ScreenShot
| Created | 2021.04.23 18:47 | Machine | s1_win7_x6401 |
| Filename | build.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 6635fb0d8619a28254c14f16c8f52bc3 | ||
| sha256 | a0f86b221315031395511a0f54f29a14af07426c325a17c655bdca52e446e61c | ||
| ssdeep | 12288:goXEuOj+fsDPJid8HoLCBLQO0C8pf/HFO7YNpbxWwd2hSRwh7mcC:ggExqfsD0OHICVCdvFO7YVh06wh7mc | ||
| imphash | 23f1e68344716b56a4d1f4cc32903797 | ||
| impfuzzy | 24:An9zbkM+fNxhO4bCcDLpg8TnPOovEG3tmkJ3ITQFQ8Ryv9gRTNxOayTqdbplyjMV:cgLTRDmVG3thy398xvHd1ONZv+pC0 | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | IsPacked | Entropy Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | Library_Malware_Zero | Library Malware | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x3df0000 GetModuleHandleExA
0x3df0004 GetLocaleInfoA
0x3df0008 MapViewOfFile
0x3df000c FindResourceExW
0x3df0010 FindResourceW
0x3df0014 FreeLibrary
0x3df0018 LoadLibraryExW
0x3df001c InterlockedIncrement
0x3df0020 GetConsoleAliasA
0x3df0024 SetConsoleScreenBufferSize
0x3df0028 ConnectNamedPipe
0x3df002c GetModuleHandleW
0x3df0030 SetFileTime
0x3df0034 TzSpecificLocalTimeToSystemTime
0x3df0038 GlobalAlloc
0x3df003c SizeofResource
0x3df0040 GetSystemTimeAdjustment
0x3df0044 GetFileAttributesA
0x3df0048 SetTimeZoneInformation
0x3df004c TerminateProcess
0x3df0050 GetAtomNameW
0x3df0054 GlobalUnlock
0x3df0058 LCMapStringA
0x3df005c GetConsoleOutputCP
0x3df0060 GetLastError
0x3df0064 GetProcAddress
0x3df0068 OpenWaitableTimerW
0x3df006c FindAtomA
0x3df0070 GlobalFindAtomW
0x3df0074 lstrcatW
0x3df0078 FileTimeToLocalFileTime
0x3df007c GetCurrentProcessId
0x3df0080 GetCommandLineA
0x3df0084 GetStartupInfoA
0x3df0088 RaiseException
0x3df008c RtlUnwind
0x3df0090 GetCurrentProcess
0x3df0094 UnhandledExceptionFilter
0x3df0098 SetUnhandledExceptionFilter
0x3df009c IsDebuggerPresent
0x3df00a0 HeapAlloc
0x3df00a4 HeapFree
0x3df00a8 TlsGetValue
0x3df00ac TlsAlloc
0x3df00b0 TlsSetValue
0x3df00b4 TlsFree
0x3df00b8 SetLastError
0x3df00bc GetCurrentThreadId
0x3df00c0 InterlockedDecrement
0x3df00c4 GetCurrentThread
0x3df00c8 Sleep
0x3df00cc HeapSize
0x3df00d0 ExitProcess
0x3df00d4 WriteFile
0x3df00d8 GetStdHandle
0x3df00dc GetModuleFileNameA
0x3df00e0 FreeEnvironmentStringsA
0x3df00e4 GetEnvironmentStrings
0x3df00e8 FreeEnvironmentStringsW
0x3df00ec WideCharToMultiByte
0x3df00f0 GetEnvironmentStringsW
0x3df00f4 SetHandleCount
0x3df00f8 GetFileType
0x3df00fc DeleteCriticalSection
0x3df0100 HeapCreate
0x3df0104 HeapDestroy
0x3df0108 VirtualFree
0x3df010c QueryPerformanceCounter
0x3df0110 GetTickCount
0x3df0114 GetSystemTimeAsFileTime
0x3df0118 LeaveCriticalSection
0x3df011c FatalAppExitA
0x3df0120 EnterCriticalSection
0x3df0124 VirtualAlloc
0x3df0128 HeapReAlloc
0x3df012c GetCPInfo
0x3df0130 GetACP
0x3df0134 GetOEMCP
0x3df0138 IsValidCodePage
0x3df013c SetConsoleCtrlHandler
0x3df0140 InterlockedExchange
0x3df0144 LoadLibraryA
0x3df0148 InitializeCriticalSectionAndSpinCount
0x3df014c SetFilePointer
0x3df0150 GetConsoleCP
0x3df0154 GetConsoleMode
0x3df0158 MultiByteToWideChar
0x3df015c GetTimeFormatA
0x3df0160 GetDateFormatA
0x3df0164 GetUserDefaultLCID
0x3df0168 EnumSystemLocalesA
0x3df016c IsValidLocale
0x3df0170 GetStringTypeA
0x3df0174 GetStringTypeW
0x3df0178 LCMapStringW
0x3df017c GetLocaleInfoW
0x3df0180 SetStdHandle
0x3df0184 WriteConsoleA
0x3df0188 WriteConsoleW
0x3df018c GetTimeZoneInformation
0x3df0190 CreateFileA
0x3df0194 CloseHandle
0x3df0198 FlushFileBuffers
0x3df019c CompareStringA
0x3df01a0 CompareStringW
0x3df01a4 SetEnvironmentVariableA
0x3df01a8 GetModuleHandleA
EAT(Export Address Table) is none
KERNEL32.dll
0x3df0000 GetModuleHandleExA
0x3df0004 GetLocaleInfoA
0x3df0008 MapViewOfFile
0x3df000c FindResourceExW
0x3df0010 FindResourceW
0x3df0014 FreeLibrary
0x3df0018 LoadLibraryExW
0x3df001c InterlockedIncrement
0x3df0020 GetConsoleAliasA
0x3df0024 SetConsoleScreenBufferSize
0x3df0028 ConnectNamedPipe
0x3df002c GetModuleHandleW
0x3df0030 SetFileTime
0x3df0034 TzSpecificLocalTimeToSystemTime
0x3df0038 GlobalAlloc
0x3df003c SizeofResource
0x3df0040 GetSystemTimeAdjustment
0x3df0044 GetFileAttributesA
0x3df0048 SetTimeZoneInformation
0x3df004c TerminateProcess
0x3df0050 GetAtomNameW
0x3df0054 GlobalUnlock
0x3df0058 LCMapStringA
0x3df005c GetConsoleOutputCP
0x3df0060 GetLastError
0x3df0064 GetProcAddress
0x3df0068 OpenWaitableTimerW
0x3df006c FindAtomA
0x3df0070 GlobalFindAtomW
0x3df0074 lstrcatW
0x3df0078 FileTimeToLocalFileTime
0x3df007c GetCurrentProcessId
0x3df0080 GetCommandLineA
0x3df0084 GetStartupInfoA
0x3df0088 RaiseException
0x3df008c RtlUnwind
0x3df0090 GetCurrentProcess
0x3df0094 UnhandledExceptionFilter
0x3df0098 SetUnhandledExceptionFilter
0x3df009c IsDebuggerPresent
0x3df00a0 HeapAlloc
0x3df00a4 HeapFree
0x3df00a8 TlsGetValue
0x3df00ac TlsAlloc
0x3df00b0 TlsSetValue
0x3df00b4 TlsFree
0x3df00b8 SetLastError
0x3df00bc GetCurrentThreadId
0x3df00c0 InterlockedDecrement
0x3df00c4 GetCurrentThread
0x3df00c8 Sleep
0x3df00cc HeapSize
0x3df00d0 ExitProcess
0x3df00d4 WriteFile
0x3df00d8 GetStdHandle
0x3df00dc GetModuleFileNameA
0x3df00e0 FreeEnvironmentStringsA
0x3df00e4 GetEnvironmentStrings
0x3df00e8 FreeEnvironmentStringsW
0x3df00ec WideCharToMultiByte
0x3df00f0 GetEnvironmentStringsW
0x3df00f4 SetHandleCount
0x3df00f8 GetFileType
0x3df00fc DeleteCriticalSection
0x3df0100 HeapCreate
0x3df0104 HeapDestroy
0x3df0108 VirtualFree
0x3df010c QueryPerformanceCounter
0x3df0110 GetTickCount
0x3df0114 GetSystemTimeAsFileTime
0x3df0118 LeaveCriticalSection
0x3df011c FatalAppExitA
0x3df0120 EnterCriticalSection
0x3df0124 VirtualAlloc
0x3df0128 HeapReAlloc
0x3df012c GetCPInfo
0x3df0130 GetACP
0x3df0134 GetOEMCP
0x3df0138 IsValidCodePage
0x3df013c SetConsoleCtrlHandler
0x3df0140 InterlockedExchange
0x3df0144 LoadLibraryA
0x3df0148 InitializeCriticalSectionAndSpinCount
0x3df014c SetFilePointer
0x3df0150 GetConsoleCP
0x3df0154 GetConsoleMode
0x3df0158 MultiByteToWideChar
0x3df015c GetTimeFormatA
0x3df0160 GetDateFormatA
0x3df0164 GetUserDefaultLCID
0x3df0168 EnumSystemLocalesA
0x3df016c IsValidLocale
0x3df0170 GetStringTypeA
0x3df0174 GetStringTypeW
0x3df0178 LCMapStringW
0x3df017c GetLocaleInfoW
0x3df0180 SetStdHandle
0x3df0184 WriteConsoleA
0x3df0188 WriteConsoleW
0x3df018c GetTimeZoneInformation
0x3df0190 CreateFileA
0x3df0194 CloseHandle
0x3df0198 FlushFileBuffers
0x3df019c CompareStringA
0x3df01a0 CompareStringW
0x3df01a4 SetEnvironmentVariableA
0x3df01a8 GetModuleHandleA
EAT(Export Address Table) is none