ScreenShot
| Created | 2024.09.05 15:28 | Machine | s1_win7_x6401 |
| Filename | data64_6.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 42 detected (malicious, high confidence, score, GenericKD, Qshell, Unsafe, ABTrojan, KBGH, ERRT, Uztuby, Qakbot, Malware@#38nu78dxwzs3d, R01FC0DET22, Artemis, AGEN, kcloud, Runner, Ebqr, ai score=80, susgen, Genetic, confidence, 100%) | ||
| md5 | 87953bdf18ba88061cf28ad17116b56f | ||
| sha256 | 9ad06b0e000800a33d381949658dbd0bfd7c7f1025aa5c81621b55f2f69a7a3f | ||
| ssdeep | 49152:q2B3FBfJXAEYFutJhzl6NNd5b6tvkn0dqw6CK24/L6W:q2B3FBfKEWocx+40+bTj | ||
| imphash | 8066c16c838a608909d3b67f238a0b60 | ||
| impfuzzy | 48:J9HO/UpQR6XF9rfc+CX186XKY2cBtDXMun0sFi:J51pQR6XF9fc+CX180HBBtDXMunpFi | ||
Network IP location
Signature (10cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 42 AntiVirus engines on VirusTotal as malicious |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates a suspicious process |
| notice | Drops an executable to the user AppData folder |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Yara rule detected in process memory |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (22cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | anti_dbg | Checks if being debugged | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x435000 GetLastError
0x435004 SetLastError
0x435008 FormatMessageW
0x43500c CreateDirectoryW
0x435010 CreateFileW
0x435014 DeleteFileW
0x435018 RemoveDirectoryW
0x43501c SetFileTime
0x435020 CloseHandle
0x435024 DeviceIoControl
0x435028 GetCurrentProcess
0x43502c CreateHardLinkW
0x435030 GetLongPathNameW
0x435034 GetShortPathNameW
0x435038 MoveFileW
0x43503c GetStdHandle
0x435040 FlushFileBuffers
0x435044 GetFileType
0x435048 ReadFile
0x43504c SetEndOfFile
0x435050 SetFilePointer
0x435054 WriteFile
0x435058 GetFileAttributesW
0x43505c SetFileAttributesW
0x435060 FindClose
0x435064 FindFirstFileW
0x435068 FindNextFileW
0x43506c GetVersionExW
0x435070 GetCurrentDirectoryW
0x435074 GetFullPathNameW
0x435078 FoldStringW
0x43507c GetModuleFileNameW
0x435080 GetModuleHandleW
0x435084 FindResourceW
0x435088 GetCurrentProcessId
0x43508c FreeLibrary
0x435090 GetProcAddress
0x435094 Sleep
0x435098 ExitProcess
0x43509c GetSystemDirectoryW
0x4350a0 LoadLibraryW
0x4350a4 SetThreadExecutionState
0x4350a8 CompareStringW
0x4350ac AllocConsole
0x4350b0 FreeConsole
0x4350b4 AttachConsole
0x4350b8 WriteConsoleW
0x4350bc InitializeCriticalSection
0x4350c0 EnterCriticalSection
0x4350c4 LeaveCriticalSection
0x4350c8 DeleteCriticalSection
0x4350cc SetEvent
0x4350d0 ResetEvent
0x4350d4 ReleaseSemaphore
0x4350d8 WaitForSingleObject
0x4350dc CreateEventW
0x4350e0 CreateSemaphoreW
0x4350e4 CreateThread
0x4350e8 SetThreadPriority
0x4350ec GetProcessAffinityMask
0x4350f0 FileTimeToLocalFileTime
0x4350f4 LocalFileTimeToFileTime
0x4350f8 GetSystemTime
0x4350fc SystemTimeToTzSpecificLocalTime
0x435100 TzSpecificLocalTimeToSystemTime
0x435104 FileTimeToSystemTime
0x435108 SystemTimeToFileTime
0x43510c MultiByteToWideChar
0x435110 WideCharToMultiByte
0x435114 GetCPInfo
0x435118 IsDBCSLeadByte
0x43511c GlobalAlloc
0x435120 SetCurrentDirectoryW
0x435124 LoadResource
0x435128 LockResource
0x43512c SizeofResource
0x435130 GlobalUnlock
0x435134 GlobalLock
0x435138 GlobalFree
0x43513c GetCommandLineW
0x435140 SetEnvironmentVariableW
0x435144 ExpandEnvironmentStringsW
0x435148 GetTempPathW
0x43514c GetExitCodeProcess
0x435150 GetLocalTime
0x435154 GetTickCount
0x435158 CreateFileMappingW
0x43515c OpenFileMappingW
0x435160 MapViewOfFile
0x435164 UnmapViewOfFile
0x435168 MoveFileExW
0x43516c GetDateFormatW
0x435170 GetTimeFormatW
0x435174 GetLocaleInfoW
0x435178 GetNumberFormatW
0x43517c GetConsoleMode
0x435180 GetConsoleOutputCP
0x435184 HeapSize
0x435188 SetFilePointerEx
0x43518c GetStringTypeW
0x435190 SetStdHandle
0x435194 GetProcessHeap
0x435198 RaiseException
0x43519c GetSystemInfo
0x4351a0 VirtualProtect
0x4351a4 VirtualQuery
0x4351a8 LoadLibraryExA
0x4351ac IsProcessorFeaturePresent
0x4351b0 IsDebuggerPresent
0x4351b4 UnhandledExceptionFilter
0x4351b8 SetUnhandledExceptionFilter
0x4351bc GetStartupInfoW
0x4351c0 QueryPerformanceCounter
0x4351c4 GetCurrentThreadId
0x4351c8 GetSystemTimeAsFileTime
0x4351cc InitializeSListHead
0x4351d0 TerminateProcess
0x4351d4 RtlUnwind
0x4351d8 EncodePointer
0x4351dc InitializeCriticalSectionAndSpinCount
0x4351e0 TlsAlloc
0x4351e4 TlsGetValue
0x4351e8 TlsSetValue
0x4351ec TlsFree
0x4351f0 LoadLibraryExW
0x4351f4 QueryPerformanceFrequency
0x4351f8 GetModuleHandleExW
0x4351fc HeapFree
0x435200 HeapAlloc
0x435204 HeapReAlloc
0x435208 FindFirstFileExW
0x43520c IsValidCodePage
0x435210 GetACP
0x435214 GetOEMCP
0x435218 GetCommandLineA
0x43521c GetEnvironmentStringsW
0x435220 FreeEnvironmentStringsW
0x435224 LCMapStringW
0x435228 DecodePointer
gdiplus.dll
0x435230 GdiplusStartup
0x435234 GdipCreateHBITMAPFromBitmap
0x435238 GdipCreateBitmapFromStreamICM
0x43523c GdiplusShutdown
0x435240 GdipCreateBitmapFromStream
0x435244 GdipDisposeImage
0x435248 GdipCloneImage
0x43524c GdipFree
0x435250 GdipAlloc
EAT(Export Address Table) Library
KERNEL32.dll
0x435000 GetLastError
0x435004 SetLastError
0x435008 FormatMessageW
0x43500c CreateDirectoryW
0x435010 CreateFileW
0x435014 DeleteFileW
0x435018 RemoveDirectoryW
0x43501c SetFileTime
0x435020 CloseHandle
0x435024 DeviceIoControl
0x435028 GetCurrentProcess
0x43502c CreateHardLinkW
0x435030 GetLongPathNameW
0x435034 GetShortPathNameW
0x435038 MoveFileW
0x43503c GetStdHandle
0x435040 FlushFileBuffers
0x435044 GetFileType
0x435048 ReadFile
0x43504c SetEndOfFile
0x435050 SetFilePointer
0x435054 WriteFile
0x435058 GetFileAttributesW
0x43505c SetFileAttributesW
0x435060 FindClose
0x435064 FindFirstFileW
0x435068 FindNextFileW
0x43506c GetVersionExW
0x435070 GetCurrentDirectoryW
0x435074 GetFullPathNameW
0x435078 FoldStringW
0x43507c GetModuleFileNameW
0x435080 GetModuleHandleW
0x435084 FindResourceW
0x435088 GetCurrentProcessId
0x43508c FreeLibrary
0x435090 GetProcAddress
0x435094 Sleep
0x435098 ExitProcess
0x43509c GetSystemDirectoryW
0x4350a0 LoadLibraryW
0x4350a4 SetThreadExecutionState
0x4350a8 CompareStringW
0x4350ac AllocConsole
0x4350b0 FreeConsole
0x4350b4 AttachConsole
0x4350b8 WriteConsoleW
0x4350bc InitializeCriticalSection
0x4350c0 EnterCriticalSection
0x4350c4 LeaveCriticalSection
0x4350c8 DeleteCriticalSection
0x4350cc SetEvent
0x4350d0 ResetEvent
0x4350d4 ReleaseSemaphore
0x4350d8 WaitForSingleObject
0x4350dc CreateEventW
0x4350e0 CreateSemaphoreW
0x4350e4 CreateThread
0x4350e8 SetThreadPriority
0x4350ec GetProcessAffinityMask
0x4350f0 FileTimeToLocalFileTime
0x4350f4 LocalFileTimeToFileTime
0x4350f8 GetSystemTime
0x4350fc SystemTimeToTzSpecificLocalTime
0x435100 TzSpecificLocalTimeToSystemTime
0x435104 FileTimeToSystemTime
0x435108 SystemTimeToFileTime
0x43510c MultiByteToWideChar
0x435110 WideCharToMultiByte
0x435114 GetCPInfo
0x435118 IsDBCSLeadByte
0x43511c GlobalAlloc
0x435120 SetCurrentDirectoryW
0x435124 LoadResource
0x435128 LockResource
0x43512c SizeofResource
0x435130 GlobalUnlock
0x435134 GlobalLock
0x435138 GlobalFree
0x43513c GetCommandLineW
0x435140 SetEnvironmentVariableW
0x435144 ExpandEnvironmentStringsW
0x435148 GetTempPathW
0x43514c GetExitCodeProcess
0x435150 GetLocalTime
0x435154 GetTickCount
0x435158 CreateFileMappingW
0x43515c OpenFileMappingW
0x435160 MapViewOfFile
0x435164 UnmapViewOfFile
0x435168 MoveFileExW
0x43516c GetDateFormatW
0x435170 GetTimeFormatW
0x435174 GetLocaleInfoW
0x435178 GetNumberFormatW
0x43517c GetConsoleMode
0x435180 GetConsoleOutputCP
0x435184 HeapSize
0x435188 SetFilePointerEx
0x43518c GetStringTypeW
0x435190 SetStdHandle
0x435194 GetProcessHeap
0x435198 RaiseException
0x43519c GetSystemInfo
0x4351a0 VirtualProtect
0x4351a4 VirtualQuery
0x4351a8 LoadLibraryExA
0x4351ac IsProcessorFeaturePresent
0x4351b0 IsDebuggerPresent
0x4351b4 UnhandledExceptionFilter
0x4351b8 SetUnhandledExceptionFilter
0x4351bc GetStartupInfoW
0x4351c0 QueryPerformanceCounter
0x4351c4 GetCurrentThreadId
0x4351c8 GetSystemTimeAsFileTime
0x4351cc InitializeSListHead
0x4351d0 TerminateProcess
0x4351d4 RtlUnwind
0x4351d8 EncodePointer
0x4351dc InitializeCriticalSectionAndSpinCount
0x4351e0 TlsAlloc
0x4351e4 TlsGetValue
0x4351e8 TlsSetValue
0x4351ec TlsFree
0x4351f0 LoadLibraryExW
0x4351f4 QueryPerformanceFrequency
0x4351f8 GetModuleHandleExW
0x4351fc HeapFree
0x435200 HeapAlloc
0x435204 HeapReAlloc
0x435208 FindFirstFileExW
0x43520c IsValidCodePage
0x435210 GetACP
0x435214 GetOEMCP
0x435218 GetCommandLineA
0x43521c GetEnvironmentStringsW
0x435220 FreeEnvironmentStringsW
0x435224 LCMapStringW
0x435228 DecodePointer
gdiplus.dll
0x435230 GdiplusStartup
0x435234 GdipCreateHBITMAPFromBitmap
0x435238 GdipCreateBitmapFromStreamICM
0x43523c GdiplusShutdown
0x435240 GdipCreateBitmapFromStream
0x435244 GdipDisposeImage
0x435248 GdipCloneImage
0x43524c GdipFree
0x435250 GdipAlloc
EAT(Export Address Table) Library