ScreenShot
| Created | 2025.02.18 18:29 | Machine | s1_win7_x6401 |
| Filename | main.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 36 detected (Malicious, score, Artemis, GenericKD, Unsafe, confidence, Kryptik, Genus, HYTD, ShellCodeRunner, CLASSIC, lllso, Detected, GrayWare, Wacapew, Malware@#2m645ivd7rppd, LummaStealer, Njgl, susgen, PossibleThreat, Chgt) | ||
| md5 | c1ab7781370290e0f7d8ea98705e8c84 | ||
| sha256 | 17bc5b41b35d894b37224e5daa66e2c7326e10a8309e299af122c6602afc953e | ||
| ssdeep | 98304:fLpbNHeg4DbSYB5rkUQD4xxmIQV0ymRNmQP:fLpbN+g4n/kUQ4/QVoiQP | ||
| imphash | adfb5165841ec7e1fff9b4b9d3b4ceb0 | ||
| impfuzzy | 48:s6sxio1r1/Xo9m5ZCqZY5Menmt3Vzlc+pIqQ3SY+owZDzf/gAke5rC7DMESpfJeG:s6sxio1xVE5MJt3Rlc+pXZibM | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 36 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x855000 QueryUsersOnEncryptedFile
0x855004 QueryRecoveryAgentsOnEncryptedFile
0x855008 QueryServiceConfigW
0x85500c QueryServiceConfig2W
0x855010 QueryServiceLockStatusW
0x855014 QueryServiceStatus
0x855018 QueryServiceStatusEx
0x85501c QueryTraceW
0x855020 QueryAllTracesW
KERNEL32.dll
0x85509c FindClose
0x8550a0 FindFirstFileExW
0x8550a4 FindNextFileW
0x8550a8 FlushFileBuffers
0x8550ac GetFullPathNameW
0x8550b0 QueryDosDeviceW
0x8550b4 ReadFile
0x8550b8 SetEndOfFile
0x8550bc SetFileAttributesW
0x8550c0 WriteFile
0x8550c4 RaiseException
0x8550c8 GetLastError
0x8550cc SetErrorMode
0x8550d0 QueryPerformanceCounter
0x8550d4 QueryPerformanceFrequency
0x8550d8 GetProcessHeap
0x8550dc SetCriticalSectionSpinCount
0x8550e0 SetEvent
0x8550e4 Sleep
0x8550e8 QueryDepthSList
0x8550ec QueueUserAPC
0x8550f0 GetCurrentProcess
0x8550f4 GetCurrentProcessId
0x8550f8 GetCurrentThreadId
0x8550fc SetComputerNameExW
0x855100 SetComputerNameW
0x855104 VirtualProtect
0x855108 QueueUserWorkItem
0x85510c CreateTimerQueue
0x855110 SetEventWhenCallbackReturns
0x855114 WaitForThreadpoolWorkCallbacks
0x855118 WaitForThreadpoolTimerCallbacks
0x85511c WaitForThreadpoolWaitCallbacks
0x855120 WaitForThreadpoolIoCallbacks
0x855124 QueryInformationJobObject
0x855128 GetModuleFileNameW
0x85512c GetModuleHandleA
0x855130 GetModuleHandleW
0x855134 QueryThreadCycleTime
0x855138 QueryProcessCycleTime
0x85513c QueryIdleProcessorCycleTime
0x855140 QueryFullProcessImageNameW
0x855144 SetDllDirectoryW
0x855148 CreateFileW
0x85514c SetDefaultCommConfigW
0x855150 SetDynamicTimeZoneInformation
0x855154 SetConsoleMode
0x855158 ReadConsoleInputW
0x85515c ReadConsoleW
0x855160 SetConsoleCtrlHandler
0x855164 SetConsoleActiveScreenBuffer
0x855168 SetConsoleCP
0x85516c SetConsoleOutputCP
0x855170 SetConsoleCursorInfo
0x855174 SetConsoleCursorPosition
0x855178 ReadConsoleOutputCharacterW
0x85517c ReadConsoleOutputAttribute
0x855180 ReadConsoleOutputW
0x855184 SetCurrentConsoleFontEx
0x855188 SetConsoleHistoryInfo
0x85518c K32QueryWorkingSet
0x855190 K32QueryWorkingSetEx
0x855194 DecodePointer
0x855198 GetConsoleMode
0x85519c GetConsoleOutputCP
0x8551a0 SetFilePointerEx
0x8551a4 GetFileSizeEx
0x8551a8 HeapQueryInformation
0x8551ac HeapSize
0x8551b0 HeapReAlloc
0x8551b4 LCMapStringW
0x8551b8 CompareStringW
0x8551bc GetTimeFormatW
0x8551c0 GetDateFormatW
0x8551c4 GetTempPathW
0x8551c8 EnumSystemLocalesW
0x8551cc CloseHandle
0x8551d0 GetUserDefaultLCID
0x8551d4 IsValidLocale
0x8551d8 GetLocaleInfoW
0x8551dc GetStringTypeW
0x8551e0 SetStdHandle
0x8551e4 FreeEnvironmentStringsW
0x8551e8 GetEnvironmentStringsW
0x8551ec GetCommandLineA
0x8551f0 GetCPInfo
0x8551f4 GetOEMCP
0x8551f8 GetACP
0x8551fc IsValidCodePage
0x855200 GetCurrentThread
0x855204 WriteConsoleW
0x855208 OutputDebugStringW
0x85520c GetFileType
0x855210 GetSystemInfo
0x855214 HeapValidate
0x855218 ExitProcess
0x85521c SetCurrentDirectoryW
0x855220 ExpandEnvironmentStringsW
0x855224 SetEnvironmentVariableW
0x855228 GetEnvironmentVariableW
0x85522c GetCommandLineW
0x855230 GetStdHandle
0x855234 CopyFileW
0x855238 GetModuleHandleExW
0x85523c EncodePointer
0x855240 UnhandledExceptionFilter
0x855244 SetUnhandledExceptionFilter
0x855248 TerminateProcess
0x85524c IsProcessorFeaturePresent
0x855250 GetSystemTimeAsFileTime
0x855254 InitializeSListHead
0x855258 IsDebuggerPresent
0x85525c GetStartupInfoW
0x855260 MultiByteToWideChar
0x855264 WideCharToMultiByte
0x855268 HeapAlloc
0x85526c HeapFree
0x855270 VirtualQuery
0x855274 FreeLibrary
0x855278 GetProcAddress
0x85527c InterlockedPushEntrySList
0x855280 InterlockedFlushSList
0x855284 LoadLibraryExW
0x855288 RtlUnwind
0x85528c SetLastError
0x855290 EnterCriticalSection
0x855294 LeaveCriticalSection
0x855298 DeleteCriticalSection
0x85529c InitializeCriticalSectionAndSpinCount
0x8552a0 TlsAlloc
0x8552a4 TlsGetValue
0x8552a8 TlsSetValue
0x8552ac TlsFree
USER32.dll
0x855344 AppendMenuW
0x855348 wsprintfW
0x85534c LoadIconW
0x855350 LoadCursorW
0x855354 SetWindowLongW
0x855358 FillRect
0x85535c ClientToScreen
0x855360 GetCursorPos
0x855364 SetCursor
0x855368 SetCursorPos
0x85536c MessageBoxW
0x855370 SetWindowTextW
0x855374 GetUpdateRect
0x855378 ReleaseDC
0x85537c DrawTextW
0x855380 SetMenuItemInfoW
0x855384 TrackPopupMenu
0x855388 GetActiveWindow
0x85538c DestroyMenu
0x855390 CreatePopupMenu
0x855394 CharUpperW
0x855398 SendDlgItemMessageW
0x85539c IsDlgButtonChecked
0x8553a0 CheckDlgButton
0x8553a4 GetDlgItemTextW
0x8553a8 SetDlgItemTextW
0x8553ac SetDlgItemInt
0x8553b0 GetDlgItem
0x8553b4 IsWindow
0x8553b8 RegisterClassW
0x8553bc SetDoubleClickTime
0x8553c0 SendMessageW
GDI32.dll
0x855054 SetEnhMetaFileBits
0x855058 SetDIBitsToDevice
0x85505c SetDIBits
0x855060 SetDCPenColor
0x855064 SetDCBrushColor
0x855068 SetDIBColorTable
WINSPOOL.DRV
0x855408 None
EAT(Export Address Table) is none
ADVAPI32.dll
0x855000 QueryUsersOnEncryptedFile
0x855004 QueryRecoveryAgentsOnEncryptedFile
0x855008 QueryServiceConfigW
0x85500c QueryServiceConfig2W
0x855010 QueryServiceLockStatusW
0x855014 QueryServiceStatus
0x855018 QueryServiceStatusEx
0x85501c QueryTraceW
0x855020 QueryAllTracesW
KERNEL32.dll
0x85509c FindClose
0x8550a0 FindFirstFileExW
0x8550a4 FindNextFileW
0x8550a8 FlushFileBuffers
0x8550ac GetFullPathNameW
0x8550b0 QueryDosDeviceW
0x8550b4 ReadFile
0x8550b8 SetEndOfFile
0x8550bc SetFileAttributesW
0x8550c0 WriteFile
0x8550c4 RaiseException
0x8550c8 GetLastError
0x8550cc SetErrorMode
0x8550d0 QueryPerformanceCounter
0x8550d4 QueryPerformanceFrequency
0x8550d8 GetProcessHeap
0x8550dc SetCriticalSectionSpinCount
0x8550e0 SetEvent
0x8550e4 Sleep
0x8550e8 QueryDepthSList
0x8550ec QueueUserAPC
0x8550f0 GetCurrentProcess
0x8550f4 GetCurrentProcessId
0x8550f8 GetCurrentThreadId
0x8550fc SetComputerNameExW
0x855100 SetComputerNameW
0x855104 VirtualProtect
0x855108 QueueUserWorkItem
0x85510c CreateTimerQueue
0x855110 SetEventWhenCallbackReturns
0x855114 WaitForThreadpoolWorkCallbacks
0x855118 WaitForThreadpoolTimerCallbacks
0x85511c WaitForThreadpoolWaitCallbacks
0x855120 WaitForThreadpoolIoCallbacks
0x855124 QueryInformationJobObject
0x855128 GetModuleFileNameW
0x85512c GetModuleHandleA
0x855130 GetModuleHandleW
0x855134 QueryThreadCycleTime
0x855138 QueryProcessCycleTime
0x85513c QueryIdleProcessorCycleTime
0x855140 QueryFullProcessImageNameW
0x855144 SetDllDirectoryW
0x855148 CreateFileW
0x85514c SetDefaultCommConfigW
0x855150 SetDynamicTimeZoneInformation
0x855154 SetConsoleMode
0x855158 ReadConsoleInputW
0x85515c ReadConsoleW
0x855160 SetConsoleCtrlHandler
0x855164 SetConsoleActiveScreenBuffer
0x855168 SetConsoleCP
0x85516c SetConsoleOutputCP
0x855170 SetConsoleCursorInfo
0x855174 SetConsoleCursorPosition
0x855178 ReadConsoleOutputCharacterW
0x85517c ReadConsoleOutputAttribute
0x855180 ReadConsoleOutputW
0x855184 SetCurrentConsoleFontEx
0x855188 SetConsoleHistoryInfo
0x85518c K32QueryWorkingSet
0x855190 K32QueryWorkingSetEx
0x855194 DecodePointer
0x855198 GetConsoleMode
0x85519c GetConsoleOutputCP
0x8551a0 SetFilePointerEx
0x8551a4 GetFileSizeEx
0x8551a8 HeapQueryInformation
0x8551ac HeapSize
0x8551b0 HeapReAlloc
0x8551b4 LCMapStringW
0x8551b8 CompareStringW
0x8551bc GetTimeFormatW
0x8551c0 GetDateFormatW
0x8551c4 GetTempPathW
0x8551c8 EnumSystemLocalesW
0x8551cc CloseHandle
0x8551d0 GetUserDefaultLCID
0x8551d4 IsValidLocale
0x8551d8 GetLocaleInfoW
0x8551dc GetStringTypeW
0x8551e0 SetStdHandle
0x8551e4 FreeEnvironmentStringsW
0x8551e8 GetEnvironmentStringsW
0x8551ec GetCommandLineA
0x8551f0 GetCPInfo
0x8551f4 GetOEMCP
0x8551f8 GetACP
0x8551fc IsValidCodePage
0x855200 GetCurrentThread
0x855204 WriteConsoleW
0x855208 OutputDebugStringW
0x85520c GetFileType
0x855210 GetSystemInfo
0x855214 HeapValidate
0x855218 ExitProcess
0x85521c SetCurrentDirectoryW
0x855220 ExpandEnvironmentStringsW
0x855224 SetEnvironmentVariableW
0x855228 GetEnvironmentVariableW
0x85522c GetCommandLineW
0x855230 GetStdHandle
0x855234 CopyFileW
0x855238 GetModuleHandleExW
0x85523c EncodePointer
0x855240 UnhandledExceptionFilter
0x855244 SetUnhandledExceptionFilter
0x855248 TerminateProcess
0x85524c IsProcessorFeaturePresent
0x855250 GetSystemTimeAsFileTime
0x855254 InitializeSListHead
0x855258 IsDebuggerPresent
0x85525c GetStartupInfoW
0x855260 MultiByteToWideChar
0x855264 WideCharToMultiByte
0x855268 HeapAlloc
0x85526c HeapFree
0x855270 VirtualQuery
0x855274 FreeLibrary
0x855278 GetProcAddress
0x85527c InterlockedPushEntrySList
0x855280 InterlockedFlushSList
0x855284 LoadLibraryExW
0x855288 RtlUnwind
0x85528c SetLastError
0x855290 EnterCriticalSection
0x855294 LeaveCriticalSection
0x855298 DeleteCriticalSection
0x85529c InitializeCriticalSectionAndSpinCount
0x8552a0 TlsAlloc
0x8552a4 TlsGetValue
0x8552a8 TlsSetValue
0x8552ac TlsFree
USER32.dll
0x855344 AppendMenuW
0x855348 wsprintfW
0x85534c LoadIconW
0x855350 LoadCursorW
0x855354 SetWindowLongW
0x855358 FillRect
0x85535c ClientToScreen
0x855360 GetCursorPos
0x855364 SetCursor
0x855368 SetCursorPos
0x85536c MessageBoxW
0x855370 SetWindowTextW
0x855374 GetUpdateRect
0x855378 ReleaseDC
0x85537c DrawTextW
0x855380 SetMenuItemInfoW
0x855384 TrackPopupMenu
0x855388 GetActiveWindow
0x85538c DestroyMenu
0x855390 CreatePopupMenu
0x855394 CharUpperW
0x855398 SendDlgItemMessageW
0x85539c IsDlgButtonChecked
0x8553a0 CheckDlgButton
0x8553a4 GetDlgItemTextW
0x8553a8 SetDlgItemTextW
0x8553ac SetDlgItemInt
0x8553b0 GetDlgItem
0x8553b4 IsWindow
0x8553b8 RegisterClassW
0x8553bc SetDoubleClickTime
0x8553c0 SendMessageW
GDI32.dll
0x855054 SetEnhMetaFileBits
0x855058 SetDIBitsToDevice
0x85505c SetDIBits
0x855060 SetDCPenColor
0x855064 SetDCBrushColor
0x855068 SetDIBColorTable
WINSPOOL.DRV
0x855408 None
EAT(Export Address Table) is none