ScreenShot
| Created | 2024.10.17 14:31 | Machine | s1_win7_x6403 |
| Filename | rundl.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 61 detected (AIDetectMalware, Remcos, Malicious, score, Unsafe, Save, confidence, 100%, Kryptik, Attribute, HighConfidence, Windows, Rescoms, RATX, jtnxow, CLASSIC, MulDrop21, Real Protect, hocna, Detected, Wacatac, Bucaspys, Eldorado, RemcosRAT, R534966, FDQO, BScope, Genetic, EJYXzK8zWrM, susgen) | ||
| md5 | 0bc532538aea8f63c70ed009d4290c73 | ||
| sha256 | fc074a5ed883b127fe005d14e1e0b870a93318ed1840fd94e9771458a19a229e | ||
| ssdeep | 12288:Htmox/Sl5vkKtAXjsoZ8wHonsfZg464x:NmW6l5vkKtAD8wIKZJ | ||
| imphash | 658143f158f14e9bff661e164dfff376 | ||
| impfuzzy | 96:TSzHsXkhLHcp+1OM3hZQSWnfGLFXYr7KNUz7KgKd3YdbA1qwb:T90JZ5W4XYXPiZuAbb | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 61 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | infoStealer_browser_b_Zero | browser info stealer | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4560b0 CopyFileW
0x4560b4 CreateMutexA
0x4560b8 GetLocaleInfoA
0x4560bc CreateToolhelp32Snapshot
0x4560c0 OpenMutexA
0x4560c4 Process32NextW
0x4560c8 Process32FirstW
0x4560cc VirtualProtect
0x4560d0 SetLastError
0x4560d4 VirtualFree
0x4560d8 VirtualAlloc
0x4560dc GetNativeSystemInfo
0x4560e0 HeapAlloc
0x4560e4 GetProcessHeap
0x4560e8 FreeLibrary
0x4560ec IsBadReadPtr
0x4560f0 GetTempPathW
0x4560f4 OpenProcess
0x4560f8 lstrcatW
0x4560fc GetCurrentProcessId
0x456100 GetTempFileNameW
0x456104 GetCurrentProcess
0x456108 GetSystemDirectoryA
0x45610c GlobalAlloc
0x456110 GlobalLock
0x456114 GetTickCount
0x456118 GlobalUnlock
0x45611c WriteProcessMemory
0x456120 ResumeThread
0x456124 GetThreadContext
0x456128 ReadProcessMemory
0x45612c CreateProcessW
0x456130 SetThreadContext
0x456134 LocalAlloc
0x456138 GlobalFree
0x45613c MulDiv
0x456140 SizeofResource
0x456144 GetConsoleScreenBufferInfo
0x456148 SetConsoleTextAttribute
0x45614c GetStdHandle
0x456150 SetFilePointer
0x456154 FindResourceA
0x456158 LockResource
0x45615c LoadResource
0x456160 LocalFree
0x456164 SetConsoleOutputCP
0x456168 FormatMessageA
0x45616c AllocConsole
0x456170 GetModuleFileNameA
0x456174 GetLongPathNameW
0x456178 QueryPerformanceFrequency
0x45617c QueryPerformanceCounter
0x456180 EnterCriticalSection
0x456184 LeaveCriticalSection
0x456188 InitializeCriticalSection
0x45618c DeleteCriticalSection
0x456190 HeapSize
0x456194 WriteConsoleW
0x456198 SetStdHandle
0x45619c SetEnvironmentVariableW
0x4561a0 SetEnvironmentVariableA
0x4561a4 FreeEnvironmentStringsW
0x4561a8 GetEnvironmentStringsW
0x4561ac GetCommandLineW
0x4561b0 GetCommandLineA
0x4561b4 GetOEMCP
0x4561b8 IsValidCodePage
0x4561bc FindFirstFileExA
0x4561c0 ReadConsoleW
0x4561c4 GetConsoleMode
0x4561c8 GetConsoleCP
0x4561cc FlushFileBuffers
0x4561d0 GetFileType
0x4561d4 GetTimeZoneInformation
0x4561d8 EnumSystemLocalesW
0x4561dc GetUserDefaultLCID
0x4561e0 IsValidLocale
0x4561e4 GetTimeFormatW
0x4561e8 GetDateFormatW
0x4561ec HeapReAlloc
0x4561f0 GetACP
0x4561f4 GetModuleHandleExW
0x4561f8 MoveFileExW
0x4561fc RtlUnwind
0x456200 RaiseException
0x456204 LoadLibraryExW
0x456208 GetCPInfo
0x45620c GetStringTypeW
0x456210 GetLocaleInfoW
0x456214 LCMapStringW
0x456218 CompareStringW
0x45621c TlsFree
0x456220 TlsSetValue
0x456224 TlsGetValue
0x456228 ExpandEnvironmentStringsA
0x45622c FindNextFileA
0x456230 FindFirstFileA
0x456234 GetFileSize
0x456238 TerminateThread
0x45623c GetLastError
0x456240 SetFileAttributesW
0x456244 GetModuleHandleA
0x456248 CreateDirectoryW
0x45624c RemoveDirectoryW
0x456250 MoveFileW
0x456254 SetFilePointerEx
0x456258 GetLogicalDriveStringsA
0x45625c DeleteFileW
0x456260 DeleteFileA
0x456264 GetFileAttributesW
0x456268 FindClose
0x45626c lstrlenA
0x456270 GetDriveTypeA
0x456274 FindNextFileW
0x456278 GetFileSizeEx
0x45627c FindFirstFileW
0x456280 ExitProcess
0x456284 GetProcAddress
0x456288 LoadLibraryA
0x45628c CreateProcessA
0x456290 PeekNamedPipe
0x456294 CreatePipe
0x456298 TerminateProcess
0x45629c ReadFile
0x4562a0 HeapFree
0x4562a4 HeapCreate
0x4562a8 CreateEventA
0x4562ac GetLocalTime
0x4562b0 CreateThread
0x4562b4 SetEvent
0x4562b8 CreateEventW
0x4562bc WaitForSingleObject
0x4562c0 Sleep
0x4562c4 GetModuleFileNameW
0x4562c8 CloseHandle
0x4562cc ExitThread
0x4562d0 CreateFileW
0x4562d4 WriteFile
0x4562d8 lstrcpynA
0x4562dc TlsAlloc
0x4562e0 InitializeCriticalSectionAndSpinCount
0x4562e4 MultiByteToWideChar
0x4562e8 DecodePointer
0x4562ec EncodePointer
0x4562f0 WideCharToMultiByte
0x4562f4 InitializeSListHead
0x4562f8 GetSystemTimeAsFileTime
0x4562fc GetCurrentThreadId
0x456300 IsProcessorFeaturePresent
0x456304 GetStartupInfoW
0x456308 SetUnhandledExceptionFilter
0x45630c UnhandledExceptionFilter
0x456310 IsDebuggerPresent
0x456314 GetModuleHandleW
0x456318 WaitForSingleObjectEx
0x45631c ResetEvent
0x456320 SetEndOfFile
USER32.dll
0x45634c mouse_event
0x456350 TranslateMessage
0x456354 DispatchMessageA
0x456358 GetMessageA
0x45635c GetWindowTextW
0x456360 wsprintfW
0x456364 GetClipboardData
0x456368 UnhookWindowsHookEx
0x45636c GetForegroundWindow
0x456370 ToUnicodeEx
0x456374 GetKeyboardLayout
0x456378 SetWindowsHookExA
0x45637c CloseClipboard
0x456380 OpenClipboard
0x456384 GetKeyboardState
0x456388 CallNextHookEx
0x45638c GetKeyboardLayoutNameA
0x456390 GetKeyState
0x456394 GetWindowTextLengthW
0x456398 GetWindowThreadProcessId
0x45639c SetForegroundWindow
0x4563a0 SetClipboardData
0x4563a4 EnumWindows
0x4563a8 ExitWindowsEx
0x4563ac GetSystemMetrics
0x4563b0 GetIconInfo
0x4563b4 SystemParametersInfoW
0x4563b8 GetCursorPos
0x4563bc RegisterClassExA
0x4563c0 DrawIcon
0x4563c4 AppendMenuA
0x4563c8 CreateWindowExA
0x4563cc DefWindowProcA
0x4563d0 TrackPopupMenu
0x4563d4 CreatePopupMenu
0x4563d8 EnumDisplaySettingsW
0x4563dc SendInput
0x4563e0 EmptyClipboard
0x4563e4 ShowWindow
0x4563e8 SetWindowTextW
0x4563ec MessageBoxW
0x4563f0 IsWindowVisible
0x4563f4 CloseWindow
GDI32.dll
0x456088 SelectObject
0x45608c CreateCompatibleDC
0x456090 StretchBlt
0x456094 GetDIBits
0x456098 DeleteDC
0x45609c DeleteObject
0x4560a0 CreateDCA
0x4560a4 GetObjectA
0x4560a8 CreateCompatibleBitmap
ADVAPI32.dll
0x456000 CryptAcquireContextA
0x456004 CryptGenRandom
0x456008 CryptReleaseContext
0x45600c GetUserNameW
0x456010 RegEnumKeyExA
0x456014 QueryServiceStatus
0x456018 CloseServiceHandle
0x45601c OpenSCManagerW
0x456020 OpenSCManagerA
0x456024 ControlService
0x456028 StartServiceW
0x45602c QueryServiceConfigW
0x456030 ChangeServiceConfigW
0x456034 OpenServiceW
0x456038 EnumServicesStatusW
0x45603c AdjustTokenPrivileges
0x456040 LookupPrivilegeValueA
0x456044 OpenProcessToken
0x456048 RegCreateKeyA
0x45604c RegCloseKey
0x456050 RegQueryInfoKeyW
0x456054 RegQueryValueExA
0x456058 RegCreateKeyExW
0x45605c RegEnumKeyExW
0x456060 RegSetValueExW
0x456064 RegSetValueExA
0x456068 RegOpenKeyExA
0x45606c RegOpenKeyExW
0x456070 RegCreateKeyW
0x456074 RegDeleteValueW
0x456078 RegEnumValueW
0x45607c RegQueryValueExW
0x456080 RegDeleteKeyA
SHELL32.dll
0x456328 ShellExecuteExA
0x45632c Shell_NotifyIconA
0x456330 ExtractIconA
0x456334 ShellExecuteW
SHLWAPI.dll
0x45633c StrToIntA
0x456340 PathFileExistsW
0x456344 PathFileExistsA
WINMM.dll
0x456410 waveInUnprepareHeader
0x456414 waveInClose
0x456418 mciSendStringW
0x45641c waveInOpen
0x456420 PlaySoundW
0x456424 waveInStart
0x456428 waveInStop
0x45642c waveInPrepareHeader
0x456430 waveInAddBuffer
0x456434 mciSendStringA
WS2_32.dll
0x45643c WSAGetLastError
0x456440 recv
0x456444 connect
0x456448 socket
0x45644c send
0x456450 WSAStartup
0x456454 closesocket
0x456458 inet_ntoa
0x45645c htonl
0x456460 getservbyname
0x456464 ntohs
0x456468 getservbyport
0x45646c gethostbyaddr
0x456470 inet_addr
0x456474 WSASetLastError
0x456478 gethostbyname
0x45647c htons
urlmon.dll
0x4564ac URLOpenBlockingStreamW
0x4564b0 URLDownloadToFileW
gdiplus.dll
0x456484 GdipLoadImageFromStream
0x456488 GdiplusStartup
0x45648c GdipGetImageEncoders
0x456490 GdipSaveImageToStream
0x456494 GdipFree
0x456498 GdipDisposeImage
0x45649c GdipAlloc
0x4564a0 GdipCloneImage
0x4564a4 GdipGetImageEncodersSize
WININET.dll
0x4563fc InternetOpenUrlW
0x456400 InternetCloseHandle
0x456404 InternetReadFile
0x456408 InternetOpenW
EAT(Export Address Table) is none
KERNEL32.dll
0x4560b0 CopyFileW
0x4560b4 CreateMutexA
0x4560b8 GetLocaleInfoA
0x4560bc CreateToolhelp32Snapshot
0x4560c0 OpenMutexA
0x4560c4 Process32NextW
0x4560c8 Process32FirstW
0x4560cc VirtualProtect
0x4560d0 SetLastError
0x4560d4 VirtualFree
0x4560d8 VirtualAlloc
0x4560dc GetNativeSystemInfo
0x4560e0 HeapAlloc
0x4560e4 GetProcessHeap
0x4560e8 FreeLibrary
0x4560ec IsBadReadPtr
0x4560f0 GetTempPathW
0x4560f4 OpenProcess
0x4560f8 lstrcatW
0x4560fc GetCurrentProcessId
0x456100 GetTempFileNameW
0x456104 GetCurrentProcess
0x456108 GetSystemDirectoryA
0x45610c GlobalAlloc
0x456110 GlobalLock
0x456114 GetTickCount
0x456118 GlobalUnlock
0x45611c WriteProcessMemory
0x456120 ResumeThread
0x456124 GetThreadContext
0x456128 ReadProcessMemory
0x45612c CreateProcessW
0x456130 SetThreadContext
0x456134 LocalAlloc
0x456138 GlobalFree
0x45613c MulDiv
0x456140 SizeofResource
0x456144 GetConsoleScreenBufferInfo
0x456148 SetConsoleTextAttribute
0x45614c GetStdHandle
0x456150 SetFilePointer
0x456154 FindResourceA
0x456158 LockResource
0x45615c LoadResource
0x456160 LocalFree
0x456164 SetConsoleOutputCP
0x456168 FormatMessageA
0x45616c AllocConsole
0x456170 GetModuleFileNameA
0x456174 GetLongPathNameW
0x456178 QueryPerformanceFrequency
0x45617c QueryPerformanceCounter
0x456180 EnterCriticalSection
0x456184 LeaveCriticalSection
0x456188 InitializeCriticalSection
0x45618c DeleteCriticalSection
0x456190 HeapSize
0x456194 WriteConsoleW
0x456198 SetStdHandle
0x45619c SetEnvironmentVariableW
0x4561a0 SetEnvironmentVariableA
0x4561a4 FreeEnvironmentStringsW
0x4561a8 GetEnvironmentStringsW
0x4561ac GetCommandLineW
0x4561b0 GetCommandLineA
0x4561b4 GetOEMCP
0x4561b8 IsValidCodePage
0x4561bc FindFirstFileExA
0x4561c0 ReadConsoleW
0x4561c4 GetConsoleMode
0x4561c8 GetConsoleCP
0x4561cc FlushFileBuffers
0x4561d0 GetFileType
0x4561d4 GetTimeZoneInformation
0x4561d8 EnumSystemLocalesW
0x4561dc GetUserDefaultLCID
0x4561e0 IsValidLocale
0x4561e4 GetTimeFormatW
0x4561e8 GetDateFormatW
0x4561ec HeapReAlloc
0x4561f0 GetACP
0x4561f4 GetModuleHandleExW
0x4561f8 MoveFileExW
0x4561fc RtlUnwind
0x456200 RaiseException
0x456204 LoadLibraryExW
0x456208 GetCPInfo
0x45620c GetStringTypeW
0x456210 GetLocaleInfoW
0x456214 LCMapStringW
0x456218 CompareStringW
0x45621c TlsFree
0x456220 TlsSetValue
0x456224 TlsGetValue
0x456228 ExpandEnvironmentStringsA
0x45622c FindNextFileA
0x456230 FindFirstFileA
0x456234 GetFileSize
0x456238 TerminateThread
0x45623c GetLastError
0x456240 SetFileAttributesW
0x456244 GetModuleHandleA
0x456248 CreateDirectoryW
0x45624c RemoveDirectoryW
0x456250 MoveFileW
0x456254 SetFilePointerEx
0x456258 GetLogicalDriveStringsA
0x45625c DeleteFileW
0x456260 DeleteFileA
0x456264 GetFileAttributesW
0x456268 FindClose
0x45626c lstrlenA
0x456270 GetDriveTypeA
0x456274 FindNextFileW
0x456278 GetFileSizeEx
0x45627c FindFirstFileW
0x456280 ExitProcess
0x456284 GetProcAddress
0x456288 LoadLibraryA
0x45628c CreateProcessA
0x456290 PeekNamedPipe
0x456294 CreatePipe
0x456298 TerminateProcess
0x45629c ReadFile
0x4562a0 HeapFree
0x4562a4 HeapCreate
0x4562a8 CreateEventA
0x4562ac GetLocalTime
0x4562b0 CreateThread
0x4562b4 SetEvent
0x4562b8 CreateEventW
0x4562bc WaitForSingleObject
0x4562c0 Sleep
0x4562c4 GetModuleFileNameW
0x4562c8 CloseHandle
0x4562cc ExitThread
0x4562d0 CreateFileW
0x4562d4 WriteFile
0x4562d8 lstrcpynA
0x4562dc TlsAlloc
0x4562e0 InitializeCriticalSectionAndSpinCount
0x4562e4 MultiByteToWideChar
0x4562e8 DecodePointer
0x4562ec EncodePointer
0x4562f0 WideCharToMultiByte
0x4562f4 InitializeSListHead
0x4562f8 GetSystemTimeAsFileTime
0x4562fc GetCurrentThreadId
0x456300 IsProcessorFeaturePresent
0x456304 GetStartupInfoW
0x456308 SetUnhandledExceptionFilter
0x45630c UnhandledExceptionFilter
0x456310 IsDebuggerPresent
0x456314 GetModuleHandleW
0x456318 WaitForSingleObjectEx
0x45631c ResetEvent
0x456320 SetEndOfFile
USER32.dll
0x45634c mouse_event
0x456350 TranslateMessage
0x456354 DispatchMessageA
0x456358 GetMessageA
0x45635c GetWindowTextW
0x456360 wsprintfW
0x456364 GetClipboardData
0x456368 UnhookWindowsHookEx
0x45636c GetForegroundWindow
0x456370 ToUnicodeEx
0x456374 GetKeyboardLayout
0x456378 SetWindowsHookExA
0x45637c CloseClipboard
0x456380 OpenClipboard
0x456384 GetKeyboardState
0x456388 CallNextHookEx
0x45638c GetKeyboardLayoutNameA
0x456390 GetKeyState
0x456394 GetWindowTextLengthW
0x456398 GetWindowThreadProcessId
0x45639c SetForegroundWindow
0x4563a0 SetClipboardData
0x4563a4 EnumWindows
0x4563a8 ExitWindowsEx
0x4563ac GetSystemMetrics
0x4563b0 GetIconInfo
0x4563b4 SystemParametersInfoW
0x4563b8 GetCursorPos
0x4563bc RegisterClassExA
0x4563c0 DrawIcon
0x4563c4 AppendMenuA
0x4563c8 CreateWindowExA
0x4563cc DefWindowProcA
0x4563d0 TrackPopupMenu
0x4563d4 CreatePopupMenu
0x4563d8 EnumDisplaySettingsW
0x4563dc SendInput
0x4563e0 EmptyClipboard
0x4563e4 ShowWindow
0x4563e8 SetWindowTextW
0x4563ec MessageBoxW
0x4563f0 IsWindowVisible
0x4563f4 CloseWindow
GDI32.dll
0x456088 SelectObject
0x45608c CreateCompatibleDC
0x456090 StretchBlt
0x456094 GetDIBits
0x456098 DeleteDC
0x45609c DeleteObject
0x4560a0 CreateDCA
0x4560a4 GetObjectA
0x4560a8 CreateCompatibleBitmap
ADVAPI32.dll
0x456000 CryptAcquireContextA
0x456004 CryptGenRandom
0x456008 CryptReleaseContext
0x45600c GetUserNameW
0x456010 RegEnumKeyExA
0x456014 QueryServiceStatus
0x456018 CloseServiceHandle
0x45601c OpenSCManagerW
0x456020 OpenSCManagerA
0x456024 ControlService
0x456028 StartServiceW
0x45602c QueryServiceConfigW
0x456030 ChangeServiceConfigW
0x456034 OpenServiceW
0x456038 EnumServicesStatusW
0x45603c AdjustTokenPrivileges
0x456040 LookupPrivilegeValueA
0x456044 OpenProcessToken
0x456048 RegCreateKeyA
0x45604c RegCloseKey
0x456050 RegQueryInfoKeyW
0x456054 RegQueryValueExA
0x456058 RegCreateKeyExW
0x45605c RegEnumKeyExW
0x456060 RegSetValueExW
0x456064 RegSetValueExA
0x456068 RegOpenKeyExA
0x45606c RegOpenKeyExW
0x456070 RegCreateKeyW
0x456074 RegDeleteValueW
0x456078 RegEnumValueW
0x45607c RegQueryValueExW
0x456080 RegDeleteKeyA
SHELL32.dll
0x456328 ShellExecuteExA
0x45632c Shell_NotifyIconA
0x456330 ExtractIconA
0x456334 ShellExecuteW
SHLWAPI.dll
0x45633c StrToIntA
0x456340 PathFileExistsW
0x456344 PathFileExistsA
WINMM.dll
0x456410 waveInUnprepareHeader
0x456414 waveInClose
0x456418 mciSendStringW
0x45641c waveInOpen
0x456420 PlaySoundW
0x456424 waveInStart
0x456428 waveInStop
0x45642c waveInPrepareHeader
0x456430 waveInAddBuffer
0x456434 mciSendStringA
WS2_32.dll
0x45643c WSAGetLastError
0x456440 recv
0x456444 connect
0x456448 socket
0x45644c send
0x456450 WSAStartup
0x456454 closesocket
0x456458 inet_ntoa
0x45645c htonl
0x456460 getservbyname
0x456464 ntohs
0x456468 getservbyport
0x45646c gethostbyaddr
0x456470 inet_addr
0x456474 WSASetLastError
0x456478 gethostbyname
0x45647c htons
urlmon.dll
0x4564ac URLOpenBlockingStreamW
0x4564b0 URLDownloadToFileW
gdiplus.dll
0x456484 GdipLoadImageFromStream
0x456488 GdiplusStartup
0x45648c GdipGetImageEncoders
0x456490 GdipSaveImageToStream
0x456494 GdipFree
0x456498 GdipDisposeImage
0x45649c GdipAlloc
0x4564a0 GdipCloneImage
0x4564a4 GdipGetImageEncodersSize
WININET.dll
0x4563fc InternetOpenUrlW
0x456400 InternetCloseHandle
0x456404 InternetReadFile
0x456408 InternetOpenW
EAT(Export Address Table) is none