ScreenShot
| Created | 2024.11.07 13:55 | Machine | s1_win7_x6403 |
| Filename | PASSWORDRECOVERY32EXE.EXE | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 36 detected (AIDetectMalware, Doina, Malicious, score, Fragtor, confidence, moderate confidence, AGen, MalwareX, Redcap, ktfdso, lfeeu, AgentAGen, Real Protect, moderate, Static AI, Suspicious PE, GPAX, Ramnit, FileInfector, GdSda, Gencirc) | ||
| md5 | 831ee71335a8928b9b9ab6ba0588eb5b | ||
| sha256 | 0090524f9ff3e0245f80837e5b221714f025694f7647eebe58504c5064561b43 | ||
| ssdeep | 12288:f0NT6pmYQ38hsUVmfsb8ERerk8r819hZ0ewsv3T4di/QCfTHItDr9+22pGnhaO2V:26g8eUVmfw8+erkBhZRwsv3VYSItDrUv | ||
| imphash | 4849b7c5deed5f1653c9c62689801344 | ||
| impfuzzy | 48:KNcMT5OAgqTJjl7Z9G9XOIsY5+fgcP2zbeTMSdq2tL5ZSiaF:KNcMFGqpl7ZgNx35+fgcPIaTMuftqr | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 36 AntiVirus engines on VirusTotal as malicious |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4a6014 LocalFree
0x4a6018 LocalAlloc
0x4a601c ReadFile
0x4a6020 CreateFileW
0x4a6024 FreeLibrary
0x4a6028 GetProcAddress
0x4a602c LoadLibraryW
0x4a6030 SetCurrentDirectoryW
0x4a6034 GetCurrentDirectoryW
0x4a6038 lstrlenA
0x4a603c MultiByteToWideChar
0x4a6040 GetFileSize
0x4a6044 CreateFileA
0x4a6048 GetPrivateProfileStringW
0x4a604c CopyFileW
0x4a6050 GetTempPathW
0x4a6054 lstrlenW
0x4a6058 lstrcmpiW
0x4a605c FindClose
0x4a6060 FindNextFileW
0x4a6064 DeleteFileW
0x4a6068 FindFirstFileW
0x4a606c lstrcpyW
0x4a6070 lstrcpyA
0x4a6074 FlushViewOfFile
0x4a6078 InterlockedCompareExchange
0x4a607c GetProcessHeap
0x4a6080 OutputDebugStringW
0x4a6084 OutputDebugStringA
0x4a6088 WaitForSingleObjectEx
0x4a608c WaitForSingleObject
0x4a6090 WriteFile
0x4a6094 WideCharToMultiByte
0x4a6098 UnmapViewOfFile
0x4a609c UnlockFileEx
0x4a60a0 UnlockFile
0x4a60a4 SystemTimeToFileTime
0x4a60a8 Sleep
0x4a60ac SetFilePointer
0x4a60b0 SetEndOfFile
0x4a60b4 QueryPerformanceCounter
0x4a60b8 MapViewOfFile
0x4a60bc LockFileEx
0x4a60c0 LockFile
0x4a60c4 LoadLibraryA
0x4a60c8 HeapCompact
0x4a60cc HeapValidate
0x4a60d0 HeapSize
0x4a60d4 GetCommandLineW
0x4a60d8 HeapFree
0x4a60dc HeapDestroy
0x4a60e0 HeapCreate
0x4a60e4 HeapAlloc
0x4a60e8 GetVersionExW
0x4a60ec GetVersionExA
0x4a60f0 GetTickCount
0x4a60f4 GetTempPathA
0x4a60f8 GetSystemTimeAsFileTime
0x4a60fc GetSystemTime
0x4a6100 GetSystemInfo
0x4a6104 GetLastError
0x4a6108 GetFullPathNameW
0x4a610c GetFullPathNameA
0x4a6110 GetFileAttributesExW
0x4a6114 GetFileAttributesW
0x4a6118 GetFileAttributesA
0x4a611c GetDiskFreeSpaceW
0x4a6120 GetDiskFreeSpaceA
0x4a6124 GetCurrentProcessId
0x4a6128 FormatMessageW
0x4a612c FormatMessageA
0x4a6130 FlushFileBuffers
0x4a6134 DeleteFileA
0x4a6138 CreateMutexW
0x4a613c CreateFileMappingW
0x4a6140 CreateFileMappingA
0x4a6144 AreFileApisANSI
0x4a6148 InitializeCriticalSection
0x4a614c DeleteCriticalSection
0x4a6150 EnterCriticalSection
0x4a6154 TryEnterCriticalSection
0x4a6158 LeaveCriticalSection
0x4a615c GetCurrentThreadId
0x4a6160 CompareStringW
0x4a6164 WriteConsoleW
0x4a6168 SetStdHandle
0x4a616c LCMapStringW
0x4a6170 GetStringTypeW
0x4a6174 GetConsoleMode
0x4a6178 GetConsoleCP
0x4a617c ExitProcess
0x4a6180 OpenEventW
0x4a6184 SetEvent
0x4a6188 HeapReAlloc
0x4a618c CloseHandle
0x4a6190 GetFileType
0x4a6194 InitializeCriticalSectionAndSpinCount
0x4a6198 SetHandleCount
0x4a619c GetEnvironmentStringsW
0x4a61a0 FreeEnvironmentStringsW
0x4a61a4 GetModuleFileNameA
0x4a61a8 RtlUnwind
0x4a61ac RaiseException
0x4a61b0 InterlockedExchange
0x4a61b4 EncodePointer
0x4a61b8 DecodePointer
0x4a61bc ExitThread
0x4a61c0 CreateThread
0x4a61c4 GetCommandLineA
0x4a61c8 HeapSetInformation
0x4a61cc GetStartupInfoW
0x4a61d0 UnhandledExceptionFilter
0x4a61d4 SetUnhandledExceptionFilter
0x4a61d8 IsDebuggerPresent
0x4a61dc TerminateProcess
0x4a61e0 GetCurrentProcess
0x4a61e4 IsProcessorFeaturePresent
0x4a61e8 TlsAlloc
0x4a61ec TlsGetValue
0x4a61f0 TlsSetValue
0x4a61f4 TlsFree
0x4a61f8 InterlockedIncrement
0x4a61fc GetModuleHandleW
0x4a6200 SetLastError
0x4a6204 InterlockedDecrement
0x4a6208 GetTimeZoneInformation
0x4a620c GetStdHandle
0x4a6210 GetModuleFileNameW
0x4a6214 GetCPInfo
0x4a6218 GetACP
0x4a621c GetOEMCP
0x4a6220 IsValidCodePage
0x4a6224 SetEnvironmentVariableA
USER32.dll
0x4a6244 wsprintfW
SHELL32.dll
0x4a622c SHGetKnownFolderPath
0x4a6230 CommandLineToArgvW
SHLWAPI.dll
0x4a6238 StrCmpNIW
0x4a623c StrStrIW
ole32.dll
0x4a6264 StringFromGUID2
0x4a6268 CoCreateGuid
0x4a626c CoInitialize
0x4a6270 CoUninitialize
0x4a6274 CoTaskMemFree
ADVAPI32.dll
0x4a6000 RegGetValueW
CRYPT32.dll
0x4a6008 CryptStringToBinaryA
0x4a600c CryptUnprotectData
Wlanapi.dll
0x4a624c WlanGetProfileList
0x4a6250 WlanEnumInterfaces
0x4a6254 WlanOpenHandle
0x4a6258 WlanGetProfile
0x4a625c WlanCloseHandle
EAT(Export Address Table) is none
KERNEL32.dll
0x4a6014 LocalFree
0x4a6018 LocalAlloc
0x4a601c ReadFile
0x4a6020 CreateFileW
0x4a6024 FreeLibrary
0x4a6028 GetProcAddress
0x4a602c LoadLibraryW
0x4a6030 SetCurrentDirectoryW
0x4a6034 GetCurrentDirectoryW
0x4a6038 lstrlenA
0x4a603c MultiByteToWideChar
0x4a6040 GetFileSize
0x4a6044 CreateFileA
0x4a6048 GetPrivateProfileStringW
0x4a604c CopyFileW
0x4a6050 GetTempPathW
0x4a6054 lstrlenW
0x4a6058 lstrcmpiW
0x4a605c FindClose
0x4a6060 FindNextFileW
0x4a6064 DeleteFileW
0x4a6068 FindFirstFileW
0x4a606c lstrcpyW
0x4a6070 lstrcpyA
0x4a6074 FlushViewOfFile
0x4a6078 InterlockedCompareExchange
0x4a607c GetProcessHeap
0x4a6080 OutputDebugStringW
0x4a6084 OutputDebugStringA
0x4a6088 WaitForSingleObjectEx
0x4a608c WaitForSingleObject
0x4a6090 WriteFile
0x4a6094 WideCharToMultiByte
0x4a6098 UnmapViewOfFile
0x4a609c UnlockFileEx
0x4a60a0 UnlockFile
0x4a60a4 SystemTimeToFileTime
0x4a60a8 Sleep
0x4a60ac SetFilePointer
0x4a60b0 SetEndOfFile
0x4a60b4 QueryPerformanceCounter
0x4a60b8 MapViewOfFile
0x4a60bc LockFileEx
0x4a60c0 LockFile
0x4a60c4 LoadLibraryA
0x4a60c8 HeapCompact
0x4a60cc HeapValidate
0x4a60d0 HeapSize
0x4a60d4 GetCommandLineW
0x4a60d8 HeapFree
0x4a60dc HeapDestroy
0x4a60e0 HeapCreate
0x4a60e4 HeapAlloc
0x4a60e8 GetVersionExW
0x4a60ec GetVersionExA
0x4a60f0 GetTickCount
0x4a60f4 GetTempPathA
0x4a60f8 GetSystemTimeAsFileTime
0x4a60fc GetSystemTime
0x4a6100 GetSystemInfo
0x4a6104 GetLastError
0x4a6108 GetFullPathNameW
0x4a610c GetFullPathNameA
0x4a6110 GetFileAttributesExW
0x4a6114 GetFileAttributesW
0x4a6118 GetFileAttributesA
0x4a611c GetDiskFreeSpaceW
0x4a6120 GetDiskFreeSpaceA
0x4a6124 GetCurrentProcessId
0x4a6128 FormatMessageW
0x4a612c FormatMessageA
0x4a6130 FlushFileBuffers
0x4a6134 DeleteFileA
0x4a6138 CreateMutexW
0x4a613c CreateFileMappingW
0x4a6140 CreateFileMappingA
0x4a6144 AreFileApisANSI
0x4a6148 InitializeCriticalSection
0x4a614c DeleteCriticalSection
0x4a6150 EnterCriticalSection
0x4a6154 TryEnterCriticalSection
0x4a6158 LeaveCriticalSection
0x4a615c GetCurrentThreadId
0x4a6160 CompareStringW
0x4a6164 WriteConsoleW
0x4a6168 SetStdHandle
0x4a616c LCMapStringW
0x4a6170 GetStringTypeW
0x4a6174 GetConsoleMode
0x4a6178 GetConsoleCP
0x4a617c ExitProcess
0x4a6180 OpenEventW
0x4a6184 SetEvent
0x4a6188 HeapReAlloc
0x4a618c CloseHandle
0x4a6190 GetFileType
0x4a6194 InitializeCriticalSectionAndSpinCount
0x4a6198 SetHandleCount
0x4a619c GetEnvironmentStringsW
0x4a61a0 FreeEnvironmentStringsW
0x4a61a4 GetModuleFileNameA
0x4a61a8 RtlUnwind
0x4a61ac RaiseException
0x4a61b0 InterlockedExchange
0x4a61b4 EncodePointer
0x4a61b8 DecodePointer
0x4a61bc ExitThread
0x4a61c0 CreateThread
0x4a61c4 GetCommandLineA
0x4a61c8 HeapSetInformation
0x4a61cc GetStartupInfoW
0x4a61d0 UnhandledExceptionFilter
0x4a61d4 SetUnhandledExceptionFilter
0x4a61d8 IsDebuggerPresent
0x4a61dc TerminateProcess
0x4a61e0 GetCurrentProcess
0x4a61e4 IsProcessorFeaturePresent
0x4a61e8 TlsAlloc
0x4a61ec TlsGetValue
0x4a61f0 TlsSetValue
0x4a61f4 TlsFree
0x4a61f8 InterlockedIncrement
0x4a61fc GetModuleHandleW
0x4a6200 SetLastError
0x4a6204 InterlockedDecrement
0x4a6208 GetTimeZoneInformation
0x4a620c GetStdHandle
0x4a6210 GetModuleFileNameW
0x4a6214 GetCPInfo
0x4a6218 GetACP
0x4a621c GetOEMCP
0x4a6220 IsValidCodePage
0x4a6224 SetEnvironmentVariableA
USER32.dll
0x4a6244 wsprintfW
SHELL32.dll
0x4a622c SHGetKnownFolderPath
0x4a6230 CommandLineToArgvW
SHLWAPI.dll
0x4a6238 StrCmpNIW
0x4a623c StrStrIW
ole32.dll
0x4a6264 StringFromGUID2
0x4a6268 CoCreateGuid
0x4a626c CoInitialize
0x4a6270 CoUninitialize
0x4a6274 CoTaskMemFree
ADVAPI32.dll
0x4a6000 RegGetValueW
CRYPT32.dll
0x4a6008 CryptStringToBinaryA
0x4a600c CryptUnprotectData
Wlanapi.dll
0x4a624c WlanGetProfileList
0x4a6250 WlanEnumInterfaces
0x4a6254 WlanOpenHandle
0x4a6258 WlanGetProfile
0x4a625c WlanCloseHandle
EAT(Export Address Table) is none