popup

Report - Crawl.exe

Generic Malware Malicious Library Antivirus UPX PE File PE32 OS Processor Check
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2025.01.08 13:46 Machine s1_win7_x6403
Filename Crawl.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score Not founds Behavior Score
3.0
ZERO API file : clean
VT API (file) 47 detected (GenericKD, Ghanarava, Unsafe, REntS, Filecoder, Ve48, malicious, confidence, Attribute, HighConfidence, high confidence, score, Stop, CLASSIC, Nekark, tbmqs, Static AI, Suspicious PE, Zudochka, Detected, GrayWare, Wacapew, Genasom, DYZK, Artemis, BScope, TrojanBanker, ChePro, Cactus, FileCrypter, R002H09A725, Qzfl, LockFile, Ransomware, C9nj)
md5 2d2c7ee748d941798466b19b53da88bb
sha256 066dc9a1134b1db77c1574a52002f53b28cc29d0a3769bd5156d1e0e0a51a91a
ssdeep 12288:CfT9qqQfsr85q5+OeO+OeNhBBhhBB2Lq/5/1G9ba6qCX0GuE3mczIedIHEXNuQ8k:CfT9q1fsr85hJCX0GuWIEXAihyh3LEk
imphash 938340415ae85022dbf6430abec6436a
impfuzzy 48:/zT9tm029VwtxTviWa6GtIazVHe3z9FZ0OlOmK0ig/7gRN:/zTjm02rwtxT6Wa6GtIahH60kK0pSN
  Network IP location

Signature (8cnts)

Level Description
danger File has been identified by 47 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
notice Uses Windows utilities for basic Windows functionality
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info One or more processes crashed
info Queries for the computername
info This executable has a PDB path

Rules (7cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Antivirus Contains references to security software binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x48b02c InitializeCriticalSectionEx
 0x48b030 FindClose
 0x48b034 WaitForSingleObject
 0x48b038 GetModuleHandleA
 0x48b03c OpenProcess
 0x48b040 HeapSize
 0x48b044 CreateToolhelp32Snapshot
 0x48b048 CreateEventW
 0x48b04c Sleep
 0x48b050 GetTempPathA
 0x48b054 FormatMessageW
 0x48b058 CopyFileA
 0x48b05c GetLastError
 0x48b060 Process32NextW
 0x48b064 SetEvent
 0x48b068 TerminateThread
 0x48b06c TlsAlloc
 0x48b070 Process32FirstW
 0x48b074 HeapReAlloc
 0x48b078 LeaveCriticalSection
 0x48b07c RaiseException
 0x48b080 ResetEvent
 0x48b084 HeapAlloc
 0x48b088 QueueUserAPC
 0x48b08c DecodePointer
 0x48b090 GetProcAddress
 0x48b094 LocalFree
 0x48b098 DeleteCriticalSection
 0x48b09c GetProcessHeap
 0x48b0a0 CreateProcessW
 0x48b0a4 WideCharToMultiByte
 0x48b0a8 SleepEx
 0x48b0ac TlsGetValue
 0x48b0b0 TlsFree
 0x48b0b4 FormatMessageA
 0x48b0b8 IsDebuggerPresent
 0x48b0bc WriteConsoleW
 0x48b0c0 CreateFileW
 0x48b0c4 SetStdHandle
 0x48b0c8 InitializeCriticalSectionAndSpinCount
 0x48b0cc WaitForMultipleObjects
 0x48b0d0 GetModuleFileNameW
 0x48b0d4 TerminateProcess
 0x48b0d8 GetCurrentProcess
 0x48b0dc FindNextFileW
 0x48b0e0 EnterCriticalSection
 0x48b0e4 HeapFree
 0x48b0e8 TlsSetValue
 0x48b0ec CloseHandle
 0x48b0f0 FindFirstFileW
 0x48b0f4 SetEnvironmentVariableA
 0x48b0f8 FreeEnvironmentStringsW
 0x48b0fc GetEnvironmentStringsW
 0x48b100 GetOEMCP
 0x48b104 IsValidCodePage
 0x48b108 FindNextFileA
 0x48b10c FindFirstFileExA
 0x48b110 SetFilePointerEx
 0x48b114 SetLastError
 0x48b118 QueryPerformanceCounter
 0x48b11c QueryPerformanceFrequency
 0x48b120 WaitForSingleObjectEx
 0x48b124 GetCurrentThreadId
 0x48b128 GetNativeSystemInfo
 0x48b12c InitializeConditionVariable
 0x48b130 WakeConditionVariable
 0x48b134 WakeAllConditionVariable
 0x48b138 SleepConditionVariableCS
 0x48b13c SleepConditionVariableSRW
 0x48b140 InitializeSRWLock
 0x48b144 ReleaseSRWLockExclusive
 0x48b148 AcquireSRWLockExclusive
 0x48b14c TryEnterCriticalSection
 0x48b150 GetSystemTimeAsFileTime
 0x48b154 GetModuleHandleW
 0x48b158 EncodePointer
 0x48b15c MultiByteToWideChar
 0x48b160 LCMapStringEx
 0x48b164 GetStringTypeW
 0x48b168 GetCPInfo
 0x48b16c OutputDebugStringW
 0x48b170 InitializeSListHead
 0x48b174 IsProcessorFeaturePresent
 0x48b178 UnhandledExceptionFilter
 0x48b17c SetUnhandledExceptionFilter
 0x48b180 GetStartupInfoW
 0x48b184 GetCurrentProcessId
 0x48b188 RtlUnwind
 0x48b18c InterlockedPushEntrySList
 0x48b190 FreeLibrary
 0x48b194 LoadLibraryExW
 0x48b198 CreateThread
 0x48b19c ExitThread
 0x48b1a0 FreeLibraryAndExitThread
 0x48b1a4 GetModuleHandleExW
 0x48b1a8 ExitProcess
 0x48b1ac GetModuleFileNameA
 0x48b1b0 GetStdHandle
 0x48b1b4 WriteFile
 0x48b1b8 GetCommandLineA
 0x48b1bc GetCommandLineW
 0x48b1c0 GetACP
 0x48b1c4 GetFileType
 0x48b1c8 CompareStringW
 0x48b1cc LCMapStringW
 0x48b1d0 GetLocaleInfoW
 0x48b1d4 IsValidLocale
 0x48b1d8 GetUserDefaultLCID
 0x48b1dc EnumSystemLocalesW
 0x48b1e0 FlushFileBuffers
 0x48b1e4 GetConsoleCP
 0x48b1e8 GetConsoleMode
 0x48b1ec DeleteFileW
 0x48b1f0 MoveFileExW
 0x48b1f4 ReadFile
 0x48b1f8 ReadConsoleW
 0x48b1fc SetEndOfFile
USER32.dll
 0x48b20c wsprintfW
ADVAPI32.dll
 0x48b000 LookupPrivilegeValueW
 0x48b004 AdjustTokenPrivileges
 0x48b008 RegCloseKey
 0x48b00c RegGetValueA
 0x48b010 RegCreateKeyExW
 0x48b014 RegSetValueExW
 0x48b018 OpenProcessToken
 0x48b01c RegOpenKeyExW
 0x48b020 RegCreateKeyW
 0x48b024 RegQueryValueExW
SHELL32.dll
 0x48b204 SHGetKnownFolderPath
ole32.dll
 0x48b230 CoTaskMemFree
WS2_32.dll
 0x48b214 WSACleanup
 0x48b218 WSAStartup
crypt.dll
 0x48b220 BCryptOpenAlgorithmProvider
 0x48b224 BCryptGenRandom
 0x48b228 BCryptCloseAlgorithmProvider

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure