ScreenShot
| Created | 2024.11.20 09:19 | Machine | s1_win7_x6403 |
| Filename | blecher.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 339ae0260481a7cf89f3f5e3d506ff37 | ||
| sha256 | 71201202878157570c3be3e6a6e3022a194e9e879872c916e3c62e72cb661ba8 | ||
| ssdeep | 24576:rmCkR8pID8IfP0RLao4ur1ASah0lhSMXluuQfkaTVMLGbwo3rPzULXKUxTgtdSq:rzkRrf8RLao4weuQM/LDkrPaX3C | ||
| imphash | 096dde8aae1c709cab8eec54c5073534 | ||
| impfuzzy | 96:4D8bdLoq9+utOV8CAIWjSrBGHDWeDChBwZ:BZP2JWOhaZ | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
ntdll.dll
0x1400863c8 RtlImageDirectoryEntryToData
0x1400863d0 RtlAdjustPrivilege
0x1400863d8 NtRaiseHardError
0x1400863e0 RtlLeaveCriticalSection
0x1400863e8 RtlEnterCriticalSection
0x1400863f0 RtlCompareMemory
0x1400863f8 NtProtectVirtualMemory
0x140086400 RtlImageNtHeader
0x140086408 NtQueryVirtualMemory
0x140086410 RtlGetNtVersionNumbers
KERNEL32.dll
0x140086018 FreeEnvironmentStringsW
0x140086020 GetEnvironmentStringsW
0x140086028 FindNextFileW
0x140086030 FindFirstFileExW
0x140086038 VirtualFree
0x140086040 VirtualAlloc
0x140086048 GetModuleHandleW
0x140086050 LoadLibraryA
0x140086058 ReadFile
0x140086060 WriteFile
0x140086068 CreateFileW
0x140086070 UnmapViewOfFile
0x140086078 CloseHandle
0x140086080 CreateFileMappingW
0x140086088 MapViewOfFile
0x140086090 GetProcAddress
0x140086098 GetCurrentProcess
0x1400860a0 FlushInstructionCache
0x1400860a8 VirtualQuery
0x1400860b0 WriteProcessMemory
0x1400860b8 EnterCriticalSection
0x1400860c0 GetModuleFileNameW
0x1400860c8 LeaveCriticalSection
0x1400860d0 GetModuleHandleA
0x1400860d8 MultiByteToWideChar
0x1400860e0 ExitProcess
0x1400860e8 WideCharToMultiByte
0x1400860f0 GetTickCount
0x1400860f8 GetLastError
0x140086100 VirtualProtect
0x140086108 VirtualQueryEx
0x140086110 ReadProcessMemory
0x140086118 GetSystemInfo
0x140086120 InitializeCriticalSection
0x140086128 DeleteCriticalSection
0x140086130 SetLastError
0x140086138 RtlCaptureContext
0x140086140 RtlLookupFunctionEntry
0x140086148 RtlVirtualUnwind
0x140086150 IsDebuggerPresent
0x140086158 UnhandledExceptionFilter
0x140086160 SetUnhandledExceptionFilter
0x140086168 TerminateProcess
0x140086170 IsProcessorFeaturePresent
0x140086178 GetSystemTimeAsFileTime
0x140086180 GetCommandLineA
0x140086188 GetCommandLineW
0x140086190 HeapAlloc
0x140086198 HeapFree
0x1400861a0 GetCurrentThreadId
0x1400861a8 GetStdHandle
0x1400861b0 GetFileType
0x1400861b8 GetStartupInfoW
0x1400861c0 RaiseException
0x1400861c8 FlsAlloc
0x1400861d0 FlsSetValue
0x1400861d8 FlsFree
0x1400861e0 InitializeCriticalSectionAndSpinCount
0x1400861e8 FreeLibrary
0x1400861f0 LoadLibraryExW
0x1400861f8 LCMapStringW
0x140086200 GetLocaleInfoW
0x140086208 IsValidLocale
0x140086210 GetUserDefaultLCID
0x140086218 EnumSystemLocalesW
0x140086220 HeapReAlloc
0x140086228 HeapSize
0x140086230 GetCPInfo
0x140086238 GetStringTypeW
0x140086240 IsValidCodePage
0x140086248 GetACP
0x140086250 GetModuleHandleExW
0x140086258 GetConsoleOutputCP
0x140086260 GetConsoleMode
0x140086268 GetFileSizeEx
0x140086270 SetFilePointerEx
0x140086278 GetProcessHeap
0x140086280 SetStdHandle
0x140086288 ReadConsoleW
0x140086290 FlushFileBuffers
0x140086298 WriteConsoleW
0x1400862a0 ReleaseSRWLockExclusive
0x1400862a8 AcquireSRWLockExclusive
0x1400862b0 QueryPerformanceCounter
0x1400862b8 GetCurrentProcessId
0x1400862c0 InitializeSListHead
0x1400862c8 RtlUnwindEx
0x1400862d0 RtlPcToFileHeader
0x1400862d8 RtlUnwind
0x1400862e0 EncodePointer
0x1400862e8 TlsAlloc
0x1400862f0 TlsGetValue
0x1400862f8 TlsSetValue
0x140086300 TlsFree
0x140086308 FindClose
0x140086310 LCMapStringEx
0x140086318 LocalFree
0x140086320 DecodePointer
0x140086328 InitializeCriticalSectionEx
0x140086330 FlsGetValue
0x140086338 GetOEMCP
0x140086340 QueryPerformanceFrequency
0x140086348 TryAcquireSRWLockExclusive
USER32.dll
0x1400863a0 LoadAcceleratorsW
0x1400863a8 LoadAcceleratorsA
ADVAPI32.dll
0x140086000 GetTokenInformation
0x140086008 OpenProcessToken
OLEAUT32.dll
0x140086358 SysAllocString
0x140086360 SafeArrayPutElement
0x140086368 SafeArrayUnaccessData
0x140086370 SafeArrayCreate
0x140086378 SafeArrayCreateVector
0x140086380 SafeArrayAccessData
0x140086388 SysFreeString
0x140086390 SafeArrayDestroy
mscoree.dll
0x1400863b8 CLRCreateInstance
EAT(Export Address Table) is none
ntdll.dll
0x1400863c8 RtlImageDirectoryEntryToData
0x1400863d0 RtlAdjustPrivilege
0x1400863d8 NtRaiseHardError
0x1400863e0 RtlLeaveCriticalSection
0x1400863e8 RtlEnterCriticalSection
0x1400863f0 RtlCompareMemory
0x1400863f8 NtProtectVirtualMemory
0x140086400 RtlImageNtHeader
0x140086408 NtQueryVirtualMemory
0x140086410 RtlGetNtVersionNumbers
KERNEL32.dll
0x140086018 FreeEnvironmentStringsW
0x140086020 GetEnvironmentStringsW
0x140086028 FindNextFileW
0x140086030 FindFirstFileExW
0x140086038 VirtualFree
0x140086040 VirtualAlloc
0x140086048 GetModuleHandleW
0x140086050 LoadLibraryA
0x140086058 ReadFile
0x140086060 WriteFile
0x140086068 CreateFileW
0x140086070 UnmapViewOfFile
0x140086078 CloseHandle
0x140086080 CreateFileMappingW
0x140086088 MapViewOfFile
0x140086090 GetProcAddress
0x140086098 GetCurrentProcess
0x1400860a0 FlushInstructionCache
0x1400860a8 VirtualQuery
0x1400860b0 WriteProcessMemory
0x1400860b8 EnterCriticalSection
0x1400860c0 GetModuleFileNameW
0x1400860c8 LeaveCriticalSection
0x1400860d0 GetModuleHandleA
0x1400860d8 MultiByteToWideChar
0x1400860e0 ExitProcess
0x1400860e8 WideCharToMultiByte
0x1400860f0 GetTickCount
0x1400860f8 GetLastError
0x140086100 VirtualProtect
0x140086108 VirtualQueryEx
0x140086110 ReadProcessMemory
0x140086118 GetSystemInfo
0x140086120 InitializeCriticalSection
0x140086128 DeleteCriticalSection
0x140086130 SetLastError
0x140086138 RtlCaptureContext
0x140086140 RtlLookupFunctionEntry
0x140086148 RtlVirtualUnwind
0x140086150 IsDebuggerPresent
0x140086158 UnhandledExceptionFilter
0x140086160 SetUnhandledExceptionFilter
0x140086168 TerminateProcess
0x140086170 IsProcessorFeaturePresent
0x140086178 GetSystemTimeAsFileTime
0x140086180 GetCommandLineA
0x140086188 GetCommandLineW
0x140086190 HeapAlloc
0x140086198 HeapFree
0x1400861a0 GetCurrentThreadId
0x1400861a8 GetStdHandle
0x1400861b0 GetFileType
0x1400861b8 GetStartupInfoW
0x1400861c0 RaiseException
0x1400861c8 FlsAlloc
0x1400861d0 FlsSetValue
0x1400861d8 FlsFree
0x1400861e0 InitializeCriticalSectionAndSpinCount
0x1400861e8 FreeLibrary
0x1400861f0 LoadLibraryExW
0x1400861f8 LCMapStringW
0x140086200 GetLocaleInfoW
0x140086208 IsValidLocale
0x140086210 GetUserDefaultLCID
0x140086218 EnumSystemLocalesW
0x140086220 HeapReAlloc
0x140086228 HeapSize
0x140086230 GetCPInfo
0x140086238 GetStringTypeW
0x140086240 IsValidCodePage
0x140086248 GetACP
0x140086250 GetModuleHandleExW
0x140086258 GetConsoleOutputCP
0x140086260 GetConsoleMode
0x140086268 GetFileSizeEx
0x140086270 SetFilePointerEx
0x140086278 GetProcessHeap
0x140086280 SetStdHandle
0x140086288 ReadConsoleW
0x140086290 FlushFileBuffers
0x140086298 WriteConsoleW
0x1400862a0 ReleaseSRWLockExclusive
0x1400862a8 AcquireSRWLockExclusive
0x1400862b0 QueryPerformanceCounter
0x1400862b8 GetCurrentProcessId
0x1400862c0 InitializeSListHead
0x1400862c8 RtlUnwindEx
0x1400862d0 RtlPcToFileHeader
0x1400862d8 RtlUnwind
0x1400862e0 EncodePointer
0x1400862e8 TlsAlloc
0x1400862f0 TlsGetValue
0x1400862f8 TlsSetValue
0x140086300 TlsFree
0x140086308 FindClose
0x140086310 LCMapStringEx
0x140086318 LocalFree
0x140086320 DecodePointer
0x140086328 InitializeCriticalSectionEx
0x140086330 FlsGetValue
0x140086338 GetOEMCP
0x140086340 QueryPerformanceFrequency
0x140086348 TryAcquireSRWLockExclusive
USER32.dll
0x1400863a0 LoadAcceleratorsW
0x1400863a8 LoadAcceleratorsA
ADVAPI32.dll
0x140086000 GetTokenInformation
0x140086008 OpenProcessToken
OLEAUT32.dll
0x140086358 SysAllocString
0x140086360 SafeArrayPutElement
0x140086368 SafeArrayUnaccessData
0x140086370 SafeArrayCreate
0x140086378 SafeArrayCreateVector
0x140086380 SafeArrayAccessData
0x140086388 SysFreeString
0x140086390 SafeArrayDestroy
mscoree.dll
0x1400863b8 CLRCreateInstance
EAT(Export Address Table) is none