ScreenShot
| Created | 2024.10.16 11:34 | Machine | s1_win7_x6401 |
| Filename | loader.bin | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 48 detected (AIDetectMalware, Redcap, Malicious, score, Lazy, Unsafe, Vnmd, confidence, Attribute, HighConfidence, high confidence, MalwareX, QWGKLDjTyfV, otcpx, high, Harmony Loader, Static AI, Malicious PE, htciv, Wacatac, ABApplication, FAXW, R672501, Artemis, GdSda, Tsmw, PossibleThreat, Wacapew, C9nj) | ||
| md5 | 079caee72a8dac67029b96992050be5b | ||
| sha256 | e7548ff8c5dac69f9e13dbf0384708490c1482e6f84603f59d8194d78504ec51 | ||
| ssdeep | 3072:rEeUvKgWThGS+h5EtoJNEQE+bousFGTEgo+EX9MKWEGTEgo+Em9MKWIt:YevTQSKCtoJqQE5NFHgoHTWEHgo2TW+ | ||
| imphash | 54b907ef88e1152a442e4781bba49bdc | ||
| impfuzzy | 48:EJ/ei4Z9zzvo2/wKOinXP86Ezg8Boeeu79tcc/:EJ/y5vo2nzXP8Bg8B5eY9tcc/ | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
SHLWAPI.dll
0x1800103c0 PathFindFileNameW
0x1800103c8 PathFileExistsA
0x1800103d0 PathFindFileNameA
USER32.dll
0x1800103e0 wsprintfA
SHELL32.dll
0x1800103b0 SHGetFolderPathA
ntdll.dll
0x180010420 NtQueryInformationProcess
WININET.dll
0x1800103f0 InternetOpenW
0x1800103f8 HttpQueryInfoA
0x180010400 InternetCloseHandle
0x180010408 InternetReadFile
0x180010410 InternetOpenUrlW
ADVAPI32.dll
0x180010000 LookupPrivilegeValueA
0x180010008 OpenProcessToken
0x180010010 AdjustTokenPrivileges
KERNEL32.dll
0x180010020 GetConsoleMode
0x180010028 GetConsoleCP
0x180010030 FlushFileBuffers
0x180010038 GetStringTypeW
0x180010040 LCMapStringEx
0x180010048 SetStdHandle
0x180010050 LoadLibraryW
0x180010058 OutputDebugStringW
0x180010060 LoadLibraryExW
0x180010068 SetFilePointerEx
0x180010070 WriteConsoleW
0x180010078 Thread32First
0x180010080 GetCurrentProcess
0x180010088 Process32First
0x180010090 WaitForSingleObject
0x180010098 CreateRemoteThread
0x1800100a0 OpenProcess
0x1800100a8 VirtualFreeEx
0x1800100b0 GetProcAddress
0x1800100b8 VirtualAllocEx
0x1800100c0 Process32Next
0x1800100c8 GetModuleHandleA
0x1800100d0 CreateToolhelp32Snapshot
0x1800100d8 CloseHandle
0x1800100e0 WriteProcessMemory
0x1800100e8 VirtualProtectEx
0x1800100f0 VirtualProtect
0x1800100f8 GetTempFileNameW
0x180010100 CreateFileA
0x180010108 lstrlenA
0x180010110 CreateProcessW
0x180010118 HeapAlloc
0x180010120 CompareFileTime
0x180010128 GetProcessHeap
0x180010130 WriteFile
0x180010138 GetProcessTimes
0x180010140 WideCharToMultiByte
0x180010148 Sleep
0x180010150 TerminateProcess
0x180010158 CreateFileW
0x180010160 lstrcatA
0x180010168 GetTempPathW
0x180010170 GetLastError
0x180010178 lstrcmpiA
0x180010180 Process32FirstW
0x180010188 IsWow64Process
0x180010190 Process32NextW
0x180010198 CreateMutexA
0x1800101a0 DeleteFileW
0x1800101a8 CreateThread
0x1800101b0 lstrcpyA
0x1800101b8 GetThreadContext
0x1800101c0 GetFileSize
0x1800101c8 SetThreadContext
0x1800101d0 GetNativeSystemInfo
0x1800101d8 CreateProcessA
0x1800101e0 ReadFile
0x1800101e8 MultiByteToWideChar
0x1800101f0 ResumeThread
0x1800101f8 HeapReAlloc
0x180010200 HeapFree
0x180010208 GetModuleHandleW
0x180010210 HeapCreate
0x180010218 Thread32Next
0x180010220 FlushInstructionCache
0x180010228 OpenThread
0x180010230 GetCurrentThreadId
0x180010238 GetCurrentProcessId
0x180010240 SuspendThread
0x180010248 VirtualQuery
0x180010250 VirtualFree
0x180010258 VirtualAlloc
0x180010260 GetSystemInfo
0x180010268 EncodePointer
0x180010270 DecodePointer
0x180010278 GetCommandLineA
0x180010280 RtlPcToFileHeader
0x180010288 RaiseException
0x180010290 RtlLookupFunctionEntry
0x180010298 RtlUnwindEx
0x1800102a0 ExitProcess
0x1800102a8 GetModuleHandleExW
0x1800102b0 HeapSize
0x1800102b8 GetStdHandle
0x1800102c0 GetModuleFileNameW
0x1800102c8 IsProcessorFeaturePresent
0x1800102d0 IsDebuggerPresent
0x1800102d8 IsValidCodePage
0x1800102e0 GetACP
0x1800102e8 GetOEMCP
0x1800102f0 GetCPInfo
0x1800102f8 SetLastError
0x180010300 GetFileType
0x180010308 InitializeCriticalSectionAndSpinCount
0x180010310 DeleteCriticalSection
0x180010318 InitOnceExecuteOnce
0x180010320 GetStartupInfoW
0x180010328 GetModuleFileNameA
0x180010330 QueryPerformanceCounter
0x180010338 GetSystemTimeAsFileTime
0x180010340 GetTickCount64
0x180010348 GetEnvironmentStringsW
0x180010350 FreeEnvironmentStringsW
0x180010358 RtlCaptureContext
0x180010360 RtlVirtualUnwind
0x180010368 UnhandledExceptionFilter
0x180010370 SetUnhandledExceptionFilter
0x180010378 FlsAlloc
0x180010380 FlsGetValue
0x180010388 FlsSetValue
0x180010390 FlsFree
0x180010398 EnterCriticalSection
0x1800103a0 LeaveCriticalSection
EAT(Export Address Table) Library
0x18000d298 ?ReflectiveLoader@@YA_KXZ
SHLWAPI.dll
0x1800103c0 PathFindFileNameW
0x1800103c8 PathFileExistsA
0x1800103d0 PathFindFileNameA
USER32.dll
0x1800103e0 wsprintfA
SHELL32.dll
0x1800103b0 SHGetFolderPathA
ntdll.dll
0x180010420 NtQueryInformationProcess
WININET.dll
0x1800103f0 InternetOpenW
0x1800103f8 HttpQueryInfoA
0x180010400 InternetCloseHandle
0x180010408 InternetReadFile
0x180010410 InternetOpenUrlW
ADVAPI32.dll
0x180010000 LookupPrivilegeValueA
0x180010008 OpenProcessToken
0x180010010 AdjustTokenPrivileges
KERNEL32.dll
0x180010020 GetConsoleMode
0x180010028 GetConsoleCP
0x180010030 FlushFileBuffers
0x180010038 GetStringTypeW
0x180010040 LCMapStringEx
0x180010048 SetStdHandle
0x180010050 LoadLibraryW
0x180010058 OutputDebugStringW
0x180010060 LoadLibraryExW
0x180010068 SetFilePointerEx
0x180010070 WriteConsoleW
0x180010078 Thread32First
0x180010080 GetCurrentProcess
0x180010088 Process32First
0x180010090 WaitForSingleObject
0x180010098 CreateRemoteThread
0x1800100a0 OpenProcess
0x1800100a8 VirtualFreeEx
0x1800100b0 GetProcAddress
0x1800100b8 VirtualAllocEx
0x1800100c0 Process32Next
0x1800100c8 GetModuleHandleA
0x1800100d0 CreateToolhelp32Snapshot
0x1800100d8 CloseHandle
0x1800100e0 WriteProcessMemory
0x1800100e8 VirtualProtectEx
0x1800100f0 VirtualProtect
0x1800100f8 GetTempFileNameW
0x180010100 CreateFileA
0x180010108 lstrlenA
0x180010110 CreateProcessW
0x180010118 HeapAlloc
0x180010120 CompareFileTime
0x180010128 GetProcessHeap
0x180010130 WriteFile
0x180010138 GetProcessTimes
0x180010140 WideCharToMultiByte
0x180010148 Sleep
0x180010150 TerminateProcess
0x180010158 CreateFileW
0x180010160 lstrcatA
0x180010168 GetTempPathW
0x180010170 GetLastError
0x180010178 lstrcmpiA
0x180010180 Process32FirstW
0x180010188 IsWow64Process
0x180010190 Process32NextW
0x180010198 CreateMutexA
0x1800101a0 DeleteFileW
0x1800101a8 CreateThread
0x1800101b0 lstrcpyA
0x1800101b8 GetThreadContext
0x1800101c0 GetFileSize
0x1800101c8 SetThreadContext
0x1800101d0 GetNativeSystemInfo
0x1800101d8 CreateProcessA
0x1800101e0 ReadFile
0x1800101e8 MultiByteToWideChar
0x1800101f0 ResumeThread
0x1800101f8 HeapReAlloc
0x180010200 HeapFree
0x180010208 GetModuleHandleW
0x180010210 HeapCreate
0x180010218 Thread32Next
0x180010220 FlushInstructionCache
0x180010228 OpenThread
0x180010230 GetCurrentThreadId
0x180010238 GetCurrentProcessId
0x180010240 SuspendThread
0x180010248 VirtualQuery
0x180010250 VirtualFree
0x180010258 VirtualAlloc
0x180010260 GetSystemInfo
0x180010268 EncodePointer
0x180010270 DecodePointer
0x180010278 GetCommandLineA
0x180010280 RtlPcToFileHeader
0x180010288 RaiseException
0x180010290 RtlLookupFunctionEntry
0x180010298 RtlUnwindEx
0x1800102a0 ExitProcess
0x1800102a8 GetModuleHandleExW
0x1800102b0 HeapSize
0x1800102b8 GetStdHandle
0x1800102c0 GetModuleFileNameW
0x1800102c8 IsProcessorFeaturePresent
0x1800102d0 IsDebuggerPresent
0x1800102d8 IsValidCodePage
0x1800102e0 GetACP
0x1800102e8 GetOEMCP
0x1800102f0 GetCPInfo
0x1800102f8 SetLastError
0x180010300 GetFileType
0x180010308 InitializeCriticalSectionAndSpinCount
0x180010310 DeleteCriticalSection
0x180010318 InitOnceExecuteOnce
0x180010320 GetStartupInfoW
0x180010328 GetModuleFileNameA
0x180010330 QueryPerformanceCounter
0x180010338 GetSystemTimeAsFileTime
0x180010340 GetTickCount64
0x180010348 GetEnvironmentStringsW
0x180010350 FreeEnvironmentStringsW
0x180010358 RtlCaptureContext
0x180010360 RtlVirtualUnwind
0x180010368 UnhandledExceptionFilter
0x180010370 SetUnhandledExceptionFilter
0x180010378 FlsAlloc
0x180010380 FlsGetValue
0x180010388 FlsSetValue
0x180010390 FlsFree
0x180010398 EnterCriticalSection
0x1800103a0 LeaveCriticalSection
EAT(Export Address Table) Library
0x18000d298 ?ReflectiveLoader@@YA_KXZ