ScreenShot
| Created | 2024.09.22 17:56 | Machine | s1_win7_x6403 |
| Filename | %E5%85%AC%E7%9B%8A%E4%BC%A0%E5%A5%87.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 47 detected (AIDetectMalware, Malicious, score, HLLP, Unsafe, Ak5j, confidence, Attribute, HighConfidence, high confidence, MultiPacked, TrojanX, Poison, p3IKYqeDVWH, PEPM, DownLoader44, high, EncPk, Static AI, Malicious PE, Detected, SGeneric, HeurC, KVMH008, Sabsik, Bladabindi, GenericRXVS, TScope, Gencirc, susgen) | ||
| md5 | 27f9ee956e01f9e39de89aa138e26c8b | ||
| sha256 | a2987bc0cc4061ecb6be4ca1a1fe9055ca449a3c03e885229dfac0a471327b03 | ||
| ssdeep | 98304:Yrbc0dxOfbCIYflBduQn8LjGQrOsnVLMwbnRu14:YrbcQWb8flBdm26pnVLln/ | ||
| imphash | 2f727a975c44a2925ace416e4a5ad2d8 | ||
| impfuzzy | 96:8cfp95YU3A0MJ44Xc4Ue5zzgU83ck1C/XZqUL9DwPOQT:33+wL1CfZBaPOQT | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 47 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
kernel32.dll
0xa89168 DeleteCriticalSection
0xa8916c LeaveCriticalSection
0xa89170 EnterCriticalSection
0xa89174 InitializeCriticalSection
0xa89178 VirtualFree
0xa8917c VirtualAlloc
0xa89180 LocalFree
0xa89184 LocalAlloc
0xa89188 GetTickCount
0xa8918c QueryPerformanceCounter
0xa89190 GetVersion
0xa89194 GetCurrentThreadId
0xa89198 InterlockedDecrement
0xa8919c InterlockedIncrement
0xa891a0 VirtualQuery
0xa891a4 WideCharToMultiByte
0xa891a8 MultiByteToWideChar
0xa891ac lstrlenA
0xa891b0 lstrcpynA
0xa891b4 LoadLibraryExA
0xa891b8 GetThreadLocale
0xa891bc GetStartupInfoA
0xa891c0 GetProcAddress
0xa891c4 GetModuleHandleA
0xa891c8 GetModuleFileNameA
0xa891cc GetLocaleInfoA
0xa891d0 GetCommandLineA
0xa891d4 FreeLibrary
0xa891d8 FindFirstFileA
0xa891dc FindClose
0xa891e0 ExitProcess
0xa891e4 ExitThread
0xa891e8 WriteFile
0xa891ec UnhandledExceptionFilter
0xa891f0 RtlUnwind
0xa891f4 RaiseException
0xa891f8 GetStdHandle
user32.dll
0xa89200 GetKeyboardType
0xa89204 LoadStringA
0xa89208 MessageBoxA
0xa8920c CharNextA
advapi32.dll
0xa89214 RegQueryValueExA
0xa89218 RegOpenKeyExA
0xa8921c RegCloseKey
oleaut32.dll
0xa89224 SysFreeString
0xa89228 SysReAllocStringLen
0xa8922c SysAllocStringLen
kernel32.dll
0xa89234 TlsSetValue
0xa89238 TlsGetValue
0xa8923c TlsFree
0xa89240 TlsAlloc
0xa89244 LocalFree
0xa89248 LocalAlloc
advapi32.dll
0xa89250 RegOpenKeyA
kernel32.dll
0xa89258 WriteProcessMemory
0xa8925c WriteFile
0xa89260 WideCharToMultiByte
0xa89264 WaitForSingleObject
0xa89268 VirtualQuery
0xa8926c VirtualProtectEx
0xa89270 VirtualProtect
0xa89274 VirtualFree
0xa89278 VirtualAllocEx
0xa8927c VirtualAlloc
0xa89280 SystemTimeToFileTime
0xa89284 SizeofResource
0xa89288 SetThreadContext
0xa8928c SetLastError
0xa89290 SetFilePointer
0xa89294 SetFileAttributesW
0xa89298 SetFileAttributesA
0xa8929c SetEvent
0xa892a0 SetErrorMode
0xa892a4 SetEndOfFile
0xa892a8 SetCurrentDirectoryW
0xa892ac SetCurrentDirectoryA
0xa892b0 ResetEvent
0xa892b4 RemoveDirectoryW
0xa892b8 RemoveDirectoryA
0xa892bc ReadProcessMemory
0xa892c0 ReadFile
0xa892c4 RaiseException
0xa892c8 QueryDosDeviceW
0xa892cc PostQueuedCompletionStatus
0xa892d0 MultiByteToWideChar
0xa892d4 LockResource
0xa892d8 LoadResource
0xa892dc LoadLibraryW
0xa892e0 LoadLibraryA
0xa892e4 LeaveCriticalSection
0xa892e8 IsBadWritePtr
0xa892ec IsBadStringPtrW
0xa892f0 IsBadReadPtr
0xa892f4 InitializeCriticalSection
0xa892f8 GetWindowsDirectoryW
0xa892fc GetWindowsDirectoryA
0xa89300 GetVersionExA
0xa89304 GetVersion
0xa89308 GetThreadLocale
0xa8930c GetThreadContext
0xa89310 GetTempPathW
0xa89314 GetTempPathA
0xa89318 GetTempFileNameW
0xa8931c GetTempFileNameA
0xa89320 GetSystemDirectoryW
0xa89324 GetSystemDirectoryA
0xa89328 GetStringTypeExW
0xa8932c GetStringTypeExA
0xa89330 GetStdHandle
0xa89334 GetProcAddress
0xa89338 GetModuleHandleA
0xa8933c GetModuleFileNameW
0xa89340 GetModuleFileNameA
0xa89344 GetLogicalDriveStringsW
0xa89348 GetLocaleInfoW
0xa8934c GetLocaleInfoA
0xa89350 GetLocalTime
0xa89354 GetLastError
0xa89358 GetFullPathNameW
0xa8935c GetFullPathNameA
0xa89360 GetFileSize
0xa89364 GetFileAttributesW
0xa89368 GetFileAttributesA
0xa8936c GetDiskFreeSpaceA
0xa89370 GetDateFormatA
0xa89374 GetCurrentThreadId
0xa89378 GetCurrentProcessId
0xa8937c GetCurrentProcess
0xa89380 GetCurrentDirectoryW
0xa89384 GetCurrentDirectoryA
0xa89388 GetCPInfo
0xa8938c GetACP
0xa89390 FreeResource
0xa89394 FreeLibrary
0xa89398 FormatMessageA
0xa8939c FlushInstructionCache
0xa893a0 FlushFileBuffers
0xa893a4 FindResourceW
0xa893a8 FindNextFileW
0xa893ac FindNextFileA
0xa893b0 FindFirstFileW
0xa893b4 FindFirstFileA
0xa893b8 FindClose
0xa893bc FileTimeToLocalFileTime
0xa893c0 FileTimeToDosDateTime
0xa893c4 ExitProcess
0xa893c8 EnumCalendarInfoA
0xa893cc EnterCriticalSection
0xa893d0 DeleteFileW
0xa893d4 DeleteFileA
0xa893d8 DeleteCriticalSection
0xa893dc CreateRemoteThread
0xa893e0 CreateFileW
0xa893e4 CreateFileA
0xa893e8 CreateEventA
0xa893ec CreateDirectoryW
0xa893f0 CreateDirectoryA
0xa893f4 CompareStringW
0xa893f8 CompareStringA
0xa893fc CloseHandle
user32.dll
0xa89404 MessageBoxW
0xa89408 MessageBoxA
0xa8940c LoadStringA
0xa89410 GetSystemMetrics
0xa89414 CharUpperBuffW
0xa89418 CharUpperW
0xa8941c CharLowerBuffW
0xa89420 CharLowerW
0xa89424 CharNextA
0xa89428 CharLowerA
0xa8942c CharUpperA
0xa89430 CharToOemA
kernel32.dll
0xa89438 Sleep
kernel32.dll
0xa89440 QueryDosDeviceW
0xa89444 GetModuleHandleA
0xa89448 GetProcAddress
ole32.dll
0xa89450 CreateStreamOnHGlobal
0xa89454 CoUninitialize
0xa89458 CoInitialize
oleaut32.dll
0xa89460 GetErrorInfo
0xa89464 SysFreeString
oleaut32.dll
0xa8946c SafeArrayPtrOfIndex
0xa89470 SafeArrayGetUBound
0xa89474 SafeArrayGetLBound
0xa89478 SafeArrayCreate
0xa8947c VariantChangeType
0xa89480 VariantCopy
0xa89484 VariantClear
0xa89488 VariantInit
ntdll.dll
0xa89490 RtlInitUnicodeString
0xa89494 RtlFreeUnicodeString
0xa89498 RtlFormatCurrentUserKeyPath
0xa8949c RtlDosPathNameToNtPathName_U
SHFolder.dll
0xa894a4 SHGetFolderPathW
0xa894a8 SHGetFolderPathA
ntdll.dll
0xa894b0 ZwProtectVirtualMemory
shlwapi.dll
0xa894b8 PathMatchSpecW
EAT(Export Address Table) is none
kernel32.dll
0xa89168 DeleteCriticalSection
0xa8916c LeaveCriticalSection
0xa89170 EnterCriticalSection
0xa89174 InitializeCriticalSection
0xa89178 VirtualFree
0xa8917c VirtualAlloc
0xa89180 LocalFree
0xa89184 LocalAlloc
0xa89188 GetTickCount
0xa8918c QueryPerformanceCounter
0xa89190 GetVersion
0xa89194 GetCurrentThreadId
0xa89198 InterlockedDecrement
0xa8919c InterlockedIncrement
0xa891a0 VirtualQuery
0xa891a4 WideCharToMultiByte
0xa891a8 MultiByteToWideChar
0xa891ac lstrlenA
0xa891b0 lstrcpynA
0xa891b4 LoadLibraryExA
0xa891b8 GetThreadLocale
0xa891bc GetStartupInfoA
0xa891c0 GetProcAddress
0xa891c4 GetModuleHandleA
0xa891c8 GetModuleFileNameA
0xa891cc GetLocaleInfoA
0xa891d0 GetCommandLineA
0xa891d4 FreeLibrary
0xa891d8 FindFirstFileA
0xa891dc FindClose
0xa891e0 ExitProcess
0xa891e4 ExitThread
0xa891e8 WriteFile
0xa891ec UnhandledExceptionFilter
0xa891f0 RtlUnwind
0xa891f4 RaiseException
0xa891f8 GetStdHandle
user32.dll
0xa89200 GetKeyboardType
0xa89204 LoadStringA
0xa89208 MessageBoxA
0xa8920c CharNextA
advapi32.dll
0xa89214 RegQueryValueExA
0xa89218 RegOpenKeyExA
0xa8921c RegCloseKey
oleaut32.dll
0xa89224 SysFreeString
0xa89228 SysReAllocStringLen
0xa8922c SysAllocStringLen
kernel32.dll
0xa89234 TlsSetValue
0xa89238 TlsGetValue
0xa8923c TlsFree
0xa89240 TlsAlloc
0xa89244 LocalFree
0xa89248 LocalAlloc
advapi32.dll
0xa89250 RegOpenKeyA
kernel32.dll
0xa89258 WriteProcessMemory
0xa8925c WriteFile
0xa89260 WideCharToMultiByte
0xa89264 WaitForSingleObject
0xa89268 VirtualQuery
0xa8926c VirtualProtectEx
0xa89270 VirtualProtect
0xa89274 VirtualFree
0xa89278 VirtualAllocEx
0xa8927c VirtualAlloc
0xa89280 SystemTimeToFileTime
0xa89284 SizeofResource
0xa89288 SetThreadContext
0xa8928c SetLastError
0xa89290 SetFilePointer
0xa89294 SetFileAttributesW
0xa89298 SetFileAttributesA
0xa8929c SetEvent
0xa892a0 SetErrorMode
0xa892a4 SetEndOfFile
0xa892a8 SetCurrentDirectoryW
0xa892ac SetCurrentDirectoryA
0xa892b0 ResetEvent
0xa892b4 RemoveDirectoryW
0xa892b8 RemoveDirectoryA
0xa892bc ReadProcessMemory
0xa892c0 ReadFile
0xa892c4 RaiseException
0xa892c8 QueryDosDeviceW
0xa892cc PostQueuedCompletionStatus
0xa892d0 MultiByteToWideChar
0xa892d4 LockResource
0xa892d8 LoadResource
0xa892dc LoadLibraryW
0xa892e0 LoadLibraryA
0xa892e4 LeaveCriticalSection
0xa892e8 IsBadWritePtr
0xa892ec IsBadStringPtrW
0xa892f0 IsBadReadPtr
0xa892f4 InitializeCriticalSection
0xa892f8 GetWindowsDirectoryW
0xa892fc GetWindowsDirectoryA
0xa89300 GetVersionExA
0xa89304 GetVersion
0xa89308 GetThreadLocale
0xa8930c GetThreadContext
0xa89310 GetTempPathW
0xa89314 GetTempPathA
0xa89318 GetTempFileNameW
0xa8931c GetTempFileNameA
0xa89320 GetSystemDirectoryW
0xa89324 GetSystemDirectoryA
0xa89328 GetStringTypeExW
0xa8932c GetStringTypeExA
0xa89330 GetStdHandle
0xa89334 GetProcAddress
0xa89338 GetModuleHandleA
0xa8933c GetModuleFileNameW
0xa89340 GetModuleFileNameA
0xa89344 GetLogicalDriveStringsW
0xa89348 GetLocaleInfoW
0xa8934c GetLocaleInfoA
0xa89350 GetLocalTime
0xa89354 GetLastError
0xa89358 GetFullPathNameW
0xa8935c GetFullPathNameA
0xa89360 GetFileSize
0xa89364 GetFileAttributesW
0xa89368 GetFileAttributesA
0xa8936c GetDiskFreeSpaceA
0xa89370 GetDateFormatA
0xa89374 GetCurrentThreadId
0xa89378 GetCurrentProcessId
0xa8937c GetCurrentProcess
0xa89380 GetCurrentDirectoryW
0xa89384 GetCurrentDirectoryA
0xa89388 GetCPInfo
0xa8938c GetACP
0xa89390 FreeResource
0xa89394 FreeLibrary
0xa89398 FormatMessageA
0xa8939c FlushInstructionCache
0xa893a0 FlushFileBuffers
0xa893a4 FindResourceW
0xa893a8 FindNextFileW
0xa893ac FindNextFileA
0xa893b0 FindFirstFileW
0xa893b4 FindFirstFileA
0xa893b8 FindClose
0xa893bc FileTimeToLocalFileTime
0xa893c0 FileTimeToDosDateTime
0xa893c4 ExitProcess
0xa893c8 EnumCalendarInfoA
0xa893cc EnterCriticalSection
0xa893d0 DeleteFileW
0xa893d4 DeleteFileA
0xa893d8 DeleteCriticalSection
0xa893dc CreateRemoteThread
0xa893e0 CreateFileW
0xa893e4 CreateFileA
0xa893e8 CreateEventA
0xa893ec CreateDirectoryW
0xa893f0 CreateDirectoryA
0xa893f4 CompareStringW
0xa893f8 CompareStringA
0xa893fc CloseHandle
user32.dll
0xa89404 MessageBoxW
0xa89408 MessageBoxA
0xa8940c LoadStringA
0xa89410 GetSystemMetrics
0xa89414 CharUpperBuffW
0xa89418 CharUpperW
0xa8941c CharLowerBuffW
0xa89420 CharLowerW
0xa89424 CharNextA
0xa89428 CharLowerA
0xa8942c CharUpperA
0xa89430 CharToOemA
kernel32.dll
0xa89438 Sleep
kernel32.dll
0xa89440 QueryDosDeviceW
0xa89444 GetModuleHandleA
0xa89448 GetProcAddress
ole32.dll
0xa89450 CreateStreamOnHGlobal
0xa89454 CoUninitialize
0xa89458 CoInitialize
oleaut32.dll
0xa89460 GetErrorInfo
0xa89464 SysFreeString
oleaut32.dll
0xa8946c SafeArrayPtrOfIndex
0xa89470 SafeArrayGetUBound
0xa89474 SafeArrayGetLBound
0xa89478 SafeArrayCreate
0xa8947c VariantChangeType
0xa89480 VariantCopy
0xa89484 VariantClear
0xa89488 VariantInit
ntdll.dll
0xa89490 RtlInitUnicodeString
0xa89494 RtlFreeUnicodeString
0xa89498 RtlFormatCurrentUserKeyPath
0xa8949c RtlDosPathNameToNtPathName_U
SHFolder.dll
0xa894a4 SHGetFolderPathW
0xa894a8 SHGetFolderPathA
ntdll.dll
0xa894b0 ZwProtectVirtualMemory
shlwapi.dll
0xa894b8 PathMatchSpecW
EAT(Export Address Table) is none