popup

Report - black.exe

Generic Malware Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2025.02.05 11:28 Machine s1_win7_x6403
Filename black.exe
Type PE32+ executable (GUI) x86-64, for MS Windows
AI Score
5
 Behavior Score
1.8
ZERO API file : mailcious
VT API (file) 52 detected (Malicious, score, Ghanarava, Barys, Unsafe, confidence, 100%, Attribute, HighConfidence, high confidence, SpywareX, TrojanPSW, JmfshrYaWwS, Static AI, Suspicious PE, Detected, RustyStealer, Eldorado, R550345, Artemis, Chgt, Gencirc, susgen, Luca)
md5 740b99fb0515f52ae740be4abce39747
sha256 2fd0d3eb162542eb110527cbb3405ce49c674e37779ec1dfa1937d9ca85f2438
ssdeep 49152:tUPuL07z5r7QyUpmFwEaAvsvzWeAqkONWvQU7pzP8UIz/Op4977Y+3JPEEVXC8ub:fL0KyvwRAGU7VBGmsEjR/qO
imphash 38c4cd74b500cfc8c22c9298e1a309c6
impfuzzy 96:SQKRTxK9WZ6Sfnn4ZazaH5fcg+PxXPcWqHp+so5HT9Wv9sNgSqEfMJdd:SRaWLn4ZazaE/cW2G5HxWFCqeMJdd
  Network IP location

Signature (2cnts)

Level Description
danger File has been identified by 52 AntiVirus engines on VirusTotal as malicious
watch Communicates with host for which no DNS query was performed

Rules (7cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE64 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (1cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
146.59.154.106
whois
Unknown 146.59.154.106 clean

Suricata ids

PE API

IAT(Import Address Table) Library

kernel32.dll
 0x1402a32e8 GetFileInformationByHandle
 0x1402a32f0 GetModuleHandleA
 0x1402a32f8 GetCurrentThread
 0x1402a3300 GetStdHandle
 0x1402a3308 GetConsoleMode
 0x1402a3310 WaitForSingleObject
 0x1402a3318 WriteConsoleW
 0x1402a3320 WaitForSingleObjectEx
 0x1402a3328 CreateMutexA
 0x1402a3330 ReleaseMutex
 0x1402a3338 GetEnvironmentVariableW
 0x1402a3340 RtlLookupFunctionEntry
 0x1402a3348 GetModuleHandleW
 0x1402a3350 FormatMessageW
 0x1402a3358 GetTempPathW
 0x1402a3360 GetModuleFileNameW
 0x1402a3368 CreateFileW
 0x1402a3370 GlobalAlloc
 0x1402a3378 GetFullPathNameW
 0x1402a3380 MultiByteToWideChar
 0x1402a3388 FindNextFileW
 0x1402a3390 CreateDirectoryW
 0x1402a3398 FindFirstFileW
 0x1402a33a0 FindClose
 0x1402a33a8 WideCharToMultiByte
 0x1402a33b0 GlobalSize
 0x1402a33b8 GlobalLock
 0x1402a33c0 Sleep
 0x1402a33c8 GetEnvironmentStringsW
 0x1402a33d0 FreeEnvironmentStringsW
 0x1402a33d8 CompareStringOrdinal
 0x1402a33e0 GetSystemDirectoryW
 0x1402a33e8 GetWindowsDirectoryW
 0x1402a33f0 CreateProcessW
 0x1402a33f8 GetFileAttributesW
 0x1402a3400 DuplicateHandle
 0x1402a3408 GetCurrentProcessId
 0x1402a3410 CreateNamedPipeW
 0x1402a3418 CreateThread
 0x1402a3420 ReadFileEx
 0x1402a3428 SleepEx
 0x1402a3430 WriteFileEx
 0x1402a3438 ReleaseSRWLockExclusive
 0x1402a3440 ExitProcess
 0x1402a3448 QueryPerformanceCounter
 0x1402a3450 QueryPerformanceFrequency
 0x1402a3458 GetSystemTimeAsFileTime
 0x1402a3460 GetCurrentDirectoryW
 0x1402a3468 RtlCaptureContext
 0x1402a3470 AcquireSRWLockShared
 0x1402a3478 ReleaseSRWLockShared
 0x1402a3480 CopyFileExW
 0x1402a3488 SleepConditionVariableSRW
 0x1402a3490 SetHandleInformation
 0x1402a3498 WakeConditionVariable
 0x1402a34a0 PostQueuedCompletionStatus
 0x1402a34a8 SetFileCompletionNotificationModes
 0x1402a34b0 CreateIoCompletionPort
 0x1402a34b8 TryAcquireSRWLockExclusive
 0x1402a34c0 GetFinalPathNameByHandleW
 0x1402a34c8 SetLastError
 0x1402a34d0 GetQueuedCompletionStatusEx
 0x1402a34d8 UnhandledExceptionFilter
 0x1402a34e0 SwitchToThread
 0x1402a34e8 SetUnhandledExceptionFilter
 0x1402a34f0 GlobalUnlock
 0x1402a34f8 GlobalFree
 0x1402a3500 GetProcessHeap
 0x1402a3508 HeapAlloc
 0x1402a3510 FileTimeToSystemTime
 0x1402a3518 SystemTimeToTzSpecificLocalTime
 0x1402a3520 SystemTimeToFileTime
 0x1402a3528 GetTimeZoneInformation
 0x1402a3530 RtlVirtualUnwind
 0x1402a3538 FlushFileBuffers
 0x1402a3540 GetTickCount
 0x1402a3548 MapViewOfFile
 0x1402a3550 CreateFileMappingW
 0x1402a3558 FormatMessageA
 0x1402a3560 GetSystemTime
 0x1402a3568 FreeLibrary
 0x1402a3570 GetFileSize
 0x1402a3578 LockFileEx
 0x1402a3580 LocalFree
 0x1402a3588 UnlockFile
 0x1402a3590 HeapDestroy
 0x1402a3598 HeapCompact
 0x1402a35a0 LoadLibraryW
 0x1402a35a8 DeleteFileW
 0x1402a35b0 DeleteFileA
 0x1402a35b8 CreateFileA
 0x1402a35c0 FlushViewOfFile
 0x1402a35c8 OutputDebugStringW
 0x1402a35d0 GetFileAttributesExW
 0x1402a35d8 GetFileAttributesA
 0x1402a35e0 GetDiskFreeSpaceA
 0x1402a35e8 GetTempPathA
 0x1402a35f0 HeapSize
 0x1402a35f8 HeapValidate
 0x1402a3600 UnmapViewOfFile
 0x1402a3608 CreateMutexW
 0x1402a3610 UnlockFileEx
 0x1402a3618 SetEndOfFile
 0x1402a3620 GetFullPathNameA
 0x1402a3628 SetFilePointer
 0x1402a3630 LockFile
 0x1402a3638 OutputDebugStringA
 0x1402a3640 GetDiskFreeSpaceW
 0x1402a3648 WriteFile
 0x1402a3650 HeapCreate
 0x1402a3658 ReadFile
 0x1402a3660 AreFileApisANSI
 0x1402a3668 InitializeCriticalSection
 0x1402a3670 EnterCriticalSection
 0x1402a3678 LeaveCriticalSection
 0x1402a3680 TryEnterCriticalSection
 0x1402a3688 DeleteCriticalSection
 0x1402a3690 GetCurrentThreadId
 0x1402a3698 SetThreadStackGuarantee
 0x1402a36a0 AddVectoredExceptionHandler
 0x1402a36a8 GetCurrentProcess
 0x1402a36b0 GetProcAddress
 0x1402a36b8 LoadLibraryA
 0x1402a36c0 WakeAllConditionVariable
 0x1402a36c8 HeapReAlloc
 0x1402a36d0 GetLastError
 0x1402a36d8 GetSystemInfo
 0x1402a36e0 SetFilePointerEx
 0x1402a36e8 TerminateProcess
 0x1402a36f0 CloseHandle
 0x1402a36f8 AcquireSRWLockExclusive
 0x1402a3700 IsProcessorFeaturePresent
 0x1402a3708 InitializeSListHead
 0x1402a3710 IsDebuggerPresent
 0x1402a3718 GetFileInformationByHandleEx
 0x1402a3720 HeapFree
oleaut32.dll
 0x1402a3780 SafeArrayDestroy
 0x1402a3788 SafeArrayAccessData
 0x1402a3790 SafeArrayGetUBound
 0x1402a3798 SafeArrayGetLBound
 0x1402a37a0 VariantClear
 0x1402a37a8 SysFreeString
 0x1402a37b0 SafeArrayUnaccessData
 0x1402a37b8 SysAllocStringLen
ws2_32.dll
 0x1402a3868 ioctlsocket
 0x1402a3870 WSASocketW
 0x1402a3878 ind
 0x1402a3880 listen
 0x1402a3888 WSASend
 0x1402a3890 accept
 0x1402a3898 setsockopt
 0x1402a38a0 connect
 0x1402a38a8 getaddrinfo
 0x1402a38b0 getsockopt
 0x1402a38b8 WSAIoctl
 0x1402a38c0 freeaddrinfo
 0x1402a38c8 WSAStartup
 0x1402a38d0 WSACleanup
 0x1402a38d8 getsockname
 0x1402a38e0 WSAGetLastError
 0x1402a38e8 getpeername
 0x1402a38f0 recv
 0x1402a38f8 closesocket
 0x1402a3900 send
 0x1402a3908 shutdown
 0x1402a3910 socket
crypt32.dll
 0x1402a3220 CertFreeCertificateContext
 0x1402a3228 CertFreeCertificateChain
 0x1402a3230 CertCloseStore
 0x1402a3238 CertDuplicateStore
 0x1402a3240 CertDuplicateCertificateContext
 0x1402a3248 CertVerifyCertificateChainPolicy
 0x1402a3250 CryptUnprotectData
 0x1402a3258 CertGetCertificateChain
 0x1402a3260 CertAddCertificateContextToStore
 0x1402a3268 CertEnumCertificatesInStore
 0x1402a3270 CertOpenStore
 0x1402a3278 CertDuplicateCertificateChain
advapi32.dll
 0x1402a3050 RegCreateKeyExA
 0x1402a3058 RegSetValueExA
 0x1402a3060 AllocateAndInitializeSid
 0x1402a3068 FreeSid
 0x1402a3070 CheckTokenMembership
 0x1402a3078 RegQueryValueExW
 0x1402a3080 RegCloseKey
 0x1402a3088 SystemFunction036
 0x1402a3090 RegOpenKeyExW
crypt.dll
 0x1402a3210 BCryptGenRandom
user32.dll
 0x1402a3820 EnumDisplaySettingsExW
 0x1402a3828 SetClipboardData
 0x1402a3830 EmptyClipboard
 0x1402a3838 CloseClipboard
 0x1402a3840 GetClipboardData
 0x1402a3848 OpenClipboard
 0x1402a3850 GetMonitorInfoW
 0x1402a3858 EnumDisplayMonitors
ntdll.dll
 0x1402a3730 NtCreateFile
 0x1402a3738 NtCancelIoFileEx
 0x1402a3740 NtDeviceIoControlFile
 0x1402a3748 RtlNtStatusToDosError
secur32.dll
 0x1402a37c8 InitializeSecurityContextW
 0x1402a37d0 QueryContextAttributesW
 0x1402a37d8 FreeContextBuffer
 0x1402a37e0 DeleteSecurityContext
 0x1402a37e8 EncryptMessage
 0x1402a37f0 AcceptSecurityContext
 0x1402a37f8 FreeCredentialsHandle
 0x1402a3800 AcquireCredentialsHandleA
 0x1402a3808 ApplyControlToken
 0x1402a3810 DecryptMessage
gdi32.dll
 0x1402a3288 GetDeviceCaps
 0x1402a3290 DeleteDC
 0x1402a3298 DeleteObject
 0x1402a32a0 CreateCompatibleDC
 0x1402a32a8 CreateCompatibleBitmap
 0x1402a32b0 SelectObject
 0x1402a32b8 SetStretchBltMode
 0x1402a32c0 StretchBlt
 0x1402a32c8 GetDIBits
 0x1402a32d0 GetObjectW
 0x1402a32d8 CreateDCW
ole32.dll
 0x1402a3758 CoSetProxyBlanket
 0x1402a3760 CoCreateInstance
 0x1402a3768 CoInitializeSecurity
 0x1402a3770 CoInitializeEx
VCRUNTIME140.dll
 0x1402a3000 strrchr
 0x1402a3008 memmove
 0x1402a3010 memset
 0x1402a3018 memcpy
 0x1402a3020 memcmp
 0x1402a3028 __C_specific_handler
 0x1402a3030 __current_exception
 0x1402a3038 __current_exception_context
 0x1402a3040 __CxxFrameHandler3
api-ms-win-crt-string-l1-1-0.dll
 0x1402a31c0 strcspn
 0x1402a31c8 strcmp
 0x1402a31d0 strncmp
 0x1402a31d8 strlen
api-ms-win-crt-utility-l1-1-0.dll
 0x1402a31f8 qsort
 0x1402a3200 _rotl64
api-ms-win-crt-heap-l1-1-0.dll
 0x1402a30a0 malloc
 0x1402a30a8 realloc
 0x1402a30b0 _msize
 0x1402a30b8 free
 0x1402a30c0 _set_new_mode
api-ms-win-crt-time-l1-1-0.dll
 0x1402a31e8 _localtime64_s
api-ms-win-crt-math-l1-1-0.dll
 0x1402a30e0 _dclass
 0x1402a30e8 __setusermatherr
 0x1402a30f0 log
api-ms-win-crt-runtime-l1-1-0.dll
 0x1402a3100 _initialize_onexit_table
 0x1402a3108 _cexit
 0x1402a3110 _c_exit
 0x1402a3118 _configure_narrow_argv
 0x1402a3120 _initialize_narrow_environment
 0x1402a3128 _beginthreadex
 0x1402a3130 _get_initial_narrow_environment
 0x1402a3138 _set_app_type
 0x1402a3140 _initterm
 0x1402a3148 _initterm_e
 0x1402a3150 exit
 0x1402a3158 _exit
 0x1402a3160 __p___argv
 0x1402a3168 terminate
 0x1402a3170 __p___argc
 0x1402a3178 _crt_atexit
 0x1402a3180 _seh_filter_exe
 0x1402a3188 _register_onexit_function
 0x1402a3190 _endthreadex
 0x1402a3198 _register_thread_local_exe_atexit_callback
api-ms-win-crt-stdio-l1-1-0.dll
 0x1402a31a8 __p__commode
 0x1402a31b0 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
 0x1402a30d0 _configthreadlocale

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure