ScreenShot
| Created | 2024.10.30 09:48 | Machine | s1_win7_x6403 |
| Filename | server.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 60 detected (Zegost, Malicious, score, Farfli, Infected, Redosdru, Unsafe, Dialer, confidence, 100%, Attribute, HighConfidence, hjskth, WebGame, CLASSIC, ukva, Siggen, Real Protect, Behav, Static AI, Malicious PE, AntiAV, Detected, Magania, ~AAD@f80tc, OnlineGames, Eldorado, OnlineGameHack, R13673, GenericRXEN, BScope, GdSda, Gh0st, kLzn681U3sM, susgen) | ||
| md5 | 99e291c244c7c4bc5d0f90840170813e | ||
| sha256 | d202ed020ed8e36bd8a0f5b571a19d386c12abecb2a28c989d50bbf92c78f54e | ||
| ssdeep | 1536:MXDGJEBFKfMAL6TlPNYw3mdsTJlchZbr:wGIYfMrPNYvWJlchlr | ||
| imphash | f5d92ac0effe173d3e5e5087bab884e9 | ||
| impfuzzy | 192:nqaSEwKX9NxaZnx+25Ldl4nTAD3hPNHf61FvQt:nqaS/KX9Nx0nTVJNHfr | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 60 AntiVirus engines on VirusTotal as malicious |
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| notice | Foreign language identified in PE resource |
| info | The executable uses a known packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x40b3fc getsockname
0x40b400 gethostname
0x40b404 send
0x40b408 closesocket
0x40b40c recv
0x40b410 select
0x40b414 socket
0x40b418 gethostbyname
0x40b41c htons
0x40b420 connect
0x40b424 setsockopt
0x40b428 WSAIoctl
0x40b42c WSACleanup
0x40b430 WSAStartup
SHLWAPI.dll
0x40b2ec SHDeleteKeyA
MSVCRT.dll
0x40b234 _strnicmp
0x40b238 ??2@YAPAXI@Z
0x40b23c ??3@YAXPAX@Z
0x40b240 __CxxFrameHandler
0x40b244 memmove
0x40b248 ceil
0x40b24c _ftol
0x40b250 strstr
0x40b254 _CxxThrowException
0x40b258 strchr
0x40b25c malloc
0x40b260 free
0x40b264 _except_handler3
0x40b268 strrchr
0x40b26c strncat
0x40b270 realloc
0x40b274 _beginthreadex
0x40b278 ??1type_info@@UAE@XZ
0x40b27c _exit
0x40b280 _XcptFilter
0x40b284 exit
0x40b288 _acmdln
0x40b28c __getmainargs
0x40b290 _initterm
0x40b294 __setusermatherr
0x40b298 _adjust_fdiv
0x40b29c __p__commode
0x40b2a0 __p__fmode
0x40b2a4 __set_app_type
0x40b2a8 _controlfp
0x40b2ac _strcmpi
KERNEL32.dll
0x40b0b0 EnterCriticalSection
0x40b0b4 VirtualAlloc
0x40b0b8 ResetEvent
0x40b0bc InterlockedExchange
0x40b0c0 CancelIo
0x40b0c4 Sleep
0x40b0c8 lstrlenA
0x40b0cc GetPrivateProfileSectionNamesA
0x40b0d0 lstrcatA
0x40b0d4 lstrcpyA
0x40b0d8 GetWindowsDirectoryA
0x40b0dc FreeLibrary
0x40b0e0 GetProcAddress
0x40b0e4 LoadLibraryA
0x40b0e8 MultiByteToWideChar
0x40b0ec CreateThread
0x40b0f0 lstrcmpA
0x40b0f4 GetPrivateProfileStringA
0x40b0f8 GetVersionExA
0x40b0fc DeleteFileA
0x40b100 GetLastError
0x40b104 CreateDirectoryA
0x40b108 GetFileAttributesA
0x40b10c CreateProcessA
0x40b110 GetDriveTypeA
0x40b114 GetDiskFreeSpaceExA
0x40b118 GetVolumeInformationA
0x40b11c GetLogicalDriveStringsA
0x40b120 FindClose
0x40b124 LocalFree
0x40b128 FindNextFileA
0x40b12c LocalReAlloc
0x40b130 FindFirstFileA
0x40b134 LocalAlloc
0x40b138 RemoveDirectoryA
0x40b13c GetFileSize
0x40b140 CreateFileA
0x40b144 ReadFile
0x40b148 SetFilePointer
0x40b14c WriteFile
0x40b150 MoveFileA
0x40b154 GetModuleFileNameA
0x40b158 LeaveCriticalSection
0x40b15c GetCurrentProcess
0x40b160 CreateRemoteThread
0x40b164 WriteProcessMemory
0x40b168 VirtualAllocEx
0x40b16c OpenProcess
0x40b170 MoveFileExA
0x40b174 GetLocalTime
0x40b178 ExpandEnvironmentStringsA
0x40b17c GetTickCount
0x40b180 GlobalFree
0x40b184 GlobalUnlock
0x40b188 GlobalLock
0x40b18c GlobalAlloc
0x40b190 GlobalSize
0x40b194 GetStartupInfoA
0x40b198 CreatePipe
0x40b19c DisconnectNamedPipe
0x40b1a0 TerminateProcess
0x40b1a4 PeekNamedPipe
0x40b1a8 WaitForMultipleObjects
0x40b1ac OutputDebugStringA
0x40b1b0 ResumeThread
0x40b1b4 GetSystemInfo
0x40b1b8 SetErrorMode
0x40b1bc LocalSize
0x40b1c0 Process32Next
0x40b1c4 Process32First
0x40b1c8 CreateToolhelp32Snapshot
0x40b1cc lstrcmpiA
0x40b1d0 GetCurrentThreadId
0x40b1d4 GetModuleHandleA
0x40b1d8 SetEvent
0x40b1dc WaitForSingleObject
0x40b1e0 TerminateThread
0x40b1e4 CloseHandle
0x40b1e8 CreateEventA
0x40b1ec VirtualFree
0x40b1f0 DeleteCriticalSection
0x40b1f4 GetSystemDirectoryA
0x40b1f8 InitializeCriticalSection
0x40b1fc WideCharToMultiByte
0x40b200 GlobalMemoryStatusEx
USER32.dll
0x40b2f4 keybd_event
0x40b2f8 MapVirtualKeyA
0x40b2fc SetCapture
0x40b300 WindowFromPoint
0x40b304 SetCursorPos
0x40b308 mouse_event
0x40b30c IsWindow
0x40b310 CloseWindow
0x40b314 CreateWindowExA
0x40b318 PostMessageA
0x40b31c OpenDesktopA
0x40b320 GetThreadDesktop
0x40b324 GetUserObjectInformationA
0x40b328 OpenInputDesktop
0x40b32c SendMessageA
0x40b330 CloseDesktop
0x40b334 EnumWindows
0x40b338 IsWindowVisible
0x40b33c GetWindowThreadProcessId
0x40b340 ExitWindowsEx
0x40b344 GetCursorPos
0x40b348 GetCursorInfo
0x40b34c ReleaseDC
0x40b350 GetDesktopWindow
0x40b354 GetDC
0x40b358 SetRect
0x40b35c GetSystemMetrics
0x40b360 GetClipboardData
0x40b364 OpenClipboard
0x40b368 SystemParametersInfoA
0x40b36c DispatchMessageA
0x40b370 TranslateMessage
0x40b374 EmptyClipboard
0x40b378 wsprintfA
0x40b37c GetMessageA
0x40b380 CharNextA
0x40b384 GetWindowTextA
0x40b388 LoadCursorA
0x40b38c DestroyCursor
0x40b390 SetThreadDesktop
0x40b394 BlockInput
0x40b398 SetClipboardData
0x40b39c CloseClipboard
GDI32.dll
0x40b08c CreateCompatibleBitmap
0x40b090 DeleteDC
0x40b094 DeleteObject
0x40b098 CreateCompatibleDC
0x40b09c CreateDIBSection
0x40b0a0 BitBlt
0x40b0a4 GetDIBits
0x40b0a8 SelectObject
ADVAPI32.dll
0x40b000 LsaRetrievePrivateData
0x40b004 QueryServiceStatus
0x40b008 ControlService
0x40b00c DeleteService
0x40b010 CloseServiceHandle
0x40b014 RegOpenKeyExA
0x40b018 OpenServiceA
0x40b01c OpenSCManagerA
0x40b020 RegSetValueExA
0x40b024 IsValidSid
0x40b028 LookupAccountNameA
0x40b02c LsaOpenPolicy
0x40b030 LsaFreeMemory
0x40b034 RegCloseKey
0x40b038 RegQueryValueA
0x40b03c GetTokenInformation
0x40b040 LookupAccountSidA
0x40b044 RegCreateKeyExA
0x40b048 RegDeleteKeyA
0x40b04c RegDeleteValueA
0x40b050 RegEnumKeyExA
0x40b054 RegEnumValueA
0x40b058 OpenProcessToken
0x40b05c LookupPrivilegeValueA
0x40b060 AdjustTokenPrivileges
0x40b064 OpenEventLogA
0x40b068 ClearEventLogA
0x40b06c CloseEventLog
0x40b070 RegOpenKeyA
0x40b074 RegQueryValueExA
0x40b078 LsaClose
SHELL32.dll
0x40b2e0 SHGetFileInfoA
0x40b2e4 SHGetSpecialFolderPathA
WINMM.dll
0x40b3b8 waveInOpen
0x40b3bc waveInPrepareHeader
0x40b3c0 waveInAddBuffer
0x40b3c4 waveInStart
0x40b3c8 waveOutWrite
0x40b3cc waveInGetNumDevs
0x40b3d0 waveInReset
0x40b3d4 waveInUnprepareHeader
0x40b3d8 waveInClose
0x40b3dc waveOutReset
0x40b3e0 waveOutUnprepareHeader
0x40b3e4 waveOutPrepareHeader
0x40b3e8 waveOutOpen
0x40b3ec waveOutGetNumDevs
0x40b3f0 waveInStop
0x40b3f4 waveOutClose
MSVCP60.dll
0x40b208 ?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
0x40b20c ?_Xran@std@@YAXXZ
0x40b210 ?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
0x40b214 ?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
0x40b218 ?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
0x40b21c ?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
0x40b220 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
0x40b224 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
0x40b228 ?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
0x40b22c ?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
WININET.dll
0x40b3a4 InternetOpenUrlA
0x40b3a8 InternetReadFile
0x40b3ac InternetCloseHandle
0x40b3b0 InternetOpenA
AVICAP32.dll
0x40b080 capCreateCaptureWindowA
0x40b084 capGetDriverDescriptionA
MSVFW32.dll
0x40b2b4 ICClose
0x40b2b8 ICSeqCompressFrameStart
0x40b2bc ICSeqCompressFrameEnd
0x40b2c0 ICCompressorFree
0x40b2c4 ICSeqCompressFrame
0x40b2c8 ICOpen
0x40b2cc ICSendMessage
PSAPI.DLL
0x40b2d4 GetModuleFileNameExA
0x40b2d8 EnumProcessModules
WTSAPI32.dll
0x40b438 WTSFreeMemory
0x40b43c WTSQuerySessionInformationA
EAT(Export Address Table) is none
WS2_32.dll
0x40b3fc getsockname
0x40b400 gethostname
0x40b404 send
0x40b408 closesocket
0x40b40c recv
0x40b410 select
0x40b414 socket
0x40b418 gethostbyname
0x40b41c htons
0x40b420 connect
0x40b424 setsockopt
0x40b428 WSAIoctl
0x40b42c WSACleanup
0x40b430 WSAStartup
SHLWAPI.dll
0x40b2ec SHDeleteKeyA
MSVCRT.dll
0x40b234 _strnicmp
0x40b238 ??2@YAPAXI@Z
0x40b23c ??3@YAXPAX@Z
0x40b240 __CxxFrameHandler
0x40b244 memmove
0x40b248 ceil
0x40b24c _ftol
0x40b250 strstr
0x40b254 _CxxThrowException
0x40b258 strchr
0x40b25c malloc
0x40b260 free
0x40b264 _except_handler3
0x40b268 strrchr
0x40b26c strncat
0x40b270 realloc
0x40b274 _beginthreadex
0x40b278 ??1type_info@@UAE@XZ
0x40b27c _exit
0x40b280 _XcptFilter
0x40b284 exit
0x40b288 _acmdln
0x40b28c __getmainargs
0x40b290 _initterm
0x40b294 __setusermatherr
0x40b298 _adjust_fdiv
0x40b29c __p__commode
0x40b2a0 __p__fmode
0x40b2a4 __set_app_type
0x40b2a8 _controlfp
0x40b2ac _strcmpi
KERNEL32.dll
0x40b0b0 EnterCriticalSection
0x40b0b4 VirtualAlloc
0x40b0b8 ResetEvent
0x40b0bc InterlockedExchange
0x40b0c0 CancelIo
0x40b0c4 Sleep
0x40b0c8 lstrlenA
0x40b0cc GetPrivateProfileSectionNamesA
0x40b0d0 lstrcatA
0x40b0d4 lstrcpyA
0x40b0d8 GetWindowsDirectoryA
0x40b0dc FreeLibrary
0x40b0e0 GetProcAddress
0x40b0e4 LoadLibraryA
0x40b0e8 MultiByteToWideChar
0x40b0ec CreateThread
0x40b0f0 lstrcmpA
0x40b0f4 GetPrivateProfileStringA
0x40b0f8 GetVersionExA
0x40b0fc DeleteFileA
0x40b100 GetLastError
0x40b104 CreateDirectoryA
0x40b108 GetFileAttributesA
0x40b10c CreateProcessA
0x40b110 GetDriveTypeA
0x40b114 GetDiskFreeSpaceExA
0x40b118 GetVolumeInformationA
0x40b11c GetLogicalDriveStringsA
0x40b120 FindClose
0x40b124 LocalFree
0x40b128 FindNextFileA
0x40b12c LocalReAlloc
0x40b130 FindFirstFileA
0x40b134 LocalAlloc
0x40b138 RemoveDirectoryA
0x40b13c GetFileSize
0x40b140 CreateFileA
0x40b144 ReadFile
0x40b148 SetFilePointer
0x40b14c WriteFile
0x40b150 MoveFileA
0x40b154 GetModuleFileNameA
0x40b158 LeaveCriticalSection
0x40b15c GetCurrentProcess
0x40b160 CreateRemoteThread
0x40b164 WriteProcessMemory
0x40b168 VirtualAllocEx
0x40b16c OpenProcess
0x40b170 MoveFileExA
0x40b174 GetLocalTime
0x40b178 ExpandEnvironmentStringsA
0x40b17c GetTickCount
0x40b180 GlobalFree
0x40b184 GlobalUnlock
0x40b188 GlobalLock
0x40b18c GlobalAlloc
0x40b190 GlobalSize
0x40b194 GetStartupInfoA
0x40b198 CreatePipe
0x40b19c DisconnectNamedPipe
0x40b1a0 TerminateProcess
0x40b1a4 PeekNamedPipe
0x40b1a8 WaitForMultipleObjects
0x40b1ac OutputDebugStringA
0x40b1b0 ResumeThread
0x40b1b4 GetSystemInfo
0x40b1b8 SetErrorMode
0x40b1bc LocalSize
0x40b1c0 Process32Next
0x40b1c4 Process32First
0x40b1c8 CreateToolhelp32Snapshot
0x40b1cc lstrcmpiA
0x40b1d0 GetCurrentThreadId
0x40b1d4 GetModuleHandleA
0x40b1d8 SetEvent
0x40b1dc WaitForSingleObject
0x40b1e0 TerminateThread
0x40b1e4 CloseHandle
0x40b1e8 CreateEventA
0x40b1ec VirtualFree
0x40b1f0 DeleteCriticalSection
0x40b1f4 GetSystemDirectoryA
0x40b1f8 InitializeCriticalSection
0x40b1fc WideCharToMultiByte
0x40b200 GlobalMemoryStatusEx
USER32.dll
0x40b2f4 keybd_event
0x40b2f8 MapVirtualKeyA
0x40b2fc SetCapture
0x40b300 WindowFromPoint
0x40b304 SetCursorPos
0x40b308 mouse_event
0x40b30c IsWindow
0x40b310 CloseWindow
0x40b314 CreateWindowExA
0x40b318 PostMessageA
0x40b31c OpenDesktopA
0x40b320 GetThreadDesktop
0x40b324 GetUserObjectInformationA
0x40b328 OpenInputDesktop
0x40b32c SendMessageA
0x40b330 CloseDesktop
0x40b334 EnumWindows
0x40b338 IsWindowVisible
0x40b33c GetWindowThreadProcessId
0x40b340 ExitWindowsEx
0x40b344 GetCursorPos
0x40b348 GetCursorInfo
0x40b34c ReleaseDC
0x40b350 GetDesktopWindow
0x40b354 GetDC
0x40b358 SetRect
0x40b35c GetSystemMetrics
0x40b360 GetClipboardData
0x40b364 OpenClipboard
0x40b368 SystemParametersInfoA
0x40b36c DispatchMessageA
0x40b370 TranslateMessage
0x40b374 EmptyClipboard
0x40b378 wsprintfA
0x40b37c GetMessageA
0x40b380 CharNextA
0x40b384 GetWindowTextA
0x40b388 LoadCursorA
0x40b38c DestroyCursor
0x40b390 SetThreadDesktop
0x40b394 BlockInput
0x40b398 SetClipboardData
0x40b39c CloseClipboard
GDI32.dll
0x40b08c CreateCompatibleBitmap
0x40b090 DeleteDC
0x40b094 DeleteObject
0x40b098 CreateCompatibleDC
0x40b09c CreateDIBSection
0x40b0a0 BitBlt
0x40b0a4 GetDIBits
0x40b0a8 SelectObject
ADVAPI32.dll
0x40b000 LsaRetrievePrivateData
0x40b004 QueryServiceStatus
0x40b008 ControlService
0x40b00c DeleteService
0x40b010 CloseServiceHandle
0x40b014 RegOpenKeyExA
0x40b018 OpenServiceA
0x40b01c OpenSCManagerA
0x40b020 RegSetValueExA
0x40b024 IsValidSid
0x40b028 LookupAccountNameA
0x40b02c LsaOpenPolicy
0x40b030 LsaFreeMemory
0x40b034 RegCloseKey
0x40b038 RegQueryValueA
0x40b03c GetTokenInformation
0x40b040 LookupAccountSidA
0x40b044 RegCreateKeyExA
0x40b048 RegDeleteKeyA
0x40b04c RegDeleteValueA
0x40b050 RegEnumKeyExA
0x40b054 RegEnumValueA
0x40b058 OpenProcessToken
0x40b05c LookupPrivilegeValueA
0x40b060 AdjustTokenPrivileges
0x40b064 OpenEventLogA
0x40b068 ClearEventLogA
0x40b06c CloseEventLog
0x40b070 RegOpenKeyA
0x40b074 RegQueryValueExA
0x40b078 LsaClose
SHELL32.dll
0x40b2e0 SHGetFileInfoA
0x40b2e4 SHGetSpecialFolderPathA
WINMM.dll
0x40b3b8 waveInOpen
0x40b3bc waveInPrepareHeader
0x40b3c0 waveInAddBuffer
0x40b3c4 waveInStart
0x40b3c8 waveOutWrite
0x40b3cc waveInGetNumDevs
0x40b3d0 waveInReset
0x40b3d4 waveInUnprepareHeader
0x40b3d8 waveInClose
0x40b3dc waveOutReset
0x40b3e0 waveOutUnprepareHeader
0x40b3e4 waveOutPrepareHeader
0x40b3e8 waveOutOpen
0x40b3ec waveOutGetNumDevs
0x40b3f0 waveInStop
0x40b3f4 waveOutClose
MSVCP60.dll
0x40b208 ?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
0x40b20c ?_Xran@std@@YAXXZ
0x40b210 ?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
0x40b214 ?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
0x40b218 ?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
0x40b21c ?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
0x40b220 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
0x40b224 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
0x40b228 ?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
0x40b22c ?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
WININET.dll
0x40b3a4 InternetOpenUrlA
0x40b3a8 InternetReadFile
0x40b3ac InternetCloseHandle
0x40b3b0 InternetOpenA
AVICAP32.dll
0x40b080 capCreateCaptureWindowA
0x40b084 capGetDriverDescriptionA
MSVFW32.dll
0x40b2b4 ICClose
0x40b2b8 ICSeqCompressFrameStart
0x40b2bc ICSeqCompressFrameEnd
0x40b2c0 ICCompressorFree
0x40b2c4 ICSeqCompressFrame
0x40b2c8 ICOpen
0x40b2cc ICSendMessage
PSAPI.DLL
0x40b2d4 GetModuleFileNameExA
0x40b2d8 EnumProcessModules
WTSAPI32.dll
0x40b438 WTSFreeMemory
0x40b43c WTSQuerySessionInformationA
EAT(Export Address Table) is none