ScreenShot
| Created | 2024.11.13 13:58 | Machine | s1_win7_x6403 |
| Filename | MJPVgHw.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 55 detected (Common, Androm, Malicious, score, Infected, Artemis, Unsafe, Mikey, confidence, 100%, Genus, Attribute, HighConfidence, high confidence, MalwareX, vtbt, kthnza, uGYVIXwGFbQ, Nekark, ersvn, Siggen29, moderate, Static AI, Malicious PE, Detected, Wacatac, Malware@#ct2zyii2g0b7, ABTrojan, WYCP, Tnaket, Chgt, Gencirc, 7kcNxiEd0tU, Tinukebot, susgen) | ||
| md5 | 5523f28f2224dde8d74286b09146bb47 | ||
| sha256 | b2f9c3002820fa654f514db1779c55a606ec8c164b744aacb9e886a7e1e7c4d9 | ||
| ssdeep | 6144:+nNuJp9FtYk5k3uZElT63edWRK9Izm/sHgo2TW:+nMp9AYqtoKapHgo2a | ||
| imphash | 32fbf5b10b16ec517b227ff71a382b38 | ||
| impfuzzy | 48:oAMHhNYuL5lX6ZbKoyh6OgqcpV69g8YyFZ7:oAMHhNYuLvX6Zmo26RqcpV+g8Yyz | ||
Network IP location
Signature (23cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 55 AntiVirus engines on VirusTotal as malicious |
| danger | Executed a process and injected code into it |
| watch | Attempts to disable SPDY support in Firefox to improve web infostealing capability |
| watch | Attempts to modify Explorer settings to prevent hidden files from being displayed |
| watch | Installs itself for autorun at Windows startup |
| watch | Modifies the Firefox configuration file |
| watch | One or more of the buffers contains an embedded PE file |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | Used NtSetContextThread to modify a thread in a remote process indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates a shortcut to an executable file |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | Creates hidden or system file |
| notice | One or more potentially interesting buffers were extracted |
| notice | Repeatedly searches for a not-found process |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | Yara rule detected in process memory |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | Queries for the computername |
Rules (23cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | Code_injection | Code injection with CreateRemoteThread in a remote process | memory |
| notice | Escalate_priviledges | Escalate priviledges | memory |
| notice | Network_HTTP | Communications over HTTP | memory |
| notice | Persistence | Install itself for autorun at Windows startup | memory |
| notice | Str_Win32_Http_API | Match Windows Http API call | memory |
| notice | Str_Win32_Internet_API | Match Windows Inet API call | memory |
| info | anti_dbg | Checks if being debugged | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE64 | (no description) | binaries (upload) |
| info | lnk_file_format | Microsoft Windows Shortcut File Format | binaries (download) |
| info | Lnk_Format_Zero | LNK Format | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
OLEAUT32.dll
0x1400213b0 VariantClear
KERNEL32.dll
0x140021000 EnumSystemLocalesEx
0x140021008 IsValidLocaleName
0x140021010 LCMapStringEx
0x140021018 GetUserDefaultLocaleName
0x140021020 FreeEnvironmentStringsW
0x140021028 GetEnvironmentStringsW
0x140021030 QueryPerformanceCounter
0x140021038 FlsFree
0x140021040 FlsSetValue
0x140021048 FlsGetValue
0x140021050 FlsAlloc
0x140021058 SetUnhandledExceptionFilter
0x140021060 UnhandledExceptionFilter
0x140021068 RtlVirtualUnwind
0x140021070 RtlCaptureContext
0x140021078 LoadLibraryExW
0x140021080 ReadConsoleW
0x140021088 SetStdHandle
0x140021090 WriteConsoleW
0x140021098 OutputDebugStringW
0x1400210a0 LocalFree
0x1400210a8 GetTickCount64
0x1400210b0 SetEndOfFile
0x1400210b8 GetConsoleMode
0x1400210c0 GetConsoleCP
0x1400210c8 FlushFileBuffers
0x1400210d0 SetFilePointerEx
0x1400210d8 GetThreadContext
0x1400210e0 GetTempFileNameW
0x1400210e8 GetFileSize
0x1400210f0 SetThreadContext
0x1400210f8 SetFilePointer
0x140021100 FreeLibrary
0x140021108 GetCurrentProcess
0x140021110 WaitForSingleObject
0x140021118 WriteFile
0x140021120 OpenProcess
0x140021128 GetSystemDirectoryW
0x140021130 LoadLibraryW
0x140021138 GetModuleFileNameW
0x140021140 CreateFileW
0x140021148 GetTempPathW
0x140021150 GetLastError
0x140021158 GetProcAddress
0x140021160 VirtualAllocEx
0x140021168 LoadLibraryA
0x140021170 GetModuleHandleA
0x140021178 lstrcatW
0x140021180 Wow64SetThreadContext
0x140021188 CloseHandle
0x140021190 WriteProcessMemory
0x140021198 ResumeThread
0x1400211a0 Wow64GetThreadContext
0x1400211a8 CreateThread
0x1400211b0 HeapAlloc
0x1400211b8 GetProcessHeap
0x1400211c0 Sleep
0x1400211c8 CreateRemoteThread
0x1400211d0 CreateToolhelp32Snapshot
0x1400211d8 VirtualProtectEx
0x1400211e0 VirtualProtect
0x1400211e8 ExitProcess
0x1400211f0 CreateMutexA
0x1400211f8 HeapReAlloc
0x140021200 CreateFileA
0x140021208 FindFirstFileW
0x140021210 MapViewOfFile
0x140021218 UnmapViewOfFile
0x140021220 CompareFileTime
0x140021228 HeapFree
0x140021230 GetModuleHandleW
0x140021238 GetProcessTimes
0x140021240 GetFileAttributesA
0x140021248 TerminateProcess
0x140021250 ReadFile
0x140021258 lstrcatA
0x140021260 MultiByteToWideChar
0x140021268 CreateDirectoryA
0x140021270 CopyFileA
0x140021278 SetFileAttributesA
0x140021280 Process32FirstW
0x140021288 CreateFileMappingA
0x140021290 GetModuleFileNameA
0x140021298 Process32NextW
0x1400212a0 IsDebuggerPresent
0x1400212a8 FindNextFileW
0x1400212b0 DeleteFileW
0x1400212b8 ExpandEnvironmentStringsW
0x1400212c0 WideCharToMultiByte
0x1400212c8 GetStringTypeW
0x1400212d0 EncodePointer
0x1400212d8 DecodePointer
0x1400212e0 EnterCriticalSection
0x1400212e8 LeaveCriticalSection
0x1400212f0 InitializeCriticalSectionEx
0x1400212f8 DeleteCriticalSection
0x140021300 GetLocaleInfoEx
0x140021308 GetCPInfo
0x140021310 IsProcessorFeaturePresent
0x140021318 GetSystemTimeAsFileTime
0x140021320 GetCommandLineW
0x140021328 RtlPcToFileHeader
0x140021330 RaiseException
0x140021338 RtlLookupFunctionEntry
0x140021340 RtlUnwindEx
0x140021348 InitializeCriticalSectionAndSpinCount
0x140021350 GetModuleHandleExW
0x140021358 HeapSize
0x140021360 IsValidCodePage
0x140021368 GetACP
0x140021370 GetOEMCP
0x140021378 SetLastError
0x140021380 GetCurrentThreadId
0x140021388 GetStdHandle
0x140021390 GetFileType
0x140021398 InitOnceExecuteOnce
0x1400213a0 GetStartupInfoW
EAT(Export Address Table) is none
OLEAUT32.dll
0x1400213b0 VariantClear
KERNEL32.dll
0x140021000 EnumSystemLocalesEx
0x140021008 IsValidLocaleName
0x140021010 LCMapStringEx
0x140021018 GetUserDefaultLocaleName
0x140021020 FreeEnvironmentStringsW
0x140021028 GetEnvironmentStringsW
0x140021030 QueryPerformanceCounter
0x140021038 FlsFree
0x140021040 FlsSetValue
0x140021048 FlsGetValue
0x140021050 FlsAlloc
0x140021058 SetUnhandledExceptionFilter
0x140021060 UnhandledExceptionFilter
0x140021068 RtlVirtualUnwind
0x140021070 RtlCaptureContext
0x140021078 LoadLibraryExW
0x140021080 ReadConsoleW
0x140021088 SetStdHandle
0x140021090 WriteConsoleW
0x140021098 OutputDebugStringW
0x1400210a0 LocalFree
0x1400210a8 GetTickCount64
0x1400210b0 SetEndOfFile
0x1400210b8 GetConsoleMode
0x1400210c0 GetConsoleCP
0x1400210c8 FlushFileBuffers
0x1400210d0 SetFilePointerEx
0x1400210d8 GetThreadContext
0x1400210e0 GetTempFileNameW
0x1400210e8 GetFileSize
0x1400210f0 SetThreadContext
0x1400210f8 SetFilePointer
0x140021100 FreeLibrary
0x140021108 GetCurrentProcess
0x140021110 WaitForSingleObject
0x140021118 WriteFile
0x140021120 OpenProcess
0x140021128 GetSystemDirectoryW
0x140021130 LoadLibraryW
0x140021138 GetModuleFileNameW
0x140021140 CreateFileW
0x140021148 GetTempPathW
0x140021150 GetLastError
0x140021158 GetProcAddress
0x140021160 VirtualAllocEx
0x140021168 LoadLibraryA
0x140021170 GetModuleHandleA
0x140021178 lstrcatW
0x140021180 Wow64SetThreadContext
0x140021188 CloseHandle
0x140021190 WriteProcessMemory
0x140021198 ResumeThread
0x1400211a0 Wow64GetThreadContext
0x1400211a8 CreateThread
0x1400211b0 HeapAlloc
0x1400211b8 GetProcessHeap
0x1400211c0 Sleep
0x1400211c8 CreateRemoteThread
0x1400211d0 CreateToolhelp32Snapshot
0x1400211d8 VirtualProtectEx
0x1400211e0 VirtualProtect
0x1400211e8 ExitProcess
0x1400211f0 CreateMutexA
0x1400211f8 HeapReAlloc
0x140021200 CreateFileA
0x140021208 FindFirstFileW
0x140021210 MapViewOfFile
0x140021218 UnmapViewOfFile
0x140021220 CompareFileTime
0x140021228 HeapFree
0x140021230 GetModuleHandleW
0x140021238 GetProcessTimes
0x140021240 GetFileAttributesA
0x140021248 TerminateProcess
0x140021250 ReadFile
0x140021258 lstrcatA
0x140021260 MultiByteToWideChar
0x140021268 CreateDirectoryA
0x140021270 CopyFileA
0x140021278 SetFileAttributesA
0x140021280 Process32FirstW
0x140021288 CreateFileMappingA
0x140021290 GetModuleFileNameA
0x140021298 Process32NextW
0x1400212a0 IsDebuggerPresent
0x1400212a8 FindNextFileW
0x1400212b0 DeleteFileW
0x1400212b8 ExpandEnvironmentStringsW
0x1400212c0 WideCharToMultiByte
0x1400212c8 GetStringTypeW
0x1400212d0 EncodePointer
0x1400212d8 DecodePointer
0x1400212e0 EnterCriticalSection
0x1400212e8 LeaveCriticalSection
0x1400212f0 InitializeCriticalSectionEx
0x1400212f8 DeleteCriticalSection
0x140021300 GetLocaleInfoEx
0x140021308 GetCPInfo
0x140021310 IsProcessorFeaturePresent
0x140021318 GetSystemTimeAsFileTime
0x140021320 GetCommandLineW
0x140021328 RtlPcToFileHeader
0x140021330 RaiseException
0x140021338 RtlLookupFunctionEntry
0x140021340 RtlUnwindEx
0x140021348 InitializeCriticalSectionAndSpinCount
0x140021350 GetModuleHandleExW
0x140021358 HeapSize
0x140021360 IsValidCodePage
0x140021368 GetACP
0x140021370 GetOEMCP
0x140021378 SetLastError
0x140021380 GetCurrentThreadId
0x140021388 GetStdHandle
0x140021390 GetFileType
0x140021398 InitOnceExecuteOnce
0x1400213a0 GetStartupInfoW
EAT(Export Address Table) is none