ScreenShot
| Created | 2025.01.17 17:18 | Machine | s1_win7_x6403 |
| Filename | fuck.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 55 detected (AIDetectMalware, Remcos, Malicious, score, Unsafe, Save, confidence, 100%, Genus, Attribute, HighConfidence, Windows, Rescoms, RATX, kuophh, CLASSIC, Real Protect, Static AI, Suspicious PE, Detected, Eldorado, BScope, Genetic, 6BIR, qxGILU, susgen) | ||
| md5 | 7163fe5f3a7bcfdeec9a07137838012a | ||
| sha256 | 5433726d3912a95552d16b72366eae777f5f34587e1bdaa0c518c5fcbc3d8506 | ||
| ssdeep | 12288:z13ak/mBXTG4/1v08KI7ZnMEF76JqmsvZQqS:5ak/mBXTV/R0nEF76gFZJ | ||
| imphash | e77512f955eaf60ccff45e02d69234de | ||
| impfuzzy | 96:V2SzrmXNGLHcp+hDGkYiSLEGLY7xVex9KNUIS7KgKd1dJaeD/c:QtdQYzL4x4XFiPa4c | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 55 AntiVirus engines on VirusTotal as malicious |
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| warning | Generates some ICMP traffic |
| watch | Creates a windows hook that monitors keyboard input (keylogger) |
| notice | A process attempted to delay the analysis task. |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | infoStealer_browser_b_Zero | browser info stealer | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4580b4 ExpandEnvironmentStringsA
0x4580b8 GetLongPathNameW
0x4580bc CopyFileW
0x4580c0 GetLocaleInfoA
0x4580c4 CreateToolhelp32Snapshot
0x4580c8 Process32NextW
0x4580cc Process32FirstW
0x4580d0 VirtualProtect
0x4580d4 SetLastError
0x4580d8 VirtualFree
0x4580dc VirtualAlloc
0x4580e0 LoadLibraryA
0x4580e4 GetNativeSystemInfo
0x4580e8 HeapAlloc
0x4580ec GetProcessHeap
0x4580f0 FreeLibrary
0x4580f4 IsBadReadPtr
0x4580f8 GetTempPathW
0x4580fc OpenProcess
0x458100 OpenMutexA
0x458104 lstrcatW
0x458108 GetCurrentProcessId
0x45810c GetTempFileNameW
0x458110 GetSystemDirectoryA
0x458114 GlobalAlloc
0x458118 GlobalLock
0x45811c GetTickCount
0x458120 GlobalUnlock
0x458124 WriteProcessMemory
0x458128 ResumeThread
0x45812c GetThreadContext
0x458130 ReadProcessMemory
0x458134 CreateProcessW
0x458138 SetThreadContext
0x45813c LocalAlloc
0x458140 GlobalFree
0x458144 MulDiv
0x458148 SizeofResource
0x45814c QueryDosDeviceW
0x458150 FindFirstVolumeW
0x458154 GetConsoleScreenBufferInfo
0x458158 SetConsoleTextAttribute
0x45815c lstrlenW
0x458160 GetStdHandle
0x458164 SetFilePointer
0x458168 FindResourceA
0x45816c LockResource
0x458170 LoadResource
0x458174 LocalFree
0x458178 FindVolumeClose
0x45817c GetVolumePathNamesForVolumeNameW
0x458180 lstrcpyW
0x458184 SetConsoleOutputCP
0x458188 FormatMessageA
0x45818c FindFirstFileA
0x458190 AllocConsole
0x458194 lstrcmpW
0x458198 GetModuleFileNameA
0x45819c lstrcpynA
0x4581a0 QueryPerformanceFrequency
0x4581a4 QueryPerformanceCounter
0x4581a8 EnterCriticalSection
0x4581ac LeaveCriticalSection
0x4581b0 InitializeCriticalSection
0x4581b4 DeleteCriticalSection
0x4581b8 HeapSize
0x4581bc WriteConsoleW
0x4581c0 SetStdHandle
0x4581c4 SetEnvironmentVariableW
0x4581c8 SetEnvironmentVariableA
0x4581cc FreeEnvironmentStringsW
0x4581d0 GetEnvironmentStringsW
0x4581d4 GetCommandLineW
0x4581d8 GetCommandLineA
0x4581dc GetOEMCP
0x4581e0 IsValidCodePage
0x4581e4 FindFirstFileExA
0x4581e8 HeapReAlloc
0x4581ec ReadConsoleW
0x4581f0 GetConsoleMode
0x4581f4 GetConsoleCP
0x4581f8 FlushFileBuffers
0x4581fc GetFileType
0x458200 GetTimeZoneInformation
0x458204 EnumSystemLocalesW
0x458208 GetUserDefaultLCID
0x45820c IsValidLocale
0x458210 GetTimeFormatW
0x458214 GetDateFormatW
0x458218 GetACP
0x45821c GetModuleHandleExW
0x458220 MoveFileExW
0x458224 LoadLibraryExW
0x458228 RaiseException
0x45822c RtlUnwind
0x458230 GetCPInfo
0x458234 GetStringTypeW
0x458238 GetLocaleInfoW
0x45823c LCMapStringW
0x458240 CompareStringW
0x458244 MultiByteToWideChar
0x458248 DecodePointer
0x45824c EncodePointer
0x458250 TlsFree
0x458254 TlsSetValue
0x458258 GetFileSize
0x45825c TerminateThread
0x458260 GetLastError
0x458264 GetModuleHandleA
0x458268 RemoveDirectoryW
0x45826c MoveFileW
0x458270 SetFilePointerEx
0x458274 CreateDirectoryW
0x458278 GetLogicalDriveStringsA
0x45827c DeleteFileW
0x458280 FindNextFileA
0x458284 DeleteFileA
0x458288 SetFileAttributesW
0x45828c GetFileAttributesW
0x458290 FindClose
0x458294 lstrlenA
0x458298 GetDriveTypeA
0x45829c FindNextFileW
0x4582a0 GetFileSizeEx
0x4582a4 FindFirstFileW
0x4582a8 GetModuleHandleW
0x4582ac ExitProcess
0x4582b0 GetProcAddress
0x4582b4 CreateMutexA
0x4582b8 GetCurrentProcess
0x4582bc CreateProcessA
0x4582c0 PeekNamedPipe
0x4582c4 CreatePipe
0x4582c8 TerminateProcess
0x4582cc ReadFile
0x4582d0 HeapFree
0x4582d4 HeapCreate
0x4582d8 CreateEventA
0x4582dc GetLocalTime
0x4582e0 CreateThread
0x4582e4 SetEvent
0x4582e8 CreateEventW
0x4582ec WaitForSingleObject
0x4582f0 Sleep
0x4582f4 GetModuleFileNameW
0x4582f8 CloseHandle
0x4582fc ExitThread
0x458300 CreateFileW
0x458304 WriteFile
0x458308 FindNextVolumeW
0x45830c TlsGetValue
0x458310 TlsAlloc
0x458314 SwitchToThread
0x458318 WideCharToMultiByte
0x45831c InitializeSListHead
0x458320 GetSystemTimeAsFileTime
0x458324 GetCurrentThreadId
0x458328 IsProcessorFeaturePresent
0x45832c GetStartupInfoW
0x458330 SetUnhandledExceptionFilter
0x458334 UnhandledExceptionFilter
0x458338 IsDebuggerPresent
0x45833c WaitForSingleObjectEx
0x458340 ResetEvent
0x458344 InitializeCriticalSectionAndSpinCount
0x458348 SetEndOfFile
USER32.dll
0x458374 DefWindowProcA
0x458378 TranslateMessage
0x45837c DispatchMessageA
0x458380 GetMessageA
0x458384 GetWindowTextW
0x458388 wsprintfW
0x45838c GetClipboardData
0x458390 UnhookWindowsHookEx
0x458394 GetForegroundWindow
0x458398 ToUnicodeEx
0x45839c GetKeyboardLayout
0x4583a0 SetWindowsHookExA
0x4583a4 CloseClipboard
0x4583a8 OpenClipboard
0x4583ac GetKeyboardState
0x4583b0 CallNextHookEx
0x4583b4 GetKeyboardLayoutNameA
0x4583b8 GetKeyState
0x4583bc GetWindowTextLengthW
0x4583c0 GetWindowThreadProcessId
0x4583c4 SetForegroundWindow
0x4583c8 SetClipboardData
0x4583cc EnumWindows
0x4583d0 ExitWindowsEx
0x4583d4 EmptyClipboard
0x4583d8 ShowWindow
0x4583dc SetWindowTextW
0x4583e0 MessageBoxW
0x4583e4 IsWindowVisible
0x4583e8 CreateWindowExA
0x4583ec SendInput
0x4583f0 EnumDisplaySettingsW
0x4583f4 mouse_event
0x4583f8 MapVirtualKeyA
0x4583fc TrackPopupMenu
0x458400 CreatePopupMenu
0x458404 AppendMenuA
0x458408 RegisterClassExA
0x45840c GetCursorPos
0x458410 SystemParametersInfoW
0x458414 GetIconInfo
0x458418 GetSystemMetrics
0x45841c CloseWindow
0x458420 DrawIcon
GDI32.dll
0x458088 BitBlt
0x45808c CreateCompatibleBitmap
0x458090 CreateCompatibleDC
0x458094 StretchBlt
0x458098 GetDIBits
0x45809c DeleteDC
0x4580a0 DeleteObject
0x4580a4 CreateDCA
0x4580a8 GetObjectA
0x4580ac SelectObject
ADVAPI32.dll
0x458000 LookupPrivilegeValueA
0x458004 CryptAcquireContextA
0x458008 CryptGenRandom
0x45800c CryptReleaseContext
0x458010 GetUserNameW
0x458014 RegEnumKeyExA
0x458018 QueryServiceStatus
0x45801c CloseServiceHandle
0x458020 OpenSCManagerW
0x458024 OpenSCManagerA
0x458028 ControlService
0x45802c StartServiceW
0x458030 QueryServiceConfigW
0x458034 ChangeServiceConfigW
0x458038 OpenServiceW
0x45803c EnumServicesStatusW
0x458040 AdjustTokenPrivileges
0x458044 RegDeleteKeyA
0x458048 OpenProcessToken
0x45804c RegCreateKeyA
0x458050 RegCloseKey
0x458054 RegQueryInfoKeyW
0x458058 RegQueryValueExA
0x45805c RegCreateKeyExW
0x458060 RegEnumKeyExW
0x458064 RegSetValueExW
0x458068 RegSetValueExA
0x45806c RegOpenKeyExA
0x458070 RegOpenKeyExW
0x458074 RegCreateKeyW
0x458078 RegDeleteValueW
0x45807c RegEnumValueW
0x458080 RegQueryValueExW
SHELL32.dll
0x458350 ShellExecuteExA
0x458354 Shell_NotifyIconA
0x458358 ExtractIconA
0x45835c ShellExecuteW
ole32.dll
0x4584d8 CoInitializeEx
0x4584dc CoGetObject
0x4584e0 CoUninitialize
SHLWAPI.dll
0x458364 StrToIntA
0x458368 PathFileExistsW
0x45836c PathFileExistsA
WINMM.dll
0x45843c mciSendStringA
0x458440 mciSendStringW
0x458444 waveInClose
0x458448 waveInStop
0x45844c waveInStart
0x458450 waveInUnprepareHeader
0x458454 waveInOpen
0x458458 waveInAddBuffer
0x45845c waveInPrepareHeader
0x458460 PlaySoundW
WS2_32.dll
0x458468 send
0x45846c WSAStartup
0x458470 socket
0x458474 connect
0x458478 WSAGetLastError
0x45847c recv
0x458480 closesocket
0x458484 inet_ntoa
0x458488 htons
0x45848c htonl
0x458490 getservbyname
0x458494 ntohs
0x458498 getservbyport
0x45849c gethostbyaddr
0x4584a0 inet_addr
0x4584a4 WSASetLastError
0x4584a8 gethostbyname
urlmon.dll
0x4584e8 URLOpenBlockingStreamW
0x4584ec URLDownloadToFileW
gdiplus.dll
0x4584b0 GdipAlloc
0x4584b4 GdiplusStartup
0x4584b8 GdipGetImageEncoders
0x4584bc GdipLoadImageFromStream
0x4584c0 GdipSaveImageToStream
0x4584c4 GdipGetImageEncodersSize
0x4584c8 GdipFree
0x4584cc GdipDisposeImage
0x4584d0 GdipCloneImage
WININET.dll
0x458428 InternetOpenUrlW
0x45842c InternetOpenW
0x458430 InternetCloseHandle
0x458434 InternetReadFile
EAT(Export Address Table) is none
KERNEL32.dll
0x4580b4 ExpandEnvironmentStringsA
0x4580b8 GetLongPathNameW
0x4580bc CopyFileW
0x4580c0 GetLocaleInfoA
0x4580c4 CreateToolhelp32Snapshot
0x4580c8 Process32NextW
0x4580cc Process32FirstW
0x4580d0 VirtualProtect
0x4580d4 SetLastError
0x4580d8 VirtualFree
0x4580dc VirtualAlloc
0x4580e0 LoadLibraryA
0x4580e4 GetNativeSystemInfo
0x4580e8 HeapAlloc
0x4580ec GetProcessHeap
0x4580f0 FreeLibrary
0x4580f4 IsBadReadPtr
0x4580f8 GetTempPathW
0x4580fc OpenProcess
0x458100 OpenMutexA
0x458104 lstrcatW
0x458108 GetCurrentProcessId
0x45810c GetTempFileNameW
0x458110 GetSystemDirectoryA
0x458114 GlobalAlloc
0x458118 GlobalLock
0x45811c GetTickCount
0x458120 GlobalUnlock
0x458124 WriteProcessMemory
0x458128 ResumeThread
0x45812c GetThreadContext
0x458130 ReadProcessMemory
0x458134 CreateProcessW
0x458138 SetThreadContext
0x45813c LocalAlloc
0x458140 GlobalFree
0x458144 MulDiv
0x458148 SizeofResource
0x45814c QueryDosDeviceW
0x458150 FindFirstVolumeW
0x458154 GetConsoleScreenBufferInfo
0x458158 SetConsoleTextAttribute
0x45815c lstrlenW
0x458160 GetStdHandle
0x458164 SetFilePointer
0x458168 FindResourceA
0x45816c LockResource
0x458170 LoadResource
0x458174 LocalFree
0x458178 FindVolumeClose
0x45817c GetVolumePathNamesForVolumeNameW
0x458180 lstrcpyW
0x458184 SetConsoleOutputCP
0x458188 FormatMessageA
0x45818c FindFirstFileA
0x458190 AllocConsole
0x458194 lstrcmpW
0x458198 GetModuleFileNameA
0x45819c lstrcpynA
0x4581a0 QueryPerformanceFrequency
0x4581a4 QueryPerformanceCounter
0x4581a8 EnterCriticalSection
0x4581ac LeaveCriticalSection
0x4581b0 InitializeCriticalSection
0x4581b4 DeleteCriticalSection
0x4581b8 HeapSize
0x4581bc WriteConsoleW
0x4581c0 SetStdHandle
0x4581c4 SetEnvironmentVariableW
0x4581c8 SetEnvironmentVariableA
0x4581cc FreeEnvironmentStringsW
0x4581d0 GetEnvironmentStringsW
0x4581d4 GetCommandLineW
0x4581d8 GetCommandLineA
0x4581dc GetOEMCP
0x4581e0 IsValidCodePage
0x4581e4 FindFirstFileExA
0x4581e8 HeapReAlloc
0x4581ec ReadConsoleW
0x4581f0 GetConsoleMode
0x4581f4 GetConsoleCP
0x4581f8 FlushFileBuffers
0x4581fc GetFileType
0x458200 GetTimeZoneInformation
0x458204 EnumSystemLocalesW
0x458208 GetUserDefaultLCID
0x45820c IsValidLocale
0x458210 GetTimeFormatW
0x458214 GetDateFormatW
0x458218 GetACP
0x45821c GetModuleHandleExW
0x458220 MoveFileExW
0x458224 LoadLibraryExW
0x458228 RaiseException
0x45822c RtlUnwind
0x458230 GetCPInfo
0x458234 GetStringTypeW
0x458238 GetLocaleInfoW
0x45823c LCMapStringW
0x458240 CompareStringW
0x458244 MultiByteToWideChar
0x458248 DecodePointer
0x45824c EncodePointer
0x458250 TlsFree
0x458254 TlsSetValue
0x458258 GetFileSize
0x45825c TerminateThread
0x458260 GetLastError
0x458264 GetModuleHandleA
0x458268 RemoveDirectoryW
0x45826c MoveFileW
0x458270 SetFilePointerEx
0x458274 CreateDirectoryW
0x458278 GetLogicalDriveStringsA
0x45827c DeleteFileW
0x458280 FindNextFileA
0x458284 DeleteFileA
0x458288 SetFileAttributesW
0x45828c GetFileAttributesW
0x458290 FindClose
0x458294 lstrlenA
0x458298 GetDriveTypeA
0x45829c FindNextFileW
0x4582a0 GetFileSizeEx
0x4582a4 FindFirstFileW
0x4582a8 GetModuleHandleW
0x4582ac ExitProcess
0x4582b0 GetProcAddress
0x4582b4 CreateMutexA
0x4582b8 GetCurrentProcess
0x4582bc CreateProcessA
0x4582c0 PeekNamedPipe
0x4582c4 CreatePipe
0x4582c8 TerminateProcess
0x4582cc ReadFile
0x4582d0 HeapFree
0x4582d4 HeapCreate
0x4582d8 CreateEventA
0x4582dc GetLocalTime
0x4582e0 CreateThread
0x4582e4 SetEvent
0x4582e8 CreateEventW
0x4582ec WaitForSingleObject
0x4582f0 Sleep
0x4582f4 GetModuleFileNameW
0x4582f8 CloseHandle
0x4582fc ExitThread
0x458300 CreateFileW
0x458304 WriteFile
0x458308 FindNextVolumeW
0x45830c TlsGetValue
0x458310 TlsAlloc
0x458314 SwitchToThread
0x458318 WideCharToMultiByte
0x45831c InitializeSListHead
0x458320 GetSystemTimeAsFileTime
0x458324 GetCurrentThreadId
0x458328 IsProcessorFeaturePresent
0x45832c GetStartupInfoW
0x458330 SetUnhandledExceptionFilter
0x458334 UnhandledExceptionFilter
0x458338 IsDebuggerPresent
0x45833c WaitForSingleObjectEx
0x458340 ResetEvent
0x458344 InitializeCriticalSectionAndSpinCount
0x458348 SetEndOfFile
USER32.dll
0x458374 DefWindowProcA
0x458378 TranslateMessage
0x45837c DispatchMessageA
0x458380 GetMessageA
0x458384 GetWindowTextW
0x458388 wsprintfW
0x45838c GetClipboardData
0x458390 UnhookWindowsHookEx
0x458394 GetForegroundWindow
0x458398 ToUnicodeEx
0x45839c GetKeyboardLayout
0x4583a0 SetWindowsHookExA
0x4583a4 CloseClipboard
0x4583a8 OpenClipboard
0x4583ac GetKeyboardState
0x4583b0 CallNextHookEx
0x4583b4 GetKeyboardLayoutNameA
0x4583b8 GetKeyState
0x4583bc GetWindowTextLengthW
0x4583c0 GetWindowThreadProcessId
0x4583c4 SetForegroundWindow
0x4583c8 SetClipboardData
0x4583cc EnumWindows
0x4583d0 ExitWindowsEx
0x4583d4 EmptyClipboard
0x4583d8 ShowWindow
0x4583dc SetWindowTextW
0x4583e0 MessageBoxW
0x4583e4 IsWindowVisible
0x4583e8 CreateWindowExA
0x4583ec SendInput
0x4583f0 EnumDisplaySettingsW
0x4583f4 mouse_event
0x4583f8 MapVirtualKeyA
0x4583fc TrackPopupMenu
0x458400 CreatePopupMenu
0x458404 AppendMenuA
0x458408 RegisterClassExA
0x45840c GetCursorPos
0x458410 SystemParametersInfoW
0x458414 GetIconInfo
0x458418 GetSystemMetrics
0x45841c CloseWindow
0x458420 DrawIcon
GDI32.dll
0x458088 BitBlt
0x45808c CreateCompatibleBitmap
0x458090 CreateCompatibleDC
0x458094 StretchBlt
0x458098 GetDIBits
0x45809c DeleteDC
0x4580a0 DeleteObject
0x4580a4 CreateDCA
0x4580a8 GetObjectA
0x4580ac SelectObject
ADVAPI32.dll
0x458000 LookupPrivilegeValueA
0x458004 CryptAcquireContextA
0x458008 CryptGenRandom
0x45800c CryptReleaseContext
0x458010 GetUserNameW
0x458014 RegEnumKeyExA
0x458018 QueryServiceStatus
0x45801c CloseServiceHandle
0x458020 OpenSCManagerW
0x458024 OpenSCManagerA
0x458028 ControlService
0x45802c StartServiceW
0x458030 QueryServiceConfigW
0x458034 ChangeServiceConfigW
0x458038 OpenServiceW
0x45803c EnumServicesStatusW
0x458040 AdjustTokenPrivileges
0x458044 RegDeleteKeyA
0x458048 OpenProcessToken
0x45804c RegCreateKeyA
0x458050 RegCloseKey
0x458054 RegQueryInfoKeyW
0x458058 RegQueryValueExA
0x45805c RegCreateKeyExW
0x458060 RegEnumKeyExW
0x458064 RegSetValueExW
0x458068 RegSetValueExA
0x45806c RegOpenKeyExA
0x458070 RegOpenKeyExW
0x458074 RegCreateKeyW
0x458078 RegDeleteValueW
0x45807c RegEnumValueW
0x458080 RegQueryValueExW
SHELL32.dll
0x458350 ShellExecuteExA
0x458354 Shell_NotifyIconA
0x458358 ExtractIconA
0x45835c ShellExecuteW
ole32.dll
0x4584d8 CoInitializeEx
0x4584dc CoGetObject
0x4584e0 CoUninitialize
SHLWAPI.dll
0x458364 StrToIntA
0x458368 PathFileExistsW
0x45836c PathFileExistsA
WINMM.dll
0x45843c mciSendStringA
0x458440 mciSendStringW
0x458444 waveInClose
0x458448 waveInStop
0x45844c waveInStart
0x458450 waveInUnprepareHeader
0x458454 waveInOpen
0x458458 waveInAddBuffer
0x45845c waveInPrepareHeader
0x458460 PlaySoundW
WS2_32.dll
0x458468 send
0x45846c WSAStartup
0x458470 socket
0x458474 connect
0x458478 WSAGetLastError
0x45847c recv
0x458480 closesocket
0x458484 inet_ntoa
0x458488 htons
0x45848c htonl
0x458490 getservbyname
0x458494 ntohs
0x458498 getservbyport
0x45849c gethostbyaddr
0x4584a0 inet_addr
0x4584a4 WSASetLastError
0x4584a8 gethostbyname
urlmon.dll
0x4584e8 URLOpenBlockingStreamW
0x4584ec URLDownloadToFileW
gdiplus.dll
0x4584b0 GdipAlloc
0x4584b4 GdiplusStartup
0x4584b8 GdipGetImageEncoders
0x4584bc GdipLoadImageFromStream
0x4584c0 GdipSaveImageToStream
0x4584c4 GdipGetImageEncodersSize
0x4584c8 GdipFree
0x4584cc GdipDisposeImage
0x4584d0 GdipCloneImage
WININET.dll
0x458428 InternetOpenUrlW
0x45842c InternetOpenW
0x458430 InternetCloseHandle
0x458434 InternetReadFile
EAT(Export Address Table) is none