ScreenShot
| Created | 2025.03.12 11:35 | Machine | s1_win7_x6401 |
| Filename | 1776871603.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 51 detected (ClipBanker, Malicious, score, Ghanarava, Mikey, Unsafe, confidence, Genus, Attribute, HighConfidence, high confidence, MalwareX, k7y2Rec47TQ, kdiut, LUMMASTEALER, YXFCLZ, Static AI, Suspicious PE, Detected, Wacatac, Formbook, ABPWS, HSZJ, Artemis, Chgt, Zmhl) | ||
| md5 | 8bede54b9c4860ddcc2363cd2cf561b5 | ||
| sha256 | 450b033145869b6b0dfcf0b1c5dd05044234402957ee9cf76cc56f24487e6b17 | ||
| ssdeep | 49152:smVwASOEGtlqCKIU6icdWriTEhTWdrGa+nQEycjrAyn5VYRVctpXkESh491acOIm:Nd+Wh5yUcOJx9iKqHHhrX2ANMnV | ||
| imphash | 290b5b74ed388a2f4e81683b8fd40b54 | ||
| impfuzzy | 96:FkoxmcpePA6ogPwtKWHV+LXnlBgRzinEk1ulz2l0PKjEW8:FJXMJWHYCzc0lz2luP | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| watch | Queries information on disks |
| notice | Looks up the external IP address |
| notice | Performs some HTTP requests |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| warning | PhysicalDrive_20181001 | (no description) | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1401c00d0 CheckRemoteDebuggerPresent
0x1401c00d8 GlobalMemoryStatusEx
0x1401c00e0 SetFileAttributesA
0x1401c00e8 GetSystemInfo
0x1401c00f0 CloseHandle
0x1401c00f8 GlobalAlloc
0x1401c0100 CreateFileA
0x1401c0108 OpenMutexA
0x1401c0110 CopyFileA
0x1401c0118 SetEndOfFile
0x1401c0120 WriteConsoleW
0x1401c0128 GetTimeZoneInformation
0x1401c0130 GetTempPathA
0x1401c0138 Sleep
0x1401c0140 CreateFileW
0x1401c0148 CreateMutexA
0x1401c0150 DeviceIoControl
0x1401c0158 WriteFile
0x1401c0160 GetCurrentProcess
0x1401c0168 GetModuleFileNameA
0x1401c0170 GetProcessHeap
0x1401c0178 SetEnvironmentVariableW
0x1401c0180 FreeEnvironmentStringsW
0x1401c0188 GetEnvironmentStringsW
0x1401c0190 GetOEMCP
0x1401c0198 GetACP
0x1401c01a0 IsValidCodePage
0x1401c01a8 SetStdHandle
0x1401c01b0 HeapSize
0x1401c01b8 CreateProcessW
0x1401c01c0 GetExitCodeProcess
0x1401c01c8 WaitForSingleObject
0x1401c01d0 HeapReAlloc
0x1401c01d8 EnumSystemLocalesW
0x1401c01e0 GetUserDefaultLCID
0x1401c01e8 IsValidLocale
0x1401c01f0 GetLocaleInfoW
0x1401c01f8 LCMapStringW
0x1401c0200 CompareStringW
0x1401c0208 GetLastError
0x1401c0210 SetLastError
0x1401c0218 QueryPerformanceCounter
0x1401c0220 QueryPerformanceFrequency
0x1401c0228 GetStdHandle
0x1401c0230 GetEnvironmentVariableW
0x1401c0238 GetFileType
0x1401c0240 GetModuleHandleW
0x1401c0248 GetProcAddress
0x1401c0250 MultiByteToWideChar
0x1401c0258 EnterCriticalSection
0x1401c0260 LeaveCriticalSection
0x1401c0268 InitializeCriticalSectionAndSpinCount
0x1401c0270 DeleteCriticalSection
0x1401c0278 GetCurrentThreadId
0x1401c0280 TlsAlloc
0x1401c0288 TlsGetValue
0x1401c0290 TlsSetValue
0x1401c0298 TlsFree
0x1401c02a0 GetModuleHandleExW
0x1401c02a8 RtlVirtualUnwind
0x1401c02b0 DeleteFiber
0x1401c02b8 WideCharToMultiByte
0x1401c02c0 GetCurrentProcessId
0x1401c02c8 GetSystemTimeAsFileTime
0x1401c02d0 ConvertFiberToThread
0x1401c02d8 FreeLibrary
0x1401c02e0 LoadLibraryA
0x1401c02e8 LoadLibraryW
0x1401c02f0 FindClose
0x1401c02f8 FindFirstFileW
0x1401c0300 FindNextFileW
0x1401c0308 GetConsoleMode
0x1401c0310 SetConsoleMode
0x1401c0318 ReadConsoleA
0x1401c0320 ReadConsoleW
0x1401c0328 RtlCaptureContext
0x1401c0330 RtlLookupFunctionEntry
0x1401c0338 UnhandledExceptionFilter
0x1401c0340 SetUnhandledExceptionFilter
0x1401c0348 TerminateProcess
0x1401c0350 IsProcessorFeaturePresent
0x1401c0358 ReleaseSRWLockExclusive
0x1401c0360 AcquireSRWLockExclusive
0x1401c0368 WakeAllConditionVariable
0x1401c0370 SleepConditionVariableSRW
0x1401c0378 InitializeSListHead
0x1401c0380 IsDebuggerPresent
0x1401c0388 GetStartupInfoW
0x1401c0390 LocalFree
0x1401c0398 FormatMessageA
0x1401c03a0 GetLocaleInfoEx
0x1401c03a8 GetCurrentDirectoryW
0x1401c03b0 FindFirstFileExW
0x1401c03b8 GetFileAttributesExW
0x1401c03c0 GetFileInformationByHandle
0x1401c03c8 GetFullPathNameW
0x1401c03d0 SetFileInformationByHandle
0x1401c03d8 AreFileApisANSI
0x1401c03e0 GetFileInformationByHandleEx
0x1401c03e8 TryAcquireSRWLockExclusive
0x1401c03f0 WaitForSingleObjectEx
0x1401c03f8 GetExitCodeThread
0x1401c0400 LCMapStringEx
0x1401c0408 InitializeCriticalSectionEx
0x1401c0410 EncodePointer
0x1401c0418 DecodePointer
0x1401c0420 CompareStringEx
0x1401c0428 GetCPInfo
0x1401c0430 GetStringTypeW
0x1401c0438 RtlUnwindEx
0x1401c0440 RtlPcToFileHeader
0x1401c0448 RaiseException
0x1401c0450 LoadLibraryExW
0x1401c0458 CreateThread
0x1401c0460 ExitThread
0x1401c0468 FreeLibraryAndExitThread
0x1401c0470 ExitProcess
0x1401c0478 SetConsoleCtrlHandler
0x1401c0480 ReadFile
0x1401c0488 GetDriveTypeW
0x1401c0490 PeekNamedPipe
0x1401c0498 SystemTimeToTzSpecificLocalTime
0x1401c04a0 FileTimeToSystemTime
0x1401c04a8 GetModuleFileNameW
0x1401c04b0 GetCommandLineA
0x1401c04b8 GetCommandLineW
0x1401c04c0 GetFileSizeEx
0x1401c04c8 SetFilePointerEx
0x1401c04d0 HeapAlloc
0x1401c04d8 FlushFileBuffers
0x1401c04e0 GetConsoleOutputCP
0x1401c04e8 HeapFree
0x1401c04f0 FlsAlloc
0x1401c04f8 FlsGetValue
0x1401c0500 FlsSetValue
0x1401c0508 FlsFree
0x1401c0510 RtlUnwind
USER32.dll
0x1401c0530 GetClipboardData
0x1401c0538 EmptyClipboard
0x1401c0540 CloseClipboard
0x1401c0548 OpenClipboard
0x1401c0550 GetProcessWindowStation
0x1401c0558 SetClipboardData
0x1401c0560 GetClipboardSequenceNumber
0x1401c0568 GetUserObjectInformationW
0x1401c0570 MessageBoxW
ADVAPI32.dll
0x1401c0000 CryptGetUserKey
0x1401c0008 CryptGetProvParam
0x1401c0010 CryptExportKey
0x1401c0018 CryptDecrypt
0x1401c0020 CryptCreateHash
0x1401c0028 CryptDestroyHash
0x1401c0030 CryptSignHashW
0x1401c0038 CryptEnumProvidersW
0x1401c0040 DeregisterEventSource
0x1401c0048 RegisterEventSourceW
0x1401c0050 ReportEventW
0x1401c0058 CryptAcquireContextW
0x1401c0060 CryptReleaseContext
0x1401c0068 CryptDestroyKey
0x1401c0070 CryptSetHashParam
0x1401c0078 RegCreateKeyA
0x1401c0080 RegSetValueExA
SHELL32.dll
0x1401c0520 ShellExecuteA
crypt.dll
0x1401c05e0 BCryptGenRandom
WININET.dll
0x1401c0580 InternetOpenA
0x1401c0588 InternetCloseHandle
0x1401c0590 InternetReadFile
0x1401c0598 InternetOpenUrlA
CRYPT32.dll
0x1401c0090 CertEnumCertificatesInStore
0x1401c0098 CertFindCertificateInStore
0x1401c00a0 CertOpenStore
0x1401c00a8 CertFreeCertificateContext
0x1401c00b0 CertDuplicateCertificateContext
0x1401c00b8 CertGetCertificateContextProperty
0x1401c00c0 CertCloseStore
WS2_32.dll
0x1401c05a8 WSACleanup
0x1401c05b0 WSAGetLastError
0x1401c05b8 closesocket
0x1401c05c0 recv
0x1401c05c8 send
0x1401c05d0 WSASetLastError
EAT(Export Address Table) is none
KERNEL32.dll
0x1401c00d0 CheckRemoteDebuggerPresent
0x1401c00d8 GlobalMemoryStatusEx
0x1401c00e0 SetFileAttributesA
0x1401c00e8 GetSystemInfo
0x1401c00f0 CloseHandle
0x1401c00f8 GlobalAlloc
0x1401c0100 CreateFileA
0x1401c0108 OpenMutexA
0x1401c0110 CopyFileA
0x1401c0118 SetEndOfFile
0x1401c0120 WriteConsoleW
0x1401c0128 GetTimeZoneInformation
0x1401c0130 GetTempPathA
0x1401c0138 Sleep
0x1401c0140 CreateFileW
0x1401c0148 CreateMutexA
0x1401c0150 DeviceIoControl
0x1401c0158 WriteFile
0x1401c0160 GetCurrentProcess
0x1401c0168 GetModuleFileNameA
0x1401c0170 GetProcessHeap
0x1401c0178 SetEnvironmentVariableW
0x1401c0180 FreeEnvironmentStringsW
0x1401c0188 GetEnvironmentStringsW
0x1401c0190 GetOEMCP
0x1401c0198 GetACP
0x1401c01a0 IsValidCodePage
0x1401c01a8 SetStdHandle
0x1401c01b0 HeapSize
0x1401c01b8 CreateProcessW
0x1401c01c0 GetExitCodeProcess
0x1401c01c8 WaitForSingleObject
0x1401c01d0 HeapReAlloc
0x1401c01d8 EnumSystemLocalesW
0x1401c01e0 GetUserDefaultLCID
0x1401c01e8 IsValidLocale
0x1401c01f0 GetLocaleInfoW
0x1401c01f8 LCMapStringW
0x1401c0200 CompareStringW
0x1401c0208 GetLastError
0x1401c0210 SetLastError
0x1401c0218 QueryPerformanceCounter
0x1401c0220 QueryPerformanceFrequency
0x1401c0228 GetStdHandle
0x1401c0230 GetEnvironmentVariableW
0x1401c0238 GetFileType
0x1401c0240 GetModuleHandleW
0x1401c0248 GetProcAddress
0x1401c0250 MultiByteToWideChar
0x1401c0258 EnterCriticalSection
0x1401c0260 LeaveCriticalSection
0x1401c0268 InitializeCriticalSectionAndSpinCount
0x1401c0270 DeleteCriticalSection
0x1401c0278 GetCurrentThreadId
0x1401c0280 TlsAlloc
0x1401c0288 TlsGetValue
0x1401c0290 TlsSetValue
0x1401c0298 TlsFree
0x1401c02a0 GetModuleHandleExW
0x1401c02a8 RtlVirtualUnwind
0x1401c02b0 DeleteFiber
0x1401c02b8 WideCharToMultiByte
0x1401c02c0 GetCurrentProcessId
0x1401c02c8 GetSystemTimeAsFileTime
0x1401c02d0 ConvertFiberToThread
0x1401c02d8 FreeLibrary
0x1401c02e0 LoadLibraryA
0x1401c02e8 LoadLibraryW
0x1401c02f0 FindClose
0x1401c02f8 FindFirstFileW
0x1401c0300 FindNextFileW
0x1401c0308 GetConsoleMode
0x1401c0310 SetConsoleMode
0x1401c0318 ReadConsoleA
0x1401c0320 ReadConsoleW
0x1401c0328 RtlCaptureContext
0x1401c0330 RtlLookupFunctionEntry
0x1401c0338 UnhandledExceptionFilter
0x1401c0340 SetUnhandledExceptionFilter
0x1401c0348 TerminateProcess
0x1401c0350 IsProcessorFeaturePresent
0x1401c0358 ReleaseSRWLockExclusive
0x1401c0360 AcquireSRWLockExclusive
0x1401c0368 WakeAllConditionVariable
0x1401c0370 SleepConditionVariableSRW
0x1401c0378 InitializeSListHead
0x1401c0380 IsDebuggerPresent
0x1401c0388 GetStartupInfoW
0x1401c0390 LocalFree
0x1401c0398 FormatMessageA
0x1401c03a0 GetLocaleInfoEx
0x1401c03a8 GetCurrentDirectoryW
0x1401c03b0 FindFirstFileExW
0x1401c03b8 GetFileAttributesExW
0x1401c03c0 GetFileInformationByHandle
0x1401c03c8 GetFullPathNameW
0x1401c03d0 SetFileInformationByHandle
0x1401c03d8 AreFileApisANSI
0x1401c03e0 GetFileInformationByHandleEx
0x1401c03e8 TryAcquireSRWLockExclusive
0x1401c03f0 WaitForSingleObjectEx
0x1401c03f8 GetExitCodeThread
0x1401c0400 LCMapStringEx
0x1401c0408 InitializeCriticalSectionEx
0x1401c0410 EncodePointer
0x1401c0418 DecodePointer
0x1401c0420 CompareStringEx
0x1401c0428 GetCPInfo
0x1401c0430 GetStringTypeW
0x1401c0438 RtlUnwindEx
0x1401c0440 RtlPcToFileHeader
0x1401c0448 RaiseException
0x1401c0450 LoadLibraryExW
0x1401c0458 CreateThread
0x1401c0460 ExitThread
0x1401c0468 FreeLibraryAndExitThread
0x1401c0470 ExitProcess
0x1401c0478 SetConsoleCtrlHandler
0x1401c0480 ReadFile
0x1401c0488 GetDriveTypeW
0x1401c0490 PeekNamedPipe
0x1401c0498 SystemTimeToTzSpecificLocalTime
0x1401c04a0 FileTimeToSystemTime
0x1401c04a8 GetModuleFileNameW
0x1401c04b0 GetCommandLineA
0x1401c04b8 GetCommandLineW
0x1401c04c0 GetFileSizeEx
0x1401c04c8 SetFilePointerEx
0x1401c04d0 HeapAlloc
0x1401c04d8 FlushFileBuffers
0x1401c04e0 GetConsoleOutputCP
0x1401c04e8 HeapFree
0x1401c04f0 FlsAlloc
0x1401c04f8 FlsGetValue
0x1401c0500 FlsSetValue
0x1401c0508 FlsFree
0x1401c0510 RtlUnwind
USER32.dll
0x1401c0530 GetClipboardData
0x1401c0538 EmptyClipboard
0x1401c0540 CloseClipboard
0x1401c0548 OpenClipboard
0x1401c0550 GetProcessWindowStation
0x1401c0558 SetClipboardData
0x1401c0560 GetClipboardSequenceNumber
0x1401c0568 GetUserObjectInformationW
0x1401c0570 MessageBoxW
ADVAPI32.dll
0x1401c0000 CryptGetUserKey
0x1401c0008 CryptGetProvParam
0x1401c0010 CryptExportKey
0x1401c0018 CryptDecrypt
0x1401c0020 CryptCreateHash
0x1401c0028 CryptDestroyHash
0x1401c0030 CryptSignHashW
0x1401c0038 CryptEnumProvidersW
0x1401c0040 DeregisterEventSource
0x1401c0048 RegisterEventSourceW
0x1401c0050 ReportEventW
0x1401c0058 CryptAcquireContextW
0x1401c0060 CryptReleaseContext
0x1401c0068 CryptDestroyKey
0x1401c0070 CryptSetHashParam
0x1401c0078 RegCreateKeyA
0x1401c0080 RegSetValueExA
SHELL32.dll
0x1401c0520 ShellExecuteA
crypt.dll
0x1401c05e0 BCryptGenRandom
WININET.dll
0x1401c0580 InternetOpenA
0x1401c0588 InternetCloseHandle
0x1401c0590 InternetReadFile
0x1401c0598 InternetOpenUrlA
CRYPT32.dll
0x1401c0090 CertEnumCertificatesInStore
0x1401c0098 CertFindCertificateInStore
0x1401c00a0 CertOpenStore
0x1401c00a8 CertFreeCertificateContext
0x1401c00b0 CertDuplicateCertificateContext
0x1401c00b8 CertGetCertificateContextProperty
0x1401c00c0 CertCloseStore
WS2_32.dll
0x1401c05a8 WSACleanup
0x1401c05b0 WSAGetLastError
0x1401c05b8 closesocket
0x1401c05c0 recv
0x1401c05c8 send
0x1401c05d0 WSASetLastError
EAT(Export Address Table) is none