ScreenShot
| Created | 2025.02.20 12:26 | Machine | s1_win7_x6401 |
| Filename | cabalmain.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 33 detected (Giant, Lazy, Unsafe, Save, malicious, confidence, Mazzec, Attribute, HighConfidence, high confidence, high, score, Generic ML PUA, Static AI, Suspicious PE, Wacatac, R566434, susgen, PossibleThreat) | ||
| md5 | b66b3067ed8dc4b46efc17cf619a7626 | ||
| sha256 | b8d000c3a1bffd4e429c70f8d7ff1f46a0e391bb8f9b823674473f5686991529 | ||
| ssdeep | 786432:un+hk3ne9HPNCdzj+6ARJnQ4UpEQRCjShkCVYVJN+:NGne9HP+m6AbnQ4UvRmSeCun | ||
| imphash | 57467bbebe360712f0cc6be70ccffc3b | ||
| impfuzzy | 96:8cfp95YU3A0MJ44Xc4Ue5zzgU83ck1C/XZqUL5DwPOQT:33+wL1CfZB+POQT | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 33 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (15cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | EnigmaProtector_IN | EnigmaProtector | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| warning | themida_packer | themida packer | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | ftp_command | ftp command | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x1144168 DeleteCriticalSection
0x114416c LeaveCriticalSection
0x1144170 EnterCriticalSection
0x1144174 InitializeCriticalSection
0x1144178 VirtualFree
0x114417c VirtualAlloc
0x1144180 LocalFree
0x1144184 LocalAlloc
0x1144188 GetTickCount
0x114418c QueryPerformanceCounter
0x1144190 GetVersion
0x1144194 GetCurrentThreadId
0x1144198 InterlockedDecrement
0x114419c InterlockedIncrement
0x11441a0 VirtualQuery
0x11441a4 WideCharToMultiByte
0x11441a8 MultiByteToWideChar
0x11441ac lstrlenA
0x11441b0 lstrcpynA
0x11441b4 LoadLibraryExA
0x11441b8 GetThreadLocale
0x11441bc GetStartupInfoA
0x11441c0 GetProcAddress
0x11441c4 GetModuleHandleA
0x11441c8 GetModuleFileNameA
0x11441cc GetLocaleInfoA
0x11441d0 GetCommandLineA
0x11441d4 FreeLibrary
0x11441d8 FindFirstFileA
0x11441dc FindClose
0x11441e0 ExitProcess
0x11441e4 ExitThread
0x11441e8 WriteFile
0x11441ec UnhandledExceptionFilter
0x11441f0 RtlUnwind
0x11441f4 RaiseException
0x11441f8 GetStdHandle
user32.dll
0x1144200 GetKeyboardType
0x1144204 LoadStringA
0x1144208 MessageBoxA
0x114420c CharNextA
advapi32.dll
0x1144214 RegQueryValueExA
0x1144218 RegOpenKeyExA
0x114421c RegCloseKey
oleaut32.dll
0x1144224 SysFreeString
0x1144228 SysReAllocStringLen
0x114422c SysAllocStringLen
kernel32.dll
0x1144234 TlsSetValue
0x1144238 TlsGetValue
0x114423c TlsFree
0x1144240 TlsAlloc
0x1144244 LocalFree
0x1144248 LocalAlloc
advapi32.dll
0x1144250 RegOpenKeyA
kernel32.dll
0x1144258 WriteProcessMemory
0x114425c WriteFile
0x1144260 WideCharToMultiByte
0x1144264 WaitForSingleObject
0x1144268 VirtualQuery
0x114426c VirtualProtectEx
0x1144270 VirtualProtect
0x1144274 VirtualFree
0x1144278 VirtualAllocEx
0x114427c VirtualAlloc
0x1144280 SystemTimeToFileTime
0x1144284 SizeofResource
0x1144288 SetThreadContext
0x114428c SetLastError
0x1144290 SetFilePointer
0x1144294 SetFileAttributesW
0x1144298 SetFileAttributesA
0x114429c SetEvent
0x11442a0 SetErrorMode
0x11442a4 SetEndOfFile
0x11442a8 SetCurrentDirectoryW
0x11442ac SetCurrentDirectoryA
0x11442b0 ResetEvent
0x11442b4 RemoveDirectoryW
0x11442b8 RemoveDirectoryA
0x11442bc ReadProcessMemory
0x11442c0 ReadFile
0x11442c4 RaiseException
0x11442c8 QueryDosDeviceW
0x11442cc PostQueuedCompletionStatus
0x11442d0 MultiByteToWideChar
0x11442d4 LockResource
0x11442d8 LoadResource
0x11442dc LoadLibraryW
0x11442e0 LoadLibraryA
0x11442e4 LeaveCriticalSection
0x11442e8 IsBadWritePtr
0x11442ec IsBadStringPtrW
0x11442f0 IsBadReadPtr
0x11442f4 InitializeCriticalSection
0x11442f8 GetWindowsDirectoryW
0x11442fc GetWindowsDirectoryA
0x1144300 GetVersionExA
0x1144304 GetVersion
0x1144308 GetThreadLocale
0x114430c GetThreadContext
0x1144310 GetTempPathW
0x1144314 GetTempPathA
0x1144318 GetTempFileNameW
0x114431c GetTempFileNameA
0x1144320 GetSystemDirectoryW
0x1144324 GetSystemDirectoryA
0x1144328 GetStringTypeExW
0x114432c GetStringTypeExA
0x1144330 GetStdHandle
0x1144334 GetProcAddress
0x1144338 GetModuleHandleA
0x114433c GetModuleFileNameW
0x1144340 GetModuleFileNameA
0x1144344 GetLogicalDriveStringsW
0x1144348 GetLocaleInfoW
0x114434c GetLocaleInfoA
0x1144350 GetLocalTime
0x1144354 GetLastError
0x1144358 GetFullPathNameW
0x114435c GetFullPathNameA
0x1144360 GetFileSize
0x1144364 GetFileAttributesW
0x1144368 GetFileAttributesA
0x114436c GetDiskFreeSpaceA
0x1144370 GetDateFormatA
0x1144374 GetCurrentThreadId
0x1144378 GetCurrentProcessId
0x114437c GetCurrentProcess
0x1144380 GetCurrentDirectoryW
0x1144384 GetCurrentDirectoryA
0x1144388 GetCPInfo
0x114438c GetACP
0x1144390 FreeResource
0x1144394 FreeLibrary
0x1144398 FormatMessageA
0x114439c FlushInstructionCache
0x11443a0 FlushFileBuffers
0x11443a4 FindResourceW
0x11443a8 FindNextFileW
0x11443ac FindNextFileA
0x11443b0 FindFirstFileW
0x11443b4 FindFirstFileA
0x11443b8 FindClose
0x11443bc FileTimeToLocalFileTime
0x11443c0 FileTimeToDosDateTime
0x11443c4 ExitProcess
0x11443c8 EnumCalendarInfoA
0x11443cc EnterCriticalSection
0x11443d0 DeleteFileW
0x11443d4 DeleteFileA
0x11443d8 DeleteCriticalSection
0x11443dc CreateRemoteThread
0x11443e0 CreateFileW
0x11443e4 CreateFileA
0x11443e8 CreateEventA
0x11443ec CreateDirectoryW
0x11443f0 CreateDirectoryA
0x11443f4 CompareStringW
0x11443f8 CompareStringA
0x11443fc CloseHandle
user32.dll
0x1144404 MessageBoxW
0x1144408 MessageBoxA
0x114440c LoadStringA
0x1144410 GetSystemMetrics
0x1144414 CharUpperBuffW
0x1144418 CharUpperW
0x114441c CharLowerBuffW
0x1144420 CharLowerW
0x1144424 CharNextA
0x1144428 CharLowerA
0x114442c CharUpperA
0x1144430 CharToOemA
kernel32.dll
0x1144438 Sleep
kernel32.dll
0x1144440 CreateActCtxW
0x1144444 QueryDosDeviceW
0x1144448 GetModuleHandleA
0x114444c GetProcAddress
ole32.dll
0x1144454 CreateStreamOnHGlobal
0x1144458 CoUninitialize
0x114445c CoInitialize
oleaut32.dll
0x1144464 GetErrorInfo
0x1144468 SysFreeString
oleaut32.dll
0x1144470 SafeArrayPtrOfIndex
0x1144474 SafeArrayGetUBound
0x1144478 SafeArrayGetLBound
0x114447c SafeArrayCreate
0x1144480 VariantChangeType
0x1144484 VariantCopy
0x1144488 VariantClear
0x114448c VariantInit
ntdll.dll
0x1144494 RtlInitUnicodeString
0x1144498 RtlFreeUnicodeString
0x114449c RtlFormatCurrentUserKeyPath
0x11444a0 RtlDosPathNameToNtPathName_U
SHFolder.dll
0x11444a8 SHGetFolderPathW
0x11444ac SHGetFolderPathA
ntdll.dll
0x11444b4 ZwProtectVirtualMemory
shlwapi.dll
0x11444bc PathMatchSpecW
EAT(Export Address Table) Library
0xa0d850 fcEXP
kernel32.dll
0x1144168 DeleteCriticalSection
0x114416c LeaveCriticalSection
0x1144170 EnterCriticalSection
0x1144174 InitializeCriticalSection
0x1144178 VirtualFree
0x114417c VirtualAlloc
0x1144180 LocalFree
0x1144184 LocalAlloc
0x1144188 GetTickCount
0x114418c QueryPerformanceCounter
0x1144190 GetVersion
0x1144194 GetCurrentThreadId
0x1144198 InterlockedDecrement
0x114419c InterlockedIncrement
0x11441a0 VirtualQuery
0x11441a4 WideCharToMultiByte
0x11441a8 MultiByteToWideChar
0x11441ac lstrlenA
0x11441b0 lstrcpynA
0x11441b4 LoadLibraryExA
0x11441b8 GetThreadLocale
0x11441bc GetStartupInfoA
0x11441c0 GetProcAddress
0x11441c4 GetModuleHandleA
0x11441c8 GetModuleFileNameA
0x11441cc GetLocaleInfoA
0x11441d0 GetCommandLineA
0x11441d4 FreeLibrary
0x11441d8 FindFirstFileA
0x11441dc FindClose
0x11441e0 ExitProcess
0x11441e4 ExitThread
0x11441e8 WriteFile
0x11441ec UnhandledExceptionFilter
0x11441f0 RtlUnwind
0x11441f4 RaiseException
0x11441f8 GetStdHandle
user32.dll
0x1144200 GetKeyboardType
0x1144204 LoadStringA
0x1144208 MessageBoxA
0x114420c CharNextA
advapi32.dll
0x1144214 RegQueryValueExA
0x1144218 RegOpenKeyExA
0x114421c RegCloseKey
oleaut32.dll
0x1144224 SysFreeString
0x1144228 SysReAllocStringLen
0x114422c SysAllocStringLen
kernel32.dll
0x1144234 TlsSetValue
0x1144238 TlsGetValue
0x114423c TlsFree
0x1144240 TlsAlloc
0x1144244 LocalFree
0x1144248 LocalAlloc
advapi32.dll
0x1144250 RegOpenKeyA
kernel32.dll
0x1144258 WriteProcessMemory
0x114425c WriteFile
0x1144260 WideCharToMultiByte
0x1144264 WaitForSingleObject
0x1144268 VirtualQuery
0x114426c VirtualProtectEx
0x1144270 VirtualProtect
0x1144274 VirtualFree
0x1144278 VirtualAllocEx
0x114427c VirtualAlloc
0x1144280 SystemTimeToFileTime
0x1144284 SizeofResource
0x1144288 SetThreadContext
0x114428c SetLastError
0x1144290 SetFilePointer
0x1144294 SetFileAttributesW
0x1144298 SetFileAttributesA
0x114429c SetEvent
0x11442a0 SetErrorMode
0x11442a4 SetEndOfFile
0x11442a8 SetCurrentDirectoryW
0x11442ac SetCurrentDirectoryA
0x11442b0 ResetEvent
0x11442b4 RemoveDirectoryW
0x11442b8 RemoveDirectoryA
0x11442bc ReadProcessMemory
0x11442c0 ReadFile
0x11442c4 RaiseException
0x11442c8 QueryDosDeviceW
0x11442cc PostQueuedCompletionStatus
0x11442d0 MultiByteToWideChar
0x11442d4 LockResource
0x11442d8 LoadResource
0x11442dc LoadLibraryW
0x11442e0 LoadLibraryA
0x11442e4 LeaveCriticalSection
0x11442e8 IsBadWritePtr
0x11442ec IsBadStringPtrW
0x11442f0 IsBadReadPtr
0x11442f4 InitializeCriticalSection
0x11442f8 GetWindowsDirectoryW
0x11442fc GetWindowsDirectoryA
0x1144300 GetVersionExA
0x1144304 GetVersion
0x1144308 GetThreadLocale
0x114430c GetThreadContext
0x1144310 GetTempPathW
0x1144314 GetTempPathA
0x1144318 GetTempFileNameW
0x114431c GetTempFileNameA
0x1144320 GetSystemDirectoryW
0x1144324 GetSystemDirectoryA
0x1144328 GetStringTypeExW
0x114432c GetStringTypeExA
0x1144330 GetStdHandle
0x1144334 GetProcAddress
0x1144338 GetModuleHandleA
0x114433c GetModuleFileNameW
0x1144340 GetModuleFileNameA
0x1144344 GetLogicalDriveStringsW
0x1144348 GetLocaleInfoW
0x114434c GetLocaleInfoA
0x1144350 GetLocalTime
0x1144354 GetLastError
0x1144358 GetFullPathNameW
0x114435c GetFullPathNameA
0x1144360 GetFileSize
0x1144364 GetFileAttributesW
0x1144368 GetFileAttributesA
0x114436c GetDiskFreeSpaceA
0x1144370 GetDateFormatA
0x1144374 GetCurrentThreadId
0x1144378 GetCurrentProcessId
0x114437c GetCurrentProcess
0x1144380 GetCurrentDirectoryW
0x1144384 GetCurrentDirectoryA
0x1144388 GetCPInfo
0x114438c GetACP
0x1144390 FreeResource
0x1144394 FreeLibrary
0x1144398 FormatMessageA
0x114439c FlushInstructionCache
0x11443a0 FlushFileBuffers
0x11443a4 FindResourceW
0x11443a8 FindNextFileW
0x11443ac FindNextFileA
0x11443b0 FindFirstFileW
0x11443b4 FindFirstFileA
0x11443b8 FindClose
0x11443bc FileTimeToLocalFileTime
0x11443c0 FileTimeToDosDateTime
0x11443c4 ExitProcess
0x11443c8 EnumCalendarInfoA
0x11443cc EnterCriticalSection
0x11443d0 DeleteFileW
0x11443d4 DeleteFileA
0x11443d8 DeleteCriticalSection
0x11443dc CreateRemoteThread
0x11443e0 CreateFileW
0x11443e4 CreateFileA
0x11443e8 CreateEventA
0x11443ec CreateDirectoryW
0x11443f0 CreateDirectoryA
0x11443f4 CompareStringW
0x11443f8 CompareStringA
0x11443fc CloseHandle
user32.dll
0x1144404 MessageBoxW
0x1144408 MessageBoxA
0x114440c LoadStringA
0x1144410 GetSystemMetrics
0x1144414 CharUpperBuffW
0x1144418 CharUpperW
0x114441c CharLowerBuffW
0x1144420 CharLowerW
0x1144424 CharNextA
0x1144428 CharLowerA
0x114442c CharUpperA
0x1144430 CharToOemA
kernel32.dll
0x1144438 Sleep
kernel32.dll
0x1144440 CreateActCtxW
0x1144444 QueryDosDeviceW
0x1144448 GetModuleHandleA
0x114444c GetProcAddress
ole32.dll
0x1144454 CreateStreamOnHGlobal
0x1144458 CoUninitialize
0x114445c CoInitialize
oleaut32.dll
0x1144464 GetErrorInfo
0x1144468 SysFreeString
oleaut32.dll
0x1144470 SafeArrayPtrOfIndex
0x1144474 SafeArrayGetUBound
0x1144478 SafeArrayGetLBound
0x114447c SafeArrayCreate
0x1144480 VariantChangeType
0x1144484 VariantCopy
0x1144488 VariantClear
0x114448c VariantInit
ntdll.dll
0x1144494 RtlInitUnicodeString
0x1144498 RtlFreeUnicodeString
0x114449c RtlFormatCurrentUserKeyPath
0x11444a0 RtlDosPathNameToNtPathName_U
SHFolder.dll
0x11444a8 SHGetFolderPathW
0x11444ac SHGetFolderPathA
ntdll.dll
0x11444b4 ZwProtectVirtualMemory
shlwapi.dll
0x11444bc PathMatchSpecW
EAT(Export Address Table) Library
0xa0d850 fcEXP