ScreenShot
| Created | 2024.10.27 11:58 | Machine | s1_win7_x6403 |
| Filename | DK.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 60 detected (AIDetectMalware, Strab, Vmprot, Artemis, Lazy, Unsafe, Rhadamanthys, Vz2e, GenusT, DYEZ, Attribute, HighConfidence, malicious, high confidence, Inject5, kotejh, EE65rmTGwTO, YXEJRZ, Static AI, Malicious PE, Detected, 194YKYY, ICPK, R657258, GenericRXWO, GdSda, Kryptik, Zenpak, 4R0jXfVWouE, susgen, HXJW) | ||
| md5 | 14988e9d35a0c92435297f7b2821dc60 | ||
| sha256 | 677b8ff45ebb9486a99aecf8dd2b4b362010573ecc4d0d082eda6a36a7cab671 | ||
| ssdeep | 6144:YAYM3ZEWqf/qwPF7LR5W8ZJ74zmRiOFBbMh9q/JSt3ChNeK06iiRzmi0F9:YWBqf/qq3R5W8ZB4zmRzbagsViRUF9 | ||
| imphash | 1cda62d85d4d631949032bd51ab17a29 | ||
| impfuzzy | 48:6S1jtu5c+ppm+U3AzfQ6U0SvlwFoy8tpNRlx:6S1jtu5c+ppm+c | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 60 AntiVirus engines on VirusTotal as malicious |
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x472000 CloseHandle
0x472004 HeapCreate
0x472008 HeapDestroy
0x47200c HeapAlloc
0x472010 HeapFree
0x472014 GetProcessHeap
0x472018 WaitForSingleObject
0x47201c CreateEventA
0x472020 GetModuleFileNameW
0x472024 GetModuleHandleA
0x472028 MulDiv
0x47202c lstrlenW
0x472030 WriteConsoleW
0x472034 CreateFileW
0x472038 SetFilePointerEx
0x47203c GetConsoleMode
0x472040 GetConsoleOutputCP
0x472044 FlushFileBuffers
0x472048 HeapReAlloc
0x47204c HeapSize
0x472050 LCMapStringW
0x472054 QueryPerformanceCounter
0x472058 GetCurrentProcessId
0x47205c GetCurrentThreadId
0x472060 GetSystemTimeAsFileTime
0x472064 InitializeSListHead
0x472068 IsDebuggerPresent
0x47206c UnhandledExceptionFilter
0x472070 SetUnhandledExceptionFilter
0x472074 GetStartupInfoW
0x472078 IsProcessorFeaturePresent
0x47207c GetModuleHandleW
0x472080 GetCurrentProcess
0x472084 TerminateProcess
0x472088 RtlUnwind
0x47208c GetLastError
0x472090 SetLastError
0x472094 EnterCriticalSection
0x472098 LeaveCriticalSection
0x47209c DeleteCriticalSection
0x4720a0 InitializeCriticalSectionAndSpinCount
0x4720a4 TlsAlloc
0x4720a8 TlsGetValue
0x4720ac TlsSetValue
0x4720b0 TlsFree
0x4720b4 FreeLibrary
0x4720b8 GetProcAddress
0x4720bc LoadLibraryExW
0x4720c0 EncodePointer
0x4720c4 RaiseException
0x4720c8 GetStdHandle
0x4720cc WriteFile
0x4720d0 ExitProcess
0x4720d4 GetModuleHandleExW
0x4720d8 FindClose
0x4720dc FindFirstFileExW
0x4720e0 FindNextFileW
0x4720e4 IsValidCodePage
0x4720e8 GetACP
0x4720ec GetOEMCP
0x4720f0 GetCPInfo
0x4720f4 GetCommandLineA
0x4720f8 GetCommandLineW
0x4720fc MultiByteToWideChar
0x472100 WideCharToMultiByte
0x472104 GetEnvironmentStringsW
0x472108 FreeEnvironmentStringsW
0x47210c SetStdHandle
0x472110 GetFileType
0x472114 GetStringTypeW
0x472118 DecodePointer
USER32.dll
0x472120 LoadImageA
0x472124 GetIconInfo
0x472128 DialogBoxParamA
0x47212c EndDialog
0x472130 SendMessageW
0x472134 InflateRect
0x472138 SetForegroundWindow
0x47213c OffsetRect
0x472140 GetWindowLongA
0x472144 SendDlgItemMessageA
0x472148 GetDlgItem
0x47214c SetWindowPos
0x472150 UnionRect
ole32.dll
0x472158 CoInitializeEx
0x47215c CoTaskMemFree
EAT(Export Address Table) is none
KERNEL32.dll
0x472000 CloseHandle
0x472004 HeapCreate
0x472008 HeapDestroy
0x47200c HeapAlloc
0x472010 HeapFree
0x472014 GetProcessHeap
0x472018 WaitForSingleObject
0x47201c CreateEventA
0x472020 GetModuleFileNameW
0x472024 GetModuleHandleA
0x472028 MulDiv
0x47202c lstrlenW
0x472030 WriteConsoleW
0x472034 CreateFileW
0x472038 SetFilePointerEx
0x47203c GetConsoleMode
0x472040 GetConsoleOutputCP
0x472044 FlushFileBuffers
0x472048 HeapReAlloc
0x47204c HeapSize
0x472050 LCMapStringW
0x472054 QueryPerformanceCounter
0x472058 GetCurrentProcessId
0x47205c GetCurrentThreadId
0x472060 GetSystemTimeAsFileTime
0x472064 InitializeSListHead
0x472068 IsDebuggerPresent
0x47206c UnhandledExceptionFilter
0x472070 SetUnhandledExceptionFilter
0x472074 GetStartupInfoW
0x472078 IsProcessorFeaturePresent
0x47207c GetModuleHandleW
0x472080 GetCurrentProcess
0x472084 TerminateProcess
0x472088 RtlUnwind
0x47208c GetLastError
0x472090 SetLastError
0x472094 EnterCriticalSection
0x472098 LeaveCriticalSection
0x47209c DeleteCriticalSection
0x4720a0 InitializeCriticalSectionAndSpinCount
0x4720a4 TlsAlloc
0x4720a8 TlsGetValue
0x4720ac TlsSetValue
0x4720b0 TlsFree
0x4720b4 FreeLibrary
0x4720b8 GetProcAddress
0x4720bc LoadLibraryExW
0x4720c0 EncodePointer
0x4720c4 RaiseException
0x4720c8 GetStdHandle
0x4720cc WriteFile
0x4720d0 ExitProcess
0x4720d4 GetModuleHandleExW
0x4720d8 FindClose
0x4720dc FindFirstFileExW
0x4720e0 FindNextFileW
0x4720e4 IsValidCodePage
0x4720e8 GetACP
0x4720ec GetOEMCP
0x4720f0 GetCPInfo
0x4720f4 GetCommandLineA
0x4720f8 GetCommandLineW
0x4720fc MultiByteToWideChar
0x472100 WideCharToMultiByte
0x472104 GetEnvironmentStringsW
0x472108 FreeEnvironmentStringsW
0x47210c SetStdHandle
0x472110 GetFileType
0x472114 GetStringTypeW
0x472118 DecodePointer
USER32.dll
0x472120 LoadImageA
0x472124 GetIconInfo
0x472128 DialogBoxParamA
0x47212c EndDialog
0x472130 SendMessageW
0x472134 InflateRect
0x472138 SetForegroundWindow
0x47213c OffsetRect
0x472140 GetWindowLongA
0x472144 SendDlgItemMessageA
0x472148 GetDlgItem
0x47214c SetWindowPos
0x472150 UnionRect
ole32.dll
0x472158 CoInitializeEx
0x47215c CoTaskMemFree
EAT(Export Address Table) is none