ScreenShot
| Created | 2024.08.12 11:30 | Machine | s1_win7_x6401 |
| Filename | GlitchClipper.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 52 detected (AIDetectMalware, malicious, high confidence, score, Doina, Unsafe, Kryptik, Vvxg, Attribute, HighConfidence, ClipBanker, Artemis, CrypterX, GenKryptik, kqpmez, CjRk8ElzHPC, nvpyu, Siggen29, Static AI, Suspicious PE, Detected, ai score=81, Wacatac, ABTrojan, TLWQ, Neshta, FileInfector, Krypt, Chgt, R002H07H324, Gencirc, susgen, GZOG, confidence, 100%) | ||
| md5 | 8ecad7a38a26ac1fc2c7804afd0599fa | ||
| sha256 | 83f6f8c068cd5b4448b2525ee799f58aa5ad0ce40f901881eda105f6d6ed4661 | ||
| ssdeep | 12288:RkTOXwOv+O+qw5ZT13sjsaz6ph0lhSMXliRm6oQL0:Rdv+qIZT4Qh0lhSMXlim630 | ||
| imphash | 9c0d0f8aa5b46aeec1065b24b296d00b | ||
| impfuzzy | 48:ral/QjKYOqZm6rCDFtdstSaCXc+LrNWvSrBbh:jjKqnCDFDstSaCXc+fNWvSrBt | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 52 AntiVirus engines on VirusTotal as malicious |
| watch | Installs itself for autorun at Windows startup |
| notice | A process attempted to delay the analysis task. |
| notice | Creates hidden or system file |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x14004c350 GetClipboardData
0x14004c358 EmptyClipboard
0x14004c360 CloseClipboard
0x14004c368 OpenClipboard
0x14004c370 SetClipboardData
ADVAPI32.dll
0x14004c000 GetCurrentHwProfileW
0x14004c008 GetUserNameW
0x14004c010 RegCloseKey
0x14004c018 RegSetValueExW
0x14004c020 RegOpenKeyExW
WININET.dll
0x14004c380 HttpOpenRequestA
0x14004c388 InternetQueryDataAvailable
0x14004c390 InternetCloseHandle
0x14004c398 InternetOpenA
0x14004c3a0 HttpSendRequestA
0x14004c3a8 InternetConnectA
0x14004c3b0 InternetReadFile
0x14004c3b8 HttpQueryInfoW
KERNEL32.dll
0x14004c030 GetCommandLineW
0x14004c038 GetEnvironmentStringsW
0x14004c040 FreeEnvironmentStringsW
0x14004c048 GetUserDefaultLCID
0x14004c050 GetCommandLineA
0x14004c058 FindNextFileW
0x14004c060 FindFirstFileExW
0x14004c068 FindClose
0x14004c070 CompareStringEx
0x14004c078 DecodePointer
0x14004c080 InitializeCriticalSectionEx
0x14004c088 LCMapStringEx
0x14004c090 CreateDirectoryW
0x14004c098 GetModuleFileNameW
0x14004c0a0 GetFileAttributesW
0x14004c0a8 SetFileAttributesW
0x14004c0b0 MoveFileW
0x14004c0b8 Sleep
0x14004c0c0 GlobalAlloc
0x14004c0c8 GlobalLock
0x14004c0d0 ExitProcess
0x14004c0d8 GlobalUnlock
0x14004c0e0 MultiByteToWideChar
0x14004c0e8 WideCharToMultiByte
0x14004c0f0 CreateMutexA
0x14004c0f8 ReleaseMutex
0x14004c100 OpenMutexA
0x14004c108 CloseHandle
0x14004c110 GetGeoInfoA
0x14004c118 GetLastError
0x14004c120 GetUserGeoID
0x14004c128 GetComputerNameW
0x14004c130 GetSystemTimeAsFileTime
0x14004c138 RtlCaptureContext
0x14004c140 RtlLookupFunctionEntry
0x14004c148 RtlVirtualUnwind
0x14004c150 IsDebuggerPresent
0x14004c158 UnhandledExceptionFilter
0x14004c160 SetUnhandledExceptionFilter
0x14004c168 SetLastError
0x14004c170 GetCurrentProcess
0x14004c178 TerminateProcess
0x14004c180 IsProcessorFeaturePresent
0x14004c188 GetCurrentThreadId
0x14004c190 FlsAlloc
0x14004c198 FlsGetValue
0x14004c1a0 FlsSetValue
0x14004c1a8 FlsFree
0x14004c1b0 InitializeCriticalSectionAndSpinCount
0x14004c1b8 FreeLibrary
0x14004c1c0 GetProcAddress
0x14004c1c8 LoadLibraryExW
0x14004c1d0 LCMapStringW
0x14004c1d8 GetLocaleInfoW
0x14004c1e0 IsValidLocale
0x14004c1e8 EnumSystemLocalesW
0x14004c1f0 HeapAlloc
0x14004c1f8 HeapReAlloc
0x14004c200 HeapFree
0x14004c208 EnterCriticalSection
0x14004c210 LeaveCriticalSection
0x14004c218 DeleteCriticalSection
0x14004c220 GetStdHandle
0x14004c228 GetFileType
0x14004c230 GetStartupInfoW
0x14004c238 RaiseException
0x14004c240 SetFilePointerEx
0x14004c248 GetConsoleMode
0x14004c250 IsValidCodePage
0x14004c258 GetACP
0x14004c260 GetOEMCP
0x14004c268 GetCPInfo
0x14004c270 GetModuleHandleW
0x14004c278 GetModuleHandleExW
0x14004c280 GetStringTypeW
0x14004c288 GetProcessHeap
0x14004c290 SetStdHandle
0x14004c298 CreateFileW
0x14004c2a0 FlushFileBuffers
0x14004c2a8 WriteFile
0x14004c2b0 GetConsoleOutputCP
0x14004c2b8 WriteConsoleW
0x14004c2c0 HeapSize
0x14004c2c8 ReleaseSRWLockExclusive
0x14004c2d0 AcquireSRWLockExclusive
0x14004c2d8 WakeAllConditionVariable
0x14004c2e0 SleepConditionVariableSRW
0x14004c2e8 QueryPerformanceCounter
0x14004c2f0 GetCurrentProcessId
0x14004c2f8 InitializeSListHead
0x14004c300 RtlUnwindEx
0x14004c308 RtlPcToFileHeader
0x14004c310 EncodePointer
0x14004c318 TlsAlloc
0x14004c320 TlsGetValue
0x14004c328 TlsSetValue
0x14004c330 TlsFree
SHELL32.dll
0x14004c340 SHGetFolderPathW
EAT(Export Address Table) is none
USER32.dll
0x14004c350 GetClipboardData
0x14004c358 EmptyClipboard
0x14004c360 CloseClipboard
0x14004c368 OpenClipboard
0x14004c370 SetClipboardData
ADVAPI32.dll
0x14004c000 GetCurrentHwProfileW
0x14004c008 GetUserNameW
0x14004c010 RegCloseKey
0x14004c018 RegSetValueExW
0x14004c020 RegOpenKeyExW
WININET.dll
0x14004c380 HttpOpenRequestA
0x14004c388 InternetQueryDataAvailable
0x14004c390 InternetCloseHandle
0x14004c398 InternetOpenA
0x14004c3a0 HttpSendRequestA
0x14004c3a8 InternetConnectA
0x14004c3b0 InternetReadFile
0x14004c3b8 HttpQueryInfoW
KERNEL32.dll
0x14004c030 GetCommandLineW
0x14004c038 GetEnvironmentStringsW
0x14004c040 FreeEnvironmentStringsW
0x14004c048 GetUserDefaultLCID
0x14004c050 GetCommandLineA
0x14004c058 FindNextFileW
0x14004c060 FindFirstFileExW
0x14004c068 FindClose
0x14004c070 CompareStringEx
0x14004c078 DecodePointer
0x14004c080 InitializeCriticalSectionEx
0x14004c088 LCMapStringEx
0x14004c090 CreateDirectoryW
0x14004c098 GetModuleFileNameW
0x14004c0a0 GetFileAttributesW
0x14004c0a8 SetFileAttributesW
0x14004c0b0 MoveFileW
0x14004c0b8 Sleep
0x14004c0c0 GlobalAlloc
0x14004c0c8 GlobalLock
0x14004c0d0 ExitProcess
0x14004c0d8 GlobalUnlock
0x14004c0e0 MultiByteToWideChar
0x14004c0e8 WideCharToMultiByte
0x14004c0f0 CreateMutexA
0x14004c0f8 ReleaseMutex
0x14004c100 OpenMutexA
0x14004c108 CloseHandle
0x14004c110 GetGeoInfoA
0x14004c118 GetLastError
0x14004c120 GetUserGeoID
0x14004c128 GetComputerNameW
0x14004c130 GetSystemTimeAsFileTime
0x14004c138 RtlCaptureContext
0x14004c140 RtlLookupFunctionEntry
0x14004c148 RtlVirtualUnwind
0x14004c150 IsDebuggerPresent
0x14004c158 UnhandledExceptionFilter
0x14004c160 SetUnhandledExceptionFilter
0x14004c168 SetLastError
0x14004c170 GetCurrentProcess
0x14004c178 TerminateProcess
0x14004c180 IsProcessorFeaturePresent
0x14004c188 GetCurrentThreadId
0x14004c190 FlsAlloc
0x14004c198 FlsGetValue
0x14004c1a0 FlsSetValue
0x14004c1a8 FlsFree
0x14004c1b0 InitializeCriticalSectionAndSpinCount
0x14004c1b8 FreeLibrary
0x14004c1c0 GetProcAddress
0x14004c1c8 LoadLibraryExW
0x14004c1d0 LCMapStringW
0x14004c1d8 GetLocaleInfoW
0x14004c1e0 IsValidLocale
0x14004c1e8 EnumSystemLocalesW
0x14004c1f0 HeapAlloc
0x14004c1f8 HeapReAlloc
0x14004c200 HeapFree
0x14004c208 EnterCriticalSection
0x14004c210 LeaveCriticalSection
0x14004c218 DeleteCriticalSection
0x14004c220 GetStdHandle
0x14004c228 GetFileType
0x14004c230 GetStartupInfoW
0x14004c238 RaiseException
0x14004c240 SetFilePointerEx
0x14004c248 GetConsoleMode
0x14004c250 IsValidCodePage
0x14004c258 GetACP
0x14004c260 GetOEMCP
0x14004c268 GetCPInfo
0x14004c270 GetModuleHandleW
0x14004c278 GetModuleHandleExW
0x14004c280 GetStringTypeW
0x14004c288 GetProcessHeap
0x14004c290 SetStdHandle
0x14004c298 CreateFileW
0x14004c2a0 FlushFileBuffers
0x14004c2a8 WriteFile
0x14004c2b0 GetConsoleOutputCP
0x14004c2b8 WriteConsoleW
0x14004c2c0 HeapSize
0x14004c2c8 ReleaseSRWLockExclusive
0x14004c2d0 AcquireSRWLockExclusive
0x14004c2d8 WakeAllConditionVariable
0x14004c2e0 SleepConditionVariableSRW
0x14004c2e8 QueryPerformanceCounter
0x14004c2f0 GetCurrentProcessId
0x14004c2f8 InitializeSListHead
0x14004c300 RtlUnwindEx
0x14004c308 RtlPcToFileHeader
0x14004c310 EncodePointer
0x14004c318 TlsAlloc
0x14004c320 TlsGetValue
0x14004c328 TlsSetValue
0x14004c330 TlsFree
SHELL32.dll
0x14004c340 SHGetFolderPathW
EAT(Export Address Table) is none