ScreenShot
| Created | 2024.08.19 15:17 | Machine | s1_win7_x6401 |
| Filename | CFPPF.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 22 detected (AIDetectMalware, malicious, high confidence, score, Mikey, Unsafe, Attribute, HighConfidence, DropperX, ClipBanker, ai score=85, confidence) | ||
| md5 | 54c38790a4b6310fdc018d6ed97eed0f | ||
| sha256 | 138c6c219e86a0c1624d6af00a65390e2acc670148f8930f831a175da7d24ef0 | ||
| ssdeep | 12288:vpxRp186rtRhqdh88J70Y1jnDHpGK1aSfo0p:hxJ8Xj8wjDHwif | ||
| imphash | e0fdfb683115d4c3da35e302fc84ca98 | ||
| impfuzzy | 48:UWB8cpV5QS1Yt2gGsunXZE9FSY/goCKX0WnB/KAlJVZS9:UFcpV5QS1Yt2gGsuJEjKahjc | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140074028 FreeLibrary
0x140074030 GetProcAddress
0x140074038 LoadLibraryW
0x140074040 WriteConsoleW
0x140074048 CreateFileW
0x140074050 HeapSize
0x140074058 GetProcessHeap
0x140074060 VirtualProtect
0x140074068 FreeEnvironmentStringsW
0x140074070 GetEnvironmentStringsW
0x140074078 GetCommandLineW
0x140074080 GetCommandLineA
0x140074088 GetOEMCP
0x140074090 GetACP
0x140074098 IsValidCodePage
0x1400740a0 FindNextFileW
0x1400740a8 FindFirstFileExW
0x1400740b0 CreateProcessA
0x1400740b8 Sleep
0x1400740c0 GetLastError
0x1400740c8 SetStdHandle
0x1400740d0 FindClose
0x1400740d8 HeapReAlloc
0x1400740e0 WideCharToMultiByte
0x1400740e8 EnterCriticalSection
0x1400740f0 LeaveCriticalSection
0x1400740f8 InitializeCriticalSectionEx
0x140074100 DeleteCriticalSection
0x140074108 EncodePointer
0x140074110 DecodePointer
0x140074118 MultiByteToWideChar
0x140074120 LCMapStringEx
0x140074128 GetStringTypeW
0x140074130 GetCPInfo
0x140074138 QueryPerformanceCounter
0x140074140 GetCurrentProcessId
0x140074148 GetCurrentThreadId
0x140074150 GetSystemTimeAsFileTime
0x140074158 InitializeSListHead
0x140074160 RtlCaptureContext
0x140074168 RtlLookupFunctionEntry
0x140074170 RtlVirtualUnwind
0x140074178 IsDebuggerPresent
0x140074180 UnhandledExceptionFilter
0x140074188 SetUnhandledExceptionFilter
0x140074190 GetStartupInfoW
0x140074198 IsProcessorFeaturePresent
0x1400741a0 GetModuleHandleW
0x1400741a8 GetCurrentProcess
0x1400741b0 TerminateProcess
0x1400741b8 RtlPcToFileHeader
0x1400741c0 RaiseException
0x1400741c8 RtlUnwindEx
0x1400741d0 SetLastError
0x1400741d8 InitializeCriticalSectionAndSpinCount
0x1400741e0 TlsAlloc
0x1400741e8 TlsGetValue
0x1400741f0 TlsSetValue
0x1400741f8 TlsFree
0x140074200 LoadLibraryExW
0x140074208 GetStdHandle
0x140074210 WriteFile
0x140074218 GetModuleFileNameW
0x140074220 ExitProcess
0x140074228 GetModuleHandleExW
0x140074230 HeapAlloc
0x140074238 HeapFree
0x140074240 GetFileType
0x140074248 FlsAlloc
0x140074250 FlsGetValue
0x140074258 FlsSetValue
0x140074260 FlsFree
0x140074268 LCMapStringW
0x140074270 GetLocaleInfoW
0x140074278 IsValidLocale
0x140074280 GetUserDefaultLCID
0x140074288 EnumSystemLocalesW
0x140074290 CloseHandle
0x140074298 FlushFileBuffers
0x1400742a0 GetConsoleOutputCP
0x1400742a8 GetConsoleMode
0x1400742b0 ReadFile
0x1400742b8 GetFileSizeEx
0x1400742c0 SetFilePointerEx
0x1400742c8 ReadConsoleW
0x1400742d0 RtlUnwind
USER32.dll
0x1400742f8 GetMessageW
0x140074300 LoadIconW
0x140074308 MessageBoxW
0x140074310 GetClientRect
0x140074318 UpdateWindow
0x140074320 ShowWindow
0x140074328 CreateWindowExW
0x140074330 RegisterClassW
0x140074338 PostQuitMessage
0x140074340 DefWindowProcW
0x140074348 SendMessageW
0x140074350 DispatchMessageW
0x140074358 TranslateMessage
GDI32.dll
0x140074000 SetBkColor
0x140074008 CreateSolidBrush
0x140074010 CreateFontW
0x140074018 SetTextColor
SHELL32.dll
0x1400742e0 SHGetFolderPathW
0x1400742e8 ShellExecuteW
urlmon.dll
0x140074368 URLDownloadToFileW
EAT(Export Address Table) is none
KERNEL32.dll
0x140074028 FreeLibrary
0x140074030 GetProcAddress
0x140074038 LoadLibraryW
0x140074040 WriteConsoleW
0x140074048 CreateFileW
0x140074050 HeapSize
0x140074058 GetProcessHeap
0x140074060 VirtualProtect
0x140074068 FreeEnvironmentStringsW
0x140074070 GetEnvironmentStringsW
0x140074078 GetCommandLineW
0x140074080 GetCommandLineA
0x140074088 GetOEMCP
0x140074090 GetACP
0x140074098 IsValidCodePage
0x1400740a0 FindNextFileW
0x1400740a8 FindFirstFileExW
0x1400740b0 CreateProcessA
0x1400740b8 Sleep
0x1400740c0 GetLastError
0x1400740c8 SetStdHandle
0x1400740d0 FindClose
0x1400740d8 HeapReAlloc
0x1400740e0 WideCharToMultiByte
0x1400740e8 EnterCriticalSection
0x1400740f0 LeaveCriticalSection
0x1400740f8 InitializeCriticalSectionEx
0x140074100 DeleteCriticalSection
0x140074108 EncodePointer
0x140074110 DecodePointer
0x140074118 MultiByteToWideChar
0x140074120 LCMapStringEx
0x140074128 GetStringTypeW
0x140074130 GetCPInfo
0x140074138 QueryPerformanceCounter
0x140074140 GetCurrentProcessId
0x140074148 GetCurrentThreadId
0x140074150 GetSystemTimeAsFileTime
0x140074158 InitializeSListHead
0x140074160 RtlCaptureContext
0x140074168 RtlLookupFunctionEntry
0x140074170 RtlVirtualUnwind
0x140074178 IsDebuggerPresent
0x140074180 UnhandledExceptionFilter
0x140074188 SetUnhandledExceptionFilter
0x140074190 GetStartupInfoW
0x140074198 IsProcessorFeaturePresent
0x1400741a0 GetModuleHandleW
0x1400741a8 GetCurrentProcess
0x1400741b0 TerminateProcess
0x1400741b8 RtlPcToFileHeader
0x1400741c0 RaiseException
0x1400741c8 RtlUnwindEx
0x1400741d0 SetLastError
0x1400741d8 InitializeCriticalSectionAndSpinCount
0x1400741e0 TlsAlloc
0x1400741e8 TlsGetValue
0x1400741f0 TlsSetValue
0x1400741f8 TlsFree
0x140074200 LoadLibraryExW
0x140074208 GetStdHandle
0x140074210 WriteFile
0x140074218 GetModuleFileNameW
0x140074220 ExitProcess
0x140074228 GetModuleHandleExW
0x140074230 HeapAlloc
0x140074238 HeapFree
0x140074240 GetFileType
0x140074248 FlsAlloc
0x140074250 FlsGetValue
0x140074258 FlsSetValue
0x140074260 FlsFree
0x140074268 LCMapStringW
0x140074270 GetLocaleInfoW
0x140074278 IsValidLocale
0x140074280 GetUserDefaultLCID
0x140074288 EnumSystemLocalesW
0x140074290 CloseHandle
0x140074298 FlushFileBuffers
0x1400742a0 GetConsoleOutputCP
0x1400742a8 GetConsoleMode
0x1400742b0 ReadFile
0x1400742b8 GetFileSizeEx
0x1400742c0 SetFilePointerEx
0x1400742c8 ReadConsoleW
0x1400742d0 RtlUnwind
USER32.dll
0x1400742f8 GetMessageW
0x140074300 LoadIconW
0x140074308 MessageBoxW
0x140074310 GetClientRect
0x140074318 UpdateWindow
0x140074320 ShowWindow
0x140074328 CreateWindowExW
0x140074330 RegisterClassW
0x140074338 PostQuitMessage
0x140074340 DefWindowProcW
0x140074348 SendMessageW
0x140074350 DispatchMessageW
0x140074358 TranslateMessage
GDI32.dll
0x140074000 SetBkColor
0x140074008 CreateSolidBrush
0x140074010 CreateFontW
0x140074018 SetTextColor
SHELL32.dll
0x1400742e0 SHGetFolderPathW
0x1400742e8 ShellExecuteW
urlmon.dll
0x140074368 URLDownloadToFileW
EAT(Export Address Table) is none