ScreenShot
| Created | 2024.09.22 17:37 | Machine | s1_win7_x6401 |
| Filename | 990.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 54 detected (AIDetectMalware, Madokwa, Malicious, score, Lazy, Unsafe, Vt6v, confidence, Attribute, HighConfidence, high confidence, DropperX, kqwnrg, Dqf6xYROlDM, AGEN, R002C0DIK24, high, Outbreak, Detected, Sabsik, R633362, Artemis, BScope, NetSupport, GdSda, Gencirc) | ||
| md5 | aace5ed77f7d47cad3e45e0ccdc5411c | ||
| sha256 | a179d25f0ca4b9f6b7b1b7b4376664e422a6341650f80ba58626881638b64d50 | ||
| ssdeep | 3072:IAthOjYt6ktOt/nYUHal/5+LeLEsSkRqneaNn2qSzAuK2raS:dthOjYt6ktCYUHal/hwhkReeunZceS | ||
| imphash | 35ca174cb7a0dd69ac56ae5f0ce996e5 | ||
| impfuzzy | 24:a5UT/2o0xOpGMEteS1BM3JeDc+pl3eDouTvRSOovbOPZkgpKXMuKmPzN:a56CIMteS1BM2c+ppAj3XkfKGN | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 54 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
WININET.dll
0x419188 InternetReadFile
0x41918c InternetCloseHandle
0x419190 InternetOpenW
0x419194 InternetOpenUrlW
SHELL32.dll
0x419164 SHGetSpecialFolderPathW
0x419168 ShellExecuteW
0x41916c SHCreateDirectoryExW
SHLWAPI.dll
0x419174 PathCombineW
0x419178 PathFileExistsW
KERNEL32.dll
0x419018 HeapSize
0x41901c SetFilePointerEx
0x419020 LCMapStringW
0x419024 lstrlenA
0x419028 lstrcmpA
0x41902c HeapAlloc
0x419030 GetProcessHeap
0x419034 HeapFree
0x419038 ExpandEnvironmentStringsW
0x41903c SetFileAttributesW
0x419040 Sleep
0x419044 lstrcatW
0x419048 lstrlenW
0x41904c GetSystemDirectoryW
0x419050 GetCurrentProcess
0x419054 GetModuleFileNameW
0x419058 FlushFileBuffers
0x41905c GetLastError
0x419060 HeapReAlloc
0x419064 CloseHandle
0x419068 ExitProcess
0x41906c CreateProcessW
0x419070 CreateDirectoryW
0x419074 ReadFile
0x419078 WriteFile
0x41907c SetFileTime
0x419080 SetFilePointer
0x419084 CreateFileW
0x419088 GetFileAttributesW
0x41908c MultiByteToWideChar
0x419090 LocalFileTimeToFileTime
0x419094 GetCurrentDirectoryW
0x419098 SystemTimeToFileTime
0x41909c WideCharToMultiByte
0x4190a0 GetConsoleOutputCP
0x4190a4 GetConsoleMode
0x4190a8 DecodePointer
0x4190ac CreateMutexW
0x4190b0 GetSystemTimeAsFileTime
0x4190b4 UnhandledExceptionFilter
0x4190b8 SetUnhandledExceptionFilter
0x4190bc TerminateProcess
0x4190c0 IsProcessorFeaturePresent
0x4190c4 QueryPerformanceCounter
0x4190c8 GetCurrentProcessId
0x4190cc GetCurrentThreadId
0x4190d0 WriteConsoleW
0x4190d4 InitializeSListHead
0x4190d8 IsDebuggerPresent
0x4190dc GetStartupInfoW
0x4190e0 GetModuleHandleW
0x4190e4 RtlUnwind
0x4190e8 RaiseException
0x4190ec SetLastError
0x4190f0 EncodePointer
0x4190f4 EnterCriticalSection
0x4190f8 LeaveCriticalSection
0x4190fc DeleteCriticalSection
0x419100 InitializeCriticalSectionAndSpinCount
0x419104 TlsAlloc
0x419108 TlsGetValue
0x41910c TlsSetValue
0x419110 TlsFree
0x419114 FreeLibrary
0x419118 GetProcAddress
0x41911c LoadLibraryExW
0x419120 GetStdHandle
0x419124 GetModuleHandleExW
0x419128 GetFileType
0x41912c FindClose
0x419130 FindFirstFileExW
0x419134 FindNextFileW
0x419138 IsValidCodePage
0x41913c GetACP
0x419140 GetOEMCP
0x419144 GetCPInfo
0x419148 GetCommandLineA
0x41914c GetCommandLineW
0x419150 GetEnvironmentStringsW
0x419154 FreeEnvironmentStringsW
0x419158 SetStdHandle
0x41915c GetStringTypeW
USER32.dll
0x419180 wsprintfW
ADVAPI32.dll
0x419000 GetTokenInformation
0x419004 RegCloseKey
0x419008 RegSetValueExW
0x41900c RegOpenKeyW
0x419010 OpenProcessToken
EAT(Export Address Table) is none
WININET.dll
0x419188 InternetReadFile
0x41918c InternetCloseHandle
0x419190 InternetOpenW
0x419194 InternetOpenUrlW
SHELL32.dll
0x419164 SHGetSpecialFolderPathW
0x419168 ShellExecuteW
0x41916c SHCreateDirectoryExW
SHLWAPI.dll
0x419174 PathCombineW
0x419178 PathFileExistsW
KERNEL32.dll
0x419018 HeapSize
0x41901c SetFilePointerEx
0x419020 LCMapStringW
0x419024 lstrlenA
0x419028 lstrcmpA
0x41902c HeapAlloc
0x419030 GetProcessHeap
0x419034 HeapFree
0x419038 ExpandEnvironmentStringsW
0x41903c SetFileAttributesW
0x419040 Sleep
0x419044 lstrcatW
0x419048 lstrlenW
0x41904c GetSystemDirectoryW
0x419050 GetCurrentProcess
0x419054 GetModuleFileNameW
0x419058 FlushFileBuffers
0x41905c GetLastError
0x419060 HeapReAlloc
0x419064 CloseHandle
0x419068 ExitProcess
0x41906c CreateProcessW
0x419070 CreateDirectoryW
0x419074 ReadFile
0x419078 WriteFile
0x41907c SetFileTime
0x419080 SetFilePointer
0x419084 CreateFileW
0x419088 GetFileAttributesW
0x41908c MultiByteToWideChar
0x419090 LocalFileTimeToFileTime
0x419094 GetCurrentDirectoryW
0x419098 SystemTimeToFileTime
0x41909c WideCharToMultiByte
0x4190a0 GetConsoleOutputCP
0x4190a4 GetConsoleMode
0x4190a8 DecodePointer
0x4190ac CreateMutexW
0x4190b0 GetSystemTimeAsFileTime
0x4190b4 UnhandledExceptionFilter
0x4190b8 SetUnhandledExceptionFilter
0x4190bc TerminateProcess
0x4190c0 IsProcessorFeaturePresent
0x4190c4 QueryPerformanceCounter
0x4190c8 GetCurrentProcessId
0x4190cc GetCurrentThreadId
0x4190d0 WriteConsoleW
0x4190d4 InitializeSListHead
0x4190d8 IsDebuggerPresent
0x4190dc GetStartupInfoW
0x4190e0 GetModuleHandleW
0x4190e4 RtlUnwind
0x4190e8 RaiseException
0x4190ec SetLastError
0x4190f0 EncodePointer
0x4190f4 EnterCriticalSection
0x4190f8 LeaveCriticalSection
0x4190fc DeleteCriticalSection
0x419100 InitializeCriticalSectionAndSpinCount
0x419104 TlsAlloc
0x419108 TlsGetValue
0x41910c TlsSetValue
0x419110 TlsFree
0x419114 FreeLibrary
0x419118 GetProcAddress
0x41911c LoadLibraryExW
0x419120 GetStdHandle
0x419124 GetModuleHandleExW
0x419128 GetFileType
0x41912c FindClose
0x419130 FindFirstFileExW
0x419134 FindNextFileW
0x419138 IsValidCodePage
0x41913c GetACP
0x419140 GetOEMCP
0x419144 GetCPInfo
0x419148 GetCommandLineA
0x41914c GetCommandLineW
0x419150 GetEnvironmentStringsW
0x419154 FreeEnvironmentStringsW
0x419158 SetStdHandle
0x41915c GetStringTypeW
USER32.dll
0x419180 wsprintfW
ADVAPI32.dll
0x419000 GetTokenInformation
0x419004 RegCloseKey
0x419008 RegSetValueExW
0x41900c RegOpenKeyW
0x419010 OpenProcessToken
EAT(Export Address Table) is none