9090 GetFileSizeEx
0x1400f9098 MapViewOfFile
0x1400f90a0 CreateFileMappingW
0x1400f90a8 CreateFileW
0x1400f90b0 FreeLibrary
0x1400f90b8 WideCharToMultiByte
0x1400f90c0 WaitForMultipleObjects
0x1400f90c8 TerminateProcess
0x1400f90d0 GetLastError
0x1400f90d8 GetExitCodeProcess
0x1400f90e0 WaitForSingleObject
0x1400f90e8 FindClose
0x1400f90f0 FindFirstFileW
0x1400f90f8 GetFileAttributesW
0x1400f9100 LocalFree
0x1400f9108 FormatMessageW
0x1400f9110 GetFileType
0x1400f9118 GetConsoleScreenBufferInfo
0x1400f9120 LoadLibraryExA
0x1400f9128 FormatMessageA
0x1400f9130 LoadLibraryA
0x1400f9138 EnterCriticalSection
0x1400f9140 LeaveCriticalSection
0x1400f9148 InitializeCriticalSectionAndSpinCount
0x1400f9150 DeleteCriticalSection
0x1400f9158 SetEvent
0x1400f9160 ResetEvent
0x1400f9168 WaitForSingleObjectEx
0x1400f9170 CreateEventW
0x1400f9178 GetModuleHandleW
0x1400f9180 GetProcAddress
0x1400f9188 RtlCaptureContext
0x1400f9190 RtlLookupFunctionEntry
0x1400f9198 RtlVirtualUnwind
0x1400f91a0 IsDebuggerPresent
0x1400f91a8 UnhandledExceptionFilter
0x1400f91b0 SetUnhandledExceptionFilter
0x1400f91b8 GetStartupInfoW
0x1400f91c0 IsProcessorFeaturePresent
0x1400f91c8 QueryPerformanceCounter
0x1400f91d0 GetCurrentProcessId
0x1400f91d8 GetCurrentThreadId
0x1400f91e0 GetSystemTimeAsFileTime
0x1400f91e8 InitializeSListHead
0x1400f91f0 GetCurrentProcess
0x1400f91f8 GetTimeZoneInformation
0x1400f9200 RtlUnwindEx
0x1400f9208 RtlPcToFileHeader
0x1400f9210 RaiseException
0x1400f9218 InterlockedPushEntrySList
0x1400f9220 InterlockedFlushSList
0x1400f9228 SetLastError
0x1400f9230 EncodePointer
0x1400f9238 TlsAlloc
0x1400f9240 TlsGetValue
0x1400f9248 TlsSetValue
0x1400f9250 TlsFree
0x1400f9258 LoadLibraryExW
0x1400f9260 SetConsoleCtrlHandler
0x1400f9268 GetDriveTypeW
0x1400f9270 GetFileInformationByHandle
0x1400f9278 PeekNamedPipe
0x1400f9280 SystemTimeToTzSpecificLocalTime
0x1400f9288 FileTimeToSystemTime
0x1400f9290 GetCommandLineA
0x1400f9298 GetCommandLineW
0x1400f92a0 GetFileAttributesExW
0x1400f92a8 ReadFile
0x1400f92b0 FindFirstFileExW
0x1400f92b8 FindNextFileW
0x1400f92c0 ExitProcess
0x1400f92c8 GetModuleHandleExW
0x1400f92d0 CreateDirectoryW
0x1400f92d8 GetFullPathNameW
0x1400f92e0 DuplicateHandle
0x1400f92e8 DeleteFileW
0x1400f92f0 RemoveDirectoryW
0x1400f92f8 SetEnvironmentVariableW
0x1400f9300 SetCurrentDirectoryW
0x1400f9308 GetCurrentDirectoryW
0x1400f9310 WriteFile
0x1400f9318 GetConsoleMode
0x1400f9320 ReadConsoleW
0x1400f9328 SetFilePointerEx
0x1400f9330 HeapAlloc
0x1400f9338 HeapFree
0x1400f9340 FlsAlloc
0x1400f9348 FlsGetValue
0x1400f9350 FlsSetValue
0x1400f9358 FlsFree
0x1400f9360 GetDateFormatW
0x1400f9368 GetTimeFormatW
0x1400f9370 CompareStringW
0x1400f9378 LCMapStringW
0x1400f9380 GetLocaleInfoW
0x1400f9388 IsValidLocale
0x1400f9390 GetUserDefaultLCID
0x1400f9398 EnumSystemLocalesW
0x1400f93a0 GetCurrentThread
0x1400f93a8 GetCPInfo
0x1400f93b0 GetStringTypeW
0x1400f93b8 IsValidCodePage
0x1400f93c0 GetACP
0x1400f93c8 GetOEMCP
0x1400f93d0 FlushFileBuffers
0x1400f93d8 GetConsoleOutputCP
0x1400f93e0 HeapReAlloc
0x1400f93e8 CreateProcessW
0x1400f93f0 GetEnvironmentStringsW
0x1400f93f8 FreeEnvironmentStringsW
0x1400f9400 GetProcessHeap
0x1400f9408 OutputDebugStringW
0x1400f9410 RtlUnwind
EAT(Export Address Table) is none
ADVAPI32.dll
0x1400f9000 RegQueryInfoKeyW
0x1400f9008 RegOpenKeyExW
0x1400f9010 RegCloseKey
VERSION.dll
0x1400f9420 GetFileVersionInfoW
0x1400f9428 GetFileVersionInfoSizeW
0x1400f9430 VerQueryValueW
KERNEL32.dll
0x1400f9020 WriteConsoleW
0x1400f9028 SetEndOfFile
0x1400f9030 HeapSize
0x1400f9038 GetTempPathW
0x1400f9040 SetStdHandle
0x1400f9048 GetStdHandle
0x1400f9050 GetModuleFileNameW
0x1400f9058 GetShortPathNameW
0x1400f9060 MultiByteToWideChar
0x1400f9068 LoadLibraryW
0x1400f9070 GetThreadLocale
0x1400f9078 GetModuleFileNameA
0x1400f9080 CloseHandle
0x1400f9088 UnmapViewOfFile
0x1400f9090 GetFileSizeEx
0x1400f9098 MapViewOfFile
0x1400f90a0 CreateFileMappingW
0x1400f90a8 CreateFileW
0x1400f90b0 FreeLibrary
0x1400f90b8 WideCharToMultiByte
0x1400f90c0 WaitForMultipleObjects
0x1400f90c8 TerminateProcess
0x1400f90d0 GetLastError
0x1400f90d8 GetExitCodeProcess
0x1400f90e0 WaitForSingleObject
0x1400f90e8 FindClose
0x1400f90f0 FindFirstFileW
0x1400f90f8 GetFileAttributesW
0x1400f9100 LocalFree
0x1400f9108 FormatMessageW
0x1400f9110 GetFileType
0x1400f9118 GetConsoleScreenBufferInfo
0x1400f9120 LoadLibraryExA
0x1400f9128 FormatMessageA
0x1400f9130 LoadLibraryA
0x1400f9138 EnterCriticalSection
0x1400f9140 LeaveCriticalSection
0x1400f9148 InitializeCriticalSectionAndSpinCount
0x1400f9150 DeleteCriticalSection
0x1400f9158 SetEvent
0x1400f9160 ResetEvent
0x1400f9168 WaitForSingleObjectEx
0x1400f9170 CreateEventW
0x1400f9178 GetModuleHandleW
0x1400f9180 GetProcAddress
0x1400f9188 RtlCaptureContext
0x1400f9190 RtlLookupFunctionEntry
0x1400f9198 RtlVirtualUnwind
0x1400f91a0 IsDebuggerPresent
0x1400f91a8 UnhandledExceptionFilter
0x1400f91b0 SetUnhandledExceptionFilter
0x1400f91b8 GetStartupInfoW
0x1400f91c0 IsProcessorFeaturePresent
0x1400f91c8 QueryPerformanceCounter
0x1400f91d0 GetCurrentProcessId
0x1400f91d8 GetCurrentThreadId
0x1400f91e0 GetSystemTimeAsFileTime
0x1400f91e8 InitializeSListHead
0x1400f91f0 GetCurrentProcess
0x1400f91f8 GetTimeZoneInformation
0x1400f9200 RtlUnwindEx
0x1400f9208 RtlPcToFileHeader
0x1400f9210 RaiseException
0x1400f9218 InterlockedPushEntrySList
0x1400f9220 InterlockedFlushSList
0x1400f9228 SetLastError
0x1400f9230 EncodePointer
0x1400f9238 TlsAlloc
0x1400f9240 TlsGetValue
0x1400f9248 TlsSetValue
0x1400f9250 TlsFree
0x1400f9258 LoadLibraryExW
0x1400f9260 SetConsoleCtrlHandler
0x1400f9268 GetDriveTypeW
0x1400f9270 GetFileInformationByHandle
0x1400f9278 PeekNamedPipe
0x1400f9280 SystemTimeToTzSpecificLocalTime
0x1400f9288 FileTimeToSystemTime
0x1400f9290 GetCommandLineA
0x1400f9298 GetCommandLineW
0x1400f92a0 GetFileAttributesExW
0x1400f92a8 ReadFile
0x1400f92b0 FindFirstFileExW
0x1400f92b8 FindNextFileW
0x1400f92c0 ExitProcess
0x1400f92c8 GetModuleHandleExW
0x1400f92d0 CreateDirectoryW
0x1400f92d8 GetFullPathNameW
0x1400f92e0 DuplicateHandle
0x1400f92e8 DeleteFileW
0x1400f92f0 RemoveDirectoryW
0x1400f92f8 SetEnvironmentVariableW
0x1400f9300 SetCurrentDirectoryW
0x1400f9308 GetCurrentDirectoryW
0x1400f9310 WriteFile
0x1400f9318 GetConsoleMode
0x1400f9320 ReadConsoleW
0x1400f9328 SetFilePointerEx
0x1400f9330 HeapAlloc
0x1400f9338 HeapFree
0x1400f9340 FlsAlloc
0x1400f9348 FlsGetValue
0x1400f9350 FlsSetValue
0x1400f9358 FlsFree
0x1400f9360 GetDateFormatW
0x1400f9368 GetTimeFormatW
0x1400f9370 CompareStringW
0x1400f9378 LCMapStringW
0x1400f9380 GetLocaleInfoW
0x1400f9388 IsValidLocale
0x1400f9390 GetUserDefaultLCID
0x1400f9398 EnumSystemLocalesW
0x1400f93a0 GetCurrentThread
0x1400f93a8 GetCPInfo
0x1400f93b0 GetStringTypeW
0x1400f93b8 IsValidCodePage
0x1400f93c0 GetACP
0x1400f93c8 GetOEMCP
0x1400f93d0 FlushFileBuffers
0x1400f93d8 GetConsoleOutputCP
0x1400f93e0 HeapReAlloc
0x1400f93e8 CreateProcessW
0x1400f93f0 GetEnvironmentStringsW
0x1400f93f8 FreeEnvironmentStringsW
0x1400f9400 GetProcessHeap
0x1400f9408 OutputDebugStringW
0x1400f9410 RtlUnwind
EAT(Export Address Table) is none