ScreenShot
| Created | 2025.01.02 10:43 | Machine | s1_win7_x6401 |
| Filename | PASSWORDRECOVERY64EXE.EXE | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | |||
| VT API (file) | 38 detected (Malicious, score, Ghanarava, Lazy, Unsafe, Vsrh, confidence, Attribute, HighConfidence, moderate confidence, MalwareX, Static AI, Suspicious PE, Detected, GrayWare, Cayunamer, Malware@#2l8in6ce74vby, Androm, ABTrojan, WZCI, Artemis, PasswordStealer, Chgt, R002H09LP24, susgen, PossibleThreat) | ||
| md5 | 3eb89747e04143f0cdda0caea4533f8c | ||
| sha256 | 98e9562d0d6914509132a5b8895ab6686798e10e56fe3347f75155d48f3e8d6c | ||
| ssdeep | 12288:4uVzy0oExSXwDc2ncOVQlvL7rF04OqSxoT2EEY58RVp3Am1:Zzy0oExqgcOilvL7rFCqS2fC | ||
| imphash | 96bf92497d0111d646099ea1378d3eec | ||
| impfuzzy | 48:KNcMT5OAMqTf1l7Z9G9XOIsY5+fgcP2znexVuEYtICZSiaF:KNcMFWqhl7ZgNx35+fgcPIexVujt4r | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 38 AntiVirus engines on VirusTotal as malicious |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1400d6028 LocalFree
0x1400d6030 LocalAlloc
0x1400d6038 ReadFile
0x1400d6040 CreateFileW
0x1400d6048 FreeLibrary
0x1400d6050 GetProcAddress
0x1400d6058 LoadLibraryW
0x1400d6060 SetCurrentDirectoryW
0x1400d6068 GetCurrentDirectoryW
0x1400d6070 lstrlenA
0x1400d6078 MultiByteToWideChar
0x1400d6080 GetFileSize
0x1400d6088 CreateFileA
0x1400d6090 GetPrivateProfileStringW
0x1400d6098 CopyFileW
0x1400d60a0 GetTempPathW
0x1400d60a8 lstrlenW
0x1400d60b0 lstrcmpiW
0x1400d60b8 FindClose
0x1400d60c0 FindNextFileW
0x1400d60c8 DeleteFileW
0x1400d60d0 FindFirstFileW
0x1400d60d8 lstrcpyW
0x1400d60e0 lstrcpyA
0x1400d60e8 FlushViewOfFile
0x1400d60f0 GetProcessHeap
0x1400d60f8 OutputDebugStringW
0x1400d6100 OutputDebugStringA
0x1400d6108 WaitForSingleObjectEx
0x1400d6110 WaitForSingleObject
0x1400d6118 WriteFile
0x1400d6120 WideCharToMultiByte
0x1400d6128 UnmapViewOfFile
0x1400d6130 UnlockFileEx
0x1400d6138 UnlockFile
0x1400d6140 SystemTimeToFileTime
0x1400d6148 Sleep
0x1400d6150 SetFilePointer
0x1400d6158 SetEndOfFile
0x1400d6160 QueryPerformanceCounter
0x1400d6168 MapViewOfFile
0x1400d6170 LockFileEx
0x1400d6178 LockFile
0x1400d6180 LoadLibraryA
0x1400d6188 HeapCompact
0x1400d6190 HeapValidate
0x1400d6198 HeapSize
0x1400d61a0 HeapReAlloc
0x1400d61a8 GetCommandLineW
0x1400d61b0 HeapDestroy
0x1400d61b8 HeapCreate
0x1400d61c0 HeapAlloc
0x1400d61c8 GetVersionExW
0x1400d61d0 GetVersionExA
0x1400d61d8 GetTickCount
0x1400d61e0 GetTempPathA
0x1400d61e8 GetSystemTimeAsFileTime
0x1400d61f0 GetSystemTime
0x1400d61f8 GetSystemInfo
0x1400d6200 GetLastError
0x1400d6208 GetFullPathNameW
0x1400d6210 GetFullPathNameA
0x1400d6218 GetFileAttributesExW
0x1400d6220 GetFileAttributesW
0x1400d6228 GetFileAttributesA
0x1400d6230 GetDiskFreeSpaceW
0x1400d6238 GetDiskFreeSpaceA
0x1400d6240 GetCurrentProcessId
0x1400d6248 FormatMessageW
0x1400d6250 FormatMessageA
0x1400d6258 FlushFileBuffers
0x1400d6260 DeleteFileA
0x1400d6268 CreateMutexW
0x1400d6270 CreateFileMappingW
0x1400d6278 CreateFileMappingA
0x1400d6280 AreFileApisANSI
0x1400d6288 InitializeCriticalSection
0x1400d6290 DeleteCriticalSection
0x1400d6298 EnterCriticalSection
0x1400d62a0 TryEnterCriticalSection
0x1400d62a8 LeaveCriticalSection
0x1400d62b0 GetCurrentThreadId
0x1400d62b8 CompareStringW
0x1400d62c0 WriteConsoleW
0x1400d62c8 SetStdHandle
0x1400d62d0 LCMapStringW
0x1400d62d8 GetStringTypeW
0x1400d62e0 GetConsoleMode
0x1400d62e8 GetConsoleCP
0x1400d62f0 ExitProcess
0x1400d62f8 OpenEventW
0x1400d6300 SetEvent
0x1400d6308 HeapFree
0x1400d6310 CloseHandle
0x1400d6318 GetFileType
0x1400d6320 InitializeCriticalSectionAndSpinCount
0x1400d6328 SetHandleCount
0x1400d6330 GetEnvironmentStringsW
0x1400d6338 FreeEnvironmentStringsW
0x1400d6340 GetModuleFileNameA
0x1400d6348 RtlLookupFunctionEntry
0x1400d6350 RtlUnwindEx
0x1400d6358 RaiseException
0x1400d6360 RtlPcToFileHeader
0x1400d6368 EncodePointer
0x1400d6370 DecodePointer
0x1400d6378 ExitThread
0x1400d6380 CreateThread
0x1400d6388 GetCommandLineA
0x1400d6390 GetStartupInfoW
0x1400d6398 UnhandledExceptionFilter
0x1400d63a0 SetUnhandledExceptionFilter
0x1400d63a8 IsDebuggerPresent
0x1400d63b0 RtlVirtualUnwind
0x1400d63b8 RtlCaptureContext
0x1400d63c0 TerminateProcess
0x1400d63c8 GetCurrentProcess
0x1400d63d0 HeapSetInformation
0x1400d63d8 GetVersion
0x1400d63e0 FlsGetValue
0x1400d63e8 FlsSetValue
0x1400d63f0 FlsFree
0x1400d63f8 SetLastError
0x1400d6400 FlsAlloc
0x1400d6408 GetTimeZoneInformation
0x1400d6410 GetModuleHandleW
0x1400d6418 GetStdHandle
0x1400d6420 GetModuleFileNameW
0x1400d6428 GetCPInfo
0x1400d6430 GetACP
0x1400d6438 GetOEMCP
0x1400d6440 IsValidCodePage
0x1400d6448 SetEnvironmentVariableA
USER32.dll
0x1400d6488 wsprintfW
SHELL32.dll
0x1400d6458 SHGetKnownFolderPath
0x1400d6460 CommandLineToArgvW
SHLWAPI.dll
0x1400d6470 StrCmpNIW
0x1400d6478 StrStrIW
ole32.dll
0x1400d64c8 StringFromGUID2
0x1400d64d0 CoCreateGuid
0x1400d64d8 CoInitialize
0x1400d64e0 CoUninitialize
0x1400d64e8 CoTaskMemFree
ADVAPI32.dll
0x1400d6000 RegGetValueW
CRYPT32.dll
0x1400d6010 CryptStringToBinaryA
0x1400d6018 CryptUnprotectData
Wlanapi.dll
0x1400d6498 WlanGetProfileList
0x1400d64a0 WlanEnumInterfaces
0x1400d64a8 WlanOpenHandle
0x1400d64b0 WlanGetProfile
0x1400d64b8 WlanCloseHandle
EAT(Export Address Table) is none
KERNEL32.dll
0x1400d6028 LocalFree
0x1400d6030 LocalAlloc
0x1400d6038 ReadFile
0x1400d6040 CreateFileW
0x1400d6048 FreeLibrary
0x1400d6050 GetProcAddress
0x1400d6058 LoadLibraryW
0x1400d6060 SetCurrentDirectoryW
0x1400d6068 GetCurrentDirectoryW
0x1400d6070 lstrlenA
0x1400d6078 MultiByteToWideChar
0x1400d6080 GetFileSize
0x1400d6088 CreateFileA
0x1400d6090 GetPrivateProfileStringW
0x1400d6098 CopyFileW
0x1400d60a0 GetTempPathW
0x1400d60a8 lstrlenW
0x1400d60b0 lstrcmpiW
0x1400d60b8 FindClose
0x1400d60c0 FindNextFileW
0x1400d60c8 DeleteFileW
0x1400d60d0 FindFirstFileW
0x1400d60d8 lstrcpyW
0x1400d60e0 lstrcpyA
0x1400d60e8 FlushViewOfFile
0x1400d60f0 GetProcessHeap
0x1400d60f8 OutputDebugStringW
0x1400d6100 OutputDebugStringA
0x1400d6108 WaitForSingleObjectEx
0x1400d6110 WaitForSingleObject
0x1400d6118 WriteFile
0x1400d6120 WideCharToMultiByte
0x1400d6128 UnmapViewOfFile
0x1400d6130 UnlockFileEx
0x1400d6138 UnlockFile
0x1400d6140 SystemTimeToFileTime
0x1400d6148 Sleep
0x1400d6150 SetFilePointer
0x1400d6158 SetEndOfFile
0x1400d6160 QueryPerformanceCounter
0x1400d6168 MapViewOfFile
0x1400d6170 LockFileEx
0x1400d6178 LockFile
0x1400d6180 LoadLibraryA
0x1400d6188 HeapCompact
0x1400d6190 HeapValidate
0x1400d6198 HeapSize
0x1400d61a0 HeapReAlloc
0x1400d61a8 GetCommandLineW
0x1400d61b0 HeapDestroy
0x1400d61b8 HeapCreate
0x1400d61c0 HeapAlloc
0x1400d61c8 GetVersionExW
0x1400d61d0 GetVersionExA
0x1400d61d8 GetTickCount
0x1400d61e0 GetTempPathA
0x1400d61e8 GetSystemTimeAsFileTime
0x1400d61f0 GetSystemTime
0x1400d61f8 GetSystemInfo
0x1400d6200 GetLastError
0x1400d6208 GetFullPathNameW
0x1400d6210 GetFullPathNameA
0x1400d6218 GetFileAttributesExW
0x1400d6220 GetFileAttributesW
0x1400d6228 GetFileAttributesA
0x1400d6230 GetDiskFreeSpaceW
0x1400d6238 GetDiskFreeSpaceA
0x1400d6240 GetCurrentProcessId
0x1400d6248 FormatMessageW
0x1400d6250 FormatMessageA
0x1400d6258 FlushFileBuffers
0x1400d6260 DeleteFileA
0x1400d6268 CreateMutexW
0x1400d6270 CreateFileMappingW
0x1400d6278 CreateFileMappingA
0x1400d6280 AreFileApisANSI
0x1400d6288 InitializeCriticalSection
0x1400d6290 DeleteCriticalSection
0x1400d6298 EnterCriticalSection
0x1400d62a0 TryEnterCriticalSection
0x1400d62a8 LeaveCriticalSection
0x1400d62b0 GetCurrentThreadId
0x1400d62b8 CompareStringW
0x1400d62c0 WriteConsoleW
0x1400d62c8 SetStdHandle
0x1400d62d0 LCMapStringW
0x1400d62d8 GetStringTypeW
0x1400d62e0 GetConsoleMode
0x1400d62e8 GetConsoleCP
0x1400d62f0 ExitProcess
0x1400d62f8 OpenEventW
0x1400d6300 SetEvent
0x1400d6308 HeapFree
0x1400d6310 CloseHandle
0x1400d6318 GetFileType
0x1400d6320 InitializeCriticalSectionAndSpinCount
0x1400d6328 SetHandleCount
0x1400d6330 GetEnvironmentStringsW
0x1400d6338 FreeEnvironmentStringsW
0x1400d6340 GetModuleFileNameA
0x1400d6348 RtlLookupFunctionEntry
0x1400d6350 RtlUnwindEx
0x1400d6358 RaiseException
0x1400d6360 RtlPcToFileHeader
0x1400d6368 EncodePointer
0x1400d6370 DecodePointer
0x1400d6378 ExitThread
0x1400d6380 CreateThread
0x1400d6388 GetCommandLineA
0x1400d6390 GetStartupInfoW
0x1400d6398 UnhandledExceptionFilter
0x1400d63a0 SetUnhandledExceptionFilter
0x1400d63a8 IsDebuggerPresent
0x1400d63b0 RtlVirtualUnwind
0x1400d63b8 RtlCaptureContext
0x1400d63c0 TerminateProcess
0x1400d63c8 GetCurrentProcess
0x1400d63d0 HeapSetInformation
0x1400d63d8 GetVersion
0x1400d63e0 FlsGetValue
0x1400d63e8 FlsSetValue
0x1400d63f0 FlsFree
0x1400d63f8 SetLastError
0x1400d6400 FlsAlloc
0x1400d6408 GetTimeZoneInformation
0x1400d6410 GetModuleHandleW
0x1400d6418 GetStdHandle
0x1400d6420 GetModuleFileNameW
0x1400d6428 GetCPInfo
0x1400d6430 GetACP
0x1400d6438 GetOEMCP
0x1400d6440 IsValidCodePage
0x1400d6448 SetEnvironmentVariableA
USER32.dll
0x1400d6488 wsprintfW
SHELL32.dll
0x1400d6458 SHGetKnownFolderPath
0x1400d6460 CommandLineToArgvW
SHLWAPI.dll
0x1400d6470 StrCmpNIW
0x1400d6478 StrStrIW
ole32.dll
0x1400d64c8 StringFromGUID2
0x1400d64d0 CoCreateGuid
0x1400d64d8 CoInitialize
0x1400d64e0 CoUninitialize
0x1400d64e8 CoTaskMemFree
ADVAPI32.dll
0x1400d6000 RegGetValueW
CRYPT32.dll
0x1400d6010 CryptStringToBinaryA
0x1400d6018 CryptUnprotectData
Wlanapi.dll
0x1400d6498 WlanGetProfileList
0x1400d64a0 WlanEnumInterfaces
0x1400d64a8 WlanOpenHandle
0x1400d64b0 WlanGetProfile
0x1400d64b8 WlanCloseHandle
EAT(Export Address Table) is none