ScreenShot
| Created | 2024.08.19 14:10 | Machine | s1_win7_x6403 |
| Filename | Fiklaaaaaaa.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 24 detected (AIDetectMalware, Fragtor, Unsafe, Attribute, HighConfidence, malicious, high confidence, Kryptik, HXOW, Stealerc, Kryptik@AI, RDML, OZkhS8+riFP75BqVUGlZGg, score, Static AI, Suspicious PE, ai score=85, Wacapew, Injection, ZexaF, 0qW@amSiZMh, confidence) | ||
| md5 | b0ce25de19e62f77784bc90b6d90f8f2 | ||
| sha256 | 3870870eeada5b88839f57be689728109b51d60044881df0da7f9b9392e51873 | ||
| ssdeep | 12288:nMUCn+iSACmAedduV9mC9Xrm1BDMbCOwkEE/o2E0/gMHyK+N:PCn+iNZddq9mC97m1BDSWEPYM1y | ||
| imphash | b87fc3874fae7c2c4ec39758e7ba8890 | ||
| impfuzzy | 96:CEY1D7C7BcpVejXjtZnEhZqxN75J7sCtUB29usK/6:CEY1dhZqxN7n7sCv9usKy | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 24 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x463040 K32EnumProcessModulesEx
0x463044 CreateFileW
0x463048 K32EnumProcessModules
0x46304c K32EnumProcesses
0x463050 LoadLibraryA
0x463054 GetProcAddress
0x463058 FreeLibrary
0x46305c OpenProcess
0x463060 GetCurrentProcessId
0x463064 GetCurrentProcess
0x463068 CloseHandle
0x46306c K32GetModuleBaseNameW
0x463070 HeapSize
0x463074 GetProcessHeap
0x463078 SetStdHandle
0x46307c FreeEnvironmentStringsW
0x463080 GetEnvironmentStringsW
0x463084 GetCommandLineW
0x463088 GetCommandLineA
0x46308c GetOEMCP
0x463090 GetACP
0x463094 IsValidCodePage
0x463098 FindNextFileW
0x46309c FindFirstFileExW
0x4630a0 FindClose
0x4630a4 HeapReAlloc
0x4630a8 ReadConsoleW
0x4630ac SetFilePointerEx
0x4630b0 GetFileSizeEx
0x4630b4 ReadFile
0x4630b8 GetConsoleMode
0x4630bc GetConsoleOutputCP
0x4630c0 FlushFileBuffers
0x4630c4 EnumSystemLocalesW
0x4630c8 GetUserDefaultLCID
0x4630cc IsValidLocale
0x4630d0 GetLocaleInfoW
0x4630d4 LCMapStringW
0x4630d8 GetFileType
0x4630dc HeapAlloc
0x4630e0 HeapFree
0x4630e4 WideCharToMultiByte
0x4630e8 MultiByteToWideChar
0x4630ec GetStringTypeW
0x4630f0 RaiseException
0x4630f4 EnterCriticalSection
0x4630f8 LeaveCriticalSection
0x4630fc InitializeCriticalSectionEx
0x463100 DeleteCriticalSection
0x463104 EncodePointer
0x463108 DecodePointer
0x46310c LCMapStringEx
0x463110 GetCPInfo
0x463114 IsProcessorFeaturePresent
0x463118 QueryPerformanceCounter
0x46311c GetCurrentThreadId
0x463120 GetSystemTimeAsFileTime
0x463124 InitializeSListHead
0x463128 IsDebuggerPresent
0x46312c UnhandledExceptionFilter
0x463130 SetUnhandledExceptionFilter
0x463134 GetStartupInfoW
0x463138 GetModuleHandleW
0x46313c TerminateProcess
0x463140 RtlUnwind
0x463144 GetLastError
0x463148 SetLastError
0x46314c InitializeCriticalSectionAndSpinCount
0x463150 TlsAlloc
0x463154 TlsGetValue
0x463158 TlsSetValue
0x46315c TlsFree
0x463160 LoadLibraryExW
0x463164 ExitProcess
0x463168 GetModuleHandleExW
0x46316c GetStdHandle
0x463170 WriteFile
0x463174 GetModuleFileNameW
0x463178 WriteConsoleW
COMDLG32.dll
0x463000 CommDlgExtendedError
0x463004 PrintDlgA
0x463008 ChooseFontA
0x46300c ReplaceTextW
0x463010 ReplaceTextA
0x463014 FindTextW
0x463018 FindTextA
0x46301c ChooseColorW
0x463020 ChooseColorA
0x463024 GetFileTitleW
0x463028 GetFileTitleA
0x46302c GetSaveFileNameW
0x463030 GetSaveFileNameA
0x463034 GetOpenFileNameW
0x463038 GetOpenFileNameA
RPCRT4.dll
0x463180 UuidToStringW
0x463184 RpcEpRegisterNoReplaceA
0x463188 RpcMgmtWaitServerListen
0x46318c RpcMgmtStopServerListening
0x463190 UuidFromStringA
0x463194 UuidToStringA
0x463198 RpcBindingFree
0x46319c RpcBindingFromStringBindingA
0x4631a0 RpcBindingReset
0x4631a4 RpcStringBindingComposeA
0x4631a8 RpcStringFreeA
0x4631ac RpcStringFreeW
0x4631b0 RpcServerListen
0x4631b4 RpcServerRegisterIf
0x4631b8 RpcServerUseProtseqEpA
0x4631bc UuidCreate
WINTRUST.dll
0x463204 WTHelperProvDataFromStateData
0x463208 WTHelperGetProvCertFromChain
0x46320c WTHelperGetProvSignerFromChain
VERSION.dll
0x4631e0 GetFileVersionInfoW
0x4631e4 VerQueryValueA
0x4631e8 GetFileVersionInfoExW
0x4631ec GetFileVersionInfoSizeA
0x4631f0 GetFileVersionInfoSizeW
0x4631f4 GetFileVersionInfoA
0x4631f8 GetFileVersionInfoSizeExW
0x4631fc VerQueryValueW
SHLWAPI.dll
0x4631c4 PathRemoveFileSpecA
0x4631c8 PathAppendA
0x4631cc PathFileExistsA
0x4631d0 PathFindFileNameA
0x4631d4 PathIsURLA
0x4631d8 PathAddBackslashA
EAT(Export Address Table) is none
KERNEL32.dll
0x463040 K32EnumProcessModulesEx
0x463044 CreateFileW
0x463048 K32EnumProcessModules
0x46304c K32EnumProcesses
0x463050 LoadLibraryA
0x463054 GetProcAddress
0x463058 FreeLibrary
0x46305c OpenProcess
0x463060 GetCurrentProcessId
0x463064 GetCurrentProcess
0x463068 CloseHandle
0x46306c K32GetModuleBaseNameW
0x463070 HeapSize
0x463074 GetProcessHeap
0x463078 SetStdHandle
0x46307c FreeEnvironmentStringsW
0x463080 GetEnvironmentStringsW
0x463084 GetCommandLineW
0x463088 GetCommandLineA
0x46308c GetOEMCP
0x463090 GetACP
0x463094 IsValidCodePage
0x463098 FindNextFileW
0x46309c FindFirstFileExW
0x4630a0 FindClose
0x4630a4 HeapReAlloc
0x4630a8 ReadConsoleW
0x4630ac SetFilePointerEx
0x4630b0 GetFileSizeEx
0x4630b4 ReadFile
0x4630b8 GetConsoleMode
0x4630bc GetConsoleOutputCP
0x4630c0 FlushFileBuffers
0x4630c4 EnumSystemLocalesW
0x4630c8 GetUserDefaultLCID
0x4630cc IsValidLocale
0x4630d0 GetLocaleInfoW
0x4630d4 LCMapStringW
0x4630d8 GetFileType
0x4630dc HeapAlloc
0x4630e0 HeapFree
0x4630e4 WideCharToMultiByte
0x4630e8 MultiByteToWideChar
0x4630ec GetStringTypeW
0x4630f0 RaiseException
0x4630f4 EnterCriticalSection
0x4630f8 LeaveCriticalSection
0x4630fc InitializeCriticalSectionEx
0x463100 DeleteCriticalSection
0x463104 EncodePointer
0x463108 DecodePointer
0x46310c LCMapStringEx
0x463110 GetCPInfo
0x463114 IsProcessorFeaturePresent
0x463118 QueryPerformanceCounter
0x46311c GetCurrentThreadId
0x463120 GetSystemTimeAsFileTime
0x463124 InitializeSListHead
0x463128 IsDebuggerPresent
0x46312c UnhandledExceptionFilter
0x463130 SetUnhandledExceptionFilter
0x463134 GetStartupInfoW
0x463138 GetModuleHandleW
0x46313c TerminateProcess
0x463140 RtlUnwind
0x463144 GetLastError
0x463148 SetLastError
0x46314c InitializeCriticalSectionAndSpinCount
0x463150 TlsAlloc
0x463154 TlsGetValue
0x463158 TlsSetValue
0x46315c TlsFree
0x463160 LoadLibraryExW
0x463164 ExitProcess
0x463168 GetModuleHandleExW
0x46316c GetStdHandle
0x463170 WriteFile
0x463174 GetModuleFileNameW
0x463178 WriteConsoleW
COMDLG32.dll
0x463000 CommDlgExtendedError
0x463004 PrintDlgA
0x463008 ChooseFontA
0x46300c ReplaceTextW
0x463010 ReplaceTextA
0x463014 FindTextW
0x463018 FindTextA
0x46301c ChooseColorW
0x463020 ChooseColorA
0x463024 GetFileTitleW
0x463028 GetFileTitleA
0x46302c GetSaveFileNameW
0x463030 GetSaveFileNameA
0x463034 GetOpenFileNameW
0x463038 GetOpenFileNameA
RPCRT4.dll
0x463180 UuidToStringW
0x463184 RpcEpRegisterNoReplaceA
0x463188 RpcMgmtWaitServerListen
0x46318c RpcMgmtStopServerListening
0x463190 UuidFromStringA
0x463194 UuidToStringA
0x463198 RpcBindingFree
0x46319c RpcBindingFromStringBindingA
0x4631a0 RpcBindingReset
0x4631a4 RpcStringBindingComposeA
0x4631a8 RpcStringFreeA
0x4631ac RpcStringFreeW
0x4631b0 RpcServerListen
0x4631b4 RpcServerRegisterIf
0x4631b8 RpcServerUseProtseqEpA
0x4631bc UuidCreate
WINTRUST.dll
0x463204 WTHelperProvDataFromStateData
0x463208 WTHelperGetProvCertFromChain
0x46320c WTHelperGetProvSignerFromChain
VERSION.dll
0x4631e0 GetFileVersionInfoW
0x4631e4 VerQueryValueA
0x4631e8 GetFileVersionInfoExW
0x4631ec GetFileVersionInfoSizeA
0x4631f0 GetFileVersionInfoSizeW
0x4631f4 GetFileVersionInfoA
0x4631f8 GetFileVersionInfoSizeExW
0x4631fc VerQueryValueW
SHLWAPI.dll
0x4631c4 PathRemoveFileSpecA
0x4631c8 PathAppendA
0x4631cc PathFileExistsA
0x4631d0 PathFindFileNameA
0x4631d4 PathIsURLA
0x4631d8 PathAddBackslashA
EAT(Export Address Table) is none