ScreenShot
| Created | 2024.11.07 13:47 | Machine | s1_win7_x6403 |
| Filename | PASSWORDRECOVERY64EXE.EXE | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 23 detected (AIDetectMalware, Malicious, score, Lazy, GrayWare, Wacapew, Artemis, PasswordStealer, R002H09K424, susgen, PossibleThreat) | ||
| md5 | 28245807db66c334768563c8023cd041 | ||
| sha256 | 37c9a9c6634bafc3bb63394857bdb97cdef0925bb44e5d55a6eeb92b0116be2f | ||
| ssdeep | 12288:NEUEK/alBxScnB04n9Cf8gzLRrtB25JsGW2EEYGVp3Am:QK/alBxFB0FUgzLRrtUJFW | ||
| imphash | e84d11c378c8e8f83080cc0f510539d2 | ||
| impfuzzy | 48:XNcMT5OAMqT7l7Z9G9XOIsY5+fgcP24FTexVuEYtICZSiEK5F:XNcMFWqfl7ZgNx35+fgcPdCxVujt4jKv | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1400d6040 CreateFileW
0x1400d6048 FreeLibrary
0x1400d6050 GetProcAddress
0x1400d6058 LoadLibraryW
0x1400d6060 SetCurrentDirectoryW
0x1400d6068 GetCurrentDirectoryW
0x1400d6070 lstrlenA
0x1400d6078 MultiByteToWideChar
0x1400d6080 GetFileSize
0x1400d6088 CreateFileA
0x1400d6090 GetPrivateProfileStringW
0x1400d6098 CopyFileW
0x1400d60a0 GetTempPathW
0x1400d60a8 lstrlenW
0x1400d60b0 lstrcmpiW
0x1400d60b8 FindClose
0x1400d60c0 FindNextFileW
0x1400d60c8 DeleteFileW
0x1400d60d0 FindFirstFileW
0x1400d60d8 lstrcpyW
0x1400d60e0 lstrcpyA
0x1400d60e8 FlushViewOfFile
0x1400d60f0 GetProcessHeap
0x1400d60f8 OutputDebugStringW
0x1400d6100 OutputDebugStringA
0x1400d6108 WaitForSingleObjectEx
0x1400d6110 WaitForSingleObject
0x1400d6118 WriteFile
0x1400d6120 WideCharToMultiByte
0x1400d6128 UnmapViewOfFile
0x1400d6130 UnlockFileEx
0x1400d6138 UnlockFile
0x1400d6140 SystemTimeToFileTime
0x1400d6148 Sleep
0x1400d6150 SetFilePointer
0x1400d6158 SetEndOfFile
0x1400d6160 QueryPerformanceCounter
0x1400d6168 MapViewOfFile
0x1400d6170 LockFileEx
0x1400d6178 LockFile
0x1400d6180 LoadLibraryA
0x1400d6188 HeapCompact
0x1400d6190 HeapValidate
0x1400d6198 HeapSize
0x1400d61a0 HeapReAlloc
0x1400d61a8 HeapFree
0x1400d61b0 ReadFile
0x1400d61b8 HeapCreate
0x1400d61c0 HeapAlloc
0x1400d61c8 GetVersionExW
0x1400d61d0 GetVersionExA
0x1400d61d8 GetTickCount
0x1400d61e0 GetTempPathA
0x1400d61e8 GetSystemTimeAsFileTime
0x1400d61f0 GetSystemTime
0x1400d61f8 GetSystemInfo
0x1400d6200 GetLastError
0x1400d6208 GetFullPathNameW
0x1400d6210 GetFullPathNameA
0x1400d6218 GetFileAttributesExW
0x1400d6220 GetFileAttributesW
0x1400d6228 GetFileAttributesA
0x1400d6230 GetDiskFreeSpaceW
0x1400d6238 GetDiskFreeSpaceA
0x1400d6240 GetCurrentProcessId
0x1400d6248 FormatMessageW
0x1400d6250 FormatMessageA
0x1400d6258 FlushFileBuffers
0x1400d6260 DeleteFileA
0x1400d6268 CreateMutexW
0x1400d6270 CreateFileMappingW
0x1400d6278 CreateFileMappingA
0x1400d6280 AreFileApisANSI
0x1400d6288 InitializeCriticalSection
0x1400d6290 DeleteCriticalSection
0x1400d6298 EnterCriticalSection
0x1400d62a0 TryEnterCriticalSection
0x1400d62a8 LeaveCriticalSection
0x1400d62b0 GetCurrentThreadId
0x1400d62b8 CompareStringW
0x1400d62c0 WriteConsoleW
0x1400d62c8 SetStdHandle
0x1400d62d0 LCMapStringW
0x1400d62d8 GetStringTypeW
0x1400d62e0 GetConsoleMode
0x1400d62e8 GetConsoleCP
0x1400d62f0 LocalAlloc
0x1400d62f8 LocalFree
0x1400d6300 GetCommandLineW
0x1400d6308 ExitProcess
0x1400d6310 OpenEventW
0x1400d6318 SetEvent
0x1400d6320 HeapDestroy
0x1400d6328 CloseHandle
0x1400d6330 GetFileType
0x1400d6338 InitializeCriticalSectionAndSpinCount
0x1400d6340 SetHandleCount
0x1400d6348 GetEnvironmentStringsW
0x1400d6350 FreeEnvironmentStringsW
0x1400d6358 GetModuleFileNameA
0x1400d6360 RtlLookupFunctionEntry
0x1400d6368 RtlUnwindEx
0x1400d6370 RaiseException
0x1400d6378 RtlPcToFileHeader
0x1400d6380 EncodePointer
0x1400d6388 DecodePointer
0x1400d6390 ExitThread
0x1400d6398 CreateThread
0x1400d63a0 GetCommandLineA
0x1400d63a8 GetStartupInfoW
0x1400d63b0 UnhandledExceptionFilter
0x1400d63b8 SetUnhandledExceptionFilter
0x1400d63c0 IsDebuggerPresent
0x1400d63c8 RtlVirtualUnwind
0x1400d63d0 RtlCaptureContext
0x1400d63d8 TerminateProcess
0x1400d63e0 GetCurrentProcess
0x1400d63e8 HeapSetInformation
0x1400d63f0 GetVersion
0x1400d63f8 FlsGetValue
0x1400d6400 FlsSetValue
0x1400d6408 FlsFree
0x1400d6410 SetLastError
0x1400d6418 FlsAlloc
0x1400d6420 GetTimeZoneInformation
0x1400d6428 GetModuleHandleW
0x1400d6430 GetStdHandle
0x1400d6438 GetModuleFileNameW
0x1400d6440 GetCPInfo
0x1400d6448 GetACP
0x1400d6450 GetOEMCP
0x1400d6458 IsValidCodePage
0x1400d6460 SetEnvironmentVariableA
USER32.dll
0x1400d64a0 wsprintfW
SHELL32.dll
0x1400d6470 SHGetKnownFolderPath
0x1400d6478 CommandLineToArgvW
SHLWAPI.dll
0x1400d6488 StrCmpNIW
0x1400d6490 StrStrIW
ole32.dll
0x1400d64e0 StringFromGUID2
0x1400d64e8 CoCreateGuid
0x1400d64f0 CoInitialize
0x1400d64f8 CoUninitialize
0x1400d6500 CoTaskMemFree
ADVAPI32.dll
0x1400d6000 RegCloseKey
0x1400d6008 RegCreateKeyExW
0x1400d6010 RegSetValueExW
0x1400d6018 RegGetValueW
CRYPT32.dll
0x1400d6028 CryptStringToBinaryA
0x1400d6030 CryptUnprotectData
Wlanapi.dll
0x1400d64b0 WlanGetProfileList
0x1400d64b8 WlanEnumInterfaces
0x1400d64c0 WlanOpenHandle
0x1400d64c8 WlanGetProfile
0x1400d64d0 WlanCloseHandle
EAT(Export Address Table) is none
KERNEL32.dll
0x1400d6040 CreateFileW
0x1400d6048 FreeLibrary
0x1400d6050 GetProcAddress
0x1400d6058 LoadLibraryW
0x1400d6060 SetCurrentDirectoryW
0x1400d6068 GetCurrentDirectoryW
0x1400d6070 lstrlenA
0x1400d6078 MultiByteToWideChar
0x1400d6080 GetFileSize
0x1400d6088 CreateFileA
0x1400d6090 GetPrivateProfileStringW
0x1400d6098 CopyFileW
0x1400d60a0 GetTempPathW
0x1400d60a8 lstrlenW
0x1400d60b0 lstrcmpiW
0x1400d60b8 FindClose
0x1400d60c0 FindNextFileW
0x1400d60c8 DeleteFileW
0x1400d60d0 FindFirstFileW
0x1400d60d8 lstrcpyW
0x1400d60e0 lstrcpyA
0x1400d60e8 FlushViewOfFile
0x1400d60f0 GetProcessHeap
0x1400d60f8 OutputDebugStringW
0x1400d6100 OutputDebugStringA
0x1400d6108 WaitForSingleObjectEx
0x1400d6110 WaitForSingleObject
0x1400d6118 WriteFile
0x1400d6120 WideCharToMultiByte
0x1400d6128 UnmapViewOfFile
0x1400d6130 UnlockFileEx
0x1400d6138 UnlockFile
0x1400d6140 SystemTimeToFileTime
0x1400d6148 Sleep
0x1400d6150 SetFilePointer
0x1400d6158 SetEndOfFile
0x1400d6160 QueryPerformanceCounter
0x1400d6168 MapViewOfFile
0x1400d6170 LockFileEx
0x1400d6178 LockFile
0x1400d6180 LoadLibraryA
0x1400d6188 HeapCompact
0x1400d6190 HeapValidate
0x1400d6198 HeapSize
0x1400d61a0 HeapReAlloc
0x1400d61a8 HeapFree
0x1400d61b0 ReadFile
0x1400d61b8 HeapCreate
0x1400d61c0 HeapAlloc
0x1400d61c8 GetVersionExW
0x1400d61d0 GetVersionExA
0x1400d61d8 GetTickCount
0x1400d61e0 GetTempPathA
0x1400d61e8 GetSystemTimeAsFileTime
0x1400d61f0 GetSystemTime
0x1400d61f8 GetSystemInfo
0x1400d6200 GetLastError
0x1400d6208 GetFullPathNameW
0x1400d6210 GetFullPathNameA
0x1400d6218 GetFileAttributesExW
0x1400d6220 GetFileAttributesW
0x1400d6228 GetFileAttributesA
0x1400d6230 GetDiskFreeSpaceW
0x1400d6238 GetDiskFreeSpaceA
0x1400d6240 GetCurrentProcessId
0x1400d6248 FormatMessageW
0x1400d6250 FormatMessageA
0x1400d6258 FlushFileBuffers
0x1400d6260 DeleteFileA
0x1400d6268 CreateMutexW
0x1400d6270 CreateFileMappingW
0x1400d6278 CreateFileMappingA
0x1400d6280 AreFileApisANSI
0x1400d6288 InitializeCriticalSection
0x1400d6290 DeleteCriticalSection
0x1400d6298 EnterCriticalSection
0x1400d62a0 TryEnterCriticalSection
0x1400d62a8 LeaveCriticalSection
0x1400d62b0 GetCurrentThreadId
0x1400d62b8 CompareStringW
0x1400d62c0 WriteConsoleW
0x1400d62c8 SetStdHandle
0x1400d62d0 LCMapStringW
0x1400d62d8 GetStringTypeW
0x1400d62e0 GetConsoleMode
0x1400d62e8 GetConsoleCP
0x1400d62f0 LocalAlloc
0x1400d62f8 LocalFree
0x1400d6300 GetCommandLineW
0x1400d6308 ExitProcess
0x1400d6310 OpenEventW
0x1400d6318 SetEvent
0x1400d6320 HeapDestroy
0x1400d6328 CloseHandle
0x1400d6330 GetFileType
0x1400d6338 InitializeCriticalSectionAndSpinCount
0x1400d6340 SetHandleCount
0x1400d6348 GetEnvironmentStringsW
0x1400d6350 FreeEnvironmentStringsW
0x1400d6358 GetModuleFileNameA
0x1400d6360 RtlLookupFunctionEntry
0x1400d6368 RtlUnwindEx
0x1400d6370 RaiseException
0x1400d6378 RtlPcToFileHeader
0x1400d6380 EncodePointer
0x1400d6388 DecodePointer
0x1400d6390 ExitThread
0x1400d6398 CreateThread
0x1400d63a0 GetCommandLineA
0x1400d63a8 GetStartupInfoW
0x1400d63b0 UnhandledExceptionFilter
0x1400d63b8 SetUnhandledExceptionFilter
0x1400d63c0 IsDebuggerPresent
0x1400d63c8 RtlVirtualUnwind
0x1400d63d0 RtlCaptureContext
0x1400d63d8 TerminateProcess
0x1400d63e0 GetCurrentProcess
0x1400d63e8 HeapSetInformation
0x1400d63f0 GetVersion
0x1400d63f8 FlsGetValue
0x1400d6400 FlsSetValue
0x1400d6408 FlsFree
0x1400d6410 SetLastError
0x1400d6418 FlsAlloc
0x1400d6420 GetTimeZoneInformation
0x1400d6428 GetModuleHandleW
0x1400d6430 GetStdHandle
0x1400d6438 GetModuleFileNameW
0x1400d6440 GetCPInfo
0x1400d6448 GetACP
0x1400d6450 GetOEMCP
0x1400d6458 IsValidCodePage
0x1400d6460 SetEnvironmentVariableA
USER32.dll
0x1400d64a0 wsprintfW
SHELL32.dll
0x1400d6470 SHGetKnownFolderPath
0x1400d6478 CommandLineToArgvW
SHLWAPI.dll
0x1400d6488 StrCmpNIW
0x1400d6490 StrStrIW
ole32.dll
0x1400d64e0 StringFromGUID2
0x1400d64e8 CoCreateGuid
0x1400d64f0 CoInitialize
0x1400d64f8 CoUninitialize
0x1400d6500 CoTaskMemFree
ADVAPI32.dll
0x1400d6000 RegCloseKey
0x1400d6008 RegCreateKeyExW
0x1400d6010 RegSetValueExW
0x1400d6018 RegGetValueW
CRYPT32.dll
0x1400d6028 CryptStringToBinaryA
0x1400d6030 CryptUnprotectData
Wlanapi.dll
0x1400d64b0 WlanGetProfileList
0x1400d64b8 WlanEnumInterfaces
0x1400d64c0 WlanOpenHandle
0x1400d64c8 WlanGetProfile
0x1400d64d0 WlanCloseHandle
EAT(Export Address Table) is none