ScreenShot
Created | 2024.10.15 14:25 | Machine | s1_win7_x6402 |
Filename | RRFCCE.txt.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | |||
md5 | 57d3d8dd95d86ac35f4b428da9cc1e30 | ||
sha256 | c9c5b7bbbac48c507f825ef76acab3e999d89c15ebe265dfaffa7131fc405510 | ||
ssdeep | 12288:wTlrYw1RUh3NFn+N5WfIQIjbs/ZBXVT4:ApRUh3NDfIQIjeZV | ||
imphash | 1389569a3a39186f3eb453b501cfe688 | ||
impfuzzy | 96:mKSzrpXI9LHcp+1OMgZiSLAfGLxdlmPKNUz7KgKd3YdPRsPosV:rAY8ZzLLPm/PiZwRsbV |
Network IP location
Signature (6cnts)
Level | Description |
---|---|
danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
warning | Generates some ICMP traffic |
watch | Creates a windows hook that monitors keyboard input (keylogger) |
notice | A process attempted to delay the analysis task. |
notice | Connects to a Dynamic DNS Domain |
info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (9cnts)
Level | Name | Description | Collection |
---|---|---|---|
danger | infoStealer_browser_b_Zero | browser info stealer | binaries (upload) |
warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
watch | Network_Downloader | File Downloader | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4590b4 FindNextFileA
0x4590b8 ExpandEnvironmentStringsA
0x4590bc GetLongPathNameW
0x4590c0 CopyFileW
0x4590c4 GetLocaleInfoA
0x4590c8 CreateToolhelp32Snapshot
0x4590cc Process32NextW
0x4590d0 Process32FirstW
0x4590d4 VirtualProtect
0x4590d8 SetLastError
0x4590dc VirtualFree
0x4590e0 VirtualAlloc
0x4590e4 GetNativeSystemInfo
0x4590e8 HeapAlloc
0x4590ec GetProcessHeap
0x4590f0 FreeLibrary
0x4590f4 IsBadReadPtr
0x4590f8 GetTempPathW
0x4590fc OpenProcess
0x459100 OpenMutexA
0x459104 lstrcatW
0x459108 GetCurrentProcessId
0x45910c GetTempFileNameW
0x459110 UnmapViewOfFile
0x459114 DuplicateHandle
0x459118 CreateFileMappingW
0x45911c MapViewOfFile
0x459120 GetSystemDirectoryA
0x459124 GlobalAlloc
0x459128 GlobalLock
0x45912c GetTickCount
0x459130 GlobalUnlock
0x459134 WriteProcessMemory
0x459138 ResumeThread
0x45913c GetThreadContext
0x459140 ReadProcessMemory
0x459144 CreateProcessW
0x459148 SetThreadContext
0x45914c LocalAlloc
0x459150 GlobalFree
0x459154 MulDiv
0x459158 SizeofResource
0x45915c QueryDosDeviceW
0x459160 FindFirstVolumeW
0x459164 GetConsoleScreenBufferInfo
0x459168 SetConsoleTextAttribute
0x45916c lstrlenW
0x459170 GetStdHandle
0x459174 SetFilePointer
0x459178 FindResourceA
0x45917c LockResource
0x459180 LoadResource
0x459184 LocalFree
0x459188 FindVolumeClose
0x45918c GetVolumePathNamesForVolumeNameW
0x459190 lstrcpyW
0x459194 FindFirstFileA
0x459198 FormatMessageA
0x45919c FindNextVolumeW
0x4591a0 AllocConsole
0x4591a4 lstrcmpW
0x4591a8 GetModuleFileNameA
0x4591ac lstrcpynA
0x4591b0 QueryPerformanceFrequency
0x4591b4 QueryPerformanceCounter
0x4591b8 EnterCriticalSection
0x4591bc LeaveCriticalSection
0x4591c0 InitializeCriticalSection
0x4591c4 DeleteCriticalSection
0x4591c8 HeapSize
0x4591cc WriteConsoleW
0x4591d0 SetStdHandle
0x4591d4 SetEnvironmentVariableW
0x4591d8 SetEnvironmentVariableA
0x4591dc FreeEnvironmentStringsW
0x4591e0 GetEnvironmentStringsW
0x4591e4 GetCommandLineW
0x4591e8 GetCommandLineA
0x4591ec GetOEMCP
0x4591f0 IsValidCodePage
0x4591f4 FindFirstFileExA
0x4591f8 ReadConsoleW
0x4591fc GetConsoleMode
0x459200 GetConsoleCP
0x459204 FlushFileBuffers
0x459208 GetFileType
0x45920c GetTimeZoneInformation
0x459210 EnumSystemLocalesW
0x459214 GetUserDefaultLCID
0x459218 IsValidLocale
0x45921c GetTimeFormatW
0x459220 GetDateFormatW
0x459224 HeapReAlloc
0x459228 GetACP
0x45922c GetModuleHandleExW
0x459230 MoveFileExW
0x459234 RtlUnwind
0x459238 RaiseException
0x45923c LoadLibraryExW
0x459240 GetCPInfo
0x459244 GetStringTypeW
0x459248 GetLocaleInfoW
0x45924c LCMapStringW
0x459250 CompareStringW
0x459254 TlsFree
0x459258 TlsSetValue
0x45925c TlsGetValue
0x459260 TlsAlloc
0x459264 GetFileSize
0x459268 TerminateThread
0x45926c GetLastError
0x459270 CreateDirectoryW
0x459274 GetModuleHandleA
0x459278 RemoveDirectoryW
0x45927c MoveFileW
0x459280 SetFilePointerEx
0x459284 GetLogicalDriveStringsA
0x459288 DeleteFileW
0x45928c DeleteFileA
0x459290 SetFileAttributesW
0x459294 GetFileAttributesW
0x459298 FindClose
0x45929c lstrlenA
0x4592a0 GetDriveTypeA
0x4592a4 FindNextFileW
0x4592a8 GetFileSizeEx
0x4592ac FindFirstFileW
0x4592b0 GetModuleHandleW
0x4592b4 ExitProcess
0x4592b8 CreateMutexA
0x4592bc GetCurrentProcess
0x4592c0 GetProcAddress
0x4592c4 LoadLibraryA
0x4592c8 CreateProcessA
0x4592cc PeekNamedPipe
0x4592d0 CreatePipe
0x4592d4 TerminateProcess
0x4592d8 ReadFile
0x4592dc HeapFree
0x4592e0 HeapCreate
0x4592e4 CreateEventA
0x4592e8 GetLocalTime
0x4592ec CreateThread
0x4592f0 SetEvent
0x4592f4 CreateEventW
0x4592f8 WaitForSingleObject
0x4592fc Sleep
0x459300 GetModuleFileNameW
0x459304 CloseHandle
0x459308 ExitThread
0x45930c CreateFileW
0x459310 WriteFile
0x459314 SetConsoleOutputCP
0x459318 InitializeCriticalSectionAndSpinCount
0x45931c MultiByteToWideChar
0x459320 DecodePointer
0x459324 EncodePointer
0x459328 WideCharToMultiByte
0x45932c InitializeSListHead
0x459330 GetSystemTimeAsFileTime
0x459334 GetCurrentThreadId
0x459338 IsProcessorFeaturePresent
0x45933c GetStartupInfoW
0x459340 SetUnhandledExceptionFilter
0x459344 UnhandledExceptionFilter
0x459348 IsDebuggerPresent
0x45934c WaitForSingleObjectEx
0x459350 ResetEvent
0x459354 SetEndOfFile
USER32.dll
0x459380 GetMessageA
0x459384 GetWindowTextW
0x459388 wsprintfW
0x45938c GetClipboardData
0x459390 UnhookWindowsHookEx
0x459394 GetForegroundWindow
0x459398 ToUnicodeEx
0x45939c GetKeyboardLayout
0x4593a0 SetWindowsHookExA
0x4593a4 CloseClipboard
0x4593a8 OpenClipboard
0x4593ac GetKeyboardState
0x4593b0 CallNextHookEx
0x4593b4 GetKeyboardLayoutNameA
0x4593b8 GetKeyState
0x4593bc GetWindowTextLengthW
0x4593c0 DispatchMessageA
0x4593c4 SetForegroundWindow
0x4593c8 SetClipboardData
0x4593cc EnumWindows
0x4593d0 ExitWindowsEx
0x4593d4 EmptyClipboard
0x4593d8 ShowWindow
0x4593dc SetWindowTextW
0x4593e0 MessageBoxW
0x4593e4 IsWindowVisible
0x4593e8 CloseWindow
0x4593ec SendInput
0x4593f0 EnumDisplaySettingsW
0x4593f4 mouse_event
0x4593f8 CreatePopupMenu
0x4593fc TranslateMessage
0x459400 TrackPopupMenu
0x459404 DefWindowProcA
0x459408 CreateWindowExA
0x45940c AppendMenuA
0x459410 GetSystemMetrics
0x459414 RegisterClassExA
0x459418 GetCursorPos
0x45941c SystemParametersInfoW
0x459420 GetWindowThreadProcessId
0x459424 MapVirtualKeyA
0x459428 DrawIcon
0x45942c GetIconInfo
GDI32.dll
0x459088 BitBlt
0x45908c CreateCompatibleBitmap
0x459090 SelectObject
0x459094 CreateCompatibleDC
0x459098 StretchBlt
0x45909c GetDIBits
0x4590a0 DeleteObject
0x4590a4 CreateDCA
0x4590a8 GetObjectA
0x4590ac DeleteDC
ADVAPI32.dll
0x459000 CryptAcquireContextA
0x459004 CryptGenRandom
0x459008 CryptReleaseContext
0x45900c GetUserNameW
0x459010 RegEnumKeyExA
0x459014 QueryServiceStatus
0x459018 CloseServiceHandle
0x45901c OpenSCManagerW
0x459020 OpenSCManagerA
0x459024 ControlService
0x459028 StartServiceW
0x45902c QueryServiceConfigW
0x459030 ChangeServiceConfigW
0x459034 OpenServiceW
0x459038 EnumServicesStatusW
0x45903c AdjustTokenPrivileges
0x459040 LookupPrivilegeValueA
0x459044 OpenProcessToken
0x459048 RegCreateKeyA
0x45904c RegCloseKey
0x459050 RegQueryInfoKeyW
0x459054 RegQueryValueExA
0x459058 RegCreateKeyExW
0x45905c RegEnumKeyExW
0x459060 RegSetValueExW
0x459064 RegSetValueExA
0x459068 RegOpenKeyExA
0x45906c RegOpenKeyExW
0x459070 RegCreateKeyW
0x459074 RegDeleteValueW
0x459078 RegEnumValueW
0x45907c RegQueryValueExW
0x459080 RegDeleteKeyA
SHELL32.dll
0x45935c ShellExecuteExA
0x459360 Shell_NotifyIconA
0x459364 ExtractIconA
0x459368 ShellExecuteW
ole32.dll
0x4594e4 CoInitializeEx
0x4594e8 CoUninitialize
0x4594ec CoGetObject
SHLWAPI.dll
0x459370 PathFileExistsW
0x459374 PathFileExistsA
0x459378 StrToIntA
WINMM.dll
0x459448 waveInOpen
0x45944c waveInStart
0x459450 waveInAddBuffer
0x459454 PlaySoundW
0x459458 mciSendStringA
0x45945c mciSendStringW
0x459460 waveInClose
0x459464 waveInStop
0x459468 waveInPrepareHeader
0x45946c waveInUnprepareHeader
WS2_32.dll
0x459474 gethostbyname
0x459478 send
0x45947c WSAStartup
0x459480 closesocket
0x459484 inet_ntoa
0x459488 htons
0x45948c htonl
0x459490 getservbyname
0x459494 ntohs
0x459498 getservbyport
0x45949c gethostbyaddr
0x4594a0 inet_addr
0x4594a4 WSASetLastError
0x4594a8 WSAGetLastError
0x4594ac recv
0x4594b0 connect
0x4594b4 socket
urlmon.dll
0x4594f4 URLOpenBlockingStreamW
0x4594f8 URLDownloadToFileW
gdiplus.dll
0x4594bc GdipSaveImageToStream
0x4594c0 GdipGetImageEncodersSize
0x4594c4 GdipFree
0x4594c8 GdipDisposeImage
0x4594cc GdipAlloc
0x4594d0 GdipCloneImage
0x4594d4 GdipGetImageEncoders
0x4594d8 GdiplusStartup
0x4594dc GdipLoadImageFromStream
WININET.dll
0x459434 InternetOpenUrlW
0x459438 InternetOpenW
0x45943c InternetCloseHandle
0x459440 InternetReadFile
EAT(Export Address Table) is none
KERNEL32.dll
0x4590b4 FindNextFileA
0x4590b8 ExpandEnvironmentStringsA
0x4590bc GetLongPathNameW
0x4590c0 CopyFileW
0x4590c4 GetLocaleInfoA
0x4590c8 CreateToolhelp32Snapshot
0x4590cc Process32NextW
0x4590d0 Process32FirstW
0x4590d4 VirtualProtect
0x4590d8 SetLastError
0x4590dc VirtualFree
0x4590e0 VirtualAlloc
0x4590e4 GetNativeSystemInfo
0x4590e8 HeapAlloc
0x4590ec GetProcessHeap
0x4590f0 FreeLibrary
0x4590f4 IsBadReadPtr
0x4590f8 GetTempPathW
0x4590fc OpenProcess
0x459100 OpenMutexA
0x459104 lstrcatW
0x459108 GetCurrentProcessId
0x45910c GetTempFileNameW
0x459110 UnmapViewOfFile
0x459114 DuplicateHandle
0x459118 CreateFileMappingW
0x45911c MapViewOfFile
0x459120 GetSystemDirectoryA
0x459124 GlobalAlloc
0x459128 GlobalLock
0x45912c GetTickCount
0x459130 GlobalUnlock
0x459134 WriteProcessMemory
0x459138 ResumeThread
0x45913c GetThreadContext
0x459140 ReadProcessMemory
0x459144 CreateProcessW
0x459148 SetThreadContext
0x45914c LocalAlloc
0x459150 GlobalFree
0x459154 MulDiv
0x459158 SizeofResource
0x45915c QueryDosDeviceW
0x459160 FindFirstVolumeW
0x459164 GetConsoleScreenBufferInfo
0x459168 SetConsoleTextAttribute
0x45916c lstrlenW
0x459170 GetStdHandle
0x459174 SetFilePointer
0x459178 FindResourceA
0x45917c LockResource
0x459180 LoadResource
0x459184 LocalFree
0x459188 FindVolumeClose
0x45918c GetVolumePathNamesForVolumeNameW
0x459190 lstrcpyW
0x459194 FindFirstFileA
0x459198 FormatMessageA
0x45919c FindNextVolumeW
0x4591a0 AllocConsole
0x4591a4 lstrcmpW
0x4591a8 GetModuleFileNameA
0x4591ac lstrcpynA
0x4591b0 QueryPerformanceFrequency
0x4591b4 QueryPerformanceCounter
0x4591b8 EnterCriticalSection
0x4591bc LeaveCriticalSection
0x4591c0 InitializeCriticalSection
0x4591c4 DeleteCriticalSection
0x4591c8 HeapSize
0x4591cc WriteConsoleW
0x4591d0 SetStdHandle
0x4591d4 SetEnvironmentVariableW
0x4591d8 SetEnvironmentVariableA
0x4591dc FreeEnvironmentStringsW
0x4591e0 GetEnvironmentStringsW
0x4591e4 GetCommandLineW
0x4591e8 GetCommandLineA
0x4591ec GetOEMCP
0x4591f0 IsValidCodePage
0x4591f4 FindFirstFileExA
0x4591f8 ReadConsoleW
0x4591fc GetConsoleMode
0x459200 GetConsoleCP
0x459204 FlushFileBuffers
0x459208 GetFileType
0x45920c GetTimeZoneInformation
0x459210 EnumSystemLocalesW
0x459214 GetUserDefaultLCID
0x459218 IsValidLocale
0x45921c GetTimeFormatW
0x459220 GetDateFormatW
0x459224 HeapReAlloc
0x459228 GetACP
0x45922c GetModuleHandleExW
0x459230 MoveFileExW
0x459234 RtlUnwind
0x459238 RaiseException
0x45923c LoadLibraryExW
0x459240 GetCPInfo
0x459244 GetStringTypeW
0x459248 GetLocaleInfoW
0x45924c LCMapStringW
0x459250 CompareStringW
0x459254 TlsFree
0x459258 TlsSetValue
0x45925c TlsGetValue
0x459260 TlsAlloc
0x459264 GetFileSize
0x459268 TerminateThread
0x45926c GetLastError
0x459270 CreateDirectoryW
0x459274 GetModuleHandleA
0x459278 RemoveDirectoryW
0x45927c MoveFileW
0x459280 SetFilePointerEx
0x459284 GetLogicalDriveStringsA
0x459288 DeleteFileW
0x45928c DeleteFileA
0x459290 SetFileAttributesW
0x459294 GetFileAttributesW
0x459298 FindClose
0x45929c lstrlenA
0x4592a0 GetDriveTypeA
0x4592a4 FindNextFileW
0x4592a8 GetFileSizeEx
0x4592ac FindFirstFileW
0x4592b0 GetModuleHandleW
0x4592b4 ExitProcess
0x4592b8 CreateMutexA
0x4592bc GetCurrentProcess
0x4592c0 GetProcAddress
0x4592c4 LoadLibraryA
0x4592c8 CreateProcessA
0x4592cc PeekNamedPipe
0x4592d0 CreatePipe
0x4592d4 TerminateProcess
0x4592d8 ReadFile
0x4592dc HeapFree
0x4592e0 HeapCreate
0x4592e4 CreateEventA
0x4592e8 GetLocalTime
0x4592ec CreateThread
0x4592f0 SetEvent
0x4592f4 CreateEventW
0x4592f8 WaitForSingleObject
0x4592fc Sleep
0x459300 GetModuleFileNameW
0x459304 CloseHandle
0x459308 ExitThread
0x45930c CreateFileW
0x459310 WriteFile
0x459314 SetConsoleOutputCP
0x459318 InitializeCriticalSectionAndSpinCount
0x45931c MultiByteToWideChar
0x459320 DecodePointer
0x459324 EncodePointer
0x459328 WideCharToMultiByte
0x45932c InitializeSListHead
0x459330 GetSystemTimeAsFileTime
0x459334 GetCurrentThreadId
0x459338 IsProcessorFeaturePresent
0x45933c GetStartupInfoW
0x459340 SetUnhandledExceptionFilter
0x459344 UnhandledExceptionFilter
0x459348 IsDebuggerPresent
0x45934c WaitForSingleObjectEx
0x459350 ResetEvent
0x459354 SetEndOfFile
USER32.dll
0x459380 GetMessageA
0x459384 GetWindowTextW
0x459388 wsprintfW
0x45938c GetClipboardData
0x459390 UnhookWindowsHookEx
0x459394 GetForegroundWindow
0x459398 ToUnicodeEx
0x45939c GetKeyboardLayout
0x4593a0 SetWindowsHookExA
0x4593a4 CloseClipboard
0x4593a8 OpenClipboard
0x4593ac GetKeyboardState
0x4593b0 CallNextHookEx
0x4593b4 GetKeyboardLayoutNameA
0x4593b8 GetKeyState
0x4593bc GetWindowTextLengthW
0x4593c0 DispatchMessageA
0x4593c4 SetForegroundWindow
0x4593c8 SetClipboardData
0x4593cc EnumWindows
0x4593d0 ExitWindowsEx
0x4593d4 EmptyClipboard
0x4593d8 ShowWindow
0x4593dc SetWindowTextW
0x4593e0 MessageBoxW
0x4593e4 IsWindowVisible
0x4593e8 CloseWindow
0x4593ec SendInput
0x4593f0 EnumDisplaySettingsW
0x4593f4 mouse_event
0x4593f8 CreatePopupMenu
0x4593fc TranslateMessage
0x459400 TrackPopupMenu
0x459404 DefWindowProcA
0x459408 CreateWindowExA
0x45940c AppendMenuA
0x459410 GetSystemMetrics
0x459414 RegisterClassExA
0x459418 GetCursorPos
0x45941c SystemParametersInfoW
0x459420 GetWindowThreadProcessId
0x459424 MapVirtualKeyA
0x459428 DrawIcon
0x45942c GetIconInfo
GDI32.dll
0x459088 BitBlt
0x45908c CreateCompatibleBitmap
0x459090 SelectObject
0x459094 CreateCompatibleDC
0x459098 StretchBlt
0x45909c GetDIBits
0x4590a0 DeleteObject
0x4590a4 CreateDCA
0x4590a8 GetObjectA
0x4590ac DeleteDC
ADVAPI32.dll
0x459000 CryptAcquireContextA
0x459004 CryptGenRandom
0x459008 CryptReleaseContext
0x45900c GetUserNameW
0x459010 RegEnumKeyExA
0x459014 QueryServiceStatus
0x459018 CloseServiceHandle
0x45901c OpenSCManagerW
0x459020 OpenSCManagerA
0x459024 ControlService
0x459028 StartServiceW
0x45902c QueryServiceConfigW
0x459030 ChangeServiceConfigW
0x459034 OpenServiceW
0x459038 EnumServicesStatusW
0x45903c AdjustTokenPrivileges
0x459040 LookupPrivilegeValueA
0x459044 OpenProcessToken
0x459048 RegCreateKeyA
0x45904c RegCloseKey
0x459050 RegQueryInfoKeyW
0x459054 RegQueryValueExA
0x459058 RegCreateKeyExW
0x45905c RegEnumKeyExW
0x459060 RegSetValueExW
0x459064 RegSetValueExA
0x459068 RegOpenKeyExA
0x45906c RegOpenKeyExW
0x459070 RegCreateKeyW
0x459074 RegDeleteValueW
0x459078 RegEnumValueW
0x45907c RegQueryValueExW
0x459080 RegDeleteKeyA
SHELL32.dll
0x45935c ShellExecuteExA
0x459360 Shell_NotifyIconA
0x459364 ExtractIconA
0x459368 ShellExecuteW
ole32.dll
0x4594e4 CoInitializeEx
0x4594e8 CoUninitialize
0x4594ec CoGetObject
SHLWAPI.dll
0x459370 PathFileExistsW
0x459374 PathFileExistsA
0x459378 StrToIntA
WINMM.dll
0x459448 waveInOpen
0x45944c waveInStart
0x459450 waveInAddBuffer
0x459454 PlaySoundW
0x459458 mciSendStringA
0x45945c mciSendStringW
0x459460 waveInClose
0x459464 waveInStop
0x459468 waveInPrepareHeader
0x45946c waveInUnprepareHeader
WS2_32.dll
0x459474 gethostbyname
0x459478 send
0x45947c WSAStartup
0x459480 closesocket
0x459484 inet_ntoa
0x459488 htons
0x45948c htonl
0x459490 getservbyname
0x459494 ntohs
0x459498 getservbyport
0x45949c gethostbyaddr
0x4594a0 inet_addr
0x4594a4 WSASetLastError
0x4594a8 WSAGetLastError
0x4594ac recv
0x4594b0 connect
0x4594b4 socket
urlmon.dll
0x4594f4 URLOpenBlockingStreamW
0x4594f8 URLDownloadToFileW
gdiplus.dll
0x4594bc GdipSaveImageToStream
0x4594c0 GdipGetImageEncodersSize
0x4594c4 GdipFree
0x4594c8 GdipDisposeImage
0x4594cc GdipAlloc
0x4594d0 GdipCloneImage
0x4594d4 GdipGetImageEncoders
0x4594d8 GdiplusStartup
0x4594dc GdipLoadImageFromStream
WININET.dll
0x459434 InternetOpenUrlW
0x459438 InternetOpenW
0x45943c InternetCloseHandle
0x459440 InternetReadFile
EAT(Export Address Table) is none