ScreenShot
| Created | 2025.02.03 13:03 | Machine | s1_win7_x6401 |
| Filename | nvc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 52 detected (AIDetectMalware, ClipBanker, Malicious, score, Artemis, Zusy, Unsafe, Ajm1, confidence, Attribute, HighConfidence, high confidence, BankerX, TrojanBanker, CLOUD, Nekark, hchtx, R002C0XB125, Real Protect, Static AI, Suspicious PE, Detected, CoinMiner, Wacatac, ABPWS, UNSA, Malex, R690725, BScope, Hkjl, susgen) | ||
| md5 | 240a6e1f4217e3eb22db88dc0692b5f7 | ||
| sha256 | 97b313f4ebc17549c44f85bdde1cd8cc8dddab22c63361306ee94c580cc7ca29 | ||
| ssdeep | 3072:fGO4uWRgu9bELjrW2a/lXlvMZ4Iu8oq+zK1+wYlhqTgyZ:+XuMgm4Lm22lXFMZ5j+wB8y | ||
| imphash | b9d5e6231a729f64685d981b20518bd0 | ||
| impfuzzy | 24:F2IMu7nlkDoCblxBZkgwcpVtuOIfGrJ3EvvZ1XZatNRrNhFGjv2jjMP:97nmLBucpV7OG9CZ1ktXrNhFG5 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 52 AntiVirus engines on VirusTotal as malicious |
| watch | Attempts to modify Explorer settings to prevent hidden files from being displayed |
| watch | Installs itself for autorun at Windows startup |
| notice | A process attempted to delay the analysis task. |
| notice | Creates hidden or system file |
| info | Checks if process is being debugged by a debugger |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x41c000 RegOpenKeyExA
0x41c004 RegOpenKeyExW
0x41c008 RegCloseKey
0x41c00c RegSetValueExW
SHELL32.dll
0x41c158 SHGetFolderPathW
KERNEL32.dll
0x41c014 InitializeCriticalSectionAndSpinCount
0x41c018 FlushFileBuffers
0x41c01c WriteConsoleW
0x41c020 GetProcAddress
0x41c024 LoadLibraryA
0x41c028 ExitProcess
0x41c02c GlobalLock
0x41c030 WriteFile
0x41c034 GlobalAlloc
0x41c038 Sleep
0x41c03c GetModuleFileNameW
0x41c040 CreateFileW
0x41c044 GlobalUnlock
0x41c048 GetLastError
0x41c04c CreateMutexA
0x41c050 IsDebuggerPresent
0x41c054 CloseHandle
0x41c058 SetFileAttributesW
0x41c05c CreateThread
0x41c060 CreateDirectoryW
0x41c064 CopyFileW
0x41c068 SetCurrentDirectoryW
0x41c06c InterlockedIncrement
0x41c070 InterlockedDecrement
0x41c074 EncodePointer
0x41c078 DecodePointer
0x41c07c EnterCriticalSection
0x41c080 LeaveCriticalSection
0x41c084 InitializeCriticalSectionEx
0x41c088 DeleteCriticalSection
0x41c08c WideCharToMultiByte
0x41c090 GetLocaleInfoEx
0x41c094 MultiByteToWideChar
0x41c098 GetStringTypeW
0x41c09c GetCommandLineW
0x41c0a0 HeapFree
0x41c0a4 HeapAlloc
0x41c0a8 HeapReAlloc
0x41c0ac RaiseException
0x41c0b0 RtlUnwind
0x41c0b4 GetCPInfo
0x41c0b8 IsProcessorFeaturePresent
0x41c0bc SetLastError
0x41c0c0 GetCurrentThreadId
0x41c0c4 GetModuleHandleExW
0x41c0c8 GetStdHandle
0x41c0cc GetProcessHeap
0x41c0d0 GetFileType
0x41c0d4 InitOnceExecuteOnce
0x41c0d8 GetStartupInfoW
0x41c0dc QueryPerformanceCounter
0x41c0e0 GetSystemTimeAsFileTime
0x41c0e4 GetTickCount64
0x41c0e8 GetEnvironmentStringsW
0x41c0ec FreeEnvironmentStringsW
0x41c0f0 UnhandledExceptionFilter
0x41c0f4 SetUnhandledExceptionFilter
0x41c0f8 FlsAlloc
0x41c0fc FlsGetValue
0x41c100 FlsSetValue
0x41c104 FlsFree
0x41c108 GetCurrentProcess
0x41c10c TerminateProcess
0x41c110 GetModuleHandleW
0x41c114 HeapSize
0x41c118 GetACP
0x41c11c IsValidCodePage
0x41c120 GetOEMCP
0x41c124 CompareStringEx
0x41c128 GetUserDefaultLocaleName
0x41c12c LCMapStringEx
0x41c130 IsValidLocaleName
0x41c134 EnumSystemLocalesEx
0x41c138 LoadLibraryExW
0x41c13c OutputDebugStringW
0x41c140 LoadLibraryW
0x41c144 GetConsoleCP
0x41c148 GetConsoleMode
0x41c14c SetFilePointerEx
0x41c150 SetStdHandle
EAT(Export Address Table) is none
ADVAPI32.dll
0x41c000 RegOpenKeyExA
0x41c004 RegOpenKeyExW
0x41c008 RegCloseKey
0x41c00c RegSetValueExW
SHELL32.dll
0x41c158 SHGetFolderPathW
KERNEL32.dll
0x41c014 InitializeCriticalSectionAndSpinCount
0x41c018 FlushFileBuffers
0x41c01c WriteConsoleW
0x41c020 GetProcAddress
0x41c024 LoadLibraryA
0x41c028 ExitProcess
0x41c02c GlobalLock
0x41c030 WriteFile
0x41c034 GlobalAlloc
0x41c038 Sleep
0x41c03c GetModuleFileNameW
0x41c040 CreateFileW
0x41c044 GlobalUnlock
0x41c048 GetLastError
0x41c04c CreateMutexA
0x41c050 IsDebuggerPresent
0x41c054 CloseHandle
0x41c058 SetFileAttributesW
0x41c05c CreateThread
0x41c060 CreateDirectoryW
0x41c064 CopyFileW
0x41c068 SetCurrentDirectoryW
0x41c06c InterlockedIncrement
0x41c070 InterlockedDecrement
0x41c074 EncodePointer
0x41c078 DecodePointer
0x41c07c EnterCriticalSection
0x41c080 LeaveCriticalSection
0x41c084 InitializeCriticalSectionEx
0x41c088 DeleteCriticalSection
0x41c08c WideCharToMultiByte
0x41c090 GetLocaleInfoEx
0x41c094 MultiByteToWideChar
0x41c098 GetStringTypeW
0x41c09c GetCommandLineW
0x41c0a0 HeapFree
0x41c0a4 HeapAlloc
0x41c0a8 HeapReAlloc
0x41c0ac RaiseException
0x41c0b0 RtlUnwind
0x41c0b4 GetCPInfo
0x41c0b8 IsProcessorFeaturePresent
0x41c0bc SetLastError
0x41c0c0 GetCurrentThreadId
0x41c0c4 GetModuleHandleExW
0x41c0c8 GetStdHandle
0x41c0cc GetProcessHeap
0x41c0d0 GetFileType
0x41c0d4 InitOnceExecuteOnce
0x41c0d8 GetStartupInfoW
0x41c0dc QueryPerformanceCounter
0x41c0e0 GetSystemTimeAsFileTime
0x41c0e4 GetTickCount64
0x41c0e8 GetEnvironmentStringsW
0x41c0ec FreeEnvironmentStringsW
0x41c0f0 UnhandledExceptionFilter
0x41c0f4 SetUnhandledExceptionFilter
0x41c0f8 FlsAlloc
0x41c0fc FlsGetValue
0x41c100 FlsSetValue
0x41c104 FlsFree
0x41c108 GetCurrentProcess
0x41c10c TerminateProcess
0x41c110 GetModuleHandleW
0x41c114 HeapSize
0x41c118 GetACP
0x41c11c IsValidCodePage
0x41c120 GetOEMCP
0x41c124 CompareStringEx
0x41c128 GetUserDefaultLocaleName
0x41c12c LCMapStringEx
0x41c130 IsValidLocaleName
0x41c134 EnumSystemLocalesEx
0x41c138 LoadLibraryExW
0x41c13c OutputDebugStringW
0x41c140 LoadLibraryW
0x41c144 GetConsoleCP
0x41c148 GetConsoleMode
0x41c14c SetFilePointerEx
0x41c150 SetStdHandle
EAT(Export Address Table) is none