ScreenShot
| Created | 2021.04.18 13:32 | Machine | s1_win7_x6402 |
| Filename | 360ServerNet.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 3 detected (Malicious, score, InvalidSig, confidence) | ||
| md5 | d6eeb868200cb461e5d0357555c56b76 | ||
| sha256 | b0ba4d8778418f225625c124381273009cc812eb02d50490b20c5c4944861221 | ||
| ssdeep | 3072:zzb9Pkq3c/XD9xcFaXR6ewALS3MlX7hSYjLZTyZr+ICG59r:zi1/XJxxR6eoASYpTyzd9r | ||
| imphash | 763d07df432808de6b6b5ce8b50011e1 | ||
| impfuzzy | 24:la1JMUT402tMS17BgdlJeDc+pl3eDoro0OovbOIURZHu93vFgmOyPpzATCjx6:+otMS17Bgic+ppX+3ySabjI | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | Queries information on disks |
| notice | File has been identified by 3 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| info | Checks amount of memory in system |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (10cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasDigitalSignature | DigitalSignature Check | binaries (upload) |
| info | HasOverlay | Overlay Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | Str_Win32_Winsock2_Library | Match Winsock 2 API library declaration | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140012010 VirtualAlloc
0x140012018 CreateFileW
0x140012020 CreateToolhelp32Snapshot
0x140012028 Sleep
0x140012030 Process32NextW
0x140012038 Process32FirstW
0x140012040 DeviceIoControl
0x140012048 HeapAlloc
0x140012050 GetProcessHeap
0x140012058 GlobalMemoryStatusEx
0x140012060 WriteConsoleW
0x140012068 CloseHandle
0x140012070 GetSystemInfo
0x140012078 FindFirstFileW
0x140012080 SetFilePointerEx
0x140012088 GetConsoleMode
0x140012090 GetConsoleCP
0x140012098 FlushFileBuffers
0x1400120a0 HeapReAlloc
0x1400120a8 HeapSize
0x1400120b0 LCMapStringW
0x1400120b8 CompareStringW
0x1400120c0 RtlCaptureContext
0x1400120c8 RtlLookupFunctionEntry
0x1400120d0 RtlVirtualUnwind
0x1400120d8 UnhandledExceptionFilter
0x1400120e0 SetUnhandledExceptionFilter
0x1400120e8 GetCurrentProcess
0x1400120f0 TerminateProcess
0x1400120f8 IsProcessorFeaturePresent
0x140012100 QueryPerformanceCounter
0x140012108 GetCurrentProcessId
0x140012110 GetCurrentThreadId
0x140012118 GetSystemTimeAsFileTime
0x140012120 InitializeSListHead
0x140012128 IsDebuggerPresent
0x140012130 GetStartupInfoW
0x140012138 GetModuleHandleW
0x140012140 RtlUnwindEx
0x140012148 RtlPcToFileHeader
0x140012150 RaiseException
0x140012158 GetLastError
0x140012160 SetLastError
0x140012168 EncodePointer
0x140012170 EnterCriticalSection
0x140012178 LeaveCriticalSection
0x140012180 DeleteCriticalSection
0x140012188 InitializeCriticalSectionAndSpinCount
0x140012190 TlsAlloc
0x140012198 TlsGetValue
0x1400121a0 TlsSetValue
0x1400121a8 TlsFree
0x1400121b0 FreeLibrary
0x1400121b8 GetProcAddress
0x1400121c0 LoadLibraryExW
0x1400121c8 ExitProcess
0x1400121d0 GetModuleHandleExW
0x1400121d8 GetStdHandle
0x1400121e0 WriteFile
0x1400121e8 GetModuleFileNameW
0x1400121f0 GetCommandLineA
0x1400121f8 GetCommandLineW
0x140012200 HeapFree
0x140012208 FindClose
0x140012210 FindFirstFileExW
0x140012218 FindNextFileW
0x140012220 IsValidCodePage
0x140012228 GetACP
0x140012230 GetOEMCP
0x140012238 GetCPInfo
0x140012240 MultiByteToWideChar
0x140012248 WideCharToMultiByte
0x140012250 GetEnvironmentStringsW
0x140012258 FreeEnvironmentStringsW
0x140012260 SetEnvironmentVariableW
0x140012268 SetStdHandle
0x140012270 GetFileType
0x140012278 GetStringTypeW
USER32.dll
0x1400122a8 CharUpperW
ADVAPI32.dll
0x140012000 RegOpenKeyExW
WS2_32.dll
0x1400122b8 socket
0x1400122c0 connect
0x1400122c8 recv
0x1400122d0 htons
0x1400122d8 WSACleanup
0x1400122e0 WSAStartup
0x1400122e8 gethostbyname
0x1400122f0 send
SETUPAPI.dll
0x140012288 SetupDiGetClassDevsA
0x140012290 SetupDiEnumDeviceInfo
0x140012298 SetupDiGetDeviceRegistryPropertyW
EAT(Export Address Table) is none
KERNEL32.dll
0x140012010 VirtualAlloc
0x140012018 CreateFileW
0x140012020 CreateToolhelp32Snapshot
0x140012028 Sleep
0x140012030 Process32NextW
0x140012038 Process32FirstW
0x140012040 DeviceIoControl
0x140012048 HeapAlloc
0x140012050 GetProcessHeap
0x140012058 GlobalMemoryStatusEx
0x140012060 WriteConsoleW
0x140012068 CloseHandle
0x140012070 GetSystemInfo
0x140012078 FindFirstFileW
0x140012080 SetFilePointerEx
0x140012088 GetConsoleMode
0x140012090 GetConsoleCP
0x140012098 FlushFileBuffers
0x1400120a0 HeapReAlloc
0x1400120a8 HeapSize
0x1400120b0 LCMapStringW
0x1400120b8 CompareStringW
0x1400120c0 RtlCaptureContext
0x1400120c8 RtlLookupFunctionEntry
0x1400120d0 RtlVirtualUnwind
0x1400120d8 UnhandledExceptionFilter
0x1400120e0 SetUnhandledExceptionFilter
0x1400120e8 GetCurrentProcess
0x1400120f0 TerminateProcess
0x1400120f8 IsProcessorFeaturePresent
0x140012100 QueryPerformanceCounter
0x140012108 GetCurrentProcessId
0x140012110 GetCurrentThreadId
0x140012118 GetSystemTimeAsFileTime
0x140012120 InitializeSListHead
0x140012128 IsDebuggerPresent
0x140012130 GetStartupInfoW
0x140012138 GetModuleHandleW
0x140012140 RtlUnwindEx
0x140012148 RtlPcToFileHeader
0x140012150 RaiseException
0x140012158 GetLastError
0x140012160 SetLastError
0x140012168 EncodePointer
0x140012170 EnterCriticalSection
0x140012178 LeaveCriticalSection
0x140012180 DeleteCriticalSection
0x140012188 InitializeCriticalSectionAndSpinCount
0x140012190 TlsAlloc
0x140012198 TlsGetValue
0x1400121a0 TlsSetValue
0x1400121a8 TlsFree
0x1400121b0 FreeLibrary
0x1400121b8 GetProcAddress
0x1400121c0 LoadLibraryExW
0x1400121c8 ExitProcess
0x1400121d0 GetModuleHandleExW
0x1400121d8 GetStdHandle
0x1400121e0 WriteFile
0x1400121e8 GetModuleFileNameW
0x1400121f0 GetCommandLineA
0x1400121f8 GetCommandLineW
0x140012200 HeapFree
0x140012208 FindClose
0x140012210 FindFirstFileExW
0x140012218 FindNextFileW
0x140012220 IsValidCodePage
0x140012228 GetACP
0x140012230 GetOEMCP
0x140012238 GetCPInfo
0x140012240 MultiByteToWideChar
0x140012248 WideCharToMultiByte
0x140012250 GetEnvironmentStringsW
0x140012258 FreeEnvironmentStringsW
0x140012260 SetEnvironmentVariableW
0x140012268 SetStdHandle
0x140012270 GetFileType
0x140012278 GetStringTypeW
USER32.dll
0x1400122a8 CharUpperW
ADVAPI32.dll
0x140012000 RegOpenKeyExW
WS2_32.dll
0x1400122b8 socket
0x1400122c0 connect
0x1400122c8 recv
0x1400122d0 htons
0x1400122d8 WSACleanup
0x1400122e0 WSAStartup
0x1400122e8 gethostbyname
0x1400122f0 send
SETUPAPI.dll
0x140012288 SetupDiGetClassDevsA
0x140012290 SetupDiEnumDeviceInfo
0x140012298 SetupDiGetDeviceRegistryPropertyW
EAT(Export Address Table) is none