ScreenShot
| Created | 2025.04.18 11:51 | Machine | s1_win7_x6401 |
| Filename | snd16061.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, RAR self-extracting archive | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 54 detected (AIDetectMalware, ChePro, Malicious, score, Ghanarava, Netsupportrat, GenericKD, Unsafe, Veh9, confidence, 100%, moderate confidence, multiple detections, nixe, TrojanBanker, jpnujo, zxgsm, Siggen30, Tool, NetSup, RemoteAdmin, Detected, Malware@#1zi5aixmnm5u8, HackTool, EQYN, NetSupport, Artemis, Tiggre, Netsupportmanager, Simw, myez5VmqQPE, susgen, nQvk) | ||
| md5 | e24d2cdf95e080f2b6a1db32352d8a3c | ||
| sha256 | d2f9dc8e7278a2ec0aa634536ac8d23db209aba8ca0e109ce80469c27517ab33 | ||
| ssdeep | 49152:XMHaSOxCBcuLX54FiFdrAskBlVgEKEZv5zauP+Tx77KZbYj57O7Tfle:XM6FMBcuEEdrAstEnv53P+xhOfM | ||
| imphash | dbb1eb5c3476069287a73206929932fd | ||
| impfuzzy | 48:dROaOGpw+vceo7nhzN54lzvSv6pfn56UyLlotn6gxSY4jS+EQhXUXCAk+09ok/Kc:dRZzwA87nKCy07dCaqUt5PuKTfD | ||
Network IP location
Signature (19cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 54 AntiVirus engines on VirusTotal as malicious |
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Installs itself for autorun at Windows startup |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a shortcut to an executable file |
| notice | Creates executable files on the filesystem |
| notice | Drops a binary and executes it |
| notice | Drops an executable to the user AppData folder |
| notice | Executes one or more WMI queries |
| notice | Executes one or more WMI queries which can be used to identify virtual machines |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Queries for potentially installed applications |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (19cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (download) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | lnk_file_format | Microsoft Windows Shortcut File Format | binaries (download) |
| info | Lnk_Format_Zero | LNK Format | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (6cnts) ?
Suricata ids
ET POLICY NetSupport GeoLocation Lookup Request
PE API
IAT(Import Address Table) Library
COMCTL32.dll
0x41302c InitCommonControlsEx
0x413030 None
SHLWAPI.dll
0x4131bc SHAutoComplete
KERNEL32.dll
0x41306c DeleteFileW
0x413070 DeleteFileA
0x413074 CreateDirectoryA
0x413078 CreateDirectoryW
0x41307c FindClose
0x413080 FindNextFileA
0x413084 FindFirstFileA
0x413088 FindNextFileW
0x41308c FindFirstFileW
0x413090 GetTickCount
0x413094 WideCharToMultiByte
0x413098 GlobalAlloc
0x41309c GetVersionExW
0x4130a0 GetFullPathNameA
0x4130a4 GetFullPathNameW
0x4130a8 GetModuleFileNameW
0x4130ac FindResourceW
0x4130b0 GetModuleHandleW
0x4130b4 HeapAlloc
0x4130b8 GetProcessHeap
0x4130bc HeapFree
0x4130c0 HeapReAlloc
0x4130c4 CompareStringA
0x4130c8 ExitProcess
0x4130cc GetLocaleInfoW
0x4130d0 GetNumberFormatW
0x4130d4 SetFileAttributesW
0x4130d8 GetDateFormatW
0x4130dc GetTimeFormatW
0x4130e0 FileTimeToSystemTime
0x4130e4 FileTimeToLocalFileTime
0x4130e8 ExpandEnvironmentStringsW
0x4130ec WaitForSingleObject
0x4130f0 Sleep
0x4130f4 GetTempPathW
0x4130f8 MoveFileExW
0x4130fc UnmapViewOfFile
0x413100 GetCommandLineW
0x413104 MapViewOfFile
0x413108 CreateFileMappingW
0x41310c OpenFileMappingW
0x413110 SetEnvironmentVariableW
0x413114 GetProcAddress
0x413118 LocalFileTimeToFileTime
0x41311c SystemTimeToFileTime
0x413120 GetSystemTime
0x413124 MultiByteToWideChar
0x413128 CompareStringW
0x41312c IsDBCSLeadByte
0x413130 GetCPInfo
0x413134 SetCurrentDirectoryW
0x413138 LoadLibraryW
0x41313c FreeLibrary
0x413140 SetFileAttributesA
0x413144 GetFileAttributesW
0x413148 GetFileAttributesA
0x41314c WriteFile
0x413150 GetStdHandle
0x413154 ReadFile
0x413158 GetCurrentDirectoryW
0x41315c CreateFileW
0x413160 CreateFileA
0x413164 GetFileType
0x413168 SetEndOfFile
0x41316c SetFilePointer
0x413170 MoveFileW
0x413174 SetFileTime
0x413178 GetCurrentProcess
0x41317c CloseHandle
0x413180 SetLastError
0x413184 GetLastError
0x413188 DosDateTimeToFileTime
USER32.dll
0x4131c4 wvsprintfW
0x4131c8 ReleaseDC
0x4131cc GetDC
0x4131d0 SendMessageW
0x4131d4 SetDlgItemTextW
0x4131d8 SetFocus
0x4131dc EndDialog
0x4131e0 DestroyIcon
0x4131e4 SendDlgItemMessageW
0x4131e8 GetDlgItemTextW
0x4131ec GetClassNameW
0x4131f0 DialogBoxParamW
0x4131f4 IsWindowVisible
0x4131f8 WaitForInputIdle
0x4131fc SetForegroundWindow
0x413200 GetSysColor
0x413204 PostMessageW
0x413208 LoadBitmapW
0x41320c LoadIconW
0x413210 CharToOemA
0x413214 OemToCharA
0x413218 FindWindowExW
0x41321c wvsprintfA
0x413220 GetParent
0x413224 MapWindowPoints
0x413228 CreateWindowExW
0x41322c UpdateWindow
0x413230 SetWindowTextW
0x413234 LoadCursorW
0x413238 RegisterClassExW
0x41323c SetWindowLongW
0x413240 GetWindowLongW
0x413244 DefWindowProcW
0x413248 PeekMessageW
0x41324c GetMessageW
0x413250 TranslateMessage
0x413254 DispatchMessageW
0x413258 DestroyWindow
0x41325c GetClientRect
0x413260 IsWindow
0x413264 CharToOemBuffW
0x413268 MessageBoxW
0x41326c ShowWindow
0x413270 GetDlgItem
0x413274 EnableWindow
0x413278 OemToCharBuffA
0x41327c CharUpperA
0x413280 CharToOemBuffA
0x413284 LoadStringW
0x413288 SetWindowPos
0x41328c GetWindowTextW
0x413290 GetSystemMetrics
0x413294 GetWindow
0x413298 CharUpperW
0x41329c GetWindowRect
0x4132a0 CopyRect
GDI32.dll
0x413048 GetDeviceCaps
0x41304c GetObjectW
0x413050 CreateCompatibleBitmap
0x413054 SelectObject
0x413058 StretchBlt
0x41305c CreateCompatibleDC
0x413060 DeleteObject
0x413064 DeleteDC
COMDLG32.dll
0x413038 GetOpenFileNameW
0x41303c CommDlgExtendedError
0x413040 GetSaveFileNameW
ADVAPI32.dll
0x413000 RegOpenKeyExW
0x413004 LookupPrivilegeValueW
0x413008 OpenProcessToken
0x41300c RegQueryValueExW
0x413010 RegCreateKeyExW
0x413014 RegSetValueExW
0x413018 RegCloseKey
0x41301c SetFileSecurityW
0x413020 SetFileSecurityA
0x413024 AdjustTokenPrivileges
SHELL32.dll
0x413198 SHChangeNotify
0x41319c ShellExecuteExW
0x4131a0 SHFileOperationW
0x4131a4 SHGetFileInfoW
0x4131a8 SHGetSpecialFolderLocation
0x4131ac SHGetMalloc
0x4131b0 SHBrowseForFolderW
0x4131b4 SHGetPathFromIDListW
ole32.dll
0x4132a8 CreateStreamOnHGlobal
0x4132ac OleInitialize
0x4132b0 CoCreateInstance
0x4132b4 OleUninitialize
0x4132b8 CLSIDFromString
OLEAUT32.dll
0x413190 VariantInit
EAT(Export Address Table) Library
COMCTL32.dll
0x41302c InitCommonControlsEx
0x413030 None
SHLWAPI.dll
0x4131bc SHAutoComplete
KERNEL32.dll
0x41306c DeleteFileW
0x413070 DeleteFileA
0x413074 CreateDirectoryA
0x413078 CreateDirectoryW
0x41307c FindClose
0x413080 FindNextFileA
0x413084 FindFirstFileA
0x413088 FindNextFileW
0x41308c FindFirstFileW
0x413090 GetTickCount
0x413094 WideCharToMultiByte
0x413098 GlobalAlloc
0x41309c GetVersionExW
0x4130a0 GetFullPathNameA
0x4130a4 GetFullPathNameW
0x4130a8 GetModuleFileNameW
0x4130ac FindResourceW
0x4130b0 GetModuleHandleW
0x4130b4 HeapAlloc
0x4130b8 GetProcessHeap
0x4130bc HeapFree
0x4130c0 HeapReAlloc
0x4130c4 CompareStringA
0x4130c8 ExitProcess
0x4130cc GetLocaleInfoW
0x4130d0 GetNumberFormatW
0x4130d4 SetFileAttributesW
0x4130d8 GetDateFormatW
0x4130dc GetTimeFormatW
0x4130e0 FileTimeToSystemTime
0x4130e4 FileTimeToLocalFileTime
0x4130e8 ExpandEnvironmentStringsW
0x4130ec WaitForSingleObject
0x4130f0 Sleep
0x4130f4 GetTempPathW
0x4130f8 MoveFileExW
0x4130fc UnmapViewOfFile
0x413100 GetCommandLineW
0x413104 MapViewOfFile
0x413108 CreateFileMappingW
0x41310c OpenFileMappingW
0x413110 SetEnvironmentVariableW
0x413114 GetProcAddress
0x413118 LocalFileTimeToFileTime
0x41311c SystemTimeToFileTime
0x413120 GetSystemTime
0x413124 MultiByteToWideChar
0x413128 CompareStringW
0x41312c IsDBCSLeadByte
0x413130 GetCPInfo
0x413134 SetCurrentDirectoryW
0x413138 LoadLibraryW
0x41313c FreeLibrary
0x413140 SetFileAttributesA
0x413144 GetFileAttributesW
0x413148 GetFileAttributesA
0x41314c WriteFile
0x413150 GetStdHandle
0x413154 ReadFile
0x413158 GetCurrentDirectoryW
0x41315c CreateFileW
0x413160 CreateFileA
0x413164 GetFileType
0x413168 SetEndOfFile
0x41316c SetFilePointer
0x413170 MoveFileW
0x413174 SetFileTime
0x413178 GetCurrentProcess
0x41317c CloseHandle
0x413180 SetLastError
0x413184 GetLastError
0x413188 DosDateTimeToFileTime
USER32.dll
0x4131c4 wvsprintfW
0x4131c8 ReleaseDC
0x4131cc GetDC
0x4131d0 SendMessageW
0x4131d4 SetDlgItemTextW
0x4131d8 SetFocus
0x4131dc EndDialog
0x4131e0 DestroyIcon
0x4131e4 SendDlgItemMessageW
0x4131e8 GetDlgItemTextW
0x4131ec GetClassNameW
0x4131f0 DialogBoxParamW
0x4131f4 IsWindowVisible
0x4131f8 WaitForInputIdle
0x4131fc SetForegroundWindow
0x413200 GetSysColor
0x413204 PostMessageW
0x413208 LoadBitmapW
0x41320c LoadIconW
0x413210 CharToOemA
0x413214 OemToCharA
0x413218 FindWindowExW
0x41321c wvsprintfA
0x413220 GetParent
0x413224 MapWindowPoints
0x413228 CreateWindowExW
0x41322c UpdateWindow
0x413230 SetWindowTextW
0x413234 LoadCursorW
0x413238 RegisterClassExW
0x41323c SetWindowLongW
0x413240 GetWindowLongW
0x413244 DefWindowProcW
0x413248 PeekMessageW
0x41324c GetMessageW
0x413250 TranslateMessage
0x413254 DispatchMessageW
0x413258 DestroyWindow
0x41325c GetClientRect
0x413260 IsWindow
0x413264 CharToOemBuffW
0x413268 MessageBoxW
0x41326c ShowWindow
0x413270 GetDlgItem
0x413274 EnableWindow
0x413278 OemToCharBuffA
0x41327c CharUpperA
0x413280 CharToOemBuffA
0x413284 LoadStringW
0x413288 SetWindowPos
0x41328c GetWindowTextW
0x413290 GetSystemMetrics
0x413294 GetWindow
0x413298 CharUpperW
0x41329c GetWindowRect
0x4132a0 CopyRect
GDI32.dll
0x413048 GetDeviceCaps
0x41304c GetObjectW
0x413050 CreateCompatibleBitmap
0x413054 SelectObject
0x413058 StretchBlt
0x41305c CreateCompatibleDC
0x413060 DeleteObject
0x413064 DeleteDC
COMDLG32.dll
0x413038 GetOpenFileNameW
0x41303c CommDlgExtendedError
0x413040 GetSaveFileNameW
ADVAPI32.dll
0x413000 RegOpenKeyExW
0x413004 LookupPrivilegeValueW
0x413008 OpenProcessToken
0x41300c RegQueryValueExW
0x413010 RegCreateKeyExW
0x413014 RegSetValueExW
0x413018 RegCloseKey
0x41301c SetFileSecurityW
0x413020 SetFileSecurityA
0x413024 AdjustTokenPrivileges
SHELL32.dll
0x413198 SHChangeNotify
0x41319c ShellExecuteExW
0x4131a0 SHFileOperationW
0x4131a4 SHGetFileInfoW
0x4131a8 SHGetSpecialFolderLocation
0x4131ac SHGetMalloc
0x4131b0 SHBrowseForFolderW
0x4131b4 SHGetPathFromIDListW
ole32.dll
0x4132a8 CreateStreamOnHGlobal
0x4132ac OleInitialize
0x4132b0 CoCreateInstance
0x4132b4 OleUninitialize
0x4132b8 CLSIDFromString
OLEAUT32.dll
0x413190 VariantInit
EAT(Export Address Table) Library