ScreenShot
| Created | 2025.04.28 09:21 | Machine | s1_win7_x6401 |
| Filename | applyreplace.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 43 detected (AIDetectMalware, Malicious, score, crysan, Artemis, Unsafe, GenericKD, Save, confidence, 100%, GenHeur, Attribute, HighConfidence, high confidence, a variant of Generik, CGEBOFG, CLASSIC, high, Detected, Agentb, StealC, ABTrojan, HBLB, Chgt, Hplw, PossibleThreat) | ||
| md5 | 1f95d326d120d381a10f53596da3e30e | ||
| sha256 | b909564095c489b8490a68f0145e8a6343991c031360bef7439c6b18740bba91 | ||
| ssdeep | 12288:BHxTFhPe855P92+u8yQJj87KS0QeHF8gSUoJJK9oK904lX3RUh6wI:BRTy855F2myQJjjV38gSUozIl | ||
| imphash | dfe29e45dd9c33682c6c062000c89847 | ||
| impfuzzy | 96:pXrd9DprPGZAbpatqWjVFjVyjVT/q8XcLWtNmG+mLqm6T7Z2K5snfeJXzm5wYhSj:pXrdtpruKVK97E5C8XcLB7Z2K5sO7AoB | ||
Network IP location
Signature (21cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 43 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Creates a suspicious Powershell process |
| watch | One or more of the buffers contains an embedded PE file |
| watch | The process powershell.exe wrote an executable file to disk |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a shortcut to an executable file |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | One or more potentially interesting buffers were extracted |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (15cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x42e218 ??1type_info@@UAE@XZ
0x42e21c __RTDynamicCast
0x42e220 _ftol2
0x42e224 _lock
0x42e228 _unlock
0x42e22c __dllonexit
0x42e230 _onexit
0x42e234 _errno
0x42e238 realloc
0x42e23c _controlfp
0x42e240 memcmp
0x42e244 _except_handler4_common
0x42e248 wcsstr
0x42e24c wcsncmp
0x42e250 _wcsnicmp
0x42e254 iswalpha
0x42e258 towlower
0x42e25c _snwscanf_s
0x42e260 ?terminate@@YAXXZ
0x42e264 _initterm
0x42e268 __setusermatherr
0x42e26c __p__fmode
0x42e270 _cexit
0x42e274 _exit
0x42e278 exit
0x42e27c __set_app_type
0x42e280 __wgetmainargs
0x42e284 _amsg_exit
0x42e288 __p__commode
0x42e28c _XcptFilter
0x42e290 memmove
0x42e294 memcpy
0x42e298 _CxxThrowException
0x42e29c ?what@exception@@UBEPBDXZ
0x42e2a0 ??1exception@@UAE@XZ
0x42e2a4 ??0exception@@QAE@ABV0@@Z
0x42e2a8 ??0exception@@QAE@ABQBDH@Z
0x42e2ac ??0exception@@QAE@ABQBD@Z
0x42e2b0 _callnewh
0x42e2b4 wcscpy_s
0x42e2b8 wcsrchr
0x42e2bc calloc
0x42e2c0 malloc
0x42e2c4 _purecall
0x42e2c8 _wcsicmp
0x42e2cc free
0x42e2d0 _vsnwprintf
0x42e2d4 towupper
0x42e2d8 _getwch
0x42e2dc vswprintf_s
0x42e2e0 _vscwprintf
0x42e2e4 _wcslwr_s
0x42e2e8 wcschr
0x42e2ec wprintf
0x42e2f0 memmove_s
0x42e2f4 memcpy_s
0x42e2f8 ??_V@YAXPAX@Z
0x42e2fc __CxxFrameHandler3
0x42e300 ??3@YAXPAX@Z
0x42e304 memset
ADVAPI32.dll
0x42e000 IsValidSecurityDescriptor
0x42e004 GetAclInformation
0x42e008 InitializeAcl
0x42e00c AddAce
0x42e010 SetSecurityDescriptorDacl
0x42e014 SetSecurityDescriptorGroup
0x42e018 MakeAbsoluteSD
0x42e01c GetSecurityDescriptorControl
0x42e020 GetSecurityDescriptorGroup
0x42e024 GetSecurityDescriptorDacl
0x42e028 GetSecurityDescriptorSacl
0x42e02c GetSecurityDescriptorOwner
0x42e030 InitializeSecurityDescriptor
0x42e034 SetSecurityDescriptorOwner
0x42e038 GetSidLengthRequired
0x42e03c InitializeSid
0x42e040 GetSidSubAuthority
0x42e044 IsValidSid
0x42e048 CopySid
0x42e04c GetLengthSid
0x42e050 TraceEvent
0x42e054 AdjustTokenPrivileges
0x42e058 LookupPrivilegeValueW
0x42e05c EventWriteTransfer
0x42e060 OpenProcessToken
0x42e064 InitiateSystemShutdownExW
0x42e068 UnregisterTraceGuids
0x42e06c RegisterTraceGuidsW
0x42e070 GetTraceEnableLevel
0x42e074 GetTraceEnableFlags
0x42e078 GetTraceLoggerHandle
0x42e07c EventUnregister
0x42e080 EventRegister
0x42e084 EventActivityIdControl
KERNEL32.dll
0x42e08c WaitForSingleObject
0x42e090 LoadLibraryExW
0x42e094 SearchPathW
0x42e098 UnmapViewOfFile
0x42e09c CreateFileMappingW
0x42e0a0 MapViewOfFile
0x42e0a4 GetFileInformationByHandleEx
0x42e0a8 DeviceIoControl
0x42e0ac SetFileAttributesW
0x42e0b0 SetFileInformationByHandle
0x42e0b4 DeleteFileW
0x42e0b8 CopyFileExW
0x42e0bc GetLongPathNameW
0x42e0c0 GetFinalPathNameByHandleW
0x42e0c4 GetDriveTypeW
0x42e0c8 GetVersionExW
0x42e0cc GetProcAddress
0x42e0d0 GetModuleHandleW
0x42e0d4 GetModuleHandleExW
0x42e0d8 FreeLibrary
0x42e0dc InitializeCriticalSection
0x42e0e0 EnterCriticalSection
0x42e0e4 SetEvent
0x42e0e8 LeaveCriticalSection
0x42e0ec GetLastError
0x42e0f0 CloseHandle
0x42e0f4 SetThreadUILanguage
0x42e0f8 SetErrorMode
0x42e0fc SetConsoleCtrlHandler
0x42e100 OutputDebugStringW
0x42e104 GetCommandLineW
0x42e108 HeapFree
0x42e10c GetProcessHeap
0x42e110 Sleep
0x42e114 GetCurrentProcess
0x42e118 DeleteCriticalSection
0x42e11c RaiseException
0x42e120 GetCurrentThreadId
0x42e124 CompareStringW
0x42e128 SizeofResource
0x42e12c LockResource
0x42e130 LoadResource
0x42e134 FindResourceExW
0x42e138 GetStdHandle
0x42e13c HeapAlloc
0x42e140 WriteConsoleW
0x42e144 LocalAlloc
0x42e148 WideCharToMultiByte
0x42e14c WriteFile
0x42e150 LocalFree
0x42e154 GetFileType
0x42e158 GetConsoleMode
0x42e15c GetModuleFileNameW
0x42e160 IsWow64Process
0x42e164 FormatMessageW
0x42e168 GetFileAttributesW
0x42e16c SetLastError
0x42e170 CreateFileW
0x42e174 MultiByteToWideChar
0x42e178 GetSystemInfo
0x42e17c HeapSize
0x42e180 HeapReAlloc
0x42e184 HeapDestroy
0x42e188 SetUnhandledExceptionFilter
0x42e18c QueryPerformanceCounter
0x42e190 GetCurrentProcessId
0x42e194 GetSystemTimeAsFileTime
0x42e198 GetTickCount
0x42e19c UnhandledExceptionFilter
0x42e1a0 TerminateProcess
0x42e1a4 OutputDebugStringA
0x42e1a8 GetSystemWindowsDirectoryW
0x42e1ac ExpandEnvironmentStringsW
0x42e1b0 GetTempFileNameW
0x42e1b4 GetFullPathNameW
0x42e1b8 CreateDirectoryW
0x42e1bc GetFileInformationByHandle
0x42e1c0 FindFirstFileW
0x42e1c4 FindNextFileW
0x42e1c8 FindClose
ole32.dll
0x42e324 CoInitializeSecurity
0x42e328 CoCreateInstance
0x42e32c CoInitializeEx
0x42e330 CoUninitialize
USER32.dll
0x42e200 CharLowerBuffW
OLEAUT32.dll
0x42e1d0 SysAllocStringLen
0x42e1d4 SysAllocString
0x42e1d8 GetErrorInfo
0x42e1dc SysStringByteLen
0x42e1e0 LoadTypeLib
0x42e1e4 LoadRegTypeLib
0x42e1e8 SysAllocStringByteLen
0x42e1ec VarBstrCmp
0x42e1f0 SysStringLen
0x42e1f4 VariantClear
0x42e1f8 SysFreeString
VERSION.dll
0x42e208 GetFileVersionInfoExW
0x42e20c GetFileVersionInfoSizeExW
0x42e210 VerQueryValueW
ntdll.dll
0x42e30c RtlGetVersion
0x42e310 RtlAllocateHeap
0x42e314 RtlFreeHeap
0x42e318 NtSetInformationFile
0x42e31c RtlNtStatusToDosError
EAT(Export Address Table) is none
msvcrt.dll
0x42e218 ??1type_info@@UAE@XZ
0x42e21c __RTDynamicCast
0x42e220 _ftol2
0x42e224 _lock
0x42e228 _unlock
0x42e22c __dllonexit
0x42e230 _onexit
0x42e234 _errno
0x42e238 realloc
0x42e23c _controlfp
0x42e240 memcmp
0x42e244 _except_handler4_common
0x42e248 wcsstr
0x42e24c wcsncmp
0x42e250 _wcsnicmp
0x42e254 iswalpha
0x42e258 towlower
0x42e25c _snwscanf_s
0x42e260 ?terminate@@YAXXZ
0x42e264 _initterm
0x42e268 __setusermatherr
0x42e26c __p__fmode
0x42e270 _cexit
0x42e274 _exit
0x42e278 exit
0x42e27c __set_app_type
0x42e280 __wgetmainargs
0x42e284 _amsg_exit
0x42e288 __p__commode
0x42e28c _XcptFilter
0x42e290 memmove
0x42e294 memcpy
0x42e298 _CxxThrowException
0x42e29c ?what@exception@@UBEPBDXZ
0x42e2a0 ??1exception@@UAE@XZ
0x42e2a4 ??0exception@@QAE@ABV0@@Z
0x42e2a8 ??0exception@@QAE@ABQBDH@Z
0x42e2ac ??0exception@@QAE@ABQBD@Z
0x42e2b0 _callnewh
0x42e2b4 wcscpy_s
0x42e2b8 wcsrchr
0x42e2bc calloc
0x42e2c0 malloc
0x42e2c4 _purecall
0x42e2c8 _wcsicmp
0x42e2cc free
0x42e2d0 _vsnwprintf
0x42e2d4 towupper
0x42e2d8 _getwch
0x42e2dc vswprintf_s
0x42e2e0 _vscwprintf
0x42e2e4 _wcslwr_s
0x42e2e8 wcschr
0x42e2ec wprintf
0x42e2f0 memmove_s
0x42e2f4 memcpy_s
0x42e2f8 ??_V@YAXPAX@Z
0x42e2fc __CxxFrameHandler3
0x42e300 ??3@YAXPAX@Z
0x42e304 memset
ADVAPI32.dll
0x42e000 IsValidSecurityDescriptor
0x42e004 GetAclInformation
0x42e008 InitializeAcl
0x42e00c AddAce
0x42e010 SetSecurityDescriptorDacl
0x42e014 SetSecurityDescriptorGroup
0x42e018 MakeAbsoluteSD
0x42e01c GetSecurityDescriptorControl
0x42e020 GetSecurityDescriptorGroup
0x42e024 GetSecurityDescriptorDacl
0x42e028 GetSecurityDescriptorSacl
0x42e02c GetSecurityDescriptorOwner
0x42e030 InitializeSecurityDescriptor
0x42e034 SetSecurityDescriptorOwner
0x42e038 GetSidLengthRequired
0x42e03c InitializeSid
0x42e040 GetSidSubAuthority
0x42e044 IsValidSid
0x42e048 CopySid
0x42e04c GetLengthSid
0x42e050 TraceEvent
0x42e054 AdjustTokenPrivileges
0x42e058 LookupPrivilegeValueW
0x42e05c EventWriteTransfer
0x42e060 OpenProcessToken
0x42e064 InitiateSystemShutdownExW
0x42e068 UnregisterTraceGuids
0x42e06c RegisterTraceGuidsW
0x42e070 GetTraceEnableLevel
0x42e074 GetTraceEnableFlags
0x42e078 GetTraceLoggerHandle
0x42e07c EventUnregister
0x42e080 EventRegister
0x42e084 EventActivityIdControl
KERNEL32.dll
0x42e08c WaitForSingleObject
0x42e090 LoadLibraryExW
0x42e094 SearchPathW
0x42e098 UnmapViewOfFile
0x42e09c CreateFileMappingW
0x42e0a0 MapViewOfFile
0x42e0a4 GetFileInformationByHandleEx
0x42e0a8 DeviceIoControl
0x42e0ac SetFileAttributesW
0x42e0b0 SetFileInformationByHandle
0x42e0b4 DeleteFileW
0x42e0b8 CopyFileExW
0x42e0bc GetLongPathNameW
0x42e0c0 GetFinalPathNameByHandleW
0x42e0c4 GetDriveTypeW
0x42e0c8 GetVersionExW
0x42e0cc GetProcAddress
0x42e0d0 GetModuleHandleW
0x42e0d4 GetModuleHandleExW
0x42e0d8 FreeLibrary
0x42e0dc InitializeCriticalSection
0x42e0e0 EnterCriticalSection
0x42e0e4 SetEvent
0x42e0e8 LeaveCriticalSection
0x42e0ec GetLastError
0x42e0f0 CloseHandle
0x42e0f4 SetThreadUILanguage
0x42e0f8 SetErrorMode
0x42e0fc SetConsoleCtrlHandler
0x42e100 OutputDebugStringW
0x42e104 GetCommandLineW
0x42e108 HeapFree
0x42e10c GetProcessHeap
0x42e110 Sleep
0x42e114 GetCurrentProcess
0x42e118 DeleteCriticalSection
0x42e11c RaiseException
0x42e120 GetCurrentThreadId
0x42e124 CompareStringW
0x42e128 SizeofResource
0x42e12c LockResource
0x42e130 LoadResource
0x42e134 FindResourceExW
0x42e138 GetStdHandle
0x42e13c HeapAlloc
0x42e140 WriteConsoleW
0x42e144 LocalAlloc
0x42e148 WideCharToMultiByte
0x42e14c WriteFile
0x42e150 LocalFree
0x42e154 GetFileType
0x42e158 GetConsoleMode
0x42e15c GetModuleFileNameW
0x42e160 IsWow64Process
0x42e164 FormatMessageW
0x42e168 GetFileAttributesW
0x42e16c SetLastError
0x42e170 CreateFileW
0x42e174 MultiByteToWideChar
0x42e178 GetSystemInfo
0x42e17c HeapSize
0x42e180 HeapReAlloc
0x42e184 HeapDestroy
0x42e188 SetUnhandledExceptionFilter
0x42e18c QueryPerformanceCounter
0x42e190 GetCurrentProcessId
0x42e194 GetSystemTimeAsFileTime
0x42e198 GetTickCount
0x42e19c UnhandledExceptionFilter
0x42e1a0 TerminateProcess
0x42e1a4 OutputDebugStringA
0x42e1a8 GetSystemWindowsDirectoryW
0x42e1ac ExpandEnvironmentStringsW
0x42e1b0 GetTempFileNameW
0x42e1b4 GetFullPathNameW
0x42e1b8 CreateDirectoryW
0x42e1bc GetFileInformationByHandle
0x42e1c0 FindFirstFileW
0x42e1c4 FindNextFileW
0x42e1c8 FindClose
ole32.dll
0x42e324 CoInitializeSecurity
0x42e328 CoCreateInstance
0x42e32c CoInitializeEx
0x42e330 CoUninitialize
USER32.dll
0x42e200 CharLowerBuffW
OLEAUT32.dll
0x42e1d0 SysAllocStringLen
0x42e1d4 SysAllocString
0x42e1d8 GetErrorInfo
0x42e1dc SysStringByteLen
0x42e1e0 LoadTypeLib
0x42e1e4 LoadRegTypeLib
0x42e1e8 SysAllocStringByteLen
0x42e1ec VarBstrCmp
0x42e1f0 SysStringLen
0x42e1f4 VariantClear
0x42e1f8 SysFreeString
VERSION.dll
0x42e208 GetFileVersionInfoExW
0x42e20c GetFileVersionInfoSizeExW
0x42e210 VerQueryValueW
ntdll.dll
0x42e30c RtlGetVersion
0x42e310 RtlAllocateHeap
0x42e314 RtlFreeHeap
0x42e318 NtSetInformationFile
0x42e31c RtlNtStatusToDosError
EAT(Export Address Table) is none