popup

Report - 4.exe

Generic Malware Malicious Packer UPX ftp PE32 PE File
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2024.11.24 19:18 Machine s1_win7_x6403
Filename 4.exe
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
AI Score
2
 Behavior Score
2.0
ZERO API file : clean
VT API (file) 47 detected (AIDetectMalware, LummaStealer, Cryptbot, Zusy, Unsafe, Vpvc, Attribute, HighConfidence, AGen, Malicious, MalwareX, CLOUD, Redcap, gerax, AMADEY, YXEKWZ, Detected, GrayWare, Wacapew, STOP, Malware@#3464c2brff3pi, 11NVU5L, Eldorado, Artemis, Floxif, FileInfector, Zbot, Genetic, GenericKD)
md5 4cf7ec59209b42a0bc261c8cc4e70a48
sha256 2e5e8a0087e49de9ba8df196bc71e3ac0d6c2ca6095ac3ff91205bd9d8eaf678
ssdeep 98304:pcuEoWQHAnRyKP6O2xxe5W42wWMlKL35:YRA0Z2OaMlW3
imphash 75e9a96c170d19e8c4564ec5026224f5
impfuzzy 96:ynmS5y29nBJW3hgv7bXsrxrG12o58xqJ4TGt99Gmrpkz4vU1jTxfbF7QJv:ymS02VBJW3hQniroyatfGY41j9g
  Network IP location

Signature (3cnts)

Level Description
danger File has been identified by 47 AntiVirus engines on VirusTotal as malicious
notice Checks adapter addresses which can be used to detect virtual network interfaces
notice Resolves a suspicious Top Level Domain (TLD)

Rules (6cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info ftp_command ftp command binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (1cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
home.sevkk17sr.top
whois
US GOOGLE 34.116.198.130 clean

Suricata ids

ET DNS Query to a *.top domain - Likely Hostile

PE API

IAT(Import Address Table) Library

ADVAPI32.dll
 0xb03714 CryptAcquireContextA
 0xb03718 CryptAcquireContextW
 0xb0371c CryptCreateHash
 0xb03720 CryptDecrypt
 0xb03724 CryptDestroyHash
 0xb03728 CryptDestroyKey
 0xb0372c CryptEnumProvidersW
 0xb03730 CryptExportKey
 0xb03734 CryptGenRandom
 0xb03738 CryptGetHashParam
 0xb0373c CryptGetProvParam
 0xb03740 CryptGetUserKey
 0xb03744 CryptHashData
 0xb03748 CryptReleaseContext
 0xb0374c CryptSetHashParam
 0xb03750 CryptSignHashW
 0xb03754 DeregisterEventSource
 0xb03758 RegCloseKey
 0xb0375c RegEnumKeyExA
 0xb03760 RegNotifyChangeKeyValue
 0xb03764 RegOpenKeyExA
 0xb03768 RegOpenKeyExW
 0xb0376c RegQueryValueExA
 0xb03770 RegisterEventSourceW
 0xb03774 ReportEventW
 0xb03778 SystemFunction036
crypt.dll
 0xb03780 BCryptGenRandom
CRYPT32.dll
 0xb03788 CertCloseStore
 0xb0378c CertDuplicateCertificateContext
 0xb03790 CertEnumCertificatesInStore
 0xb03794 CertFindCertificateInStore
 0xb03798 CertFreeCertificateContext
 0xb0379c CertGetCertificateContextProperty
 0xb037a0 CertGetEnhancedKeyUsage
 0xb037a4 CertGetIntendedKeyUsage
 0xb037a8 CertOpenStore
 0xb037ac CertOpenSystemStoreA
 0xb037b0 CertOpenSystemStoreW
IPHLPAPI.DLL
 0xb037b8 ConvertInterfaceIndexToLuid
 0xb037bc ConvertInterfaceLuidToNameA
 0xb037c0 FreeMibTable
 0xb037c4 GetAdaptersAddresses
 0xb037c8 GetBestRoute2
 0xb037cc GetUnicastIpAddressTable
 0xb037d0 if_indextoname
 0xb037d4 if_nametoindex
KERNEL32.dll
 0xb037dc AcquireSRWLockExclusive
 0xb037e0 CancelIo
 0xb037e4 CloseHandle
 0xb037e8 CompareFileTime
 0xb037ec ConvertFiberToThread
 0xb037f0 ConvertThreadToFiberEx
 0xb037f4 CreateEventA
 0xb037f8 CreateFiberEx
 0xb037fc CreateFileA
 0xb03800 CreateFileMappingA
 0xb03804 CreateIoCompletionPort
 0xb03808 CreateThread
 0xb0380c DeleteCriticalSection
 0xb03810 DeleteFiber
 0xb03814 EnterCriticalSection
 0xb03818 ExpandEnvironmentStringsA
 0xb0381c FindClose
 0xb03820 FindFirstFileW
 0xb03824 FindNextFileW
 0xb03828 FormatMessageW
 0xb0382c FreeLibrary
 0xb03830 GetACP
 0xb03834 GetConsoleMode
 0xb03838 GetCurrentProcessId
 0xb0383c GetCurrentThreadId
 0xb03840 GetEnvironmentVariableA
 0xb03844 GetEnvironmentVariableW
 0xb03848 GetFileAttributesA
 0xb0384c GetFileType
 0xb03850 GetLastError
 0xb03854 GetModuleHandleA
 0xb03858 GetModuleHandleExW
 0xb0385c GetModuleHandleW
 0xb03860 GetNativeSystemInfo
 0xb03864 GetOverlappedResult
 0xb03868 GetProcAddress
 0xb0386c GetProcessHeap
 0xb03870 GetQueuedCompletionStatusEx
 0xb03874 GetStartupInfoA
 0xb03878 GetStdHandle
 0xb0387c GetSystemDirectoryA
 0xb03880 GetSystemInfo
 0xb03884 GetSystemTime
 0xb03888 GetSystemTimeAsFileTime
 0xb0388c GetThreadLocale
 0xb03890 GetTickCount64
 0xb03894 GetTickCount
 0xb03898 GetTimeZoneInformation
 0xb0389c GetVersion
 0xb038a0 GetVersionExA
 0xb038a4 HeapAlloc
 0xb038a8 HeapFree
 0xb038ac InitializeConditionVariable
 0xb038b0 InitializeCriticalSection
 0xb038b4 IsBadReadPtr
 0xb038b8 IsDBCSLeadByteEx
 0xb038bc LeaveCriticalSection
 0xb038c0 LoadLibraryA
 0xb038c4 LoadLibraryW
 0xb038c8 MapViewOfFile
 0xb038cc MoveFileExA
 0xb038d0 MultiByteToWideChar
 0xb038d4 PeekNamedPipe
 0xb038d8 PostQueuedCompletionStatus
 0xb038dc QueryPerformanceCounter
 0xb038e0 QueryPerformanceFrequency
 0xb038e4 ReadConsoleA
 0xb038e8 ReadConsoleW
 0xb038ec ReadFile
 0xb038f0 RegisterWaitForSingleObject
 0xb038f4 ReleaseSRWLockExclusive
 0xb038f8 SetConsoleMode
 0xb038fc SetFileCompletionNotificationModes
 0xb03900 SetHandleInformation
 0xb03904 SetLastError
 0xb03908 SetUnhandledExceptionFilter
 0xb0390c Sleep
 0xb03910 SleepConditionVariableCS
 0xb03914 SleepEx
 0xb03918 SwitchToFiber
 0xb0391c SystemTimeToFileTime
 0xb03920 TlsGetValue
 0xb03924 UnmapViewOfFile
 0xb03928 UnregisterWait
 0xb0392c VerSetConditionMask
 0xb03930 VerifyVersionInfoW
 0xb03934 VirtualAlloc
 0xb03938 VirtualFree
 0xb0393c VirtualLock
 0xb03940 VirtualProtect
 0xb03944 VirtualQuery
 0xb03948 WaitForMultipleObjects
 0xb0394c WaitForSingleObject
 0xb03950 WaitNamedPipeA
 0xb03954 WakeAllConditionVariable
 0xb03958 WakeConditionVariable
 0xb0395c WideCharToMultiByte
 0xb03960 WriteFile
 0xb03964 lstrlenA
msvcrt.dll
 0xb0396c __mb_cur_max
 0xb03970 __setusermatherr
 0xb03974 _findclose
 0xb03978 _fullpath
 0xb0397c _lock
 0xb03980 _unlock
 0xb03984 getc
 0xb03988 islower
 0xb0398c isxdigit
 0xb03990 localeconv
 0xb03994 ungetc
 0xb03998 vfprintf
 0xb0399c _findnext
 0xb039a0 _findfirst
 0xb039a4 _open
api-ms-win-crt-convert-l1-1-0.dll
 0xb039ac atoi
 0xb039b0 mbstowcs
 0xb039b4 strtol
 0xb039b8 strtoll
 0xb039bc strtoul
 0xb039c0 wcstombs
api-ms-win-crt-environment-l1-1-0.dll
 0xb039c8 __p__environ
 0xb039cc __p__wenviron
 0xb039d0 getenv
api-ms-win-crt-filesystem-l1-1-0.dll
 0xb039d8 _fstat64
 0xb039dc _stat64
 0xb039e0 _unlink
api-ms-win-crt-heap-l1-1-0.dll
 0xb039e8 _set_new_mode
 0xb039ec calloc
 0xb039f0 free
 0xb039f4 malloc
 0xb039f8 realloc
api-ms-win-crt-locale-l1-1-0.dll
 0xb03a00 setlocale
api-ms-win-crt-math-l1-1-0.dll
 0xb03a08 _fdopen
api-ms-win-crt-private-l1-1-0.dll
 0xb03a10 memchr
 0xb03a14 memcmp
 0xb03a18 memcpy
 0xb03a1c memmove
 0xb03a20 strchr
 0xb03a24 strrchr
 0xb03a28 strstr
 0xb03a2c wcsstr
api-ms-win-crt-runtime-l1-1-0.dll
 0xb03a34 _set_app_type
 0xb03a38 __p___argc
 0xb03a3c __p___argv
 0xb03a40 __p___wargv
 0xb03a44 __p__acmdln
 0xb03a48 __sys_errlist
 0xb03a4c __sys_nerr
 0xb03a50 _assert
 0xb03a54 _cexit
 0xb03a58 _configure_narrow_argv
 0xb03a5c _configure_wide_argv
 0xb03a60 _crt_at_quick_exit
 0xb03a64 _crt_atexit
 0xb03a68 _errno
 0xb03a6c _exit
 0xb03a70 _fpreset
 0xb03a74 _initialize_narrow_environment
 0xb03a78 _initialize_wide_environment
 0xb03a7c _initterm
 0xb03a80 _set_invalid_parameter_handler
 0xb03a84 abort
 0xb03a88 exit
 0xb03a8c raise
 0xb03a90 signal
 0xb03a94 strerror
api-ms-win-crt-stdio-l1-1-0.dll
 0xb03a9c __acrt_iob_func
 0xb03aa0 __p__commode
 0xb03aa4 __p__fmode
 0xb03aa8 __stdio_common_vfwprintf
 0xb03aac __stdio_common_vsprintf
 0xb03ab0 __stdio_common_vsscanf
 0xb03ab4 __stdio_common_vswprintf
 0xb03ab8 _fileno
 0xb03abc _fseeki64
 0xb03ac0 _lseeki64
 0xb03ac4 _wfopen
 0xb03ac8 _write
 0xb03acc fclose
 0xb03ad0 feof
 0xb03ad4 ferror
 0xb03ad8 fflush
 0xb03adc fgets
 0xb03ae0 fopen
 0xb03ae4 fputc
 0xb03ae8 fputs
 0xb03aec fread
 0xb03af0 fseek
 0xb03af4 ftell
 0xb03af8 fwrite
 0xb03afc rewind
 0xb03b00 setvbuf
 0xb03b04 _write
 0xb03b08 _setmode
 0xb03b0c _read
 0xb03b10 _open
 0xb03b14 _fileno
 0xb03b18 _close
api-ms-win-crt-string-l1-1-0.dll
 0xb03b20 isspace
 0xb03b24 isupper
 0xb03b28 memset
 0xb03b2c strcat
 0xb03b30 strcmp
 0xb03b34 strcpy
 0xb03b38 strcspn
 0xb03b3c strlen
 0xb03b40 strncat
 0xb03b44 strncmp
 0xb03b48 strncpy
 0xb03b4c strpbrk
 0xb03b50 strspn
 0xb03b54 tolower
 0xb03b58 wcscmp
 0xb03b5c wcscpy
 0xb03b60 wcslen
 0xb03b64 _wcsnicmp
 0xb03b68 _stricmp
 0xb03b6c _strdup
 0xb03b70 _strdup
api-ms-win-crt-time-l1-1-0.dll
 0xb03b78 __daylight
 0xb03b7c __timezone
 0xb03b80 __tzname
 0xb03b84 _difftime32
 0xb03b88 _difftime64
 0xb03b8c _gmtime64
 0xb03b90 _mktime64
 0xb03b94 _time32
 0xb03b98 _time64
 0xb03b9c _tzset
 0xb03ba0 strftime
api-ms-win-crt-utility-l1-1-0.dll
 0xb03ba8 _byteswap_uint64
 0xb03bac search
 0xb03bb0 qsort
 0xb03bb4 rand
 0xb03bb8 srand
USER32.dll
 0xb03bc0 FindWindowA
 0xb03bc4 GetProcessWindowStation
 0xb03bc8 GetUserObjectInformationW
 0xb03bcc MessageBoxW
 0xb03bd0 SendMessageA
WS2_32.dll
 0xb03bd8 WSACleanup
 0xb03bdc WSACloseEvent
 0xb03be0 WSACreateEvent
 0xb03be4 WSAEnumNetworkEvents
 0xb03be8 WSAEventSelect
 0xb03bec WSAGetLastError
 0xb03bf0 WSAIoctl
 0xb03bf4 WSAResetEvent
 0xb03bf8 WSASetEvent
 0xb03bfc WSASetLastError
 0xb03c00 WSAStartup
 0xb03c04 WSAStringToAddressW
 0xb03c08 WSAWaitForMultipleEvents
 0xb03c0c __WSAFDIsSet
 0xb03c10 accept
 0xb03c14 ind
 0xb03c18 closesocket
 0xb03c1c connect
 0xb03c20 gethostbyaddr
 0xb03c24 gethostbyname
 0xb03c28 gethostname
 0xb03c2c getpeername
 0xb03c30 getservbyname
 0xb03c34 getservbyport
 0xb03c38 getsockname
 0xb03c3c getsockopt
 0xb03c40 htonl
 0xb03c44 htons
 0xb03c48 inet_addr
 0xb03c4c inet_ntoa
 0xb03c50 ioctlsocket
 0xb03c54 listen
 0xb03c58 ntohl
 0xb03c5c ntohs
 0xb03c60 recv
 0xb03c64 recvfrom
 0xb03c68 select
 0xb03c6c send
 0xb03c70 sendto
 0xb03c74 setsockopt
 0xb03c78 shutdown
 0xb03c7c socket

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure