ScreenShot
| Created | 2021.04.05 13:25 | Machine | s1_win7_x6402 |
| Filename | phantom.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | c7845e1fc375b2edb666c547c83fb76e | ||
| sha256 | f72a2fd77ccffec0e2c9bf4570895a48942135778325d52ca2996f54d26a45c3 | ||
| ssdeep | 12288:+mMFa2DRucv5S7xdHpp2wmZEM1AU12E61K9NQFeZvk6L:Dca2DGnTO2E61kNQOvk6 | ||
| imphash | 74c8fac989671e15368b35a402c5961d | ||
| impfuzzy | 48:cOKuwgfzv6ptRVGjLcT0c0cTKd1mANZup2:NK9WvUtXGjLcT01cTG1m4I2 | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | IsPacked | Entropy Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x17b3008 OpenFile
0x17b300c WriteConsoleOutputCharacterA
0x17b3010 LoadResource
0x17b3014 SetWaitableTimer
0x17b3018 GetCurrentProcess
0x17b301c InitializeSListHead
0x17b3020 HeapFree
0x17b3024 GetModuleHandleExW
0x17b3028 GlobalLock
0x17b302c CancelWaitableTimer
0x17b3030 UnlockFile
0x17b3034 SetTapeParameters
0x17b3038 GetModuleHandleW
0x17b303c GetCompressedFileSizeW
0x17b3040 TzSpecificLocalTimeToSystemTime
0x17b3044 FindResourceExA
0x17b3048 GlobalFindAtomA
0x17b304c GetLocaleInfoW
0x17b3050 GetSystemTimeAdjustment
0x17b3054 GetFileAttributesW
0x17b3058 RemoveVectoredExceptionHandler
0x17b305c GetEnvironmentVariableA
0x17b3060 CompareStringW
0x17b3064 DisconnectNamedPipe
0x17b3068 GetConsoleAliasesW
0x17b306c SetLastError
0x17b3070 GetProcAddress
0x17b3074 EnumDateFormatsExA
0x17b3078 GetLocalTime
0x17b307c GetAtomNameA
0x17b3080 LocalAlloc
0x17b3084 VirtualLock
0x17b3088 AddAtomA
0x17b308c GlobalWire
0x17b3090 lstrcatW
0x17b3094 FatalExit
0x17b3098 GetFileTime
0x17b309c EnumCalendarInfoExA
0x17b30a0 LocalFree
0x17b30a4 LCMapStringW
0x17b30a8 GetTimeZoneInformation
0x17b30ac HeapReAlloc
0x17b30b0 UnhandledExceptionFilter
0x17b30b4 SetUnhandledExceptionFilter
0x17b30b8 TerminateProcess
0x17b30bc IsDebuggerPresent
0x17b30c0 GetLastError
0x17b30c4 HeapAlloc
0x17b30c8 GetCommandLineA
0x17b30cc GetStartupInfoA
0x17b30d0 RaiseException
0x17b30d4 RtlUnwind
0x17b30d8 Sleep
0x17b30dc ExitProcess
0x17b30e0 SetConsoleCtrlHandler
0x17b30e4 WriteFile
0x17b30e8 GetStdHandle
0x17b30ec GetModuleFileNameA
0x17b30f0 EnterCriticalSection
0x17b30f4 LeaveCriticalSection
0x17b30f8 TlsGetValue
0x17b30fc TlsAlloc
0x17b3100 TlsSetValue
0x17b3104 TlsFree
0x17b3108 InterlockedIncrement
0x17b310c GetCurrentThreadId
0x17b3110 InterlockedDecrement
0x17b3114 GetCurrentThread
0x17b3118 DeleteCriticalSection
0x17b311c FatalAppExitA
0x17b3120 HeapCreate
0x17b3124 HeapDestroy
0x17b3128 VirtualFree
0x17b312c VirtualAlloc
0x17b3130 FreeEnvironmentStringsA
0x17b3134 GetEnvironmentStrings
0x17b3138 FreeEnvironmentStringsW
0x17b313c WideCharToMultiByte
0x17b3140 GetEnvironmentStringsW
0x17b3144 SetHandleCount
0x17b3148 GetFileType
0x17b314c QueryPerformanceCounter
0x17b3150 GetTickCount
0x17b3154 GetCurrentProcessId
0x17b3158 GetSystemTimeAsFileTime
0x17b315c FreeLibrary
0x17b3160 InterlockedExchange
0x17b3164 LoadLibraryA
0x17b3168 InitializeCriticalSectionAndSpinCount
0x17b316c SetFilePointer
0x17b3170 GetConsoleCP
0x17b3174 GetConsoleMode
0x17b3178 GetCPInfo
0x17b317c GetACP
0x17b3180 GetOEMCP
0x17b3184 IsValidCodePage
0x17b3188 MultiByteToWideChar
0x17b318c CloseHandle
0x17b3190 CreateFileA
0x17b3194 HeapSize
0x17b3198 GetLocaleInfoA
0x17b319c SetStdHandle
0x17b31a0 WriteConsoleA
0x17b31a4 GetConsoleOutputCP
0x17b31a8 WriteConsoleW
0x17b31ac LCMapStringA
0x17b31b0 GetStringTypeA
0x17b31b4 GetStringTypeW
0x17b31b8 GetTimeFormatA
0x17b31bc GetDateFormatA
0x17b31c0 GetUserDefaultLCID
0x17b31c4 EnumSystemLocalesA
0x17b31c8 IsValidLocale
0x17b31cc FlushFileBuffers
0x17b31d0 ReadFile
0x17b31d4 SetEndOfFile
0x17b31d8 GetProcessHeap
0x17b31dc CompareStringA
0x17b31e0 SetEnvironmentVariableA
0x17b31e4 GetModuleHandleA
ADVAPI32.dll
0x17b3000 RegCreateKeyW
EAT(Export Address Table) Library
0x472370 Batman
0x472380 Candies
0x472360 Fobos
0x472350 OneMore
KERNEL32.dll
0x17b3008 OpenFile
0x17b300c WriteConsoleOutputCharacterA
0x17b3010 LoadResource
0x17b3014 SetWaitableTimer
0x17b3018 GetCurrentProcess
0x17b301c InitializeSListHead
0x17b3020 HeapFree
0x17b3024 GetModuleHandleExW
0x17b3028 GlobalLock
0x17b302c CancelWaitableTimer
0x17b3030 UnlockFile
0x17b3034 SetTapeParameters
0x17b3038 GetModuleHandleW
0x17b303c GetCompressedFileSizeW
0x17b3040 TzSpecificLocalTimeToSystemTime
0x17b3044 FindResourceExA
0x17b3048 GlobalFindAtomA
0x17b304c GetLocaleInfoW
0x17b3050 GetSystemTimeAdjustment
0x17b3054 GetFileAttributesW
0x17b3058 RemoveVectoredExceptionHandler
0x17b305c GetEnvironmentVariableA
0x17b3060 CompareStringW
0x17b3064 DisconnectNamedPipe
0x17b3068 GetConsoleAliasesW
0x17b306c SetLastError
0x17b3070 GetProcAddress
0x17b3074 EnumDateFormatsExA
0x17b3078 GetLocalTime
0x17b307c GetAtomNameA
0x17b3080 LocalAlloc
0x17b3084 VirtualLock
0x17b3088 AddAtomA
0x17b308c GlobalWire
0x17b3090 lstrcatW
0x17b3094 FatalExit
0x17b3098 GetFileTime
0x17b309c EnumCalendarInfoExA
0x17b30a0 LocalFree
0x17b30a4 LCMapStringW
0x17b30a8 GetTimeZoneInformation
0x17b30ac HeapReAlloc
0x17b30b0 UnhandledExceptionFilter
0x17b30b4 SetUnhandledExceptionFilter
0x17b30b8 TerminateProcess
0x17b30bc IsDebuggerPresent
0x17b30c0 GetLastError
0x17b30c4 HeapAlloc
0x17b30c8 GetCommandLineA
0x17b30cc GetStartupInfoA
0x17b30d0 RaiseException
0x17b30d4 RtlUnwind
0x17b30d8 Sleep
0x17b30dc ExitProcess
0x17b30e0 SetConsoleCtrlHandler
0x17b30e4 WriteFile
0x17b30e8 GetStdHandle
0x17b30ec GetModuleFileNameA
0x17b30f0 EnterCriticalSection
0x17b30f4 LeaveCriticalSection
0x17b30f8 TlsGetValue
0x17b30fc TlsAlloc
0x17b3100 TlsSetValue
0x17b3104 TlsFree
0x17b3108 InterlockedIncrement
0x17b310c GetCurrentThreadId
0x17b3110 InterlockedDecrement
0x17b3114 GetCurrentThread
0x17b3118 DeleteCriticalSection
0x17b311c FatalAppExitA
0x17b3120 HeapCreate
0x17b3124 HeapDestroy
0x17b3128 VirtualFree
0x17b312c VirtualAlloc
0x17b3130 FreeEnvironmentStringsA
0x17b3134 GetEnvironmentStrings
0x17b3138 FreeEnvironmentStringsW
0x17b313c WideCharToMultiByte
0x17b3140 GetEnvironmentStringsW
0x17b3144 SetHandleCount
0x17b3148 GetFileType
0x17b314c QueryPerformanceCounter
0x17b3150 GetTickCount
0x17b3154 GetCurrentProcessId
0x17b3158 GetSystemTimeAsFileTime
0x17b315c FreeLibrary
0x17b3160 InterlockedExchange
0x17b3164 LoadLibraryA
0x17b3168 InitializeCriticalSectionAndSpinCount
0x17b316c SetFilePointer
0x17b3170 GetConsoleCP
0x17b3174 GetConsoleMode
0x17b3178 GetCPInfo
0x17b317c GetACP
0x17b3180 GetOEMCP
0x17b3184 IsValidCodePage
0x17b3188 MultiByteToWideChar
0x17b318c CloseHandle
0x17b3190 CreateFileA
0x17b3194 HeapSize
0x17b3198 GetLocaleInfoA
0x17b319c SetStdHandle
0x17b31a0 WriteConsoleA
0x17b31a4 GetConsoleOutputCP
0x17b31a8 WriteConsoleW
0x17b31ac LCMapStringA
0x17b31b0 GetStringTypeA
0x17b31b4 GetStringTypeW
0x17b31b8 GetTimeFormatA
0x17b31bc GetDateFormatA
0x17b31c0 GetUserDefaultLCID
0x17b31c4 EnumSystemLocalesA
0x17b31c8 IsValidLocale
0x17b31cc FlushFileBuffers
0x17b31d0 ReadFile
0x17b31d4 SetEndOfFile
0x17b31d8 GetProcessHeap
0x17b31dc CompareStringA
0x17b31e0 SetEnvironmentVariableA
0x17b31e4 GetModuleHandleA
ADVAPI32.dll
0x17b3000 RegCreateKeyW
EAT(Export Address Table) Library
0x472370 Batman
0x472380 Candies
0x472360 Fobos
0x472350 OneMore