ScreenShot
| Created | 2025.02.18 17:35 | Machine | s1_win7_x6401 |
| Filename | 5689_4833.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | |||
| md5 | 230ba53f680cb571ac552e432bcbadec | ||
| sha256 | df1752ef6e8594fe04a654cbebf85b053bae8300bde3c8260f290169fa1c2190 | ||
| ssdeep | 196608:XMO3UEyW4bkSMYMv2/gkBX1L3lIUlOLuQMPGnuzSDBa4Z4wz1a9:Xt3UEyNY2/gkBDgBMP1zSt89 | ||
| imphash | 901f487907aea119888450003c24d2ea | ||
| impfuzzy | 96:YxxX11nLcCxkbGrhvRhq7XCVBVspigYgp8fpLjokl0hbcik4rbnaXj6KdbG:YHF1fPhq7yepiMO0hor4rbaXJJG | ||
Network IP location
Signature (18cnts)
| Level | Description |
|---|---|
| danger | Executed a process and injected code into it |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Installs itself for autorun at Windows startup |
| watch | One or more of the buffers contains an embedded PE file |
| watch | Potential code injection by writing to the memory of another process |
| watch | Used NtSetContextThread to modify a thread in a remote process indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates executable files on the filesystem |
| notice | One or more potentially interesting buffers were extracted |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (16cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (download) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0xa6b070 GetModuleFileNameA
0xa6b074 GetModuleFileNameW
0xa6b078 GetModuleHandleA
0xa6b07c GetModuleHandleW
0xa6b080 GetStartupInfoW
0xa6b084 GetCommandLineA
0xa6b088 GetCommandLineW
0xa6b08c GetSystemDirectoryW
0xa6b090 GetTempPathW
0xa6b094 GetTempFileNameW
0xa6b098 CreateDirectoryW
0xa6b09c RemoveDirectoryW
0xa6b0a0 CreateFileA
0xa6b0a4 CreateFileW
0xa6b0a8 GetFileAttributesA
0xa6b0ac DeleteFileW
0xa6b0b0 FindFirstFileW
0xa6b0b4 CopyFileW
0xa6b0b8 HeapCreate
0xa6b0bc HeapDestroy
0xa6b0c0 HeapAlloc
0xa6b0c4 HeapFree
0xa6b0c8 HeapSize
0xa6b0cc HeapLock
0xa6b0d0 HeapUnlock
0xa6b0d4 HeapWalk
0xa6b0d8 DebugBreak
0xa6b0dc CreateThread
0xa6b0e0 OpenThread
0xa6b0e4 SetThreadPriority
0xa6b0e8 QueueUserAPC
0xa6b0ec TlsAlloc
0xa6b0f0 TlsFree
0xa6b0f4 SleepEx
0xa6b0f8 VirtualAlloc
0xa6b0fc VirtualFree
0xa6b100 VirtualProtect
0xa6b104 VirtualQuery
0xa6b108 FreeLibrary
0xa6b10c GetProcessTimes
0xa6b110 GetCurrentProcess
0xa6b114 GlobalAlloc
0xa6b118 GlobalSize
0xa6b11c GlobalLock
0xa6b120 GlobalUnlock
0xa6b124 LoadLibraryA
0xa6b128 GetModuleHandleExW
0xa6b12c SetCurrentDirectoryW
0xa6b130 GetCurrentDirectoryW
0xa6b134 QueryPerformanceCounter
0xa6b138 QueryPerformanceFrequency
0xa6b13c GetACP
0xa6b140 MultiByteToWideChar
0xa6b144 WideCharToMultiByte
0xa6b148 GetCurrentProcessId
0xa6b14c SetUnhandledExceptionFilter
0xa6b150 FindNextFileW
0xa6b154 GetCPInfo
0xa6b158 IsDBCSLeadByte
0xa6b15c VerSetConditionMask
0xa6b160 LockResource
0xa6b164 GlobalFree
0xa6b168 ExitThread
0xa6b16c LoadResource
0xa6b170 CreateProcessA
0xa6b174 FindResourceExA
0xa6b178 FindResourceExW
0xa6b17c GetSystemDirectoryA
0xa6b180 GetFileAttributesW
0xa6b184 MoveFileExW
0xa6b188 GetVersionExW
0xa6b18c VerifyVersionInfoW
0xa6b190 GetUserDefaultUILanguage
0xa6b194 GetUserDefaultLangID
0xa6b198 GetLongPathNameW
0xa6b19c GetFileInformationByHandle
0xa6b1a0 GetFileSizeEx
0xa6b1a4 DeviceIoControl
0xa6b1a8 SetFilePointerEx
0xa6b1ac lstrlenW
0xa6b1b0 CreateMutexA
0xa6b1b4 CreateProcessW
0xa6b1b8 ExpandEnvironmentStringsA
0xa6b1bc ExpandEnvironmentStringsW
0xa6b1c0 OutputDebugStringA
0xa6b1c4 GetTempPathA
0xa6b1c8 GetTempFileNameA
0xa6b1cc GetSystemWow64DirectoryW
0xa6b1d0 CreateDirectoryA
0xa6b1d4 GetFullPathNameW
0xa6b1d8 GetFileAttributesExW
0xa6b1dc LoadLibraryW
0xa6b1e0 GetVolumeInformationW
0xa6b1e4 SetLastError
0xa6b1e8 SetEvent
0xa6b1ec ResetEvent
0xa6b1f0 WaitForMultipleObjects
0xa6b1f4 GetTickCount
0xa6b1f8 CreateEventW
0xa6b1fc GetSystemTime
0xa6b200 GetTimeZoneInformation
0xa6b204 SystemTimeToFileTime
0xa6b208 GetCurrentThread
0xa6b20c GetExitCodeThread
0xa6b210 DuplicateHandle
0xa6b214 MapViewOfFile
0xa6b218 UnmapViewOfFile
0xa6b21c LCMapStringW
0xa6b220 GetLocaleInfoW
0xa6b224 TerminateThread
0xa6b228 CreateWaitableTimerW
0xa6b22c ReleaseSemaphore
0xa6b230 CreateSemaphoreW
0xa6b234 SetThreadAffinityMask
0xa6b238 ReleaseMutex
0xa6b23c CreateFileMappingA
0xa6b240 CompareFileTime
0xa6b244 IsDebuggerPresent
0xa6b248 OutputDebugStringW
0xa6b24c EncodePointer
0xa6b250 GetProcessHeap
0xa6b254 InitializeSListHead
0xa6b258 InterlockedPopEntrySList
0xa6b25c InterlockedPushEntrySList
0xa6b260 FlushInstructionCache
0xa6b264 IsProcessorFeaturePresent
0xa6b268 LoadLibraryExA
0xa6b26c UnhandledExceptionFilter
0xa6b270 TerminateProcess
0xa6b274 GetSystemTimeAsFileTime
0xa6b278 RtlUnwind
0xa6b27c LoadLibraryExW
0xa6b280 GetStdHandle
0xa6b284 GetStringTypeW
0xa6b288 GetFileType
0xa6b28c GetDateFormatW
0xa6b290 GetTimeFormatW
0xa6b294 CompareStringW
0xa6b298 GetUserDefaultLCID
0xa6b29c EnumSystemLocalesW
0xa6b2a0 SetConsoleCtrlHandler
0xa6b2a4 FlushFileBuffers
0xa6b2a8 GetConsoleCP
0xa6b2ac GetConsoleMode
0xa6b2b0 HeapReAlloc
0xa6b2b4 FindFirstFileExA
0xa6b2b8 FindNextFileA
0xa6b2bc IsValidCodePage
0xa6b2c0 GetOEMCP
0xa6b2c4 GetEnvironmentStringsW
0xa6b2c8 FreeEnvironmentStringsW
0xa6b2cc SetEnvironmentVariableA
0xa6b2d0 SetStdHandle
0xa6b2d4 WriteConsoleW
0xa6b2d8 ReadConsoleW
0xa6b2dc FormatMessageW
0xa6b2e0 SwitchToFiber
0xa6b2e4 DeleteFiber
0xa6b2e8 CreateFiber
0xa6b2ec ConvertFiberToThread
0xa6b2f0 ConvertThreadToFiber
0xa6b2f4 GetEnvironmentVariableW
0xa6b2f8 ReadConsoleA
0xa6b2fc SetConsoleMode
0xa6b300 TlsSetValue
0xa6b304 TlsGetValue
0xa6b308 GetSystemInfo
0xa6b30c CloseHandle
0xa6b310 FindClose
0xa6b314 SetFilePointer
0xa6b318 SetEndOfFile
0xa6b31c ReadFile
0xa6b320 WriteFile
0xa6b324 GetFileSize
0xa6b328 Sleep
0xa6b32c WaitForSingleObject
0xa6b330 DeleteCriticalSection
0xa6b334 TryEnterCriticalSection
0xa6b338 InitializeCriticalSectionAndSpinCount
0xa6b33c LeaveCriticalSection
0xa6b340 EnterCriticalSection
0xa6b344 InitializeCriticalSection
0xa6b348 GetLastError
0xa6b34c GetCurrentThreadId
0xa6b350 SwitchToThread
0xa6b354 RaiseException
0xa6b358 GetExitCodeProcess
0xa6b35c ExitProcess
0xa6b360 GetProcAddress
0xa6b364 InterlockedCompareExchange
0xa6b368 InterlockedExchange
0xa6b36c InterlockedDecrement
0xa6b370 InterlockedIncrement
0xa6b374 CreateEventA
0xa6b378 CreateWaitableTimerA
0xa6b37c SetWaitableTimer
0xa6b380 CancelWaitableTimer
0xa6b384 InterlockedExchangeAdd
0xa6b388 GetVersionExA
0xa6b38c GetVersion
0xa6b390 VerifyVersionInfoA
0xa6b394 GetNumberFormatW
0xa6b398 GetCurrencyFormatW
0xa6b39c GetDriveTypeW
0xa6b3a0 PeekNamedPipe
0xa6b3a4 SystemTimeToTzSpecificLocalTime
0xa6b3a8 FileTimeToSystemTime
0xa6b3ac FreeLibraryAndExitThread
0xa6b3b0 DeleteFileA
0xa6b3b4 DecodePointer
0xa6b3b8 GetProcessAffinityMask
ADVAPI32.dll
0xa6b000 CryptAcquireContextA
0xa6b004 CryptEnumProvidersW
0xa6b008 CryptSignHashW
0xa6b00c CryptDestroyHash
0xa6b010 CryptCreateHash
0xa6b014 CryptDecrypt
0xa6b018 CryptExportKey
0xa6b01c CryptGetUserKey
0xa6b020 CryptGetProvParam
0xa6b024 CryptSetHashParam
0xa6b028 CryptDestroyKey
0xa6b02c ReportEventW
0xa6b030 RegisterEventSourceW
0xa6b034 DeregisterEventSource
0xa6b038 CryptGenRandom
0xa6b03c CryptReleaseContext
0xa6b040 CryptAcquireContextW
0xa6b044 RegSetValueExW
0xa6b048 RegSetValueExA
0xa6b04c RegQueryValueExW
0xa6b050 RegQueryValueExA
0xa6b054 RegOpenKeyExW
0xa6b058 RegOpenKeyExA
0xa6b05c RegCreateKeyExW
0xa6b060 RegCreateKeyExA
0xa6b064 RegCloseKey
0xa6b068 RegOpenKeyA
EAT(Export Address Table) Library
0x42260e _WinMainSandboxed@20
KERNEL32.dll
0xa6b070 GetModuleFileNameA
0xa6b074 GetModuleFileNameW
0xa6b078 GetModuleHandleA
0xa6b07c GetModuleHandleW
0xa6b080 GetStartupInfoW
0xa6b084 GetCommandLineA
0xa6b088 GetCommandLineW
0xa6b08c GetSystemDirectoryW
0xa6b090 GetTempPathW
0xa6b094 GetTempFileNameW
0xa6b098 CreateDirectoryW
0xa6b09c RemoveDirectoryW
0xa6b0a0 CreateFileA
0xa6b0a4 CreateFileW
0xa6b0a8 GetFileAttributesA
0xa6b0ac DeleteFileW
0xa6b0b0 FindFirstFileW
0xa6b0b4 CopyFileW
0xa6b0b8 HeapCreate
0xa6b0bc HeapDestroy
0xa6b0c0 HeapAlloc
0xa6b0c4 HeapFree
0xa6b0c8 HeapSize
0xa6b0cc HeapLock
0xa6b0d0 HeapUnlock
0xa6b0d4 HeapWalk
0xa6b0d8 DebugBreak
0xa6b0dc CreateThread
0xa6b0e0 OpenThread
0xa6b0e4 SetThreadPriority
0xa6b0e8 QueueUserAPC
0xa6b0ec TlsAlloc
0xa6b0f0 TlsFree
0xa6b0f4 SleepEx
0xa6b0f8 VirtualAlloc
0xa6b0fc VirtualFree
0xa6b100 VirtualProtect
0xa6b104 VirtualQuery
0xa6b108 FreeLibrary
0xa6b10c GetProcessTimes
0xa6b110 GetCurrentProcess
0xa6b114 GlobalAlloc
0xa6b118 GlobalSize
0xa6b11c GlobalLock
0xa6b120 GlobalUnlock
0xa6b124 LoadLibraryA
0xa6b128 GetModuleHandleExW
0xa6b12c SetCurrentDirectoryW
0xa6b130 GetCurrentDirectoryW
0xa6b134 QueryPerformanceCounter
0xa6b138 QueryPerformanceFrequency
0xa6b13c GetACP
0xa6b140 MultiByteToWideChar
0xa6b144 WideCharToMultiByte
0xa6b148 GetCurrentProcessId
0xa6b14c SetUnhandledExceptionFilter
0xa6b150 FindNextFileW
0xa6b154 GetCPInfo
0xa6b158 IsDBCSLeadByte
0xa6b15c VerSetConditionMask
0xa6b160 LockResource
0xa6b164 GlobalFree
0xa6b168 ExitThread
0xa6b16c LoadResource
0xa6b170 CreateProcessA
0xa6b174 FindResourceExA
0xa6b178 FindResourceExW
0xa6b17c GetSystemDirectoryA
0xa6b180 GetFileAttributesW
0xa6b184 MoveFileExW
0xa6b188 GetVersionExW
0xa6b18c VerifyVersionInfoW
0xa6b190 GetUserDefaultUILanguage
0xa6b194 GetUserDefaultLangID
0xa6b198 GetLongPathNameW
0xa6b19c GetFileInformationByHandle
0xa6b1a0 GetFileSizeEx
0xa6b1a4 DeviceIoControl
0xa6b1a8 SetFilePointerEx
0xa6b1ac lstrlenW
0xa6b1b0 CreateMutexA
0xa6b1b4 CreateProcessW
0xa6b1b8 ExpandEnvironmentStringsA
0xa6b1bc ExpandEnvironmentStringsW
0xa6b1c0 OutputDebugStringA
0xa6b1c4 GetTempPathA
0xa6b1c8 GetTempFileNameA
0xa6b1cc GetSystemWow64DirectoryW
0xa6b1d0 CreateDirectoryA
0xa6b1d4 GetFullPathNameW
0xa6b1d8 GetFileAttributesExW
0xa6b1dc LoadLibraryW
0xa6b1e0 GetVolumeInformationW
0xa6b1e4 SetLastError
0xa6b1e8 SetEvent
0xa6b1ec ResetEvent
0xa6b1f0 WaitForMultipleObjects
0xa6b1f4 GetTickCount
0xa6b1f8 CreateEventW
0xa6b1fc GetSystemTime
0xa6b200 GetTimeZoneInformation
0xa6b204 SystemTimeToFileTime
0xa6b208 GetCurrentThread
0xa6b20c GetExitCodeThread
0xa6b210 DuplicateHandle
0xa6b214 MapViewOfFile
0xa6b218 UnmapViewOfFile
0xa6b21c LCMapStringW
0xa6b220 GetLocaleInfoW
0xa6b224 TerminateThread
0xa6b228 CreateWaitableTimerW
0xa6b22c ReleaseSemaphore
0xa6b230 CreateSemaphoreW
0xa6b234 SetThreadAffinityMask
0xa6b238 ReleaseMutex
0xa6b23c CreateFileMappingA
0xa6b240 CompareFileTime
0xa6b244 IsDebuggerPresent
0xa6b248 OutputDebugStringW
0xa6b24c EncodePointer
0xa6b250 GetProcessHeap
0xa6b254 InitializeSListHead
0xa6b258 InterlockedPopEntrySList
0xa6b25c InterlockedPushEntrySList
0xa6b260 FlushInstructionCache
0xa6b264 IsProcessorFeaturePresent
0xa6b268 LoadLibraryExA
0xa6b26c UnhandledExceptionFilter
0xa6b270 TerminateProcess
0xa6b274 GetSystemTimeAsFileTime
0xa6b278 RtlUnwind
0xa6b27c LoadLibraryExW
0xa6b280 GetStdHandle
0xa6b284 GetStringTypeW
0xa6b288 GetFileType
0xa6b28c GetDateFormatW
0xa6b290 GetTimeFormatW
0xa6b294 CompareStringW
0xa6b298 GetUserDefaultLCID
0xa6b29c EnumSystemLocalesW
0xa6b2a0 SetConsoleCtrlHandler
0xa6b2a4 FlushFileBuffers
0xa6b2a8 GetConsoleCP
0xa6b2ac GetConsoleMode
0xa6b2b0 HeapReAlloc
0xa6b2b4 FindFirstFileExA
0xa6b2b8 FindNextFileA
0xa6b2bc IsValidCodePage
0xa6b2c0 GetOEMCP
0xa6b2c4 GetEnvironmentStringsW
0xa6b2c8 FreeEnvironmentStringsW
0xa6b2cc SetEnvironmentVariableA
0xa6b2d0 SetStdHandle
0xa6b2d4 WriteConsoleW
0xa6b2d8 ReadConsoleW
0xa6b2dc FormatMessageW
0xa6b2e0 SwitchToFiber
0xa6b2e4 DeleteFiber
0xa6b2e8 CreateFiber
0xa6b2ec ConvertFiberToThread
0xa6b2f0 ConvertThreadToFiber
0xa6b2f4 GetEnvironmentVariableW
0xa6b2f8 ReadConsoleA
0xa6b2fc SetConsoleMode
0xa6b300 TlsSetValue
0xa6b304 TlsGetValue
0xa6b308 GetSystemInfo
0xa6b30c CloseHandle
0xa6b310 FindClose
0xa6b314 SetFilePointer
0xa6b318 SetEndOfFile
0xa6b31c ReadFile
0xa6b320 WriteFile
0xa6b324 GetFileSize
0xa6b328 Sleep
0xa6b32c WaitForSingleObject
0xa6b330 DeleteCriticalSection
0xa6b334 TryEnterCriticalSection
0xa6b338 InitializeCriticalSectionAndSpinCount
0xa6b33c LeaveCriticalSection
0xa6b340 EnterCriticalSection
0xa6b344 InitializeCriticalSection
0xa6b348 GetLastError
0xa6b34c GetCurrentThreadId
0xa6b350 SwitchToThread
0xa6b354 RaiseException
0xa6b358 GetExitCodeProcess
0xa6b35c ExitProcess
0xa6b360 GetProcAddress
0xa6b364 InterlockedCompareExchange
0xa6b368 InterlockedExchange
0xa6b36c InterlockedDecrement
0xa6b370 InterlockedIncrement
0xa6b374 CreateEventA
0xa6b378 CreateWaitableTimerA
0xa6b37c SetWaitableTimer
0xa6b380 CancelWaitableTimer
0xa6b384 InterlockedExchangeAdd
0xa6b388 GetVersionExA
0xa6b38c GetVersion
0xa6b390 VerifyVersionInfoA
0xa6b394 GetNumberFormatW
0xa6b398 GetCurrencyFormatW
0xa6b39c GetDriveTypeW
0xa6b3a0 PeekNamedPipe
0xa6b3a4 SystemTimeToTzSpecificLocalTime
0xa6b3a8 FileTimeToSystemTime
0xa6b3ac FreeLibraryAndExitThread
0xa6b3b0 DeleteFileA
0xa6b3b4 DecodePointer
0xa6b3b8 GetProcessAffinityMask
ADVAPI32.dll
0xa6b000 CryptAcquireContextA
0xa6b004 CryptEnumProvidersW
0xa6b008 CryptSignHashW
0xa6b00c CryptDestroyHash
0xa6b010 CryptCreateHash
0xa6b014 CryptDecrypt
0xa6b018 CryptExportKey
0xa6b01c CryptGetUserKey
0xa6b020 CryptGetProvParam
0xa6b024 CryptSetHashParam
0xa6b028 CryptDestroyKey
0xa6b02c ReportEventW
0xa6b030 RegisterEventSourceW
0xa6b034 DeregisterEventSource
0xa6b038 CryptGenRandom
0xa6b03c CryptReleaseContext
0xa6b040 CryptAcquireContextW
0xa6b044 RegSetValueExW
0xa6b048 RegSetValueExA
0xa6b04c RegQueryValueExW
0xa6b050 RegQueryValueExA
0xa6b054 RegOpenKeyExW
0xa6b058 RegOpenKeyExA
0xa6b05c RegCreateKeyExW
0xa6b060 RegCreateKeyExA
0xa6b064 RegCloseKey
0xa6b068 RegOpenKeyA
EAT(Export Address Table) Library
0x42260e _WinMainSandboxed@20