Windows Analysis Report
console_zero.exe

Overview

General Information

Sample name:	console_zero.exe
Analysis ID:	1523780
MD5:	d51c8934c1bb7984906741bfd1f5c060
SHA1:	bef7c3d82fa55a59a64633321ba3302194e7090a
SHA256:	ec3199374503cf2890616d2f77fd92e5e3a1d1025b5651fc0e288c38bee9ffd8

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

PE file contains sections with non-standard names

Program does not show much activity (idle)

Uses code obfuscation techniques (call, push, ret)

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: console_zero.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: console_zero.exe	ReversingLabs: Detection: 79%
Source: console_zero.exe	Virustotal: Detection: 69%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 94.9% probability

Source: console_zero.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F284614 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_000000013F284614
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F270FF4 FindClose,FindFirstFileExW,GetLastError,	0_2_000000013F270FF4
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F271068 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,	0_2_000000013F271068

Source: console_zero.exe	String found in binary or memory: http://worldtimeapi.org/api/timezone/Etc/UTC
Source: console_zero.exe	String found in binary or memory: http://worldtimeapi.org/api/timezone/Etc/UTCapplication/octet-streamtext/plain;

Detected potential crypto function

Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F288F54	0_2_000000013F288F54
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F2597B0	0_2_000000013F2597B0
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F284614	0_2_000000013F284614
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F27C644	0_2_000000013F27C644
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F251E40	0_2_000000013F251E40
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F28769C	0_2_000000013F28769C
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F25AD50	0_2_000000013F25AD50
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F259D30	0_2_000000013F259D30
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F268440	0_2_000000013F268440
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F259480	0_2_000000013F259480
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F2894AC	0_2_000000013F2894AC
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F26EB00	0_2_000000013F26EB00
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F256300	0_2_000000013F256300
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F263370	0_2_000000013F263370
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F26A260	0_2_000000013F26A260
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F261A30	0_2_000000013F261A30
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F255A70	0_2_000000013F255A70
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F279A78	0_2_000000013F279A78
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F283110	0_2_000000013F283110
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F286150	0_2_000000013F286150
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F2589A0	0_2_000000013F2589A0
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F27B7E4	0_2_000000013F27B7E4
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F259040	0_2_000000013F259040
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F27A08C	0_2_000000013F27A08C
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F271068	0_2_000000013F271068
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F261070	0_2_000000013F261070
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F256880	0_2_000000013F256880

Source: classification engine

Classification label: mal60.winEXE@1/0@0/0

Source: console_zero.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\console_zero.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: console_zero.exe	ReversingLabs: Detection: 79%
Source: console_zero.exe	Virustotal: Detection: 69%

Source: C:\Users\user\Desktop\console_zero.exe

Section loaded: libcurl.dll

Jump to behavior

Source: console_zero.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: console_zero.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: console_zero.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: console_zero.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: console_zero.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: console_zero.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: console_zero.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: console_zero.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: console_zero.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: console_zero.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: console_zero.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: console_zero.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: console_zero.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: console_zero.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

PE file contains sections with non-standard names

Source: console_zero.exe

Static PE information: section name: .fptable

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\console_zero.exe

Code function: 0_2_000000013F25CB34 push rax; retf 0000h

0_2_000000013F25CB41

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F284614 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_000000013F284614
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F270FF4 FindClose,FindFirstFileExW,GetLastError,	0_2_000000013F270FF4
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F271068 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,	0_2_000000013F271068

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\console_zero.exe

Code function: 0_2_000000013F27957C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_000000013F27957C

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\console_zero.exe

Code function: 0_2_000000013F285880 GetProcessHeap,

0_2_000000013F285880

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F2726B0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_000000013F2726B0
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F27957C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_000000013F27957C
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F272B44 SetUnhandledExceptionFilter,	0_2_000000013F272B44
Source: C:\Users\user\Desktop\console_zero.exe	Code function: 0_2_000000013F272964 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_000000013F272964

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\console_zero.exe

Code function: 0_2_000000013F28A540 cpuid

0_2_000000013F28A540

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\console_zero.exe	Code function: EnumSystemLocalesW,	0_2_000000013F287FA8
Source: C:\Users\user\Desktop\console_zero.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_000000013F2886A4
Source: C:\Users\user\Desktop\console_zero.exe	Code function: GetLocaleInfoW,	0_2_000000013F288560
Source: C:\Users\user\Desktop\console_zero.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	0_2_000000013F287C44
Source: C:\Users\user\Desktop\console_zero.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_000000013F2884AC
Source: C:\Users\user\Desktop\console_zero.exe	Code function: GetLocaleInfoW,	0_2_000000013F2804C0
Source: C:\Users\user\Desktop\console_zero.exe	Code function: GetLocaleInfoW,	0_2_000000013F288354
Source: C:\Users\user\Desktop\console_zero.exe	Code function: GetLocaleInfoEx,FormatMessageA,	0_2_000000013F270A5C
Source: C:\Users\user\Desktop\console_zero.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_000000013F288110
Source: C:\Users\user\Desktop\console_zero.exe	Code function: EnumSystemLocalesW,	0_2_000000013F28014C
Source: C:\Users\user\Desktop\console_zero.exe	Code function: EnumSystemLocalesW,	0_2_000000013F288078

Source: C:\Users\user\Desktop\console_zero.exe

Code function: 0_2_000000013F272BB0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_000000013F272BB0

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

ID:	1523780
Product:	CloudBasic
Start time:	02:21:18
Start date:	02.10.2024
Sample:	console_zero.exe
Cookbook:	default.jbs
System description:	Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Architecture:	WINDOWS
MD5:	d51c8934c1bb7984906741bfd1f5c060
SHA1:	bef7c3d82fa55a59a64633321ba3302194e7090a
SHA256:	ec3199374503cf2890616d2f77fd92e5e3a1d1025b5651fc0e288c38bee9ffd8
Filetype:	Win64 Executable GUI (202006/5) 92.65%

Windows Analysis Report
console_zero.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report console_zero.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
console_zero.exe