ScreenShot
| Created | 2024.08.19 14:54 | Machine | s1_win7_x6403 |
| Filename | TestikBro.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 18 detected (AIDetectMalware, malicious, high confidence, Unsafe, Attribute, HighConfidence, DropperX, CLOUD, Detected, Wacatac, confidence) | ||
| md5 | 7c0a5c2cde620549b93d8372960b63c1 | ||
| sha256 | 3271f49b0f0a89a484b670cf79cd73f57c28cae28a5a3e0c1c6c281c9aaadd71 | ||
| ssdeep | 6144:YePdowp/FFsk4ff2wZ5Yd3CTqhs1T5CJGi6Axj6KAI281:NowVLX4ff2wsd3BO1TM36AxHAF | ||
| imphash | a87033b91daba663ce76e728a71c03f0 | ||
| impfuzzy | 48:Um9TBGgZUcpVeMS1Yt2gGME59JGKlSY/goCFX0WnB/NpJPX/AwZ1nLeS9:UmLUcpVeMS1Yt2gGME55/ahBIwZNec | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 18 AntiVirus engines on VirusTotal as malicious |
| notice | Creates executable files on the filesystem |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140046028 FreeLibrary
0x140046030 GetProcAddress
0x140046038 LoadLibraryA
0x140046040 LoadLibraryW
0x140046048 LocalFree
0x140046050 FormatMessageW
0x140046058 lstrlenW
0x140046060 GetComputerNameA
0x140046068 VerifyVersionInfoW
0x140046070 SetEndOfFile
0x140046078 WriteConsoleW
0x140046080 VirtualProtect
0x140046088 CreateFileW
0x140046090 GetProcessHeap
0x140046098 SetStdHandle
0x1400460a0 FreeEnvironmentStringsW
0x1400460a8 GetEnvironmentStringsW
0x1400460b0 GetCommandLineW
0x1400460b8 GetCommandLineA
0x1400460c0 GetOEMCP
0x1400460c8 GetACP
0x1400460d0 IsValidCodePage
0x1400460d8 FindNextFileW
0x1400460e0 CreateProcessA
0x1400460e8 Sleep
0x1400460f0 GetEnvironmentVariableW
0x1400460f8 HeapSize
0x140046100 VerSetConditionMask
0x140046108 FindFirstFileExW
0x140046110 FindClose
0x140046118 HeapReAlloc
0x140046120 ReadConsoleW
0x140046128 SetFilePointerEx
0x140046130 GetFileSizeEx
0x140046138 ReadFile
0x140046140 GetConsoleMode
0x140046148 GetConsoleOutputCP
0x140046150 FlushFileBuffers
0x140046158 CloseHandle
0x140046160 GetFileType
0x140046168 EnumSystemLocalesW
0x140046170 GetUserDefaultLCID
0x140046178 IsValidLocale
0x140046180 GetLocaleInfoW
0x140046188 LCMapStringW
0x140046190 FlsFree
0x140046198 FlsSetValue
0x1400461a0 FlsGetValue
0x1400461a8 FlsAlloc
0x1400461b0 HeapFree
0x1400461b8 WideCharToMultiByte
0x1400461c0 MultiByteToWideChar
0x1400461c8 GetStringTypeW
0x1400461d0 EnterCriticalSection
0x1400461d8 LeaveCriticalSection
0x1400461e0 InitializeCriticalSectionEx
0x1400461e8 DeleteCriticalSection
0x1400461f0 EncodePointer
0x1400461f8 DecodePointer
0x140046200 LCMapStringEx
0x140046208 GetCPInfo
0x140046210 QueryPerformanceCounter
0x140046218 GetCurrentProcessId
0x140046220 GetCurrentThreadId
0x140046228 GetSystemTimeAsFileTime
0x140046230 InitializeSListHead
0x140046238 RtlCaptureContext
0x140046240 RtlLookupFunctionEntry
0x140046248 RtlVirtualUnwind
0x140046250 IsDebuggerPresent
0x140046258 UnhandledExceptionFilter
0x140046260 SetUnhandledExceptionFilter
0x140046268 GetStartupInfoW
0x140046270 IsProcessorFeaturePresent
0x140046278 GetModuleHandleW
0x140046280 GetCurrentProcess
0x140046288 TerminateProcess
0x140046290 RtlPcToFileHeader
0x140046298 RaiseException
0x1400462a0 RtlUnwindEx
0x1400462a8 GetLastError
0x1400462b0 SetLastError
0x1400462b8 InitializeCriticalSectionAndSpinCount
0x1400462c0 TlsAlloc
0x1400462c8 TlsGetValue
0x1400462d0 TlsSetValue
0x1400462d8 TlsFree
0x1400462e0 LoadLibraryExW
0x1400462e8 ExitProcess
0x1400462f0 GetModuleHandleExW
0x1400462f8 GetStdHandle
0x140046300 WriteFile
0x140046308 GetModuleFileNameW
0x140046310 HeapAlloc
0x140046318 RtlUnwind
USER32.dll
0x1400463e8 DispatchMessageW
0x1400463f0 TranslateMessage
0x1400463f8 ShowWindow
0x140046400 SendMessageW
0x140046408 LoadIconW
0x140046410 MessageBoxW
0x140046418 GetClientRect
0x140046420 UpdateWindow
0x140046428 GetMessageW
0x140046430 CreateWindowExW
0x140046438 RegisterClassW
0x140046440 PostQuitMessage
0x140046448 DefWindowProcW
GDI32.dll
0x140046000 SetBkColor
0x140046008 CreateSolidBrush
0x140046010 CreateFontW
0x140046018 SetTextColor
SHELL32.dll
0x140046378 ShellExecuteW
0x140046380 SHGetFolderPathW
0x140046388 SHGetFolderPathA
ole32.dll
0x140046458 CoInitialize
0x140046460 CoUninitialize
SHLWAPI.dll
0x140046398 PathFileExistsW
0x1400463a0 PathCombineW
0x1400463a8 PathAppendW
0x1400463b0 StrCmpW
0x1400463b8 StrCatW
0x1400463c0 StrStrW
0x1400463c8 PathIsDirectoryW
0x1400463d0 PathRemoveFileSpecW
0x1400463d8 PathFindFileNameW
MPR.dll
0x140046328 WNetCancelConnection2W
0x140046330 WNetGetLastErrorW
0x140046338 WNetGetUniversalNameW
0x140046340 WNetGetResourceInformationW
0x140046348 WNetCloseEnum
0x140046350 WNetEnumResourceW
0x140046358 WNetOpenEnumW
0x140046360 WNetGetConnectionW
0x140046368 WNetAddConnection2W
urlmon.dll
0x140046470 URLDownloadToFileW
EAT(Export Address Table) is none
KERNEL32.dll
0x140046028 FreeLibrary
0x140046030 GetProcAddress
0x140046038 LoadLibraryA
0x140046040 LoadLibraryW
0x140046048 LocalFree
0x140046050 FormatMessageW
0x140046058 lstrlenW
0x140046060 GetComputerNameA
0x140046068 VerifyVersionInfoW
0x140046070 SetEndOfFile
0x140046078 WriteConsoleW
0x140046080 VirtualProtect
0x140046088 CreateFileW
0x140046090 GetProcessHeap
0x140046098 SetStdHandle
0x1400460a0 FreeEnvironmentStringsW
0x1400460a8 GetEnvironmentStringsW
0x1400460b0 GetCommandLineW
0x1400460b8 GetCommandLineA
0x1400460c0 GetOEMCP
0x1400460c8 GetACP
0x1400460d0 IsValidCodePage
0x1400460d8 FindNextFileW
0x1400460e0 CreateProcessA
0x1400460e8 Sleep
0x1400460f0 GetEnvironmentVariableW
0x1400460f8 HeapSize
0x140046100 VerSetConditionMask
0x140046108 FindFirstFileExW
0x140046110 FindClose
0x140046118 HeapReAlloc
0x140046120 ReadConsoleW
0x140046128 SetFilePointerEx
0x140046130 GetFileSizeEx
0x140046138 ReadFile
0x140046140 GetConsoleMode
0x140046148 GetConsoleOutputCP
0x140046150 FlushFileBuffers
0x140046158 CloseHandle
0x140046160 GetFileType
0x140046168 EnumSystemLocalesW
0x140046170 GetUserDefaultLCID
0x140046178 IsValidLocale
0x140046180 GetLocaleInfoW
0x140046188 LCMapStringW
0x140046190 FlsFree
0x140046198 FlsSetValue
0x1400461a0 FlsGetValue
0x1400461a8 FlsAlloc
0x1400461b0 HeapFree
0x1400461b8 WideCharToMultiByte
0x1400461c0 MultiByteToWideChar
0x1400461c8 GetStringTypeW
0x1400461d0 EnterCriticalSection
0x1400461d8 LeaveCriticalSection
0x1400461e0 InitializeCriticalSectionEx
0x1400461e8 DeleteCriticalSection
0x1400461f0 EncodePointer
0x1400461f8 DecodePointer
0x140046200 LCMapStringEx
0x140046208 GetCPInfo
0x140046210 QueryPerformanceCounter
0x140046218 GetCurrentProcessId
0x140046220 GetCurrentThreadId
0x140046228 GetSystemTimeAsFileTime
0x140046230 InitializeSListHead
0x140046238 RtlCaptureContext
0x140046240 RtlLookupFunctionEntry
0x140046248 RtlVirtualUnwind
0x140046250 IsDebuggerPresent
0x140046258 UnhandledExceptionFilter
0x140046260 SetUnhandledExceptionFilter
0x140046268 GetStartupInfoW
0x140046270 IsProcessorFeaturePresent
0x140046278 GetModuleHandleW
0x140046280 GetCurrentProcess
0x140046288 TerminateProcess
0x140046290 RtlPcToFileHeader
0x140046298 RaiseException
0x1400462a0 RtlUnwindEx
0x1400462a8 GetLastError
0x1400462b0 SetLastError
0x1400462b8 InitializeCriticalSectionAndSpinCount
0x1400462c0 TlsAlloc
0x1400462c8 TlsGetValue
0x1400462d0 TlsSetValue
0x1400462d8 TlsFree
0x1400462e0 LoadLibraryExW
0x1400462e8 ExitProcess
0x1400462f0 GetModuleHandleExW
0x1400462f8 GetStdHandle
0x140046300 WriteFile
0x140046308 GetModuleFileNameW
0x140046310 HeapAlloc
0x140046318 RtlUnwind
USER32.dll
0x1400463e8 DispatchMessageW
0x1400463f0 TranslateMessage
0x1400463f8 ShowWindow
0x140046400 SendMessageW
0x140046408 LoadIconW
0x140046410 MessageBoxW
0x140046418 GetClientRect
0x140046420 UpdateWindow
0x140046428 GetMessageW
0x140046430 CreateWindowExW
0x140046438 RegisterClassW
0x140046440 PostQuitMessage
0x140046448 DefWindowProcW
GDI32.dll
0x140046000 SetBkColor
0x140046008 CreateSolidBrush
0x140046010 CreateFontW
0x140046018 SetTextColor
SHELL32.dll
0x140046378 ShellExecuteW
0x140046380 SHGetFolderPathW
0x140046388 SHGetFolderPathA
ole32.dll
0x140046458 CoInitialize
0x140046460 CoUninitialize
SHLWAPI.dll
0x140046398 PathFileExistsW
0x1400463a0 PathCombineW
0x1400463a8 PathAppendW
0x1400463b0 StrCmpW
0x1400463b8 StrCatW
0x1400463c0 StrStrW
0x1400463c8 PathIsDirectoryW
0x1400463d0 PathRemoveFileSpecW
0x1400463d8 PathFindFileNameW
MPR.dll
0x140046328 WNetCancelConnection2W
0x140046330 WNetGetLastErrorW
0x140046338 WNetGetUniversalNameW
0x140046340 WNetGetResourceInformationW
0x140046348 WNetCloseEnum
0x140046350 WNetEnumResourceW
0x140046358 WNetOpenEnumW
0x140046360 WNetGetConnectionW
0x140046368 WNetAddConnection2W
urlmon.dll
0x140046470 URLDownloadToFileW
EAT(Export Address Table) is none