ScreenShot
| Created | 2025.03.12 11:37 | Machine | s1_win7_x6403 |
| Filename | boilfdsefSQ.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 43 detected (AIDetectMalware, Remcos, Malicious, score, RemcosRAT, S31331583, Dump, Dacic, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, high confidence, Rescoms, Real Protect, Static AI, Malicious PE, YMF452, Eldorado, R693547, GenericRXVH, BScope, PE04C9V, Genetic) | ||
| md5 | e5a997dcd4d6fc4d01ba75c6acfdc098 | ||
| sha256 | f41eafd14e60035082f6313e0f7cbbff3a6e90defe48aa3e000793b94b007e87 | ||
| ssdeep | 6144:JIdUXq44bq4LrqMUz2y6cdjJ4nCb0KhEekcdK5xAO2XjXapGc3Fou:JIdU6tdyDJZQKhEe7WAXWp7ou | ||
| imphash | f2fe0712ecb6c4feca65be4f410e904e | ||
| impfuzzy | 96:ES7JnaLHcp+UhMJUrZdS+fVL/DmjRKpFNUzMKd3pdB73lG:EwEMZwUqN9TZpZG | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 43 AntiVirus engines on VirusTotal as malicious |
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| notice | A process attempted to delay the analysis task. |
| notice | Resolves a suspicious Top Level Domain (TLD) |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | infoStealer_browser_b_Zero | browser info stealer | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x44d0b8 VirtualAlloc
0x44d0bc LoadLibraryA
0x44d0c0 GetNativeSystemInfo
0x44d0c4 HeapAlloc
0x44d0c8 GetProcAddress
0x44d0cc GetProcessHeap
0x44d0d0 FreeLibrary
0x44d0d4 IsBadReadPtr
0x44d0d8 GetCurrentProcess
0x44d0dc GetSystemDirectoryA
0x44d0e0 GlobalAlloc
0x44d0e4 GlobalLock
0x44d0e8 GetCurrentProcessId
0x44d0ec GetTickCount
0x44d0f0 GlobalUnlock
0x44d0f4 LocalAlloc
0x44d0f8 GetModuleHandleA
0x44d0fc GlobalFree
0x44d100 MulDiv
0x44d104 SizeofResource
0x44d108 QueryDosDeviceW
0x44d10c FindFirstVolumeW
0x44d110 GetConsoleScreenBufferInfo
0x44d114 SetConsoleTextAttribute
0x44d118 lstrlenW
0x44d11c GetStdHandle
0x44d120 RemoveDirectoryW
0x44d124 FindResourceA
0x44d128 OpenProcess
0x44d12c lstrcatW
0x44d130 LockResource
0x44d134 LoadLibraryW
0x44d138 LoadResource
0x44d13c LocalFree
0x44d140 GetFileSize
0x44d144 FindVolumeClose
0x44d148 GetVolumePathNamesForVolumeNameW
0x44d14c lstrcpyW
0x44d150 SetConsoleOutputCP
0x44d154 FormatMessageA
0x44d158 FindNextVolumeW
0x44d15c VirtualFree
0x44d160 GetLastError
0x44d164 GetModuleFileNameA
0x44d168 lstrcpynA
0x44d16c QueryPerformanceFrequency
0x44d170 QueryPerformanceCounter
0x44d174 EnterCriticalSection
0x44d178 LeaveCriticalSection
0x44d17c InitializeCriticalSection
0x44d180 DeleteCriticalSection
0x44d184 HeapSize
0x44d188 WriteConsoleW
0x44d18c SetStdHandle
0x44d190 SetEnvironmentVariableW
0x44d194 SetEnvironmentVariableA
0x44d198 FreeEnvironmentStringsW
0x44d19c GetEnvironmentStringsW
0x44d1a0 GetCommandLineW
0x44d1a4 GetCommandLineA
0x44d1a8 GetOEMCP
0x44d1ac IsValidCodePage
0x44d1b0 FindFirstFileExA
0x44d1b4 ReadConsoleW
0x44d1b8 GetConsoleMode
0x44d1bc GetConsoleCP
0x44d1c0 FlushFileBuffers
0x44d1c4 GetFileType
0x44d1c8 EnumSystemLocalesW
0x44d1cc GetUserDefaultLCID
0x44d1d0 IsValidLocale
0x44d1d4 HeapReAlloc
0x44d1d8 GetACP
0x44d1dc GetModuleHandleExW
0x44d1e0 MoveFileExW
0x44d1e4 RtlUnwind
0x44d1e8 RaiseException
0x44d1ec LoadLibraryExW
0x44d1f0 SetLastError
0x44d1f4 VirtualProtect
0x44d1f8 Process32FirstW
0x44d1fc Process32NextW
0x44d200 CreateToolhelp32Snapshot
0x44d204 GetLocaleInfoA
0x44d208 ExitProcess
0x44d20c CreateMutexA
0x44d210 GetModuleFileNameW
0x44d214 AllocConsole
0x44d218 GetLongPathNameW
0x44d21c ExpandEnvironmentStringsA
0x44d220 FindNextFileA
0x44d224 WaitForSingleObject
0x44d228 FindFirstFileA
0x44d22c MoveFileW
0x44d230 SetFilePointerEx
0x44d234 GetLogicalDriveStringsA
0x44d238 DeleteFileW
0x44d23c DeleteFileA
0x44d240 SetFileAttributesW
0x44d244 GetFileAttributesW
0x44d248 CreateFileW
0x44d24c FindClose
0x44d250 lstrlenA
0x44d254 GetDriveTypeA
0x44d258 FindNextFileW
0x44d25c GetFileSizeEx
0x44d260 FindFirstFileW
0x44d264 CreateDirectoryW
0x44d268 CreateProcessA
0x44d26c Sleep
0x44d270 PeekNamedPipe
0x44d274 CreatePipe
0x44d278 TerminateProcess
0x44d27c WriteFile
0x44d280 ReadFile
0x44d284 HeapFree
0x44d288 HeapCreate
0x44d28c CreateEventA
0x44d290 GetLocalTime
0x44d294 CreateThread
0x44d298 CloseHandle
0x44d29c SetEvent
0x44d2a0 CreateEventW
0x44d2a4 lstrcmpW
0x44d2a8 GetCPInfo
0x44d2ac GetStringTypeW
0x44d2b0 GetLocaleInfoW
0x44d2b4 LCMapStringW
0x44d2b8 CompareStringW
0x44d2bc TlsFree
0x44d2c0 TlsSetValue
0x44d2c4 TlsGetValue
0x44d2c8 TlsAlloc
0x44d2cc InitializeCriticalSectionAndSpinCount
0x44d2d0 MultiByteToWideChar
0x44d2d4 DecodePointer
0x44d2d8 EncodePointer
0x44d2dc WideCharToMultiByte
0x44d2e0 InitializeSListHead
0x44d2e4 GetSystemTimeAsFileTime
0x44d2e8 GetCurrentThreadId
0x44d2ec GetStartupInfoW
0x44d2f0 SetUnhandledExceptionFilter
0x44d2f4 UnhandledExceptionFilter
0x44d2f8 IsDebuggerPresent
0x44d2fc IsProcessorFeaturePresent
0x44d300 GetModuleHandleW
0x44d304 WaitForSingleObjectEx
0x44d308 ResetEvent
0x44d30c SetEndOfFile
USER32.dll
0x44d338 SetWindowTextW
0x44d33c TranslateMessage
0x44d340 DispatchMessageA
0x44d344 GetMessageA
0x44d348 GetWindowTextW
0x44d34c SetForegroundWindow
0x44d350 SetClipboardData
0x44d354 GetClipboardData
0x44d358 EnumWindows
0x44d35c ExitWindowsEx
0x44d360 EmptyClipboard
0x44d364 CloseClipboard
0x44d368 OpenClipboard
0x44d36c ShowWindow
0x44d370 CreatePopupMenu
0x44d374 TrackPopupMenu
0x44d378 DefWindowProcA
0x44d37c CreateWindowExA
0x44d380 AppendMenuA
0x44d384 MessageBoxW
0x44d388 IsWindowVisible
0x44d38c CloseWindow
0x44d390 GetWindowThreadProcessId
0x44d394 SendInput
0x44d398 EnumDisplaySettingsW
0x44d39c mouse_event
0x44d3a0 MapVirtualKeyA
0x44d3a4 DrawIcon
0x44d3a8 GetSystemMetrics
0x44d3ac GetIconInfo
0x44d3b0 SystemParametersInfoW
0x44d3b4 GetForegroundWindow
0x44d3b8 RegisterClassExA
0x44d3bc GetCursorPos
GDI32.dll
0x44d08c CreateCompatibleBitmap
0x44d090 SelectObject
0x44d094 CreateCompatibleDC
0x44d098 StretchBlt
0x44d09c GetDIBits
0x44d0a0 DeleteDC
0x44d0a4 DeleteObject
0x44d0a8 CreateDCA
0x44d0ac GetObjectA
0x44d0b0 BitBlt
ADVAPI32.dll
0x44d000 RegCreateKeyA
0x44d004 CryptAcquireContextA
0x44d008 CryptGenRandom
0x44d00c CryptReleaseContext
0x44d010 GetUserNameW
0x44d014 RegEnumKeyExA
0x44d018 GetTokenInformation
0x44d01c QueryServiceStatus
0x44d020 CloseServiceHandle
0x44d024 OpenSCManagerW
0x44d028 OpenSCManagerA
0x44d02c ControlService
0x44d030 StartServiceW
0x44d034 QueryServiceConfigW
0x44d038 ChangeServiceConfigW
0x44d03c OpenServiceW
0x44d040 EnumServicesStatusW
0x44d044 AdjustTokenPrivileges
0x44d048 LookupPrivilegeValueA
0x44d04c OpenProcessToken
0x44d050 RegQueryInfoKeyW
0x44d054 RegQueryValueExA
0x44d058 RegCreateKeyExW
0x44d05c RegEnumKeyExW
0x44d060 RegSetValueExW
0x44d064 RegSetValueExA
0x44d068 RegOpenKeyExA
0x44d06c RegOpenKeyExW
0x44d070 RegCreateKeyW
0x44d074 RegDeleteValueW
0x44d078 RegEnumValueW
0x44d07c RegQueryValueExW
0x44d080 RegCloseKey
0x44d084 RegDeleteKeyA
SHELL32.dll
0x44d314 ShellExecuteExA
0x44d318 Shell_NotifyIconA
0x44d31c ExtractIconA
0x44d320 ShellExecuteW
SHLWAPI.dll
0x44d328 StrToIntA
0x44d32c PathFileExistsA
0x44d330 PathFileExistsW
WINMM.dll
0x44d3d8 PlaySoundW
0x44d3dc mciSendStringA
0x44d3e0 mciSendStringW
WS2_32.dll
0x44d3e8 inet_addr
0x44d3ec WSASetLastError
0x44d3f0 gethostbyname
0x44d3f4 gethostbyaddr
0x44d3f8 WSAGetLastError
0x44d3fc recv
0x44d400 connect
0x44d404 socket
0x44d408 send
0x44d40c WSAStartup
0x44d410 closesocket
0x44d414 htons
0x44d418 htonl
0x44d41c getservbyname
0x44d420 inet_ntoa
0x44d424 ntohs
0x44d428 getservbyport
urlmon.dll
0x44d458 URLOpenBlockingStreamW
0x44d45c URLDownloadToFileW
gdiplus.dll
0x44d430 GdiplusStartup
0x44d434 GdipGetImageEncoders
0x44d438 GdipCloneImage
0x44d43c GdipAlloc
0x44d440 GdipDisposeImage
0x44d444 GdipFree
0x44d448 GdipGetImageEncodersSize
0x44d44c GdipSaveImageToStream
0x44d450 GdipLoadImageFromStream
WININET.dll
0x44d3c4 InternetOpenUrlW
0x44d3c8 InternetOpenW
0x44d3cc InternetCloseHandle
0x44d3d0 InternetReadFile
EAT(Export Address Table) is none
KERNEL32.dll
0x44d0b8 VirtualAlloc
0x44d0bc LoadLibraryA
0x44d0c0 GetNativeSystemInfo
0x44d0c4 HeapAlloc
0x44d0c8 GetProcAddress
0x44d0cc GetProcessHeap
0x44d0d0 FreeLibrary
0x44d0d4 IsBadReadPtr
0x44d0d8 GetCurrentProcess
0x44d0dc GetSystemDirectoryA
0x44d0e0 GlobalAlloc
0x44d0e4 GlobalLock
0x44d0e8 GetCurrentProcessId
0x44d0ec GetTickCount
0x44d0f0 GlobalUnlock
0x44d0f4 LocalAlloc
0x44d0f8 GetModuleHandleA
0x44d0fc GlobalFree
0x44d100 MulDiv
0x44d104 SizeofResource
0x44d108 QueryDosDeviceW
0x44d10c FindFirstVolumeW
0x44d110 GetConsoleScreenBufferInfo
0x44d114 SetConsoleTextAttribute
0x44d118 lstrlenW
0x44d11c GetStdHandle
0x44d120 RemoveDirectoryW
0x44d124 FindResourceA
0x44d128 OpenProcess
0x44d12c lstrcatW
0x44d130 LockResource
0x44d134 LoadLibraryW
0x44d138 LoadResource
0x44d13c LocalFree
0x44d140 GetFileSize
0x44d144 FindVolumeClose
0x44d148 GetVolumePathNamesForVolumeNameW
0x44d14c lstrcpyW
0x44d150 SetConsoleOutputCP
0x44d154 FormatMessageA
0x44d158 FindNextVolumeW
0x44d15c VirtualFree
0x44d160 GetLastError
0x44d164 GetModuleFileNameA
0x44d168 lstrcpynA
0x44d16c QueryPerformanceFrequency
0x44d170 QueryPerformanceCounter
0x44d174 EnterCriticalSection
0x44d178 LeaveCriticalSection
0x44d17c InitializeCriticalSection
0x44d180 DeleteCriticalSection
0x44d184 HeapSize
0x44d188 WriteConsoleW
0x44d18c SetStdHandle
0x44d190 SetEnvironmentVariableW
0x44d194 SetEnvironmentVariableA
0x44d198 FreeEnvironmentStringsW
0x44d19c GetEnvironmentStringsW
0x44d1a0 GetCommandLineW
0x44d1a4 GetCommandLineA
0x44d1a8 GetOEMCP
0x44d1ac IsValidCodePage
0x44d1b0 FindFirstFileExA
0x44d1b4 ReadConsoleW
0x44d1b8 GetConsoleMode
0x44d1bc GetConsoleCP
0x44d1c0 FlushFileBuffers
0x44d1c4 GetFileType
0x44d1c8 EnumSystemLocalesW
0x44d1cc GetUserDefaultLCID
0x44d1d0 IsValidLocale
0x44d1d4 HeapReAlloc
0x44d1d8 GetACP
0x44d1dc GetModuleHandleExW
0x44d1e0 MoveFileExW
0x44d1e4 RtlUnwind
0x44d1e8 RaiseException
0x44d1ec LoadLibraryExW
0x44d1f0 SetLastError
0x44d1f4 VirtualProtect
0x44d1f8 Process32FirstW
0x44d1fc Process32NextW
0x44d200 CreateToolhelp32Snapshot
0x44d204 GetLocaleInfoA
0x44d208 ExitProcess
0x44d20c CreateMutexA
0x44d210 GetModuleFileNameW
0x44d214 AllocConsole
0x44d218 GetLongPathNameW
0x44d21c ExpandEnvironmentStringsA
0x44d220 FindNextFileA
0x44d224 WaitForSingleObject
0x44d228 FindFirstFileA
0x44d22c MoveFileW
0x44d230 SetFilePointerEx
0x44d234 GetLogicalDriveStringsA
0x44d238 DeleteFileW
0x44d23c DeleteFileA
0x44d240 SetFileAttributesW
0x44d244 GetFileAttributesW
0x44d248 CreateFileW
0x44d24c FindClose
0x44d250 lstrlenA
0x44d254 GetDriveTypeA
0x44d258 FindNextFileW
0x44d25c GetFileSizeEx
0x44d260 FindFirstFileW
0x44d264 CreateDirectoryW
0x44d268 CreateProcessA
0x44d26c Sleep
0x44d270 PeekNamedPipe
0x44d274 CreatePipe
0x44d278 TerminateProcess
0x44d27c WriteFile
0x44d280 ReadFile
0x44d284 HeapFree
0x44d288 HeapCreate
0x44d28c CreateEventA
0x44d290 GetLocalTime
0x44d294 CreateThread
0x44d298 CloseHandle
0x44d29c SetEvent
0x44d2a0 CreateEventW
0x44d2a4 lstrcmpW
0x44d2a8 GetCPInfo
0x44d2ac GetStringTypeW
0x44d2b0 GetLocaleInfoW
0x44d2b4 LCMapStringW
0x44d2b8 CompareStringW
0x44d2bc TlsFree
0x44d2c0 TlsSetValue
0x44d2c4 TlsGetValue
0x44d2c8 TlsAlloc
0x44d2cc InitializeCriticalSectionAndSpinCount
0x44d2d0 MultiByteToWideChar
0x44d2d4 DecodePointer
0x44d2d8 EncodePointer
0x44d2dc WideCharToMultiByte
0x44d2e0 InitializeSListHead
0x44d2e4 GetSystemTimeAsFileTime
0x44d2e8 GetCurrentThreadId
0x44d2ec GetStartupInfoW
0x44d2f0 SetUnhandledExceptionFilter
0x44d2f4 UnhandledExceptionFilter
0x44d2f8 IsDebuggerPresent
0x44d2fc IsProcessorFeaturePresent
0x44d300 GetModuleHandleW
0x44d304 WaitForSingleObjectEx
0x44d308 ResetEvent
0x44d30c SetEndOfFile
USER32.dll
0x44d338 SetWindowTextW
0x44d33c TranslateMessage
0x44d340 DispatchMessageA
0x44d344 GetMessageA
0x44d348 GetWindowTextW
0x44d34c SetForegroundWindow
0x44d350 SetClipboardData
0x44d354 GetClipboardData
0x44d358 EnumWindows
0x44d35c ExitWindowsEx
0x44d360 EmptyClipboard
0x44d364 CloseClipboard
0x44d368 OpenClipboard
0x44d36c ShowWindow
0x44d370 CreatePopupMenu
0x44d374 TrackPopupMenu
0x44d378 DefWindowProcA
0x44d37c CreateWindowExA
0x44d380 AppendMenuA
0x44d384 MessageBoxW
0x44d388 IsWindowVisible
0x44d38c CloseWindow
0x44d390 GetWindowThreadProcessId
0x44d394 SendInput
0x44d398 EnumDisplaySettingsW
0x44d39c mouse_event
0x44d3a0 MapVirtualKeyA
0x44d3a4 DrawIcon
0x44d3a8 GetSystemMetrics
0x44d3ac GetIconInfo
0x44d3b0 SystemParametersInfoW
0x44d3b4 GetForegroundWindow
0x44d3b8 RegisterClassExA
0x44d3bc GetCursorPos
GDI32.dll
0x44d08c CreateCompatibleBitmap
0x44d090 SelectObject
0x44d094 CreateCompatibleDC
0x44d098 StretchBlt
0x44d09c GetDIBits
0x44d0a0 DeleteDC
0x44d0a4 DeleteObject
0x44d0a8 CreateDCA
0x44d0ac GetObjectA
0x44d0b0 BitBlt
ADVAPI32.dll
0x44d000 RegCreateKeyA
0x44d004 CryptAcquireContextA
0x44d008 CryptGenRandom
0x44d00c CryptReleaseContext
0x44d010 GetUserNameW
0x44d014 RegEnumKeyExA
0x44d018 GetTokenInformation
0x44d01c QueryServiceStatus
0x44d020 CloseServiceHandle
0x44d024 OpenSCManagerW
0x44d028 OpenSCManagerA
0x44d02c ControlService
0x44d030 StartServiceW
0x44d034 QueryServiceConfigW
0x44d038 ChangeServiceConfigW
0x44d03c OpenServiceW
0x44d040 EnumServicesStatusW
0x44d044 AdjustTokenPrivileges
0x44d048 LookupPrivilegeValueA
0x44d04c OpenProcessToken
0x44d050 RegQueryInfoKeyW
0x44d054 RegQueryValueExA
0x44d058 RegCreateKeyExW
0x44d05c RegEnumKeyExW
0x44d060 RegSetValueExW
0x44d064 RegSetValueExA
0x44d068 RegOpenKeyExA
0x44d06c RegOpenKeyExW
0x44d070 RegCreateKeyW
0x44d074 RegDeleteValueW
0x44d078 RegEnumValueW
0x44d07c RegQueryValueExW
0x44d080 RegCloseKey
0x44d084 RegDeleteKeyA
SHELL32.dll
0x44d314 ShellExecuteExA
0x44d318 Shell_NotifyIconA
0x44d31c ExtractIconA
0x44d320 ShellExecuteW
SHLWAPI.dll
0x44d328 StrToIntA
0x44d32c PathFileExistsA
0x44d330 PathFileExistsW
WINMM.dll
0x44d3d8 PlaySoundW
0x44d3dc mciSendStringA
0x44d3e0 mciSendStringW
WS2_32.dll
0x44d3e8 inet_addr
0x44d3ec WSASetLastError
0x44d3f0 gethostbyname
0x44d3f4 gethostbyaddr
0x44d3f8 WSAGetLastError
0x44d3fc recv
0x44d400 connect
0x44d404 socket
0x44d408 send
0x44d40c WSAStartup
0x44d410 closesocket
0x44d414 htons
0x44d418 htonl
0x44d41c getservbyname
0x44d420 inet_ntoa
0x44d424 ntohs
0x44d428 getservbyport
urlmon.dll
0x44d458 URLOpenBlockingStreamW
0x44d45c URLDownloadToFileW
gdiplus.dll
0x44d430 GdiplusStartup
0x44d434 GdipGetImageEncoders
0x44d438 GdipCloneImage
0x44d43c GdipAlloc
0x44d440 GdipDisposeImage
0x44d444 GdipFree
0x44d448 GdipGetImageEncodersSize
0x44d44c GdipSaveImageToStream
0x44d450 GdipLoadImageFromStream
WININET.dll
0x44d3c4 InternetOpenUrlW
0x44d3c8 InternetOpenW
0x44d3cc InternetCloseHandle
0x44d3d0 InternetReadFile
EAT(Export Address Table) is none