ScreenShot
Created | 2021.06.24 23:48 | Machine | s1_win7_x6402 |
Filename | ServiceCore.dll | ||
Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | |||
md5 | 0a32af7486ad37209fbef9b5789901e8 | ||
sha256 | 74d8b45093a2d8e5ae83f5555512f3053d55c9988857d7d1592dce38bf0206ba | ||
ssdeep | 3072:iNKTHJrsNCZ1rAQPCzXxk/cwETKJJlnv1SwGNXBP3pcwP751Pn9s3PEC/wsIYY:iNsNzrAGf/zVJJ9dSwMvSwP751P9+r/e | ||
imphash | 887fc64595c8150673cb552e85f12541 | ||
impfuzzy | 3:swBJAEPwS9KTXzhAXwEQaxRAAbsEBJJ67EGVI9CROXBFaA+vrLQVn:dBJAEHGDzyRlbRmVHRgB5+v4V |
Network IP location
Signature (6cnts)
Level | Description |
---|---|
watch | Communicates with host for which no DNS query was performed |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
notice | The executable is compressed using UPX |
info | Checks if process is being debugged by a debugger |
info | One or more processes crashed |
Rules (3cnts)
Level | Name | Description | Collection |
---|---|---|---|
info | IsDLL | (no description) | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.DLL
0x10070240 LoadLibraryA
0x10070244 GetProcAddress
0x10070248 VirtualProtect
0x1007024c VirtualAlloc
0x10070250 VirtualFree
ADVAPI32.dll
0x10070258 RegCloseKey
USER32.dll
0x10070260 ShowWindow
WS2_32.dll
0x10070268 WSACleanup
EAT(Export Address Table) Library
0x100017b0 GetInfo
0x10001750 GetPBData
0x10001d40 JumpLogin
0x10001da0 JumpLoginEx
0x100014a0 RunService
0x100015f0 RunServiceEx
0x10001a00 SetInfo
KERNEL32.DLL
0x10070240 LoadLibraryA
0x10070244 GetProcAddress
0x10070248 VirtualProtect
0x1007024c VirtualAlloc
0x10070250 VirtualFree
ADVAPI32.dll
0x10070258 RegCloseKey
USER32.dll
0x10070260 ShowWindow
WS2_32.dll
0x10070268 WSACleanup
EAT(Export Address Table) Library
0x100017b0 GetInfo
0x10001750 GetPBData
0x10001d40 JumpLogin
0x10001da0 JumpLoginEx
0x100014a0 RunService
0x100015f0 RunServiceEx
0x10001a00 SetInfo