Report - AD.exe

Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check
ScreenShot
Created 2024.12.24 15:05 Machine s1_win7_x6401
Filename AD.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score Not founds Behavior Score
2.2
ZERO API file : clean
VT API (file) 55 detected (AIDetectMalware, Malicious, score, Remcos, Unsafe, Save, confidence, Genus, Attribute, HighConfidence, Windows, Rescoms, RATX, ktfuyr, Kryptik, CLASSIC, Real Protect, Static AI, Suspicious PE, Detected, Eldorado, R679222, BScope, Genetic, MI4yhsw8j7Q, susgen)
md5 877cefe82dcee5f8e9961f020a636b2b
sha256 1dbed0d9e6e038241961c9a1b4908b500f555d3b95117dd1b3118d5af46afd1c
ssdeep 12288:luD09AUkNIGBYYv4eK13x13nZHSRVMf139F5wIB7+IwtHwBtVxbesvZDSS+DY:I09AfNIEYsunZvZ19ZFs
imphash e77512f955eaf60ccff45e02d69234de
impfuzzy 96:V2SzrmXNGLHcp+hDGkYiSLEGLY7xVex9KNUIS7KgKd1dJaeD/c:QtdQYzL4x4XFiPa4c
  Network IP location

Signature (3cnts)

Level Description
danger File has been identified by 55 AntiVirus engines on VirusTotal as malicious
watch Creates a windows hook that monitors keyboard input (keylogger)
notice A process attempted to delay the analysis task.

Rules (9cnts)

Level Name Description Collection
danger infoStealer_browser_b_Zero browser info stealer binaries (upload)
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (upload)
watch Network_Downloader File Downloader binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (1cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
newstaticfreepoint24.ddns-ip.net CO EPM Telecomunicaciones S.A. E.S.P. 181.131.217.244 clean

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x4570b4 ExpandEnvironmentStringsA
 0x4570b8 GetLongPathNameW
 0x4570bc CopyFileW
 0x4570c0 GetLocaleInfoA
 0x4570c4 CreateToolhelp32Snapshot
 0x4570c8 Process32NextW
 0x4570cc Process32FirstW
 0x4570d0 VirtualProtect
 0x4570d4 SetLastError
 0x4570d8 VirtualFree
 0x4570dc VirtualAlloc
 0x4570e0 LoadLibraryA
 0x4570e4 GetNativeSystemInfo
 0x4570e8 HeapAlloc
 0x4570ec GetProcessHeap
 0x4570f0 FreeLibrary
 0x4570f4 IsBadReadPtr
 0x4570f8 GetTempPathW
 0x4570fc OpenProcess
 0x457100 OpenMutexA
 0x457104 lstrcatW
 0x457108 GetCurrentProcessId
 0x45710c GetTempFileNameW
 0x457110 GetSystemDirectoryA
 0x457114 GlobalAlloc
 0x457118 GlobalLock
 0x45711c GetTickCount
 0x457120 GlobalUnlock
 0x457124 WriteProcessMemory
 0x457128 ResumeThread
 0x45712c GetThreadContext
 0x457130 ReadProcessMemory
 0x457134 CreateProcessW
 0x457138 SetThreadContext
 0x45713c LocalAlloc
 0x457140 GlobalFree
 0x457144 MulDiv
 0x457148 SizeofResource
 0x45714c QueryDosDeviceW
 0x457150 FindFirstVolumeW
 0x457154 GetConsoleScreenBufferInfo
 0x457158 SetConsoleTextAttribute
 0x45715c lstrlenW
 0x457160 GetStdHandle
 0x457164 SetFilePointer
 0x457168 FindResourceA
 0x45716c LockResource
 0x457170 LoadResource
 0x457174 LocalFree
 0x457178 FindVolumeClose
 0x45717c GetVolumePathNamesForVolumeNameW
 0x457180 lstrcpyW
 0x457184 SetConsoleOutputCP
 0x457188 FormatMessageA
 0x45718c FindFirstFileA
 0x457190 AllocConsole
 0x457194 lstrcmpW
 0x457198 GetModuleFileNameA
 0x45719c lstrcpynA
 0x4571a0 QueryPerformanceFrequency
 0x4571a4 QueryPerformanceCounter
 0x4571a8 EnterCriticalSection
 0x4571ac LeaveCriticalSection
 0x4571b0 InitializeCriticalSection
 0x4571b4 DeleteCriticalSection
 0x4571b8 HeapSize
 0x4571bc WriteConsoleW
 0x4571c0 SetStdHandle
 0x4571c4 SetEnvironmentVariableW
 0x4571c8 SetEnvironmentVariableA
 0x4571cc FreeEnvironmentStringsW
 0x4571d0 GetEnvironmentStringsW
 0x4571d4 GetCommandLineW
 0x4571d8 GetCommandLineA
 0x4571dc GetOEMCP
 0x4571e0 IsValidCodePage
 0x4571e4 FindFirstFileExA
 0x4571e8 HeapReAlloc
 0x4571ec ReadConsoleW
 0x4571f0 GetConsoleMode
 0x4571f4 GetConsoleCP
 0x4571f8 FlushFileBuffers
 0x4571fc GetFileType
 0x457200 GetTimeZoneInformation
 0x457204 EnumSystemLocalesW
 0x457208 GetUserDefaultLCID
 0x45720c IsValidLocale
 0x457210 GetTimeFormatW
 0x457214 GetDateFormatW
 0x457218 GetACP
 0x45721c GetModuleHandleExW
 0x457220 MoveFileExW
 0x457224 LoadLibraryExW
 0x457228 RaiseException
 0x45722c RtlUnwind
 0x457230 GetCPInfo
 0x457234 GetStringTypeW
 0x457238 GetLocaleInfoW
 0x45723c LCMapStringW
 0x457240 CompareStringW
 0x457244 MultiByteToWideChar
 0x457248 DecodePointer
 0x45724c EncodePointer
 0x457250 TlsFree
 0x457254 TlsSetValue
 0x457258 GetFileSize
 0x45725c TerminateThread
 0x457260 GetLastError
 0x457264 GetModuleHandleA
 0x457268 RemoveDirectoryW
 0x45726c MoveFileW
 0x457270 SetFilePointerEx
 0x457274 CreateDirectoryW
 0x457278 GetLogicalDriveStringsA
 0x45727c DeleteFileW
 0x457280 FindNextFileA
 0x457284 DeleteFileA
 0x457288 SetFileAttributesW
 0x45728c GetFileAttributesW
 0x457290 FindClose
 0x457294 lstrlenA
 0x457298 GetDriveTypeA
 0x45729c FindNextFileW
 0x4572a0 GetFileSizeEx
 0x4572a4 FindFirstFileW
 0x4572a8 GetModuleHandleW
 0x4572ac ExitProcess
 0x4572b0 GetProcAddress
 0x4572b4 CreateMutexA
 0x4572b8 GetCurrentProcess
 0x4572bc CreateProcessA
 0x4572c0 PeekNamedPipe
 0x4572c4 CreatePipe
 0x4572c8 TerminateProcess
 0x4572cc ReadFile
 0x4572d0 HeapFree
 0x4572d4 HeapCreate
 0x4572d8 CreateEventA
 0x4572dc GetLocalTime
 0x4572e0 CreateThread
 0x4572e4 SetEvent
 0x4572e8 CreateEventW
 0x4572ec WaitForSingleObject
 0x4572f0 Sleep
 0x4572f4 GetModuleFileNameW
 0x4572f8 CloseHandle
 0x4572fc ExitThread
 0x457300 CreateFileW
 0x457304 WriteFile
 0x457308 FindNextVolumeW
 0x45730c TlsGetValue
 0x457310 TlsAlloc
 0x457314 SwitchToThread
 0x457318 WideCharToMultiByte
 0x45731c InitializeSListHead
 0x457320 GetSystemTimeAsFileTime
 0x457324 GetCurrentThreadId
 0x457328 IsProcessorFeaturePresent
 0x45732c GetStartupInfoW
 0x457330 SetUnhandledExceptionFilter
 0x457334 UnhandledExceptionFilter
 0x457338 IsDebuggerPresent
 0x45733c WaitForSingleObjectEx
 0x457340 ResetEvent
 0x457344 InitializeCriticalSectionAndSpinCount
 0x457348 SetEndOfFile
USER32.dll
 0x457374 DefWindowProcA
 0x457378 TranslateMessage
 0x45737c DispatchMessageA
 0x457380 GetMessageA
 0x457384 GetWindowTextW
 0x457388 wsprintfW
 0x45738c GetClipboardData
 0x457390 UnhookWindowsHookEx
 0x457394 GetForegroundWindow
 0x457398 ToUnicodeEx
 0x45739c GetKeyboardLayout
 0x4573a0 SetWindowsHookExA
 0x4573a4 CloseClipboard
 0x4573a8 OpenClipboard
 0x4573ac GetKeyboardState
 0x4573b0 CallNextHookEx
 0x4573b4 GetKeyboardLayoutNameA
 0x4573b8 GetKeyState
 0x4573bc GetWindowTextLengthW
 0x4573c0 GetWindowThreadProcessId
 0x4573c4 SetForegroundWindow
 0x4573c8 SetClipboardData
 0x4573cc EnumWindows
 0x4573d0 ExitWindowsEx
 0x4573d4 EmptyClipboard
 0x4573d8 ShowWindow
 0x4573dc SetWindowTextW
 0x4573e0 MessageBoxW
 0x4573e4 IsWindowVisible
 0x4573e8 CreateWindowExA
 0x4573ec SendInput
 0x4573f0 EnumDisplaySettingsW
 0x4573f4 mouse_event
 0x4573f8 MapVirtualKeyA
 0x4573fc TrackPopupMenu
 0x457400 CreatePopupMenu
 0x457404 AppendMenuA
 0x457408 RegisterClassExA
 0x45740c GetCursorPos
 0x457410 SystemParametersInfoW
 0x457414 GetIconInfo
 0x457418 GetSystemMetrics
 0x45741c CloseWindow
 0x457420 DrawIcon
GDI32.dll
 0x457088 BitBlt
 0x45708c CreateCompatibleBitmap
 0x457090 CreateCompatibleDC
 0x457094 StretchBlt
 0x457098 GetDIBits
 0x45709c DeleteDC
 0x4570a0 DeleteObject
 0x4570a4 CreateDCA
 0x4570a8 GetObjectA
 0x4570ac SelectObject
ADVAPI32.dll
 0x457000 LookupPrivilegeValueA
 0x457004 CryptAcquireContextA
 0x457008 CryptGenRandom
 0x45700c CryptReleaseContext
 0x457010 GetUserNameW
 0x457014 RegEnumKeyExA
 0x457018 QueryServiceStatus
 0x45701c CloseServiceHandle
 0x457020 OpenSCManagerW
 0x457024 OpenSCManagerA
 0x457028 ControlService
 0x45702c StartServiceW
 0x457030 QueryServiceConfigW
 0x457034 ChangeServiceConfigW
 0x457038 OpenServiceW
 0x45703c EnumServicesStatusW
 0x457040 AdjustTokenPrivileges
 0x457044 RegDeleteKeyA
 0x457048 OpenProcessToken
 0x45704c RegCreateKeyA
 0x457050 RegCloseKey
 0x457054 RegQueryInfoKeyW
 0x457058 RegQueryValueExA
 0x45705c RegCreateKeyExW
 0x457060 RegEnumKeyExW
 0x457064 RegSetValueExW
 0x457068 RegSetValueExA
 0x45706c RegOpenKeyExA
 0x457070 RegOpenKeyExW
 0x457074 RegCreateKeyW
 0x457078 RegDeleteValueW
 0x45707c RegEnumValueW
 0x457080 RegQueryValueExW
SHELL32.dll
 0x457350 ShellExecuteExA
 0x457354 Shell_NotifyIconA
 0x457358 ExtractIconA
 0x45735c ShellExecuteW
ole32.dll
 0x4574d8 CoInitializeEx
 0x4574dc CoGetObject
 0x4574e0 CoUninitialize
SHLWAPI.dll
 0x457364 StrToIntA
 0x457368 PathFileExistsW
 0x45736c PathFileExistsA
WINMM.dll
 0x45743c mciSendStringA
 0x457440 mciSendStringW
 0x457444 waveInClose
 0x457448 waveInStop
 0x45744c waveInStart
 0x457450 waveInUnprepareHeader
 0x457454 waveInOpen
 0x457458 waveInAddBuffer
 0x45745c waveInPrepareHeader
 0x457460 PlaySoundW
WS2_32.dll
 0x457468 send
 0x45746c WSAStartup
 0x457470 socket
 0x457474 connect
 0x457478 WSAGetLastError
 0x45747c recv
 0x457480 closesocket
 0x457484 inet_ntoa
 0x457488 htons
 0x45748c htonl
 0x457490 getservbyname
 0x457494 ntohs
 0x457498 getservbyport
 0x45749c gethostbyaddr
 0x4574a0 inet_addr
 0x4574a4 WSASetLastError
 0x4574a8 gethostbyname
urlmon.dll
 0x4574e8 URLOpenBlockingStreamW
 0x4574ec URLDownloadToFileW
gdiplus.dll
 0x4574b0 GdipAlloc
 0x4574b4 GdiplusStartup
 0x4574b8 GdipGetImageEncoders
 0x4574bc GdipLoadImageFromStream
 0x4574c0 GdipSaveImageToStream
 0x4574c4 GdipGetImageEncodersSize
 0x4574c8 GdipFree
 0x4574cc GdipDisposeImage
 0x4574d0 GdipCloneImage
WININET.dll
 0x457428 InternetOpenUrlW
 0x45742c InternetOpenW
 0x457430 InternetCloseHandle
 0x457434 InternetReadFile

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure