ScreenShot
| Created | 2025.01.23 06:35 | Machine | s1_win7_x6403 |
| Filename | pomoykaXL.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 756219b350b87a85f693dccbbf4cbc1e | ||
| sha256 | 7dff620d738f6ca95281cdd0c9574a384f99ae0f02aeab4d9b0b5379b79ca1cb | ||
| ssdeep | 98304:ry9bpMVdN2VDCNHkZM6wiuxPXdfFUJ3lQiXclIe99BaTYXX:rFBiK | ||
| imphash | 9d9e04c678f34e9bd7a7f4510bb2d134 | ||
| impfuzzy | 48:oBQQCZ0mgxy4jVut8v5LwrI9GcpVsK9r3WTL64/lhOvn6GSvFE6U0IZ7KQbiDH/J:zuxyMVut8v5LKIgcpVsKaQcnEZqgkPx | ||
Network IP location
Signature (15cnts)
| Level | Description |
|---|---|
| danger | Executed a process and injected code into it |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Code injection by writing an executable or DLL to the memory of another process |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Drops an executable to the user AppData folder |
| notice | One or more potentially interesting buffers were extracted |
| notice | The executable is likely packed with VMProtect |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (20cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| watch | VMProtect_Zero | VMProtect packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1402ed040 SetStdHandle
0x1402ed048 OutputDebugStringW
0x1402ed050 GetProcessHeap
0x1402ed058 SetEnvironmentVariableW
0x1402ed060 FreeEnvironmentStringsW
0x1402ed068 GetEnvironmentStringsW
0x1402ed070 GetCommandLineW
0x1402ed078 GetCommandLineA
0x1402ed080 GetOEMCP
0x1402ed088 GetACP
0x1402ed090 IsValidCodePage
0x1402ed098 FindNextFileW
0x1402ed0a0 FindFirstFileExW
0x1402ed0a8 FindClose
0x1402ed0b0 GetTimeZoneInformation
0x1402ed0b8 SetConsoleCtrlHandler
0x1402ed0c0 GetFileType
0x1402ed0c8 HeapReAlloc
0x1402ed0d0 EnumSystemLocalesW
0x1402ed0d8 GetUserDefaultLCID
0x1402ed0e0 IsValidLocale
0x1402ed0e8 GetLocaleInfoW
0x1402ed0f0 LCMapStringW
0x1402ed0f8 CompareStringW
0x1402ed100 GetTimeFormatW
0x1402ed108 GetDateFormatW
0x1402ed110 VirtualProtect
0x1402ed118 IsThreadAFiber
0x1402ed120 FlsFree
0x1402ed128 FlsSetValue
0x1402ed130 FlsGetValue
0x1402ed138 FlsAlloc
0x1402ed140 GetTempPathW
0x1402ed148 SetFilePointerEx
0x1402ed150 GetFileSizeEx
0x1402ed158 GetConsoleMode
0x1402ed160 GetConsoleOutputCP
0x1402ed168 GetCurrentThread
0x1402ed170 CreateFileW
0x1402ed178 HeapFree
0x1402ed180 HeapAlloc
0x1402ed188 WriteFile
0x1402ed190 GetStdHandle
0x1402ed198 GetModuleFileNameW
0x1402ed1a0 GetModuleHandleExW
0x1402ed1a8 ExitProcess
0x1402ed1b0 LoadLibraryExW
0x1402ed1b8 FreeLibrary
0x1402ed1c0 TlsFree
0x1402ed1c8 TlsSetValue
0x1402ed1d0 TlsGetValue
0x1402ed1d8 TlsAlloc
0x1402ed1e0 InitializeCriticalSectionAndSpinCount
0x1402ed1e8 SetLastError
0x1402ed1f0 GetLastError
0x1402ed1f8 InterlockedFlushSList
0x1402ed200 InterlockedPushEntrySList
0x1402ed208 RtlUnwindEx
0x1402ed210 RaiseException
0x1402ed218 RtlPcToFileHeader
0x1402ed220 TerminateProcess
0x1402ed228 GetCurrentProcess
0x1402ed230 InitializeSListHead
0x1402ed238 GetSystemTimeAsFileTime
0x1402ed240 GetCurrentThreadId
0x1402ed248 GetCurrentProcessId
0x1402ed250 QueryPerformanceCounter
0x1402ed258 GetModuleHandleW
0x1402ed260 IsProcessorFeaturePresent
0x1402ed268 GetStartupInfoW
0x1402ed270 SetUnhandledExceptionFilter
0x1402ed278 UnhandledExceptionFilter
0x1402ed280 IsDebuggerPresent
0x1402ed288 RtlVirtualUnwind
0x1402ed290 RtlLookupFunctionEntry
0x1402ed298 RtlCaptureContext
0x1402ed2a0 GetCPInfo
0x1402ed2a8 CompareStringEx
0x1402ed2b0 FlushFileBuffers
0x1402ed2b8 ReadFile
0x1402ed2c0 ReadConsoleW
0x1402ed2c8 HeapSize
0x1402ed2d0 SetEndOfFile
0x1402ed2d8 WriteConsoleW
0x1402ed2e0 CloseHandle
0x1402ed2e8 GetProcAddress
0x1402ed2f0 FormatMessageA
0x1402ed2f8 EnterCriticalSection
0x1402ed300 LeaveCriticalSection
0x1402ed308 InitializeCriticalSectionEx
0x1402ed310 DeleteCriticalSection
0x1402ed318 EncodePointer
0x1402ed320 DecodePointer
0x1402ed328 LocalFree
0x1402ed330 GetLocaleInfoEx
0x1402ed338 MultiByteToWideChar
0x1402ed340 WideCharToMultiByte
0x1402ed348 LCMapStringEx
0x1402ed350 GetStringTypeW
0x1402ed358 RtlUnwind
USER32.dll
0x1402ed368 GetSystemMenu
0x1402ed370 GetMessageA
0x1402ed378 CheckMenuRadioItem
0x1402ed380 DispatchMessageA
0x1402ed388 GetWindowRect
0x1402ed390 GetMenu
0x1402ed398 LoadCursorA
0x1402ed3a0 DestroyWindow
0x1402ed3a8 SetWindowPos
0x1402ed3b0 CheckRadioButton
0x1402ed3b8 SetActiveWindow
0x1402ed3c0 PostMessageA
0x1402ed3c8 EndDialog
0x1402ed3d0 GetSystemMetrics
0x1402ed3d8 CreatePopupMenu
0x1402ed3e0 DialogBoxParamA
0x1402ed3e8 GetWindowPlacement
0x1402ed3f0 DestroyCursor
0x1402ed3f8 TrackPopupMenu
0x1402ed400 wsprintfA
0x1402ed408 GetSubMenu
0x1402ed410 GetActiveWindow
0x1402ed418 IsWindow
0x1402ed420 OpenClipboard
0x1402ed428 TranslateAcceleratorA
0x1402ed430 GetDlgItemTextA
0x1402ed438 SetTimer
0x1402ed440 RedrawWindow
0x1402ed448 DestroyIcon
0x1402ed450 IsDialogMessageA
0x1402ed458 SetMenuItemInfoA
0x1402ed460 IsMenu
0x1402ed468 SetWindowLongA
0x1402ed470 ClientToScreen
0x1402ed478 CloseClipboard
0x1402ed480 CallWindowProcA
0x1402ed488 DestroyAcceleratorTable
0x1402ed490 EmptyClipboard
0x1402ed498 GetWindowTextA
0x1402ed4a0 LoadAcceleratorsA
0x1402ed4a8 CharLowerBuffA
0x1402ed4b0 SetWindowPlacement
0x1402ed4b8 wvsprintfA
0x1402ed4c0 SetWindowTextA
0x1402ed4c8 MessageBoxA
0x1402ed4d0 GetSysColor
0x1402ed4d8 MoveWindow
0x1402ed4e0 EnumClipboardFormats
0x1402ed4e8 IsDlgButtonChecked
0x1402ed4f0 RegisterClassA
0x1402ed4f8 DestroyMenu
0x1402ed500 SetFocus
0x1402ed508 TranslateMessage
0x1402ed510 GetClipboardData
0x1402ed518 SendDlgItemMessageA
0x1402ed520 GetClassInfoA
0x1402ed528 SetDlgItemTextA
0x1402ed530 SendMessageA
0x1402ed538 SetClipboardData
0x1402ed540 SetCursor
0x1402ed548 CreateDialogParamA
0x1402ed550 LoadIconA
0x1402ed558 CharUpperA
0x1402ed560 AppendMenuA
0x1402ed568 RemoveMenu
0x1402ed570 CheckMenuItem
0x1402ed578 GetClientRect
0x1402ed580 GetDlgItem
0x1402ed588 UnregisterClassA
0x1402ed590 KillTimer
0x1402ed598 CheckDlgButton
0x1402ed5a0 PostQuitMessage
0x1402ed5a8 GetSysColorBrush
0x1402ed5b0 EnableMenuItem
0x1402ed5b8 SetDlgItemInt
0x1402ed5c0 FindWindowA
0x1402ed5c8 InsertMenuItemA
0x1402ed5d0 InvalidateRect
0x1402ed5d8 DefDlgProcA
0x1402ed5e0 ChildWindowFromPoint
0x1402ed5e8 GetCursorPos
0x1402ed5f0 EnableWindow
0x1402ed5f8 GetWindowLongA
COMCTL32.dll
0x1402ed000 CreateToolbarEx
0x1402ed008 ImageList_Destroy
0x1402ed010 ImageList_Create
0x1402ed018 ImageList_SetBkColor
0x1402ed020 ImageList_ReplaceIcon
0x1402ed028 InitCommonControlsEx
0x1402ed030 ImageList_Remove
EAT(Export Address Table) is none
KERNEL32.dll
0x1402ed040 SetStdHandle
0x1402ed048 OutputDebugStringW
0x1402ed050 GetProcessHeap
0x1402ed058 SetEnvironmentVariableW
0x1402ed060 FreeEnvironmentStringsW
0x1402ed068 GetEnvironmentStringsW
0x1402ed070 GetCommandLineW
0x1402ed078 GetCommandLineA
0x1402ed080 GetOEMCP
0x1402ed088 GetACP
0x1402ed090 IsValidCodePage
0x1402ed098 FindNextFileW
0x1402ed0a0 FindFirstFileExW
0x1402ed0a8 FindClose
0x1402ed0b0 GetTimeZoneInformation
0x1402ed0b8 SetConsoleCtrlHandler
0x1402ed0c0 GetFileType
0x1402ed0c8 HeapReAlloc
0x1402ed0d0 EnumSystemLocalesW
0x1402ed0d8 GetUserDefaultLCID
0x1402ed0e0 IsValidLocale
0x1402ed0e8 GetLocaleInfoW
0x1402ed0f0 LCMapStringW
0x1402ed0f8 CompareStringW
0x1402ed100 GetTimeFormatW
0x1402ed108 GetDateFormatW
0x1402ed110 VirtualProtect
0x1402ed118 IsThreadAFiber
0x1402ed120 FlsFree
0x1402ed128 FlsSetValue
0x1402ed130 FlsGetValue
0x1402ed138 FlsAlloc
0x1402ed140 GetTempPathW
0x1402ed148 SetFilePointerEx
0x1402ed150 GetFileSizeEx
0x1402ed158 GetConsoleMode
0x1402ed160 GetConsoleOutputCP
0x1402ed168 GetCurrentThread
0x1402ed170 CreateFileW
0x1402ed178 HeapFree
0x1402ed180 HeapAlloc
0x1402ed188 WriteFile
0x1402ed190 GetStdHandle
0x1402ed198 GetModuleFileNameW
0x1402ed1a0 GetModuleHandleExW
0x1402ed1a8 ExitProcess
0x1402ed1b0 LoadLibraryExW
0x1402ed1b8 FreeLibrary
0x1402ed1c0 TlsFree
0x1402ed1c8 TlsSetValue
0x1402ed1d0 TlsGetValue
0x1402ed1d8 TlsAlloc
0x1402ed1e0 InitializeCriticalSectionAndSpinCount
0x1402ed1e8 SetLastError
0x1402ed1f0 GetLastError
0x1402ed1f8 InterlockedFlushSList
0x1402ed200 InterlockedPushEntrySList
0x1402ed208 RtlUnwindEx
0x1402ed210 RaiseException
0x1402ed218 RtlPcToFileHeader
0x1402ed220 TerminateProcess
0x1402ed228 GetCurrentProcess
0x1402ed230 InitializeSListHead
0x1402ed238 GetSystemTimeAsFileTime
0x1402ed240 GetCurrentThreadId
0x1402ed248 GetCurrentProcessId
0x1402ed250 QueryPerformanceCounter
0x1402ed258 GetModuleHandleW
0x1402ed260 IsProcessorFeaturePresent
0x1402ed268 GetStartupInfoW
0x1402ed270 SetUnhandledExceptionFilter
0x1402ed278 UnhandledExceptionFilter
0x1402ed280 IsDebuggerPresent
0x1402ed288 RtlVirtualUnwind
0x1402ed290 RtlLookupFunctionEntry
0x1402ed298 RtlCaptureContext
0x1402ed2a0 GetCPInfo
0x1402ed2a8 CompareStringEx
0x1402ed2b0 FlushFileBuffers
0x1402ed2b8 ReadFile
0x1402ed2c0 ReadConsoleW
0x1402ed2c8 HeapSize
0x1402ed2d0 SetEndOfFile
0x1402ed2d8 WriteConsoleW
0x1402ed2e0 CloseHandle
0x1402ed2e8 GetProcAddress
0x1402ed2f0 FormatMessageA
0x1402ed2f8 EnterCriticalSection
0x1402ed300 LeaveCriticalSection
0x1402ed308 InitializeCriticalSectionEx
0x1402ed310 DeleteCriticalSection
0x1402ed318 EncodePointer
0x1402ed320 DecodePointer
0x1402ed328 LocalFree
0x1402ed330 GetLocaleInfoEx
0x1402ed338 MultiByteToWideChar
0x1402ed340 WideCharToMultiByte
0x1402ed348 LCMapStringEx
0x1402ed350 GetStringTypeW
0x1402ed358 RtlUnwind
USER32.dll
0x1402ed368 GetSystemMenu
0x1402ed370 GetMessageA
0x1402ed378 CheckMenuRadioItem
0x1402ed380 DispatchMessageA
0x1402ed388 GetWindowRect
0x1402ed390 GetMenu
0x1402ed398 LoadCursorA
0x1402ed3a0 DestroyWindow
0x1402ed3a8 SetWindowPos
0x1402ed3b0 CheckRadioButton
0x1402ed3b8 SetActiveWindow
0x1402ed3c0 PostMessageA
0x1402ed3c8 EndDialog
0x1402ed3d0 GetSystemMetrics
0x1402ed3d8 CreatePopupMenu
0x1402ed3e0 DialogBoxParamA
0x1402ed3e8 GetWindowPlacement
0x1402ed3f0 DestroyCursor
0x1402ed3f8 TrackPopupMenu
0x1402ed400 wsprintfA
0x1402ed408 GetSubMenu
0x1402ed410 GetActiveWindow
0x1402ed418 IsWindow
0x1402ed420 OpenClipboard
0x1402ed428 TranslateAcceleratorA
0x1402ed430 GetDlgItemTextA
0x1402ed438 SetTimer
0x1402ed440 RedrawWindow
0x1402ed448 DestroyIcon
0x1402ed450 IsDialogMessageA
0x1402ed458 SetMenuItemInfoA
0x1402ed460 IsMenu
0x1402ed468 SetWindowLongA
0x1402ed470 ClientToScreen
0x1402ed478 CloseClipboard
0x1402ed480 CallWindowProcA
0x1402ed488 DestroyAcceleratorTable
0x1402ed490 EmptyClipboard
0x1402ed498 GetWindowTextA
0x1402ed4a0 LoadAcceleratorsA
0x1402ed4a8 CharLowerBuffA
0x1402ed4b0 SetWindowPlacement
0x1402ed4b8 wvsprintfA
0x1402ed4c0 SetWindowTextA
0x1402ed4c8 MessageBoxA
0x1402ed4d0 GetSysColor
0x1402ed4d8 MoveWindow
0x1402ed4e0 EnumClipboardFormats
0x1402ed4e8 IsDlgButtonChecked
0x1402ed4f0 RegisterClassA
0x1402ed4f8 DestroyMenu
0x1402ed500 SetFocus
0x1402ed508 TranslateMessage
0x1402ed510 GetClipboardData
0x1402ed518 SendDlgItemMessageA
0x1402ed520 GetClassInfoA
0x1402ed528 SetDlgItemTextA
0x1402ed530 SendMessageA
0x1402ed538 SetClipboardData
0x1402ed540 SetCursor
0x1402ed548 CreateDialogParamA
0x1402ed550 LoadIconA
0x1402ed558 CharUpperA
0x1402ed560 AppendMenuA
0x1402ed568 RemoveMenu
0x1402ed570 CheckMenuItem
0x1402ed578 GetClientRect
0x1402ed580 GetDlgItem
0x1402ed588 UnregisterClassA
0x1402ed590 KillTimer
0x1402ed598 CheckDlgButton
0x1402ed5a0 PostQuitMessage
0x1402ed5a8 GetSysColorBrush
0x1402ed5b0 EnableMenuItem
0x1402ed5b8 SetDlgItemInt
0x1402ed5c0 FindWindowA
0x1402ed5c8 InsertMenuItemA
0x1402ed5d0 InvalidateRect
0x1402ed5d8 DefDlgProcA
0x1402ed5e0 ChildWindowFromPoint
0x1402ed5e8 GetCursorPos
0x1402ed5f0 EnableWindow
0x1402ed5f8 GetWindowLongA
COMCTL32.dll
0x1402ed000 CreateToolbarEx
0x1402ed008 ImageList_Destroy
0x1402ed010 ImageList_Create
0x1402ed018 ImageList_SetBkColor
0x1402ed020 ImageList_ReplaceIcon
0x1402ed028 InitCommonControlsEx
0x1402ed030 ImageList_Remove
EAT(Export Address Table) is none