ScreenShot
| Created | 2024.09.03 09:04 | Machine | s1_win7_x6401 |
| Filename | EvolutInjector.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 25 detected (AIDetectMalware, malicious, moderate confidence, Unsafe, Vtbt, Attribute, HighConfidence, Generic ML PUA, Shelma, Detected, Possiblethreat, BScope, Khalesi, Xegumumune, susgen, confidence) | ||
| md5 | 34563cc2fcd4e6e5b0063cbc0ffce9c1 | ||
| sha256 | bbb81a7571c503d859b2150c7741ac69b3308ad494a897d93cc0d0b371b7b5f1 | ||
| ssdeep | 768:FgwqURSuG6CU8ny0g7vkMHdF2vaIw39W62Do9wGd/7:6oSuH8ny04HyvaIi9r9w | ||
| imphash | 31c1dfad666d3014f181289ffa32ae76 | ||
| impfuzzy | 96:WkDwCS1R1X8+L/kUT0btqpzUayo7tcOoml0qXdVEvcT98iCNmlEr+utKV:7z9UycBXd0C8p+utKV | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 25 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Foreign language identified in PE resource |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x406010 CreateToolhelp32Snapshot
0x406014 CreateEventW
0x406018 GetLastError
0x40601c Process32NextW
0x406020 K32GetModuleBaseNameW
0x406024 Process32FirstW
0x406028 CloseHandle
0x40602c GetCurrentDirectoryW
0x406030 OpenProcess
0x406034 VirtualAllocEx
0x406038 SystemTimeToFileTime
0x40603c GetModuleHandleW
0x406040 K32EnumProcessModules
0x406044 GetSystemTime
0x406048 VirtualFreeEx
0x40604c GetProcessTimes
0x406050 SetUnhandledExceptionFilter
0x406054 WaitForSingleObject
0x406058 GetCurrentProcess
0x40605c GetProcAddress
0x406060 WriteProcessMemory
0x406064 TerminateProcess
0x406068 IsProcessorFeaturePresent
0x40606c IsDebuggerPresent
0x406070 QueryPerformanceCounter
0x406074 GetCurrentProcessId
0x406078 GetCurrentThreadId
0x40607c GetSystemTimeAsFileTime
0x406080 InitializeSListHead
0x406084 UnhandledExceptionFilter
ADVAPI32.dll
0x406000 AdjustTokenPrivileges
0x406004 OpenProcessToken
0x406008 LookupPrivilegeValueW
MSVCP140.dll
0x40608c _Query_perf_counter
0x406090 _Xtime_get_ticks
0x406094 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
0x406098 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
0x40609c ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
0x4060a0 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
0x4060a4 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
0x4060a8 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
0x4060ac ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
0x4060b0 ?_Xlength_error@std@@YAXPBD@Z
0x4060b4 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
0x4060b8 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
0x4060bc ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
0x4060c0 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
0x4060c4 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
0x4060c8 ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x4060cc ?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
0x4060d0 ?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
0x4060d4 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
0x4060d8 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
0x4060dc ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
0x4060e0 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
0x4060e4 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
0x4060e8 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
0x4060ec ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
0x4060f0 ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
0x4060f4 ?always_noconv@codecvt_base@std@@QBE_NXZ
0x4060f8 ??Bid@locale@std@@QAEIXZ
0x4060fc ?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
0x406100 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x406104 ?uncaught_exception@std@@YA_NXZ
0x406108 ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
0x40610c ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x406110 ??0_Lockit@std@@QAE@H@Z
0x406114 ??1_Lockit@std@@QAE@XZ
0x406118 _Query_perf_frequency
0x40611c _Thrd_sleep
0x406120 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
ntdll.dll
0x406218 NtCreateThreadEx
VCRUNTIME140.dll
0x406128 memset
0x40612c memmove
0x406130 memcpy
0x406134 _except_handler4_common
0x406138 __CxxFrameHandler3
0x40613c __current_exception_context
0x406140 __current_exception
0x406144 __std_exception_destroy
0x406148 __std_exception_copy
0x40614c __std_terminate
0x406150 _CxxThrowException
api-ms-win-crt-stdio-l1-1-0.dll
0x4061dc _get_stream_buffer_pointers
0x4061e0 __p__commode
0x4061e4 _set_fmode
0x4061e8 _fseeki64
0x4061ec fread
0x4061f0 fsetpos
0x4061f4 ungetc
0x4061f8 setvbuf
0x4061fc fgetpos
0x406200 fwrite
0x406204 fgetc
0x406208 fputc
0x40620c fflush
0x406210 fclose
api-ms-win-crt-filesystem-l1-1-0.dll
0x406158 _unlock_file
0x40615c _lock_file
api-ms-win-crt-runtime-l1-1-0.dll
0x406188 _cexit
0x40618c _seh_filter_exe
0x406190 _set_app_type
0x406194 _get_initial_narrow_environment
0x406198 _initterm
0x40619c _register_onexit_function
0x4061a0 exit
0x4061a4 _exit
0x4061a8 _invalid_parameter_noinfo_noreturn
0x4061ac __p___argc
0x4061b0 __p___argv
0x4061b4 _c_exit
0x4061b8 _register_thread_local_exe_atexit_callback
0x4061bc _initialize_onexit_table
0x4061c0 _initialize_narrow_environment
0x4061c4 _crt_atexit
0x4061c8 terminate
0x4061cc _configure_narrow_argv
0x4061d0 _controlfp_s
0x4061d4 _initterm_e
api-ms-win-crt-heap-l1-1-0.dll
0x406164 _callnewh
0x406168 malloc
0x40616c free
0x406170 _set_new_mode
api-ms-win-crt-math-l1-1-0.dll
0x406180 __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll
0x406178 _configthreadlocale
EAT(Export Address Table) is none
KERNEL32.dll
0x406010 CreateToolhelp32Snapshot
0x406014 CreateEventW
0x406018 GetLastError
0x40601c Process32NextW
0x406020 K32GetModuleBaseNameW
0x406024 Process32FirstW
0x406028 CloseHandle
0x40602c GetCurrentDirectoryW
0x406030 OpenProcess
0x406034 VirtualAllocEx
0x406038 SystemTimeToFileTime
0x40603c GetModuleHandleW
0x406040 K32EnumProcessModules
0x406044 GetSystemTime
0x406048 VirtualFreeEx
0x40604c GetProcessTimes
0x406050 SetUnhandledExceptionFilter
0x406054 WaitForSingleObject
0x406058 GetCurrentProcess
0x40605c GetProcAddress
0x406060 WriteProcessMemory
0x406064 TerminateProcess
0x406068 IsProcessorFeaturePresent
0x40606c IsDebuggerPresent
0x406070 QueryPerformanceCounter
0x406074 GetCurrentProcessId
0x406078 GetCurrentThreadId
0x40607c GetSystemTimeAsFileTime
0x406080 InitializeSListHead
0x406084 UnhandledExceptionFilter
ADVAPI32.dll
0x406000 AdjustTokenPrivileges
0x406004 OpenProcessToken
0x406008 LookupPrivilegeValueW
MSVCP140.dll
0x40608c _Query_perf_counter
0x406090 _Xtime_get_ticks
0x406094 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
0x406098 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
0x40609c ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
0x4060a0 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
0x4060a4 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
0x4060a8 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
0x4060ac ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
0x4060b0 ?_Xlength_error@std@@YAXPBD@Z
0x4060b4 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
0x4060b8 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
0x4060bc ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
0x4060c0 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
0x4060c4 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
0x4060c8 ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x4060cc ?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
0x4060d0 ?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
0x4060d4 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
0x4060d8 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
0x4060dc ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
0x4060e0 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
0x4060e4 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
0x4060e8 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
0x4060ec ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
0x4060f0 ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
0x4060f4 ?always_noconv@codecvt_base@std@@QBE_NXZ
0x4060f8 ??Bid@locale@std@@QAEIXZ
0x4060fc ?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
0x406100 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x406104 ?uncaught_exception@std@@YA_NXZ
0x406108 ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
0x40610c ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x406110 ??0_Lockit@std@@QAE@H@Z
0x406114 ??1_Lockit@std@@QAE@XZ
0x406118 _Query_perf_frequency
0x40611c _Thrd_sleep
0x406120 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
ntdll.dll
0x406218 NtCreateThreadEx
VCRUNTIME140.dll
0x406128 memset
0x40612c memmove
0x406130 memcpy
0x406134 _except_handler4_common
0x406138 __CxxFrameHandler3
0x40613c __current_exception_context
0x406140 __current_exception
0x406144 __std_exception_destroy
0x406148 __std_exception_copy
0x40614c __std_terminate
0x406150 _CxxThrowException
api-ms-win-crt-stdio-l1-1-0.dll
0x4061dc _get_stream_buffer_pointers
0x4061e0 __p__commode
0x4061e4 _set_fmode
0x4061e8 _fseeki64
0x4061ec fread
0x4061f0 fsetpos
0x4061f4 ungetc
0x4061f8 setvbuf
0x4061fc fgetpos
0x406200 fwrite
0x406204 fgetc
0x406208 fputc
0x40620c fflush
0x406210 fclose
api-ms-win-crt-filesystem-l1-1-0.dll
0x406158 _unlock_file
0x40615c _lock_file
api-ms-win-crt-runtime-l1-1-0.dll
0x406188 _cexit
0x40618c _seh_filter_exe
0x406190 _set_app_type
0x406194 _get_initial_narrow_environment
0x406198 _initterm
0x40619c _register_onexit_function
0x4061a0 exit
0x4061a4 _exit
0x4061a8 _invalid_parameter_noinfo_noreturn
0x4061ac __p___argc
0x4061b0 __p___argv
0x4061b4 _c_exit
0x4061b8 _register_thread_local_exe_atexit_callback
0x4061bc _initialize_onexit_table
0x4061c0 _initialize_narrow_environment
0x4061c4 _crt_atexit
0x4061c8 terminate
0x4061cc _configure_narrow_argv
0x4061d0 _controlfp_s
0x4061d4 _initterm_e
api-ms-win-crt-heap-l1-1-0.dll
0x406164 _callnewh
0x406168 malloc
0x40616c free
0x406170 _set_new_mode
api-ms-win-crt-math-l1-1-0.dll
0x406180 __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll
0x406178 _configthreadlocale
EAT(Export Address Table) is none