ScreenShot
| Created | 2024.08.15 11:08 | Machine | s1_win7_x6403 |
| Filename | handicap.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 7 detected (AIDetectMalware, Save, Malicious, confidence) | ||
| md5 | 4cafe5036e12fac84ea750ab09a42a6d | ||
| sha256 | 2ab6eb8c31bcc8ef0abd6f20ea4e3a5959935a578f90bf94ba2a72183d233b25 | ||
| ssdeep | 49152:gzxEBrXos47V1H04BpHThuLDMYqpln3OdTbt3nA5jSK/xZ/icmv:gJXBz3+nHKDicm | ||
| imphash | c9e57eae0ce5e40df7927e87d1231403 | ||
| impfuzzy | 96:vX39OItXMgzYrXItiMWzWwmOWXKvdHHCN7k9MbPmfKn:vdOWzYr4tWWx6dHPMbPmfKn | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 7 AntiVirus engines on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
cryptprimitives.dll
0x1401de1b8 ProcessPrng
api-ms-win-core-synch-l1-2-0.dll
0x1401de098 WaitOnAddress
0x1401de0a0 WakeByAddressSingle
0x1401de0a8 WakeByAddressAll
kernel32.dll
0x1401de228 GetCurrentProcess
0x1401de230 LocalFree
0x1401de238 UnregisterWaitEx
0x1401de240 GetCurrentThreadId
0x1401de248 CreateIoCompletionPort
0x1401de250 RegisterWaitForSingleObject
0x1401de258 GetQueuedCompletionStatusEx
0x1401de260 FormatMessageW
0x1401de268 PostQueuedCompletionStatus
0x1401de270 LoadLibraryExA
0x1401de278 GetSystemTimeAsFileTime
0x1401de280 SetFileCompletionNotificationModes
0x1401de288 Sleep
0x1401de290 HeapFree
0x1401de298 GetProcAddress
0x1401de2a0 GetProcessHeap
0x1401de2a8 CreateFileW
0x1401de2b0 InitializeSListHead
0x1401de2b8 IsDebuggerPresent
0x1401de2c0 UnhandledExceptionFilter
0x1401de2c8 SetUnhandledExceptionFilter
0x1401de2d0 GetFileAttributesW
0x1401de2d8 GlobalMemoryStatusEx
0x1401de2e0 SetHandleInformation
0x1401de2e8 GetSystemInfo
0x1401de2f0 lstrlenW
0x1401de2f8 GetLastError
0x1401de300 GetCurrentProcessId
0x1401de308 CreateMutexA
0x1401de310 LoadLibraryA
0x1401de318 WaitForSingleObjectEx
0x1401de320 GetFullPathNameW
0x1401de328 CreateThread
0x1401de330 VirtualQueryEx
0x1401de338 GetProcessTimes
0x1401de340 DuplicateHandle
0x1401de348 SwitchToFiber
0x1401de350 CreateFiber
0x1401de358 VirtualProtect
0x1401de360 VirtualAlloc
0x1401de368 ConvertThreadToFiber
0x1401de370 CloseHandle
0x1401de378 WideCharToMultiByte
0x1401de380 IsProcessorFeaturePresent
0x1401de388 WriteConsoleW
0x1401de390 MultiByteToWideChar
0x1401de398 UpdateProcThreadAttribute
0x1401de3a0 InitializeProcThreadAttributeList
0x1401de3a8 K32GetPerformanceInfo
0x1401de3b0 GetExitCodeProcess
0x1401de3b8 CreateProcessW
0x1401de3c0 GetWindowsDirectoryW
0x1401de3c8 OpenProcess
0x1401de3d0 GetSystemTimes
0x1401de3d8 GetProcessIoCounters
0x1401de3e0 GetSystemDirectoryW
0x1401de3e8 GetModuleHandleA
0x1401de3f0 HeapAlloc
0x1401de3f8 ReadProcessMemory
0x1401de400 ReadFileEx
0x1401de408 CreateNamedPipeW
0x1401de410 FreeLibrary
0x1401de418 WaitForSingleObject
0x1401de420 ExitProcess
0x1401de428 GetModuleFileNameW
0x1401de430 GetModuleHandleW
0x1401de438 FreeEnvironmentStringsW
0x1401de440 DeleteProcThreadAttributeList
0x1401de448 CompareStringOrdinal
0x1401de450 AddVectoredExceptionHandler
0x1401de458 SetThreadStackGuarantee
0x1401de460 GetCurrentThread
0x1401de468 SwitchToThread
0x1401de470 CreateWaitableTimerExW
0x1401de478 SetWaitableTimer
0x1401de480 QueryPerformanceCounter
0x1401de488 RtlCaptureContext
0x1401de490 RtlLookupFunctionEntry
0x1401de498 RtlVirtualUnwind
0x1401de4a0 SetLastError
0x1401de4a8 GetCurrentDirectoryW
0x1401de4b0 GetEnvironmentStringsW
0x1401de4b8 GetEnvironmentVariableW
0x1401de4c0 SetFileInformationByHandle
0x1401de4c8 GetConsoleMode
0x1401de4d0 GetStdHandle
0x1401de4d8 WriteFileEx
0x1401de4e0 SleepEx
0x1401de4e8 TerminateProcess
0x1401de4f0 QueryPerformanceFrequency
0x1401de4f8 GetSystemTimePreciseAsFileTime
0x1401de500 HeapReAlloc
0x1401de508 ReleaseMutex
0x1401de510 FindClose
0x1401de518 GetFileInformationByHandle
0x1401de520 GetFileInformationByHandleEx
0x1401de528 FindFirstFileW
0x1401de530 GetFinalPathNameByHandleW
secur32.dll
0x1401de620 ApplyControlToken
0x1401de628 FreeCredentialsHandle
0x1401de630 AcceptSecurityContext
0x1401de638 InitializeSecurityContextW
0x1401de640 AcquireCredentialsHandleA
0x1401de648 EncryptMessage
0x1401de650 FreeContextBuffer
0x1401de658 DecryptMessage
0x1401de660 DeleteSecurityContext
0x1401de668 QueryContextAttributesW
ws2_32.dll
0x1401de690 recv
0x1401de698 shutdown
0x1401de6a0 ioctlsocket
0x1401de6a8 connect
0x1401de6b0 ind
0x1401de6b8 WSASocketW
0x1401de6c0 getsockname
0x1401de6c8 getpeername
0x1401de6d0 send
0x1401de6d8 WSAStartup
0x1401de6e0 WSACleanup
0x1401de6e8 WSASend
0x1401de6f0 freeaddrinfo
0x1401de6f8 setsockopt
0x1401de700 WSAIoctl
0x1401de708 WSAGetLastError
0x1401de710 getsockopt
0x1401de718 closesocket
0x1401de720 getaddrinfo
advapi32.dll
0x1401de050 IsValidSid
0x1401de058 GetLengthSid
0x1401de060 CopySid
0x1401de068 RegQueryValueExW
0x1401de070 RegOpenKeyExW
0x1401de078 OpenProcessToken
0x1401de080 RegCloseKey
0x1401de088 GetTokenInformation
crypt32.dll
0x1401de1c8 CertDuplicateCertificateChain
0x1401de1d0 CertGetCertificateChain
0x1401de1d8 CertVerifyCertificateChainPolicy
0x1401de1e0 CertFreeCertificateChain
0x1401de1e8 CertFreeCertificateContext
0x1401de1f0 CertDuplicateCertificateContext
0x1401de1f8 CertEnumCertificatesInStore
0x1401de200 CertAddCertificateContextToStore
0x1401de208 CertOpenStore
0x1401de210 CertCloseStore
0x1401de218 CertDuplicateStore
shell32.dll
0x1401de678 SHGetKnownFolderPath
0x1401de680 CommandLineToArgvW
ole32.dll
0x1401de590 CoTaskMemFree
oleaut32.dll
0x1401de5a0 SysFreeString
0x1401de5a8 GetErrorInfo
0x1401de5b0 SysStringLen
ntdll.dll
0x1401de540 NtWriteFile
0x1401de548 NtCancelIoFileEx
0x1401de550 NtQueryInformationProcess
0x1401de558 RtlNtStatusToDosError
0x1401de560 RtlGetVersion
0x1401de568 NtQuerySystemInformation
0x1401de570 NtDeviceIoControlFile
0x1401de578 NtCreateFile
0x1401de580 NtReadFile
pdh.dll
0x1401de5c0 PdhCloseQuery
0x1401de5c8 PdhOpenQueryA
0x1401de5d0 PdhRemoveCounter
0x1401de5d8 PdhGetFormattedCounterValue
0x1401de5e0 PdhAddEnglishCounterW
0x1401de5e8 PdhCollectQueryData
powrprof.dll
0x1401de5f8 CallNtPowerInformation
psapi.dll
0x1401de608 GetProcessMemoryInfo
0x1401de610 GetModuleFileNameExW
VCRUNTIME140.dll
0x1401de000 __current_exception_context
0x1401de008 __current_exception
0x1401de010 __C_specific_handler
0x1401de018 _CxxThrowException
0x1401de020 memset
0x1401de028 memmove
0x1401de030 memcmp
0x1401de038 memcpy
0x1401de040 __CxxFrameHandler3
api-ms-win-crt-string-l1-1-0.dll
0x1401de1a8 wcslen
api-ms-win-crt-math-l1-1-0.dll
0x1401de0e0 __setusermatherr
0x1401de0e8 pow
api-ms-win-crt-heap-l1-1-0.dll
0x1401de0b8 free
0x1401de0c0 _set_new_mode
api-ms-win-crt-runtime-l1-1-0.dll
0x1401de0f8 __p___argv
0x1401de100 _cexit
0x1401de108 _c_exit
0x1401de110 _register_thread_local_exe_atexit_callback
0x1401de118 _initterm_e
0x1401de120 _initialize_narrow_environment
0x1401de128 __p___argc
0x1401de130 _register_onexit_function
0x1401de138 _configure_narrow_argv
0x1401de140 _crt_atexit
0x1401de148 _exit
0x1401de150 _set_app_type
0x1401de158 _seh_filter_exe
0x1401de160 terminate
0x1401de168 _initterm
0x1401de170 exit
0x1401de178 _initialize_onexit_table
0x1401de180 _get_initial_narrow_environment
api-ms-win-crt-stdio-l1-1-0.dll
0x1401de190 __p__commode
0x1401de198 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x1401de0d0 _configthreadlocale
EAT(Export Address Table) is none
cryptprimitives.dll
0x1401de1b8 ProcessPrng
api-ms-win-core-synch-l1-2-0.dll
0x1401de098 WaitOnAddress
0x1401de0a0 WakeByAddressSingle
0x1401de0a8 WakeByAddressAll
kernel32.dll
0x1401de228 GetCurrentProcess
0x1401de230 LocalFree
0x1401de238 UnregisterWaitEx
0x1401de240 GetCurrentThreadId
0x1401de248 CreateIoCompletionPort
0x1401de250 RegisterWaitForSingleObject
0x1401de258 GetQueuedCompletionStatusEx
0x1401de260 FormatMessageW
0x1401de268 PostQueuedCompletionStatus
0x1401de270 LoadLibraryExA
0x1401de278 GetSystemTimeAsFileTime
0x1401de280 SetFileCompletionNotificationModes
0x1401de288 Sleep
0x1401de290 HeapFree
0x1401de298 GetProcAddress
0x1401de2a0 GetProcessHeap
0x1401de2a8 CreateFileW
0x1401de2b0 InitializeSListHead
0x1401de2b8 IsDebuggerPresent
0x1401de2c0 UnhandledExceptionFilter
0x1401de2c8 SetUnhandledExceptionFilter
0x1401de2d0 GetFileAttributesW
0x1401de2d8 GlobalMemoryStatusEx
0x1401de2e0 SetHandleInformation
0x1401de2e8 GetSystemInfo
0x1401de2f0 lstrlenW
0x1401de2f8 GetLastError
0x1401de300 GetCurrentProcessId
0x1401de308 CreateMutexA
0x1401de310 LoadLibraryA
0x1401de318 WaitForSingleObjectEx
0x1401de320 GetFullPathNameW
0x1401de328 CreateThread
0x1401de330 VirtualQueryEx
0x1401de338 GetProcessTimes
0x1401de340 DuplicateHandle
0x1401de348 SwitchToFiber
0x1401de350 CreateFiber
0x1401de358 VirtualProtect
0x1401de360 VirtualAlloc
0x1401de368 ConvertThreadToFiber
0x1401de370 CloseHandle
0x1401de378 WideCharToMultiByte
0x1401de380 IsProcessorFeaturePresent
0x1401de388 WriteConsoleW
0x1401de390 MultiByteToWideChar
0x1401de398 UpdateProcThreadAttribute
0x1401de3a0 InitializeProcThreadAttributeList
0x1401de3a8 K32GetPerformanceInfo
0x1401de3b0 GetExitCodeProcess
0x1401de3b8 CreateProcessW
0x1401de3c0 GetWindowsDirectoryW
0x1401de3c8 OpenProcess
0x1401de3d0 GetSystemTimes
0x1401de3d8 GetProcessIoCounters
0x1401de3e0 GetSystemDirectoryW
0x1401de3e8 GetModuleHandleA
0x1401de3f0 HeapAlloc
0x1401de3f8 ReadProcessMemory
0x1401de400 ReadFileEx
0x1401de408 CreateNamedPipeW
0x1401de410 FreeLibrary
0x1401de418 WaitForSingleObject
0x1401de420 ExitProcess
0x1401de428 GetModuleFileNameW
0x1401de430 GetModuleHandleW
0x1401de438 FreeEnvironmentStringsW
0x1401de440 DeleteProcThreadAttributeList
0x1401de448 CompareStringOrdinal
0x1401de450 AddVectoredExceptionHandler
0x1401de458 SetThreadStackGuarantee
0x1401de460 GetCurrentThread
0x1401de468 SwitchToThread
0x1401de470 CreateWaitableTimerExW
0x1401de478 SetWaitableTimer
0x1401de480 QueryPerformanceCounter
0x1401de488 RtlCaptureContext
0x1401de490 RtlLookupFunctionEntry
0x1401de498 RtlVirtualUnwind
0x1401de4a0 SetLastError
0x1401de4a8 GetCurrentDirectoryW
0x1401de4b0 GetEnvironmentStringsW
0x1401de4b8 GetEnvironmentVariableW
0x1401de4c0 SetFileInformationByHandle
0x1401de4c8 GetConsoleMode
0x1401de4d0 GetStdHandle
0x1401de4d8 WriteFileEx
0x1401de4e0 SleepEx
0x1401de4e8 TerminateProcess
0x1401de4f0 QueryPerformanceFrequency
0x1401de4f8 GetSystemTimePreciseAsFileTime
0x1401de500 HeapReAlloc
0x1401de508 ReleaseMutex
0x1401de510 FindClose
0x1401de518 GetFileInformationByHandle
0x1401de520 GetFileInformationByHandleEx
0x1401de528 FindFirstFileW
0x1401de530 GetFinalPathNameByHandleW
secur32.dll
0x1401de620 ApplyControlToken
0x1401de628 FreeCredentialsHandle
0x1401de630 AcceptSecurityContext
0x1401de638 InitializeSecurityContextW
0x1401de640 AcquireCredentialsHandleA
0x1401de648 EncryptMessage
0x1401de650 FreeContextBuffer
0x1401de658 DecryptMessage
0x1401de660 DeleteSecurityContext
0x1401de668 QueryContextAttributesW
ws2_32.dll
0x1401de690 recv
0x1401de698 shutdown
0x1401de6a0 ioctlsocket
0x1401de6a8 connect
0x1401de6b0 ind
0x1401de6b8 WSASocketW
0x1401de6c0 getsockname
0x1401de6c8 getpeername
0x1401de6d0 send
0x1401de6d8 WSAStartup
0x1401de6e0 WSACleanup
0x1401de6e8 WSASend
0x1401de6f0 freeaddrinfo
0x1401de6f8 setsockopt
0x1401de700 WSAIoctl
0x1401de708 WSAGetLastError
0x1401de710 getsockopt
0x1401de718 closesocket
0x1401de720 getaddrinfo
advapi32.dll
0x1401de050 IsValidSid
0x1401de058 GetLengthSid
0x1401de060 CopySid
0x1401de068 RegQueryValueExW
0x1401de070 RegOpenKeyExW
0x1401de078 OpenProcessToken
0x1401de080 RegCloseKey
0x1401de088 GetTokenInformation
crypt32.dll
0x1401de1c8 CertDuplicateCertificateChain
0x1401de1d0 CertGetCertificateChain
0x1401de1d8 CertVerifyCertificateChainPolicy
0x1401de1e0 CertFreeCertificateChain
0x1401de1e8 CertFreeCertificateContext
0x1401de1f0 CertDuplicateCertificateContext
0x1401de1f8 CertEnumCertificatesInStore
0x1401de200 CertAddCertificateContextToStore
0x1401de208 CertOpenStore
0x1401de210 CertCloseStore
0x1401de218 CertDuplicateStore
shell32.dll
0x1401de678 SHGetKnownFolderPath
0x1401de680 CommandLineToArgvW
ole32.dll
0x1401de590 CoTaskMemFree
oleaut32.dll
0x1401de5a0 SysFreeString
0x1401de5a8 GetErrorInfo
0x1401de5b0 SysStringLen
ntdll.dll
0x1401de540 NtWriteFile
0x1401de548 NtCancelIoFileEx
0x1401de550 NtQueryInformationProcess
0x1401de558 RtlNtStatusToDosError
0x1401de560 RtlGetVersion
0x1401de568 NtQuerySystemInformation
0x1401de570 NtDeviceIoControlFile
0x1401de578 NtCreateFile
0x1401de580 NtReadFile
pdh.dll
0x1401de5c0 PdhCloseQuery
0x1401de5c8 PdhOpenQueryA
0x1401de5d0 PdhRemoveCounter
0x1401de5d8 PdhGetFormattedCounterValue
0x1401de5e0 PdhAddEnglishCounterW
0x1401de5e8 PdhCollectQueryData
powrprof.dll
0x1401de5f8 CallNtPowerInformation
psapi.dll
0x1401de608 GetProcessMemoryInfo
0x1401de610 GetModuleFileNameExW
VCRUNTIME140.dll
0x1401de000 __current_exception_context
0x1401de008 __current_exception
0x1401de010 __C_specific_handler
0x1401de018 _CxxThrowException
0x1401de020 memset
0x1401de028 memmove
0x1401de030 memcmp
0x1401de038 memcpy
0x1401de040 __CxxFrameHandler3
api-ms-win-crt-string-l1-1-0.dll
0x1401de1a8 wcslen
api-ms-win-crt-math-l1-1-0.dll
0x1401de0e0 __setusermatherr
0x1401de0e8 pow
api-ms-win-crt-heap-l1-1-0.dll
0x1401de0b8 free
0x1401de0c0 _set_new_mode
api-ms-win-crt-runtime-l1-1-0.dll
0x1401de0f8 __p___argv
0x1401de100 _cexit
0x1401de108 _c_exit
0x1401de110 _register_thread_local_exe_atexit_callback
0x1401de118 _initterm_e
0x1401de120 _initialize_narrow_environment
0x1401de128 __p___argc
0x1401de130 _register_onexit_function
0x1401de138 _configure_narrow_argv
0x1401de140 _crt_atexit
0x1401de148 _exit
0x1401de150 _set_app_type
0x1401de158 _seh_filter_exe
0x1401de160 terminate
0x1401de168 _initterm
0x1401de170 exit
0x1401de178 _initialize_onexit_table
0x1401de180 _get_initial_narrow_environment
api-ms-win-crt-stdio-l1-1-0.dll
0x1401de190 __p__commode
0x1401de198 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x1401de0d0 _configthreadlocale
EAT(Export Address Table) is none