ScreenShot
| Created | 2025.01.23 18:41 | Machine | s1_win7_x6403 |
| Filename | 22.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 63 detected (AIDetectMalware, Remcos, Malicious, score, MultiRI, S26969863, Dacic, Unsafe, Save, confidence, 100%, Kryptik, Attribute, HighConfidence, Windows, Rescoms, RATX, jnwxkg, jsuxhk, CLASSIC, AGEN, Siggen16, Real Protect, Static AI, Malicious PE, hffus, Detected, Bucaspys, Eldorado, RemcosRAT, R418128, GenericRXRV, Genetic, 83DBrGr, susgen) | ||
| md5 | 448478c46fe0884972f0047c26da0935 | ||
| sha256 | 79738b58535815ae65f86122ebd5a8bf26c6801a3238e6be5a59b77a993b60b2 | ||
| ssdeep | 6144:3OFBH/FMNjt18F+9a/NgAeDB4CcOtKp03b13a4LJ+sAOZZPWXbTcUjyg:3OFtiNBuFgawDB4NOmuwsfZPUyg | ||
| imphash | 029a987f21e33b48f24d21b6f9ff1129 | ||
| impfuzzy | 96:xSzHRXKsHcp+1ZM3fRCSWH7fGLAOX/kyKNUz7KgKd39ue5YLzS5:xs695TWsX/DPiZYe5oS5 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| danger | File has been identified by 63 AntiVirus engines on VirusTotal as malicious |
| watch | Creates a windows hook that monitors keyboard input (keylogger) |
| notice | A process attempted to delay the analysis task. |
| notice | Connects to a Dynamic DNS Domain |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | infoStealer_browser_b_Zero | browser info stealer | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (9cnts) ?
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4540b0 GetLocaleInfoA
0x4540b4 CreateToolhelp32Snapshot
0x4540b8 OpenMutexA
0x4540bc Process32NextW
0x4540c0 LoadLibraryA
0x4540c4 Process32FirstW
0x4540c8 GetProcAddress
0x4540cc VirtualProtect
0x4540d0 SetLastError
0x4540d4 VirtualFree
0x4540d8 VirtualAlloc
0x4540dc GetNativeSystemInfo
0x4540e0 HeapAlloc
0x4540e4 GetProcessHeap
0x4540e8 FreeLibrary
0x4540ec IsBadReadPtr
0x4540f0 GetTempPathW
0x4540f4 OpenProcess
0x4540f8 lstrcatW
0x4540fc GetCurrentProcessId
0x454100 GetTempFileNameW
0x454104 GetCurrentProcess
0x454108 GetSystemDirectoryA
0x45410c GlobalAlloc
0x454110 GlobalLock
0x454114 GetTickCount
0x454118 GlobalUnlock
0x45411c WriteProcessMemory
0x454120 ResumeThread
0x454124 GetThreadContext
0x454128 VirtualAllocEx
0x45412c ReadProcessMemory
0x454130 CreateProcessW
0x454134 SetThreadContext
0x454138 LocalAlloc
0x45413c GlobalFree
0x454140 MulDiv
0x454144 SizeofResource
0x454148 GetLongPathNameW
0x45414c SetFilePointer
0x454150 FindResourceA
0x454154 LockResource
0x454158 LoadResource
0x45415c LocalFree
0x454160 FormatMessageA
0x454164 GetModuleFileNameA
0x454168 lstrcpynA
0x45416c AllocConsole
0x454170 CreateMutexA
0x454174 QueryPerformanceCounter
0x454178 EnterCriticalSection
0x45417c LeaveCriticalSection
0x454180 InitializeCriticalSection
0x454184 DeleteCriticalSection
0x454188 HeapSize
0x45418c WriteConsoleW
0x454190 SetStdHandle
0x454194 SetEnvironmentVariableW
0x454198 SetEnvironmentVariableA
0x45419c FreeEnvironmentStringsW
0x4541a0 GetEnvironmentStringsW
0x4541a4 GetCommandLineW
0x4541a8 GetCommandLineA
0x4541ac GetOEMCP
0x4541b0 IsValidCodePage
0x4541b4 FindFirstFileExA
0x4541b8 ReadConsoleW
0x4541bc GetConsoleMode
0x4541c0 GetConsoleCP
0x4541c4 FlushFileBuffers
0x4541c8 GetFileType
0x4541cc GetTimeZoneInformation
0x4541d0 EnumSystemLocalesW
0x4541d4 GetUserDefaultLCID
0x4541d8 IsValidLocale
0x4541dc GetTimeFormatW
0x4541e0 GetDateFormatW
0x4541e4 HeapReAlloc
0x4541e8 GetACP
0x4541ec GetStdHandle
0x4541f0 GetModuleHandleExW
0x4541f4 MoveFileExW
0x4541f8 RtlUnwind
0x4541fc RaiseException
0x454200 LoadLibraryExW
0x454204 GetCPInfo
0x454208 GetStringTypeW
0x45420c GetLocaleInfoW
0x454210 LCMapStringW
0x454214 CompareStringW
0x454218 TlsFree
0x45421c TlsSetValue
0x454220 CopyFileW
0x454224 DeleteFileA
0x454228 ExpandEnvironmentStringsA
0x45422c FindNextFileA
0x454230 FindFirstFileA
0x454234 GetFileSize
0x454238 TerminateThread
0x45423c CreateDirectoryW
0x454240 GetLastError
0x454244 SetFileAttributesW
0x454248 GetModuleHandleA
0x45424c RemoveDirectoryW
0x454250 MoveFileW
0x454254 SetFilePointerEx
0x454258 GetLogicalDriveStringsA
0x45425c DeleteFileW
0x454260 GetFileAttributesW
0x454264 FindClose
0x454268 lstrlenA
0x45426c GetDriveTypeA
0x454270 FindNextFileW
0x454274 GetFileSizeEx
0x454278 FindFirstFileW
0x45427c ExitProcess
0x454280 CreateProcessA
0x454284 PeekNamedPipe
0x454288 CreatePipe
0x45428c TerminateProcess
0x454290 ReadFile
0x454294 HeapFree
0x454298 HeapCreate
0x45429c CreateEventA
0x4542a0 GetLocalTime
0x4542a4 CreateThread
0x4542a8 SetEvent
0x4542ac CreateEventW
0x4542b0 WaitForSingleObject
0x4542b4 Sleep
0x4542b8 GetModuleFileNameW
0x4542bc CloseHandle
0x4542c0 ExitThread
0x4542c4 CreateFileW
0x4542c8 WriteFile
0x4542cc QueryPerformanceFrequency
0x4542d0 TlsGetValue
0x4542d4 TlsAlloc
0x4542d8 InitializeCriticalSectionAndSpinCount
0x4542dc MultiByteToWideChar
0x4542e0 DecodePointer
0x4542e4 EncodePointer
0x4542e8 WideCharToMultiByte
0x4542ec InitializeSListHead
0x4542f0 GetSystemTimeAsFileTime
0x4542f4 GetCurrentThreadId
0x4542f8 IsProcessorFeaturePresent
0x4542fc GetStartupInfoW
0x454300 SetUnhandledExceptionFilter
0x454304 UnhandledExceptionFilter
0x454308 IsDebuggerPresent
0x45430c GetModuleHandleW
0x454310 WaitForSingleObjectEx
0x454314 ResetEvent
0x454318 SetEndOfFile
USER32.dll
0x454344 SetForegroundWindow
0x454348 SetClipboardData
0x45434c EnumWindows
0x454350 ExitWindowsEx
0x454354 EmptyClipboard
0x454358 ShowWindow
0x45435c SetWindowTextW
0x454360 MessageBoxW
0x454364 IsWindowVisible
0x454368 TranslateMessage
0x45436c DispatchMessageA
0x454370 GetMessageA
0x454374 GetWindowTextW
0x454378 wsprintfW
0x45437c GetClipboardData
0x454380 UnhookWindowsHookEx
0x454384 GetForegroundWindow
0x454388 GetWindowThreadProcessId
0x45438c GetKeyboardLayout
0x454390 SetWindowsHookExA
0x454394 CloseClipboard
0x454398 OpenClipboard
0x45439c GetKeyboardState
0x4543a0 CallNextHookEx
0x4543a4 CloseWindow
0x4543a8 SendInput
0x4543ac mouse_event
0x4543b0 DrawIcon
0x4543b4 GetSystemMetrics
0x4543b8 GetIconInfo
0x4543bc SystemParametersInfoW
0x4543c0 GetCursorPos
0x4543c4 RegisterClassExA
0x4543c8 GetKeyboardLayoutNameA
0x4543cc GetWindowTextLengthW
0x4543d0 GetKeyState
0x4543d4 ToUnicodeEx
0x4543d8 AppendMenuA
0x4543dc CreateWindowExA
0x4543e0 DefWindowProcA
0x4543e4 TrackPopupMenu
0x4543e8 CreatePopupMenu
GDI32.dll
0x454088 CreateCompatibleBitmap
0x45408c CreateCompatibleDC
0x454090 StretchBlt
0x454094 GetDIBits
0x454098 DeleteDC
0x45409c DeleteObject
0x4540a0 CreateDCA
0x4540a4 GetObjectA
0x4540a8 SelectObject
ADVAPI32.dll
0x454000 CryptAcquireContextA
0x454004 CryptGenRandom
0x454008 CryptReleaseContext
0x45400c GetUserNameW
0x454010 RegEnumKeyExA
0x454014 QueryServiceStatus
0x454018 CloseServiceHandle
0x45401c OpenSCManagerW
0x454020 OpenSCManagerA
0x454024 ControlService
0x454028 StartServiceW
0x45402c QueryServiceConfigW
0x454030 ChangeServiceConfigW
0x454034 OpenServiceW
0x454038 EnumServicesStatusW
0x45403c AdjustTokenPrivileges
0x454040 LookupPrivilegeValueA
0x454044 OpenProcessToken
0x454048 RegCreateKeyA
0x45404c RegCloseKey
0x454050 RegQueryInfoKeyW
0x454054 RegQueryValueExA
0x454058 RegCreateKeyExW
0x45405c RegEnumKeyExW
0x454060 RegSetValueExW
0x454064 RegSetValueExA
0x454068 RegOpenKeyExA
0x45406c RegOpenKeyExW
0x454070 RegCreateKeyW
0x454074 RegDeleteValueW
0x454078 RegEnumValueW
0x45407c RegQueryValueExW
0x454080 RegDeleteKeyA
SHELL32.dll
0x454320 ShellExecuteW
0x454324 ShellExecuteExA
0x454328 Shell_NotifyIconA
0x45432c ExtractIconA
SHLWAPI.dll
0x454334 PathFileExistsW
0x454338 PathFileExistsA
0x45433c StrToIntA
WINMM.dll
0x4543f0 PlaySoundW
0x4543f4 mciSendStringA
0x4543f8 mciSendStringW
0x4543fc waveInClose
0x454400 waveInAddBuffer
0x454404 waveInStart
0x454408 waveInOpen
0x45440c waveInUnprepareHeader
0x454410 waveInPrepareHeader
0x454414 waveInStop
WS2_32.dll
0x45441c send
0x454420 socket
0x454424 connect
0x454428 recv
0x45442c gethostbyname
0x454430 WSASetLastError
0x454434 inet_addr
0x454438 gethostbyaddr
0x45443c getservbyport
0x454440 ntohs
0x454444 getservbyname
0x454448 htonl
0x45444c htons
0x454450 inet_ntoa
0x454454 closesocket
0x454458 WSAGetLastError
0x45445c WSAStartup
urlmon.dll
0x454490 URLDownloadToFileW
0x454494 URLOpenBlockingStreamW
gdiplus.dll
0x454464 GdiplusStartup
0x454468 GdipGetImageEncoders
0x45446c GdipCloneImage
0x454470 GdipAlloc
0x454474 GdipDisposeImage
0x454478 GdipFree
0x45447c GdipGetImageEncodersSize
0x454480 GdipSaveImageToStream
0x454484 GdipSaveImageToFile
0x454488 GdipLoadImageFromStream
EAT(Export Address Table) is none
KERNEL32.dll
0x4540b0 GetLocaleInfoA
0x4540b4 CreateToolhelp32Snapshot
0x4540b8 OpenMutexA
0x4540bc Process32NextW
0x4540c0 LoadLibraryA
0x4540c4 Process32FirstW
0x4540c8 GetProcAddress
0x4540cc VirtualProtect
0x4540d0 SetLastError
0x4540d4 VirtualFree
0x4540d8 VirtualAlloc
0x4540dc GetNativeSystemInfo
0x4540e0 HeapAlloc
0x4540e4 GetProcessHeap
0x4540e8 FreeLibrary
0x4540ec IsBadReadPtr
0x4540f0 GetTempPathW
0x4540f4 OpenProcess
0x4540f8 lstrcatW
0x4540fc GetCurrentProcessId
0x454100 GetTempFileNameW
0x454104 GetCurrentProcess
0x454108 GetSystemDirectoryA
0x45410c GlobalAlloc
0x454110 GlobalLock
0x454114 GetTickCount
0x454118 GlobalUnlock
0x45411c WriteProcessMemory
0x454120 ResumeThread
0x454124 GetThreadContext
0x454128 VirtualAllocEx
0x45412c ReadProcessMemory
0x454130 CreateProcessW
0x454134 SetThreadContext
0x454138 LocalAlloc
0x45413c GlobalFree
0x454140 MulDiv
0x454144 SizeofResource
0x454148 GetLongPathNameW
0x45414c SetFilePointer
0x454150 FindResourceA
0x454154 LockResource
0x454158 LoadResource
0x45415c LocalFree
0x454160 FormatMessageA
0x454164 GetModuleFileNameA
0x454168 lstrcpynA
0x45416c AllocConsole
0x454170 CreateMutexA
0x454174 QueryPerformanceCounter
0x454178 EnterCriticalSection
0x45417c LeaveCriticalSection
0x454180 InitializeCriticalSection
0x454184 DeleteCriticalSection
0x454188 HeapSize
0x45418c WriteConsoleW
0x454190 SetStdHandle
0x454194 SetEnvironmentVariableW
0x454198 SetEnvironmentVariableA
0x45419c FreeEnvironmentStringsW
0x4541a0 GetEnvironmentStringsW
0x4541a4 GetCommandLineW
0x4541a8 GetCommandLineA
0x4541ac GetOEMCP
0x4541b0 IsValidCodePage
0x4541b4 FindFirstFileExA
0x4541b8 ReadConsoleW
0x4541bc GetConsoleMode
0x4541c0 GetConsoleCP
0x4541c4 FlushFileBuffers
0x4541c8 GetFileType
0x4541cc GetTimeZoneInformation
0x4541d0 EnumSystemLocalesW
0x4541d4 GetUserDefaultLCID
0x4541d8 IsValidLocale
0x4541dc GetTimeFormatW
0x4541e0 GetDateFormatW
0x4541e4 HeapReAlloc
0x4541e8 GetACP
0x4541ec GetStdHandle
0x4541f0 GetModuleHandleExW
0x4541f4 MoveFileExW
0x4541f8 RtlUnwind
0x4541fc RaiseException
0x454200 LoadLibraryExW
0x454204 GetCPInfo
0x454208 GetStringTypeW
0x45420c GetLocaleInfoW
0x454210 LCMapStringW
0x454214 CompareStringW
0x454218 TlsFree
0x45421c TlsSetValue
0x454220 CopyFileW
0x454224 DeleteFileA
0x454228 ExpandEnvironmentStringsA
0x45422c FindNextFileA
0x454230 FindFirstFileA
0x454234 GetFileSize
0x454238 TerminateThread
0x45423c CreateDirectoryW
0x454240 GetLastError
0x454244 SetFileAttributesW
0x454248 GetModuleHandleA
0x45424c RemoveDirectoryW
0x454250 MoveFileW
0x454254 SetFilePointerEx
0x454258 GetLogicalDriveStringsA
0x45425c DeleteFileW
0x454260 GetFileAttributesW
0x454264 FindClose
0x454268 lstrlenA
0x45426c GetDriveTypeA
0x454270 FindNextFileW
0x454274 GetFileSizeEx
0x454278 FindFirstFileW
0x45427c ExitProcess
0x454280 CreateProcessA
0x454284 PeekNamedPipe
0x454288 CreatePipe
0x45428c TerminateProcess
0x454290 ReadFile
0x454294 HeapFree
0x454298 HeapCreate
0x45429c CreateEventA
0x4542a0 GetLocalTime
0x4542a4 CreateThread
0x4542a8 SetEvent
0x4542ac CreateEventW
0x4542b0 WaitForSingleObject
0x4542b4 Sleep
0x4542b8 GetModuleFileNameW
0x4542bc CloseHandle
0x4542c0 ExitThread
0x4542c4 CreateFileW
0x4542c8 WriteFile
0x4542cc QueryPerformanceFrequency
0x4542d0 TlsGetValue
0x4542d4 TlsAlloc
0x4542d8 InitializeCriticalSectionAndSpinCount
0x4542dc MultiByteToWideChar
0x4542e0 DecodePointer
0x4542e4 EncodePointer
0x4542e8 WideCharToMultiByte
0x4542ec InitializeSListHead
0x4542f0 GetSystemTimeAsFileTime
0x4542f4 GetCurrentThreadId
0x4542f8 IsProcessorFeaturePresent
0x4542fc GetStartupInfoW
0x454300 SetUnhandledExceptionFilter
0x454304 UnhandledExceptionFilter
0x454308 IsDebuggerPresent
0x45430c GetModuleHandleW
0x454310 WaitForSingleObjectEx
0x454314 ResetEvent
0x454318 SetEndOfFile
USER32.dll
0x454344 SetForegroundWindow
0x454348 SetClipboardData
0x45434c EnumWindows
0x454350 ExitWindowsEx
0x454354 EmptyClipboard
0x454358 ShowWindow
0x45435c SetWindowTextW
0x454360 MessageBoxW
0x454364 IsWindowVisible
0x454368 TranslateMessage
0x45436c DispatchMessageA
0x454370 GetMessageA
0x454374 GetWindowTextW
0x454378 wsprintfW
0x45437c GetClipboardData
0x454380 UnhookWindowsHookEx
0x454384 GetForegroundWindow
0x454388 GetWindowThreadProcessId
0x45438c GetKeyboardLayout
0x454390 SetWindowsHookExA
0x454394 CloseClipboard
0x454398 OpenClipboard
0x45439c GetKeyboardState
0x4543a0 CallNextHookEx
0x4543a4 CloseWindow
0x4543a8 SendInput
0x4543ac mouse_event
0x4543b0 DrawIcon
0x4543b4 GetSystemMetrics
0x4543b8 GetIconInfo
0x4543bc SystemParametersInfoW
0x4543c0 GetCursorPos
0x4543c4 RegisterClassExA
0x4543c8 GetKeyboardLayoutNameA
0x4543cc GetWindowTextLengthW
0x4543d0 GetKeyState
0x4543d4 ToUnicodeEx
0x4543d8 AppendMenuA
0x4543dc CreateWindowExA
0x4543e0 DefWindowProcA
0x4543e4 TrackPopupMenu
0x4543e8 CreatePopupMenu
GDI32.dll
0x454088 CreateCompatibleBitmap
0x45408c CreateCompatibleDC
0x454090 StretchBlt
0x454094 GetDIBits
0x454098 DeleteDC
0x45409c DeleteObject
0x4540a0 CreateDCA
0x4540a4 GetObjectA
0x4540a8 SelectObject
ADVAPI32.dll
0x454000 CryptAcquireContextA
0x454004 CryptGenRandom
0x454008 CryptReleaseContext
0x45400c GetUserNameW
0x454010 RegEnumKeyExA
0x454014 QueryServiceStatus
0x454018 CloseServiceHandle
0x45401c OpenSCManagerW
0x454020 OpenSCManagerA
0x454024 ControlService
0x454028 StartServiceW
0x45402c QueryServiceConfigW
0x454030 ChangeServiceConfigW
0x454034 OpenServiceW
0x454038 EnumServicesStatusW
0x45403c AdjustTokenPrivileges
0x454040 LookupPrivilegeValueA
0x454044 OpenProcessToken
0x454048 RegCreateKeyA
0x45404c RegCloseKey
0x454050 RegQueryInfoKeyW
0x454054 RegQueryValueExA
0x454058 RegCreateKeyExW
0x45405c RegEnumKeyExW
0x454060 RegSetValueExW
0x454064 RegSetValueExA
0x454068 RegOpenKeyExA
0x45406c RegOpenKeyExW
0x454070 RegCreateKeyW
0x454074 RegDeleteValueW
0x454078 RegEnumValueW
0x45407c RegQueryValueExW
0x454080 RegDeleteKeyA
SHELL32.dll
0x454320 ShellExecuteW
0x454324 ShellExecuteExA
0x454328 Shell_NotifyIconA
0x45432c ExtractIconA
SHLWAPI.dll
0x454334 PathFileExistsW
0x454338 PathFileExistsA
0x45433c StrToIntA
WINMM.dll
0x4543f0 PlaySoundW
0x4543f4 mciSendStringA
0x4543f8 mciSendStringW
0x4543fc waveInClose
0x454400 waveInAddBuffer
0x454404 waveInStart
0x454408 waveInOpen
0x45440c waveInUnprepareHeader
0x454410 waveInPrepareHeader
0x454414 waveInStop
WS2_32.dll
0x45441c send
0x454420 socket
0x454424 connect
0x454428 recv
0x45442c gethostbyname
0x454430 WSASetLastError
0x454434 inet_addr
0x454438 gethostbyaddr
0x45443c getservbyport
0x454440 ntohs
0x454444 getservbyname
0x454448 htonl
0x45444c htons
0x454450 inet_ntoa
0x454454 closesocket
0x454458 WSAGetLastError
0x45445c WSAStartup
urlmon.dll
0x454490 URLDownloadToFileW
0x454494 URLOpenBlockingStreamW
gdiplus.dll
0x454464 GdiplusStartup
0x454468 GdipGetImageEncoders
0x45446c GdipCloneImage
0x454470 GdipAlloc
0x454474 GdipDisposeImage
0x454478 GdipFree
0x45447c GdipGetImageEncodersSize
0x454480 GdipSaveImageToStream
0x454484 GdipSaveImageToFile
0x454488 GdipLoadImageFromStream
EAT(Export Address Table) is none