ScreenShot
| Created | 2024.10.20 10:12 | Machine | s1_win7_x6403 |
| Filename | fgdump.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | |||
| md5 | 0762764e298c369a2de8afaec5174ed9 | ||
| sha256 | a6cad2d0f8dc05246846d2a9618fc93b7d97681331d5826f8353e7c3a3206e86 | ||
| ssdeep | 12288:ED7lxIXgij3qi3MAxGQ3BdOukFfY+F1ldsui3hBTo:EEXjj3qgPGQ3BVkpY+F1ldsui37To | ||
| imphash | fd35e4db9753c3fb74671af9bb4e4e64 | ||
| impfuzzy | 48:qVDeOGmSpy9n7qdnMTCbxcKpFZmj/eBpAy:qVDeASpyh7mnMTCbxcufmzk | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| watch | Creates known Hupigon files |
| watch | Creates known PWDump/FGDump files |
| notice | Creates a service |
| notice | Creates executable files on the filesystem |
| notice | Drops a binary and executes it |
| notice | Drops an executable to the user AppData folder |
| info | Command line console output was observed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (14cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
NETAPI32.dll
0x4171d0 NetShareEnum
0x4171d4 NetApiBufferFree
MPR.dll
0x4171c4 WNetCancelConnection2A
0x4171c8 WNetAddConnection2A
KERNEL32.dll
0x417034 ResetEvent
0x417038 LeaveCriticalSection
0x41703c WaitForMultipleObjects
0x417040 EnterCriticalSection
0x417044 GetSystemTime
0x417048 GetCurrentThreadId
0x41704c CreateThread
0x417050 CreateEventA
0x417054 GetLastError
0x417058 GetTempPathA
0x41705c CopyFileA
0x417060 DeleteFileA
0x417064 InterlockedIncrement
0x417068 GetCommandLineA
0x41706c GetLocalTime
0x417070 CloseHandle
0x417074 CreateProcessA
0x417078 SetEvent
0x41707c DuplicateHandle
0x417080 GetCurrentProcess
0x417084 CreatePipe
0x417088 GetStdHandle
0x41708c GetCurrentDirectoryA
0x417090 FreeResource
0x417094 SizeofResource
0x417098 LockResource
0x41709c LoadResource
0x4170a0 FindResourceA
0x4170a4 Sleep
0x4170a8 CreateMutexA
0x4170ac GetLocaleInfoW
0x4170b0 DeleteCriticalSection
0x4170b4 InitializeCriticalSection
0x4170b8 LoadLibraryExA
0x4170bc FormatMessageA
0x4170c0 FreeLibrary
0x4170c4 WaitForSingleObject
0x4170c8 SetEndOfFile
0x4170cc ReadFile
0x4170d0 ExitProcess
0x4170d4 InterlockedExchange
0x4170d8 LoadLibraryA
0x4170dc SetStdHandle
0x4170e0 HeapFree
0x4170e4 RtlUnwind
0x4170e8 RaiseException
0x4170ec GetProcAddress
0x4170f0 GetModuleHandleA
0x4170f4 TerminateProcess
0x4170f8 HeapAlloc
0x4170fc WriteConsoleA
0x417100 ReadConsoleInputA
0x417104 SetConsoleMode
0x417108 GetConsoleMode
0x41710c MultiByteToWideChar
0x417110 WideCharToMultiByte
0x417114 GetVersionExA
0x417118 LCMapStringA
0x41711c LCMapStringW
0x417120 GetCPInfo
0x417124 HeapDestroy
0x417128 HeapCreate
0x41712c VirtualFree
0x417130 VirtualAlloc
0x417134 HeapReAlloc
0x417138 IsBadWritePtr
0x41713c SetUnhandledExceptionFilter
0x417140 WriteFile
0x417144 FlushFileBuffers
0x417148 QueryPerformanceCounter
0x41714c GetTickCount
0x417150 GetCurrentProcessId
0x417154 GetSystemTimeAsFileTime
0x417158 GetModuleFileNameA
0x41715c SetFilePointer
0x417160 CreateFileA
0x417164 VirtualProtect
0x417168 GetSystemInfo
0x41716c VirtualQuery
0x417170 SetHandleCount
0x417174 GetFileType
0x417178 GetStartupInfoA
0x41717c HeapSize
0x417180 GetACP
0x417184 GetOEMCP
0x417188 UnhandledExceptionFilter
0x41718c FreeEnvironmentStringsA
0x417190 GetEnvironmentStrings
0x417194 FreeEnvironmentStringsW
0x417198 GetEnvironmentStringsW
0x41719c GetLocaleInfoA
0x4171a0 GetStringTypeA
0x4171a4 GetStringTypeW
0x4171a8 GetUserDefaultLCID
0x4171ac EnumSystemLocalesA
0x4171b0 IsValidLocale
0x4171b4 IsValidCodePage
0x4171b8 IsBadReadPtr
0x4171bc IsBadCodePtr
USER32.dll
0x4171dc wsprintfA
ADVAPI32.dll
0x417000 CreateServiceA
0x417004 ControlService
0x417008 StartServiceA
0x41700c OpenSCManagerA
0x417010 OpenServiceA
0x417014 CloseServiceHandle
0x417018 QueryServiceStatus
0x41701c RegConnectRegistryA
0x417020 RegOpenKeyA
0x417024 RegQueryValueExA
0x417028 RegCloseKey
0x41702c DeleteService
ole32.dll
0x4171e4 CoCreateGuid
0x4171e8 StringFromGUID2
EAT(Export Address Table) is none
NETAPI32.dll
0x4171d0 NetShareEnum
0x4171d4 NetApiBufferFree
MPR.dll
0x4171c4 WNetCancelConnection2A
0x4171c8 WNetAddConnection2A
KERNEL32.dll
0x417034 ResetEvent
0x417038 LeaveCriticalSection
0x41703c WaitForMultipleObjects
0x417040 EnterCriticalSection
0x417044 GetSystemTime
0x417048 GetCurrentThreadId
0x41704c CreateThread
0x417050 CreateEventA
0x417054 GetLastError
0x417058 GetTempPathA
0x41705c CopyFileA
0x417060 DeleteFileA
0x417064 InterlockedIncrement
0x417068 GetCommandLineA
0x41706c GetLocalTime
0x417070 CloseHandle
0x417074 CreateProcessA
0x417078 SetEvent
0x41707c DuplicateHandle
0x417080 GetCurrentProcess
0x417084 CreatePipe
0x417088 GetStdHandle
0x41708c GetCurrentDirectoryA
0x417090 FreeResource
0x417094 SizeofResource
0x417098 LockResource
0x41709c LoadResource
0x4170a0 FindResourceA
0x4170a4 Sleep
0x4170a8 CreateMutexA
0x4170ac GetLocaleInfoW
0x4170b0 DeleteCriticalSection
0x4170b4 InitializeCriticalSection
0x4170b8 LoadLibraryExA
0x4170bc FormatMessageA
0x4170c0 FreeLibrary
0x4170c4 WaitForSingleObject
0x4170c8 SetEndOfFile
0x4170cc ReadFile
0x4170d0 ExitProcess
0x4170d4 InterlockedExchange
0x4170d8 LoadLibraryA
0x4170dc SetStdHandle
0x4170e0 HeapFree
0x4170e4 RtlUnwind
0x4170e8 RaiseException
0x4170ec GetProcAddress
0x4170f0 GetModuleHandleA
0x4170f4 TerminateProcess
0x4170f8 HeapAlloc
0x4170fc WriteConsoleA
0x417100 ReadConsoleInputA
0x417104 SetConsoleMode
0x417108 GetConsoleMode
0x41710c MultiByteToWideChar
0x417110 WideCharToMultiByte
0x417114 GetVersionExA
0x417118 LCMapStringA
0x41711c LCMapStringW
0x417120 GetCPInfo
0x417124 HeapDestroy
0x417128 HeapCreate
0x41712c VirtualFree
0x417130 VirtualAlloc
0x417134 HeapReAlloc
0x417138 IsBadWritePtr
0x41713c SetUnhandledExceptionFilter
0x417140 WriteFile
0x417144 FlushFileBuffers
0x417148 QueryPerformanceCounter
0x41714c GetTickCount
0x417150 GetCurrentProcessId
0x417154 GetSystemTimeAsFileTime
0x417158 GetModuleFileNameA
0x41715c SetFilePointer
0x417160 CreateFileA
0x417164 VirtualProtect
0x417168 GetSystemInfo
0x41716c VirtualQuery
0x417170 SetHandleCount
0x417174 GetFileType
0x417178 GetStartupInfoA
0x41717c HeapSize
0x417180 GetACP
0x417184 GetOEMCP
0x417188 UnhandledExceptionFilter
0x41718c FreeEnvironmentStringsA
0x417190 GetEnvironmentStrings
0x417194 FreeEnvironmentStringsW
0x417198 GetEnvironmentStringsW
0x41719c GetLocaleInfoA
0x4171a0 GetStringTypeA
0x4171a4 GetStringTypeW
0x4171a8 GetUserDefaultLCID
0x4171ac EnumSystemLocalesA
0x4171b0 IsValidLocale
0x4171b4 IsValidCodePage
0x4171b8 IsBadReadPtr
0x4171bc IsBadCodePtr
USER32.dll
0x4171dc wsprintfA
ADVAPI32.dll
0x417000 CreateServiceA
0x417004 ControlService
0x417008 StartServiceA
0x41700c OpenSCManagerA
0x417010 OpenServiceA
0x417014 CloseServiceHandle
0x417018 QueryServiceStatus
0x41701c RegConnectRegistryA
0x417020 RegOpenKeyA
0x417024 RegQueryValueExA
0x417028 RegCloseKey
0x41702c DeleteService
ole32.dll
0x4171e4 CoCreateGuid
0x4171e8 StringFromGUID2
EAT(Export Address Table) is none