ScreenShot
| Created | 2025.01.23 06:51 | Machine | s1_win7_x6403 |
| Filename | jmkykhjksefkyt.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | |||
| md5 | 65cc23e7237f3cff2d206a269793772e | ||
| sha256 | a57a8a3c3c073632337bb870db56538ef3d3cebd1ada4c3ed2397ea73a6923fb | ||
| ssdeep | 3072:8Ho0VvS7fw67XojiwHjwlntccGGLz9VkYFP+WR9pLhbtnhSe2e2e2nw:41VvSM6ziiw0cMLzDj9VBne | ||
| imphash | 84ba17106ada936d580064070fd488b4 | ||
| impfuzzy | 48:pCJ+8JliQqgy4/OTtoLI6X0Wh2Pa4jt4y4rzCLus5KQDw6/lgz9loehrw3R7oC6a:pq+IlRqgB/etoL50WnnM4lncaC9 | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| watch | Attempts to create or modify system certificates |
| watch | Communicates with host for which no DNS query was performed |
| watch | Network activity contains more than one unique useragent |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (6cnts) ?
Suricata ids
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x41b470 ??2@YAPAXI@Z
0x41b474 ??3@YAXPAX@Z
0x41b478 ??_U@YAPAXI@Z
0x41b47c ??_V@YAXPAX@Z
0x41b480 _itoa_s
0x41b484 _splitpath
0x41b488 atexit
0x41b48c free
0x41b490 isupper
0x41b494 malloc
0x41b498 memchr
0x41b49c memcmp
0x41b4a0 memcpy
0x41b4a4 memmove
0x41b4a8 memset
0x41b4ac rand
0x41b4b0 srand
0x41b4b4 strchr
0x41b4b8 strcpy
0x41b4bc strcpy_s
0x41b4c0 strlen
0x41b4c4 strncpy
0x41b4c8 strstr
0x41b4cc strtok_s
KERNEL32.dll
0x41b4d4 CloseHandle
0x41b4d8 CopyFileA
0x41b4dc CreateDirectoryA
0x41b4e0 CreateEventA
0x41b4e4 CreateFileA
0x41b4e8 CreateProcessA
0x41b4ec CreateThread
0x41b4f0 CreateToolhelp32Snapshot
0x41b4f4 DeleteFileA
0x41b4f8 ExitProcess
0x41b4fc ExpandEnvironmentStringsA
0x41b500 FileTimeToSystemTime
0x41b504 FindClose
0x41b508 FindFirstFileA
0x41b50c FindNextFileA
0x41b510 GetComputerNameA
0x41b514 GetComputerNameW
0x41b518 GetCurrentProcess
0x41b51c GetCurrentProcessId
0x41b520 GetDriveTypeA
0x41b524 GetEnvironmentVariableA
0x41b528 GetFileAttributesA
0x41b52c GetFileInformationByHandle
0x41b530 GetFileSize
0x41b534 GetFileSizeEx
0x41b538 GetLastError
0x41b53c GetLocalTime
0x41b540 GetLocaleInfoA
0x41b544 GetLogicalDriveStringsA
0x41b548 GetLogicalProcessorInformationEx
0x41b54c GetModuleFileNameA
0x41b550 GetProcAddress
0x41b554 GetProcessHeap
0x41b558 GetSystemInfo
0x41b55c GetSystemTime
0x41b560 GetTickCount
0x41b564 GetTimeZoneInformation
0x41b568 GetVolumeInformationA
0x41b56c GetWindowsDirectoryA
0x41b570 GlobalAlloc
0x41b574 GlobalFree
0x41b578 GlobalLock
0x41b57c GlobalMemoryStatusEx
0x41b580 GlobalSize
0x41b584 HeapAlloc
0x41b588 HeapFree
0x41b58c K32GetModuleFileNameExA
0x41b590 LoadLibraryW
0x41b594 LocalAlloc
0x41b598 LocalFree
0x41b59c OpenEventA
0x41b5a0 OpenProcess
0x41b5a4 Process32First
0x41b5a8 Process32Next
0x41b5ac RaiseException
0x41b5b0 ReadFile
0x41b5b4 ReadProcessMemory
0x41b5b8 SetFilePointer
0x41b5bc Sleep
0x41b5c0 SystemTimeToFileTime
0x41b5c4 TerminateProcess
0x41b5c8 VirtualQueryEx
0x41b5cc WaitForSingleObject
0x41b5d0 WriteFile
0x41b5d4 lstrcatA
0x41b5d8 lstrcpyA
0x41b5dc lstrlenA
ADVAPI32.dll
0x41b5e4 GetCurrentHwProfileA
0x41b5e8 GetUserNameA
0x41b5ec GetUserNameW
0x41b5f0 RegCloseKey
0x41b5f4 RegEnumKeyExA
0x41b5f8 RegGetValueA
0x41b5fc RegOpenKeyExA
0x41b600 RegQueryValueExA
api-ms-win-crt-runtime-l1-1-0.dll
0x41b608 _invalid_parameter_noinfo_noreturn
USER32.dll
0x41b610 CharToOemA
0x41b614 CloseDesktop
0x41b618 CloseWindow
0x41b61c CreateDesktopA
0x41b620 EnumDisplayDevicesA
0x41b624 GetDC
0x41b628 GetDesktopWindow
0x41b62c GetKeyboardLayoutList
0x41b630 GetWindowRect
0x41b634 MessageBoxA
0x41b638 OpenDesktopA
0x41b63c ReleaseDC
0x41b640 wsprintfA
0x41b644 wsprintfW
api-ms-win-crt-stdio-l1-1-0.dll
0x41b64c __stdio_common_vsnprintf_s
0x41b650 __stdio_common_vsprintf
GDI32.dll
0x41b658 BitBlt
0x41b65c CreateCompatibleBitmap
0x41b660 CreateCompatibleDC
0x41b664 CreateDCA
0x41b668 DeleteObject
0x41b66c GetDeviceCaps
0x41b670 SelectObject
SHELL32.dll
0x41b678 SHFileOperationA
0x41b67c SHGetFolderPathA
0x41b680 ShellExecuteExA
ole32.dll
0x41b688 CreateStreamOnHGlobal
0x41b68c GetHGlobalFromStream
WS2_32.dll
0x41b694 WSACleanup
0x41b698 WSAStartup
0x41b69c closesocket
0x41b6a0 connect
0x41b6a4 freeaddrinfo
0x41b6a8 getaddrinfo
0x41b6ac htons
0x41b6b0 recv
0x41b6b4 send
0x41b6b8 socket
SHLWAPI.dll
0x41b6c0 PathFileExistsA
0x41b6c4 PathMatchSpecA
0x41b6c8 None
0x41b6cc None
0x41b6d0 StrStrA
CRYPT32.dll
0x41b6d8 CryptBinaryToStringA
0x41b6dc CryptUnprotectData
WININET.dll
0x41b6e4 HttpOpenRequestA
0x41b6e8 HttpQueryInfoA
0x41b6ec HttpSendRequestA
0x41b6f0 InternetCloseHandle
0x41b6f4 InternetConnectA
0x41b6f8 InternetCrackUrlA
0x41b6fc InternetOpenA
0x41b700 InternetOpenUrlA
0x41b704 InternetReadFile
0x41b708 InternetSetOptionA
crypt.dll
0x41b710 BCryptCloseAlgorithmProvider
0x41b714 BCryptDecrypt
0x41b718 BCryptDestroyKey
0x41b71c BCryptGenerateSymmetricKey
0x41b720 BCryptOpenAlgorithmProvider
0x41b724 BCryptSetProperty
dbghelp.dll
0x41b72c SymCleanup
0x41b730 SymFromAddr
0x41b734 SymGetLineFromAddr64
0x41b738 SymInitialize
0x41b73c SymMatchString
0x41b740 SymSetOptions
EAT(Export Address Table) Library
0x40f48a _UnhandledExceptionFilter@4
msvcrt.dll
0x41b470 ??2@YAPAXI@Z
0x41b474 ??3@YAXPAX@Z
0x41b478 ??_U@YAPAXI@Z
0x41b47c ??_V@YAXPAX@Z
0x41b480 _itoa_s
0x41b484 _splitpath
0x41b488 atexit
0x41b48c free
0x41b490 isupper
0x41b494 malloc
0x41b498 memchr
0x41b49c memcmp
0x41b4a0 memcpy
0x41b4a4 memmove
0x41b4a8 memset
0x41b4ac rand
0x41b4b0 srand
0x41b4b4 strchr
0x41b4b8 strcpy
0x41b4bc strcpy_s
0x41b4c0 strlen
0x41b4c4 strncpy
0x41b4c8 strstr
0x41b4cc strtok_s
KERNEL32.dll
0x41b4d4 CloseHandle
0x41b4d8 CopyFileA
0x41b4dc CreateDirectoryA
0x41b4e0 CreateEventA
0x41b4e4 CreateFileA
0x41b4e8 CreateProcessA
0x41b4ec CreateThread
0x41b4f0 CreateToolhelp32Snapshot
0x41b4f4 DeleteFileA
0x41b4f8 ExitProcess
0x41b4fc ExpandEnvironmentStringsA
0x41b500 FileTimeToSystemTime
0x41b504 FindClose
0x41b508 FindFirstFileA
0x41b50c FindNextFileA
0x41b510 GetComputerNameA
0x41b514 GetComputerNameW
0x41b518 GetCurrentProcess
0x41b51c GetCurrentProcessId
0x41b520 GetDriveTypeA
0x41b524 GetEnvironmentVariableA
0x41b528 GetFileAttributesA
0x41b52c GetFileInformationByHandle
0x41b530 GetFileSize
0x41b534 GetFileSizeEx
0x41b538 GetLastError
0x41b53c GetLocalTime
0x41b540 GetLocaleInfoA
0x41b544 GetLogicalDriveStringsA
0x41b548 GetLogicalProcessorInformationEx
0x41b54c GetModuleFileNameA
0x41b550 GetProcAddress
0x41b554 GetProcessHeap
0x41b558 GetSystemInfo
0x41b55c GetSystemTime
0x41b560 GetTickCount
0x41b564 GetTimeZoneInformation
0x41b568 GetVolumeInformationA
0x41b56c GetWindowsDirectoryA
0x41b570 GlobalAlloc
0x41b574 GlobalFree
0x41b578 GlobalLock
0x41b57c GlobalMemoryStatusEx
0x41b580 GlobalSize
0x41b584 HeapAlloc
0x41b588 HeapFree
0x41b58c K32GetModuleFileNameExA
0x41b590 LoadLibraryW
0x41b594 LocalAlloc
0x41b598 LocalFree
0x41b59c OpenEventA
0x41b5a0 OpenProcess
0x41b5a4 Process32First
0x41b5a8 Process32Next
0x41b5ac RaiseException
0x41b5b0 ReadFile
0x41b5b4 ReadProcessMemory
0x41b5b8 SetFilePointer
0x41b5bc Sleep
0x41b5c0 SystemTimeToFileTime
0x41b5c4 TerminateProcess
0x41b5c8 VirtualQueryEx
0x41b5cc WaitForSingleObject
0x41b5d0 WriteFile
0x41b5d4 lstrcatA
0x41b5d8 lstrcpyA
0x41b5dc lstrlenA
ADVAPI32.dll
0x41b5e4 GetCurrentHwProfileA
0x41b5e8 GetUserNameA
0x41b5ec GetUserNameW
0x41b5f0 RegCloseKey
0x41b5f4 RegEnumKeyExA
0x41b5f8 RegGetValueA
0x41b5fc RegOpenKeyExA
0x41b600 RegQueryValueExA
api-ms-win-crt-runtime-l1-1-0.dll
0x41b608 _invalid_parameter_noinfo_noreturn
USER32.dll
0x41b610 CharToOemA
0x41b614 CloseDesktop
0x41b618 CloseWindow
0x41b61c CreateDesktopA
0x41b620 EnumDisplayDevicesA
0x41b624 GetDC
0x41b628 GetDesktopWindow
0x41b62c GetKeyboardLayoutList
0x41b630 GetWindowRect
0x41b634 MessageBoxA
0x41b638 OpenDesktopA
0x41b63c ReleaseDC
0x41b640 wsprintfA
0x41b644 wsprintfW
api-ms-win-crt-stdio-l1-1-0.dll
0x41b64c __stdio_common_vsnprintf_s
0x41b650 __stdio_common_vsprintf
GDI32.dll
0x41b658 BitBlt
0x41b65c CreateCompatibleBitmap
0x41b660 CreateCompatibleDC
0x41b664 CreateDCA
0x41b668 DeleteObject
0x41b66c GetDeviceCaps
0x41b670 SelectObject
SHELL32.dll
0x41b678 SHFileOperationA
0x41b67c SHGetFolderPathA
0x41b680 ShellExecuteExA
ole32.dll
0x41b688 CreateStreamOnHGlobal
0x41b68c GetHGlobalFromStream
WS2_32.dll
0x41b694 WSACleanup
0x41b698 WSAStartup
0x41b69c closesocket
0x41b6a0 connect
0x41b6a4 freeaddrinfo
0x41b6a8 getaddrinfo
0x41b6ac htons
0x41b6b0 recv
0x41b6b4 send
0x41b6b8 socket
SHLWAPI.dll
0x41b6c0 PathFileExistsA
0x41b6c4 PathMatchSpecA
0x41b6c8 None
0x41b6cc None
0x41b6d0 StrStrA
CRYPT32.dll
0x41b6d8 CryptBinaryToStringA
0x41b6dc CryptUnprotectData
WININET.dll
0x41b6e4 HttpOpenRequestA
0x41b6e8 HttpQueryInfoA
0x41b6ec HttpSendRequestA
0x41b6f0 InternetCloseHandle
0x41b6f4 InternetConnectA
0x41b6f8 InternetCrackUrlA
0x41b6fc InternetOpenA
0x41b700 InternetOpenUrlA
0x41b704 InternetReadFile
0x41b708 InternetSetOptionA
crypt.dll
0x41b710 BCryptCloseAlgorithmProvider
0x41b714 BCryptDecrypt
0x41b718 BCryptDestroyKey
0x41b71c BCryptGenerateSymmetricKey
0x41b720 BCryptOpenAlgorithmProvider
0x41b724 BCryptSetProperty
dbghelp.dll
0x41b72c SymCleanup
0x41b730 SymFromAddr
0x41b734 SymGetLineFromAddr64
0x41b738 SymInitialize
0x41b73c SymMatchString
0x41b740 SymSetOptions
EAT(Export Address Table) Library
0x40f48a _UnhandledExceptionFilter@4