ScreenShot
| Created | 2024.09.30 09:46 | Machine | s1_win7_x6403 |
| Filename | r.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 52 detected (AIDetectMalware, RAdmin, IGENERICPMF, S2618989, RemAdm, RemoteAdmin, Unsafe, V6wj, malicious, confidence, RemoteAdmin potentially unsafe, gbat, Kryptik@AI, RDML, Yl8zFfv6SInebpeSc3cowA, Yoddos, HackTool, remote, access, Generic Reputation PUA, Detected, ApplicUnsaf, RemoteAdmin@4dyo, Wacapew, AQIP, Artemis, 8A+sIKpMaNg, susgen, WQf66) | ||
| md5 | 151530ff15af8f65a6c601b345ce685e | ||
| sha256 | ab843a2d0788504a1a035f4624ce03d663bc970aa27ba3290445971dfc332185 | ||
| ssdeep | 6144:Foy8kQ/sEx0e/JwqpTbTtJFfAnGMYfalQilEl4lhFs8VPEG0RFBhxjzg3j/WL:d6xfA+falQrl4lZEG0RrTgTuL | ||
| imphash | c0e79495eea5ea137afed09deae06d3f | ||
| impfuzzy | 48:+jcprOwOitzLaVwsIM0D4cQUkl/16/6U0TESv4joRV3htFR8tLECHLb4Se5XUuj+:MOr7BtzOBIhaNLAqJkZn | ||
Network IP location
Signature (11cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 52 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks whether any human activity is being performed by constantly checking whether the foreground window changed |
| notice | Creates a shortcut to an executable file |
| notice | Creates executable files on the filesystem |
| notice | Drops a binary and executes it |
| notice | Foreign language identified in PE resource |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
Rules (12cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | lnk_file_format | Microsoft Windows Shortcut File Format | binaries (download) |
| info | Lnk_Format_Zero | LNK Format | binaries (download) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.DLL
0x41c0b8 RegCloseKey
0x41c0bc RegCreateKeyExA
0x41c0c0 RegOpenKeyExA
0x41c0c4 RegQueryValueExA
0x41c0c8 RegSetValueExA
KERNEL32.DLL
0x41c1e4 CloseHandle
0x41c1e8 CompareStringA
0x41c1ec CreateDirectoryA
0x41c1f0 CreateDirectoryW
0x41c1f4 CreateFileA
0x41c1f8 CreateFileW
0x41c1fc DeleteFileA
0x41c200 DeleteFileW
0x41c204 DosDateTimeToFileTime
0x41c208 ExitProcess
0x41c20c ExpandEnvironmentStringsA
0x41c210 FileTimeToLocalFileTime
0x41c214 FileTimeToSystemTime
0x41c218 FindClose
0x41c21c FindFirstFileA
0x41c220 FindFirstFileW
0x41c224 FindNextFileA
0x41c228 FindNextFileW
0x41c22c FindResourceA
0x41c230 FreeLibrary
0x41c234 GetCPInfo
0x41c238 GetCommandLineA
0x41c23c GetCurrentDirectoryA
0x41c240 GetDateFormatA
0x41c244 GetFileAttributesA
0x41c248 GetFileAttributesW
0x41c24c GetFileType
0x41c250 GetFullPathNameA
0x41c254 GetLastError
0x41c258 GetLocaleInfoA
0x41c25c GetModuleFileNameA
0x41c260 GetModuleHandleA
0x41c264 GetNumberFormatA
0x41c268 GetProcAddress
0x41c26c GetProcessHeap
0x41c270 GetStdHandle
0x41c274 GetTempPathA
0x41c278 GetTickCount
0x41c27c GetTimeFormatA
0x41c280 GetVersionExA
0x41c284 GlobalAlloc
0x41c288 HeapAlloc
0x41c28c HeapFree
0x41c290 HeapReAlloc
0x41c294 IsDBCSLeadByte
0x41c298 LoadLibraryA
0x41c29c LocalFileTimeToFileTime
0x41c2a0 MoveFileA
0x41c2a4 MoveFileExA
0x41c2a8 MultiByteToWideChar
0x41c2ac OpenFile
0x41c2b0 ReadFile
0x41c2b4 SetCurrentDirectoryA
0x41c2b8 SetEnvironmentVariableA
0x41c2bc SetFileAttributesA
0x41c2c0 SetFileAttributesW
0x41c2c4 SetFilePointer
0x41c2c8 SetFileTime
0x41c2cc SetLastError
0x41c2d0 SetVolumeLabelA
0x41c2d4 Sleep
0x41c2d8 SystemTimeToFileTime
0x41c2dc WaitForSingleObject
0x41c2e0 WideCharToMultiByte
0x41c2e4 WriteFile
0x41c2e8 _lclose
0x41c2ec lstrcmpiA
0x41c2f0 lstrlenA
COMCTL32.DLL
0x41c300 None
GDI32.DLL
0x41c310 DeleteObject
SHELL32.DLL
0x41c33c SHBrowseForFolderA
0x41c340 SHChangeNotify
0x41c344 SHFileOperationA
0x41c348 SHGetFileInfoA
0x41c34c SHGetMalloc
0x41c350 SHGetSpecialFolderLocation
0x41c354 ShellExecuteExA
0x41c358 SHGetPathFromIDListA
USER32.DLL
0x41c438 CharLowerA
0x41c43c CharToOemA
0x41c440 CharToOemBuffA
0x41c444 CharUpperA
0x41c448 CopyRect
0x41c44c CreateWindowExA
0x41c450 DefWindowProcA
0x41c454 DestroyIcon
0x41c458 DestroyWindow
0x41c45c DialogBoxParamA
0x41c460 DispatchMessageA
0x41c464 EnableWindow
0x41c468 EndDialog
0x41c46c FindWindowExA
0x41c470 GetClassNameA
0x41c474 GetClientRect
0x41c478 GetDlgItem
0x41c47c GetDlgItemTextA
0x41c480 GetMessageA
0x41c484 GetParent
0x41c488 GetSysColor
0x41c48c GetSystemMetrics
0x41c490 GetWindow
0x41c494 GetWindowLongA
0x41c498 GetWindowRect
0x41c49c GetWindowTextA
0x41c4a0 IsWindow
0x41c4a4 IsWindowVisible
0x41c4a8 LoadBitmapA
0x41c4ac LoadCursorA
0x41c4b0 LoadIconA
0x41c4b4 LoadStringA
0x41c4b8 MapWindowPoints
0x41c4bc MessageBoxA
0x41c4c0 OemToCharA
0x41c4c4 OemToCharBuffA
0x41c4c8 PeekMessageA
0x41c4cc PostMessageA
0x41c4d0 RegisterClassExA
0x41c4d4 SendDlgItemMessageA
0x41c4d8 SendMessageA
0x41c4dc SetDlgItemTextA
0x41c4e0 SetFocus
0x41c4e4 SetMenu
0x41c4e8 SetWindowLongA
0x41c4ec SetWindowPos
0x41c4f0 SetWindowTextA
0x41c4f4 ShowWindow
0x41c4f8 TranslateMessage
0x41c4fc UpdateWindow
0x41c500 WaitForInputIdle
0x41c504 wsprintfA
0x41c508 wvsprintfA
OLE32.DLL
0x41c528 CLSIDFromString
0x41c52c CoCreateInstance
0x41c530 CreateStreamOnHGlobal
0x41c534 OleInitialize
0x41c538 OleUninitialize
EAT(Export Address Table) is none
ADVAPI32.DLL
0x41c0b8 RegCloseKey
0x41c0bc RegCreateKeyExA
0x41c0c0 RegOpenKeyExA
0x41c0c4 RegQueryValueExA
0x41c0c8 RegSetValueExA
KERNEL32.DLL
0x41c1e4 CloseHandle
0x41c1e8 CompareStringA
0x41c1ec CreateDirectoryA
0x41c1f0 CreateDirectoryW
0x41c1f4 CreateFileA
0x41c1f8 CreateFileW
0x41c1fc DeleteFileA
0x41c200 DeleteFileW
0x41c204 DosDateTimeToFileTime
0x41c208 ExitProcess
0x41c20c ExpandEnvironmentStringsA
0x41c210 FileTimeToLocalFileTime
0x41c214 FileTimeToSystemTime
0x41c218 FindClose
0x41c21c FindFirstFileA
0x41c220 FindFirstFileW
0x41c224 FindNextFileA
0x41c228 FindNextFileW
0x41c22c FindResourceA
0x41c230 FreeLibrary
0x41c234 GetCPInfo
0x41c238 GetCommandLineA
0x41c23c GetCurrentDirectoryA
0x41c240 GetDateFormatA
0x41c244 GetFileAttributesA
0x41c248 GetFileAttributesW
0x41c24c GetFileType
0x41c250 GetFullPathNameA
0x41c254 GetLastError
0x41c258 GetLocaleInfoA
0x41c25c GetModuleFileNameA
0x41c260 GetModuleHandleA
0x41c264 GetNumberFormatA
0x41c268 GetProcAddress
0x41c26c GetProcessHeap
0x41c270 GetStdHandle
0x41c274 GetTempPathA
0x41c278 GetTickCount
0x41c27c GetTimeFormatA
0x41c280 GetVersionExA
0x41c284 GlobalAlloc
0x41c288 HeapAlloc
0x41c28c HeapFree
0x41c290 HeapReAlloc
0x41c294 IsDBCSLeadByte
0x41c298 LoadLibraryA
0x41c29c LocalFileTimeToFileTime
0x41c2a0 MoveFileA
0x41c2a4 MoveFileExA
0x41c2a8 MultiByteToWideChar
0x41c2ac OpenFile
0x41c2b0 ReadFile
0x41c2b4 SetCurrentDirectoryA
0x41c2b8 SetEnvironmentVariableA
0x41c2bc SetFileAttributesA
0x41c2c0 SetFileAttributesW
0x41c2c4 SetFilePointer
0x41c2c8 SetFileTime
0x41c2cc SetLastError
0x41c2d0 SetVolumeLabelA
0x41c2d4 Sleep
0x41c2d8 SystemTimeToFileTime
0x41c2dc WaitForSingleObject
0x41c2e0 WideCharToMultiByte
0x41c2e4 WriteFile
0x41c2e8 _lclose
0x41c2ec lstrcmpiA
0x41c2f0 lstrlenA
COMCTL32.DLL
0x41c300 None
GDI32.DLL
0x41c310 DeleteObject
SHELL32.DLL
0x41c33c SHBrowseForFolderA
0x41c340 SHChangeNotify
0x41c344 SHFileOperationA
0x41c348 SHGetFileInfoA
0x41c34c SHGetMalloc
0x41c350 SHGetSpecialFolderLocation
0x41c354 ShellExecuteExA
0x41c358 SHGetPathFromIDListA
USER32.DLL
0x41c438 CharLowerA
0x41c43c CharToOemA
0x41c440 CharToOemBuffA
0x41c444 CharUpperA
0x41c448 CopyRect
0x41c44c CreateWindowExA
0x41c450 DefWindowProcA
0x41c454 DestroyIcon
0x41c458 DestroyWindow
0x41c45c DialogBoxParamA
0x41c460 DispatchMessageA
0x41c464 EnableWindow
0x41c468 EndDialog
0x41c46c FindWindowExA
0x41c470 GetClassNameA
0x41c474 GetClientRect
0x41c478 GetDlgItem
0x41c47c GetDlgItemTextA
0x41c480 GetMessageA
0x41c484 GetParent
0x41c488 GetSysColor
0x41c48c GetSystemMetrics
0x41c490 GetWindow
0x41c494 GetWindowLongA
0x41c498 GetWindowRect
0x41c49c GetWindowTextA
0x41c4a0 IsWindow
0x41c4a4 IsWindowVisible
0x41c4a8 LoadBitmapA
0x41c4ac LoadCursorA
0x41c4b0 LoadIconA
0x41c4b4 LoadStringA
0x41c4b8 MapWindowPoints
0x41c4bc MessageBoxA
0x41c4c0 OemToCharA
0x41c4c4 OemToCharBuffA
0x41c4c8 PeekMessageA
0x41c4cc PostMessageA
0x41c4d0 RegisterClassExA
0x41c4d4 SendDlgItemMessageA
0x41c4d8 SendMessageA
0x41c4dc SetDlgItemTextA
0x41c4e0 SetFocus
0x41c4e4 SetMenu
0x41c4e8 SetWindowLongA
0x41c4ec SetWindowPos
0x41c4f0 SetWindowTextA
0x41c4f4 ShowWindow
0x41c4f8 TranslateMessage
0x41c4fc UpdateWindow
0x41c500 WaitForInputIdle
0x41c504 wsprintfA
0x41c508 wvsprintfA
OLE32.DLL
0x41c528 CLSIDFromString
0x41c52c CoCreateInstance
0x41c530 CreateStreamOnHGlobal
0x41c534 OleInitialize
0x41c538 OleUninitialize
EAT(Export Address Table) is none