popup

Report - home.exe

Malicious Library UPX PE File PE64 OS Processor Check
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2025.02.03 10:30 Machine s1_win7_x6401
Filename home.exe
Type PE32+ executable (console) x86-64, for MS Windows
AI Score
7
 Behavior Score
2.6
ZERO API
VT API (file) 29 detected (Malicious, score, Ghanarava, Unsafe, GenericKD, Save, confidence, Attribute, HighConfidence, high confidence, MalwareX, moderate, Static AI, Suspicious PE, Detected, ABTrojan, ZKBB, Artemis, susgen)
md5 c3b7240c2743579a5eb724bef2e9f106
sha256 65cd1cd38917ca37e9d13ec72047126a4692f41e0065462afe3004fce1a1c333
ssdeep 768:oITA/pXWydeXMnbaYTijHzXRfDa/3feZF:LE3UcnbafHzXRIeZ
imphash 50ac11f4bb8caeed3d07b8e2deecab0c
impfuzzy 96:/bmwStyS1P2MpqItZuLn/dIE5j6iyjWnfNOVF93a4iJ6:jmwtq3a4iJ6
  Network IP location

Signature (4cnts)

Level Description
danger Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually)
warning File has been identified by 29 AntiVirus engines on VirusTotal as malicious
watch Communicates with host for which no DNS query was performed
info This executable has a PDB path

Rules (5cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE64 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (1cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
208.95.112.1
whois
US TUT-AS 208.95.112.1

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x140005000 GetModuleFileNameA
 0x140005008 WriteProcessMemory
 0x140005010 TerminateProcess
 0x140005018 GetFileAttributesW
 0x140005020 UnmapViewOfFile
 0x140005028 OpenProcess
 0x140005030 CreateToolhelp32Snapshot
 0x140005038 Sleep
 0x140005040 GetLastError
 0x140005048 Process32NextW
 0x140005050 LoadLibraryA
 0x140005058 DeleteFileW
 0x140005060 Process32FirstW
 0x140005068 CloseHandle
 0x140005070 CreateThread
 0x140005078 Beep
 0x140005080 VirtualAllocEx
 0x140005088 CreateFileMappingA
 0x140005090 ExitProcess
 0x140005098 GetConsoleWindow
 0x1400050a0 CreateRemoteThread
 0x1400050a8 MapViewOfFile
 0x1400050b0 lstrcmpW
 0x1400050b8 RtlLookupFunctionEntry
 0x1400050c0 RtlVirtualUnwind
 0x1400050c8 UnhandledExceptionFilter
 0x1400050d0 SetUnhandledExceptionFilter
 0x1400050d8 GetCurrentProcess
 0x1400050e0 IsProcessorFeaturePresent
 0x1400050e8 QueryPerformanceCounter
 0x1400050f0 GetCurrentProcessId
 0x1400050f8 GetCurrentThreadId
 0x140005100 GetSystemTimeAsFileTime
 0x140005108 InitializeSListHead
 0x140005110 IsDebuggerPresent
 0x140005118 GetModuleHandleW
 0x140005120 RtlCaptureContext
USER32.dll
 0x1400051e8 ShowWindow
 0x1400051f0 GetAsyncKeyState
MSVCP140.dll
 0x140005130 ?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
 0x140005138 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
 0x140005140 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
 0x140005148 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
 0x140005150 ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
 0x140005158 ?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
 0x140005160 ?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
 0x140005168 ?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
 0x140005170 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
 0x140005178 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
 0x140005180 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
 0x140005188 ?good@ios_base@std@@QEBA_NXZ
 0x140005190 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
 0x140005198 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
 0x1400051a0 ?uncaught_exception@std@@YA_NXZ
 0x1400051a8 ?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
 0x1400051b0 ?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
 0x1400051b8 ?_Xlength_error@std@@YAXPEBD@Z
 0x1400051c0 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
 0x1400051c8 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
 0x1400051d0 ?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
 0x1400051d8 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
VCRUNTIME140_1.dll
 0x140005258 __CxxFrameHandler4
VCRUNTIME140.dll
 0x140005200 __current_exception
 0x140005208 _CxxThrowException
 0x140005210 __std_exception_destroy
 0x140005218 memcpy
 0x140005220 __current_exception_context
 0x140005228 __C_specific_handler
 0x140005230 __std_terminate
 0x140005238 memset
 0x140005240 __std_exception_copy
 0x140005248 memmove
api-ms-win-crt-runtime-l1-1-0.dll
 0x1400052b0 _register_onexit_function
 0x1400052b8 _crt_atexit
 0x1400052c0 __p___argc
 0x1400052c8 _initialize_onexit_table
 0x1400052d0 __p___argv
 0x1400052d8 _invalid_parameter_noinfo_noreturn
 0x1400052e0 exit
 0x1400052e8 _initterm_e
 0x1400052f0 _initterm
 0x1400052f8 _get_initial_narrow_environment
 0x140005300 _initialize_narrow_environment
 0x140005308 _configure_narrow_argv
 0x140005310 _register_thread_local_exe_atexit_callback
 0x140005318 _set_app_type
 0x140005320 _seh_filter_exe
 0x140005328 terminate
 0x140005330 _c_exit
 0x140005338 _cexit
 0x140005340 _exit
api-ms-win-crt-heap-l1-1-0.dll
 0x140005268 malloc
 0x140005270 _callnewh
 0x140005278 free
 0x140005280 _set_new_mode
api-ms-win-crt-math-l1-1-0.dll
 0x1400052a0 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
 0x140005350 _set_fmode
 0x140005358 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
 0x140005290 _configthreadlocale

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure