ScreenShot
| Created | 2024.08.19 14:27 | Machine | s1_win7_x6401 |
| Filename | NetMaster_Client.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 34 detected (AIDetectMalware, malicious, high confidence, score, GenericKD, Unsafe, Vk27, Attribute, HighConfidence, Real Protect, moderate, Static AI, Malicious PE, Androm, awlo, Detected, ai score=82, GrayWare, Caypnamer, ABTrojan, JBXE, ZexaF, CuW@aG60ERmi, R06CH09H124, susgen, PossibleThreat, confidence) | ||
| md5 | 9c4a2a98a09549e8175607a271e202bf | ||
| sha256 | 5739d0b3de0569d6c5a694dec0a289ff429c302f889bc8cea1f84b6765dbb571 | ||
| ssdeep | 12288:CY5yuDQEzucHR8LBdKjtYQQvxNqlNl11z1eWH3M/aVYooS1G:/DqvxNsl11z1enaVRZ1 | ||
| imphash | 26652bb3a532c6e6677f07e962e2716c | ||
| impfuzzy | 96:zI7MVEqYrm4oymGuL2nWfQcpVPjmBqfKamwxzRIu7EF:8akquWyYi+7u | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 34 AntiVirus engines on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x45b0a4 GetCommandLineA
0x45b0a8 GetOEMCP
0x45b0ac GetACP
0x45b0b0 IsValidCodePage
0x45b0b4 GetEnvironmentStringsW
0x45b0b8 FreeEnvironmentStringsW
0x45b0bc GetProcessHeap
0x45b0c0 SetStdHandle
0x45b0c4 CreateFileW
0x45b0c8 HeapSize
0x45b0cc WriteConsoleW
0x45b0d0 CreateProcessW
0x45b0d4 GetCurrentProcessId
0x45b0d8 Process32FirstW
0x45b0dc DeleteFileA
0x45b0e0 Process32NextW
0x45b0e4 CreateToolhelp32Snapshot
0x45b0e8 OpenProcess
0x45b0ec ExpandEnvironmentStringsA
0x45b0f0 TerminateProcess
0x45b0f4 GetTickCount64
0x45b0f8 CreateEventW
0x45b0fc WaitForSingleObject
0x45b100 GlobalUnlock
0x45b104 GlobalLock
0x45b108 GlobalSize
0x45b10c GetCommandLineW
0x45b110 WTSGetActiveConsoleSessionId
0x45b114 LocalFree
0x45b118 GetLocalTime
0x45b11c DeleteFileW
0x45b120 GetFileAttributesW
0x45b124 LocalAlloc
0x45b128 CreateDirectoryW
0x45b12c MapViewOfFile
0x45b130 CreateFileMappingW
0x45b134 OpenFileMappingW
0x45b138 GetLastError
0x45b13c SetEvent
0x45b140 Sleep
0x45b144 GetComputerNameW
0x45b148 FindNextFileW
0x45b14c FindFirstFileExW
0x45b150 FindClose
0x45b154 GetTimeZoneInformation
0x45b158 HeapReAlloc
0x45b15c CreatePipe
0x45b160 GetFileAttributesExW
0x45b164 GetExitCodeProcess
0x45b168 ReadConsoleW
0x45b16c EnumSystemLocalesW
0x45b170 GetUserDefaultLCID
0x45b174 IsValidLocale
0x45b178 GetLocaleInfoW
0x45b17c LCMapStringW
0x45b180 CompareStringW
0x45b184 GetTimeFormatW
0x45b188 GetDateFormatW
0x45b18c HeapAlloc
0x45b190 HeapFree
0x45b194 GetConsoleMode
0x45b198 GetConsoleOutputCP
0x45b19c FlushFileBuffers
0x45b1a0 GetFileType
0x45b1a4 GetModuleFileNameW
0x45b1a8 CreateThread
0x45b1ac CloseHandle
0x45b1b0 SetFilePointerEx
0x45b1b4 GetFileSizeEx
0x45b1b8 WriteFile
0x45b1bc GetStdHandle
0x45b1c0 GetModuleHandleExW
0x45b1c4 ExitProcess
0x45b1c8 DuplicateHandle
0x45b1cc ReadFile
0x45b1d0 GetCurrentDirectoryW
0x45b1d4 SetCurrentDirectoryW
0x45b1d8 SetEnvironmentVariableW
0x45b1dc LoadLibraryExW
0x45b1e0 FreeLibrary
0x45b1e4 TlsFree
0x45b1e8 TlsSetValue
0x45b1ec TlsGetValue
0x45b1f0 TlsAlloc
0x45b1f4 SetEndOfFile
0x45b1f8 InitializeCriticalSectionAndSpinCount
0x45b1fc SetLastError
0x45b200 RaiseException
0x45b204 RtlUnwind
0x45b208 InitializeSListHead
0x45b20c GetStartupInfoW
0x45b210 IsDebuggerPresent
0x45b214 GetCurrentProcess
0x45b218 SetUnhandledExceptionFilter
0x45b21c UnhandledExceptionFilter
0x45b220 IsProcessorFeaturePresent
0x45b224 GetCPInfo
0x45b228 CompareStringEx
0x45b22c GetProcAddress
0x45b230 GetModuleHandleW
0x45b234 MultiByteToWideChar
0x45b238 GetStringTypeW
0x45b23c ReleaseSRWLockExclusive
0x45b240 AcquireSRWLockExclusive
0x45b244 TryAcquireSRWLockExclusive
0x45b248 GetCurrentThreadId
0x45b24c WideCharToMultiByte
0x45b250 EnterCriticalSection
0x45b254 LeaveCriticalSection
0x45b258 InitializeCriticalSectionEx
0x45b25c DeleteCriticalSection
0x45b260 EncodePointer
0x45b264 DecodePointer
0x45b268 GetLocaleInfoEx
0x45b26c LCMapStringEx
0x45b270 QueryPerformanceCounter
0x45b274 GetSystemTimeAsFileTime
USER32.dll
0x45b2a4 LockWorkStation
0x45b2a8 GetLastInputInfo
0x45b2ac SetProcessDPIAware
0x45b2b0 GetWindowTextLengthW
0x45b2b4 GetForegroundWindow
0x45b2b8 GetWindowTextW
0x45b2bc SendInput
0x45b2c0 GetSystemMetrics
0x45b2c4 GetMessageExtraInfo
0x45b2c8 GetDC
GDI32.dll
0x45b07c BitBlt
0x45b080 DeleteDC
0x45b084 CreateCompatibleDC
0x45b088 SelectObject
0x45b08c DeleteObject
0x45b090 CreateCompatibleBitmap
ADVAPI32.dll
0x45b000 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x45b004 RegOpenKeyExA
0x45b008 RegGetValueA
0x45b00c RegCloseKey
0x45b010 LookupPrivilegeValueW
0x45b014 AdjustTokenPrivileges
0x45b018 OpenProcessToken
0x45b01c CreateProcessAsUserW
0x45b020 DuplicateTokenEx
0x45b024 GetUserNameW
0x45b028 SetServiceStatus
0x45b02c RegisterServiceCtrlHandlerW
0x45b030 QueryServiceStatus
0x45b034 CloseServiceHandle
0x45b038 OpenSCManagerW
0x45b03c OpenSCManagerA
0x45b040 RegSetValueExW
0x45b044 StartServiceW
0x45b048 RegOpenKeyExW
0x45b04c ConvertStringSidToSidA
0x45b050 OpenServiceW
0x45b054 LookupAccountSidW
0x45b058 OpenServiceA
0x45b05c StartServiceCtrlDispatcherW
0x45b060 SetSecurityDescriptorDacl
0x45b064 SetFileSecurityW
0x45b068 AllocateAndInitializeSid
0x45b06c SetEntriesInAclW
0x45b070 FreeSid
0x45b074 InitializeSecurityDescriptor
SHELL32.dll
0x45b29c CommandLineToArgvW
ole32.dll
0x45b36c CreateStreamOnHGlobal
0x45b370 CoUninitialize
0x45b374 CoCreateInstance
0x45b378 GetHGlobalFromStream
0x45b37c CoInitialize
OLEAUT32.dll
0x45b290 SysAllocString
0x45b294 SysFreeString
WS2_32.dll
0x45b2fc htons
0x45b300 inet_pton
0x45b304 inet_ntop
0x45b308 connect
0x45b30c WSAStartup
0x45b310 __WSAFDIsSet
0x45b314 select
0x45b318 send
0x45b31c recv
0x45b320 closesocket
0x45b324 getaddrinfo
0x45b328 socket
IPHLPAPI.DLL
0x45b098 GetIfEntry2
0x45b09c GetBestInterfaceEx
WININET.dll
0x45b2dc InternetOpenUrlA
0x45b2e0 InternetOpenW
0x45b2e4 InternetCloseHandle
0x45b2e8 HttpSendRequestA
0x45b2ec InternetConnectA
0x45b2f0 InternetReadFile
0x45b2f4 HttpOpenRequestA
urlmon.dll
0x45b398 URLDownloadToFileA
WTSAPI32.dll
0x45b330 WTSQueryUserToken
0x45b334 WTSQuerySessionInformationW
0x45b338 WTSFreeMemory
pdh.dll
0x45b384 PdhOpenQueryW
0x45b388 PdhGetFormattedCounterValue
0x45b38c PdhCollectQueryData
0x45b390 PdhAddEnglishCounterW
NETAPI32.dll
0x45b27c NetLocalGroupAddMembers
0x45b280 NetUserGetInfo
0x45b284 NetUserAdd
0x45b288 NetApiBufferFree
gdiplus.dll
0x45b340 GdipCloneImage
0x45b344 GdiplusStartup
0x45b348 GdipAlloc
0x45b34c GdipCreateBitmapFromHBITMAP
0x45b350 GdipDisposeImage
0x45b354 GdipFree
0x45b358 GdipGetImageEncodersSize
0x45b35c GdipSaveImageToStream
0x45b360 GdipGetImageEncoders
0x45b364 GdiplusShutdown
USERENV.dll
0x45b2d0 CreateEnvironmentBlock
0x45b2d4 DestroyEnvironmentBlock
EAT(Export Address Table) is none
KERNEL32.dll
0x45b0a4 GetCommandLineA
0x45b0a8 GetOEMCP
0x45b0ac GetACP
0x45b0b0 IsValidCodePage
0x45b0b4 GetEnvironmentStringsW
0x45b0b8 FreeEnvironmentStringsW
0x45b0bc GetProcessHeap
0x45b0c0 SetStdHandle
0x45b0c4 CreateFileW
0x45b0c8 HeapSize
0x45b0cc WriteConsoleW
0x45b0d0 CreateProcessW
0x45b0d4 GetCurrentProcessId
0x45b0d8 Process32FirstW
0x45b0dc DeleteFileA
0x45b0e0 Process32NextW
0x45b0e4 CreateToolhelp32Snapshot
0x45b0e8 OpenProcess
0x45b0ec ExpandEnvironmentStringsA
0x45b0f0 TerminateProcess
0x45b0f4 GetTickCount64
0x45b0f8 CreateEventW
0x45b0fc WaitForSingleObject
0x45b100 GlobalUnlock
0x45b104 GlobalLock
0x45b108 GlobalSize
0x45b10c GetCommandLineW
0x45b110 WTSGetActiveConsoleSessionId
0x45b114 LocalFree
0x45b118 GetLocalTime
0x45b11c DeleteFileW
0x45b120 GetFileAttributesW
0x45b124 LocalAlloc
0x45b128 CreateDirectoryW
0x45b12c MapViewOfFile
0x45b130 CreateFileMappingW
0x45b134 OpenFileMappingW
0x45b138 GetLastError
0x45b13c SetEvent
0x45b140 Sleep
0x45b144 GetComputerNameW
0x45b148 FindNextFileW
0x45b14c FindFirstFileExW
0x45b150 FindClose
0x45b154 GetTimeZoneInformation
0x45b158 HeapReAlloc
0x45b15c CreatePipe
0x45b160 GetFileAttributesExW
0x45b164 GetExitCodeProcess
0x45b168 ReadConsoleW
0x45b16c EnumSystemLocalesW
0x45b170 GetUserDefaultLCID
0x45b174 IsValidLocale
0x45b178 GetLocaleInfoW
0x45b17c LCMapStringW
0x45b180 CompareStringW
0x45b184 GetTimeFormatW
0x45b188 GetDateFormatW
0x45b18c HeapAlloc
0x45b190 HeapFree
0x45b194 GetConsoleMode
0x45b198 GetConsoleOutputCP
0x45b19c FlushFileBuffers
0x45b1a0 GetFileType
0x45b1a4 GetModuleFileNameW
0x45b1a8 CreateThread
0x45b1ac CloseHandle
0x45b1b0 SetFilePointerEx
0x45b1b4 GetFileSizeEx
0x45b1b8 WriteFile
0x45b1bc GetStdHandle
0x45b1c0 GetModuleHandleExW
0x45b1c4 ExitProcess
0x45b1c8 DuplicateHandle
0x45b1cc ReadFile
0x45b1d0 GetCurrentDirectoryW
0x45b1d4 SetCurrentDirectoryW
0x45b1d8 SetEnvironmentVariableW
0x45b1dc LoadLibraryExW
0x45b1e0 FreeLibrary
0x45b1e4 TlsFree
0x45b1e8 TlsSetValue
0x45b1ec TlsGetValue
0x45b1f0 TlsAlloc
0x45b1f4 SetEndOfFile
0x45b1f8 InitializeCriticalSectionAndSpinCount
0x45b1fc SetLastError
0x45b200 RaiseException
0x45b204 RtlUnwind
0x45b208 InitializeSListHead
0x45b20c GetStartupInfoW
0x45b210 IsDebuggerPresent
0x45b214 GetCurrentProcess
0x45b218 SetUnhandledExceptionFilter
0x45b21c UnhandledExceptionFilter
0x45b220 IsProcessorFeaturePresent
0x45b224 GetCPInfo
0x45b228 CompareStringEx
0x45b22c GetProcAddress
0x45b230 GetModuleHandleW
0x45b234 MultiByteToWideChar
0x45b238 GetStringTypeW
0x45b23c ReleaseSRWLockExclusive
0x45b240 AcquireSRWLockExclusive
0x45b244 TryAcquireSRWLockExclusive
0x45b248 GetCurrentThreadId
0x45b24c WideCharToMultiByte
0x45b250 EnterCriticalSection
0x45b254 LeaveCriticalSection
0x45b258 InitializeCriticalSectionEx
0x45b25c DeleteCriticalSection
0x45b260 EncodePointer
0x45b264 DecodePointer
0x45b268 GetLocaleInfoEx
0x45b26c LCMapStringEx
0x45b270 QueryPerformanceCounter
0x45b274 GetSystemTimeAsFileTime
USER32.dll
0x45b2a4 LockWorkStation
0x45b2a8 GetLastInputInfo
0x45b2ac SetProcessDPIAware
0x45b2b0 GetWindowTextLengthW
0x45b2b4 GetForegroundWindow
0x45b2b8 GetWindowTextW
0x45b2bc SendInput
0x45b2c0 GetSystemMetrics
0x45b2c4 GetMessageExtraInfo
0x45b2c8 GetDC
GDI32.dll
0x45b07c BitBlt
0x45b080 DeleteDC
0x45b084 CreateCompatibleDC
0x45b088 SelectObject
0x45b08c DeleteObject
0x45b090 CreateCompatibleBitmap
ADVAPI32.dll
0x45b000 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x45b004 RegOpenKeyExA
0x45b008 RegGetValueA
0x45b00c RegCloseKey
0x45b010 LookupPrivilegeValueW
0x45b014 AdjustTokenPrivileges
0x45b018 OpenProcessToken
0x45b01c CreateProcessAsUserW
0x45b020 DuplicateTokenEx
0x45b024 GetUserNameW
0x45b028 SetServiceStatus
0x45b02c RegisterServiceCtrlHandlerW
0x45b030 QueryServiceStatus
0x45b034 CloseServiceHandle
0x45b038 OpenSCManagerW
0x45b03c OpenSCManagerA
0x45b040 RegSetValueExW
0x45b044 StartServiceW
0x45b048 RegOpenKeyExW
0x45b04c ConvertStringSidToSidA
0x45b050 OpenServiceW
0x45b054 LookupAccountSidW
0x45b058 OpenServiceA
0x45b05c StartServiceCtrlDispatcherW
0x45b060 SetSecurityDescriptorDacl
0x45b064 SetFileSecurityW
0x45b068 AllocateAndInitializeSid
0x45b06c SetEntriesInAclW
0x45b070 FreeSid
0x45b074 InitializeSecurityDescriptor
SHELL32.dll
0x45b29c CommandLineToArgvW
ole32.dll
0x45b36c CreateStreamOnHGlobal
0x45b370 CoUninitialize
0x45b374 CoCreateInstance
0x45b378 GetHGlobalFromStream
0x45b37c CoInitialize
OLEAUT32.dll
0x45b290 SysAllocString
0x45b294 SysFreeString
WS2_32.dll
0x45b2fc htons
0x45b300 inet_pton
0x45b304 inet_ntop
0x45b308 connect
0x45b30c WSAStartup
0x45b310 __WSAFDIsSet
0x45b314 select
0x45b318 send
0x45b31c recv
0x45b320 closesocket
0x45b324 getaddrinfo
0x45b328 socket
IPHLPAPI.DLL
0x45b098 GetIfEntry2
0x45b09c GetBestInterfaceEx
WININET.dll
0x45b2dc InternetOpenUrlA
0x45b2e0 InternetOpenW
0x45b2e4 InternetCloseHandle
0x45b2e8 HttpSendRequestA
0x45b2ec InternetConnectA
0x45b2f0 InternetReadFile
0x45b2f4 HttpOpenRequestA
urlmon.dll
0x45b398 URLDownloadToFileA
WTSAPI32.dll
0x45b330 WTSQueryUserToken
0x45b334 WTSQuerySessionInformationW
0x45b338 WTSFreeMemory
pdh.dll
0x45b384 PdhOpenQueryW
0x45b388 PdhGetFormattedCounterValue
0x45b38c PdhCollectQueryData
0x45b390 PdhAddEnglishCounterW
NETAPI32.dll
0x45b27c NetLocalGroupAddMembers
0x45b280 NetUserGetInfo
0x45b284 NetUserAdd
0x45b288 NetApiBufferFree
gdiplus.dll
0x45b340 GdipCloneImage
0x45b344 GdiplusStartup
0x45b348 GdipAlloc
0x45b34c GdipCreateBitmapFromHBITMAP
0x45b350 GdipDisposeImage
0x45b354 GdipFree
0x45b358 GdipGetImageEncodersSize
0x45b35c GdipSaveImageToStream
0x45b360 GdipGetImageEncoders
0x45b364 GdiplusShutdown
USERENV.dll
0x45b2d0 CreateEnvironmentBlock
0x45b2d4 DestroyEnvironmentBlock
EAT(Export Address Table) is none