Report - ghgadadas.exe

UPX PE File PE32
ScreenShot
Created 2024.08.09 16:33 Machine s1_win7_x6401
Filename ghgadadas.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
1
Behavior Score
1.6
ZERO API file : clean
VT API (file) 41 detected (AIDetectMalware, malicious, high confidence, score, Strictor, Vcbe, Attribute, HighConfidence, a variant of JS, Artemis, Lumma, CLOUD, wqqzt, Detected, ai score=81, Caynamer, JavaScript, Rgil, susgen, confidence)
md5 eae8fea1fe3a77450002d315167b3471
sha256 656099d4fcb2a5824b4bf2ac8d6356f33d73d9a2a4c401bcd986f7667ee71695
ssdeep 3072:MXk7bSP2sXk7bSP2mXk7bSP2VXk7bSP2:0k7O+Uk7O+Kk7O+xk7O+
imphash 76e0d8d65462216e7b0903bc27d606d1
impfuzzy 48:sK24t9qcBL8xnAfJKDjsMFSvlw/gl4/zLn6g1bFEUznpfttvzGZSY49+oRiuenBu:sKTtccBL8Nf0m7eGeEIx+ZN3Mzw
  Network IP location

Signature (3cnts)

Level Description
danger File has been identified by 41 AntiVirus engines on VirusTotal as malicious
info The file contains an unknown PE resource name possibly indicative of a packer
info This executable has a PDB path

Rules (3cnts)

Level Name Description Collection
watch UPX_Zero UPX packed file binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

ADVAPI32.dll
 0x407000 RegDeleteValueW
 0x407004 RegOpenKeyExW
 0x407008 RegSetValueExW
 0x40700c RegCreateKeyExW
 0x407010 RegCloseKey
 0x407014 RegQueryValueExW
KERNEL32.dll
 0x407038 HeapSetInformation
 0x40703c LocalFree
 0x407040 GetModuleHandleW
 0x407044 GetTickCount
 0x407048 lstrcmpW
 0x40704c GetCurrentThreadId
 0x407050 GetLastError
 0x407054 FormatMessageW
 0x407058 LocalAlloc
 0x40705c CreateMutexW
 0x407060 lstrlenW
 0x407064 CloseHandle
 0x407068 GetCurrentProcessId
 0x40706c GetSystemTimeAsFileTime
 0x407070 QueryPerformanceCounter
 0x407074 TerminateProcess
 0x407078 GetCurrentProcess
 0x40707c SetUnhandledExceptionFilter
 0x407080 UnhandledExceptionFilter
 0x407084 GetStartupInfoW
 0x407088 Sleep
GDI32.dll
 0x40701c GetStockObject
 0x407020 GetTextExtentPoint32W
 0x407024 SetBkColor
 0x407028 LPtoDP
 0x40702c CreateFontIndirectW
 0x407030 SelectObject
USER32.dll
 0x4070e4 DefDlgProcW
 0x4070e8 IsDialogMessageW
 0x4070ec DispatchMessageW
 0x4070f0 ShowWindow
 0x4070f4 GetActiveWindow
 0x4070f8 LoadStringW
 0x4070fc LoadAcceleratorsW
 0x407100 DrawIcon
 0x407104 GetSystemMetrics
 0x407108 EndDialog
 0x40710c SendMessageW
 0x407110 FillRect
 0x407114 MessageBoxW
 0x407118 SetWindowPos
 0x40711c GetDC
 0x407120 DestroyWindow
 0x407124 GetFocus
 0x407128 GetWindowRect
 0x40712c PostMessageW
 0x407130 CreateDialogParamW
 0x407134 GetMessageW
 0x407138 GetWindowTextLengthW
 0x40713c SetDlgItemTextW
 0x407140 GetDlgItemTextW
 0x407144 SendDlgItemMessageW
 0x407148 GetSysColor
 0x40714c WinHelpW
 0x407150 SetFocus
 0x407154 TranslateAcceleratorW
 0x407158 TranslateMessage
 0x40715c GetClipboardData
 0x407160 LoadIconW
 0x407164 PeekMessageW
 0x407168 FindWindowW
 0x40716c LoadCursorW
 0x407170 GetClientRect
 0x407174 GetDlgItem
 0x407178 IsClipboardFormatAvailable
 0x40717c CheckDlgButton
 0x407180 PostQuitMessage
 0x407184 GetSysColorBrush
 0x407188 EnableMenuItem
 0x40718c SystemParametersInfoW
 0x407190 GetParent
 0x407194 DialogBoxParamW
 0x407198 UpdateWindow
 0x40719c SetForegroundWindow
 0x4071a0 IsIconic
 0x4071a4 ReleaseDC
 0x4071a8 BeginPaint
 0x4071ac EndPaint
 0x4071b0 EnableWindow
 0x4071b4 RegisterClassW
msvcrt.dll
 0x4071bc _except_handler4_common
 0x4071c0 _controlfp
 0x4071c4 ?terminate@@YAXXZ
 0x4071c8 _acmdln
 0x4071cc _initterm
 0x4071d0 __setusermatherr
 0x4071d4 _ismbblead
 0x4071d8 __p__fmode
 0x4071dc _cexit
 0x4071e0 memset
 0x4071e4 exit
 0x4071e8 __set_app_type
 0x4071ec __getmainargs
 0x4071f0 _amsg_exit
 0x4071f4 __p__commode
 0x4071f8 _XcptFilter
 0x4071fc wcscspn
 0x407200 wcsspn
 0x407204 _itow
 0x407208 _wtoi
 0x40720c _vsnwprintf
 0x407210 _exit
 0x407214 memmove
SHELL32.dll
 0x407090 ShellAboutW
TAPI32.dll
 0x407098 lineGetAppPriorityW
 0x40709c lineGetDevCapsW
 0x4070a0 lineClose
 0x4070a4 lineGetRequestW
 0x4070a8 lineSetAppPriorityW
 0x4070ac lineRegisterRequestRecipient
 0x4070b0 lineDrop
 0x4070b4 lineConfigDialogW
 0x4070b8 lineDeallocateCall
 0x4070bc lineTranslateDialogW
 0x4070c0 lineInitializeExW
 0x4070c4 lineGetTranslateCapsW
 0x4070c8 lineTranslateAddressW
 0x4070cc lineShutdown
 0x4070d0 lineGetAddressCapsW
 0x4070d4 lineMakeCallW
 0x4070d8 lineNegotiateAPIVersion
 0x4070dc lineOpenW

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure