ScreenShot
| Created | 2024.08.22 11:28 | Machine | s1_win7_x6401 |
| Filename | downloader.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 13 detected (AIDetectMalware, VKontakteDJ adware, Unsafe, Yandex, Kryptik, VKontakteDJ, Detected, Eldorado, MALICIOUS) | ||
| md5 | 64f01094081e5214edde9d6d75fca1b5 | ||
| sha256 | 5861fcac5dcd75e856fb96a2f0563df56e321a4be2c420618763d0bf495700a0 | ||
| ssdeep | 3072:5WF1Sss2XaOvu+v7QC2mCAbtoJOBW0rArwrkut57cIrDjy6Hy7GKbY64IrHOF:5WF0+XaOvuyycWNrwrk6y70JIruF | ||
| imphash | 3659aa85396475816f25d6859b6b7920 | ||
| impfuzzy | 48:TI4udtu9OOmhoIQtrXfGlc+pXZogKnJ/fJsGZjjI:TItaIhQtrXfGlc+phUjsYQ | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 13 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
WTSAPI32.dll
0x4251ec WTSQuerySessionInformationW
0x4251f0 WTSFreeMemory
Secur32.dll
0x425180 LsaGetLogonSessionData
0x425184 LsaFreeReturnBuffer
0x425188 LsaEnumerateLogonSessions
KERNEL32.dll
0x42501c InterlockedDecrement
0x425020 WaitForSingleObject
0x425024 GetVersionExW
0x425028 Sleep
0x42502c GetLastError
0x425030 CloseHandle
0x425034 GetCurrentProcessId
0x425038 CreateProcessW
0x42503c GetExitCodeProcess
0x425040 HeapFree
0x425044 GetModuleFileNameW
0x425048 GetCurrentProcess
0x42504c FindClose
0x425050 DuplicateHandle
0x425054 MultiByteToWideChar
0x425058 OutputDebugStringW
0x42505c HeapAlloc
0x425060 GetProcessHeap
0x425064 WideCharToMultiByte
0x425068 SetEnvironmentVariableW
0x42506c GetCommandLineW
0x425070 SetHandleInformation
0x425074 SetStdHandle
0x425078 GetStdHandle
0x42507c WriteFile
0x425080 SetFilePointerEx
0x425084 FreeEnvironmentStringsW
0x425088 GetEnvironmentStringsW
0x42508c GetCommandLineA
0x425090 GetCPInfo
0x425094 GetOEMCP
0x425098 DecodePointer
0x42509c ReadConsoleW
0x4250a0 ReadFile
0x4250a4 SetEndOfFile
0x4250a8 HeapReAlloc
0x4250ac HeapSize
0x4250b0 GetModuleHandleExW
0x4250b4 ExitProcess
0x4250b8 LoadLibraryExW
0x4250bc GetACP
0x4250c0 GetProcAddress
0x4250c4 FreeLibrary
0x4250c8 TlsFree
0x4250cc TlsSetValue
0x4250d0 CreateFileW
0x4250d4 WriteConsoleW
0x4250d8 IsValidCodePage
0x4250dc FindNextFileW
0x4250e0 FindFirstFileExW
0x4250e4 TlsGetValue
0x4250e8 LCMapStringW
0x4250ec CompareStringW
0x4250f0 GetFileType
0x4250f4 GetStringTypeW
0x4250f8 GetConsoleMode
0x4250fc GetConsoleCP
0x425100 FlushFileBuffers
0x425104 LocalFree
0x425108 UnhandledExceptionFilter
0x42510c SetUnhandledExceptionFilter
0x425110 TerminateProcess
0x425114 IsProcessorFeaturePresent
0x425118 IsDebuggerPresent
0x42511c GetStartupInfoW
0x425120 GetModuleHandleW
0x425124 QueryPerformanceCounter
0x425128 GetCurrentThreadId
0x42512c GetSystemTimeAsFileTime
0x425130 InitializeSListHead
0x425134 EncodePointer
0x425138 RaiseException
0x42513c RtlUnwind
0x425140 SetLastError
0x425144 EnterCriticalSection
0x425148 LeaveCriticalSection
0x42514c DeleteCriticalSection
0x425150 InitializeCriticalSectionAndSpinCount
0x425154 TlsAlloc
USER32.dll
0x425190 CharLowerW
0x425194 wsprintfW
ADVAPI32.dll
0x425000 CopySid
0x425004 ConvertSidToStringSidW
0x425008 GetLengthSid
0x42500c LsaNtStatusToWinError
0x425010 OpenProcessToken
0x425014 GetTokenInformation
SHELL32.dll
0x425174 ShellExecuteExW
0x425178 SHCreateDirectoryExW
ole32.dll
0x4251f8 CoCreateInstance
0x4251fc CoUninitialize
0x425200 CoInitialize
0x425204 OleRun
OLEAUT32.dll
0x42515c VariantInit
0x425160 SysFreeString
0x425164 SysAllocString
0x425168 VariantClear
0x42516c GetErrorInfo
urlmon.dll
0x42520c URLOpenBlockingStreamW
WINTRUST.dll
0x4251ac WinVerifyTrust
WS2_32.dll
0x4251b4 WSAGetLastError
0x4251b8 htons
0x4251bc htonl
0x4251c0 recv
0x4251c4 connect
0x4251c8 socket
0x4251cc WSAStartup
0x4251d0 getaddrinfo
0x4251d4 shutdown
0x4251d8 closesocket
0x4251dc WSACleanup
0x4251e0 freeaddrinfo
0x4251e4 send
VERSION.dll
0x42519c GetFileVersionInfoW
0x4251a0 VerQueryValueW
0x4251a4 GetFileVersionInfoSizeW
EAT(Export Address Table) is none
WTSAPI32.dll
0x4251ec WTSQuerySessionInformationW
0x4251f0 WTSFreeMemory
Secur32.dll
0x425180 LsaGetLogonSessionData
0x425184 LsaFreeReturnBuffer
0x425188 LsaEnumerateLogonSessions
KERNEL32.dll
0x42501c InterlockedDecrement
0x425020 WaitForSingleObject
0x425024 GetVersionExW
0x425028 Sleep
0x42502c GetLastError
0x425030 CloseHandle
0x425034 GetCurrentProcessId
0x425038 CreateProcessW
0x42503c GetExitCodeProcess
0x425040 HeapFree
0x425044 GetModuleFileNameW
0x425048 GetCurrentProcess
0x42504c FindClose
0x425050 DuplicateHandle
0x425054 MultiByteToWideChar
0x425058 OutputDebugStringW
0x42505c HeapAlloc
0x425060 GetProcessHeap
0x425064 WideCharToMultiByte
0x425068 SetEnvironmentVariableW
0x42506c GetCommandLineW
0x425070 SetHandleInformation
0x425074 SetStdHandle
0x425078 GetStdHandle
0x42507c WriteFile
0x425080 SetFilePointerEx
0x425084 FreeEnvironmentStringsW
0x425088 GetEnvironmentStringsW
0x42508c GetCommandLineA
0x425090 GetCPInfo
0x425094 GetOEMCP
0x425098 DecodePointer
0x42509c ReadConsoleW
0x4250a0 ReadFile
0x4250a4 SetEndOfFile
0x4250a8 HeapReAlloc
0x4250ac HeapSize
0x4250b0 GetModuleHandleExW
0x4250b4 ExitProcess
0x4250b8 LoadLibraryExW
0x4250bc GetACP
0x4250c0 GetProcAddress
0x4250c4 FreeLibrary
0x4250c8 TlsFree
0x4250cc TlsSetValue
0x4250d0 CreateFileW
0x4250d4 WriteConsoleW
0x4250d8 IsValidCodePage
0x4250dc FindNextFileW
0x4250e0 FindFirstFileExW
0x4250e4 TlsGetValue
0x4250e8 LCMapStringW
0x4250ec CompareStringW
0x4250f0 GetFileType
0x4250f4 GetStringTypeW
0x4250f8 GetConsoleMode
0x4250fc GetConsoleCP
0x425100 FlushFileBuffers
0x425104 LocalFree
0x425108 UnhandledExceptionFilter
0x42510c SetUnhandledExceptionFilter
0x425110 TerminateProcess
0x425114 IsProcessorFeaturePresent
0x425118 IsDebuggerPresent
0x42511c GetStartupInfoW
0x425120 GetModuleHandleW
0x425124 QueryPerformanceCounter
0x425128 GetCurrentThreadId
0x42512c GetSystemTimeAsFileTime
0x425130 InitializeSListHead
0x425134 EncodePointer
0x425138 RaiseException
0x42513c RtlUnwind
0x425140 SetLastError
0x425144 EnterCriticalSection
0x425148 LeaveCriticalSection
0x42514c DeleteCriticalSection
0x425150 InitializeCriticalSectionAndSpinCount
0x425154 TlsAlloc
USER32.dll
0x425190 CharLowerW
0x425194 wsprintfW
ADVAPI32.dll
0x425000 CopySid
0x425004 ConvertSidToStringSidW
0x425008 GetLengthSid
0x42500c LsaNtStatusToWinError
0x425010 OpenProcessToken
0x425014 GetTokenInformation
SHELL32.dll
0x425174 ShellExecuteExW
0x425178 SHCreateDirectoryExW
ole32.dll
0x4251f8 CoCreateInstance
0x4251fc CoUninitialize
0x425200 CoInitialize
0x425204 OleRun
OLEAUT32.dll
0x42515c VariantInit
0x425160 SysFreeString
0x425164 SysAllocString
0x425168 VariantClear
0x42516c GetErrorInfo
urlmon.dll
0x42520c URLOpenBlockingStreamW
WINTRUST.dll
0x4251ac WinVerifyTrust
WS2_32.dll
0x4251b4 WSAGetLastError
0x4251b8 htons
0x4251bc htonl
0x4251c0 recv
0x4251c4 connect
0x4251c8 socket
0x4251cc WSAStartup
0x4251d0 getaddrinfo
0x4251d4 shutdown
0x4251d8 closesocket
0x4251dc WSACleanup
0x4251e0 freeaddrinfo
0x4251e4 send
VERSION.dll
0x42519c GetFileVersionInfoW
0x4251a0 VerQueryValueW
0x4251a4 GetFileVersionInfoSizeW
EAT(Export Address Table) is none