Report - Launcher.exe

UPX PE File PE64 OS Processor Check
ScreenShot
Created 2024.09.03 09:34 Machine s1_win7_x6403
Filename Launcher.exe
Type PE32+ executable (console) x86-64, for MS Windows
AI Score
6
Behavior Score
1.2
ZERO API file : malware
VT API (file) 55 detected (AIDetectMalware, ShellcodeRunner, malicious, high confidence, score, Artemis, Unsafe, Zusy, Vzbk, Attribute, HighConfidence, HacktoolX, dhhal, GNzgW5uk77Q, Swrort, kudvo, R002C0DE824, moderate, gouuf, Detected, ai score=86, ASDF, Eldorado, R641641, Runner, GdSda, Gencirc, Vfi+PqJ7IWE, ShellLoader, susgen, confidence)
md5 8e9d1161d84aa416108c23f8d457a633
sha256 b9b78b3ca1860242e9cd9294e5e2d63a637e0b086b1e30dfad31c1080ed14ed6
ssdeep 384:IuPJRlNhSP00zehDBG41lI3Vf4f1s/3YP1D23NWqd:pPJRlNhSP00AdhIB4ffPc3cq
imphash 2c2c290b31d72b5de180c9426897666e
impfuzzy 48:XzUvvLFpBS1tARAONQ9clsQVwQSLFcjM8BBTBSA:QvvLFpBS1fONQ9clDjM8dV
  Network IP location

Signature (1cnts)

Level Description
danger File has been identified by 55 AntiVirus engines on VirusTotal as malicious

Rules (4cnts)

Level Name Description Collection
watch UPX_Zero UPX packed file binaries (upload)
info IsPE64 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x140004010 CloseHandle
 0x140004018 GetFileSize
 0x140004020 WriteProcessMemory
 0x140004028 RtlAddFunctionTable
 0x140004030 Sleep
 0x140004038 GetLastError
 0x140004040 LoadLibraryA
 0x140004048 VirtualProtectEx
 0x140004050 GetProcAddress
 0x140004058 VirtualAllocEx
 0x140004060 ReadProcessMemory
 0x140004068 CreateFileA
 0x140004070 VirtualFreeEx
 0x140004078 GetExitCodeProcess
 0x140004080 TerminateProcess
 0x140004088 GetCurrentDirectoryA
 0x140004090 ResumeThread
 0x140004098 SetCurrentDirectoryA
 0x1400040a0 WritePrivateProfileStringA
 0x1400040a8 CreateProcessA
 0x1400040b0 GetPrivateProfileStringA
 0x1400040b8 RtlLookupFunctionEntry
 0x1400040c0 RtlVirtualUnwind
 0x1400040c8 UnhandledExceptionFilter
 0x1400040d0 CreateRemoteThread
 0x1400040d8 ReadFile
 0x1400040e0 SetUnhandledExceptionFilter
 0x1400040e8 RtlCaptureContext
 0x1400040f0 GetCurrentProcess
 0x1400040f8 IsProcessorFeaturePresent
 0x140004100 QueryPerformanceCounter
 0x140004108 GetCurrentProcessId
 0x140004110 GetCurrentThreadId
 0x140004118 GetSystemTimeAsFileTime
 0x140004120 InitializeSListHead
 0x140004128 IsDebuggerPresent
 0x140004130 GetModuleHandleW
USER32.dll
 0x140004160 FindWindowA
COMDLG32.dll
 0x140004000 GetOpenFileNameA
MSVCP140.dll
 0x140004140 ?_Xlength_error@std@@YAXPEBD@Z
SHLWAPI.dll
 0x140004150 PathRemoveFileSpecA
VCRUNTIME140.dll
 0x140004170 __current_exception
 0x140004178 __std_exception_copy
 0x140004180 memmove
 0x140004188 _CxxThrowException
 0x140004190 memset
 0x140004198 __C_specific_handler
 0x1400041a0 __std_exception_destroy
 0x1400041a8 memcpy
 0x1400041b0 __current_exception_context
VCRUNTIME140_1.dll
 0x1400041c0 __CxxFrameHandler4
api-ms-win-crt-stdio-l1-1-0.dll
 0x1400042c0 __stdio_common_vfprintf
 0x1400042c8 __acrt_iob_func
 0x1400042d0 _set_fmode
 0x1400042d8 __p__commode
api-ms-win-crt-heap-l1-1-0.dll
 0x1400041d0 malloc
 0x1400041d8 free
 0x1400041e0 _set_new_mode
 0x1400041e8 _callnewh
api-ms-win-crt-runtime-l1-1-0.dll
 0x140004218 _initterm_e
 0x140004220 _initialize_onexit_table
 0x140004228 _register_onexit_function
 0x140004230 _crt_atexit
 0x140004238 _register_thread_local_exe_atexit_callback
 0x140004240 exit
 0x140004248 __p___argv
 0x140004250 _exit
 0x140004258 system
 0x140004260 _cexit
 0x140004268 _c_exit
 0x140004270 _get_initial_narrow_environment
 0x140004278 _initialize_narrow_environment
 0x140004280 _configure_narrow_argv
 0x140004288 terminate
 0x140004290 _set_app_type
 0x140004298 _seh_filter_exe
 0x1400042a0 __p___argc
 0x1400042a8 _invalid_parameter_noinfo_noreturn
 0x1400042b0 _initterm
api-ms-win-crt-string-l1-1-0.dll
 0x1400042e8 strcat_s
api-ms-win-crt-math-l1-1-0.dll
 0x140004208 __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll
 0x1400041f8 _configthreadlocale

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure