ScreenShot
| Created | 2025.03.08 12:55 | Machine | s1_win7_x6403 |
| Filename | a53ed9c6-b552-4b04-a2c3-d557eae174a4 | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 46 detected (ClipBanker, Malicious, score, Sonbokli, GenericKD, Unsafe, Save, confidence, Genus, Attribute, HighConfidence, CrypterX, XAKLZVWUl5Q, fgtqd, Static AI, Suspicious PE, Detected, Amadey, ABTrojan, PSKE, Artemis, Chgt, R002H09C525, susgen, A9uj) | ||
| md5 | 5d43f5bb6521b71f084afe8f3eab201a | ||
| sha256 | 5e4fcbbd458a244fcf2dc879ffabdbc6feba611a5934887e6eefc5b42d5ca37d | ||
| ssdeep | 24576:ulBq4/QlK9/CqNzb5lgV6tZVPKilGRx1D:ulBj/V6QtGile | ||
| imphash | cfca4a34c112c1814d56edc0be75de3a | ||
| impfuzzy | 96:IgB4bjQMpxfXzW4uCBQHt07Bg/VtURGyc4KWNk:rB8LW4P3St8KUk | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Detects the presence of Wine emulator |
| notice | Starts servers listening |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | ftp_command | ftp command | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Suricata ids
ET HUNTING Telegram API Domain in DNS Lookup
ET INFO TLS Handshake Failure
ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)
ET INFO TLS Handshake Failure
ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1400a30d8 GetFileType
0x1400a30e0 ReadFile
0x1400a30e8 PeekNamedPipe
0x1400a30f0 WaitForMultipleObjects
0x1400a30f8 GetCurrentProcessId
0x1400a3100 SleepEx
0x1400a3108 VerSetConditionMask
0x1400a3110 VerifyVersionInfoW
0x1400a3118 CreateFileA
0x1400a3120 GetFileSizeEx
0x1400a3128 WriteConsoleW
0x1400a3130 HeapSize
0x1400a3138 DeleteFileW
0x1400a3140 GetStdHandle
0x1400a3148 GetEnvironmentVariableA
0x1400a3150 WaitForSingleObjectEx
0x1400a3158 CloseHandle
0x1400a3160 MoveFileExA
0x1400a3168 FormatMessageW
0x1400a3170 SetLastError
0x1400a3178 GetLastError
0x1400a3180 WideCharToMultiByte
0x1400a3188 MultiByteToWideChar
0x1400a3190 GetProcessHeap
0x1400a3198 Sleep
0x1400a31a0 FreeEnvironmentStringsW
0x1400a31a8 GetEnvironmentStringsW
0x1400a31b0 GetOEMCP
0x1400a31b8 GetACP
0x1400a31c0 IsValidCodePage
0x1400a31c8 FindNextFileW
0x1400a31d0 FindFirstFileExW
0x1400a31d8 FindClose
0x1400a31e0 GetTimeZoneInformation
0x1400a31e8 GetFullPathNameW
0x1400a31f0 GetCurrentDirectoryW
0x1400a31f8 SetEndOfFile
0x1400a3200 SetStdHandle
0x1400a3208 GetFileAttributesExW
0x1400a3210 FlushFileBuffers
0x1400a3218 EnumSystemLocalesW
0x1400a3220 GetUserDefaultLCID
0x1400a3228 IsValidLocale
0x1400a3230 GetLocaleInfoW
0x1400a3238 LCMapStringW
0x1400a3240 CompareStringW
0x1400a3248 GetTimeFormatW
0x1400a3250 GetDateFormatW
0x1400a3258 FlsFree
0x1400a3260 FlsSetValue
0x1400a3268 FlsGetValue
0x1400a3270 FlsAlloc
0x1400a3278 HeapReAlloc
0x1400a3280 HeapFree
0x1400a3288 HeapAlloc
0x1400a3290 LoadLibraryA
0x1400a3298 GetProcAddress
0x1400a32a0 GetModuleHandleA
0x1400a32a8 FreeLibrary
0x1400a32b0 GetSystemDirectoryA
0x1400a32b8 QueryPerformanceFrequency
0x1400a32c0 DeleteCriticalSection
0x1400a32c8 InitializeCriticalSectionEx
0x1400a32d0 LeaveCriticalSection
0x1400a32d8 EnterCriticalSection
0x1400a32e0 GetTickCount
0x1400a32e8 QueryPerformanceCounter
0x1400a32f0 AcquireSRWLockExclusive
0x1400a32f8 ReleaseSRWLockExclusive
0x1400a3300 GetConsoleWindow
0x1400a3308 SetEnvironmentVariableW
0x1400a3310 VirtualAlloc
0x1400a3318 GetConsoleOutputCP
0x1400a3320 ReadConsoleW
0x1400a3328 GetConsoleMode
0x1400a3330 GetCommandLineW
0x1400a3338 GetCommandLineA
0x1400a3340 ExitProcess
0x1400a3348 GetModuleFileNameW
0x1400a3350 RtlUnwind
0x1400a3358 WriteFile
0x1400a3360 SetFilePointerEx
0x1400a3368 GetModuleHandleExW
0x1400a3370 FreeLibraryAndExitThread
0x1400a3378 ExitThread
0x1400a3380 CreateThread
0x1400a3388 FileTimeToSystemTime
0x1400a3390 SystemTimeToTzSpecificLocalTime
0x1400a3398 GetFileInformationByHandle
0x1400a33a0 GetDriveTypeW
0x1400a33a8 CreateFileW
0x1400a33b0 LoadLibraryExW
0x1400a33b8 TlsFree
0x1400a33c0 TlsSetValue
0x1400a33c8 EncodePointer
0x1400a33d0 DecodePointer
0x1400a33d8 LCMapStringEx
0x1400a33e0 GetStringTypeW
0x1400a33e8 GetCPInfo
0x1400a33f0 RtlCaptureContext
0x1400a33f8 RtlLookupFunctionEntry
0x1400a3400 RtlVirtualUnwind
0x1400a3408 UnhandledExceptionFilter
0x1400a3410 SetUnhandledExceptionFilter
0x1400a3418 GetCurrentProcess
0x1400a3420 TerminateProcess
0x1400a3428 IsProcessorFeaturePresent
0x1400a3430 WakeAllConditionVariable
0x1400a3438 SleepConditionVariableSRW
0x1400a3440 GetCurrentThreadId
0x1400a3448 GetSystemTimeAsFileTime
0x1400a3450 InitializeSListHead
0x1400a3458 IsDebuggerPresent
0x1400a3460 GetStartupInfoW
0x1400a3468 GetModuleHandleW
0x1400a3470 RtlUnwindEx
0x1400a3478 RtlPcToFileHeader
0x1400a3480 RaiseException
0x1400a3488 InitializeCriticalSectionAndSpinCount
0x1400a3490 TlsAlloc
0x1400a3498 TlsGetValue
USER32.dll
0x1400a34c0 ShowWindow
ADVAPI32.dll
0x1400a3000 CryptAcquireContextA
0x1400a3008 CryptCreateHash
0x1400a3010 CryptHashData
0x1400a3018 CryptDestroyHash
0x1400a3020 CryptDestroyKey
0x1400a3028 CryptImportKey
0x1400a3030 CryptEncrypt
0x1400a3038 CryptReleaseContext
0x1400a3040 CryptGetHashParam
WS2_32.dll
0x1400a3568 getpeername
0x1400a3570 sendto
0x1400a3578 recvfrom
0x1400a3580 freeaddrinfo
0x1400a3588 ioctlsocket
0x1400a3590 gethostname
0x1400a3598 recv
0x1400a35a0 listen
0x1400a35a8 htonl
0x1400a35b0 getsockname
0x1400a35b8 connect
0x1400a35c0 ind
0x1400a35c8 accept
0x1400a35d0 select
0x1400a35d8 __WSAFDIsSet
0x1400a35e0 socket
0x1400a35e8 htons
0x1400a35f0 WSAIoctl
0x1400a35f8 setsockopt
0x1400a3600 WSACleanup
0x1400a3608 WSAStartup
0x1400a3610 WSASetLastError
0x1400a3618 ntohs
0x1400a3620 WSAGetLastError
0x1400a3628 closesocket
0x1400a3630 WSAWaitForMultipleEvents
0x1400a3638 WSAResetEvent
0x1400a3640 WSAEventSelect
0x1400a3648 WSAEnumNetworkEvents
0x1400a3650 WSACreateEvent
0x1400a3658 WSACloseEvent
0x1400a3660 send
0x1400a3668 getsockopt
0x1400a3670 getaddrinfo
CRYPT32.dll
0x1400a3050 CryptStringToBinaryA
0x1400a3058 CertFreeCertificateContext
0x1400a3060 CryptDecodeObjectEx
0x1400a3068 CertEnumCertificatesInStore
0x1400a3070 CertCloseStore
0x1400a3078 CertOpenStore
0x1400a3080 CertAddCertificateContextToStore
0x1400a3088 PFXImportCertStore
0x1400a3090 CertFindExtension
0x1400a3098 CertGetNameStringA
0x1400a30a0 CryptQueryObject
0x1400a30a8 CertCreateCertificateChainEngine
0x1400a30b0 CertFreeCertificateChainEngine
0x1400a30b8 CertGetCertificateChain
0x1400a30c0 CertFindCertificateInStore
0x1400a30c8 CertFreeCertificateChain
WLDAP32.dll
0x1400a34d0 None
0x1400a34d8 None
0x1400a34e0 None
0x1400a34e8 None
0x1400a34f0 None
0x1400a34f8 None
0x1400a3500 None
0x1400a3508 None
0x1400a3510 None
0x1400a3518 None
0x1400a3520 None
0x1400a3528 None
0x1400a3530 None
0x1400a3538 None
0x1400a3540 None
0x1400a3548 None
0x1400a3550 None
0x1400a3558 None
Normaliz.dll
0x1400a34a8 IdnToUnicode
0x1400a34b0 IdnToAscii
crypt.dll
0x1400a3680 BCryptGenRandom
EAT(Export Address Table) is none
KERNEL32.dll
0x1400a30d8 GetFileType
0x1400a30e0 ReadFile
0x1400a30e8 PeekNamedPipe
0x1400a30f0 WaitForMultipleObjects
0x1400a30f8 GetCurrentProcessId
0x1400a3100 SleepEx
0x1400a3108 VerSetConditionMask
0x1400a3110 VerifyVersionInfoW
0x1400a3118 CreateFileA
0x1400a3120 GetFileSizeEx
0x1400a3128 WriteConsoleW
0x1400a3130 HeapSize
0x1400a3138 DeleteFileW
0x1400a3140 GetStdHandle
0x1400a3148 GetEnvironmentVariableA
0x1400a3150 WaitForSingleObjectEx
0x1400a3158 CloseHandle
0x1400a3160 MoveFileExA
0x1400a3168 FormatMessageW
0x1400a3170 SetLastError
0x1400a3178 GetLastError
0x1400a3180 WideCharToMultiByte
0x1400a3188 MultiByteToWideChar
0x1400a3190 GetProcessHeap
0x1400a3198 Sleep
0x1400a31a0 FreeEnvironmentStringsW
0x1400a31a8 GetEnvironmentStringsW
0x1400a31b0 GetOEMCP
0x1400a31b8 GetACP
0x1400a31c0 IsValidCodePage
0x1400a31c8 FindNextFileW
0x1400a31d0 FindFirstFileExW
0x1400a31d8 FindClose
0x1400a31e0 GetTimeZoneInformation
0x1400a31e8 GetFullPathNameW
0x1400a31f0 GetCurrentDirectoryW
0x1400a31f8 SetEndOfFile
0x1400a3200 SetStdHandle
0x1400a3208 GetFileAttributesExW
0x1400a3210 FlushFileBuffers
0x1400a3218 EnumSystemLocalesW
0x1400a3220 GetUserDefaultLCID
0x1400a3228 IsValidLocale
0x1400a3230 GetLocaleInfoW
0x1400a3238 LCMapStringW
0x1400a3240 CompareStringW
0x1400a3248 GetTimeFormatW
0x1400a3250 GetDateFormatW
0x1400a3258 FlsFree
0x1400a3260 FlsSetValue
0x1400a3268 FlsGetValue
0x1400a3270 FlsAlloc
0x1400a3278 HeapReAlloc
0x1400a3280 HeapFree
0x1400a3288 HeapAlloc
0x1400a3290 LoadLibraryA
0x1400a3298 GetProcAddress
0x1400a32a0 GetModuleHandleA
0x1400a32a8 FreeLibrary
0x1400a32b0 GetSystemDirectoryA
0x1400a32b8 QueryPerformanceFrequency
0x1400a32c0 DeleteCriticalSection
0x1400a32c8 InitializeCriticalSectionEx
0x1400a32d0 LeaveCriticalSection
0x1400a32d8 EnterCriticalSection
0x1400a32e0 GetTickCount
0x1400a32e8 QueryPerformanceCounter
0x1400a32f0 AcquireSRWLockExclusive
0x1400a32f8 ReleaseSRWLockExclusive
0x1400a3300 GetConsoleWindow
0x1400a3308 SetEnvironmentVariableW
0x1400a3310 VirtualAlloc
0x1400a3318 GetConsoleOutputCP
0x1400a3320 ReadConsoleW
0x1400a3328 GetConsoleMode
0x1400a3330 GetCommandLineW
0x1400a3338 GetCommandLineA
0x1400a3340 ExitProcess
0x1400a3348 GetModuleFileNameW
0x1400a3350 RtlUnwind
0x1400a3358 WriteFile
0x1400a3360 SetFilePointerEx
0x1400a3368 GetModuleHandleExW
0x1400a3370 FreeLibraryAndExitThread
0x1400a3378 ExitThread
0x1400a3380 CreateThread
0x1400a3388 FileTimeToSystemTime
0x1400a3390 SystemTimeToTzSpecificLocalTime
0x1400a3398 GetFileInformationByHandle
0x1400a33a0 GetDriveTypeW
0x1400a33a8 CreateFileW
0x1400a33b0 LoadLibraryExW
0x1400a33b8 TlsFree
0x1400a33c0 TlsSetValue
0x1400a33c8 EncodePointer
0x1400a33d0 DecodePointer
0x1400a33d8 LCMapStringEx
0x1400a33e0 GetStringTypeW
0x1400a33e8 GetCPInfo
0x1400a33f0 RtlCaptureContext
0x1400a33f8 RtlLookupFunctionEntry
0x1400a3400 RtlVirtualUnwind
0x1400a3408 UnhandledExceptionFilter
0x1400a3410 SetUnhandledExceptionFilter
0x1400a3418 GetCurrentProcess
0x1400a3420 TerminateProcess
0x1400a3428 IsProcessorFeaturePresent
0x1400a3430 WakeAllConditionVariable
0x1400a3438 SleepConditionVariableSRW
0x1400a3440 GetCurrentThreadId
0x1400a3448 GetSystemTimeAsFileTime
0x1400a3450 InitializeSListHead
0x1400a3458 IsDebuggerPresent
0x1400a3460 GetStartupInfoW
0x1400a3468 GetModuleHandleW
0x1400a3470 RtlUnwindEx
0x1400a3478 RtlPcToFileHeader
0x1400a3480 RaiseException
0x1400a3488 InitializeCriticalSectionAndSpinCount
0x1400a3490 TlsAlloc
0x1400a3498 TlsGetValue
USER32.dll
0x1400a34c0 ShowWindow
ADVAPI32.dll
0x1400a3000 CryptAcquireContextA
0x1400a3008 CryptCreateHash
0x1400a3010 CryptHashData
0x1400a3018 CryptDestroyHash
0x1400a3020 CryptDestroyKey
0x1400a3028 CryptImportKey
0x1400a3030 CryptEncrypt
0x1400a3038 CryptReleaseContext
0x1400a3040 CryptGetHashParam
WS2_32.dll
0x1400a3568 getpeername
0x1400a3570 sendto
0x1400a3578 recvfrom
0x1400a3580 freeaddrinfo
0x1400a3588 ioctlsocket
0x1400a3590 gethostname
0x1400a3598 recv
0x1400a35a0 listen
0x1400a35a8 htonl
0x1400a35b0 getsockname
0x1400a35b8 connect
0x1400a35c0 ind
0x1400a35c8 accept
0x1400a35d0 select
0x1400a35d8 __WSAFDIsSet
0x1400a35e0 socket
0x1400a35e8 htons
0x1400a35f0 WSAIoctl
0x1400a35f8 setsockopt
0x1400a3600 WSACleanup
0x1400a3608 WSAStartup
0x1400a3610 WSASetLastError
0x1400a3618 ntohs
0x1400a3620 WSAGetLastError
0x1400a3628 closesocket
0x1400a3630 WSAWaitForMultipleEvents
0x1400a3638 WSAResetEvent
0x1400a3640 WSAEventSelect
0x1400a3648 WSAEnumNetworkEvents
0x1400a3650 WSACreateEvent
0x1400a3658 WSACloseEvent
0x1400a3660 send
0x1400a3668 getsockopt
0x1400a3670 getaddrinfo
CRYPT32.dll
0x1400a3050 CryptStringToBinaryA
0x1400a3058 CertFreeCertificateContext
0x1400a3060 CryptDecodeObjectEx
0x1400a3068 CertEnumCertificatesInStore
0x1400a3070 CertCloseStore
0x1400a3078 CertOpenStore
0x1400a3080 CertAddCertificateContextToStore
0x1400a3088 PFXImportCertStore
0x1400a3090 CertFindExtension
0x1400a3098 CertGetNameStringA
0x1400a30a0 CryptQueryObject
0x1400a30a8 CertCreateCertificateChainEngine
0x1400a30b0 CertFreeCertificateChainEngine
0x1400a30b8 CertGetCertificateChain
0x1400a30c0 CertFindCertificateInStore
0x1400a30c8 CertFreeCertificateChain
WLDAP32.dll
0x1400a34d0 None
0x1400a34d8 None
0x1400a34e0 None
0x1400a34e8 None
0x1400a34f0 None
0x1400a34f8 None
0x1400a3500 None
0x1400a3508 None
0x1400a3510 None
0x1400a3518 None
0x1400a3520 None
0x1400a3528 None
0x1400a3530 None
0x1400a3538 None
0x1400a3540 None
0x1400a3548 None
0x1400a3550 None
0x1400a3558 None
Normaliz.dll
0x1400a34a8 IdnToUnicode
0x1400a34b0 IdnToAscii
crypt.dll
0x1400a3680 BCryptGenRandom
EAT(Export Address Table) is none