ScreenShot
| Created | 2024.09.09 10:12 | Machine | s1_win7_x6403 |
| Filename | pclient.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 12 detected (AIDetectMalware, malicious, high confidence, Unsafe, Detected, Wacapew, confidence) | ||
| md5 | 54d967f9eb61177beabd0c5c826fd4c6 | ||
| sha256 | 5b9481d9022b0efcaed04513d338048de4aa3e1328bacc0966486ef322c0d086 | ||
| ssdeep | 24576:OUcMeKNytFmNmR/j9mPRVTdIwGptlLjBfmnAtOeiy:OUxeKAtMNIEVEnF98y | ||
| imphash | 49403c7fa5940d83b3c1972c644d5f4b | ||
| impfuzzy | 96:mgcyecfQ+Ly8vyUFfCijawCmJ7H4qt+5thiYvlk:mJT0fCijagJT4qt+5a | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 12 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1401be070 GetProcessHeap
0x1401be078 LCMapStringW
0x1401be080 FlsFree
0x1401be088 FlsSetValue
0x1401be090 FlsGetValue
0x1401be098 FlsAlloc
0x1401be0a0 GetStringTypeW
0x1401be0a8 GetFileType
0x1401be0b0 SetStdHandle
0x1401be0b8 FreeEnvironmentStringsW
0x1401be0c0 GetEnvironmentStringsW
0x1401be0c8 WideCharToMultiByte
0x1401be0d0 MultiByteToWideChar
0x1401be0d8 GetCommandLineW
0x1401be0e0 GetCommandLineA
0x1401be0e8 GetCPInfo
0x1401be0f0 GetOEMCP
0x1401be0f8 GetACP
0x1401be100 IsValidCodePage
0x1401be108 FindNextFileW
0x1401be110 FindFirstFileExW
0x1401be118 FindClose
0x1401be120 HeapFree
0x1401be128 HeapAlloc
0x1401be130 GetModuleHandleExW
0x1401be138 TerminateProcess
0x1401be140 HeapSize
0x1401be148 GetCurrentProcess
0x1401be150 GetModuleFileNameW
0x1401be158 WriteFile
0x1401be160 GetStdHandle
0x1401be168 RtlPcToFileHeader
0x1401be170 RaiseException
0x1401be178 EncodePointer
0x1401be180 LoadLibraryExW
0x1401be188 GetProcAddress
0x1401be190 FreeLibrary
0x1401be198 TlsFree
0x1401be1a0 TlsSetValue
0x1401be1a8 TlsGetValue
0x1401be1b0 TlsAlloc
0x1401be1b8 InitializeCriticalSectionAndSpinCount
0x1401be1c0 DeleteCriticalSection
0x1401be1c8 LeaveCriticalSection
0x1401be1d0 EnterCriticalSection
0x1401be1d8 SetLastError
0x1401be1e0 GetLastError
0x1401be1e8 RtlUnwindEx
0x1401be1f0 GetModuleHandleW
0x1401be1f8 IsProcessorFeaturePresent
0x1401be200 GetStartupInfoW
0x1401be208 SetUnhandledExceptionFilter
0x1401be210 UnhandledExceptionFilter
0x1401be218 IsDebuggerPresent
0x1401be220 RtlVirtualUnwind
0x1401be228 RtlLookupFunctionEntry
0x1401be230 RtlCaptureContext
0x1401be238 InitializeSListHead
0x1401be240 GetSystemTimeAsFileTime
0x1401be248 GetCurrentThreadId
0x1401be250 GetCurrentProcessId
0x1401be258 QueryPerformanceCounter
0x1401be260 HeapReAlloc
0x1401be268 FlushFileBuffers
0x1401be270 GetConsoleOutputCP
0x1401be278 GetConsoleMode
0x1401be280 SetFilePointerEx
0x1401be288 CreateFileW
0x1401be290 CloseHandle
0x1401be298 WriteConsoleW
0x1401be2a0 ExitProcess
0x1401be2a8 GetModuleHandleA
USER32.dll
0x1401be408 UpdateLayeredWindow
0x1401be410 AnimateWindow
0x1401be418 ShowWindow
0x1401be420 GetClassInfoExA
0x1401be428 CallWindowProcA
0x1401be430 DefWindowProcA
0x1401be438 DrawCaption
0x1401be440 GetMouseMovePointsEx
0x1401be448 ToUnicodeEx
0x1401be450 SetLayeredWindowAttributes
0x1401be458 ShowWindowAsync
0x1401be460 GetWindowPlacement
0x1401be468 DeferWindowPos
0x1401be470 GetClipboardSequenceNumber
0x1401be478 GetClipboardViewer
0x1401be480 EmptyClipboard
0x1401be488 IsClipboardFormatAvailable
0x1401be490 GetPriorityClipboardFormat
0x1401be498 GetOpenClipboardWindow
0x1401be4a0 CharToOemBuffA
0x1401be4a8 CharNextExA
0x1401be4b0 CharPrevExA
0x1401be4b8 IsCharAlphaNumericA
0x1401be4c0 GetAltTabInfoA
0x1401be4c8 RealGetWindowClassA
0x1401be4d0 GetComboBoxInfo
0x1401be4d8 GetWindowModuleFileNameA
0x1401be4e0 ChangeDisplaySettingsExA
0x1401be4e8 TileWindows
0x1401be4f0 DlgDirSelectExA
0x1401be4f8 GetIconInfo
0x1401be500 DrawIconEx
0x1401be508 CheckMenuRadioItem
0x1401be510 IsGUIThread
0x1401be518 GetParent
0x1401be520 GetClassLongA
0x1401be528 SetClassWord
0x1401be530 SetWindowLongA
0x1401be538 PtInRect
0x1401be540 SubtractRect
0x1401be548 SetRect
0x1401be550 SetSysColors
0x1401be558 MapWindowPoints
0x1401be560 ScreenToClient
0x1401be568 SetCaretBlinkTime
0x1401be570 SetCursorPos
0x1401be578 MessageBoxIndirectA
0x1401be580 AdjustWindowRect
0x1401be588 EnumPropsExA
0x1401be590 ShowScrollBar
0x1401be598 ScrollWindow
0x1401be5a0 LockWindowUpdate
0x1401be5a8 ValidateRgn
0x1401be5b0 InvalidateRgn
0x1401be5b8 GetWindowRgnBox
0x1401be5c0 GetWindowDC
0x1401be5c8 GetDC
0x1401be5d0 WindowFromDC
0x1401be5d8 PaintDesktop
0x1401be5e0 MenuItemFromPoint
0x1401be5e8 SetMenuDefaultItem
0x1401be5f0 SetMenuItemInfoA
0x1401be5f8 TrackPopupMenu
0x1401be600 ModifyMenuA
0x1401be608 GetMenuItemID
0x1401be610 GetSubMenu
0x1401be618 GetMenuStringA
0x1401be620 IsWindowEnabled
0x1401be628 EnableWindow
0x1401be630 IsWindowUnicode
0x1401be638 GetCapture
0x1401be640 VkKeyScanA
0x1401be648 ToAscii
0x1401be650 GetKeyboardState
0x1401be658 GetKeyState
0x1401be660 GetActiveWindow
WINSPOOL.DRV
0x1401be670 ResetPrinterA
0x1401be678 SetJobA
0x1401be680 EnumJobsA
0x1401be688 SetPrinterA
0x1401be690 GetPrinterA
0x1401be698 WritePrinter
0x1401be6a0 FlushPrinter
0x1401be6a8 AbortPrinter
0x1401be6b0 ReadPrinter
0x1401be6b8 GetPrinterDataA
0x1401be6c0 ConnectToPrinterDlg
0x1401be6c8 ConfigurePortA
0x1401be6d0 GetPrinterDataExA
0x1401be6d8 EnumPrinterDataA
0x1401be6e0 EnumPrinterDataExA
0x1401be6e8 EnumPrinterKeyA
0x1401be6f0 SetPrinterDataA
0x1401be6f8 FindNextPrinterChangeNotification
0x1401be700 FindClosePrinterChangeNotification
0x1401be708 GetFormA
0x1401be710 SetPortA
COMDLG32.dll
0x1401be010 ChooseColorA
0x1401be018 FindTextA
0x1401be020 ReplaceTextA
0x1401be028 GetOpenFileNameA
0x1401be030 PrintDlgA
0x1401be038 PrintDlgExA
0x1401be040 CommDlgExtendedError
0x1401be048 PageSetupDlgA
0x1401be050 ChooseFontA
0x1401be058 GetFileTitleA
0x1401be060 GetSaveFileNameA
ADVAPI32.dll
0x1401be000 DecryptFileA
SHELL32.dll
0x1401be2b8 ShellExecuteExA
0x1401be2c0 None
0x1401be2c8 SHPathPrepareForWriteA
0x1401be2d0 SHBindToParent
0x1401be2d8 None
0x1401be2e0 None
0x1401be2e8 SHGetDataFromIDListA
0x1401be2f0 SHGetInstanceExplorer
0x1401be2f8 None
0x1401be300 None
0x1401be308 DragQueryFileA
0x1401be310 DragQueryPoint
0x1401be318 DragFinish
0x1401be320 DragAcceptFiles
0x1401be328 ShellExecuteA
0x1401be330 ShellAboutA
0x1401be338 DuplicateIcon
0x1401be340 ExtractIconExA
0x1401be348 SHFileOperationA
0x1401be350 None
0x1401be358 SHGetFileInfoA
0x1401be360 SHGetDiskFreeSpaceExA
0x1401be368 None
0x1401be370 SHSetLocalizedName
0x1401be378 None
0x1401be380 SHGetIconOverlayIndexA
0x1401be388 None
0x1401be390 None
0x1401be398 None
0x1401be3a0 None
0x1401be3a8 None
0x1401be3b0 None
0x1401be3b8 None
0x1401be3c0 None
0x1401be3c8 None
0x1401be3d0 None
0x1401be3d8 SHBrowseForFolderA
0x1401be3e0 SHGetDesktopFolder
0x1401be3e8 SHChangeNotify
0x1401be3f0 None
0x1401be3f8 None
dxgi.dll
0x1401be720 CreateDXGIFactory
EAT(Export Address Table) is none
KERNEL32.dll
0x1401be070 GetProcessHeap
0x1401be078 LCMapStringW
0x1401be080 FlsFree
0x1401be088 FlsSetValue
0x1401be090 FlsGetValue
0x1401be098 FlsAlloc
0x1401be0a0 GetStringTypeW
0x1401be0a8 GetFileType
0x1401be0b0 SetStdHandle
0x1401be0b8 FreeEnvironmentStringsW
0x1401be0c0 GetEnvironmentStringsW
0x1401be0c8 WideCharToMultiByte
0x1401be0d0 MultiByteToWideChar
0x1401be0d8 GetCommandLineW
0x1401be0e0 GetCommandLineA
0x1401be0e8 GetCPInfo
0x1401be0f0 GetOEMCP
0x1401be0f8 GetACP
0x1401be100 IsValidCodePage
0x1401be108 FindNextFileW
0x1401be110 FindFirstFileExW
0x1401be118 FindClose
0x1401be120 HeapFree
0x1401be128 HeapAlloc
0x1401be130 GetModuleHandleExW
0x1401be138 TerminateProcess
0x1401be140 HeapSize
0x1401be148 GetCurrentProcess
0x1401be150 GetModuleFileNameW
0x1401be158 WriteFile
0x1401be160 GetStdHandle
0x1401be168 RtlPcToFileHeader
0x1401be170 RaiseException
0x1401be178 EncodePointer
0x1401be180 LoadLibraryExW
0x1401be188 GetProcAddress
0x1401be190 FreeLibrary
0x1401be198 TlsFree
0x1401be1a0 TlsSetValue
0x1401be1a8 TlsGetValue
0x1401be1b0 TlsAlloc
0x1401be1b8 InitializeCriticalSectionAndSpinCount
0x1401be1c0 DeleteCriticalSection
0x1401be1c8 LeaveCriticalSection
0x1401be1d0 EnterCriticalSection
0x1401be1d8 SetLastError
0x1401be1e0 GetLastError
0x1401be1e8 RtlUnwindEx
0x1401be1f0 GetModuleHandleW
0x1401be1f8 IsProcessorFeaturePresent
0x1401be200 GetStartupInfoW
0x1401be208 SetUnhandledExceptionFilter
0x1401be210 UnhandledExceptionFilter
0x1401be218 IsDebuggerPresent
0x1401be220 RtlVirtualUnwind
0x1401be228 RtlLookupFunctionEntry
0x1401be230 RtlCaptureContext
0x1401be238 InitializeSListHead
0x1401be240 GetSystemTimeAsFileTime
0x1401be248 GetCurrentThreadId
0x1401be250 GetCurrentProcessId
0x1401be258 QueryPerformanceCounter
0x1401be260 HeapReAlloc
0x1401be268 FlushFileBuffers
0x1401be270 GetConsoleOutputCP
0x1401be278 GetConsoleMode
0x1401be280 SetFilePointerEx
0x1401be288 CreateFileW
0x1401be290 CloseHandle
0x1401be298 WriteConsoleW
0x1401be2a0 ExitProcess
0x1401be2a8 GetModuleHandleA
USER32.dll
0x1401be408 UpdateLayeredWindow
0x1401be410 AnimateWindow
0x1401be418 ShowWindow
0x1401be420 GetClassInfoExA
0x1401be428 CallWindowProcA
0x1401be430 DefWindowProcA
0x1401be438 DrawCaption
0x1401be440 GetMouseMovePointsEx
0x1401be448 ToUnicodeEx
0x1401be450 SetLayeredWindowAttributes
0x1401be458 ShowWindowAsync
0x1401be460 GetWindowPlacement
0x1401be468 DeferWindowPos
0x1401be470 GetClipboardSequenceNumber
0x1401be478 GetClipboardViewer
0x1401be480 EmptyClipboard
0x1401be488 IsClipboardFormatAvailable
0x1401be490 GetPriorityClipboardFormat
0x1401be498 GetOpenClipboardWindow
0x1401be4a0 CharToOemBuffA
0x1401be4a8 CharNextExA
0x1401be4b0 CharPrevExA
0x1401be4b8 IsCharAlphaNumericA
0x1401be4c0 GetAltTabInfoA
0x1401be4c8 RealGetWindowClassA
0x1401be4d0 GetComboBoxInfo
0x1401be4d8 GetWindowModuleFileNameA
0x1401be4e0 ChangeDisplaySettingsExA
0x1401be4e8 TileWindows
0x1401be4f0 DlgDirSelectExA
0x1401be4f8 GetIconInfo
0x1401be500 DrawIconEx
0x1401be508 CheckMenuRadioItem
0x1401be510 IsGUIThread
0x1401be518 GetParent
0x1401be520 GetClassLongA
0x1401be528 SetClassWord
0x1401be530 SetWindowLongA
0x1401be538 PtInRect
0x1401be540 SubtractRect
0x1401be548 SetRect
0x1401be550 SetSysColors
0x1401be558 MapWindowPoints
0x1401be560 ScreenToClient
0x1401be568 SetCaretBlinkTime
0x1401be570 SetCursorPos
0x1401be578 MessageBoxIndirectA
0x1401be580 AdjustWindowRect
0x1401be588 EnumPropsExA
0x1401be590 ShowScrollBar
0x1401be598 ScrollWindow
0x1401be5a0 LockWindowUpdate
0x1401be5a8 ValidateRgn
0x1401be5b0 InvalidateRgn
0x1401be5b8 GetWindowRgnBox
0x1401be5c0 GetWindowDC
0x1401be5c8 GetDC
0x1401be5d0 WindowFromDC
0x1401be5d8 PaintDesktop
0x1401be5e0 MenuItemFromPoint
0x1401be5e8 SetMenuDefaultItem
0x1401be5f0 SetMenuItemInfoA
0x1401be5f8 TrackPopupMenu
0x1401be600 ModifyMenuA
0x1401be608 GetMenuItemID
0x1401be610 GetSubMenu
0x1401be618 GetMenuStringA
0x1401be620 IsWindowEnabled
0x1401be628 EnableWindow
0x1401be630 IsWindowUnicode
0x1401be638 GetCapture
0x1401be640 VkKeyScanA
0x1401be648 ToAscii
0x1401be650 GetKeyboardState
0x1401be658 GetKeyState
0x1401be660 GetActiveWindow
WINSPOOL.DRV
0x1401be670 ResetPrinterA
0x1401be678 SetJobA
0x1401be680 EnumJobsA
0x1401be688 SetPrinterA
0x1401be690 GetPrinterA
0x1401be698 WritePrinter
0x1401be6a0 FlushPrinter
0x1401be6a8 AbortPrinter
0x1401be6b0 ReadPrinter
0x1401be6b8 GetPrinterDataA
0x1401be6c0 ConnectToPrinterDlg
0x1401be6c8 ConfigurePortA
0x1401be6d0 GetPrinterDataExA
0x1401be6d8 EnumPrinterDataA
0x1401be6e0 EnumPrinterDataExA
0x1401be6e8 EnumPrinterKeyA
0x1401be6f0 SetPrinterDataA
0x1401be6f8 FindNextPrinterChangeNotification
0x1401be700 FindClosePrinterChangeNotification
0x1401be708 GetFormA
0x1401be710 SetPortA
COMDLG32.dll
0x1401be010 ChooseColorA
0x1401be018 FindTextA
0x1401be020 ReplaceTextA
0x1401be028 GetOpenFileNameA
0x1401be030 PrintDlgA
0x1401be038 PrintDlgExA
0x1401be040 CommDlgExtendedError
0x1401be048 PageSetupDlgA
0x1401be050 ChooseFontA
0x1401be058 GetFileTitleA
0x1401be060 GetSaveFileNameA
ADVAPI32.dll
0x1401be000 DecryptFileA
SHELL32.dll
0x1401be2b8 ShellExecuteExA
0x1401be2c0 None
0x1401be2c8 SHPathPrepareForWriteA
0x1401be2d0 SHBindToParent
0x1401be2d8 None
0x1401be2e0 None
0x1401be2e8 SHGetDataFromIDListA
0x1401be2f0 SHGetInstanceExplorer
0x1401be2f8 None
0x1401be300 None
0x1401be308 DragQueryFileA
0x1401be310 DragQueryPoint
0x1401be318 DragFinish
0x1401be320 DragAcceptFiles
0x1401be328 ShellExecuteA
0x1401be330 ShellAboutA
0x1401be338 DuplicateIcon
0x1401be340 ExtractIconExA
0x1401be348 SHFileOperationA
0x1401be350 None
0x1401be358 SHGetFileInfoA
0x1401be360 SHGetDiskFreeSpaceExA
0x1401be368 None
0x1401be370 SHSetLocalizedName
0x1401be378 None
0x1401be380 SHGetIconOverlayIndexA
0x1401be388 None
0x1401be390 None
0x1401be398 None
0x1401be3a0 None
0x1401be3a8 None
0x1401be3b0 None
0x1401be3b8 None
0x1401be3c0 None
0x1401be3c8 None
0x1401be3d0 None
0x1401be3d8 SHBrowseForFolderA
0x1401be3e0 SHGetDesktopFolder
0x1401be3e8 SHChangeNotify
0x1401be3f0 None
0x1401be3f8 None
dxgi.dll
0x1401be720 CreateDXGIFactory
EAT(Export Address Table) is none