ScreenShot
| Created | 2021.06.25 08:56 | Machine | s1_win7_x6401 |
| Filename | coevRM2v.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 2e4f2c48b719e102842ddab792e229b8 | ||
| sha256 | d4f8894bcfb45d9c5185af6978aa7340bdc3373833ff88fc8f2c46364650cc4f | ||
| ssdeep | 6144:dAZERKpqhxsdrnLLroAKggDpSI20VYpXaaqyuiZZ+/:fRxsdr7oA9Mi0YwyZz+ | ||
| imphash | 363722c496926cda78eb9319ff33f1f3 | ||
| impfuzzy | 24:Omwq4yGqRxKfV9MKS1o0qtSmlJnc+pl3eDoT02BUSOovbO9Ziv2p:Om74yNR8fV9S1YtSkc+pp/0R3A+ | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x140010238 DlgDirListW
0x140010240 GetIconInfoExW
0x140010248 MessageBoxIndirectA
0x140010250 ScrollWindow
0x140010258 wvsprintfW
0x140010260 CheckMenuItem
0x140010268 SendNotifyMessageW
0x140010270 GetMenuItemID
GDI32.dll
0x140010000 GetRegionData
0x140010008 GetCharWidthW
0x140010010 GetBkMode
0x140010018 GetFontUnicodeRanges
KERNEL32.dll
0x140010028 GetConsoleMode
0x140010030 CreateFileW
0x140010038 CloseHandle
0x140010040 WriteConsoleW
0x140010048 SetFilePointerEx
0x140010050 GetModuleFileNameW
0x140010058 QueryPerformanceCounter
0x140010060 GetCurrentProcessId
0x140010068 GetCurrentThreadId
0x140010070 GetSystemTimeAsFileTime
0x140010078 InitializeSListHead
0x140010080 RtlCaptureContext
0x140010088 RtlLookupFunctionEntry
0x140010090 RtlVirtualUnwind
0x140010098 IsDebuggerPresent
0x1400100a0 UnhandledExceptionFilter
0x1400100a8 SetUnhandledExceptionFilter
0x1400100b0 GetStartupInfoW
0x1400100b8 IsProcessorFeaturePresent
0x1400100c0 GetModuleHandleW
0x1400100c8 RtlUnwindEx
0x1400100d0 GetLastError
0x1400100d8 SetLastError
0x1400100e0 EnterCriticalSection
0x1400100e8 LeaveCriticalSection
0x1400100f0 DeleteCriticalSection
0x1400100f8 InitializeCriticalSectionAndSpinCount
0x140010100 TlsAlloc
0x140010108 TlsGetValue
0x140010110 TlsSetValue
0x140010118 TlsFree
0x140010120 FreeLibrary
0x140010128 GetProcAddress
0x140010130 LoadLibraryExW
0x140010138 RaiseException
0x140010140 GetStdHandle
0x140010148 WriteFile
0x140010150 GetCurrentProcess
0x140010158 ExitProcess
0x140010160 TerminateProcess
0x140010168 GetModuleHandleExW
0x140010170 HeapAlloc
0x140010178 HeapFree
0x140010180 FindClose
0x140010188 FindFirstFileExW
0x140010190 FindNextFileW
0x140010198 IsValidCodePage
0x1400101a0 GetACP
0x1400101a8 GetOEMCP
0x1400101b0 GetCPInfo
0x1400101b8 GetCommandLineA
0x1400101c0 GetCommandLineW
0x1400101c8 MultiByteToWideChar
0x1400101d0 WideCharToMultiByte
0x1400101d8 GetEnvironmentStringsW
0x1400101e0 FreeEnvironmentStringsW
0x1400101e8 SetStdHandle
0x1400101f0 GetFileType
0x1400101f8 GetStringTypeW
0x140010200 LCMapStringW
0x140010208 GetProcessHeap
0x140010210 HeapSize
0x140010218 HeapReAlloc
0x140010220 FlushFileBuffers
0x140010228 GetConsoleCP
EAT(Export Address Table) is none
USER32.dll
0x140010238 DlgDirListW
0x140010240 GetIconInfoExW
0x140010248 MessageBoxIndirectA
0x140010250 ScrollWindow
0x140010258 wvsprintfW
0x140010260 CheckMenuItem
0x140010268 SendNotifyMessageW
0x140010270 GetMenuItemID
GDI32.dll
0x140010000 GetRegionData
0x140010008 GetCharWidthW
0x140010010 GetBkMode
0x140010018 GetFontUnicodeRanges
KERNEL32.dll
0x140010028 GetConsoleMode
0x140010030 CreateFileW
0x140010038 CloseHandle
0x140010040 WriteConsoleW
0x140010048 SetFilePointerEx
0x140010050 GetModuleFileNameW
0x140010058 QueryPerformanceCounter
0x140010060 GetCurrentProcessId
0x140010068 GetCurrentThreadId
0x140010070 GetSystemTimeAsFileTime
0x140010078 InitializeSListHead
0x140010080 RtlCaptureContext
0x140010088 RtlLookupFunctionEntry
0x140010090 RtlVirtualUnwind
0x140010098 IsDebuggerPresent
0x1400100a0 UnhandledExceptionFilter
0x1400100a8 SetUnhandledExceptionFilter
0x1400100b0 GetStartupInfoW
0x1400100b8 IsProcessorFeaturePresent
0x1400100c0 GetModuleHandleW
0x1400100c8 RtlUnwindEx
0x1400100d0 GetLastError
0x1400100d8 SetLastError
0x1400100e0 EnterCriticalSection
0x1400100e8 LeaveCriticalSection
0x1400100f0 DeleteCriticalSection
0x1400100f8 InitializeCriticalSectionAndSpinCount
0x140010100 TlsAlloc
0x140010108 TlsGetValue
0x140010110 TlsSetValue
0x140010118 TlsFree
0x140010120 FreeLibrary
0x140010128 GetProcAddress
0x140010130 LoadLibraryExW
0x140010138 RaiseException
0x140010140 GetStdHandle
0x140010148 WriteFile
0x140010150 GetCurrentProcess
0x140010158 ExitProcess
0x140010160 TerminateProcess
0x140010168 GetModuleHandleExW
0x140010170 HeapAlloc
0x140010178 HeapFree
0x140010180 FindClose
0x140010188 FindFirstFileExW
0x140010190 FindNextFileW
0x140010198 IsValidCodePage
0x1400101a0 GetACP
0x1400101a8 GetOEMCP
0x1400101b0 GetCPInfo
0x1400101b8 GetCommandLineA
0x1400101c0 GetCommandLineW
0x1400101c8 MultiByteToWideChar
0x1400101d0 WideCharToMultiByte
0x1400101d8 GetEnvironmentStringsW
0x1400101e0 FreeEnvironmentStringsW
0x1400101e8 SetStdHandle
0x1400101f0 GetFileType
0x1400101f8 GetStringTypeW
0x140010200 LCMapStringW
0x140010208 GetProcessHeap
0x140010210 HeapSize
0x140010218 HeapReAlloc
0x140010220 FlushFileBuffers
0x140010228 GetConsoleCP
EAT(Export Address Table) is none