ScreenShot
Created | 2021.05.19 13:26 | Machine | s1_win7_x6401 |
Filename | wpp.exe | ||
Type | PE32+ executable (console) x86-64, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | 9 detected (malicious, high confidence, Ligooc, kcloud, Wacatac, score) | ||
md5 | 055c79de6e3f255beade0b35a0a2cd17 | ||
sha256 | f554be4d3d5b1f05f69038bbe54acb8e92ae5b0e45368e2108ecfde515dc8d9f | ||
ssdeep | 6144:o2LxzOXZIJTWJ8m1qCU31MoTr+hrq5j6iY7KlAKvUiuqdX6+y2VhIHgw+6MmCHF:o2LxzOXk/r+hrqIm5cibX5pd6ZCH | ||
imphash | 745d1f81ce1db8bf7ae2d87c703b5685 | ||
impfuzzy | 24:DG1pjyLdBVQjDMoIGcW8qtqOr4J3tvjSBZVJtRl82jMUQLtVdwxFHn:nDVQEKc58NcFjSPtRf6k1 |
Network IP location
Signature (6cnts)
Level | Description |
---|---|
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
notice | File has been identified by 9 AntiVirus engines on VirusTotal as malicious |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
info | One or more processes crashed |
info | This executable has a PDB path |
Rules (3cnts)
Level | Name | Description | Collection |
---|---|---|---|
info | IsPE64 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14001c010 HeapReAlloc
0x14001c018 HeapFree
0x14001c020 HeapSize
0x14001c028 GetProcessHeap
0x14001c030 FindResourceExW
0x14001c038 LoadResource
0x14001c040 LockResource
0x14001c048 SizeofResource
0x14001c050 FindResourceW
0x14001c058 CloseHandle
0x14001c060 SetEvent
0x14001c068 WaitForSingleObject
0x14001c070 CreateEventW
0x14001c078 HeapAlloc
0x14001c080 RaiseException
0x14001c088 GetLastError
0x14001c090 InitializeCriticalSectionEx
0x14001c098 DeleteCriticalSection
0x14001c0a0 HeapSetInformation
0x14001c0a8 ExitProcess
0x14001c0b0 GetModuleHandleA
0x14001c0b8 GetProcAddress
0x14001c0c0 lstrlenA
0x14001c0c8 MultiByteToWideChar
0x14001c0d0 FreeConsole
0x14001c0d8 WriteConsoleW
0x14001c0e0 SetStdHandle
0x14001c0e8 DecodePointer
0x14001c0f0 HeapDestroy
0x14001c0f8 LCMapStringW
0x14001c100 SetFilePointerEx
0x14001c108 GetStringTypeW
0x14001c110 ReadConsoleW
0x14001c118 ReadFile
0x14001c120 IsDebuggerPresent
0x14001c128 OutputDebugStringW
0x14001c130 EnterCriticalSection
0x14001c138 LeaveCriticalSection
0x14001c140 EncodePointer
0x14001c148 RtlPcToFileHeader
0x14001c150 RtlLookupFunctionEntry
0x14001c158 RtlUnwindEx
0x14001c160 GetCommandLineW
0x14001c168 GetModuleHandleExW
0x14001c170 WideCharToMultiByte
0x14001c178 IsProcessorFeaturePresent
0x14001c180 SetLastError
0x14001c188 GetCurrentThreadId
0x14001c190 GetStdHandle
0x14001c198 GetFileType
0x14001c1a0 GetStartupInfoW
0x14001c1a8 WriteFile
0x14001c1b0 GetModuleFileNameW
0x14001c1b8 QueryPerformanceCounter
0x14001c1c0 GetCurrentProcessId
0x14001c1c8 GetSystemTimeAsFileTime
0x14001c1d0 GetEnvironmentStringsW
0x14001c1d8 FreeEnvironmentStringsW
0x14001c1e0 RtlCaptureContext
0x14001c1e8 RtlVirtualUnwind
0x14001c1f0 UnhandledExceptionFilter
0x14001c1f8 SetUnhandledExceptionFilter
0x14001c200 InitializeCriticalSectionAndSpinCount
0x14001c208 Sleep
0x14001c210 GetCurrentProcess
0x14001c218 TerminateProcess
0x14001c220 TlsAlloc
0x14001c228 TlsGetValue
0x14001c230 TlsSetValue
0x14001c238 TlsFree
0x14001c240 GetModuleHandleW
0x14001c248 LoadLibraryExW
0x14001c250 IsValidCodePage
0x14001c258 GetACP
0x14001c260 GetOEMCP
0x14001c268 GetCPInfo
0x14001c270 FlushFileBuffers
0x14001c278 GetConsoleCP
0x14001c280 GetConsoleMode
0x14001c288 CreateFileW
COMDLG32.dll
0x14001c000 GetOpenFileNameW
ole32.dll
0x14001c2b8 CoTaskMemFree
0x14001c2c0 CoTaskMemAlloc
0x14001c2c8 PropVariantClear
0x14001c2d0 CoCreateInstance
0x14001c2d8 CoUninitialize
0x14001c2e0 CoInitializeEx
0x14001c2e8 StringFromGUID2
OLEAUT32.dll
0x14001c298 SysAllocStringLen
SHLWAPI.dll
0x14001c2a8 SHCreateStreamOnFileW
EAT(Export Address Table) is none
KERNEL32.dll
0x14001c010 HeapReAlloc
0x14001c018 HeapFree
0x14001c020 HeapSize
0x14001c028 GetProcessHeap
0x14001c030 FindResourceExW
0x14001c038 LoadResource
0x14001c040 LockResource
0x14001c048 SizeofResource
0x14001c050 FindResourceW
0x14001c058 CloseHandle
0x14001c060 SetEvent
0x14001c068 WaitForSingleObject
0x14001c070 CreateEventW
0x14001c078 HeapAlloc
0x14001c080 RaiseException
0x14001c088 GetLastError
0x14001c090 InitializeCriticalSectionEx
0x14001c098 DeleteCriticalSection
0x14001c0a0 HeapSetInformation
0x14001c0a8 ExitProcess
0x14001c0b0 GetModuleHandleA
0x14001c0b8 GetProcAddress
0x14001c0c0 lstrlenA
0x14001c0c8 MultiByteToWideChar
0x14001c0d0 FreeConsole
0x14001c0d8 WriteConsoleW
0x14001c0e0 SetStdHandle
0x14001c0e8 DecodePointer
0x14001c0f0 HeapDestroy
0x14001c0f8 LCMapStringW
0x14001c100 SetFilePointerEx
0x14001c108 GetStringTypeW
0x14001c110 ReadConsoleW
0x14001c118 ReadFile
0x14001c120 IsDebuggerPresent
0x14001c128 OutputDebugStringW
0x14001c130 EnterCriticalSection
0x14001c138 LeaveCriticalSection
0x14001c140 EncodePointer
0x14001c148 RtlPcToFileHeader
0x14001c150 RtlLookupFunctionEntry
0x14001c158 RtlUnwindEx
0x14001c160 GetCommandLineW
0x14001c168 GetModuleHandleExW
0x14001c170 WideCharToMultiByte
0x14001c178 IsProcessorFeaturePresent
0x14001c180 SetLastError
0x14001c188 GetCurrentThreadId
0x14001c190 GetStdHandle
0x14001c198 GetFileType
0x14001c1a0 GetStartupInfoW
0x14001c1a8 WriteFile
0x14001c1b0 GetModuleFileNameW
0x14001c1b8 QueryPerformanceCounter
0x14001c1c0 GetCurrentProcessId
0x14001c1c8 GetSystemTimeAsFileTime
0x14001c1d0 GetEnvironmentStringsW
0x14001c1d8 FreeEnvironmentStringsW
0x14001c1e0 RtlCaptureContext
0x14001c1e8 RtlVirtualUnwind
0x14001c1f0 UnhandledExceptionFilter
0x14001c1f8 SetUnhandledExceptionFilter
0x14001c200 InitializeCriticalSectionAndSpinCount
0x14001c208 Sleep
0x14001c210 GetCurrentProcess
0x14001c218 TerminateProcess
0x14001c220 TlsAlloc
0x14001c228 TlsGetValue
0x14001c230 TlsSetValue
0x14001c238 TlsFree
0x14001c240 GetModuleHandleW
0x14001c248 LoadLibraryExW
0x14001c250 IsValidCodePage
0x14001c258 GetACP
0x14001c260 GetOEMCP
0x14001c268 GetCPInfo
0x14001c270 FlushFileBuffers
0x14001c278 GetConsoleCP
0x14001c280 GetConsoleMode
0x14001c288 CreateFileW
COMDLG32.dll
0x14001c000 GetOpenFileNameW
ole32.dll
0x14001c2b8 CoTaskMemFree
0x14001c2c0 CoTaskMemAlloc
0x14001c2c8 PropVariantClear
0x14001c2d0 CoCreateInstance
0x14001c2d8 CoUninitialize
0x14001c2e0 CoInitializeEx
0x14001c2e8 StringFromGUID2
OLEAUT32.dll
0x14001c298 SysAllocStringLen
SHLWAPI.dll
0x14001c2a8 SHCreateStreamOnFileW
EAT(Export Address Table) is none