ScreenShot
| Created | 2024.09.30 09:48 | Machine | s1_win7_x6401 |
| Filename | 1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 9 detected (AIDetectMalware, V8u4, grayware, confidence, Repack, HackTool, Crack, YSY5W7, MALICIOUS, Loderka) | ||
| md5 | 8ae20294b12f8eaa5551a24b0667a235 | ||
| sha256 | 708a473bbcd229fac5dcd38b59415fd39a8a2daf7884be0e3e5967edecbbecb1 | ||
| ssdeep | 98304:1Q+wf8md+58pH2pCqJgpiJJ7lMqlbQzRRkFMuhFJqVVxr8BUkXgB82JqFXPdCO9P:1ZY87Ryi37LYYM4JqV3o7XgXJYCZ0 | ||
| imphash | ea498fe198e91fc6fa5f09d6bb3dad3a | ||
| impfuzzy | 96:oc94A5TNO0MHuIpLrEc7S1GXg6i2DwPOQ/d:oc7NA4x1wVkPOQ1 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Drops an executable to the user AppData folder |
| notice | File has been identified by 9 AntiVirus engines on VirusTotal as malicious |
| notice | Queries for potentially installed applications |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (13cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (download) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (download) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
oleaut32.dll
0x422360 SysFreeString
0x422364 SysReAllocStringLen
0x422368 SysAllocStringLen
advapi32.dll
0x422370 RegQueryValueExW
0x422374 RegOpenKeyExW
0x422378 RegCloseKey
user32.dll
0x422380 GetKeyboardType
0x422384 LoadStringW
0x422388 MessageBoxA
0x42238c CharNextW
kernel32.dll
0x422394 GetACP
0x422398 Sleep
0x42239c VirtualFree
0x4223a0 VirtualAlloc
0x4223a4 GetSystemInfo
0x4223a8 GetTickCount
0x4223ac QueryPerformanceCounter
0x4223b0 GetVersion
0x4223b4 GetCurrentThreadId
0x4223b8 VirtualQuery
0x4223bc WideCharToMultiByte
0x4223c0 MultiByteToWideChar
0x4223c4 lstrlenW
0x4223c8 lstrcpynW
0x4223cc LoadLibraryExW
0x4223d0 GetThreadLocale
0x4223d4 GetStartupInfoA
0x4223d8 GetProcAddress
0x4223dc GetModuleHandleW
0x4223e0 GetModuleFileNameW
0x4223e4 GetLocaleInfoW
0x4223e8 GetCommandLineW
0x4223ec FreeLibrary
0x4223f0 FindFirstFileW
0x4223f4 FindClose
0x4223f8 ExitProcess
0x4223fc WriteFile
0x422400 UnhandledExceptionFilter
0x422404 RtlUnwind
0x422408 RaiseException
0x42240c GetStdHandle
0x422410 CloseHandle
kernel32.dll
0x422418 TlsSetValue
0x42241c TlsGetValue
0x422420 LocalAlloc
0x422424 GetModuleHandleW
user32.dll
0x42242c CreateWindowExW
0x422430 TranslateMessage
0x422434 SetWindowLongW
0x422438 PeekMessageW
0x42243c MsgWaitForMultipleObjects
0x422440 MessageBoxW
0x422444 LoadStringW
0x422448 GetSystemMetrics
0x42244c ExitWindowsEx
0x422450 DispatchMessageW
0x422454 DestroyWindow
0x422458 CharUpperBuffW
0x42245c CallWindowProcW
kernel32.dll
0x422464 WriteFile
0x422468 WideCharToMultiByte
0x42246c WaitForSingleObject
0x422470 VirtualQueryEx
0x422474 VirtualQuery
0x422478 VirtualProtect
0x42247c VirtualFree
0x422480 VirtualAlloc
0x422484 SizeofResource
0x422488 SignalObjectAndWait
0x42248c SetLastError
0x422490 SetFilePointer
0x422494 SetEvent
0x422498 SetErrorMode
0x42249c SetEndOfFile
0x4224a0 ResetEvent
0x4224a4 RemoveDirectoryW
0x4224a8 ReadFile
0x4224ac MultiByteToWideChar
0x4224b0 LockResource
0x4224b4 LoadResource
0x4224b8 LoadLibraryW
0x4224bc LeaveCriticalSection
0x4224c0 InitializeCriticalSection
0x4224c4 GetWindowsDirectoryW
0x4224c8 GetVersionExW
0x4224cc GetVersion
0x4224d0 GetUserDefaultLangID
0x4224d4 GetThreadLocale
0x4224d8 GetSystemInfo
0x4224dc GetSystemDirectoryW
0x4224e0 GetStdHandle
0x4224e4 GetProcAddress
0x4224e8 GetModuleHandleW
0x4224ec GetModuleFileNameW
0x4224f0 GetLocaleInfoW
0x4224f4 GetLocalTime
0x4224f8 GetLastError
0x4224fc GetFullPathNameW
0x422500 GetFileSize
0x422504 GetFileAttributesW
0x422508 GetExitCodeProcess
0x42250c GetEnvironmentVariableW
0x422510 GetDiskFreeSpaceW
0x422514 GetDateFormatW
0x422518 GetCurrentThreadId
0x42251c GetCurrentProcess
0x422520 GetCommandLineW
0x422524 GetCPInfo
0x422528 InterlockedExchange
0x42252c InterlockedCompareExchange
0x422530 FreeLibrary
0x422534 FormatMessageW
0x422538 FindResourceW
0x42253c EnumCalendarInfoW
0x422540 EnterCriticalSection
0x422544 DeleteFileW
0x422548 DeleteCriticalSection
0x42254c CreateProcessW
0x422550 CreateFileW
0x422554 CreateEventW
0x422558 CreateDirectoryW
0x42255c CompareStringW
0x422560 CloseHandle
advapi32.dll
0x422568 RegQueryValueExW
0x42256c RegOpenKeyExW
0x422570 RegCloseKey
0x422574 OpenProcessToken
0x422578 LookupPrivilegeValueW
comctl32.dll
0x422580 InitCommonControls
kernel32.dll
0x422588 Sleep
oleaut32.dll
0x422590 SafeArrayPtrOfIndex
0x422594 SafeArrayGetUBound
0x422598 SafeArrayGetLBound
0x42259c SafeArrayCreate
0x4225a0 VariantChangeType
0x4225a4 VariantCopy
0x4225a8 VariantClear
0x4225ac VariantInit
advapi32.dll
0x4225b4 AdjustTokenPrivileges
EAT(Export Address Table) is none
oleaut32.dll
0x422360 SysFreeString
0x422364 SysReAllocStringLen
0x422368 SysAllocStringLen
advapi32.dll
0x422370 RegQueryValueExW
0x422374 RegOpenKeyExW
0x422378 RegCloseKey
user32.dll
0x422380 GetKeyboardType
0x422384 LoadStringW
0x422388 MessageBoxA
0x42238c CharNextW
kernel32.dll
0x422394 GetACP
0x422398 Sleep
0x42239c VirtualFree
0x4223a0 VirtualAlloc
0x4223a4 GetSystemInfo
0x4223a8 GetTickCount
0x4223ac QueryPerformanceCounter
0x4223b0 GetVersion
0x4223b4 GetCurrentThreadId
0x4223b8 VirtualQuery
0x4223bc WideCharToMultiByte
0x4223c0 MultiByteToWideChar
0x4223c4 lstrlenW
0x4223c8 lstrcpynW
0x4223cc LoadLibraryExW
0x4223d0 GetThreadLocale
0x4223d4 GetStartupInfoA
0x4223d8 GetProcAddress
0x4223dc GetModuleHandleW
0x4223e0 GetModuleFileNameW
0x4223e4 GetLocaleInfoW
0x4223e8 GetCommandLineW
0x4223ec FreeLibrary
0x4223f0 FindFirstFileW
0x4223f4 FindClose
0x4223f8 ExitProcess
0x4223fc WriteFile
0x422400 UnhandledExceptionFilter
0x422404 RtlUnwind
0x422408 RaiseException
0x42240c GetStdHandle
0x422410 CloseHandle
kernel32.dll
0x422418 TlsSetValue
0x42241c TlsGetValue
0x422420 LocalAlloc
0x422424 GetModuleHandleW
user32.dll
0x42242c CreateWindowExW
0x422430 TranslateMessage
0x422434 SetWindowLongW
0x422438 PeekMessageW
0x42243c MsgWaitForMultipleObjects
0x422440 MessageBoxW
0x422444 LoadStringW
0x422448 GetSystemMetrics
0x42244c ExitWindowsEx
0x422450 DispatchMessageW
0x422454 DestroyWindow
0x422458 CharUpperBuffW
0x42245c CallWindowProcW
kernel32.dll
0x422464 WriteFile
0x422468 WideCharToMultiByte
0x42246c WaitForSingleObject
0x422470 VirtualQueryEx
0x422474 VirtualQuery
0x422478 VirtualProtect
0x42247c VirtualFree
0x422480 VirtualAlloc
0x422484 SizeofResource
0x422488 SignalObjectAndWait
0x42248c SetLastError
0x422490 SetFilePointer
0x422494 SetEvent
0x422498 SetErrorMode
0x42249c SetEndOfFile
0x4224a0 ResetEvent
0x4224a4 RemoveDirectoryW
0x4224a8 ReadFile
0x4224ac MultiByteToWideChar
0x4224b0 LockResource
0x4224b4 LoadResource
0x4224b8 LoadLibraryW
0x4224bc LeaveCriticalSection
0x4224c0 InitializeCriticalSection
0x4224c4 GetWindowsDirectoryW
0x4224c8 GetVersionExW
0x4224cc GetVersion
0x4224d0 GetUserDefaultLangID
0x4224d4 GetThreadLocale
0x4224d8 GetSystemInfo
0x4224dc GetSystemDirectoryW
0x4224e0 GetStdHandle
0x4224e4 GetProcAddress
0x4224e8 GetModuleHandleW
0x4224ec GetModuleFileNameW
0x4224f0 GetLocaleInfoW
0x4224f4 GetLocalTime
0x4224f8 GetLastError
0x4224fc GetFullPathNameW
0x422500 GetFileSize
0x422504 GetFileAttributesW
0x422508 GetExitCodeProcess
0x42250c GetEnvironmentVariableW
0x422510 GetDiskFreeSpaceW
0x422514 GetDateFormatW
0x422518 GetCurrentThreadId
0x42251c GetCurrentProcess
0x422520 GetCommandLineW
0x422524 GetCPInfo
0x422528 InterlockedExchange
0x42252c InterlockedCompareExchange
0x422530 FreeLibrary
0x422534 FormatMessageW
0x422538 FindResourceW
0x42253c EnumCalendarInfoW
0x422540 EnterCriticalSection
0x422544 DeleteFileW
0x422548 DeleteCriticalSection
0x42254c CreateProcessW
0x422550 CreateFileW
0x422554 CreateEventW
0x422558 CreateDirectoryW
0x42255c CompareStringW
0x422560 CloseHandle
advapi32.dll
0x422568 RegQueryValueExW
0x42256c RegOpenKeyExW
0x422570 RegCloseKey
0x422574 OpenProcessToken
0x422578 LookupPrivilegeValueW
comctl32.dll
0x422580 InitCommonControls
kernel32.dll
0x422588 Sleep
oleaut32.dll
0x422590 SafeArrayPtrOfIndex
0x422594 SafeArrayGetUBound
0x422598 SafeArrayGetLBound
0x42259c SafeArrayCreate
0x4225a0 VariantChangeType
0x4225a4 VariantCopy
0x4225a8 VariantClear
0x4225ac VariantInit
advapi32.dll
0x4225b4 AdjustTokenPrivileges
EAT(Export Address Table) is none