ScreenShot
| Created | 2025.02.03 10:30 | Machine | s1_win7_x6401 |
| Filename | goodboy.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 42 detected (Injuke, Expiro, Unsafe, malicious, confidence, Attribute, HighConfidence, high confidence, score, TrojanPSW, kvlpsn, Nekark, qzrzg, Lumma, high, Static AI, Malicious SFX, LummaC, Wacatac, Detected, Injection, Gencirc, JpQbXdFxwx4, susgen, B9nj) | ||
| md5 | 11ad0f71caabbadba8ca08663690ca39 | ||
| sha256 | 861f2c5f07c9e1c7d24c2e34eb47ff3129cd39a2227a2549809b9d5c92267883 | ||
| ssdeep | 24576:I2yEGU/CgPh3wl0oKEJKpSL3MG6/2ZbNy0:IFG/Cy5poKVpSTn | ||
| imphash | 89a4228e8581f783c2ab1992d9178f8e | ||
| impfuzzy | 48:mPkNSpUOU4iLxyu1uM9t08vTLPKEl4LTrzUp5aSvd59E5o1gpg+RXpNuACGV6x9T:ikmUZ4iL8u1uMX08vTLGU2Y89IGit | ||
Network IP location
Signature (22cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 42 AntiVirus engines on VirusTotal as malicious |
| watch | A process performed obfuscation on information about the computer or sent it to a remote location indicative of CnC Traffic/Preperations. |
| watch | Harvests credentials from local FTP client softwares |
| watch | Installs itself for autorun at Windows startup |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Looks up the external IP address |
| notice | Performs some HTTP requests |
| notice | Steals private information from local Internet browsers |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Collects information to fingerprint the system (MachineGuid |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (15cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_RL_Gen_Zero | Win32 Trojan Emotet | binaries (upload) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| watch | Win32_Trojan_PWS_Net_1_Zero | Win32 Trojan PWS .NET Azorult | binaries (download) |
| info | CAB_file_format | CAB archive file | binaries (upload) |
| info | Is_DotNET_EXE | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x14000b150 GetTokenInformation
0x14000b158 RegDeleteValueA
0x14000b160 RegOpenKeyExA
0x14000b168 RegQueryInfoKeyA
0x14000b170 FreeSid
0x14000b178 OpenProcessToken
0x14000b180 RegSetValueExA
0x14000b188 RegCreateKeyExA
0x14000b190 LookupPrivilegeValueA
0x14000b198 AllocateAndInitializeSid
0x14000b1a0 RegQueryValueExA
0x14000b1a8 EqualSid
0x14000b1b0 RegCloseKey
0x14000b1b8 AdjustTokenPrivileges
KERNEL32.dll
0x14000b210 _lopen
0x14000b218 _llseek
0x14000b220 CompareStringA
0x14000b228 GetLastError
0x14000b230 GetFileAttributesA
0x14000b238 GetSystemDirectoryA
0x14000b240 LoadLibraryA
0x14000b248 DeleteFileA
0x14000b250 GlobalAlloc
0x14000b258 GlobalFree
0x14000b260 CloseHandle
0x14000b268 WritePrivateProfileStringA
0x14000b270 IsDBCSLeadByte
0x14000b278 GetWindowsDirectoryA
0x14000b280 SetFileAttributesA
0x14000b288 GetProcAddress
0x14000b290 GlobalLock
0x14000b298 LocalFree
0x14000b2a0 RemoveDirectoryA
0x14000b2a8 FreeLibrary
0x14000b2b0 _lclose
0x14000b2b8 CreateDirectoryA
0x14000b2c0 GetPrivateProfileIntA
0x14000b2c8 GetPrivateProfileStringA
0x14000b2d0 GlobalUnlock
0x14000b2d8 ReadFile
0x14000b2e0 SizeofResource
0x14000b2e8 WriteFile
0x14000b2f0 GetDriveTypeA
0x14000b2f8 LoadLibraryExA
0x14000b300 lstrcmpA
0x14000b308 GetShortPathNameA
0x14000b310 FindResourceA
0x14000b318 CreateMutexA
0x14000b320 GetVolumeInformationA
0x14000b328 WaitForSingleObject
0x14000b330 GetCurrentDirectoryA
0x14000b338 ExpandEnvironmentStringsA
0x14000b340 GetVersion
0x14000b348 SetCurrentDirectoryA
0x14000b350 GetTempPathA
0x14000b358 LocalFileTimeToFileTime
0x14000b360 CreateFileA
0x14000b368 SetEvent
0x14000b370 TerminateThread
0x14000b378 GetVersionExA
0x14000b380 LockResource
0x14000b388 GetSystemInfo
0x14000b390 CreateThread
0x14000b398 ResetEvent
0x14000b3a0 LoadResource
0x14000b3a8 ExitProcess
0x14000b3b0 GetModuleHandleW
0x14000b3b8 CreateProcessA
0x14000b3c0 FormatMessageA
0x14000b3c8 GetTempFileNameA
0x14000b3d0 DosDateTimeToFileTime
0x14000b3d8 CreateEventA
0x14000b3e0 LoadLibraryExW
0x14000b3e8 GetExitCodeProcess
0x14000b3f0 FindNextFileA
0x14000b3f8 LocalAlloc
0x14000b400 SetFileTime
0x14000b408 MulDiv
0x14000b410 GetDiskFreeSpaceA
0x14000b418 EnumResourceLanguagesA
0x14000b420 GetTickCount
0x14000b428 GetSystemTimeAsFileTime
0x14000b430 GetCurrentThreadId
0x14000b438 GetCurrentProcessId
0x14000b440 QueryPerformanceCounter
0x14000b448 TerminateProcess
0x14000b450 SetUnhandledExceptionFilter
0x14000b458 UnhandledExceptionFilter
0x14000b460 RtlVirtualUnwind
0x14000b468 RtlLookupFunctionEntry
0x14000b470 RtlCaptureContext
0x14000b478 GetStartupInfoW
0x14000b480 Sleep
0x14000b488 FindClose
0x14000b490 GetCurrentProcess
0x14000b498 FindFirstFileA
0x14000b4a0 FreeResource
0x14000b4a8 GetModuleFileNameA
0x14000b4b0 SetFilePointer
GDI32.dll
0x14000b200 GetDeviceCaps
USER32.dll
0x14000b4c0 ShowWindow
0x14000b4c8 MsgWaitForMultipleObjects
0x14000b4d0 SetWindowPos
0x14000b4d8 GetDC
0x14000b4e0 GetWindowRect
0x14000b4e8 DispatchMessageA
0x14000b4f0 GetDesktopWindow
0x14000b4f8 CharUpperA
0x14000b500 SetDlgItemTextA
0x14000b508 ExitWindowsEx
0x14000b510 MessageBeep
0x14000b518 EndDialog
0x14000b520 CharPrevA
0x14000b528 LoadStringA
0x14000b530 CharNextA
0x14000b538 EnableWindow
0x14000b540 ReleaseDC
0x14000b548 SetForegroundWindow
0x14000b550 SetWindowLongPtrA
0x14000b558 GetWindowLongPtrA
0x14000b560 PeekMessageA
0x14000b568 GetDlgItem
0x14000b570 SendMessageA
0x14000b578 SendDlgItemMessageA
0x14000b580 MessageBoxA
0x14000b588 SetWindowTextA
0x14000b590 CallWindowProcA
0x14000b598 GetDlgItemTextA
0x14000b5a0 DialogBoxIndirectParamA
0x14000b5a8 GetSystemMetrics
msvcrt.dll
0x14000b5d8 _fmode
0x14000b5e0 _commode
0x14000b5e8 ?terminate@@YAXXZ
0x14000b5f0 _acmdln
0x14000b5f8 memset
0x14000b600 __C_specific_handler
0x14000b608 _initterm
0x14000b610 __setusermatherr
0x14000b618 _ismbblead
0x14000b620 _cexit
0x14000b628 _exit
0x14000b630 exit
0x14000b638 __set_app_type
0x14000b640 __getmainargs
0x14000b648 _amsg_exit
0x14000b650 _XcptFilter
0x14000b658 memcpy_s
0x14000b660 _vsnprintf
0x14000b668 memcpy
COMCTL32.dll
0x14000b1c8 None
Cabinet.dll
0x14000b1d8 None
0x14000b1e0 None
0x14000b1e8 None
0x14000b1f0 None
VERSION.dll
0x14000b5b8 VerQueryValueA
0x14000b5c0 GetFileVersionInfoSizeA
0x14000b5c8 GetFileVersionInfoA
EAT(Export Address Table) is none
ADVAPI32.dll
0x14000b150 GetTokenInformation
0x14000b158 RegDeleteValueA
0x14000b160 RegOpenKeyExA
0x14000b168 RegQueryInfoKeyA
0x14000b170 FreeSid
0x14000b178 OpenProcessToken
0x14000b180 RegSetValueExA
0x14000b188 RegCreateKeyExA
0x14000b190 LookupPrivilegeValueA
0x14000b198 AllocateAndInitializeSid
0x14000b1a0 RegQueryValueExA
0x14000b1a8 EqualSid
0x14000b1b0 RegCloseKey
0x14000b1b8 AdjustTokenPrivileges
KERNEL32.dll
0x14000b210 _lopen
0x14000b218 _llseek
0x14000b220 CompareStringA
0x14000b228 GetLastError
0x14000b230 GetFileAttributesA
0x14000b238 GetSystemDirectoryA
0x14000b240 LoadLibraryA
0x14000b248 DeleteFileA
0x14000b250 GlobalAlloc
0x14000b258 GlobalFree
0x14000b260 CloseHandle
0x14000b268 WritePrivateProfileStringA
0x14000b270 IsDBCSLeadByte
0x14000b278 GetWindowsDirectoryA
0x14000b280 SetFileAttributesA
0x14000b288 GetProcAddress
0x14000b290 GlobalLock
0x14000b298 LocalFree
0x14000b2a0 RemoveDirectoryA
0x14000b2a8 FreeLibrary
0x14000b2b0 _lclose
0x14000b2b8 CreateDirectoryA
0x14000b2c0 GetPrivateProfileIntA
0x14000b2c8 GetPrivateProfileStringA
0x14000b2d0 GlobalUnlock
0x14000b2d8 ReadFile
0x14000b2e0 SizeofResource
0x14000b2e8 WriteFile
0x14000b2f0 GetDriveTypeA
0x14000b2f8 LoadLibraryExA
0x14000b300 lstrcmpA
0x14000b308 GetShortPathNameA
0x14000b310 FindResourceA
0x14000b318 CreateMutexA
0x14000b320 GetVolumeInformationA
0x14000b328 WaitForSingleObject
0x14000b330 GetCurrentDirectoryA
0x14000b338 ExpandEnvironmentStringsA
0x14000b340 GetVersion
0x14000b348 SetCurrentDirectoryA
0x14000b350 GetTempPathA
0x14000b358 LocalFileTimeToFileTime
0x14000b360 CreateFileA
0x14000b368 SetEvent
0x14000b370 TerminateThread
0x14000b378 GetVersionExA
0x14000b380 LockResource
0x14000b388 GetSystemInfo
0x14000b390 CreateThread
0x14000b398 ResetEvent
0x14000b3a0 LoadResource
0x14000b3a8 ExitProcess
0x14000b3b0 GetModuleHandleW
0x14000b3b8 CreateProcessA
0x14000b3c0 FormatMessageA
0x14000b3c8 GetTempFileNameA
0x14000b3d0 DosDateTimeToFileTime
0x14000b3d8 CreateEventA
0x14000b3e0 LoadLibraryExW
0x14000b3e8 GetExitCodeProcess
0x14000b3f0 FindNextFileA
0x14000b3f8 LocalAlloc
0x14000b400 SetFileTime
0x14000b408 MulDiv
0x14000b410 GetDiskFreeSpaceA
0x14000b418 EnumResourceLanguagesA
0x14000b420 GetTickCount
0x14000b428 GetSystemTimeAsFileTime
0x14000b430 GetCurrentThreadId
0x14000b438 GetCurrentProcessId
0x14000b440 QueryPerformanceCounter
0x14000b448 TerminateProcess
0x14000b450 SetUnhandledExceptionFilter
0x14000b458 UnhandledExceptionFilter
0x14000b460 RtlVirtualUnwind
0x14000b468 RtlLookupFunctionEntry
0x14000b470 RtlCaptureContext
0x14000b478 GetStartupInfoW
0x14000b480 Sleep
0x14000b488 FindClose
0x14000b490 GetCurrentProcess
0x14000b498 FindFirstFileA
0x14000b4a0 FreeResource
0x14000b4a8 GetModuleFileNameA
0x14000b4b0 SetFilePointer
GDI32.dll
0x14000b200 GetDeviceCaps
USER32.dll
0x14000b4c0 ShowWindow
0x14000b4c8 MsgWaitForMultipleObjects
0x14000b4d0 SetWindowPos
0x14000b4d8 GetDC
0x14000b4e0 GetWindowRect
0x14000b4e8 DispatchMessageA
0x14000b4f0 GetDesktopWindow
0x14000b4f8 CharUpperA
0x14000b500 SetDlgItemTextA
0x14000b508 ExitWindowsEx
0x14000b510 MessageBeep
0x14000b518 EndDialog
0x14000b520 CharPrevA
0x14000b528 LoadStringA
0x14000b530 CharNextA
0x14000b538 EnableWindow
0x14000b540 ReleaseDC
0x14000b548 SetForegroundWindow
0x14000b550 SetWindowLongPtrA
0x14000b558 GetWindowLongPtrA
0x14000b560 PeekMessageA
0x14000b568 GetDlgItem
0x14000b570 SendMessageA
0x14000b578 SendDlgItemMessageA
0x14000b580 MessageBoxA
0x14000b588 SetWindowTextA
0x14000b590 CallWindowProcA
0x14000b598 GetDlgItemTextA
0x14000b5a0 DialogBoxIndirectParamA
0x14000b5a8 GetSystemMetrics
msvcrt.dll
0x14000b5d8 _fmode
0x14000b5e0 _commode
0x14000b5e8 ?terminate@@YAXXZ
0x14000b5f0 _acmdln
0x14000b5f8 memset
0x14000b600 __C_specific_handler
0x14000b608 _initterm
0x14000b610 __setusermatherr
0x14000b618 _ismbblead
0x14000b620 _cexit
0x14000b628 _exit
0x14000b630 exit
0x14000b638 __set_app_type
0x14000b640 __getmainargs
0x14000b648 _amsg_exit
0x14000b650 _XcptFilter
0x14000b658 memcpy_s
0x14000b660 _vsnprintf
0x14000b668 memcpy
COMCTL32.dll
0x14000b1c8 None
Cabinet.dll
0x14000b1d8 None
0x14000b1e0 None
0x14000b1e8 None
0x14000b1f0 None
VERSION.dll
0x14000b5b8 VerQueryValueA
0x14000b5c0 GetFileVersionInfoSizeA
0x14000b5c8 GetFileVersionInfoA
EAT(Export Address Table) is none