ScreenShot
| Created | 2024.08.17 22:33 | Machine | s1_win7_x6403 |
| Filename | mobiletrans.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 26 detected (AIDetectMalware, malicious, high confidence, score, Vmfw, Attribute, HighConfidence, a variant of WinGo, qwiuxl, Wingo, opply, AMADEY, YXEHOZ, Detected, Wacatac, Caynamer, MAN206, Eldorado, Rwhl, B9nj) | ||
| md5 | c8af5b81b11f3db6cb5b7efab33d11ef | ||
| sha256 | 2a627e55b12be1b4521658c25d2d46d38b87442f648070311cad06e4995a5304 | ||
| ssdeep | 98304:xW+Gcm43XnW2C4/YzHVx4Bu+UxPi+YrmJihOeFXEQp3Bf0n+KXhX38XCaxpmMqmH:oiXy4/YzHVOuBi+YaJZQ3I+KRX38M | ||
| imphash | c595f1660e1a3c84f4d9b0761d23cd7a | ||
| impfuzzy | 96:wJexMCyamCRHu42xQ2H3XiX1PgblTJGQ661mcqTjz:wgrymLe3SFomQ6+STjz | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
ET DROP Spamhaus DROP Listed Traffic Inbound group 4
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1414b1494 AddAtomA
0x1414b149c AddVectoredContinueHandler
0x1414b14a4 AddVectoredExceptionHandler
0x1414b14ac CloseHandle
0x1414b14b4 CreateEventA
0x1414b14bc CreateFileA
0x1414b14c4 CreateIoCompletionPort
0x1414b14cc CreateMutexA
0x1414b14d4 CreateSemaphoreA
0x1414b14dc CreateThread
0x1414b14e4 CreateWaitableTimerExW
0x1414b14ec DeleteAtom
0x1414b14f4 DeleteCriticalSection
0x1414b14fc DuplicateHandle
0x1414b1504 EnterCriticalSection
0x1414b150c ExitProcess
0x1414b1514 FindAtomA
0x1414b151c FormatMessageA
0x1414b1524 FreeEnvironmentStringsW
0x1414b152c GetAtomNameA
0x1414b1534 GetConsoleMode
0x1414b153c GetCurrentProcess
0x1414b1544 GetCurrentProcessId
0x1414b154c GetCurrentThread
0x1414b1554 GetCurrentThreadId
0x1414b155c GetEnvironmentStringsW
0x1414b1564 GetErrorMode
0x1414b156c GetHandleInformation
0x1414b1574 GetLastError
0x1414b157c GetProcAddress
0x1414b1584 GetProcessAffinityMask
0x1414b158c GetQueuedCompletionStatusEx
0x1414b1594 GetStartupInfoA
0x1414b159c GetStdHandle
0x1414b15a4 GetSystemDirectoryA
0x1414b15ac GetSystemInfo
0x1414b15b4 GetSystemTimeAsFileTime
0x1414b15bc GetThreadContext
0x1414b15c4 GetThreadPriority
0x1414b15cc GetTickCount
0x1414b15d4 InitializeCriticalSection
0x1414b15dc IsDBCSLeadByteEx
0x1414b15e4 IsDebuggerPresent
0x1414b15ec LeaveCriticalSection
0x1414b15f4 LoadLibraryExW
0x1414b15fc LoadLibraryW
0x1414b1604 LocalFree
0x1414b160c MultiByteToWideChar
0x1414b1614 OpenProcess
0x1414b161c OutputDebugStringA
0x1414b1624 PostQueuedCompletionStatus
0x1414b162c QueryPerformanceCounter
0x1414b1634 QueryPerformanceFrequency
0x1414b163c RaiseException
0x1414b1644 RaiseFailFastException
0x1414b164c ReleaseMutex
0x1414b1654 ReleaseSemaphore
0x1414b165c RemoveVectoredExceptionHandler
0x1414b1664 ResetEvent
0x1414b166c ResumeThread
0x1414b1674 RtlLookupFunctionEntry
0x1414b167c RtlVirtualUnwind
0x1414b1684 SetConsoleCtrlHandler
0x1414b168c SetErrorMode
0x1414b1694 SetEvent
0x1414b169c SetLastError
0x1414b16a4 SetProcessAffinityMask
0x1414b16ac SetProcessPriorityBoost
0x1414b16b4 SetThreadContext
0x1414b16bc SetThreadPriority
0x1414b16c4 SetUnhandledExceptionFilter
0x1414b16cc SetWaitableTimer
0x1414b16d4 Sleep
0x1414b16dc SuspendThread
0x1414b16e4 SwitchToThread
0x1414b16ec TlsAlloc
0x1414b16f4 TlsGetValue
0x1414b16fc TlsSetValue
0x1414b1704 TryEnterCriticalSection
0x1414b170c VirtualAlloc
0x1414b1714 VirtualFree
0x1414b171c VirtualProtect
0x1414b1724 VirtualQuery
0x1414b172c WaitForMultipleObjects
0x1414b1734 WaitForSingleObject
0x1414b173c WerGetFlags
0x1414b1744 WerSetFlags
0x1414b174c WideCharToMultiByte
0x1414b1754 WriteConsoleW
0x1414b175c WriteFile
0x1414b1764 __C_specific_handler
msvcrt.dll
0x1414b1774 ___lc_codepage_func
0x1414b177c ___mb_cur_max_func
0x1414b1784 __getmainargs
0x1414b178c __initenv
0x1414b1794 __iob_func
0x1414b179c __lconv_init
0x1414b17a4 __set_app_type
0x1414b17ac __setusermatherr
0x1414b17b4 _acmdln
0x1414b17bc _amsg_exit
0x1414b17c4 _beginthread
0x1414b17cc _beginthreadex
0x1414b17d4 _cexit
0x1414b17dc _commode
0x1414b17e4 _endthreadex
0x1414b17ec _errno
0x1414b17f4 _fmode
0x1414b17fc _initterm
0x1414b1804 _lock
0x1414b180c _memccpy
0x1414b1814 _onexit
0x1414b181c _setjmp
0x1414b1824 _strdup
0x1414b182c _ultoa
0x1414b1834 _unlock
0x1414b183c abort
0x1414b1844 calloc
0x1414b184c exit
0x1414b1854 fprintf
0x1414b185c fputc
0x1414b1864 free
0x1414b186c fwrite
0x1414b1874 localeconv
0x1414b187c longjmp
0x1414b1884 malloc
0x1414b188c memcpy
0x1414b1894 memmove
0x1414b189c memset
0x1414b18a4 printf
0x1414b18ac realloc
0x1414b18b4 signal
0x1414b18bc strerror
0x1414b18c4 strlen
0x1414b18cc strncmp
0x1414b18d4 vfprintf
0x1414b18dc wcslen
EAT(Export Address Table) Library
0x1414ae410 _cgo_dummy_export
KERNEL32.dll
0x1414b1494 AddAtomA
0x1414b149c AddVectoredContinueHandler
0x1414b14a4 AddVectoredExceptionHandler
0x1414b14ac CloseHandle
0x1414b14b4 CreateEventA
0x1414b14bc CreateFileA
0x1414b14c4 CreateIoCompletionPort
0x1414b14cc CreateMutexA
0x1414b14d4 CreateSemaphoreA
0x1414b14dc CreateThread
0x1414b14e4 CreateWaitableTimerExW
0x1414b14ec DeleteAtom
0x1414b14f4 DeleteCriticalSection
0x1414b14fc DuplicateHandle
0x1414b1504 EnterCriticalSection
0x1414b150c ExitProcess
0x1414b1514 FindAtomA
0x1414b151c FormatMessageA
0x1414b1524 FreeEnvironmentStringsW
0x1414b152c GetAtomNameA
0x1414b1534 GetConsoleMode
0x1414b153c GetCurrentProcess
0x1414b1544 GetCurrentProcessId
0x1414b154c GetCurrentThread
0x1414b1554 GetCurrentThreadId
0x1414b155c GetEnvironmentStringsW
0x1414b1564 GetErrorMode
0x1414b156c GetHandleInformation
0x1414b1574 GetLastError
0x1414b157c GetProcAddress
0x1414b1584 GetProcessAffinityMask
0x1414b158c GetQueuedCompletionStatusEx
0x1414b1594 GetStartupInfoA
0x1414b159c GetStdHandle
0x1414b15a4 GetSystemDirectoryA
0x1414b15ac GetSystemInfo
0x1414b15b4 GetSystemTimeAsFileTime
0x1414b15bc GetThreadContext
0x1414b15c4 GetThreadPriority
0x1414b15cc GetTickCount
0x1414b15d4 InitializeCriticalSection
0x1414b15dc IsDBCSLeadByteEx
0x1414b15e4 IsDebuggerPresent
0x1414b15ec LeaveCriticalSection
0x1414b15f4 LoadLibraryExW
0x1414b15fc LoadLibraryW
0x1414b1604 LocalFree
0x1414b160c MultiByteToWideChar
0x1414b1614 OpenProcess
0x1414b161c OutputDebugStringA
0x1414b1624 PostQueuedCompletionStatus
0x1414b162c QueryPerformanceCounter
0x1414b1634 QueryPerformanceFrequency
0x1414b163c RaiseException
0x1414b1644 RaiseFailFastException
0x1414b164c ReleaseMutex
0x1414b1654 ReleaseSemaphore
0x1414b165c RemoveVectoredExceptionHandler
0x1414b1664 ResetEvent
0x1414b166c ResumeThread
0x1414b1674 RtlLookupFunctionEntry
0x1414b167c RtlVirtualUnwind
0x1414b1684 SetConsoleCtrlHandler
0x1414b168c SetErrorMode
0x1414b1694 SetEvent
0x1414b169c SetLastError
0x1414b16a4 SetProcessAffinityMask
0x1414b16ac SetProcessPriorityBoost
0x1414b16b4 SetThreadContext
0x1414b16bc SetThreadPriority
0x1414b16c4 SetUnhandledExceptionFilter
0x1414b16cc SetWaitableTimer
0x1414b16d4 Sleep
0x1414b16dc SuspendThread
0x1414b16e4 SwitchToThread
0x1414b16ec TlsAlloc
0x1414b16f4 TlsGetValue
0x1414b16fc TlsSetValue
0x1414b1704 TryEnterCriticalSection
0x1414b170c VirtualAlloc
0x1414b1714 VirtualFree
0x1414b171c VirtualProtect
0x1414b1724 VirtualQuery
0x1414b172c WaitForMultipleObjects
0x1414b1734 WaitForSingleObject
0x1414b173c WerGetFlags
0x1414b1744 WerSetFlags
0x1414b174c WideCharToMultiByte
0x1414b1754 WriteConsoleW
0x1414b175c WriteFile
0x1414b1764 __C_specific_handler
msvcrt.dll
0x1414b1774 ___lc_codepage_func
0x1414b177c ___mb_cur_max_func
0x1414b1784 __getmainargs
0x1414b178c __initenv
0x1414b1794 __iob_func
0x1414b179c __lconv_init
0x1414b17a4 __set_app_type
0x1414b17ac __setusermatherr
0x1414b17b4 _acmdln
0x1414b17bc _amsg_exit
0x1414b17c4 _beginthread
0x1414b17cc _beginthreadex
0x1414b17d4 _cexit
0x1414b17dc _commode
0x1414b17e4 _endthreadex
0x1414b17ec _errno
0x1414b17f4 _fmode
0x1414b17fc _initterm
0x1414b1804 _lock
0x1414b180c _memccpy
0x1414b1814 _onexit
0x1414b181c _setjmp
0x1414b1824 _strdup
0x1414b182c _ultoa
0x1414b1834 _unlock
0x1414b183c abort
0x1414b1844 calloc
0x1414b184c exit
0x1414b1854 fprintf
0x1414b185c fputc
0x1414b1864 free
0x1414b186c fwrite
0x1414b1874 localeconv
0x1414b187c longjmp
0x1414b1884 malloc
0x1414b188c memcpy
0x1414b1894 memmove
0x1414b189c memset
0x1414b18a4 printf
0x1414b18ac realloc
0x1414b18b4 signal
0x1414b18bc strerror
0x1414b18c4 strlen
0x1414b18cc strncmp
0x1414b18d4 vfprintf
0x1414b18dc wcslen
EAT(Export Address Table) Library
0x1414ae410 _cgo_dummy_export