ScreenShot
| Created | 2025.04.13 15:24 | Machine | s1_win7_x6401 |
| Filename | raw_cbot.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 43 detected (Malicious, score, Ghanarava, Artemis, Barys, Unsafe, Vlxw, confidence, Attribute, HighConfidence, high confidence, AGen, MalwareX, Misc, CLOUD, xvgra, Generic Reputation PUA, Detected, HiddenTear, ABTrojan, FIGG, R700125, R002H09DB25, Gwnw, PossibleThreat) | ||
| md5 | e985d78da4b489d29dbe69bda2f35a66 | ||
| sha256 | efe81402806e0080f3f715d8184153487c4f0997652be637f00607fc6608a26f | ||
| ssdeep | 768:F1T6NWqo2nAjU8BNsZMoG0hsGxZRx8pUlRsXvshuvr1b0S608XCnQl+quXfM:XT/72AB0BDz0elk0cvraQFm3 | ||
| imphash | 56546ba9d904ef5928b0a1c996b679d1 | ||
| impfuzzy | 48:5XOeCYG+kiX1PCslTJG6qZ8RNJli1vkqHuIuLi:5XTCYGriX1PCYTJGhqRblkkqHuIu2 | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 43 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x1400113fc CryptAcquireContextA
0x140011404 CryptGenRandom
0x14001140c CryptReleaseContext
IPHLPAPI.DLL
0x14001141c GetTcpTable
KERNEL32.dll
0x14001142c CloseHandle
0x140011434 CopyFileA
0x14001143c CreateMutexA
0x140011444 CreateThread
0x14001144c DeleteCriticalSection
0x140011454 DeleteFileA
0x14001145c EnterCriticalSection
0x140011464 ExitProcess
0x14001146c GetCurrentProcessId
0x140011474 GetLastError
0x14001147c GetModuleFileNameA
0x140011484 GetModuleHandleW
0x14001148c GetProcAddress
0x140011494 GetStartupInfoA
0x14001149c InitializeCriticalSection
0x1400114a4 IsDBCSLeadByteEx
0x1400114ac LeaveCriticalSection
0x1400114b4 MoveFileA
0x1400114bc MultiByteToWideChar
0x1400114c4 ReleaseMutex
0x1400114cc SetThreadPriority
0x1400114d4 SetUnhandledExceptionFilter
0x1400114dc Sleep
0x1400114e4 TlsGetValue
0x1400114ec VirtualProtect
0x1400114f4 VirtualQuery
0x1400114fc WaitForMultipleObjects
0x140011504 WideCharToMultiByte
msvcrt.dll
0x140011514 __C_specific_handler
0x14001151c ___lc_codepage_func
0x140011524 ___mb_cur_max_func
0x14001152c __getmainargs
0x140011534 __initenv
0x14001153c __iob_func
0x140011544 __lconv_init
0x14001154c __set_app_type
0x140011554 __setusermatherr
0x14001155c _acmdln
0x140011564 _amsg_exit
0x14001156c _cexit
0x140011574 _commode
0x14001157c _errno
0x140011584 _exit
0x14001158c _fmode
0x140011594 _initterm
0x14001159c _lock
0x1400115a4 _onexit
0x1400115ac _time64
0x1400115b4 _unlock
0x1400115bc abort
0x1400115c4 atoi
0x1400115cc calloc
0x1400115d4 exit
0x1400115dc fclose
0x1400115e4 fopen
0x1400115ec fprintf
0x1400115f4 fputc
0x1400115fc free
0x140011604 fwrite
0x14001160c localeconv
0x140011614 malloc
0x14001161c memcpy
0x140011624 perror
0x14001162c rand
0x140011634 signal
0x14001163c strcpy
0x140011644 strerror
0x14001164c strlen
0x140011654 strncmp
0x14001165c strrchr
0x140011664 strstr
0x14001166c vfprintf
0x140011674 wcslen
0x14001167c _write
0x140011684 _open
0x14001168c _close
SHELL32.dll
0x14001169c SHGetSpecialFolderPathA
WS2_32.dll
0x1400116ac WSACleanup
0x1400116b4 WSAGetLastError
0x1400116bc WSASetLastError
0x1400116c4 WSASocketA
0x1400116cc WSAStartup
0x1400116d4 __WSAFDIsSet
0x1400116dc ind
0x1400116e4 closesocket
0x1400116ec connect
0x1400116f4 getsockopt
0x1400116fc htonl
0x140011704 htons
0x14001170c inet_addr
0x140011714 ioctlsocket
0x14001171c ntohl
0x140011724 ntohs
0x14001172c recv
0x140011734 select
0x14001173c send
0x140011744 sendto
0x14001174c setsockopt
0x140011754 shutdown
0x14001175c socket
EAT(Export Address Table) is none
ADVAPI32.dll
0x1400113fc CryptAcquireContextA
0x140011404 CryptGenRandom
0x14001140c CryptReleaseContext
IPHLPAPI.DLL
0x14001141c GetTcpTable
KERNEL32.dll
0x14001142c CloseHandle
0x140011434 CopyFileA
0x14001143c CreateMutexA
0x140011444 CreateThread
0x14001144c DeleteCriticalSection
0x140011454 DeleteFileA
0x14001145c EnterCriticalSection
0x140011464 ExitProcess
0x14001146c GetCurrentProcessId
0x140011474 GetLastError
0x14001147c GetModuleFileNameA
0x140011484 GetModuleHandleW
0x14001148c GetProcAddress
0x140011494 GetStartupInfoA
0x14001149c InitializeCriticalSection
0x1400114a4 IsDBCSLeadByteEx
0x1400114ac LeaveCriticalSection
0x1400114b4 MoveFileA
0x1400114bc MultiByteToWideChar
0x1400114c4 ReleaseMutex
0x1400114cc SetThreadPriority
0x1400114d4 SetUnhandledExceptionFilter
0x1400114dc Sleep
0x1400114e4 TlsGetValue
0x1400114ec VirtualProtect
0x1400114f4 VirtualQuery
0x1400114fc WaitForMultipleObjects
0x140011504 WideCharToMultiByte
msvcrt.dll
0x140011514 __C_specific_handler
0x14001151c ___lc_codepage_func
0x140011524 ___mb_cur_max_func
0x14001152c __getmainargs
0x140011534 __initenv
0x14001153c __iob_func
0x140011544 __lconv_init
0x14001154c __set_app_type
0x140011554 __setusermatherr
0x14001155c _acmdln
0x140011564 _amsg_exit
0x14001156c _cexit
0x140011574 _commode
0x14001157c _errno
0x140011584 _exit
0x14001158c _fmode
0x140011594 _initterm
0x14001159c _lock
0x1400115a4 _onexit
0x1400115ac _time64
0x1400115b4 _unlock
0x1400115bc abort
0x1400115c4 atoi
0x1400115cc calloc
0x1400115d4 exit
0x1400115dc fclose
0x1400115e4 fopen
0x1400115ec fprintf
0x1400115f4 fputc
0x1400115fc free
0x140011604 fwrite
0x14001160c localeconv
0x140011614 malloc
0x14001161c memcpy
0x140011624 perror
0x14001162c rand
0x140011634 signal
0x14001163c strcpy
0x140011644 strerror
0x14001164c strlen
0x140011654 strncmp
0x14001165c strrchr
0x140011664 strstr
0x14001166c vfprintf
0x140011674 wcslen
0x14001167c _write
0x140011684 _open
0x14001168c _close
SHELL32.dll
0x14001169c SHGetSpecialFolderPathA
WS2_32.dll
0x1400116ac WSACleanup
0x1400116b4 WSAGetLastError
0x1400116bc WSASetLastError
0x1400116c4 WSASocketA
0x1400116cc WSAStartup
0x1400116d4 __WSAFDIsSet
0x1400116dc ind
0x1400116e4 closesocket
0x1400116ec connect
0x1400116f4 getsockopt
0x1400116fc htonl
0x140011704 htons
0x14001170c inet_addr
0x140011714 ioctlsocket
0x14001171c ntohl
0x140011724 ntohs
0x14001172c recv
0x140011734 select
0x14001173c send
0x140011744 sendto
0x14001174c setsockopt
0x140011754 shutdown
0x14001175c socket
EAT(Export Address Table) is none