| Created | 2025.04.07 10:43 | Machine | s1_win7_x6401 |
| Filename | qhjMWht.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 28 detected (Unsafe, Vhsu, malicious, confidence, GenericKD, moderate confidence, a variant of Generik, GKPDAJB, CLASSIC, high, score, GrayWare, Wacapew, Stealc, IMJYZW, ABTrojan, XQEE, Artemis, Chgt, Behavior) | ||
| md5 | 1dbdcaeaac26f7d34e872439997ee68d | ||
| sha256 | 3142aecf9794be2f3894d3e1429d28f80918c5b41d516c9160e7cd3984a6f5a3 | ||
| ssdeep | 98304:zZvqfZH0os+672PX492sJZH0os+672PX492sUZH0os+672PX492sY:xq90p+6SPX4p0p+6SPX4Q0p+6SPX4u | ||
| imphash | e59d00b0d90522ee1a983f13d4ff7e50 | ||
| impfuzzy | 48:4c+k2V9DOocS8B2JgZhTtLL9o4Y5ldM/rSYSvIy/lAk/gn6gj6UyRkoK01:4c+k2Vl9cS8fhTtLLqb5ldM/kAo1 | ||
No network connection information
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x43c000 VirtualFree
0x43c004 VirtualAlloc
0x43c008 GetVersion
0x43c00c IsProcessorFeaturePresent
0x43c010 GetSystemDirectoryW
0x43c014 GetProcAddress
0x43c018 GetModuleHandleW
0x43c01c LoadLibraryExW
0x43c020 EnterCriticalSection
0x43c024 LeaveCriticalSection
0x43c028 DeleteCriticalSection
0x43c02c ReleaseSemaphore
0x43c030 InitializeCriticalSection
0x43c034 WaitForSingleObject
0x43c038 CreateEventW
0x43c03c GetLastError
0x43c040 SetEvent
0x43c044 CloseHandle
0x43c048 ResetEvent
0x43c04c CreateSemaphoreW
0x43c050 MultiByteToWideChar
0x43c054 WideCharToMultiByte
0x43c058 FreeLibrary
0x43c05c GetModuleFileNameW
0x43c060 FormatMessageW
0x43c064 LocalFree
0x43c068 CreateFileW
0x43c06c SetFileTime
0x43c070 SetFileAttributesW
0x43c074 RemoveDirectoryW
0x43c078 CreateDirectoryW
0x43c07c DeleteFileW
0x43c080 SetLastError
0x43c084 SetCurrentDirectoryW
0x43c088 GetCurrentDirectoryW
0x43c08c GetTempPathW
0x43c090 GetTickCount
0x43c094 GetCurrentThreadId
0x43c098 GetCurrentProcessId
0x43c09c GetFileInformationByHandle
0x43c0a0 FindClose
0x43c0a4 FindFirstFileW
0x43c0a8 FindNextFileW
0x43c0ac GetModuleHandleA
0x43c0b0 GetFileAttributesW
0x43c0b4 GetFileSize
0x43c0b8 SetFilePointer
0x43c0bc ReadFile
0x43c0c0 WriteFile
0x43c0c4 SetEndOfFile
0x43c0c8 GetCurrentProcess
0x43c0cc GetProcessAffinityMask
0x43c0d0 GetSystemInfo
0x43c0d4 GlobalMemoryStatus
0x43c0d8 GetStdHandle
0x43c0dc Sleep
0x43c0e0 GetVersionExW
0x43c0e4 GetCommandLineW
0x43c0e8 CreateProcessW
0x43c0ec GetExitCodeProcess
0x43c0f0 HeapSize
0x43c0f4 SetStdHandle
0x43c0f8 GetProcessHeap
0x43c0fc FreeEnvironmentStringsW
0x43c100 GetEnvironmentStringsW
0x43c104 GetCommandLineA
0x43c108 GetOEMCP
0x43c10c GetACP
0x43c110 IsValidCodePage
0x43c114 ReadConsoleW
0x43c118 GetConsoleMode
0x43c11c GetConsoleOutputCP
0x43c120 FlushFileBuffers
0x43c124 SetFilePointerEx
0x43c128 GetFileSizeEx
0x43c12c GetFileType
0x43c130 EnumSystemLocalesW
0x43c134 GetUserDefaultLCID
0x43c138 IsValidLocale
0x43c13c GetLocaleInfoW
0x43c140 LCMapStringW
0x43c144 HeapAlloc
0x43c148 HeapFree
0x43c14c HeapReAlloc
0x43c150 ExitProcess
0x43c154 GetModuleHandleExW
0x43c158 WriteConsoleW
0x43c15c FreeLibraryAndExitThread
0x43c160 ExitThread
0x43c164 CreateThread
0x43c168 TlsFree
0x43c16c UnhandledExceptionFilter
0x43c170 SetUnhandledExceptionFilter
0x43c174 TerminateProcess
0x43c178 IsDebuggerPresent
0x43c17c GetStartupInfoW
0x43c180 QueryPerformanceCounter
0x43c184 GetSystemTimeAsFileTime
0x43c188 InitializeSListHead
0x43c18c FormatMessageA
0x43c190 QueryPerformanceFrequency
0x43c194 GetLocaleInfoEx
0x43c198 FindFirstFileExW
0x43c19c AreFileApisANSI
0x43c1a0 InitializeCriticalSectionEx
0x43c1a4 EncodePointer
0x43c1a8 DecodePointer
0x43c1ac LCMapStringEx
0x43c1b0 GetStringTypeW
0x43c1b4 GetCPInfo
0x43c1b8 RtlUnwind
0x43c1bc RaiseException
0x43c1c0 InitializeCriticalSectionAndSpinCount
0x43c1c4 TlsAlloc
0x43c1c8 TlsGetValue
0x43c1cc TlsSetValue
USER32.dll
0x43c1ec LoadIconW
0x43c1f0 EndDialog
0x43c1f4 KillTimer
0x43c1f8 SetTimer
0x43c1fc DestroyWindow
0x43c200 SendMessageW
0x43c204 SetWindowTextW
0x43c208 MessageBoxW
0x43c20c PostMessageW
0x43c210 LoadStringW
0x43c214 DialogBoxParamW
0x43c218 GetDlgItem
0x43c21c GetWindowLongW
0x43c220 SetWindowLongW
0x43c224 ShowWindow
0x43c228 CharUpperW
SHELL32.dll
0x43c1e4 ShellExecuteExW
OLEAUT32.dll
0x43c1d4 VariantClear
0x43c1d8 SysStringLen
0x43c1dc SysAllocStringLen
EAT(Export Address Table) is none
KERNEL32.dll
0x43c000 VirtualFree
0x43c004 VirtualAlloc
0x43c008 GetVersion
0x43c00c IsProcessorFeaturePresent
0x43c010 GetSystemDirectoryW
0x43c014 GetProcAddress
0x43c018 GetModuleHandleW
0x43c01c LoadLibraryExW
0x43c020 EnterCriticalSection
0x43c024 LeaveCriticalSection
0x43c028 DeleteCriticalSection
0x43c02c ReleaseSemaphore
0x43c030 InitializeCriticalSection
0x43c034 WaitForSingleObject
0x43c038 CreateEventW
0x43c03c GetLastError
0x43c040 SetEvent
0x43c044 CloseHandle
0x43c048 ResetEvent
0x43c04c CreateSemaphoreW
0x43c050 MultiByteToWideChar
0x43c054 WideCharToMultiByte
0x43c058 FreeLibrary
0x43c05c GetModuleFileNameW
0x43c060 FormatMessageW
0x43c064 LocalFree
0x43c068 CreateFileW
0x43c06c SetFileTime
0x43c070 SetFileAttributesW
0x43c074 RemoveDirectoryW
0x43c078 CreateDirectoryW
0x43c07c DeleteFileW
0x43c080 SetLastError
0x43c084 SetCurrentDirectoryW
0x43c088 GetCurrentDirectoryW
0x43c08c GetTempPathW
0x43c090 GetTickCount
0x43c094 GetCurrentThreadId
0x43c098 GetCurrentProcessId
0x43c09c GetFileInformationByHandle
0x43c0a0 FindClose
0x43c0a4 FindFirstFileW
0x43c0a8 FindNextFileW
0x43c0ac GetModuleHandleA
0x43c0b0 GetFileAttributesW
0x43c0b4 GetFileSize
0x43c0b8 SetFilePointer
0x43c0bc ReadFile
0x43c0c0 WriteFile
0x43c0c4 SetEndOfFile
0x43c0c8 GetCurrentProcess
0x43c0cc GetProcessAffinityMask
0x43c0d0 GetSystemInfo
0x43c0d4 GlobalMemoryStatus
0x43c0d8 GetStdHandle
0x43c0dc Sleep
0x43c0e0 GetVersionExW
0x43c0e4 GetCommandLineW
0x43c0e8 CreateProcessW
0x43c0ec GetExitCodeProcess
0x43c0f0 HeapSize
0x43c0f4 SetStdHandle
0x43c0f8 GetProcessHeap
0x43c0fc FreeEnvironmentStringsW
0x43c100 GetEnvironmentStringsW
0x43c104 GetCommandLineA
0x43c108 GetOEMCP
0x43c10c GetACP
0x43c110 IsValidCodePage
0x43c114 ReadConsoleW
0x43c118 GetConsoleMode
0x43c11c GetConsoleOutputCP
0x43c120 FlushFileBuffers
0x43c124 SetFilePointerEx
0x43c128 GetFileSizeEx
0x43c12c GetFileType
0x43c130 EnumSystemLocalesW
0x43c134 GetUserDefaultLCID
0x43c138 IsValidLocale
0x43c13c GetLocaleInfoW
0x43c140 LCMapStringW
0x43c144 HeapAlloc
0x43c148 HeapFree
0x43c14c HeapReAlloc
0x43c150 ExitProcess
0x43c154 GetModuleHandleExW
0x43c158 WriteConsoleW
0x43c15c FreeLibraryAndExitThread
0x43c160 ExitThread
0x43c164 CreateThread
0x43c168 TlsFree
0x43c16c UnhandledExceptionFilter
0x43c170 SetUnhandledExceptionFilter
0x43c174 TerminateProcess
0x43c178 IsDebuggerPresent
0x43c17c GetStartupInfoW
0x43c180 QueryPerformanceCounter
0x43c184 GetSystemTimeAsFileTime
0x43c188 InitializeSListHead
0x43c18c FormatMessageA
0x43c190 QueryPerformanceFrequency
0x43c194 GetLocaleInfoEx
0x43c198 FindFirstFileExW
0x43c19c AreFileApisANSI
0x43c1a0 InitializeCriticalSectionEx
0x43c1a4 EncodePointer
0x43c1a8 DecodePointer
0x43c1ac LCMapStringEx
0x43c1b0 GetStringTypeW
0x43c1b4 GetCPInfo
0x43c1b8 RtlUnwind
0x43c1bc RaiseException
0x43c1c0 InitializeCriticalSectionAndSpinCount
0x43c1c4 TlsAlloc
0x43c1c8 TlsGetValue
0x43c1cc TlsSetValue
USER32.dll
0x43c1ec LoadIconW
0x43c1f0 EndDialog
0x43c1f4 KillTimer
0x43c1f8 SetTimer
0x43c1fc DestroyWindow
0x43c200 SendMessageW
0x43c204 SetWindowTextW
0x43c208 MessageBoxW
0x43c20c PostMessageW
0x43c210 LoadStringW
0x43c214 DialogBoxParamW
0x43c218 GetDlgItem
0x43c21c GetWindowLongW
0x43c220 SetWindowLongW
0x43c224 ShowWindow
0x43c228 CharUpperW
SHELL32.dll
0x43c1e4 ShellExecuteExW
OLEAUT32.dll
0x43c1d4 VariantClear
0x43c1d8 SysStringLen
0x43c1dc SysAllocStringLen
EAT(Export Address Table) is none