ScreenShot
Created | 2021.04.01 09:34 | Machine | s1_win7_x6401 |
Filename | bYZtFqTM | ||
Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | |||
md5 | 5a16eedc14b68099c21169a2c91f89d3 | ||
sha256 | 75e5d40d941b6c1ed5cfd7a929aeaa30fa80e7d2d94ddd9cac85cfef25957bca | ||
ssdeep | 768:nw8nr3SvetlELLA2QsEkPiQUVbKncqe0A9KgWRNUnMRrlnGGZB:wkrcetl802rEkUVbKnle0A9SuMRJGGT | ||
imphash | eeb95284c509c0cd676bb6384e0e301f | ||
impfuzzy | 3:sgBJO7PvXZElAWBJAEPwaIW6CVxabAJIAUxDKhLJTBy2AX+PEeHAXKtmem9Cz8Jj:XArvX6lFBJAEl6FmtTw2qzXKAeZQ |
Network IP location
Signature (1cnts)
Level | Description |
---|---|
info | The executable uses a known packer |
Rules (8cnts)
Level | Name | Description | Collection |
---|---|---|---|
info | IsDLL | (no description) | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
info | HasDebugData | DebugData Check | binaries (upload) |
info | HasModified_DOS_Message | DOS Message Check | binaries (upload) |
info | HasRichSignature | Rich Signature Check | binaries (upload) |
info | IsBeyondImageSize | Data Beyond ImageSize Check | binaries (upload) |
info | IsWindowsGUI | (no description) | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40a008 CloseHandle
0x40a00c OutputDebugStringA
0x40a010 LoadLibraryA
0x40a014 IsBadStringPtrW
0x40a018 GenerateConsoleCtrlEvent
USER32.dll
0x40a020 RegisterDeviceNotificationA
0x40a024 TranslateMessage
ADVAPI32.dll
0x40a000 RegLoadAppKeyW
EAT(Export Address Table) is none
KERNEL32.dll
0x40a008 CloseHandle
0x40a00c OutputDebugStringA
0x40a010 LoadLibraryA
0x40a014 IsBadStringPtrW
0x40a018 GenerateConsoleCtrlEvent
USER32.dll
0x40a020 RegisterDeviceNotificationA
0x40a024 TranslateMessage
ADVAPI32.dll
0x40a000 RegLoadAppKeyW
EAT(Export Address Table) is none