Report - 카카오 엔터테인먼트의 지식재산권 침해 내용.PDF.exe

Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer UPX PE File PE32 MZP Format OS Processor Check DLL PE64
ScreenShot
Created 2024.08.08 16:51 Machine s1_win7_x6401
Filename 카카오 엔터테인먼트의 지식재산권 침해 내용.PDF.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
4
Behavior Score
7.2
ZERO API file : clean
VT API (file) 18 detected (AIDetectMalware, Lumma, Vz0j, Artemis, FileRepMalware, Misc, Strab, LUMMASTEALER, YXEHEZ, Razy, MALICIOUS, grayware, confidence)
md5 6eaf878c7f1449d65f4b99d49aa9844a
sha256 719be172d349897c78f1674a09f9a8cbbbc74445938f8da93845b4b03ef6a43e
ssdeep 196608:JoRIA7SzZqdAzjNZrVG5Jf8S8zZHUVkSrdZHBjkYCDHi2Qo1RqvCpE:JaTsZqdAf7kf8PzZ0VkSrLHBjgO2qH
imphash 40ab50289f7ef5fae60801f88d4541fc
impfuzzy 96:oQkHWhNbJj7t9X13bz9Yhr8X5alVNb73JFO:n0WXX9FrBCIkrNbbrO
  Network IP location

Signature (19cnts)

Level Description
watch Deletes executed files from disk
watch Detects the presence of Wine emulator
watch File has been identified by 18 AntiVirus engines on VirusTotal as malicious
watch Resumed a suspended thread in a remote process potentially indicative of process injection
notice A process created a hidden window
notice Allocates read-write-execute memory (usually to unpack itself)
notice Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice Creates a suspicious process
notice Creates executable files on the filesystem
notice Drops an executable to the user AppData folder
notice Executes one or more WMI queries
notice Queries for potentially installed applications
notice Uses Windows utilities for basic Windows functionality
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info Command line console output was observed
info One or more processes crashed
info Queries for the computername
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (20cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (download)
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Admin_Tool_IN_Zero Admin Tool Sysinternals binaries (download)
watch Admin_Tool_IN_Zero Admin Tool Sysinternals binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (download)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (download)
watch Malicious_Packer_Zero Malicious Packer binaries (upload)
watch UPX_Zero UPX packed file binaries (download)
watch UPX_Zero UPX packed file binaries (upload)
info IsDLL (no description) binaries (download)
info IsPE32 (no description) binaries (download)
info IsPE32 (no description) binaries (upload)
info IsPE64 (no description) binaries (download)
info mzp_file_format MZP(Delphi) file format binaries (download)
info mzp_file_format MZP(Delphi) file format binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (download)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (download)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

kernel32.dll
 0x4b52d4 GetACP
 0x4b52d8 GetExitCodeProcess
 0x4b52dc CloseHandle
 0x4b52e0 LocalFree
 0x4b52e4 SizeofResource
 0x4b52e8 VirtualProtect
 0x4b52ec QueryPerformanceFrequency
 0x4b52f0 VirtualFree
 0x4b52f4 GetFullPathNameW
 0x4b52f8 GetProcessHeap
 0x4b52fc ExitProcess
 0x4b5300 HeapAlloc
 0x4b5304 GetCPInfoExW
 0x4b5308 RtlUnwind
 0x4b530c GetCPInfo
 0x4b5310 GetStdHandle
 0x4b5314 GetModuleHandleW
 0x4b5318 FreeLibrary
 0x4b531c HeapDestroy
 0x4b5320 ReadFile
 0x4b5324 CreateProcessW
 0x4b5328 GetLastError
 0x4b532c GetModuleFileNameW
 0x4b5330 SetLastError
 0x4b5334 FindResourceW
 0x4b5338 CreateThread
 0x4b533c CompareStringW
 0x4b5340 LoadLibraryA
 0x4b5344 ResetEvent
 0x4b5348 GetVolumeInformationW
 0x4b534c GetVersion
 0x4b5350 GetDriveTypeW
 0x4b5354 RaiseException
 0x4b5358 FormatMessageW
 0x4b535c SwitchToThread
 0x4b5360 GetExitCodeThread
 0x4b5364 GetCurrentThread
 0x4b5368 LoadLibraryExW
 0x4b536c LockResource
 0x4b5370 GetCurrentThreadId
 0x4b5374 UnhandledExceptionFilter
 0x4b5378 VirtualQuery
 0x4b537c VirtualQueryEx
 0x4b5380 Sleep
 0x4b5384 EnterCriticalSection
 0x4b5388 SetFilePointer
 0x4b538c LoadResource
 0x4b5390 SuspendThread
 0x4b5394 GetTickCount
 0x4b5398 GetFileSize
 0x4b539c GetStartupInfoW
 0x4b53a0 GetFileAttributesW
 0x4b53a4 InitializeCriticalSection
 0x4b53a8 GetSystemWindowsDirectoryW
 0x4b53ac GetThreadPriority
 0x4b53b0 SetThreadPriority
 0x4b53b4 GetCurrentProcess
 0x4b53b8 VirtualAlloc
 0x4b53bc GetCommandLineW
 0x4b53c0 GetSystemInfo
 0x4b53c4 LeaveCriticalSection
 0x4b53c8 GetProcAddress
 0x4b53cc ResumeThread
 0x4b53d0 GetVersionExW
 0x4b53d4 VerifyVersionInfoW
 0x4b53d8 HeapCreate
 0x4b53dc GetWindowsDirectoryW
 0x4b53e0 LCMapStringW
 0x4b53e4 VerSetConditionMask
 0x4b53e8 GetDiskFreeSpaceW
 0x4b53ec FindFirstFileW
 0x4b53f0 GetUserDefaultUILanguage
 0x4b53f4 lstrlenW
 0x4b53f8 QueryPerformanceCounter
 0x4b53fc SetEndOfFile
 0x4b5400 HeapFree
 0x4b5404 WideCharToMultiByte
 0x4b5408 FindClose
 0x4b540c MultiByteToWideChar
 0x4b5410 LoadLibraryW
 0x4b5414 SetEvent
 0x4b5418 CreateFileW
 0x4b541c GetLocaleInfoW
 0x4b5420 GetSystemDirectoryW
 0x4b5424 DeleteFileW
 0x4b5428 GetLocalTime
 0x4b542c GetEnvironmentVariableW
 0x4b5430 WaitForSingleObject
 0x4b5434 WriteFile
 0x4b5438 ExitThread
 0x4b543c DeleteCriticalSection
 0x4b5440 TlsGetValue
 0x4b5444 GetDateFormatW
 0x4b5448 SetErrorMode
 0x4b544c IsValidLocale
 0x4b5450 TlsSetValue
 0x4b5454 CreateDirectoryW
 0x4b5458 GetSystemDefaultUILanguage
 0x4b545c EnumCalendarInfoW
 0x4b5460 LocalAlloc
 0x4b5464 GetUserDefaultLangID
 0x4b5468 RemoveDirectoryW
 0x4b546c CreateEventW
 0x4b5470 SetThreadLocale
 0x4b5474 GetThreadLocale
comctl32.dll
 0x4b547c InitCommonControls
user32.dll
 0x4b5484 CreateWindowExW
 0x4b5488 TranslateMessage
 0x4b548c CharLowerBuffW
 0x4b5490 CallWindowProcW
 0x4b5494 CharUpperW
 0x4b5498 PeekMessageW
 0x4b549c GetSystemMetrics
 0x4b54a0 SetWindowLongW
 0x4b54a4 MessageBoxW
 0x4b54a8 DestroyWindow
 0x4b54ac CharUpperBuffW
 0x4b54b0 CharNextW
 0x4b54b4 MsgWaitForMultipleObjects
 0x4b54b8 LoadStringW
 0x4b54bc ExitWindowsEx
 0x4b54c0 DispatchMessageW
oleaut32.dll
 0x4b54c8 SysAllocStringLen
 0x4b54cc SafeArrayPtrOfIndex
 0x4b54d0 VariantCopy
 0x4b54d4 SafeArrayGetLBound
 0x4b54d8 SafeArrayGetUBound
 0x4b54dc VariantInit
 0x4b54e0 VariantClear
 0x4b54e4 SysFreeString
 0x4b54e8 SysReAllocStringLen
 0x4b54ec VariantChangeType
 0x4b54f0 SafeArrayCreate
advapi32.dll
 0x4b54f8 ConvertStringSecurityDescriptorToSecurityDescriptorW
 0x4b54fc OpenThreadToken
 0x4b5500 AdjustTokenPrivileges
 0x4b5504 LookupPrivilegeValueW
 0x4b5508 RegOpenKeyExW
 0x4b550c OpenProcessToken
 0x4b5510 FreeSid
 0x4b5514 AllocateAndInitializeSid
 0x4b5518 EqualSid
 0x4b551c RegQueryValueExW
 0x4b5520 GetTokenInformation
 0x4b5524 ConvertSidToStringSidW
 0x4b5528 RegCloseKey

EAT(Export Address Table) Library

0x40fc10 __dbk_fcall_wrapper
0x4b063c dbkFCallWrapperAddr


Similarity measure (PE file only) - Checking for service failure