ScreenShot
| Created | 2025.04.23 10:05 | Machine | s1_win7_x6403 |
| Filename | statement.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 27 detected (Unsafe, Attribute, HighConfidence, malicious, moderate confidence, GenCBL, MalwareX, Boxter, Coins, CLOUD, GenSteal, hrhzb, Inject5, Detected, Wacatac, AILGG6, ABApplication, UZYP, QQPass, QQRob, Fdhl) | ||
| md5 | 72d6c8da86bd30175f56b1199ff87af4 | ||
| sha256 | 374c270caa42b3ba1a0b31c33a47fe590c38ef8997845d48ae3fb8a575f7d608 | ||
| ssdeep | 24576:2m65Bu5AmdT2E6by/Rhensmbj1U2ThxnsqbHf1H2mQ+w5XOQXYAE2VyDpFOgPTc9:R65BG3T2E+wRhMNVQleTzHB1skQ1hNs4 | ||
| imphash | de74e43788a8a76ae683dbf7add004fb | ||
| impfuzzy | 96:D76XURq9KeJcx2fQUhVPja9bQEXCTHxX1lXetZyX9uGdL5ryVa:DGXofMEyTRFlurrIryVa | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | Executed a process and injected code into it |
| warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Manipulates memory of a non-child process indicative of process injection |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Checks amount of memory in system |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x140178000 RegQueryValueExW
0x140178008 RegCloseKey
0x140178010 OpenProcessToken
0x140178018 LookupPrivilegeValueW
0x140178020 AdjustTokenPrivileges
0x140178028 RegEnumValueW
0x140178030 RegOpenKeyExW
crypt.dll
0x1401785b0 BCryptGenRandom
KERNEL32.dll
0x140178040 TlsFree
0x140178048 TlsSetValue
0x140178050 SetLastError
0x140178058 GetModuleHandleA
0x140178060 GetLastError
0x140178068 LoadLibraryA
0x140178070 GetProcAddress
0x140178078 LocalFree
0x140178080 FormatMessageW
0x140178088 GetConsoleMode
0x140178090 GetFileType
0x140178098 WriteFile
0x1401780a0 WriteConsoleW
0x1401780a8 GetConsoleOutputCP
0x1401780b0 GetStdHandle
0x1401780b8 MultiByteToWideChar
0x1401780c0 WideCharToMultiByte
0x1401780c8 K32EnumProcessModulesEx
0x1401780d0 CloseHandle
0x1401780d8 IsWow64Process
0x1401780e0 GetExitCodeProcess
0x1401780e8 TerminateProcess
0x1401780f0 OpenProcess
0x1401780f8 K32EnumProcesses
0x140178100 K32GetModuleInformation
0x140178108 K32GetModuleBaseNameW
0x140178110 K32GetModuleFileNameExW
0x140178118 GetProcessId
0x140178120 DuplicateHandle
0x140178128 GetCurrentProcess
0x140178130 GetCurrentProcessId
0x140178138 RaiseFailFastException
0x140178140 GetCalendarInfoEx
0x140178148 CompareStringOrdinal
0x140178150 CompareStringEx
0x140178158 FindNLSStringEx
0x140178160 GetLocaleInfoEx
0x140178168 ResolveLocaleName
0x140178170 FindStringOrdinal
0x140178178 GetTickCount64
0x140178180 GetCurrentThread
0x140178188 Sleep
0x140178190 DeleteCriticalSection
0x140178198 EnterCriticalSection
0x1401781a0 SleepConditionVariableCS
0x1401781a8 LeaveCriticalSection
0x1401781b0 WakeConditionVariable
0x1401781b8 QueryPerformanceCounter
0x1401781c0 InitializeCriticalSection
0x1401781c8 InitializeConditionVariable
0x1401781d0 WaitForMultipleObjectsEx
0x1401781d8 QueryPerformanceFrequency
0x1401781e0 LocalAlloc
0x1401781e8 LocaleNameToLCID
0x1401781f0 LCMapStringEx
0x1401781f8 EnumTimeFormatsEx
0x140178200 EnumCalendarInfoExEx
0x140178208 ExpandEnvironmentStringsW
0x140178210 FreeLibrary
0x140178218 GetModuleFileNameW
0x140178220 LoadLibraryExW
0x140178228 SetThreadErrorMode
0x140178230 GetThreadPriority
0x140178238 GetCurrentProcessorNumberEx
0x140178240 SetEvent
0x140178248 CreateEventExW
0x140178250 GetEnvironmentVariableW
0x140178258 FlushProcessWriteBuffers
0x140178260 WaitForSingleObjectEx
0x140178268 RtlVirtualUnwind
0x140178270 RtlCaptureContext
0x140178278 RtlRestoreContext
0x140178280 AddVectoredExceptionHandler
0x140178288 FlsAlloc
0x140178290 FlsGetValue
0x140178298 FlsSetValue
0x1401782a0 CreateEventW
0x1401782a8 SwitchToThread
0x1401782b0 CreateThread
0x1401782b8 GetCurrentThreadId
0x1401782c0 SetThreadPriority
0x1401782c8 SuspendThread
0x1401782d0 ResumeThread
0x1401782d8 GetThreadContext
0x1401782e0 SetThreadContext
0x1401782e8 FlushInstructionCache
0x1401782f0 VirtualAlloc
0x1401782f8 VirtualProtect
0x140178300 VirtualFree
0x140178308 QueryInformationJobObject
0x140178310 GetModuleHandleW
0x140178318 GetModuleHandleExW
0x140178320 GetProcessAffinityMask
0x140178328 InitializeContext
0x140178330 GetEnabledXStateFeatures
0x140178338 SetXStateFeaturesMask
0x140178340 VirtualQuery
0x140178348 InitializeCriticalSectionEx
0x140178350 GetSystemTimeAsFileTime
0x140178358 ResetEvent
0x140178360 DebugBreak
0x140178368 WaitForSingleObject
0x140178370 SleepEx
0x140178378 GlobalMemoryStatusEx
0x140178380 GetSystemInfo
0x140178388 GetLogicalProcessorInformation
0x140178390 GetLogicalProcessorInformationEx
0x140178398 GetLargePageMinimum
0x1401783a0 VirtualUnlock
0x1401783a8 VirtualAllocExNuma
0x1401783b0 IsProcessInJob
0x1401783b8 GetNumaHighestNodeNumber
0x1401783c0 GetProcessGroupAffinity
0x1401783c8 K32GetProcessMemoryInfo
0x1401783d0 TlsGetValue
0x1401783d8 TlsAlloc
0x1401783e0 InitializeCriticalSectionAndSpinCount
0x1401783e8 EncodePointer
0x1401783f0 RaiseException
0x1401783f8 RtlPcToFileHeader
0x140178400 RtlUnwindEx
0x140178408 IsProcessorFeaturePresent
0x140178410 SetUnhandledExceptionFilter
0x140178418 UnhandledExceptionFilter
0x140178420 IsDebuggerPresent
0x140178428 RtlLookupFunctionEntry
0x140178430 InitializeSListHead
ole32.dll
0x1401785c0 CoTaskMemFree
0x1401785c8 CoGetApartmentType
0x1401785d0 CoTaskMemAlloc
0x1401785d8 CoUninitialize
0x1401785e0 CoInitializeEx
0x1401785e8 CoWaitForMultipleHandles
api-ms-win-crt-heap-l1-1-0.dll
0x140178450 free
0x140178458 calloc
0x140178460 _set_new_mode
0x140178468 _callnewh
0x140178470 malloc
api-ms-win-crt-math-l1-1-0.dll
0x140178490 ceil
0x140178498 __setusermatherr
api-ms-win-crt-string-l1-1-0.dll
0x140178580 wcsncmp
0x140178588 strcmp
0x140178590 _stricmp
0x140178598 strcpy_s
0x1401785a0 strncpy_s
api-ms-win-crt-convert-l1-1-0.dll
0x140178440 strtoull
api-ms-win-crt-runtime-l1-1-0.dll
0x1401784a8 _cexit
0x1401784b0 _c_exit
0x1401784b8 _seh_filter_exe
0x1401784c0 terminate
0x1401784c8 _crt_atexit
0x1401784d0 _register_onexit_function
0x1401784d8 _initialize_onexit_table
0x1401784e0 __p___wargv
0x1401784e8 __p___argc
0x1401784f0 _register_thread_local_exe_atexit_callback
0x1401784f8 _set_app_type
0x140178500 abort
0x140178508 _configure_wide_argv
0x140178510 _initialize_wide_environment
0x140178518 _get_initial_wide_environment
0x140178520 _initterm
0x140178528 _initterm_e
0x140178530 exit
0x140178538 _exit
api-ms-win-crt-stdio-l1-1-0.dll
0x140178548 __stdio_common_vsscanf
0x140178550 __stdio_common_vsprintf_s
0x140178558 _set_fmode
0x140178560 __stdio_common_vfprintf
0x140178568 __acrt_iob_func
0x140178570 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x140178480 _configthreadlocale
EAT(Export Address Table) Library
ADVAPI32.dll
0x140178000 RegQueryValueExW
0x140178008 RegCloseKey
0x140178010 OpenProcessToken
0x140178018 LookupPrivilegeValueW
0x140178020 AdjustTokenPrivileges
0x140178028 RegEnumValueW
0x140178030 RegOpenKeyExW
crypt.dll
0x1401785b0 BCryptGenRandom
KERNEL32.dll
0x140178040 TlsFree
0x140178048 TlsSetValue
0x140178050 SetLastError
0x140178058 GetModuleHandleA
0x140178060 GetLastError
0x140178068 LoadLibraryA
0x140178070 GetProcAddress
0x140178078 LocalFree
0x140178080 FormatMessageW
0x140178088 GetConsoleMode
0x140178090 GetFileType
0x140178098 WriteFile
0x1401780a0 WriteConsoleW
0x1401780a8 GetConsoleOutputCP
0x1401780b0 GetStdHandle
0x1401780b8 MultiByteToWideChar
0x1401780c0 WideCharToMultiByte
0x1401780c8 K32EnumProcessModulesEx
0x1401780d0 CloseHandle
0x1401780d8 IsWow64Process
0x1401780e0 GetExitCodeProcess
0x1401780e8 TerminateProcess
0x1401780f0 OpenProcess
0x1401780f8 K32EnumProcesses
0x140178100 K32GetModuleInformation
0x140178108 K32GetModuleBaseNameW
0x140178110 K32GetModuleFileNameExW
0x140178118 GetProcessId
0x140178120 DuplicateHandle
0x140178128 GetCurrentProcess
0x140178130 GetCurrentProcessId
0x140178138 RaiseFailFastException
0x140178140 GetCalendarInfoEx
0x140178148 CompareStringOrdinal
0x140178150 CompareStringEx
0x140178158 FindNLSStringEx
0x140178160 GetLocaleInfoEx
0x140178168 ResolveLocaleName
0x140178170 FindStringOrdinal
0x140178178 GetTickCount64
0x140178180 GetCurrentThread
0x140178188 Sleep
0x140178190 DeleteCriticalSection
0x140178198 EnterCriticalSection
0x1401781a0 SleepConditionVariableCS
0x1401781a8 LeaveCriticalSection
0x1401781b0 WakeConditionVariable
0x1401781b8 QueryPerformanceCounter
0x1401781c0 InitializeCriticalSection
0x1401781c8 InitializeConditionVariable
0x1401781d0 WaitForMultipleObjectsEx
0x1401781d8 QueryPerformanceFrequency
0x1401781e0 LocalAlloc
0x1401781e8 LocaleNameToLCID
0x1401781f0 LCMapStringEx
0x1401781f8 EnumTimeFormatsEx
0x140178200 EnumCalendarInfoExEx
0x140178208 ExpandEnvironmentStringsW
0x140178210 FreeLibrary
0x140178218 GetModuleFileNameW
0x140178220 LoadLibraryExW
0x140178228 SetThreadErrorMode
0x140178230 GetThreadPriority
0x140178238 GetCurrentProcessorNumberEx
0x140178240 SetEvent
0x140178248 CreateEventExW
0x140178250 GetEnvironmentVariableW
0x140178258 FlushProcessWriteBuffers
0x140178260 WaitForSingleObjectEx
0x140178268 RtlVirtualUnwind
0x140178270 RtlCaptureContext
0x140178278 RtlRestoreContext
0x140178280 AddVectoredExceptionHandler
0x140178288 FlsAlloc
0x140178290 FlsGetValue
0x140178298 FlsSetValue
0x1401782a0 CreateEventW
0x1401782a8 SwitchToThread
0x1401782b0 CreateThread
0x1401782b8 GetCurrentThreadId
0x1401782c0 SetThreadPriority
0x1401782c8 SuspendThread
0x1401782d0 ResumeThread
0x1401782d8 GetThreadContext
0x1401782e0 SetThreadContext
0x1401782e8 FlushInstructionCache
0x1401782f0 VirtualAlloc
0x1401782f8 VirtualProtect
0x140178300 VirtualFree
0x140178308 QueryInformationJobObject
0x140178310 GetModuleHandleW
0x140178318 GetModuleHandleExW
0x140178320 GetProcessAffinityMask
0x140178328 InitializeContext
0x140178330 GetEnabledXStateFeatures
0x140178338 SetXStateFeaturesMask
0x140178340 VirtualQuery
0x140178348 InitializeCriticalSectionEx
0x140178350 GetSystemTimeAsFileTime
0x140178358 ResetEvent
0x140178360 DebugBreak
0x140178368 WaitForSingleObject
0x140178370 SleepEx
0x140178378 GlobalMemoryStatusEx
0x140178380 GetSystemInfo
0x140178388 GetLogicalProcessorInformation
0x140178390 GetLogicalProcessorInformationEx
0x140178398 GetLargePageMinimum
0x1401783a0 VirtualUnlock
0x1401783a8 VirtualAllocExNuma
0x1401783b0 IsProcessInJob
0x1401783b8 GetNumaHighestNodeNumber
0x1401783c0 GetProcessGroupAffinity
0x1401783c8 K32GetProcessMemoryInfo
0x1401783d0 TlsGetValue
0x1401783d8 TlsAlloc
0x1401783e0 InitializeCriticalSectionAndSpinCount
0x1401783e8 EncodePointer
0x1401783f0 RaiseException
0x1401783f8 RtlPcToFileHeader
0x140178400 RtlUnwindEx
0x140178408 IsProcessorFeaturePresent
0x140178410 SetUnhandledExceptionFilter
0x140178418 UnhandledExceptionFilter
0x140178420 IsDebuggerPresent
0x140178428 RtlLookupFunctionEntry
0x140178430 InitializeSListHead
ole32.dll
0x1401785c0 CoTaskMemFree
0x1401785c8 CoGetApartmentType
0x1401785d0 CoTaskMemAlloc
0x1401785d8 CoUninitialize
0x1401785e0 CoInitializeEx
0x1401785e8 CoWaitForMultipleHandles
api-ms-win-crt-heap-l1-1-0.dll
0x140178450 free
0x140178458 calloc
0x140178460 _set_new_mode
0x140178468 _callnewh
0x140178470 malloc
api-ms-win-crt-math-l1-1-0.dll
0x140178490 ceil
0x140178498 __setusermatherr
api-ms-win-crt-string-l1-1-0.dll
0x140178580 wcsncmp
0x140178588 strcmp
0x140178590 _stricmp
0x140178598 strcpy_s
0x1401785a0 strncpy_s
api-ms-win-crt-convert-l1-1-0.dll
0x140178440 strtoull
api-ms-win-crt-runtime-l1-1-0.dll
0x1401784a8 _cexit
0x1401784b0 _c_exit
0x1401784b8 _seh_filter_exe
0x1401784c0 terminate
0x1401784c8 _crt_atexit
0x1401784d0 _register_onexit_function
0x1401784d8 _initialize_onexit_table
0x1401784e0 __p___wargv
0x1401784e8 __p___argc
0x1401784f0 _register_thread_local_exe_atexit_callback
0x1401784f8 _set_app_type
0x140178500 abort
0x140178508 _configure_wide_argv
0x140178510 _initialize_wide_environment
0x140178518 _get_initial_wide_environment
0x140178520 _initterm
0x140178528 _initterm_e
0x140178530 exit
0x140178538 _exit
api-ms-win-crt-stdio-l1-1-0.dll
0x140178548 __stdio_common_vsscanf
0x140178550 __stdio_common_vsprintf_s
0x140178558 _set_fmode
0x140178560 __stdio_common_vfprintf
0x140178568 __acrt_iob_func
0x140178570 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x140178480 _configthreadlocale
EAT(Export Address Table) Library