ScreenShot
| Created | 2021.04.02 10:19 | Machine | s1_win7_x6401 |
| Filename | iabi.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 4 detected (RemoteAdmin, euxndg, WinVNC, based, Undefined, CLOUD) | ||
| md5 | 9d98cfac482b35090e0604e13699a40c | ||
| sha256 | 75031fba4bd49f520b16a3d459040c2ad235316ad423ae2ef84fee37c44d801b | ||
| ssdeep | 6144:URgym92YGB+40vPLGPAIn/5UrSwtUD9h97owGrKi1/uysjqyJw:M6fu+40vPEn/2uRLkeiUyz+w | ||
| imphash | a80ed6af7f54152c3fdabd75bac9e2b3 | ||
| impfuzzy | 48:dGpVepsYq989nOwOx0S8f7b/n6GKuISvXRy/gAkACj5d6U0wtaKx02G+LXFqrnEP:dGpe3qSd7U0S8fHgRKRG+LXFqrnEqI | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 4 AntiVirus engines on VirusTotal as malicious |
| info | The executable uses a known packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasOverlay | Overlay Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
COMCTL32.dll
0x414000 None
KERNEL32.dll
0x414008 DeleteCriticalSection
0x41400c InitializeCriticalSection
0x414010 CloseHandle
0x414014 WaitForMultipleObjects
0x414018 SetEvent
0x41401c CreateThread
0x414020 WaitForSingleObject
0x414024 ResetEvent
0x414028 VirtualAlloc
0x41402c VirtualFree
0x414030 MultiByteToWideChar
0x414034 WideCharToMultiByte
0x414038 GetLastError
0x41403c CompareStringW
0x414040 CompareStringA
0x414044 AreFileApisANSI
0x414048 GetModuleFileNameA
0x41404c GetModuleFileNameW
0x414050 LocalFree
0x414054 FormatMessageA
0x414058 FormatMessageW
0x41405c GetWindowsDirectoryA
0x414060 SetFileAttributesA
0x414064 SetFileAttributesW
0x414068 RemoveDirectoryA
0x41406c RemoveDirectoryW
0x414070 CreateDirectoryA
0x414074 CreateDirectoryW
0x414078 DeleteFileA
0x41407c DeleteFileW
0x414080 GetShortPathNameA
0x414084 lstrlenA
0x414088 GetFullPathNameA
0x41408c GetFullPathNameW
0x414090 GetCurrentDirectoryA
0x414094 SetCurrentDirectoryA
0x414098 GetTempPathA
0x41409c GetTempFileNameA
0x4140a0 FindClose
0x4140a4 FindFirstFileA
0x4140a8 FindFirstFileW
0x4140ac SetLastError
0x4140b0 FindNextFileA
0x4140b4 CreateFileA
0x4140b8 CreateFileW
0x4140bc GetFileSize
0x4140c0 SetFilePointer
0x4140c4 ReadFile
0x4140c8 SetFileTime
0x4140cc WriteFile
0x4140d0 SetEndOfFile
0x4140d4 CreateEventA
0x4140d8 LeaveCriticalSection
0x4140dc EnterCriticalSection
0x4140e0 Sleep
0x4140e4 CreateProcessA
0x4140e8 GetCommandLineW
0x4140ec GetModuleHandleA
0x4140f0 GetStartupInfoA
USER32.dll
0x414170 DestroyWindow
0x414174 PostMessageA
0x414178 ShowWindow
0x41417c MessageBoxA
0x414180 KillTimer
0x414184 EndDialog
0x414188 SendMessageA
0x41418c GetDlgItem
0x414190 SetTimer
0x414194 MessageBoxW
0x414198 SetWindowTextW
0x41419c SetWindowTextA
0x4141a0 LoadStringW
0x4141a4 LoadStringA
0x4141a8 CharPrevA
0x4141ac DialogBoxParamA
0x4141b0 SetWindowLongA
0x4141b4 GetWindowLongA
OLEAUT32.dll
0x414164 SysAllocString
0x414168 VariantClear
MSVCRT.dll
0x4140f8 _controlfp
0x4140fc __set_app_type
0x414100 __p__fmode
0x414104 __p__commode
0x414108 _adjust_fdiv
0x41410c __setusermatherr
0x414110 _initterm
0x414114 __getmainargs
0x414118 _acmdln
0x41411c exit
0x414120 _XcptFilter
0x414124 _exit
0x414128 _onexit
0x41412c __dllonexit
0x414130 _except_handler3
0x414134 ??1type_info@@UAE@XZ
0x414138 memcpy
0x41413c free
0x414140 malloc
0x414144 memmove
0x414148 _purecall
0x41414c memcmp
0x414150 _CxxThrowException
0x414154 __CxxFrameHandler
0x414158 ??2@YAPAXI@Z
0x41415c ??3@YAXPAX@Z
EAT(Export Address Table) is none
COMCTL32.dll
0x414000 None
KERNEL32.dll
0x414008 DeleteCriticalSection
0x41400c InitializeCriticalSection
0x414010 CloseHandle
0x414014 WaitForMultipleObjects
0x414018 SetEvent
0x41401c CreateThread
0x414020 WaitForSingleObject
0x414024 ResetEvent
0x414028 VirtualAlloc
0x41402c VirtualFree
0x414030 MultiByteToWideChar
0x414034 WideCharToMultiByte
0x414038 GetLastError
0x41403c CompareStringW
0x414040 CompareStringA
0x414044 AreFileApisANSI
0x414048 GetModuleFileNameA
0x41404c GetModuleFileNameW
0x414050 LocalFree
0x414054 FormatMessageA
0x414058 FormatMessageW
0x41405c GetWindowsDirectoryA
0x414060 SetFileAttributesA
0x414064 SetFileAttributesW
0x414068 RemoveDirectoryA
0x41406c RemoveDirectoryW
0x414070 CreateDirectoryA
0x414074 CreateDirectoryW
0x414078 DeleteFileA
0x41407c DeleteFileW
0x414080 GetShortPathNameA
0x414084 lstrlenA
0x414088 GetFullPathNameA
0x41408c GetFullPathNameW
0x414090 GetCurrentDirectoryA
0x414094 SetCurrentDirectoryA
0x414098 GetTempPathA
0x41409c GetTempFileNameA
0x4140a0 FindClose
0x4140a4 FindFirstFileA
0x4140a8 FindFirstFileW
0x4140ac SetLastError
0x4140b0 FindNextFileA
0x4140b4 CreateFileA
0x4140b8 CreateFileW
0x4140bc GetFileSize
0x4140c0 SetFilePointer
0x4140c4 ReadFile
0x4140c8 SetFileTime
0x4140cc WriteFile
0x4140d0 SetEndOfFile
0x4140d4 CreateEventA
0x4140d8 LeaveCriticalSection
0x4140dc EnterCriticalSection
0x4140e0 Sleep
0x4140e4 CreateProcessA
0x4140e8 GetCommandLineW
0x4140ec GetModuleHandleA
0x4140f0 GetStartupInfoA
USER32.dll
0x414170 DestroyWindow
0x414174 PostMessageA
0x414178 ShowWindow
0x41417c MessageBoxA
0x414180 KillTimer
0x414184 EndDialog
0x414188 SendMessageA
0x41418c GetDlgItem
0x414190 SetTimer
0x414194 MessageBoxW
0x414198 SetWindowTextW
0x41419c SetWindowTextA
0x4141a0 LoadStringW
0x4141a4 LoadStringA
0x4141a8 CharPrevA
0x4141ac DialogBoxParamA
0x4141b0 SetWindowLongA
0x4141b4 GetWindowLongA
OLEAUT32.dll
0x414164 SysAllocString
0x414168 VariantClear
MSVCRT.dll
0x4140f8 _controlfp
0x4140fc __set_app_type
0x414100 __p__fmode
0x414104 __p__commode
0x414108 _adjust_fdiv
0x41410c __setusermatherr
0x414110 _initterm
0x414114 __getmainargs
0x414118 _acmdln
0x41411c exit
0x414120 _XcptFilter
0x414124 _exit
0x414128 _onexit
0x41412c __dllonexit
0x414130 _except_handler3
0x414134 ??1type_info@@UAE@XZ
0x414138 memcpy
0x41413c free
0x414140 malloc
0x414144 memmove
0x414148 _purecall
0x41414c memcmp
0x414150 _CxxThrowException
0x414154 __CxxFrameHandler
0x414158 ??2@YAPAXI@Z
0x41415c ??3@YAXPAX@Z
EAT(Export Address Table) is none