ScreenShot
| Created | 2021.05.31 09:21 | Machine | s1_win7_x6401 |
| Filename | filename.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 6196cc4ad4f0a19ace433c987b0fc94a | ||
| sha256 | b60b53c6fbea004b81e996720196321273df46c03ac71a5b89aa29a92c9fa23e | ||
| ssdeep | 12288:udj7zo+XZmoUXTQybSX9FwfuuxFhXp6QsuSrXPZi9CAyjaAkNpcxTq:udjrXZmoUEyuX3/urhXpY7MNpc1q | ||
| imphash | 95eaf4fd2fbe9d4cd7d4ba331c148b36 | ||
| impfuzzy | 48:BoiMAJX1zuXTuAg0gvEpBe2+fclO+VUaEGgtjzUcX+p+T:BxvX1zuXTlgn+Bd+fclDTEGgtjzUcOi | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x476000 GetComputerNameA
0x476004 FillConsoleOutputCharacterA
0x476008 GetPrivateProfileSectionNamesW
0x47600c GetFileSize
0x476010 SetPriorityClass
0x476014 WriteConsoleInputW
0x476018 lstrlenA
0x47601c TlsGetValue
0x476020 FindResourceExW
0x476024 SetConsoleTextAttribute
0x476028 SetEnvironmentVariableW
0x47602c GetModuleHandleExW
0x476030 SetComputerNameW
0x476034 AddConsoleAliasW
0x476038 CreateDirectoryExA
0x47603c CallNamedPipeW
0x476040 FreeEnvironmentStringsA
0x476044 GetCurrentThread
0x476048 GetConsoleAliasesLengthA
0x47604c EnumTimeFormatsA
0x476050 SetProcessPriorityBoost
0x476054 ActivateActCtx
0x476058 LoadLibraryW
0x47605c ReadConsoleInputA
0x476060 SetVolumeMountPointA
0x476064 GetVersionExW
0x476068 GetFileAttributesA
0x47606c SetConsoleMode
0x476070 WriteConsoleW
0x476074 WritePrivateProfileSectionW
0x476078 IsDBCSLeadByte
0x47607c CompareStringW
0x476080 SetThreadPriority
0x476084 VerifyVersionInfoW
0x476088 ReleaseActCtx
0x47608c SetCurrentDirectoryA
0x476090 SetThreadLocale
0x476094 GetStdHandle
0x476098 FindFirstFileExA
0x47609c GetHandleInformation
0x4760a0 GetLastError
0x4760a4 GetCurrentDirectoryW
0x4760a8 GetProcAddress
0x4760ac GetProcessHeaps
0x4760b0 MoveFileW
0x4760b4 CopyFileA
0x4760b8 SetStdHandle
0x4760bc LoadLibraryA
0x4760c0 OpenMutexA
0x4760c4 ProcessIdToSessionId
0x4760c8 OpenWaitableTimerW
0x4760cc LocalAlloc
0x4760d0 DnsHostnameToComputerNameA
0x4760d4 SetFileApisToANSI
0x4760d8 WriteProfileSectionW
0x4760dc AddAtomA
0x4760e0 GlobalWire
0x4760e4 SetConsoleCursorInfo
0x4760e8 DebugSetProcessKillOnExit
0x4760ec SetConsoleTitleW
0x4760f0 ContinueDebugEvent
0x4760f4 BuildCommDCBA
0x4760f8 VirtualProtect
0x4760fc CompareStringA
0x476100 SetProcessShutdownParameters
0x476104 OpenSemaphoreW
0x476108 GetVersionExA
0x47610c LocalSize
0x476110 FindAtomW
0x476114 GetWindowsDirectoryW
0x476118 FindActCtxSectionStringW
0x47611c ReadConsoleOutputCharacterW
0x476120 OpenFileMappingA
0x476124 GlobalReAlloc
0x476128 GetProfileSectionW
0x47612c CommConfigDialogW
0x476130 GetVolumeInformationW
0x476134 CloseHandle
0x476138 CreateFileW
0x47613c LCMapStringW
0x476140 InterlockedIncrement
0x476144 InterlockedDecrement
0x476148 InitializeCriticalSection
0x47614c DeleteCriticalSection
0x476150 EnterCriticalSection
0x476154 LeaveCriticalSection
0x476158 EncodePointer
0x47615c DecodePointer
0x476160 DeleteFileA
0x476164 GetModuleHandleW
0x476168 ExitProcess
0x47616c MultiByteToWideChar
0x476170 GetCommandLineA
0x476174 HeapSetInformation
0x476178 GetStartupInfoW
0x47617c GetModuleFileNameW
0x476180 HeapValidate
0x476184 IsBadReadPtr
0x476188 RaiseException
0x47618c RtlUnwind
0x476190 IsProcessorFeaturePresent
0x476194 TerminateProcess
0x476198 GetCurrentProcess
0x47619c UnhandledExceptionFilter
0x4761a0 SetUnhandledExceptionFilter
0x4761a4 IsDebuggerPresent
0x4761a8 InitializeCriticalSectionAndSpinCount
0x4761ac WriteFile
0x4761b0 GetACP
0x4761b4 GetOEMCP
0x4761b8 GetCPInfo
0x4761bc IsValidCodePage
0x4761c0 TlsAlloc
0x4761c4 TlsSetValue
0x4761c8 GetCurrentThreadId
0x4761cc TlsFree
0x4761d0 SetLastError
0x4761d4 QueryPerformanceCounter
0x4761d8 GetTickCount
0x4761dc GetCurrentProcessId
0x4761e0 GetSystemTimeAsFileTime
0x4761e4 GetModuleFileNameA
0x4761e8 FreeEnvironmentStringsW
0x4761ec WideCharToMultiByte
0x4761f0 GetEnvironmentStringsW
0x4761f4 SetHandleCount
0x4761f8 GetFileType
0x4761fc HeapCreate
0x476200 OutputDebugStringA
0x476204 OutputDebugStringW
0x476208 HeapAlloc
0x47620c HeapReAlloc
0x476210 HeapSize
0x476214 HeapQueryInformation
0x476218 HeapFree
0x47621c GetStringTypeW
0x476220 SetFilePointer
0x476224 GetConsoleCP
0x476228 GetConsoleMode
0x47622c FlushFileBuffers
USER32.dll
0x476234 GetComboBoxInfo
0x476238 GetMenuBarInfo
EAT(Export Address Table) is none
KERNEL32.dll
0x476000 GetComputerNameA
0x476004 FillConsoleOutputCharacterA
0x476008 GetPrivateProfileSectionNamesW
0x47600c GetFileSize
0x476010 SetPriorityClass
0x476014 WriteConsoleInputW
0x476018 lstrlenA
0x47601c TlsGetValue
0x476020 FindResourceExW
0x476024 SetConsoleTextAttribute
0x476028 SetEnvironmentVariableW
0x47602c GetModuleHandleExW
0x476030 SetComputerNameW
0x476034 AddConsoleAliasW
0x476038 CreateDirectoryExA
0x47603c CallNamedPipeW
0x476040 FreeEnvironmentStringsA
0x476044 GetCurrentThread
0x476048 GetConsoleAliasesLengthA
0x47604c EnumTimeFormatsA
0x476050 SetProcessPriorityBoost
0x476054 ActivateActCtx
0x476058 LoadLibraryW
0x47605c ReadConsoleInputA
0x476060 SetVolumeMountPointA
0x476064 GetVersionExW
0x476068 GetFileAttributesA
0x47606c SetConsoleMode
0x476070 WriteConsoleW
0x476074 WritePrivateProfileSectionW
0x476078 IsDBCSLeadByte
0x47607c CompareStringW
0x476080 SetThreadPriority
0x476084 VerifyVersionInfoW
0x476088 ReleaseActCtx
0x47608c SetCurrentDirectoryA
0x476090 SetThreadLocale
0x476094 GetStdHandle
0x476098 FindFirstFileExA
0x47609c GetHandleInformation
0x4760a0 GetLastError
0x4760a4 GetCurrentDirectoryW
0x4760a8 GetProcAddress
0x4760ac GetProcessHeaps
0x4760b0 MoveFileW
0x4760b4 CopyFileA
0x4760b8 SetStdHandle
0x4760bc LoadLibraryA
0x4760c0 OpenMutexA
0x4760c4 ProcessIdToSessionId
0x4760c8 OpenWaitableTimerW
0x4760cc LocalAlloc
0x4760d0 DnsHostnameToComputerNameA
0x4760d4 SetFileApisToANSI
0x4760d8 WriteProfileSectionW
0x4760dc AddAtomA
0x4760e0 GlobalWire
0x4760e4 SetConsoleCursorInfo
0x4760e8 DebugSetProcessKillOnExit
0x4760ec SetConsoleTitleW
0x4760f0 ContinueDebugEvent
0x4760f4 BuildCommDCBA
0x4760f8 VirtualProtect
0x4760fc CompareStringA
0x476100 SetProcessShutdownParameters
0x476104 OpenSemaphoreW
0x476108 GetVersionExA
0x47610c LocalSize
0x476110 FindAtomW
0x476114 GetWindowsDirectoryW
0x476118 FindActCtxSectionStringW
0x47611c ReadConsoleOutputCharacterW
0x476120 OpenFileMappingA
0x476124 GlobalReAlloc
0x476128 GetProfileSectionW
0x47612c CommConfigDialogW
0x476130 GetVolumeInformationW
0x476134 CloseHandle
0x476138 CreateFileW
0x47613c LCMapStringW
0x476140 InterlockedIncrement
0x476144 InterlockedDecrement
0x476148 InitializeCriticalSection
0x47614c DeleteCriticalSection
0x476150 EnterCriticalSection
0x476154 LeaveCriticalSection
0x476158 EncodePointer
0x47615c DecodePointer
0x476160 DeleteFileA
0x476164 GetModuleHandleW
0x476168 ExitProcess
0x47616c MultiByteToWideChar
0x476170 GetCommandLineA
0x476174 HeapSetInformation
0x476178 GetStartupInfoW
0x47617c GetModuleFileNameW
0x476180 HeapValidate
0x476184 IsBadReadPtr
0x476188 RaiseException
0x47618c RtlUnwind
0x476190 IsProcessorFeaturePresent
0x476194 TerminateProcess
0x476198 GetCurrentProcess
0x47619c UnhandledExceptionFilter
0x4761a0 SetUnhandledExceptionFilter
0x4761a4 IsDebuggerPresent
0x4761a8 InitializeCriticalSectionAndSpinCount
0x4761ac WriteFile
0x4761b0 GetACP
0x4761b4 GetOEMCP
0x4761b8 GetCPInfo
0x4761bc IsValidCodePage
0x4761c0 TlsAlloc
0x4761c4 TlsSetValue
0x4761c8 GetCurrentThreadId
0x4761cc TlsFree
0x4761d0 SetLastError
0x4761d4 QueryPerformanceCounter
0x4761d8 GetTickCount
0x4761dc GetCurrentProcessId
0x4761e0 GetSystemTimeAsFileTime
0x4761e4 GetModuleFileNameA
0x4761e8 FreeEnvironmentStringsW
0x4761ec WideCharToMultiByte
0x4761f0 GetEnvironmentStringsW
0x4761f4 SetHandleCount
0x4761f8 GetFileType
0x4761fc HeapCreate
0x476200 OutputDebugStringA
0x476204 OutputDebugStringW
0x476208 HeapAlloc
0x47620c HeapReAlloc
0x476210 HeapSize
0x476214 HeapQueryInformation
0x476218 HeapFree
0x47621c GetStringTypeW
0x476220 SetFilePointer
0x476224 GetConsoleCP
0x476228 GetConsoleMode
0x47622c FlushFileBuffers
USER32.dll
0x476234 GetComboBoxInfo
0x476238 GetMenuBarInfo
EAT(Export Address Table) is none