ScreenShot
| Created | 2024.08.19 14:31 | Machine | s1_win7_x6401 |
| Filename | Pafool.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 28 detected (AIDetectMalware, Malicious, score, Zusy, Unsafe, Attribute, HighConfidence, AGen, DropperX, Convagent, v7KZnnwmzgD, Real Protect, Static AI, Suspicious PE, ai score=81, Wacatac, ZexaF, sqW@amWO36i, confidence) | ||
| md5 | 34c0ec62ad1ee616d73fcc2fa7ac2c05 | ||
| sha256 | 1af8e759ae0dbd5866bfae7676a67b3ff71f1d54ccbafc9bbaa493f512697cfa | ||
| ssdeep | 6144:olB1QaTezATxHySDVBJyQhsqcXVGXK+mEkg:oL1hHyS/cqciSEk | ||
| imphash | afd948c78bfbef3259852978f4a77212 | ||
| impfuzzy | 24:V0Dp7BcpVWQS1jtdhlJBlmLozbvRpOovbOPZiGMV:G7BcpVBS1jtdnuOC3S | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x441000 LoadLibraryA
0x441004 GetProcAddress
0x441008 FreeLibrary
0x44100c CreateFileW
0x441010 RaiseException
0x441014 EnterCriticalSection
0x441018 LeaveCriticalSection
0x44101c InitializeCriticalSectionEx
0x441020 DeleteCriticalSection
0x441024 EncodePointer
0x441028 DecodePointer
0x44102c MultiByteToWideChar
0x441030 WideCharToMultiByte
0x441034 GetStringTypeW
0x441038 GetCPInfo
0x44103c IsProcessorFeaturePresent
0x441040 QueryPerformanceCounter
0x441044 GetCurrentProcessId
0x441048 GetCurrentThreadId
0x44104c GetSystemTimeAsFileTime
0x441050 InitializeSListHead
0x441054 IsDebuggerPresent
0x441058 UnhandledExceptionFilter
0x44105c SetUnhandledExceptionFilter
0x441060 GetStartupInfoW
0x441064 GetModuleHandleW
0x441068 GetCurrentProcess
0x44106c TerminateProcess
0x441070 RtlUnwind
0x441074 GetLastError
0x441078 SetLastError
0x44107c InitializeCriticalSectionAndSpinCount
0x441080 TlsAlloc
0x441084 TlsGetValue
0x441088 TlsSetValue
0x44108c TlsFree
0x441090 LoadLibraryExW
0x441094 GetStdHandle
0x441098 WriteFile
0x44109c GetModuleFileNameW
0x4410a0 ExitProcess
0x4410a4 GetModuleHandleExW
0x4410a8 LCMapStringW
0x4410ac HeapFree
0x4410b0 HeapAlloc
0x4410b4 HeapReAlloc
0x4410b8 GetFileType
0x4410bc FindClose
0x4410c0 FindFirstFileExW
0x4410c4 FindNextFileW
0x4410c8 IsValidCodePage
0x4410cc GetACP
0x4410d0 GetOEMCP
0x4410d4 GetCommandLineA
0x4410d8 GetCommandLineW
0x4410dc GetEnvironmentStringsW
0x4410e0 FreeEnvironmentStringsW
0x4410e4 SetStdHandle
0x4410e8 GetProcessHeap
0x4410ec SetFilePointerEx
0x4410f0 HeapSize
0x4410f4 FlushFileBuffers
0x4410f8 GetConsoleOutputCP
0x4410fc GetConsoleMode
0x441100 CloseHandle
0x441104 WriteConsoleW
EAT(Export Address Table) is none
KERNEL32.dll
0x441000 LoadLibraryA
0x441004 GetProcAddress
0x441008 FreeLibrary
0x44100c CreateFileW
0x441010 RaiseException
0x441014 EnterCriticalSection
0x441018 LeaveCriticalSection
0x44101c InitializeCriticalSectionEx
0x441020 DeleteCriticalSection
0x441024 EncodePointer
0x441028 DecodePointer
0x44102c MultiByteToWideChar
0x441030 WideCharToMultiByte
0x441034 GetStringTypeW
0x441038 GetCPInfo
0x44103c IsProcessorFeaturePresent
0x441040 QueryPerformanceCounter
0x441044 GetCurrentProcessId
0x441048 GetCurrentThreadId
0x44104c GetSystemTimeAsFileTime
0x441050 InitializeSListHead
0x441054 IsDebuggerPresent
0x441058 UnhandledExceptionFilter
0x44105c SetUnhandledExceptionFilter
0x441060 GetStartupInfoW
0x441064 GetModuleHandleW
0x441068 GetCurrentProcess
0x44106c TerminateProcess
0x441070 RtlUnwind
0x441074 GetLastError
0x441078 SetLastError
0x44107c InitializeCriticalSectionAndSpinCount
0x441080 TlsAlloc
0x441084 TlsGetValue
0x441088 TlsSetValue
0x44108c TlsFree
0x441090 LoadLibraryExW
0x441094 GetStdHandle
0x441098 WriteFile
0x44109c GetModuleFileNameW
0x4410a0 ExitProcess
0x4410a4 GetModuleHandleExW
0x4410a8 LCMapStringW
0x4410ac HeapFree
0x4410b0 HeapAlloc
0x4410b4 HeapReAlloc
0x4410b8 GetFileType
0x4410bc FindClose
0x4410c0 FindFirstFileExW
0x4410c4 FindNextFileW
0x4410c8 IsValidCodePage
0x4410cc GetACP
0x4410d0 GetOEMCP
0x4410d4 GetCommandLineA
0x4410d8 GetCommandLineW
0x4410dc GetEnvironmentStringsW
0x4410e0 FreeEnvironmentStringsW
0x4410e4 SetStdHandle
0x4410e8 GetProcessHeap
0x4410ec SetFilePointerEx
0x4410f0 HeapSize
0x4410f4 FlushFileBuffers
0x4410f8 GetConsoleOutputCP
0x4410fc GetConsoleMode
0x441100 CloseHandle
0x441104 WriteConsoleW
EAT(Export Address Table) is none