ScreenShot
| Created | 2024.10.18 10:05 | Machine | s1_win7_x6401 |
| Filename | reverse_ctl.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 9 detected (AIDetectMalware, Unsafe, Save, malicious, moderate confidence, Static AI, Suspicious PE) | ||
| md5 | 51dadf28bb2dfca8bcfdd80a15cfdfe1 | ||
| sha256 | c1b5b2692f77317e4a4ed00a960dabaac5c8316a02861844d2970a7f9dc3a915 | ||
| ssdeep | 196608:gro35JqEdQmR4uErSEEJwvEObFHtnCk/R:gDEdQf+9J5AtR | ||
| imphash | 456e8615ad4320c9f54e50319a19df9c | ||
| impfuzzy | 48:tn6gF/gub6EwoQ54rzSv6xviAl9uUNBsc1OGt3S1MEc+pIuCGgTQV0Kq14r:pfh1lNNBswtt3S1MEc+pIuYQWHS | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Creates executable files on the filesystem |
| notice | File has been identified by 9 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
Rules (17cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | ASPack_Zero | ASPack packed file | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | zip_file_format | ZIP file format | binaries (download) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x14002b3b0 CreateWindowExW
0x14002b3b8 PostMessageW
0x14002b3c0 GetMessageW
0x14002b3c8 MessageBoxW
0x14002b3d0 MessageBoxA
0x14002b3d8 SystemParametersInfoW
0x14002b3e0 DestroyIcon
0x14002b3e8 SetWindowLongPtrW
0x14002b3f0 GetWindowLongPtrW
0x14002b3f8 GetClientRect
0x14002b400 InvalidateRect
0x14002b408 ReleaseDC
0x14002b410 GetDC
0x14002b418 DrawTextW
0x14002b420 GetDialogBaseUnits
0x14002b428 EndDialog
0x14002b430 DialogBoxIndirectParamW
0x14002b438 MoveWindow
0x14002b440 SendMessageW
COMCTL32.dll
0x14002b028 None
KERNEL32.dll
0x14002b058 GetACP
0x14002b060 IsValidCodePage
0x14002b068 GetStringTypeW
0x14002b070 GetFileAttributesExW
0x14002b078 SetEnvironmentVariableW
0x14002b080 FlushFileBuffers
0x14002b088 GetCurrentDirectoryW
0x14002b090 GetOEMCP
0x14002b098 GetCPInfo
0x14002b0a0 GetModuleHandleW
0x14002b0a8 MulDiv
0x14002b0b0 GetLastError
0x14002b0b8 FormatMessageW
0x14002b0c0 GetModuleFileNameW
0x14002b0c8 SetDllDirectoryW
0x14002b0d0 CreateSymbolicLinkW
0x14002b0d8 GetProcAddress
0x14002b0e0 CreateDirectoryW
0x14002b0e8 GetCommandLineW
0x14002b0f0 GetEnvironmentVariableW
0x14002b0f8 ExpandEnvironmentStringsW
0x14002b100 GetEnvironmentStringsW
0x14002b108 FindClose
0x14002b110 FindFirstFileW
0x14002b118 FindNextFileW
0x14002b120 GetDriveTypeW
0x14002b128 RemoveDirectoryW
0x14002b130 GetTempPathW
0x14002b138 CloseHandle
0x14002b140 WaitForSingleObject
0x14002b148 Sleep
0x14002b150 GetCurrentProcess
0x14002b158 GetExitCodeProcess
0x14002b160 CreateProcessW
0x14002b168 GetStartupInfoW
0x14002b170 FreeLibrary
0x14002b178 LoadLibraryExW
0x14002b180 LocalFree
0x14002b188 SetConsoleCtrlHandler
0x14002b190 K32EnumProcessModules
0x14002b198 K32GetModuleFileNameExW
0x14002b1a0 CreateFileW
0x14002b1a8 FindFirstFileExW
0x14002b1b0 GetFinalPathNameByHandleW
0x14002b1b8 MultiByteToWideChar
0x14002b1c0 WideCharToMultiByte
0x14002b1c8 FreeEnvironmentStringsW
0x14002b1d0 GetProcessHeap
0x14002b1d8 GetTimeZoneInformation
0x14002b1e0 HeapSize
0x14002b1e8 HeapReAlloc
0x14002b1f0 WriteConsoleW
0x14002b1f8 SetEndOfFile
0x14002b200 DeleteFileW
0x14002b208 IsProcessorFeaturePresent
0x14002b210 RtlCaptureContext
0x14002b218 RtlLookupFunctionEntry
0x14002b220 RtlVirtualUnwind
0x14002b228 UnhandledExceptionFilter
0x14002b230 SetUnhandledExceptionFilter
0x14002b238 TerminateProcess
0x14002b240 QueryPerformanceCounter
0x14002b248 GetCurrentProcessId
0x14002b250 GetCurrentThreadId
0x14002b258 GetSystemTimeAsFileTime
0x14002b260 InitializeSListHead
0x14002b268 IsDebuggerPresent
0x14002b270 RtlUnwindEx
0x14002b278 SetLastError
0x14002b280 EnterCriticalSection
0x14002b288 LeaveCriticalSection
0x14002b290 DeleteCriticalSection
0x14002b298 InitializeCriticalSectionAndSpinCount
0x14002b2a0 TlsAlloc
0x14002b2a8 TlsGetValue
0x14002b2b0 TlsSetValue
0x14002b2b8 TlsFree
0x14002b2c0 EncodePointer
0x14002b2c8 RaiseException
0x14002b2d0 RtlPcToFileHeader
0x14002b2d8 GetCommandLineA
0x14002b2e0 GetFileInformationByHandle
0x14002b2e8 GetFileType
0x14002b2f0 PeekNamedPipe
0x14002b2f8 SystemTimeToTzSpecificLocalTime
0x14002b300 FileTimeToSystemTime
0x14002b308 ReadFile
0x14002b310 GetFullPathNameW
0x14002b318 SetStdHandle
0x14002b320 GetStdHandle
0x14002b328 WriteFile
0x14002b330 ExitProcess
0x14002b338 GetModuleHandleExW
0x14002b340 HeapFree
0x14002b348 GetConsoleMode
0x14002b350 ReadConsoleW
0x14002b358 SetFilePointerEx
0x14002b360 GetConsoleOutputCP
0x14002b368 GetFileSizeEx
0x14002b370 HeapAlloc
0x14002b378 FlsAlloc
0x14002b380 FlsGetValue
0x14002b388 FlsSetValue
0x14002b390 FlsFree
0x14002b398 CompareStringW
0x14002b3a0 LCMapStringW
ADVAPI32.dll
0x14002b000 OpenProcessToken
0x14002b008 GetTokenInformation
0x14002b010 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x14002b018 ConvertSidToStringSidW
GDI32.dll
0x14002b038 SelectObject
0x14002b040 DeleteObject
0x14002b048 CreateFontIndirectW
EAT(Export Address Table) is none
USER32.dll
0x14002b3b0 CreateWindowExW
0x14002b3b8 PostMessageW
0x14002b3c0 GetMessageW
0x14002b3c8 MessageBoxW
0x14002b3d0 MessageBoxA
0x14002b3d8 SystemParametersInfoW
0x14002b3e0 DestroyIcon
0x14002b3e8 SetWindowLongPtrW
0x14002b3f0 GetWindowLongPtrW
0x14002b3f8 GetClientRect
0x14002b400 InvalidateRect
0x14002b408 ReleaseDC
0x14002b410 GetDC
0x14002b418 DrawTextW
0x14002b420 GetDialogBaseUnits
0x14002b428 EndDialog
0x14002b430 DialogBoxIndirectParamW
0x14002b438 MoveWindow
0x14002b440 SendMessageW
COMCTL32.dll
0x14002b028 None
KERNEL32.dll
0x14002b058 GetACP
0x14002b060 IsValidCodePage
0x14002b068 GetStringTypeW
0x14002b070 GetFileAttributesExW
0x14002b078 SetEnvironmentVariableW
0x14002b080 FlushFileBuffers
0x14002b088 GetCurrentDirectoryW
0x14002b090 GetOEMCP
0x14002b098 GetCPInfo
0x14002b0a0 GetModuleHandleW
0x14002b0a8 MulDiv
0x14002b0b0 GetLastError
0x14002b0b8 FormatMessageW
0x14002b0c0 GetModuleFileNameW
0x14002b0c8 SetDllDirectoryW
0x14002b0d0 CreateSymbolicLinkW
0x14002b0d8 GetProcAddress
0x14002b0e0 CreateDirectoryW
0x14002b0e8 GetCommandLineW
0x14002b0f0 GetEnvironmentVariableW
0x14002b0f8 ExpandEnvironmentStringsW
0x14002b100 GetEnvironmentStringsW
0x14002b108 FindClose
0x14002b110 FindFirstFileW
0x14002b118 FindNextFileW
0x14002b120 GetDriveTypeW
0x14002b128 RemoveDirectoryW
0x14002b130 GetTempPathW
0x14002b138 CloseHandle
0x14002b140 WaitForSingleObject
0x14002b148 Sleep
0x14002b150 GetCurrentProcess
0x14002b158 GetExitCodeProcess
0x14002b160 CreateProcessW
0x14002b168 GetStartupInfoW
0x14002b170 FreeLibrary
0x14002b178 LoadLibraryExW
0x14002b180 LocalFree
0x14002b188 SetConsoleCtrlHandler
0x14002b190 K32EnumProcessModules
0x14002b198 K32GetModuleFileNameExW
0x14002b1a0 CreateFileW
0x14002b1a8 FindFirstFileExW
0x14002b1b0 GetFinalPathNameByHandleW
0x14002b1b8 MultiByteToWideChar
0x14002b1c0 WideCharToMultiByte
0x14002b1c8 FreeEnvironmentStringsW
0x14002b1d0 GetProcessHeap
0x14002b1d8 GetTimeZoneInformation
0x14002b1e0 HeapSize
0x14002b1e8 HeapReAlloc
0x14002b1f0 WriteConsoleW
0x14002b1f8 SetEndOfFile
0x14002b200 DeleteFileW
0x14002b208 IsProcessorFeaturePresent
0x14002b210 RtlCaptureContext
0x14002b218 RtlLookupFunctionEntry
0x14002b220 RtlVirtualUnwind
0x14002b228 UnhandledExceptionFilter
0x14002b230 SetUnhandledExceptionFilter
0x14002b238 TerminateProcess
0x14002b240 QueryPerformanceCounter
0x14002b248 GetCurrentProcessId
0x14002b250 GetCurrentThreadId
0x14002b258 GetSystemTimeAsFileTime
0x14002b260 InitializeSListHead
0x14002b268 IsDebuggerPresent
0x14002b270 RtlUnwindEx
0x14002b278 SetLastError
0x14002b280 EnterCriticalSection
0x14002b288 LeaveCriticalSection
0x14002b290 DeleteCriticalSection
0x14002b298 InitializeCriticalSectionAndSpinCount
0x14002b2a0 TlsAlloc
0x14002b2a8 TlsGetValue
0x14002b2b0 TlsSetValue
0x14002b2b8 TlsFree
0x14002b2c0 EncodePointer
0x14002b2c8 RaiseException
0x14002b2d0 RtlPcToFileHeader
0x14002b2d8 GetCommandLineA
0x14002b2e0 GetFileInformationByHandle
0x14002b2e8 GetFileType
0x14002b2f0 PeekNamedPipe
0x14002b2f8 SystemTimeToTzSpecificLocalTime
0x14002b300 FileTimeToSystemTime
0x14002b308 ReadFile
0x14002b310 GetFullPathNameW
0x14002b318 SetStdHandle
0x14002b320 GetStdHandle
0x14002b328 WriteFile
0x14002b330 ExitProcess
0x14002b338 GetModuleHandleExW
0x14002b340 HeapFree
0x14002b348 GetConsoleMode
0x14002b350 ReadConsoleW
0x14002b358 SetFilePointerEx
0x14002b360 GetConsoleOutputCP
0x14002b368 GetFileSizeEx
0x14002b370 HeapAlloc
0x14002b378 FlsAlloc
0x14002b380 FlsGetValue
0x14002b388 FlsSetValue
0x14002b390 FlsFree
0x14002b398 CompareStringW
0x14002b3a0 LCMapStringW
ADVAPI32.dll
0x14002b000 OpenProcessToken
0x14002b008 GetTokenInformation
0x14002b010 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x14002b018 ConvertSidToStringSidW
GDI32.dll
0x14002b038 SelectObject
0x14002b040 DeleteObject
0x14002b048 CreateFontIndirectW
EAT(Export Address Table) is none