ScreenShot
| Created | 2021.06.24 23:55 | Machine | s1_win7_x6402 |
| Filename | sefile.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 8b78fa29a8b90f35bcfad36b2b7da0fc | ||
| sha256 | e02708a80ed09561ab4247859b0e9d749eecde1bae4855e6d4837c1dd849bab1 | ||
| ssdeep | 12288:TDyo4DUYTpTVqDpQPn11JGT+7eyAZFpXAdf+e:Co8UYVVVnnJGMwM+e | ||
| imphash | 8e7bfbaa758514d278c068fc8527d288 | ||
| impfuzzy | 48:RK1bODAYmpdbXAZ0alpoX/OQ9YKOUaE8cRhV8+opeLXvGBg:xEvzbXAOavoX/+KaE8cRhV8+2eLXB | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x446000 SetVolumeLabelA
0x446004 GetFileSize
0x446008 SearchPathW
0x44600c WriteConsoleInputW
0x446010 TlsGetValue
0x446014 GetProfileIntW
0x446018 MapUserPhysicalPages
0x44601c LoadResource
0x446020 InterlockedIncrement
0x446024 InterlockedDecrement
0x446028 ScrollConsoleScreenBufferW
0x44602c CreateDirectoryW
0x446030 GetComputerNameW
0x446034 GetCommProperties
0x446038 FreeEnvironmentStringsA
0x44603c GetProcessPriorityBoost
0x446040 GetModuleHandleW
0x446044 CreateNamedPipeW
0x446048 LocalFlags
0x44604c GetConsoleAliasesLengthA
0x446050 GetPrivateProfileStringW
0x446054 GetWindowsDirectoryA
0x446058 WriteFile
0x44605c SetCommState
0x446060 GetCommandLineA
0x446064 GetSystemWow64DirectoryA
0x446068 WriteFileGather
0x44606c CreateDirectoryExW
0x446070 FindResourceExA
0x446074 GlobalAlloc
0x446078 LoadLibraryW
0x44607c GetConsoleMode
0x446080 GetCalendarInfoA
0x446084 SetSystemTimeAdjustment
0x446088 GetSystemWindowsDirectoryA
0x44608c SetConsoleCursorPosition
0x446090 VerifyVersionInfoA
0x446094 TerminateProcess
0x446098 IsDBCSLeadByte
0x44609c GetBinaryTypeW
0x4460a0 GetOverlappedResult
0x4460a4 lstrlenW
0x4460a8 SetConsoleTitleA
0x4460ac GlobalUnlock
0x4460b0 LCMapStringA
0x4460b4 GetConsoleOutputCP
0x4460b8 InterlockedExchange
0x4460bc ReleaseActCtx
0x4460c0 SetThreadLocale
0x4460c4 GetProcAddress
0x4460c8 SetComputerNameA
0x4460cc EnterCriticalSection
0x4460d0 SearchPathA
0x4460d4 BuildCommDCBW
0x4460d8 GetLocalTime
0x4460dc OpenWaitableTimerW
0x4460e0 GetConsoleScreenBufferInfo
0x4460e4 IsSystemResumeAutomatic
0x4460e8 SetConsoleCtrlHandler
0x4460ec WriteProfileSectionW
0x4460f0 FindAtomA
0x4460f4 GetTapeParameters
0x4460f8 EnumResourceTypesW
0x4460fc SetConsoleCursorInfo
0x446100 GetConsoleTitleW
0x446104 GetCurrentDirectoryA
0x446108 CompareStringA
0x44610c GetConsoleCursorInfo
0x446110 SetThreadAffinityMask
0x446114 GetVersionExA
0x446118 DeleteFileW
0x44611c InterlockedPushEntrySList
0x446120 GetProfileSectionW
0x446124 CopyFileExA
0x446128 AreFileApisANSI
0x44612c GetVolumeInformationW
0x446130 FlushFileBuffers
0x446134 GetModuleHandleA
0x446138 GetLastError
0x44613c DeleteFileA
0x446140 GetStartupInfoA
0x446144 HeapValidate
0x446148 IsBadReadPtr
0x44614c RaiseException
0x446150 DeleteCriticalSection
0x446154 LeaveCriticalSection
0x446158 GetModuleFileNameW
0x44615c SetUnhandledExceptionFilter
0x446160 QueryPerformanceCounter
0x446164 GetTickCount
0x446168 GetCurrentThreadId
0x44616c GetCurrentProcessId
0x446170 GetSystemTimeAsFileTime
0x446174 Sleep
0x446178 ExitProcess
0x44617c GetModuleFileNameA
0x446180 GetEnvironmentStrings
0x446184 FreeEnvironmentStringsW
0x446188 WideCharToMultiByte
0x44618c GetEnvironmentStringsW
0x446190 SetHandleCount
0x446194 GetStdHandle
0x446198 GetFileType
0x44619c TlsAlloc
0x4461a0 TlsSetValue
0x4461a4 TlsFree
0x4461a8 SetLastError
0x4461ac HeapDestroy
0x4461b0 HeapCreate
0x4461b4 HeapFree
0x4461b8 VirtualFree
0x4461bc HeapAlloc
0x4461c0 GetCurrentProcess
0x4461c4 UnhandledExceptionFilter
0x4461c8 IsDebuggerPresent
0x4461cc HeapSize
0x4461d0 HeapReAlloc
0x4461d4 VirtualAlloc
0x4461d8 GetACP
0x4461dc GetOEMCP
0x4461e0 GetCPInfo
0x4461e4 IsValidCodePage
0x4461e8 RtlUnwind
0x4461ec InitializeCriticalSectionAndSpinCount
0x4461f0 DebugBreak
0x4461f4 OutputDebugStringA
0x4461f8 WriteConsoleW
0x4461fc OutputDebugStringW
0x446200 LoadLibraryA
0x446204 MultiByteToWideChar
0x446208 LCMapStringW
0x44620c GetStringTypeA
0x446210 GetStringTypeW
0x446214 GetLocaleInfoA
0x446218 SetFilePointer
0x44621c GetConsoleCP
0x446220 SetStdHandle
0x446224 WriteConsoleA
0x446228 CreateFileA
0x44622c CloseHandle
USER32.dll
0x446234 GetMenuInfo
0x446238 GetMessageTime
0x44623c GetMenuCheckMarkDimensions
EAT(Export Address Table) Library
0x43c3d0 _CallPattern@8
KERNEL32.dll
0x446000 SetVolumeLabelA
0x446004 GetFileSize
0x446008 SearchPathW
0x44600c WriteConsoleInputW
0x446010 TlsGetValue
0x446014 GetProfileIntW
0x446018 MapUserPhysicalPages
0x44601c LoadResource
0x446020 InterlockedIncrement
0x446024 InterlockedDecrement
0x446028 ScrollConsoleScreenBufferW
0x44602c CreateDirectoryW
0x446030 GetComputerNameW
0x446034 GetCommProperties
0x446038 FreeEnvironmentStringsA
0x44603c GetProcessPriorityBoost
0x446040 GetModuleHandleW
0x446044 CreateNamedPipeW
0x446048 LocalFlags
0x44604c GetConsoleAliasesLengthA
0x446050 GetPrivateProfileStringW
0x446054 GetWindowsDirectoryA
0x446058 WriteFile
0x44605c SetCommState
0x446060 GetCommandLineA
0x446064 GetSystemWow64DirectoryA
0x446068 WriteFileGather
0x44606c CreateDirectoryExW
0x446070 FindResourceExA
0x446074 GlobalAlloc
0x446078 LoadLibraryW
0x44607c GetConsoleMode
0x446080 GetCalendarInfoA
0x446084 SetSystemTimeAdjustment
0x446088 GetSystemWindowsDirectoryA
0x44608c SetConsoleCursorPosition
0x446090 VerifyVersionInfoA
0x446094 TerminateProcess
0x446098 IsDBCSLeadByte
0x44609c GetBinaryTypeW
0x4460a0 GetOverlappedResult
0x4460a4 lstrlenW
0x4460a8 SetConsoleTitleA
0x4460ac GlobalUnlock
0x4460b0 LCMapStringA
0x4460b4 GetConsoleOutputCP
0x4460b8 InterlockedExchange
0x4460bc ReleaseActCtx
0x4460c0 SetThreadLocale
0x4460c4 GetProcAddress
0x4460c8 SetComputerNameA
0x4460cc EnterCriticalSection
0x4460d0 SearchPathA
0x4460d4 BuildCommDCBW
0x4460d8 GetLocalTime
0x4460dc OpenWaitableTimerW
0x4460e0 GetConsoleScreenBufferInfo
0x4460e4 IsSystemResumeAutomatic
0x4460e8 SetConsoleCtrlHandler
0x4460ec WriteProfileSectionW
0x4460f0 FindAtomA
0x4460f4 GetTapeParameters
0x4460f8 EnumResourceTypesW
0x4460fc SetConsoleCursorInfo
0x446100 GetConsoleTitleW
0x446104 GetCurrentDirectoryA
0x446108 CompareStringA
0x44610c GetConsoleCursorInfo
0x446110 SetThreadAffinityMask
0x446114 GetVersionExA
0x446118 DeleteFileW
0x44611c InterlockedPushEntrySList
0x446120 GetProfileSectionW
0x446124 CopyFileExA
0x446128 AreFileApisANSI
0x44612c GetVolumeInformationW
0x446130 FlushFileBuffers
0x446134 GetModuleHandleA
0x446138 GetLastError
0x44613c DeleteFileA
0x446140 GetStartupInfoA
0x446144 HeapValidate
0x446148 IsBadReadPtr
0x44614c RaiseException
0x446150 DeleteCriticalSection
0x446154 LeaveCriticalSection
0x446158 GetModuleFileNameW
0x44615c SetUnhandledExceptionFilter
0x446160 QueryPerformanceCounter
0x446164 GetTickCount
0x446168 GetCurrentThreadId
0x44616c GetCurrentProcessId
0x446170 GetSystemTimeAsFileTime
0x446174 Sleep
0x446178 ExitProcess
0x44617c GetModuleFileNameA
0x446180 GetEnvironmentStrings
0x446184 FreeEnvironmentStringsW
0x446188 WideCharToMultiByte
0x44618c GetEnvironmentStringsW
0x446190 SetHandleCount
0x446194 GetStdHandle
0x446198 GetFileType
0x44619c TlsAlloc
0x4461a0 TlsSetValue
0x4461a4 TlsFree
0x4461a8 SetLastError
0x4461ac HeapDestroy
0x4461b0 HeapCreate
0x4461b4 HeapFree
0x4461b8 VirtualFree
0x4461bc HeapAlloc
0x4461c0 GetCurrentProcess
0x4461c4 UnhandledExceptionFilter
0x4461c8 IsDebuggerPresent
0x4461cc HeapSize
0x4461d0 HeapReAlloc
0x4461d4 VirtualAlloc
0x4461d8 GetACP
0x4461dc GetOEMCP
0x4461e0 GetCPInfo
0x4461e4 IsValidCodePage
0x4461e8 RtlUnwind
0x4461ec InitializeCriticalSectionAndSpinCount
0x4461f0 DebugBreak
0x4461f4 OutputDebugStringA
0x4461f8 WriteConsoleW
0x4461fc OutputDebugStringW
0x446200 LoadLibraryA
0x446204 MultiByteToWideChar
0x446208 LCMapStringW
0x44620c GetStringTypeA
0x446210 GetStringTypeW
0x446214 GetLocaleInfoA
0x446218 SetFilePointer
0x44621c GetConsoleCP
0x446220 SetStdHandle
0x446224 WriteConsoleA
0x446228 CreateFileA
0x44622c CloseHandle
USER32.dll
0x446234 GetMenuInfo
0x446238 GetMessageTime
0x44623c GetMenuCheckMarkDimensions
EAT(Export Address Table) Library
0x43c3d0 _CallPattern@8