ScreenShot
| Created | 2024.10.21 13:51 | Machine | s1_win7_x6401 |
| Filename | softina.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 29 detected (AIDetectMalware, Malicious, score, NetLoader, Unsafe, confidence, GenericKD, Attribute, HighConfidence, high confidence, Real Protect, Static AI, Malicious PE, Artemis, susgen, PossibleThreat) | ||
| md5 | 1ec718ada22e61a5bbbc2407a842b95b | ||
| sha256 | 2e3bc4c6b0789469f9b7fe876adbc47b5b22f6b15ec7dff70ad588d838937677 | ||
| ssdeep | 3072:9WEYctSTGOg5dYR73ouB4TiMauyW1qJU/42qLJJGm4rWuj7x6Uv3tqGYs:oJGOJ3ou9Mf1+BJJzU6UFqjs | ||
| imphash | b3d8d380bba0cee3b72bee02e5aa3f89 | ||
| impfuzzy | 24:aUBDBOQXXu9lj4/2HdjjMUjHYOGOovjxS1jtbGbJ2W1l3eDouTv5kuKmMIyqznKH:ayDB3RgB+S1jtbG4wpAhKHSKSk7W5WD | ||
Network IP location
Signature (14cnts)
| Level | Description |
|---|---|
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | The process powershell.exe wrote an executable file to disk |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a shortcut to an executable file |
| notice | Creates a suspicious process |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Collects information to fingerprint the system (MachineGuid |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x417024 LeaveCriticalSection
0x417028 CreateMutexW
0x41702c Sleep
0x417030 GetLastError
0x417034 HeapAlloc
0x417038 ExitProcess
0x41703c GetCurrentProcess
0x417040 CreateDirectoryW
0x417044 CopyFileW
0x417048 EnterCriticalSection
0x41704c ReleaseMutex
0x417050 GetLocalTime
0x417054 SetProcessPriorityBoost
0x417058 SetPriorityClass
0x41705c GetShortPathNameW
0x417060 GetEnvironmentVariableW
0x417064 HeapFree
0x417068 WriteFile
0x41706c CreateFileW
0x417070 CreateThread
0x417074 WriteConsoleW
0x417078 CreateProcessW
0x41707c CloseHandle
0x417080 ExpandEnvironmentStringsW
0x417084 GetProcessHeap
0x417088 GetComputerNameExW
0x41708c GetLocaleInfoW
0x417090 GetModuleFileNameW
0x417094 WaitForSingleObject
0x417098 GetSystemDefaultUILanguage
0x41709c DecodePointer
0x4170a0 HeapReAlloc
0x4170a4 HeapSize
0x4170a8 GetConsoleMode
0x4170ac GetConsoleOutputCP
0x4170b0 FlushFileBuffers
0x4170b4 SetFilePointerEx
0x4170b8 GetFileSizeEx
0x4170bc GetStringTypeW
0x4170c0 SetStdHandle
0x4170c4 FreeEnvironmentStringsW
0x4170c8 GetEnvironmentStringsW
0x4170cc WideCharToMultiByte
0x4170d0 MultiByteToWideChar
0x4170d4 GetCommandLineW
0x4170d8 GetCommandLineA
0x4170dc GetCPInfo
0x4170e0 GetOEMCP
0x4170e4 GetACP
0x4170e8 IsValidCodePage
0x4170ec FindNextFileW
0x4170f0 FindFirstFileExW
0x4170f4 FindClose
0x4170f8 QueryPerformanceCounter
0x4170fc GetCurrentProcessId
0x417100 GetCurrentThreadId
0x417104 GetSystemTimeAsFileTime
0x417108 InitializeSListHead
0x41710c IsDebuggerPresent
0x417110 UnhandledExceptionFilter
0x417114 SetUnhandledExceptionFilter
0x417118 GetStartupInfoW
0x41711c IsProcessorFeaturePresent
0x417120 GetModuleHandleW
0x417124 TerminateProcess
0x417128 LocalFree
0x41712c RaiseException
0x417130 RtlUnwind
0x417134 SetLastError
0x417138 DeleteCriticalSection
0x41713c EncodePointer
0x417140 InitializeCriticalSectionAndSpinCount
0x417144 TlsAlloc
0x417148 TlsGetValue
0x41714c TlsSetValue
0x417150 TlsFree
0x417154 FreeLibrary
0x417158 GetProcAddress
0x41715c LoadLibraryExW
0x417160 GetStdHandle
0x417164 GetModuleHandleExW
0x417168 GetFileType
0x41716c LCMapStringW
ADVAPI32.dll
0x417000 RegCreateKeyExW
0x417004 RegSetValueExW
0x417008 RegCloseKey
0x41700c RegOpenKeyExW
0x417010 RegGetValueW
0x417014 OpenProcessToken
0x417018 GetTokenInformation
0x41701c GetUserNameW
SHELL32.dll
0x417184 SHChangeNotify
0x417188 ShellExecuteExW
ole32.dll
0x4171c4 CoInitializeEx
0x4171c8 CoInitialize
0x4171cc CoCreateInstance
0x4171d0 CoInitializeSecurity
0x4171d4 CoGetObject
0x4171d8 CoUninitialize
OLEAUT32.dll
0x417174 VariantClear
0x417178 SysAllocString
0x41717c VariantInit
SHLWAPI.dll
0x417190 PathStripPathW
WS2_32.dll
0x417198 WSAStartup
0x41719c socket
0x4171a0 send
0x4171a4 recv
0x4171a8 closesocket
0x4171ac select
0x4171b0 connect
0x4171b4 shutdown
0x4171b8 WSAStringToAddressW
0x4171bc htons
EAT(Export Address Table) is none
KERNEL32.dll
0x417024 LeaveCriticalSection
0x417028 CreateMutexW
0x41702c Sleep
0x417030 GetLastError
0x417034 HeapAlloc
0x417038 ExitProcess
0x41703c GetCurrentProcess
0x417040 CreateDirectoryW
0x417044 CopyFileW
0x417048 EnterCriticalSection
0x41704c ReleaseMutex
0x417050 GetLocalTime
0x417054 SetProcessPriorityBoost
0x417058 SetPriorityClass
0x41705c GetShortPathNameW
0x417060 GetEnvironmentVariableW
0x417064 HeapFree
0x417068 WriteFile
0x41706c CreateFileW
0x417070 CreateThread
0x417074 WriteConsoleW
0x417078 CreateProcessW
0x41707c CloseHandle
0x417080 ExpandEnvironmentStringsW
0x417084 GetProcessHeap
0x417088 GetComputerNameExW
0x41708c GetLocaleInfoW
0x417090 GetModuleFileNameW
0x417094 WaitForSingleObject
0x417098 GetSystemDefaultUILanguage
0x41709c DecodePointer
0x4170a0 HeapReAlloc
0x4170a4 HeapSize
0x4170a8 GetConsoleMode
0x4170ac GetConsoleOutputCP
0x4170b0 FlushFileBuffers
0x4170b4 SetFilePointerEx
0x4170b8 GetFileSizeEx
0x4170bc GetStringTypeW
0x4170c0 SetStdHandle
0x4170c4 FreeEnvironmentStringsW
0x4170c8 GetEnvironmentStringsW
0x4170cc WideCharToMultiByte
0x4170d0 MultiByteToWideChar
0x4170d4 GetCommandLineW
0x4170d8 GetCommandLineA
0x4170dc GetCPInfo
0x4170e0 GetOEMCP
0x4170e4 GetACP
0x4170e8 IsValidCodePage
0x4170ec FindNextFileW
0x4170f0 FindFirstFileExW
0x4170f4 FindClose
0x4170f8 QueryPerformanceCounter
0x4170fc GetCurrentProcessId
0x417100 GetCurrentThreadId
0x417104 GetSystemTimeAsFileTime
0x417108 InitializeSListHead
0x41710c IsDebuggerPresent
0x417110 UnhandledExceptionFilter
0x417114 SetUnhandledExceptionFilter
0x417118 GetStartupInfoW
0x41711c IsProcessorFeaturePresent
0x417120 GetModuleHandleW
0x417124 TerminateProcess
0x417128 LocalFree
0x41712c RaiseException
0x417130 RtlUnwind
0x417134 SetLastError
0x417138 DeleteCriticalSection
0x41713c EncodePointer
0x417140 InitializeCriticalSectionAndSpinCount
0x417144 TlsAlloc
0x417148 TlsGetValue
0x41714c TlsSetValue
0x417150 TlsFree
0x417154 FreeLibrary
0x417158 GetProcAddress
0x41715c LoadLibraryExW
0x417160 GetStdHandle
0x417164 GetModuleHandleExW
0x417168 GetFileType
0x41716c LCMapStringW
ADVAPI32.dll
0x417000 RegCreateKeyExW
0x417004 RegSetValueExW
0x417008 RegCloseKey
0x41700c RegOpenKeyExW
0x417010 RegGetValueW
0x417014 OpenProcessToken
0x417018 GetTokenInformation
0x41701c GetUserNameW
SHELL32.dll
0x417184 SHChangeNotify
0x417188 ShellExecuteExW
ole32.dll
0x4171c4 CoInitializeEx
0x4171c8 CoInitialize
0x4171cc CoCreateInstance
0x4171d0 CoInitializeSecurity
0x4171d4 CoGetObject
0x4171d8 CoUninitialize
OLEAUT32.dll
0x417174 VariantClear
0x417178 SysAllocString
0x41717c VariantInit
SHLWAPI.dll
0x417190 PathStripPathW
WS2_32.dll
0x417198 WSAStartup
0x41719c socket
0x4171a0 send
0x4171a4 recv
0x4171a8 closesocket
0x4171ac select
0x4171b0 connect
0x4171b4 shutdown
0x4171b8 WSAStringToAddressW
0x4171bc htons
EAT(Export Address Table) is none