ScreenShot
| Created | 2024.09.17 13:49 | Machine | s1_win7_x6401 |
| Filename | Taskmgr.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 48 detected (AIDetectMalware, Razy, Malicious, score, Artemis, Unsafe, CoinMiner, Vnmd, confidence, GenericKD, Attribute, HighConfidence, high confidence, a variant of Generik, NONWRLW, FileRepMalware, Miner, RiskTool, BitCoinMiner, orhz, Undefined, CLOUD, Tool, Generic Reputation PUA, Detected, Malware@#vrqfrmdujs4f, Wacatac, R002H09GQ24, Gencirc, susgen, PossibleThreat, oxer) | ||
| md5 | ea257066a195cc1bc1ea398e239006b2 | ||
| sha256 | 81e95eaca372c94265746b08aac50120c45e6baae7c521a8a23dd0dfdc3b9410 | ||
| ssdeep | 3072:zCvmX1nsRlNQNvaZJr7+zttP7yuCd6b6fh:NXeRlEiD7+5tPF | ||
| imphash | f443a0e04ccc241e2e4a1299775238a0 | ||
| impfuzzy | 24:V0D8lJYESZ02tMS17mnc+plm/CuyoEOovbO/zZHu93v8KFwGMR:/SRtMS17oc+pfuyc3WhFa | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Foreign language identified in PE resource |
| notice | Performs some HTTP requests |
| notice | Resolves a suspicious Top Level Domain (TLD) |
| info | Collects information to fingerprint the system (MachineGuid |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140010000 LoadLibraryA
0x140010008 GetProcAddress
0x140010010 VirtualProtect
0x140010018 HeapFree
0x140010020 SetLastError
0x140010028 VirtualFree
0x140010030 VirtualAlloc
0x140010038 GetNativeSystemInfo
0x140010040 HeapAlloc
0x140010048 GetProcessHeap
0x140010050 FreeLibrary
0x140010058 IsBadReadPtr
0x140010060 WriteConsoleW
0x140010068 RtlCaptureContext
0x140010070 RtlLookupFunctionEntry
0x140010078 RtlVirtualUnwind
0x140010080 UnhandledExceptionFilter
0x140010088 SetUnhandledExceptionFilter
0x140010090 GetCurrentProcess
0x140010098 TerminateProcess
0x1400100a0 IsProcessorFeaturePresent
0x1400100a8 QueryPerformanceCounter
0x1400100b0 GetCurrentProcessId
0x1400100b8 GetCurrentThreadId
0x1400100c0 GetSystemTimeAsFileTime
0x1400100c8 InitializeSListHead
0x1400100d0 IsDebuggerPresent
0x1400100d8 GetStartupInfoW
0x1400100e0 GetModuleHandleW
0x1400100e8 RtlUnwindEx
0x1400100f0 GetLastError
0x1400100f8 EnterCriticalSection
0x140010100 LeaveCriticalSection
0x140010108 DeleteCriticalSection
0x140010110 InitializeCriticalSectionAndSpinCount
0x140010118 TlsAlloc
0x140010120 TlsGetValue
0x140010128 TlsSetValue
0x140010130 TlsFree
0x140010138 LoadLibraryExW
0x140010140 EncodePointer
0x140010148 RaiseException
0x140010150 RtlPcToFileHeader
0x140010158 GetStdHandle
0x140010160 WriteFile
0x140010168 GetModuleFileNameW
0x140010170 ExitProcess
0x140010178 GetModuleHandleExW
0x140010180 GetCommandLineA
0x140010188 GetCommandLineW
0x140010190 HeapReAlloc
0x140010198 MultiByteToWideChar
0x1400101a0 WideCharToMultiByte
0x1400101a8 FindClose
0x1400101b0 FindFirstFileExW
0x1400101b8 FindNextFileW
0x1400101c0 IsValidCodePage
0x1400101c8 GetACP
0x1400101d0 GetOEMCP
0x1400101d8 GetCPInfo
0x1400101e0 GetEnvironmentStringsW
0x1400101e8 FreeEnvironmentStringsW
0x1400101f0 SetEnvironmentVariableW
0x1400101f8 SetStdHandle
0x140010200 GetFileType
0x140010208 GetStringTypeW
0x140010210 FlsAlloc
0x140010218 FlsGetValue
0x140010220 FlsSetValue
0x140010228 FlsFree
0x140010230 InitializeCriticalSectionEx
0x140010238 CompareStringW
0x140010240 LCMapStringW
0x140010248 HeapSize
0x140010250 FlushFileBuffers
0x140010258 GetConsoleOutputCP
0x140010260 GetConsoleMode
0x140010268 SetFilePointerEx
0x140010270 CreateFileW
0x140010278 CloseHandle
EAT(Export Address Table) is none
KERNEL32.dll
0x140010000 LoadLibraryA
0x140010008 GetProcAddress
0x140010010 VirtualProtect
0x140010018 HeapFree
0x140010020 SetLastError
0x140010028 VirtualFree
0x140010030 VirtualAlloc
0x140010038 GetNativeSystemInfo
0x140010040 HeapAlloc
0x140010048 GetProcessHeap
0x140010050 FreeLibrary
0x140010058 IsBadReadPtr
0x140010060 WriteConsoleW
0x140010068 RtlCaptureContext
0x140010070 RtlLookupFunctionEntry
0x140010078 RtlVirtualUnwind
0x140010080 UnhandledExceptionFilter
0x140010088 SetUnhandledExceptionFilter
0x140010090 GetCurrentProcess
0x140010098 TerminateProcess
0x1400100a0 IsProcessorFeaturePresent
0x1400100a8 QueryPerformanceCounter
0x1400100b0 GetCurrentProcessId
0x1400100b8 GetCurrentThreadId
0x1400100c0 GetSystemTimeAsFileTime
0x1400100c8 InitializeSListHead
0x1400100d0 IsDebuggerPresent
0x1400100d8 GetStartupInfoW
0x1400100e0 GetModuleHandleW
0x1400100e8 RtlUnwindEx
0x1400100f0 GetLastError
0x1400100f8 EnterCriticalSection
0x140010100 LeaveCriticalSection
0x140010108 DeleteCriticalSection
0x140010110 InitializeCriticalSectionAndSpinCount
0x140010118 TlsAlloc
0x140010120 TlsGetValue
0x140010128 TlsSetValue
0x140010130 TlsFree
0x140010138 LoadLibraryExW
0x140010140 EncodePointer
0x140010148 RaiseException
0x140010150 RtlPcToFileHeader
0x140010158 GetStdHandle
0x140010160 WriteFile
0x140010168 GetModuleFileNameW
0x140010170 ExitProcess
0x140010178 GetModuleHandleExW
0x140010180 GetCommandLineA
0x140010188 GetCommandLineW
0x140010190 HeapReAlloc
0x140010198 MultiByteToWideChar
0x1400101a0 WideCharToMultiByte
0x1400101a8 FindClose
0x1400101b0 FindFirstFileExW
0x1400101b8 FindNextFileW
0x1400101c0 IsValidCodePage
0x1400101c8 GetACP
0x1400101d0 GetOEMCP
0x1400101d8 GetCPInfo
0x1400101e0 GetEnvironmentStringsW
0x1400101e8 FreeEnvironmentStringsW
0x1400101f0 SetEnvironmentVariableW
0x1400101f8 SetStdHandle
0x140010200 GetFileType
0x140010208 GetStringTypeW
0x140010210 FlsAlloc
0x140010218 FlsGetValue
0x140010220 FlsSetValue
0x140010228 FlsFree
0x140010230 InitializeCriticalSectionEx
0x140010238 CompareStringW
0x140010240 LCMapStringW
0x140010248 HeapSize
0x140010250 FlushFileBuffers
0x140010258 GetConsoleOutputCP
0x140010260 GetConsoleMode
0x140010268 SetFilePointerEx
0x140010270 CreateFileW
0x140010278 CloseHandle
EAT(Export Address Table) is none