ScreenShot
| Created | 2025.01.30 19:35 | Machine | s1_win7_x6401 |
| Filename | BQEHIQAG.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 51 detected (Penguish, Unsafe, A0s5, malicious, confidence, 100%, CabDrp, high confidence, multiple detections, Rugmi, fgqex, LUMMASTEALER, YXFAYZ, Detected, xuqnx, Malware@#1i2ibxg0640ys, Casdet, PCI5WM, ABTrojan, VPLN, Artemis, Chgt, Gencirc, susgen, NDAoF) | ||
| md5 | 074ca842ea52396751bb6015979f2f79 | ||
| sha256 | 644676713bdf4b81f8ec0a3a96a8f861c500a41a24a1cc4e93a3ee0c171bcba8 | ||
| ssdeep | 98304:8fUbK7jkYWHLX4ntIAvQGRhXZlg4Rj9hrwq8jj6Y+NU:8fUW7gYAL46AvQGRtZqmBhsq8KYYU | ||
| imphash | d7e2fd259780271687ffca462b9e69b7 | ||
| impfuzzy | 96:n70QcxmmKBTljc7jVmfsvbLuDvNADz+B5cyVrkrxzXkkTlXFFozoMBteaU:70sBTK7jgfsvbLX+/Vg3lOC | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Drops a binary and executes it |
| notice | Queries for potentially installed applications |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (22cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (download) |
| danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (download) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | CAB_file_format | CAB archive file | binaries (download) |
| info | CAB_file_format | CAB archive file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x44b000 RegCloseKey
0x44b004 RegOpenKeyExW
0x44b008 OpenProcessToken
0x44b00c AdjustTokenPrivileges
0x44b010 LookupPrivilegeValueW
0x44b014 InitiateSystemShutdownExW
0x44b018 GetUserNameW
0x44b01c RegQueryValueExW
0x44b020 RegDeleteValueW
0x44b024 CloseEventLog
0x44b028 OpenEventLogW
0x44b02c ReportEventW
0x44b030 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x44b034 DecryptFileW
0x44b038 CreateWellKnownSid
0x44b03c InitializeAcl
0x44b040 SetEntriesInAclW
0x44b044 ChangeServiceConfigW
0x44b048 CloseServiceHandle
0x44b04c ControlService
0x44b050 OpenSCManagerW
0x44b054 OpenServiceW
0x44b058 QueryServiceStatus
0x44b05c SetNamedSecurityInfoW
0x44b060 CheckTokenMembership
0x44b064 AllocateAndInitializeSid
0x44b068 SetEntriesInAclA
0x44b06c SetSecurityDescriptorGroup
0x44b070 SetSecurityDescriptorOwner
0x44b074 SetSecurityDescriptorDacl
0x44b078 InitializeSecurityDescriptor
0x44b07c RegSetValueExW
0x44b080 RegQueryInfoKeyW
0x44b084 RegEnumValueW
0x44b088 RegEnumKeyExW
0x44b08c RegDeleteKeyW
0x44b090 RegCreateKeyExW
0x44b094 GetTokenInformation
0x44b098 CryptDestroyHash
0x44b09c CryptHashData
0x44b0a0 CryptCreateHash
0x44b0a4 CryptGetHashParam
0x44b0a8 CryptReleaseContext
0x44b0ac CryptAcquireContextW
0x44b0b0 QueryServiceConfigW
USER32.dll
0x44b35c PeekMessageW
0x44b360 PostMessageW
0x44b364 IsWindow
0x44b368 WaitForInputIdle
0x44b36c PostQuitMessage
0x44b370 GetMessageW
0x44b374 TranslateMessage
0x44b378 MsgWaitForMultipleObjects
0x44b37c PostThreadMessageW
0x44b380 GetMonitorInfoW
0x44b384 MonitorFromPoint
0x44b388 IsDialogMessageW
0x44b38c LoadCursorW
0x44b390 LoadBitmapW
0x44b394 SetWindowLongW
0x44b398 GetWindowLongW
0x44b39c GetCursorPos
0x44b3a0 MessageBoxW
0x44b3a4 CreateWindowExW
0x44b3a8 UnregisterClassW
0x44b3ac RegisterClassW
0x44b3b0 DefWindowProcW
0x44b3b4 DispatchMessageW
OLEAUT32.dll
0x44b330 VariantInit
0x44b334 SysAllocString
0x44b338 VariantClear
0x44b33c SysFreeString
GDI32.dll
0x44b0b8 DeleteDC
0x44b0bc DeleteObject
0x44b0c0 SelectObject
0x44b0c4 StretchBlt
0x44b0c8 GetObjectW
0x44b0cc CreateCompatibleDC
SHELL32.dll
0x44b34c CommandLineToArgvW
0x44b350 SHGetFolderPathW
0x44b354 ShellExecuteExW
ole32.dll
0x44b3bc CoUninitialize
0x44b3c0 CoInitializeEx
0x44b3c4 CoInitialize
0x44b3c8 StringFromGUID2
0x44b3cc CoCreateInstance
0x44b3d0 CoTaskMemFree
0x44b3d4 CLSIDFromProgID
0x44b3d8 CoInitializeSecurity
KERNEL32.dll
0x44b0d4 GetCommandLineA
0x44b0d8 GetCPInfo
0x44b0dc GetOEMCP
0x44b0e0 CloseHandle
0x44b0e4 CreateFileW
0x44b0e8 GetProcAddress
0x44b0ec LocalFree
0x44b0f0 HeapSetInformation
0x44b0f4 GetLastError
0x44b0f8 GetModuleHandleW
0x44b0fc FormatMessageW
0x44b100 lstrlenA
0x44b104 lstrlenW
0x44b108 MultiByteToWideChar
0x44b10c WideCharToMultiByte
0x44b110 LCMapStringW
0x44b114 Sleep
0x44b118 GetLocalTime
0x44b11c GetModuleFileNameW
0x44b120 ExpandEnvironmentStringsW
0x44b124 GetTempPathW
0x44b128 GetTempFileNameW
0x44b12c CreateDirectoryW
0x44b130 GetFullPathNameW
0x44b134 CompareStringW
0x44b138 GetCurrentProcessId
0x44b13c WriteFile
0x44b140 SetFilePointer
0x44b144 LoadLibraryW
0x44b148 GetSystemDirectoryW
0x44b14c CreateFileA
0x44b150 HeapAlloc
0x44b154 HeapReAlloc
0x44b158 HeapFree
0x44b15c HeapSize
0x44b160 GetProcessHeap
0x44b164 FindClose
0x44b168 GetCommandLineW
0x44b16c GetCurrentDirectoryW
0x44b170 RemoveDirectoryW
0x44b174 SetFileAttributesW
0x44b178 GetFileAttributesW
0x44b17c DeleteFileW
0x44b180 FindFirstFileW
0x44b184 FindNextFileW
0x44b188 MoveFileExW
0x44b18c GetCurrentProcess
0x44b190 GetCurrentThreadId
0x44b194 InitializeCriticalSection
0x44b198 DeleteCriticalSection
0x44b19c ReleaseMutex
0x44b1a0 TlsAlloc
0x44b1a4 TlsGetValue
0x44b1a8 TlsSetValue
0x44b1ac TlsFree
0x44b1b0 CreateProcessW
0x44b1b4 GetVersionExW
0x44b1b8 VerSetConditionMask
0x44b1bc FreeLibrary
0x44b1c0 EnterCriticalSection
0x44b1c4 LeaveCriticalSection
0x44b1c8 GetSystemTime
0x44b1cc GetNativeSystemInfo
0x44b1d0 GetModuleHandleExW
0x44b1d4 GetWindowsDirectoryW
0x44b1d8 GetSystemWow64DirectoryW
0x44b1dc GetEnvironmentStringsW
0x44b1e0 VerifyVersionInfoW
0x44b1e4 GetVolumePathNameW
0x44b1e8 GetDateFormatW
0x44b1ec GetUserDefaultUILanguage
0x44b1f0 GetSystemDefaultLangID
0x44b1f4 GetUserDefaultLangID
0x44b1f8 GetStringTypeW
0x44b1fc ReadFile
0x44b200 SetFilePointerEx
0x44b204 DuplicateHandle
0x44b208 InterlockedExchange
0x44b20c InterlockedCompareExchange
0x44b210 LoadLibraryExW
0x44b214 CreateEventW
0x44b218 ProcessIdToSessionId
0x44b21c OpenProcess
0x44b220 GetProcessId
0x44b224 WaitForSingleObject
0x44b228 ConnectNamedPipe
0x44b22c SetNamedPipeHandleState
0x44b230 CreateNamedPipeW
0x44b234 CreateThread
0x44b238 GetExitCodeThread
0x44b23c SetEvent
0x44b240 WaitForMultipleObjects
0x44b244 InterlockedIncrement
0x44b248 InterlockedDecrement
0x44b24c ResetEvent
0x44b250 SetEndOfFile
0x44b254 SetFileTime
0x44b258 LocalFileTimeToFileTime
0x44b25c DosDateTimeToFileTime
0x44b260 CompareStringA
0x44b264 GetExitCodeProcess
0x44b268 SetThreadExecutionState
0x44b26c CopyFileExW
0x44b270 MapViewOfFile
0x44b274 UnmapViewOfFile
0x44b278 CreateMutexW
0x44b27c CreateFileMappingW
0x44b280 GetThreadLocale
0x44b284 IsValidCodePage
0x44b288 FindFirstFileExW
0x44b28c FreeEnvironmentStringsW
0x44b290 SetStdHandle
0x44b294 GetConsoleCP
0x44b298 GetConsoleMode
0x44b29c FlushFileBuffers
0x44b2a0 DecodePointer
0x44b2a4 WriteConsoleW
0x44b2a8 GetModuleHandleA
0x44b2ac GlobalAlloc
0x44b2b0 GlobalFree
0x44b2b4 GetFileSizeEx
0x44b2b8 CopyFileW
0x44b2bc VirtualAlloc
0x44b2c0 VirtualFree
0x44b2c4 SystemTimeToTzSpecificLocalTime
0x44b2c8 GetTimeZoneInformation
0x44b2cc SystemTimeToFileTime
0x44b2d0 GetSystemInfo
0x44b2d4 VirtualProtect
0x44b2d8 VirtualQuery
0x44b2dc GetComputerNameW
0x44b2e0 SetCurrentDirectoryW
0x44b2e4 GetFileType
0x44b2e8 GetACP
0x44b2ec ExitProcess
0x44b2f0 GetStdHandle
0x44b2f4 InitializeCriticalSectionAndSpinCount
0x44b2f8 SetLastError
0x44b2fc RtlUnwind
0x44b300 UnhandledExceptionFilter
0x44b304 SetUnhandledExceptionFilter
0x44b308 TerminateProcess
0x44b30c IsProcessorFeaturePresent
0x44b310 QueryPerformanceCounter
0x44b314 GetSystemTimeAsFileTime
0x44b318 InitializeSListHead
0x44b31c IsDebuggerPresent
0x44b320 GetStartupInfoW
0x44b324 RaiseException
0x44b328 LoadLibraryExA
RPCRT4.dll
0x44b344 UuidCreate
EAT(Export Address Table) is none
ADVAPI32.dll
0x44b000 RegCloseKey
0x44b004 RegOpenKeyExW
0x44b008 OpenProcessToken
0x44b00c AdjustTokenPrivileges
0x44b010 LookupPrivilegeValueW
0x44b014 InitiateSystemShutdownExW
0x44b018 GetUserNameW
0x44b01c RegQueryValueExW
0x44b020 RegDeleteValueW
0x44b024 CloseEventLog
0x44b028 OpenEventLogW
0x44b02c ReportEventW
0x44b030 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x44b034 DecryptFileW
0x44b038 CreateWellKnownSid
0x44b03c InitializeAcl
0x44b040 SetEntriesInAclW
0x44b044 ChangeServiceConfigW
0x44b048 CloseServiceHandle
0x44b04c ControlService
0x44b050 OpenSCManagerW
0x44b054 OpenServiceW
0x44b058 QueryServiceStatus
0x44b05c SetNamedSecurityInfoW
0x44b060 CheckTokenMembership
0x44b064 AllocateAndInitializeSid
0x44b068 SetEntriesInAclA
0x44b06c SetSecurityDescriptorGroup
0x44b070 SetSecurityDescriptorOwner
0x44b074 SetSecurityDescriptorDacl
0x44b078 InitializeSecurityDescriptor
0x44b07c RegSetValueExW
0x44b080 RegQueryInfoKeyW
0x44b084 RegEnumValueW
0x44b088 RegEnumKeyExW
0x44b08c RegDeleteKeyW
0x44b090 RegCreateKeyExW
0x44b094 GetTokenInformation
0x44b098 CryptDestroyHash
0x44b09c CryptHashData
0x44b0a0 CryptCreateHash
0x44b0a4 CryptGetHashParam
0x44b0a8 CryptReleaseContext
0x44b0ac CryptAcquireContextW
0x44b0b0 QueryServiceConfigW
USER32.dll
0x44b35c PeekMessageW
0x44b360 PostMessageW
0x44b364 IsWindow
0x44b368 WaitForInputIdle
0x44b36c PostQuitMessage
0x44b370 GetMessageW
0x44b374 TranslateMessage
0x44b378 MsgWaitForMultipleObjects
0x44b37c PostThreadMessageW
0x44b380 GetMonitorInfoW
0x44b384 MonitorFromPoint
0x44b388 IsDialogMessageW
0x44b38c LoadCursorW
0x44b390 LoadBitmapW
0x44b394 SetWindowLongW
0x44b398 GetWindowLongW
0x44b39c GetCursorPos
0x44b3a0 MessageBoxW
0x44b3a4 CreateWindowExW
0x44b3a8 UnregisterClassW
0x44b3ac RegisterClassW
0x44b3b0 DefWindowProcW
0x44b3b4 DispatchMessageW
OLEAUT32.dll
0x44b330 VariantInit
0x44b334 SysAllocString
0x44b338 VariantClear
0x44b33c SysFreeString
GDI32.dll
0x44b0b8 DeleteDC
0x44b0bc DeleteObject
0x44b0c0 SelectObject
0x44b0c4 StretchBlt
0x44b0c8 GetObjectW
0x44b0cc CreateCompatibleDC
SHELL32.dll
0x44b34c CommandLineToArgvW
0x44b350 SHGetFolderPathW
0x44b354 ShellExecuteExW
ole32.dll
0x44b3bc CoUninitialize
0x44b3c0 CoInitializeEx
0x44b3c4 CoInitialize
0x44b3c8 StringFromGUID2
0x44b3cc CoCreateInstance
0x44b3d0 CoTaskMemFree
0x44b3d4 CLSIDFromProgID
0x44b3d8 CoInitializeSecurity
KERNEL32.dll
0x44b0d4 GetCommandLineA
0x44b0d8 GetCPInfo
0x44b0dc GetOEMCP
0x44b0e0 CloseHandle
0x44b0e4 CreateFileW
0x44b0e8 GetProcAddress
0x44b0ec LocalFree
0x44b0f0 HeapSetInformation
0x44b0f4 GetLastError
0x44b0f8 GetModuleHandleW
0x44b0fc FormatMessageW
0x44b100 lstrlenA
0x44b104 lstrlenW
0x44b108 MultiByteToWideChar
0x44b10c WideCharToMultiByte
0x44b110 LCMapStringW
0x44b114 Sleep
0x44b118 GetLocalTime
0x44b11c GetModuleFileNameW
0x44b120 ExpandEnvironmentStringsW
0x44b124 GetTempPathW
0x44b128 GetTempFileNameW
0x44b12c CreateDirectoryW
0x44b130 GetFullPathNameW
0x44b134 CompareStringW
0x44b138 GetCurrentProcessId
0x44b13c WriteFile
0x44b140 SetFilePointer
0x44b144 LoadLibraryW
0x44b148 GetSystemDirectoryW
0x44b14c CreateFileA
0x44b150 HeapAlloc
0x44b154 HeapReAlloc
0x44b158 HeapFree
0x44b15c HeapSize
0x44b160 GetProcessHeap
0x44b164 FindClose
0x44b168 GetCommandLineW
0x44b16c GetCurrentDirectoryW
0x44b170 RemoveDirectoryW
0x44b174 SetFileAttributesW
0x44b178 GetFileAttributesW
0x44b17c DeleteFileW
0x44b180 FindFirstFileW
0x44b184 FindNextFileW
0x44b188 MoveFileExW
0x44b18c GetCurrentProcess
0x44b190 GetCurrentThreadId
0x44b194 InitializeCriticalSection
0x44b198 DeleteCriticalSection
0x44b19c ReleaseMutex
0x44b1a0 TlsAlloc
0x44b1a4 TlsGetValue
0x44b1a8 TlsSetValue
0x44b1ac TlsFree
0x44b1b0 CreateProcessW
0x44b1b4 GetVersionExW
0x44b1b8 VerSetConditionMask
0x44b1bc FreeLibrary
0x44b1c0 EnterCriticalSection
0x44b1c4 LeaveCriticalSection
0x44b1c8 GetSystemTime
0x44b1cc GetNativeSystemInfo
0x44b1d0 GetModuleHandleExW
0x44b1d4 GetWindowsDirectoryW
0x44b1d8 GetSystemWow64DirectoryW
0x44b1dc GetEnvironmentStringsW
0x44b1e0 VerifyVersionInfoW
0x44b1e4 GetVolumePathNameW
0x44b1e8 GetDateFormatW
0x44b1ec GetUserDefaultUILanguage
0x44b1f0 GetSystemDefaultLangID
0x44b1f4 GetUserDefaultLangID
0x44b1f8 GetStringTypeW
0x44b1fc ReadFile
0x44b200 SetFilePointerEx
0x44b204 DuplicateHandle
0x44b208 InterlockedExchange
0x44b20c InterlockedCompareExchange
0x44b210 LoadLibraryExW
0x44b214 CreateEventW
0x44b218 ProcessIdToSessionId
0x44b21c OpenProcess
0x44b220 GetProcessId
0x44b224 WaitForSingleObject
0x44b228 ConnectNamedPipe
0x44b22c SetNamedPipeHandleState
0x44b230 CreateNamedPipeW
0x44b234 CreateThread
0x44b238 GetExitCodeThread
0x44b23c SetEvent
0x44b240 WaitForMultipleObjects
0x44b244 InterlockedIncrement
0x44b248 InterlockedDecrement
0x44b24c ResetEvent
0x44b250 SetEndOfFile
0x44b254 SetFileTime
0x44b258 LocalFileTimeToFileTime
0x44b25c DosDateTimeToFileTime
0x44b260 CompareStringA
0x44b264 GetExitCodeProcess
0x44b268 SetThreadExecutionState
0x44b26c CopyFileExW
0x44b270 MapViewOfFile
0x44b274 UnmapViewOfFile
0x44b278 CreateMutexW
0x44b27c CreateFileMappingW
0x44b280 GetThreadLocale
0x44b284 IsValidCodePage
0x44b288 FindFirstFileExW
0x44b28c FreeEnvironmentStringsW
0x44b290 SetStdHandle
0x44b294 GetConsoleCP
0x44b298 GetConsoleMode
0x44b29c FlushFileBuffers
0x44b2a0 DecodePointer
0x44b2a4 WriteConsoleW
0x44b2a8 GetModuleHandleA
0x44b2ac GlobalAlloc
0x44b2b0 GlobalFree
0x44b2b4 GetFileSizeEx
0x44b2b8 CopyFileW
0x44b2bc VirtualAlloc
0x44b2c0 VirtualFree
0x44b2c4 SystemTimeToTzSpecificLocalTime
0x44b2c8 GetTimeZoneInformation
0x44b2cc SystemTimeToFileTime
0x44b2d0 GetSystemInfo
0x44b2d4 VirtualProtect
0x44b2d8 VirtualQuery
0x44b2dc GetComputerNameW
0x44b2e0 SetCurrentDirectoryW
0x44b2e4 GetFileType
0x44b2e8 GetACP
0x44b2ec ExitProcess
0x44b2f0 GetStdHandle
0x44b2f4 InitializeCriticalSectionAndSpinCount
0x44b2f8 SetLastError
0x44b2fc RtlUnwind
0x44b300 UnhandledExceptionFilter
0x44b304 SetUnhandledExceptionFilter
0x44b308 TerminateProcess
0x44b30c IsProcessorFeaturePresent
0x44b310 QueryPerformanceCounter
0x44b314 GetSystemTimeAsFileTime
0x44b318 InitializeSListHead
0x44b31c IsDebuggerPresent
0x44b320 GetStartupInfoW
0x44b324 RaiseException
0x44b328 LoadLibraryExA
RPCRT4.dll
0x44b344 UuidCreate
EAT(Export Address Table) is none