ScreenShot
| Created | 2024.09.17 13:46 | Machine | s1_win7_x6403 |
| Filename | upd.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 63 detected (AIDetectMalware, Zbot, lx9X, Malicious, score, Rhadaman, S33183739, Artemis, Zusy, Unsafe, Rhadamanthys, Vtir, GenusT, DVAD, Attribute, HighConfidence, high confidence, Kryptik, HXAU, PWSX, Strab, EE65rmTGwTO, XPACK, Siggen3, KryptikAGen, YXEIOZ, moderate, Static AI, Suspicious PE, Detected, ESAA, Eldorado, R637359, StartSurf, GdSda, susgen) | ||
| md5 | 8da6d3f4326ca248d0a99d21d2d8b135 | ||
| sha256 | 95897f8814e4c651671799af51c40fbe0a2334827683c82640627e270c57d9d7 | ||
| ssdeep | 6144:g2qezd2ab1/RuHk+M3k8M3W7XomjOJCqshrOlumY6DMIewgxQfq1sb:gf2R/EEkCQFYDwRqa | ||
| imphash | be49a2411263045f8ee0c442783b5f83 | ||
| impfuzzy | 24:KxjPiRQx/NGfF6U0bx/xf2zSvAJ8tly5AlJws5T0v+Gd8Bn:KiRQpNwF6U0blxfoSvy8tl0AVx02G2n | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| danger | File has been identified by 63 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x462008 HeapAlloc
0x46200c HeapFree
0x462010 GetProcessHeap
0x462014 WaitForSingleObject
0x462018 HeapDestroy
0x46201c MulDiv
0x462020 lstrlenW
0x462024 CreateEventA
0x462028 GetModuleFileNameW
0x46202c GetModuleHandleA
0x462030 CloseHandle
0x462034 HeapCreate
0x462038 GetStartupInfoA
USER32.dll
0x462088 AdjustWindowRect
0x46208c GetDlgItem
0x462090 GetIconInfo
0x462094 SendDlgItemMessageA
0x462098 InflateRect
0x46209c DialogBoxParamA
0x4620a0 CreateIconFromResourceEx
0x4620a4 SendMessageW
0x4620a8 LookupIconIdFromDirectoryEx
0x4620ac LoadImageA
0x4620b0 SetForegroundWindow
0x4620b4 EndDialog
0x4620b8 OffsetRect
0x4620bc GetWindowLongA
0x4620c0 SetWindowPos
0x4620c4 UnionRect
0x4620c8 SetWindowTextW
GDI32.dll
0x462000 GetObjectA
ole32.dll
0x4620d0 CoCreateGuid
0x4620d4 CoTaskMemFree
0x4620d8 CoInitializeEx
MSVCRT.dll
0x462040 __set_app_type
0x462044 __p__fmode
0x462048 __p__commode
0x46204c _adjust_fdiv
0x462050 __setusermatherr
0x462054 _initterm
0x462058 __getmainargs
0x46205c _acmdln
0x462060 exit
0x462064 _XcptFilter
0x462068 _exit
0x46206c memset
0x462070 memcpy
0x462074 wcsrchr
0x462078 wcschr
0x46207c _controlfp
0x462080 _except_handler3
EAT(Export Address Table) is none
KERNEL32.dll
0x462008 HeapAlloc
0x46200c HeapFree
0x462010 GetProcessHeap
0x462014 WaitForSingleObject
0x462018 HeapDestroy
0x46201c MulDiv
0x462020 lstrlenW
0x462024 CreateEventA
0x462028 GetModuleFileNameW
0x46202c GetModuleHandleA
0x462030 CloseHandle
0x462034 HeapCreate
0x462038 GetStartupInfoA
USER32.dll
0x462088 AdjustWindowRect
0x46208c GetDlgItem
0x462090 GetIconInfo
0x462094 SendDlgItemMessageA
0x462098 InflateRect
0x46209c DialogBoxParamA
0x4620a0 CreateIconFromResourceEx
0x4620a4 SendMessageW
0x4620a8 LookupIconIdFromDirectoryEx
0x4620ac LoadImageA
0x4620b0 SetForegroundWindow
0x4620b4 EndDialog
0x4620b8 OffsetRect
0x4620bc GetWindowLongA
0x4620c0 SetWindowPos
0x4620c4 UnionRect
0x4620c8 SetWindowTextW
GDI32.dll
0x462000 GetObjectA
ole32.dll
0x4620d0 CoCreateGuid
0x4620d4 CoTaskMemFree
0x4620d8 CoInitializeEx
MSVCRT.dll
0x462040 __set_app_type
0x462044 __p__fmode
0x462048 __p__commode
0x46204c _adjust_fdiv
0x462050 __setusermatherr
0x462054 _initterm
0x462058 __getmainargs
0x46205c _acmdln
0x462060 exit
0x462064 _XcptFilter
0x462068 _exit
0x46206c memset
0x462070 memcpy
0x462074 wcsrchr
0x462078 wcschr
0x46207c _controlfp
0x462080 _except_handler3
EAT(Export Address Table) is none