ScreenShot
| Created | 2025.05.01 10:07 | Machine | s1_win7_x6403 |
| Filename | Zc3.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 25 detected (HLLPPhilis, Unsafe, Save, malicious, confidence, high confidence, CoinMiner, MalwareX, Reincarnation, Miners, HackTool, XMRMiner, CLASSIC, Tool, InstSrv, SchoolGirl, Real Protect, moderate, score, Generic ML PUA, Static AI, Suspicious PE, ShadowBrokers, GenericRXAA, BScope, Qhost, Gencirc) | ||
| md5 | 427b11f7f59e5efcfc03e8f14e88a58f | ||
| sha256 | e2a0f035d64258fb0ace43738d7c37f88a9b572e208c690a4db2c531f9f97eaf | ||
| ssdeep | 49152:rwT7Zu4MNIOoOVAYoqJD8YkY0VNB72YvnU1KZqLlmqBBLfJ:ra7hMNIaVAYoE8rYgVvnU1KZqLRn | ||
| imphash | de1fa96ad5bc81910ffb7ed552e29d0d | ||
| impfuzzy | 96:8cfpH1/jT3O5c/4Npxr0Uu1pwq6V6p1DwPOQD:n3m4FkFV6p2POQD | ||
Network IP location
Signature (12cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 25 AntiVirus engines on VirusTotal as malicious |
| watch | Created a service where a service was also not started |
| watch | Installs itself for autorun at Windows startup |
| notice | A process created a hidden window |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | Drops a binary and executes it |
| notice | Drops an executable to the user AppData folder |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Command line console output was observed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (15cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| danger | XMRig_Miner_IN | XMRig Miner | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (download) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (download) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
kernel32.dll
0xe20104 DeleteCriticalSection
0xe20108 LeaveCriticalSection
0xe2010c EnterCriticalSection
0xe20110 InitializeCriticalSection
0xe20114 VirtualFree
0xe20118 VirtualAlloc
0xe2011c LocalFree
0xe20120 LocalAlloc
0xe20124 GetVersion
0xe20128 GetCurrentThreadId
0xe2012c InterlockedDecrement
0xe20130 InterlockedIncrement
0xe20134 VirtualQuery
0xe20138 WideCharToMultiByte
0xe2013c SetCurrentDirectoryA
0xe20140 MultiByteToWideChar
0xe20144 lstrlenA
0xe20148 lstrcpynA
0xe2014c LoadLibraryExA
0xe20150 GetThreadLocale
0xe20154 GetStartupInfoA
0xe20158 GetProcAddress
0xe2015c GetModuleHandleA
0xe20160 GetModuleFileNameA
0xe20164 GetLocaleInfoA
0xe20168 GetLastError
0xe2016c GetCurrentDirectoryA
0xe20170 GetCommandLineA
0xe20174 FreeLibrary
0xe20178 FindFirstFileA
0xe2017c FindClose
0xe20180 ExitProcess
0xe20184 WriteFile
0xe20188 UnhandledExceptionFilter
0xe2018c SetFilePointer
0xe20190 SetEndOfFile
0xe20194 RtlUnwind
0xe20198 ReadFile
0xe2019c RaiseException
0xe201a0 GetStdHandle
0xe201a4 GetFileSize
0xe201a8 GetFileType
0xe201ac CreateFileA
0xe201b0 CloseHandle
user32.dll
0xe201b8 GetKeyboardType
0xe201bc LoadStringA
0xe201c0 MessageBoxA
0xe201c4 CharNextA
advapi32.dll
0xe201cc RegQueryValueExA
0xe201d0 RegOpenKeyExA
0xe201d4 RegCloseKey
oleaut32.dll
0xe201dc SysFreeString
0xe201e0 SysReAllocStringLen
0xe201e4 SysAllocStringLen
kernel32.dll
0xe201ec TlsSetValue
0xe201f0 TlsGetValue
0xe201f4 LocalAlloc
0xe201f8 GetModuleHandleA
kernel32.dll
0xe20200 WriteFile
0xe20204 WaitForSingleObject
0xe20208 VirtualQuery
0xe2020c SetFileTime
0xe20210 SetFilePointer
0xe20214 SetFileAttributesA
0xe20218 SetEvent
0xe2021c SetEndOfFile
0xe20220 ResetEvent
0xe20224 RemoveDirectoryA
0xe20228 ReadFile
0xe2022c MoveFileExA
0xe20230 LocalFileTimeToFileTime
0xe20234 LeaveCriticalSection
0xe20238 InitializeCriticalSection
0xe2023c GlobalUnlock
0xe20240 GlobalHandle
0xe20244 GlobalFree
0xe20248 GetVersionExA
0xe2024c GetThreadLocale
0xe20250 GetTempPathA
0xe20254 GetSystemDefaultLangID
0xe20258 GetStringTypeExA
0xe2025c GetStdHandle
0xe20260 GetProcAddress
0xe20264 GetModuleHandleA
0xe20268 GetModuleFileNameA
0xe2026c GetLocaleInfoA
0xe20270 GetLocalTime
0xe20274 GetLastError
0xe20278 GetFullPathNameA
0xe2027c GetFileAttributesA
0xe20280 GetExitCodeProcess
0xe20284 GetDiskFreeSpaceA
0xe20288 GetDateFormatA
0xe2028c GetCurrentThreadId
0xe20290 GetCPInfo
0xe20294 GetACP
0xe20298 FormatMessageA
0xe2029c FindNextFileA
0xe202a0 FindFirstFileA
0xe202a4 FindClose
0xe202a8 FileTimeToLocalFileTime
0xe202ac FileTimeToDosDateTime
0xe202b0 ExpandEnvironmentStringsA
0xe202b4 EnumCalendarInfoA
0xe202b8 EnterCriticalSection
0xe202bc DosDateTimeToFileTime
0xe202c0 DeleteFileA
0xe202c4 DeleteCriticalSection
0xe202c8 CreateMutexA
0xe202cc CreateFileA
0xe202d0 CreateEventA
0xe202d4 CreateDirectoryA
0xe202d8 CompareStringA
0xe202dc CloseHandle
gdi32.dll
0xe202e4 TextOutA
0xe202e8 SetTextColor
0xe202ec SetBkColor
0xe202f0 SelectObject
0xe202f4 GetTextExtentPoint32A
0xe202f8 ExtTextOutA
0xe202fc DeleteObject
0xe20300 CreateFontA
user32.dll
0xe20308 CreateWindowExA
0xe2030c RegisterClassExA
0xe20310 PeekMessageA
0xe20314 MessageBoxA
0xe20318 LoadStringA
0xe2031c InvalidateRect
0xe20320 GetSystemMetrics
0xe20324 GetSysColor
0xe20328 EndPaint
0xe2032c DrawEdge
0xe20330 DispatchMessageA
0xe20334 DestroyWindow
0xe20338 DefWindowProcA
0xe2033c BeginPaint
0xe20340 CharNextA
0xe20344 CharUpperBuffA
0xe20348 CharToOemA
kernel32.dll
0xe20350 Sleep
shell32.dll
0xe20358 ShellExecuteExA
0xe2035c ShellExecuteA
shell32.dll
0xe20364 SHGetSpecialFolderLocation
0xe20368 SHGetPathFromIDListA
0xe2036c SHBrowseForFolderA
oleaut32.dll
0xe20374 SafeArrayPtrOfIndex
0xe20378 SafeArrayGetUBound
0xe2037c SafeArrayGetLBound
0xe20380 SafeArrayCreate
0xe20384 VariantChangeType
0xe20388 VariantCopy
0xe2038c VariantClear
0xe20390 VariantInit
EAT(Export Address Table) is none
kernel32.dll
0xe20104 DeleteCriticalSection
0xe20108 LeaveCriticalSection
0xe2010c EnterCriticalSection
0xe20110 InitializeCriticalSection
0xe20114 VirtualFree
0xe20118 VirtualAlloc
0xe2011c LocalFree
0xe20120 LocalAlloc
0xe20124 GetVersion
0xe20128 GetCurrentThreadId
0xe2012c InterlockedDecrement
0xe20130 InterlockedIncrement
0xe20134 VirtualQuery
0xe20138 WideCharToMultiByte
0xe2013c SetCurrentDirectoryA
0xe20140 MultiByteToWideChar
0xe20144 lstrlenA
0xe20148 lstrcpynA
0xe2014c LoadLibraryExA
0xe20150 GetThreadLocale
0xe20154 GetStartupInfoA
0xe20158 GetProcAddress
0xe2015c GetModuleHandleA
0xe20160 GetModuleFileNameA
0xe20164 GetLocaleInfoA
0xe20168 GetLastError
0xe2016c GetCurrentDirectoryA
0xe20170 GetCommandLineA
0xe20174 FreeLibrary
0xe20178 FindFirstFileA
0xe2017c FindClose
0xe20180 ExitProcess
0xe20184 WriteFile
0xe20188 UnhandledExceptionFilter
0xe2018c SetFilePointer
0xe20190 SetEndOfFile
0xe20194 RtlUnwind
0xe20198 ReadFile
0xe2019c RaiseException
0xe201a0 GetStdHandle
0xe201a4 GetFileSize
0xe201a8 GetFileType
0xe201ac CreateFileA
0xe201b0 CloseHandle
user32.dll
0xe201b8 GetKeyboardType
0xe201bc LoadStringA
0xe201c0 MessageBoxA
0xe201c4 CharNextA
advapi32.dll
0xe201cc RegQueryValueExA
0xe201d0 RegOpenKeyExA
0xe201d4 RegCloseKey
oleaut32.dll
0xe201dc SysFreeString
0xe201e0 SysReAllocStringLen
0xe201e4 SysAllocStringLen
kernel32.dll
0xe201ec TlsSetValue
0xe201f0 TlsGetValue
0xe201f4 LocalAlloc
0xe201f8 GetModuleHandleA
kernel32.dll
0xe20200 WriteFile
0xe20204 WaitForSingleObject
0xe20208 VirtualQuery
0xe2020c SetFileTime
0xe20210 SetFilePointer
0xe20214 SetFileAttributesA
0xe20218 SetEvent
0xe2021c SetEndOfFile
0xe20220 ResetEvent
0xe20224 RemoveDirectoryA
0xe20228 ReadFile
0xe2022c MoveFileExA
0xe20230 LocalFileTimeToFileTime
0xe20234 LeaveCriticalSection
0xe20238 InitializeCriticalSection
0xe2023c GlobalUnlock
0xe20240 GlobalHandle
0xe20244 GlobalFree
0xe20248 GetVersionExA
0xe2024c GetThreadLocale
0xe20250 GetTempPathA
0xe20254 GetSystemDefaultLangID
0xe20258 GetStringTypeExA
0xe2025c GetStdHandle
0xe20260 GetProcAddress
0xe20264 GetModuleHandleA
0xe20268 GetModuleFileNameA
0xe2026c GetLocaleInfoA
0xe20270 GetLocalTime
0xe20274 GetLastError
0xe20278 GetFullPathNameA
0xe2027c GetFileAttributesA
0xe20280 GetExitCodeProcess
0xe20284 GetDiskFreeSpaceA
0xe20288 GetDateFormatA
0xe2028c GetCurrentThreadId
0xe20290 GetCPInfo
0xe20294 GetACP
0xe20298 FormatMessageA
0xe2029c FindNextFileA
0xe202a0 FindFirstFileA
0xe202a4 FindClose
0xe202a8 FileTimeToLocalFileTime
0xe202ac FileTimeToDosDateTime
0xe202b0 ExpandEnvironmentStringsA
0xe202b4 EnumCalendarInfoA
0xe202b8 EnterCriticalSection
0xe202bc DosDateTimeToFileTime
0xe202c0 DeleteFileA
0xe202c4 DeleteCriticalSection
0xe202c8 CreateMutexA
0xe202cc CreateFileA
0xe202d0 CreateEventA
0xe202d4 CreateDirectoryA
0xe202d8 CompareStringA
0xe202dc CloseHandle
gdi32.dll
0xe202e4 TextOutA
0xe202e8 SetTextColor
0xe202ec SetBkColor
0xe202f0 SelectObject
0xe202f4 GetTextExtentPoint32A
0xe202f8 ExtTextOutA
0xe202fc DeleteObject
0xe20300 CreateFontA
user32.dll
0xe20308 CreateWindowExA
0xe2030c RegisterClassExA
0xe20310 PeekMessageA
0xe20314 MessageBoxA
0xe20318 LoadStringA
0xe2031c InvalidateRect
0xe20320 GetSystemMetrics
0xe20324 GetSysColor
0xe20328 EndPaint
0xe2032c DrawEdge
0xe20330 DispatchMessageA
0xe20334 DestroyWindow
0xe20338 DefWindowProcA
0xe2033c BeginPaint
0xe20340 CharNextA
0xe20344 CharUpperBuffA
0xe20348 CharToOemA
kernel32.dll
0xe20350 Sleep
shell32.dll
0xe20358 ShellExecuteExA
0xe2035c ShellExecuteA
shell32.dll
0xe20364 SHGetSpecialFolderLocation
0xe20368 SHGetPathFromIDListA
0xe2036c SHBrowseForFolderA
oleaut32.dll
0xe20374 SafeArrayPtrOfIndex
0xe20378 SafeArrayGetUBound
0xe2037c SafeArrayGetLBound
0xe20380 SafeArrayCreate
0xe20384 VariantChangeType
0xe20388 VariantCopy
0xe2038c VariantClear
0xe20390 VariantInit
EAT(Export Address Table) is none