ScreenShot
| Created | 2024.10.12 18:44 | Machine | s1_win7_x6403 |
| Filename | 67081de6be937_ParticlerOps.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 19 detected (AIDetectMalware, Malicious, score, grayware, confidence, moderate confidence, a variant of Generik, LXUYSYW, ccmw, Nekark, nnehx, Wacatac, Artemis, PossibleThreat) | ||
| md5 | dc724c3aafa18b464c83bd5910407805 | ||
| sha256 | 0a35146706c4712aea807ce394aab0270d5c115ceb3d0e79695f49f763648a55 | ||
| ssdeep | 98304:+pTScE3OEH4WTi5cy2KMIg0XfhZprrGWNjPxoKiZ1PMPR8iviRGDowoxziGC:+peBJYWTmcyBMIxXdZpeKiZ1PZRkojxi | ||
| imphash | b5a014d7eeb4c2042897567e1288a095 | ||
| impfuzzy | 96:dWtvdRX8MQ+swecQ0AfFK8ARGIXUnqreqHk:0RMHn0AfFK87IX1reqHk | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 19 AntiVirus engines on VirusTotal as malicious |
| notice | Creates executable files on the filesystem |
| notice | Drops a binary and executes it |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | The executable uses a known packer |
Rules (14cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| watch | ASPack_Zero | ASPack packed file | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
COMCTL32.dll
0x413000 None
KERNEL32.dll
0x413038 GetFileAttributesW
0x41303c CreateDirectoryW
0x413040 WriteFile
0x413044 GetStdHandle
0x413048 VirtualFree
0x41304c GetModuleHandleW
0x413050 GetProcAddress
0x413054 LoadLibraryA
0x413058 LockResource
0x41305c LoadResource
0x413060 SizeofResource
0x413064 FindResourceExA
0x413068 MulDiv
0x41306c GlobalFree
0x413070 GlobalAlloc
0x413074 lstrcmpiA
0x413078 GetSystemDefaultLCID
0x41307c GetSystemDefaultUILanguage
0x413080 GetUserDefaultUILanguage
0x413084 MultiByteToWideChar
0x413088 GetLocaleInfoW
0x41308c lstrlenA
0x413090 lstrcmpiW
0x413094 GetEnvironmentVariableW
0x413098 lstrcmpW
0x41309c GlobalMemoryStatusEx
0x4130a0 VirtualAlloc
0x4130a4 WideCharToMultiByte
0x4130a8 ExpandEnvironmentStringsW
0x4130ac RemoveDirectoryW
0x4130b0 FindClose
0x4130b4 FindNextFileW
0x4130b8 DeleteFileW
0x4130bc FindFirstFileW
0x4130c0 SetThreadLocale
0x4130c4 GetLocalTime
0x4130c8 GetSystemTimeAsFileTime
0x4130cc lstrlenW
0x4130d0 GetTempPathW
0x4130d4 SetEnvironmentVariableW
0x4130d8 CloseHandle
0x4130dc CreateFileW
0x4130e0 GetDriveTypeW
0x4130e4 SetCurrentDirectoryW
0x4130e8 GetModuleFileNameW
0x4130ec GetCommandLineW
0x4130f0 GetVersionExW
0x4130f4 CreateEventW
0x4130f8 SetEvent
0x4130fc ResetEvent
0x413100 InitializeCriticalSection
0x413104 TerminateThread
0x413108 ResumeThread
0x41310c SuspendThread
0x413110 IsBadReadPtr
0x413114 LocalFree
0x413118 lstrcpyW
0x41311c FormatMessageW
0x413120 GetSystemDirectoryW
0x413124 DeleteCriticalSection
0x413128 GetFileSize
0x41312c SetFilePointer
0x413130 ReadFile
0x413134 SetFileTime
0x413138 SetEndOfFile
0x41313c EnterCriticalSection
0x413140 LeaveCriticalSection
0x413144 WaitForMultipleObjects
0x413148 GetModuleHandleA
0x41314c SystemTimeToFileTime
0x413150 GetLastError
0x413154 CreateThread
0x413158 WaitForSingleObject
0x41315c GetExitCodeThread
0x413160 Sleep
0x413164 SetLastError
0x413168 SetFileAttributesW
0x41316c GetDiskFreeSpaceExW
0x413170 lstrcatW
0x413174 ExitProcess
0x413178 CompareFileTime
0x41317c GetStartupInfoA
USER32.dll
0x413234 CharUpperW
0x413238 EndDialog
0x41323c DestroyWindow
0x413240 KillTimer
0x413244 ReleaseDC
0x413248 DispatchMessageW
0x41324c GetMessageW
0x413250 SetTimer
0x413254 CreateWindowExW
0x413258 ScreenToClient
0x41325c GetWindowRect
0x413260 wsprintfW
0x413264 GetParent
0x413268 GetSystemMenu
0x41326c EnableMenuItem
0x413270 EnableWindow
0x413274 MessageBeep
0x413278 LoadIconW
0x41327c LoadImageW
0x413280 wvsprintfW
0x413284 IsWindow
0x413288 DefWindowProcW
0x41328c CallWindowProcW
0x413290 DrawIconEx
0x413294 DialogBoxIndirectParamW
0x413298 GetWindow
0x41329c ClientToScreen
0x4132a0 GetDC
0x4132a4 DrawTextW
0x4132a8 ShowWindow
0x4132ac SystemParametersInfoW
0x4132b0 SetFocus
0x4132b4 SetWindowLongW
0x4132b8 GetSystemMetrics
0x4132bc GetClientRect
0x4132c0 GetDlgItem
0x4132c4 GetKeyState
0x4132c8 MessageBoxA
0x4132cc wsprintfA
0x4132d0 SetWindowTextW
0x4132d4 GetSysColor
0x4132d8 GetWindowTextLengthW
0x4132dc GetWindowTextW
0x4132e0 GetClassNameA
0x4132e4 GetWindowLongW
0x4132e8 GetMenu
0x4132ec SetWindowPos
0x4132f0 CopyImage
0x4132f4 SendMessageW
0x4132f8 GetWindowDC
GDI32.dll
0x413008 GetCurrentObject
0x41300c StretchBlt
0x413010 SetStretchBltMode
0x413014 CreateCompatibleBitmap
0x413018 SelectObject
0x41301c CreateCompatibleDC
0x413020 GetObjectW
0x413024 GetDeviceCaps
0x413028 DeleteObject
0x41302c CreateFontIndirectW
0x413030 DeleteDC
SHELL32.dll
0x413214 SHGetFileInfoW
0x413218 SHBrowseForFolderW
0x41321c SHGetPathFromIDListW
0x413220 SHGetMalloc
0x413224 ShellExecuteExW
0x413228 SHGetSpecialFolderPathW
0x41322c ShellExecuteW
ole32.dll
0x413300 CoInitialize
0x413304 CreateStreamOnHGlobal
0x413308 CoCreateInstance
OLEAUT32.dll
0x413204 VariantClear
0x413208 OleLoadPicture
0x41320c SysAllocString
MSVCRT.dll
0x413184 __set_app_type
0x413188 __p__fmode
0x41318c __p__commode
0x413190 _adjust_fdiv
0x413194 __setusermatherr
0x413198 _initterm
0x41319c __getmainargs
0x4131a0 _acmdln
0x4131a4 exit
0x4131a8 _XcptFilter
0x4131ac _exit
0x4131b0 ??1type_info@@UAE@XZ
0x4131b4 _onexit
0x4131b8 __dllonexit
0x4131bc _CxxThrowException
0x4131c0 _beginthreadex
0x4131c4 _EH_prolog
0x4131c8 memset
0x4131cc _wcsnicmp
0x4131d0 strncmp
0x4131d4 malloc
0x4131d8 memmove
0x4131dc _wtol
0x4131e0 memcpy
0x4131e4 free
0x4131e8 memcmp
0x4131ec _purecall
0x4131f0 ??2@YAPAXI@Z
0x4131f4 ??3@YAXPAX@Z
0x4131f8 _except_handler3
0x4131fc _controlfp
EAT(Export Address Table) is none
COMCTL32.dll
0x413000 None
KERNEL32.dll
0x413038 GetFileAttributesW
0x41303c CreateDirectoryW
0x413040 WriteFile
0x413044 GetStdHandle
0x413048 VirtualFree
0x41304c GetModuleHandleW
0x413050 GetProcAddress
0x413054 LoadLibraryA
0x413058 LockResource
0x41305c LoadResource
0x413060 SizeofResource
0x413064 FindResourceExA
0x413068 MulDiv
0x41306c GlobalFree
0x413070 GlobalAlloc
0x413074 lstrcmpiA
0x413078 GetSystemDefaultLCID
0x41307c GetSystemDefaultUILanguage
0x413080 GetUserDefaultUILanguage
0x413084 MultiByteToWideChar
0x413088 GetLocaleInfoW
0x41308c lstrlenA
0x413090 lstrcmpiW
0x413094 GetEnvironmentVariableW
0x413098 lstrcmpW
0x41309c GlobalMemoryStatusEx
0x4130a0 VirtualAlloc
0x4130a4 WideCharToMultiByte
0x4130a8 ExpandEnvironmentStringsW
0x4130ac RemoveDirectoryW
0x4130b0 FindClose
0x4130b4 FindNextFileW
0x4130b8 DeleteFileW
0x4130bc FindFirstFileW
0x4130c0 SetThreadLocale
0x4130c4 GetLocalTime
0x4130c8 GetSystemTimeAsFileTime
0x4130cc lstrlenW
0x4130d0 GetTempPathW
0x4130d4 SetEnvironmentVariableW
0x4130d8 CloseHandle
0x4130dc CreateFileW
0x4130e0 GetDriveTypeW
0x4130e4 SetCurrentDirectoryW
0x4130e8 GetModuleFileNameW
0x4130ec GetCommandLineW
0x4130f0 GetVersionExW
0x4130f4 CreateEventW
0x4130f8 SetEvent
0x4130fc ResetEvent
0x413100 InitializeCriticalSection
0x413104 TerminateThread
0x413108 ResumeThread
0x41310c SuspendThread
0x413110 IsBadReadPtr
0x413114 LocalFree
0x413118 lstrcpyW
0x41311c FormatMessageW
0x413120 GetSystemDirectoryW
0x413124 DeleteCriticalSection
0x413128 GetFileSize
0x41312c SetFilePointer
0x413130 ReadFile
0x413134 SetFileTime
0x413138 SetEndOfFile
0x41313c EnterCriticalSection
0x413140 LeaveCriticalSection
0x413144 WaitForMultipleObjects
0x413148 GetModuleHandleA
0x41314c SystemTimeToFileTime
0x413150 GetLastError
0x413154 CreateThread
0x413158 WaitForSingleObject
0x41315c GetExitCodeThread
0x413160 Sleep
0x413164 SetLastError
0x413168 SetFileAttributesW
0x41316c GetDiskFreeSpaceExW
0x413170 lstrcatW
0x413174 ExitProcess
0x413178 CompareFileTime
0x41317c GetStartupInfoA
USER32.dll
0x413234 CharUpperW
0x413238 EndDialog
0x41323c DestroyWindow
0x413240 KillTimer
0x413244 ReleaseDC
0x413248 DispatchMessageW
0x41324c GetMessageW
0x413250 SetTimer
0x413254 CreateWindowExW
0x413258 ScreenToClient
0x41325c GetWindowRect
0x413260 wsprintfW
0x413264 GetParent
0x413268 GetSystemMenu
0x41326c EnableMenuItem
0x413270 EnableWindow
0x413274 MessageBeep
0x413278 LoadIconW
0x41327c LoadImageW
0x413280 wvsprintfW
0x413284 IsWindow
0x413288 DefWindowProcW
0x41328c CallWindowProcW
0x413290 DrawIconEx
0x413294 DialogBoxIndirectParamW
0x413298 GetWindow
0x41329c ClientToScreen
0x4132a0 GetDC
0x4132a4 DrawTextW
0x4132a8 ShowWindow
0x4132ac SystemParametersInfoW
0x4132b0 SetFocus
0x4132b4 SetWindowLongW
0x4132b8 GetSystemMetrics
0x4132bc GetClientRect
0x4132c0 GetDlgItem
0x4132c4 GetKeyState
0x4132c8 MessageBoxA
0x4132cc wsprintfA
0x4132d0 SetWindowTextW
0x4132d4 GetSysColor
0x4132d8 GetWindowTextLengthW
0x4132dc GetWindowTextW
0x4132e0 GetClassNameA
0x4132e4 GetWindowLongW
0x4132e8 GetMenu
0x4132ec SetWindowPos
0x4132f0 CopyImage
0x4132f4 SendMessageW
0x4132f8 GetWindowDC
GDI32.dll
0x413008 GetCurrentObject
0x41300c StretchBlt
0x413010 SetStretchBltMode
0x413014 CreateCompatibleBitmap
0x413018 SelectObject
0x41301c CreateCompatibleDC
0x413020 GetObjectW
0x413024 GetDeviceCaps
0x413028 DeleteObject
0x41302c CreateFontIndirectW
0x413030 DeleteDC
SHELL32.dll
0x413214 SHGetFileInfoW
0x413218 SHBrowseForFolderW
0x41321c SHGetPathFromIDListW
0x413220 SHGetMalloc
0x413224 ShellExecuteExW
0x413228 SHGetSpecialFolderPathW
0x41322c ShellExecuteW
ole32.dll
0x413300 CoInitialize
0x413304 CreateStreamOnHGlobal
0x413308 CoCreateInstance
OLEAUT32.dll
0x413204 VariantClear
0x413208 OleLoadPicture
0x41320c SysAllocString
MSVCRT.dll
0x413184 __set_app_type
0x413188 __p__fmode
0x41318c __p__commode
0x413190 _adjust_fdiv
0x413194 __setusermatherr
0x413198 _initterm
0x41319c __getmainargs
0x4131a0 _acmdln
0x4131a4 exit
0x4131a8 _XcptFilter
0x4131ac _exit
0x4131b0 ??1type_info@@UAE@XZ
0x4131b4 _onexit
0x4131b8 __dllonexit
0x4131bc _CxxThrowException
0x4131c0 _beginthreadex
0x4131c4 _EH_prolog
0x4131c8 memset
0x4131cc _wcsnicmp
0x4131d0 strncmp
0x4131d4 malloc
0x4131d8 memmove
0x4131dc _wtol
0x4131e0 memcpy
0x4131e4 free
0x4131e8 memcmp
0x4131ec _purecall
0x4131f0 ??2@YAPAXI@Z
0x4131f4 ??3@YAXPAX@Z
0x4131f8 _except_handler3
0x4131fc _controlfp
EAT(Export Address Table) is none