ScreenShot
| Created | 2024.10.21 13:38 | Machine | s1_win7_x6403 |
| Filename | ZZZ.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 62 detected (Common, Tasker, tsFh, Malicious, score, CoinMiner, Zusy, Unsafe, Save, confidence, Genus, Attribute, HighConfidence, high confidence, AGPC, TrojanX, Jaik, ksnqzu, Amadey, vGhulzjTAJ, pnejj, Siggen29, YXEI3Z, Real Protect, Static AI, Malicious PE, Detected, HeurC, KVMH017, Wacatac, Malware@#6bbfm4orcbfh, Multiverze, ABTrojan, JQES, Artemis, BScope, Zharkbot, Chgt, Gencirc, susgen) | ||
| md5 | 3663c34a774b45d65edb817e27dcbdae | ||
| sha256 | f203e00cfa3c0ff98670d56ace48c0ee7bf1a997309a8da1379d5291cbe37c3d | ||
| ssdeep | 6144:Uypo5x1dkBovN2s0GGDwmW9pLbLGou5YLQRjpj3xm3Z9F+MEuMBoSVGLJnt2QE92:Uypo5eBovNguMGSVGLM7uXjazj6AE+W | ||
| imphash | 86066554454deea625edb22af31c51bd | ||
| impfuzzy | 48:ZWrXOzMrlccpV5Cr3XjtNG7pZ+3gFZGhv3Nwih:aXm2lccpV5o3XjtNG7pZtwNw8 | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 62 AntiVirus engines on VirusTotal as malicious |
| watch | Checks the version of Bios |
| watch | Detects Avast Antivirus through the presence of a library |
| watch | Harvests credentials from local email clients |
| notice | Executes one or more WMI queries |
| notice | Executes one or more WMI queries which can be used to identify virtual machines |
| info | Queries for the computername |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x43f014 ReadProcessMemory
0x43f018 WriteProcessMemory
0x43f01c GetModuleHandleA
0x43f020 GetProcAddress
0x43f024 Sleep
0x43f028 VirtualProtectEx
0x43f02c GetVersion
0x43f030 GetComputerNameA
0x43f034 WriteConsoleW
0x43f038 HeapSize
0x43f03c CreateFileW
0x43f040 GetProcessHeap
0x43f044 SetStdHandle
0x43f048 VirtualAllocEx
0x43f04c VirtualAlloc
0x43f050 SetThreadContext
0x43f054 GetThreadContext
0x43f058 CreateProcessA
0x43f05c ResumeThread
0x43f060 K32GetModuleFileNameExA
0x43f064 GetLastError
0x43f068 K32EnumProcesses
0x43f06c OpenProcess
0x43f070 TerminateProcess
0x43f074 GetCurrentProcessId
0x43f078 CreateProcessW
0x43f07c CloseHandle
0x43f080 SetEnvironmentVariableW
0x43f084 FreeEnvironmentStringsW
0x43f088 GetEnvironmentStringsW
0x43f08c GetOEMCP
0x43f090 GetACP
0x43f094 IsValidCodePage
0x43f098 FindNextFileW
0x43f09c FindFirstFileExW
0x43f0a0 FindClose
0x43f0a4 HeapReAlloc
0x43f0a8 ReadConsoleW
0x43f0ac SetFilePointerEx
0x43f0b0 GetFileSizeEx
0x43f0b4 ReadFile
0x43f0b8 GetConsoleMode
0x43f0bc GetConsoleOutputCP
0x43f0c0 WideCharToMultiByte
0x43f0c4 EnterCriticalSection
0x43f0c8 LeaveCriticalSection
0x43f0cc InitializeCriticalSectionEx
0x43f0d0 DeleteCriticalSection
0x43f0d4 EncodePointer
0x43f0d8 DecodePointer
0x43f0dc MultiByteToWideChar
0x43f0e0 LCMapStringEx
0x43f0e4 CompareStringEx
0x43f0e8 GetCPInfo
0x43f0ec GetStringTypeW
0x43f0f0 IsProcessorFeaturePresent
0x43f0f4 QueryPerformanceCounter
0x43f0f8 GetCurrentThreadId
0x43f0fc GetSystemTimeAsFileTime
0x43f100 InitializeSListHead
0x43f104 IsDebuggerPresent
0x43f108 UnhandledExceptionFilter
0x43f10c SetUnhandledExceptionFilter
0x43f110 GetStartupInfoW
0x43f114 GetModuleHandleW
0x43f118 GetCurrentProcess
0x43f11c RaiseException
0x43f120 RtlUnwind
0x43f124 SetLastError
0x43f128 InitializeCriticalSectionAndSpinCount
0x43f12c TlsAlloc
0x43f130 TlsGetValue
0x43f134 TlsSetValue
0x43f138 TlsFree
0x43f13c FreeLibrary
0x43f140 LoadLibraryExW
0x43f144 ExitProcess
0x43f148 GetModuleHandleExW
0x43f14c GetStdHandle
0x43f150 WriteFile
0x43f154 GetModuleFileNameW
0x43f158 GetCommandLineA
0x43f15c GetCommandLineW
0x43f160 HeapFree
0x43f164 HeapAlloc
0x43f168 CompareStringW
0x43f16c LCMapStringW
0x43f170 GetLocaleInfoW
0x43f174 IsValidLocale
0x43f178 GetUserDefaultLCID
0x43f17c EnumSystemLocalesW
0x43f180 GetFileType
0x43f184 FlushFileBuffers
0x43f188 SetEndOfFile
ADVAPI32.dll
0x43f000 RegQueryValueExA
0x43f004 RegOpenKeyExA
0x43f008 RegCloseKey
0x43f00c GetUserNameA
ole32.dll
0x43f1b8 CoInitializeEx
0x43f1bc CoInitializeSecurity
0x43f1c0 CoCreateInstance
0x43f1c4 CoSetProxyBlanket
0x43f1c8 CoUninitialize
OLEAUT32.dll
0x43f190 SysAllocString
0x43f194 SysFreeString
0x43f198 VariantInit
0x43f19c VariantClear
WININET.dll
0x43f1a4 InternetOpenUrlA
0x43f1a8 InternetOpenW
0x43f1ac InternetReadFile
0x43f1b0 InternetCloseHandle
EAT(Export Address Table) is none
KERNEL32.dll
0x43f014 ReadProcessMemory
0x43f018 WriteProcessMemory
0x43f01c GetModuleHandleA
0x43f020 GetProcAddress
0x43f024 Sleep
0x43f028 VirtualProtectEx
0x43f02c GetVersion
0x43f030 GetComputerNameA
0x43f034 WriteConsoleW
0x43f038 HeapSize
0x43f03c CreateFileW
0x43f040 GetProcessHeap
0x43f044 SetStdHandle
0x43f048 VirtualAllocEx
0x43f04c VirtualAlloc
0x43f050 SetThreadContext
0x43f054 GetThreadContext
0x43f058 CreateProcessA
0x43f05c ResumeThread
0x43f060 K32GetModuleFileNameExA
0x43f064 GetLastError
0x43f068 K32EnumProcesses
0x43f06c OpenProcess
0x43f070 TerminateProcess
0x43f074 GetCurrentProcessId
0x43f078 CreateProcessW
0x43f07c CloseHandle
0x43f080 SetEnvironmentVariableW
0x43f084 FreeEnvironmentStringsW
0x43f088 GetEnvironmentStringsW
0x43f08c GetOEMCP
0x43f090 GetACP
0x43f094 IsValidCodePage
0x43f098 FindNextFileW
0x43f09c FindFirstFileExW
0x43f0a0 FindClose
0x43f0a4 HeapReAlloc
0x43f0a8 ReadConsoleW
0x43f0ac SetFilePointerEx
0x43f0b0 GetFileSizeEx
0x43f0b4 ReadFile
0x43f0b8 GetConsoleMode
0x43f0bc GetConsoleOutputCP
0x43f0c0 WideCharToMultiByte
0x43f0c4 EnterCriticalSection
0x43f0c8 LeaveCriticalSection
0x43f0cc InitializeCriticalSectionEx
0x43f0d0 DeleteCriticalSection
0x43f0d4 EncodePointer
0x43f0d8 DecodePointer
0x43f0dc MultiByteToWideChar
0x43f0e0 LCMapStringEx
0x43f0e4 CompareStringEx
0x43f0e8 GetCPInfo
0x43f0ec GetStringTypeW
0x43f0f0 IsProcessorFeaturePresent
0x43f0f4 QueryPerformanceCounter
0x43f0f8 GetCurrentThreadId
0x43f0fc GetSystemTimeAsFileTime
0x43f100 InitializeSListHead
0x43f104 IsDebuggerPresent
0x43f108 UnhandledExceptionFilter
0x43f10c SetUnhandledExceptionFilter
0x43f110 GetStartupInfoW
0x43f114 GetModuleHandleW
0x43f118 GetCurrentProcess
0x43f11c RaiseException
0x43f120 RtlUnwind
0x43f124 SetLastError
0x43f128 InitializeCriticalSectionAndSpinCount
0x43f12c TlsAlloc
0x43f130 TlsGetValue
0x43f134 TlsSetValue
0x43f138 TlsFree
0x43f13c FreeLibrary
0x43f140 LoadLibraryExW
0x43f144 ExitProcess
0x43f148 GetModuleHandleExW
0x43f14c GetStdHandle
0x43f150 WriteFile
0x43f154 GetModuleFileNameW
0x43f158 GetCommandLineA
0x43f15c GetCommandLineW
0x43f160 HeapFree
0x43f164 HeapAlloc
0x43f168 CompareStringW
0x43f16c LCMapStringW
0x43f170 GetLocaleInfoW
0x43f174 IsValidLocale
0x43f178 GetUserDefaultLCID
0x43f17c EnumSystemLocalesW
0x43f180 GetFileType
0x43f184 FlushFileBuffers
0x43f188 SetEndOfFile
ADVAPI32.dll
0x43f000 RegQueryValueExA
0x43f004 RegOpenKeyExA
0x43f008 RegCloseKey
0x43f00c GetUserNameA
ole32.dll
0x43f1b8 CoInitializeEx
0x43f1bc CoInitializeSecurity
0x43f1c0 CoCreateInstance
0x43f1c4 CoSetProxyBlanket
0x43f1c8 CoUninitialize
OLEAUT32.dll
0x43f190 SysAllocString
0x43f194 SysFreeString
0x43f198 VariantInit
0x43f19c VariantClear
WININET.dll
0x43f1a4 InternetOpenUrlA
0x43f1a8 InternetOpenW
0x43f1ac InternetReadFile
0x43f1b0 InternetCloseHandle
EAT(Export Address Table) is none