popup

Report - Helpstore.exe

Generic Malware Malicious Library Antivirus UPX PE File CAB PE32 OS Processor Check DLL
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2024.08.13 09:45 Machine s1_win7_x6401
Filename Helpstore.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
6
 Behavior Score
4.4
ZERO API file : clean
VT API (file) 35 detected (AIDetectMalware, Malicious, score, Unsafe, Kryptik, Vake, Attribute, HighConfidence, HWQL, FileRepMalware, Misc, gyxpKOOvVlE, moderate, Static AI, Suspicious PE, esyn, Detected, Wacatac, ABTrojan, IHMJ, ZexaF, HvW@au2xsmoi, MachineLearning, Anomalous, Kajl, susgen, confidence)
md5 fc2aa8460ff7dd8a4f121d75116161cf
sha256 86ef578ca5923119e65049f3d26bff7ea41cea12f8c425f06786b406c8dfaf9a
ssdeep 49152:7maeeAxhHcKt5188it9LfG6ulQknhekqYmcHwWq:7maeeQc0OnhfG6ulQ0AkqaV
imphash 91607fb48c6a289cd2fa8c6509b8625f
impfuzzy 48:UOFbBPtMS1IM2c+ppEs/KA/Sv09S5jSY+nB6UygQsZ:UqJtMS1IM2c+pplNdSsZ
  Network IP location

Signature (7cnts)

Level Description
danger Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually)
danger File has been identified by 35 AntiVirus engines on VirusTotal as malicious
watch Attempts to identify installed AV products by installation directory
notice Creates executable files on the filesystem
notice The binary likely contains encrypted or compressed data indicative of a packer
info Queries for the computername
info The file contains an unknown PE resource name possibly indicative of a packer

Rules (17cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (download)
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Antivirus Contains references to security software binaries (download)
watch Antivirus Contains references to security software binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (download)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch UPX_Zero UPX packed file binaries (download)
watch UPX_Zero UPX packed file binaries (upload)
info CAB_file_format CAB archive file binaries (download)
info CAB_file_format CAB archive file binaries (upload)
info IsDLL (no description) binaries (download)
info IsPE32 (no description) binaries (download)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (download)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (download)
info PE_Header_Zero PE File Signature binaries (upload)

Network (2cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
googlesharepoint.com
whois
JP UCloud (HK) Holdings Group Limited 152.32.201.190 clean
152.32.201.190
whois
JP UCloud (HK) Holdings Group Limited 152.32.201.190 clean

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x417014 CreateDirectoryW
 0x417018 SizeofResource
 0x41701c WriteFile
 0x417020 GetShortPathNameW
 0x417024 GetEnvironmentVariableW
 0x417028 GetEnvironmentVariableA
 0x41702c lstrcatA
 0x417030 GetTempPathA
 0x417034 LoadLibraryA
 0x417038 lstrcatW
 0x41703c LockResource
 0x417040 DeleteFileA
 0x417044 LoadResource
 0x417048 FindResourceW
 0x41704c GetProcAddress
 0x417050 ExitProcess
 0x417054 GetTempFileNameA
 0x417058 DecodePointer
 0x41705c FlushFileBuffers
 0x417060 HeapReAlloc
 0x417064 HeapSize
 0x417068 DosDateTimeToFileTime
 0x41706c GetProcessHeap
 0x417070 GetStringTypeW
 0x417074 FreeEnvironmentStringsW
 0x417078 GetEnvironmentStringsW
 0x41707c GetCommandLineW
 0x417080 GetCommandLineA
 0x417084 GetCPInfo
 0x417088 GetOEMCP
 0x41708c GetACP
 0x417090 IsValidCodePage
 0x417094 FindNextFileW
 0x417098 FindFirstFileExW
 0x41709c FindClose
 0x4170a0 WideCharToMultiByte
 0x4170a4 SetEndOfFile
 0x4170a8 SetStdHandle
 0x4170ac SetFileAttributesA
 0x4170b0 CloseHandle
 0x4170b4 CreateFileA
 0x4170b8 LocalFileTimeToFileTime
 0x4170bc WriteConsoleW
 0x4170c0 SetFileTime
 0x4170c4 UnhandledExceptionFilter
 0x4170c8 SetUnhandledExceptionFilter
 0x4170cc GetCurrentProcess
 0x4170d0 TerminateProcess
 0x4170d4 IsProcessorFeaturePresent
 0x4170d8 QueryPerformanceCounter
 0x4170dc GetCurrentProcessId
 0x4170e0 GetCurrentThreadId
 0x4170e4 GetSystemTimeAsFileTime
 0x4170e8 InitializeSListHead
 0x4170ec IsDebuggerPresent
 0x4170f0 GetStartupInfoW
 0x4170f4 GetModuleHandleW
 0x4170f8 LocalFree
 0x4170fc GetLastError
 0x417100 RtlUnwind
 0x417104 RaiseException
 0x417108 SetLastError
 0x41710c EncodePointer
 0x417110 EnterCriticalSection
 0x417114 LeaveCriticalSection
 0x417118 DeleteCriticalSection
 0x41711c InitializeCriticalSectionAndSpinCount
 0x417120 TlsAlloc
 0x417124 TlsGetValue
 0x417128 TlsSetValue
 0x41712c TlsFree
 0x417130 FreeLibrary
 0x417134 LoadLibraryExW
 0x417138 ReadFile
 0x41713c GetConsoleMode
 0x417140 ReadConsoleW
 0x417144 CreateFileW
 0x417148 GetFileType
 0x41714c GetConsoleCP
 0x417150 SetFilePointerEx
 0x417154 GetStdHandle
 0x417158 GetModuleFileNameW
 0x41715c GetModuleHandleExW
 0x417160 HeapFree
 0x417164 HeapAlloc
 0x417168 MultiByteToWideChar
 0x41716c LCMapStringW
USER32.dll
 0x417188 DefWindowProcW
 0x41718c DestroyWindow
 0x417190 EndDialog
 0x417194 RegisterClassExW
 0x417198 EndPaint
 0x41719c LoadStringW
 0x4171a0 LoadIconW
 0x4171a4 LoadCursorW
 0x4171a8 PostQuitMessage
 0x4171ac DialogBoxParamW
 0x4171b0 BeginPaint
ole32.dll
 0x4171b8 CoInitializeSecurity
 0x4171bc CoInitializeEx
 0x4171c0 CoCreateInstance
 0x4171c4 CoUninitialize
OLEAUT32.dll
 0x417174 VariantInit
 0x417178 SysFreeString
 0x41717c SysAllocString
 0x417180 VariantClear
CABINET.DLL
 0x417000 FDICopy
 0x417004 FDIDestroy
 0x417008 FDICreate
 0x41700c FDIIsCabinet

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure