ScreenShot
| Created | 2024.08.17 22:16 | Machine | s1_win7_x6401 |
| Filename | gsprout.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 51 detected (AIDetectMalware, malicious, high confidence, score, Fragtor, Unsafe, Save, Genus, Attribute, HighConfidence, Kryptik, AGen, CrypterX, Zudochka, khgikm, XxsjwueTduU, Siggen3, moderate, Static AI, Suspicious PE, Detected, ai score=89, XOREncoded, Predator, Taurus, R638921, TrojanPSW, GlorySprout, Gencirc, b1bRMJJ28VU, PassStealer, susgen, confidence) | ||
| md5 | 92ae7a1286d992e104c0072f639941f7 | ||
| sha256 | 1771c4e6e34fda6a68c7b1d980cc3dffbe587c651f985bf7235c6af9a8904fd3 | ||
| ssdeep | 6144:S7iHIcfYlXolTFsr91vzWmUuNTuBjEKz7nwWYcEZoSNDyaN9b/7:FPYJolZsr9kjuNTuVFfnwHYSNGOb/7 | ||
| imphash | 17ce412007ec6b063cb9a92ee7b9b417 | ||
| impfuzzy | 24:GyftmS1+MdlJeDc+pl3eDoroAXSOovbOPZvvPGMM:1tmS1+Mic+ppXn35a | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Sends data using the HTTP POST Method |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x439000 SizeofResource
0x439004 FindResourceA
0x439008 GetModuleHandleA
0x43900c LockResource
0x439010 LoadResource
0x439014 WriteConsoleW
0x439018 IsProcessorFeaturePresent
0x43901c IsDebuggerPresent
0x439020 UnhandledExceptionFilter
0x439024 SetUnhandledExceptionFilter
0x439028 GetStartupInfoW
0x43902c GetModuleHandleW
0x439030 QueryPerformanceCounter
0x439034 GetCurrentProcessId
0x439038 GetCurrentThreadId
0x43903c GetSystemTimeAsFileTime
0x439040 InitializeSListHead
0x439044 GetCurrentProcess
0x439048 TerminateProcess
0x43904c RtlUnwind
0x439050 RaiseException
0x439054 GetLastError
0x439058 SetLastError
0x43905c EncodePointer
0x439060 EnterCriticalSection
0x439064 LeaveCriticalSection
0x439068 DeleteCriticalSection
0x43906c InitializeCriticalSectionAndSpinCount
0x439070 TlsAlloc
0x439074 TlsGetValue
0x439078 TlsSetValue
0x43907c TlsFree
0x439080 FreeLibrary
0x439084 GetProcAddress
0x439088 LoadLibraryExW
0x43908c ExitProcess
0x439090 GetModuleHandleExW
0x439094 GetModuleFileNameW
0x439098 GetStdHandle
0x43909c WriteFile
0x4390a0 WideCharToMultiByte
0x4390a4 MultiByteToWideChar
0x4390a8 HeapFree
0x4390ac HeapAlloc
0x4390b0 FindClose
0x4390b4 FindFirstFileExW
0x4390b8 FindNextFileW
0x4390bc IsValidCodePage
0x4390c0 GetACP
0x4390c4 GetOEMCP
0x4390c8 GetCPInfo
0x4390cc GetCommandLineA
0x4390d0 GetCommandLineW
0x4390d4 GetEnvironmentStringsW
0x4390d8 FreeEnvironmentStringsW
0x4390dc LCMapStringW
0x4390e0 GetProcessHeap
0x4390e4 GetFileType
0x4390e8 SetStdHandle
0x4390ec GetStringTypeW
0x4390f0 HeapSize
0x4390f4 HeapReAlloc
0x4390f8 FlushFileBuffers
0x4390fc GetConsoleOutputCP
0x439100 GetConsoleMode
0x439104 SetFilePointerEx
0x439108 CreateFileW
0x43910c CloseHandle
0x439110 DecodePointer
EAT(Export Address Table) is none
KERNEL32.dll
0x439000 SizeofResource
0x439004 FindResourceA
0x439008 GetModuleHandleA
0x43900c LockResource
0x439010 LoadResource
0x439014 WriteConsoleW
0x439018 IsProcessorFeaturePresent
0x43901c IsDebuggerPresent
0x439020 UnhandledExceptionFilter
0x439024 SetUnhandledExceptionFilter
0x439028 GetStartupInfoW
0x43902c GetModuleHandleW
0x439030 QueryPerformanceCounter
0x439034 GetCurrentProcessId
0x439038 GetCurrentThreadId
0x43903c GetSystemTimeAsFileTime
0x439040 InitializeSListHead
0x439044 GetCurrentProcess
0x439048 TerminateProcess
0x43904c RtlUnwind
0x439050 RaiseException
0x439054 GetLastError
0x439058 SetLastError
0x43905c EncodePointer
0x439060 EnterCriticalSection
0x439064 LeaveCriticalSection
0x439068 DeleteCriticalSection
0x43906c InitializeCriticalSectionAndSpinCount
0x439070 TlsAlloc
0x439074 TlsGetValue
0x439078 TlsSetValue
0x43907c TlsFree
0x439080 FreeLibrary
0x439084 GetProcAddress
0x439088 LoadLibraryExW
0x43908c ExitProcess
0x439090 GetModuleHandleExW
0x439094 GetModuleFileNameW
0x439098 GetStdHandle
0x43909c WriteFile
0x4390a0 WideCharToMultiByte
0x4390a4 MultiByteToWideChar
0x4390a8 HeapFree
0x4390ac HeapAlloc
0x4390b0 FindClose
0x4390b4 FindFirstFileExW
0x4390b8 FindNextFileW
0x4390bc IsValidCodePage
0x4390c0 GetACP
0x4390c4 GetOEMCP
0x4390c8 GetCPInfo
0x4390cc GetCommandLineA
0x4390d0 GetCommandLineW
0x4390d4 GetEnvironmentStringsW
0x4390d8 FreeEnvironmentStringsW
0x4390dc LCMapStringW
0x4390e0 GetProcessHeap
0x4390e4 GetFileType
0x4390e8 SetStdHandle
0x4390ec GetStringTypeW
0x4390f0 HeapSize
0x4390f4 HeapReAlloc
0x4390f8 FlushFileBuffers
0x4390fc GetConsoleOutputCP
0x439100 GetConsoleMode
0x439104 SetFilePointerEx
0x439108 CreateFileW
0x43910c CloseHandle
0x439110 DecodePointer
EAT(Export Address Table) is none