ScreenShot
| Created | 2021.06.25 10:11 | Machine | s1_win7_x6401 |
| Filename | svc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 2499ec02ac63ee4844cead87766225db | ||
| sha256 | f14a3884b2eed07c58e7e6703c7b292053218de3390b0883621ff5f8941b33e6 | ||
| ssdeep | 3072:rOCQKnsO+iKyRuAADcxvjczqEGjwXHbuRzr/T5vrTm44F08ESX9WW8aj9lnT:rOLKn0fcxvQedwruRzr1nmpWgj9 | ||
| imphash | 8293ad000eb8f07ba025580bfe785c23 | ||
| impfuzzy | 48:dLfaOLC/EEj8Si4prbcqJycAtQVvqK9La62i+Buz:d5VA95rrAcAtQVvqQO628 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x42d008 WriteConsoleInputW
0x42d00c CopyFileExW
0x42d010 TlsGetValue
0x42d014 SetLocalTime
0x42d018 GetDriveTypeW
0x42d01c SetEndOfFile
0x42d020 GetNumberOfConsoleInputEvents
0x42d024 FindResourceExW
0x42d028 MapUserPhysicalPages
0x42d02c InterlockedIncrement
0x42d030 GetQueuedCompletionStatus
0x42d034 GetCommState
0x42d038 InterlockedDecrement
0x42d03c ScrollConsoleScreenBufferW
0x42d040 WritePrivateProfileSectionA
0x42d044 WaitForSingleObject
0x42d048 CallNamedPipeW
0x42d04c GetModuleHandleW
0x42d050 GetPrivateProfileStringW
0x42d054 WriteFileGather
0x42d058 CreateDirectoryExW
0x42d05c Sleep
0x42d060 GetSystemTimeAdjustment
0x42d064 GlobalFlags
0x42d068 Beep
0x42d06c VerifyVersionInfoA
0x42d070 IsDBCSLeadByte
0x42d074 ReadFile
0x42d078 CreateFileW
0x42d07c GetBinaryTypeW
0x42d080 GetACP
0x42d084 lstrlenW
0x42d088 VerifyVersionInfoW
0x42d08c CreateDirectoryA
0x42d090 GetStdHandle
0x42d094 OpenMutexW
0x42d098 GetCurrentDirectoryW
0x42d09c GetProcAddress
0x42d0a0 GetComputerNameExW
0x42d0a4 FindFirstFileW
0x42d0a8 WriteProfileSectionA
0x42d0ac ReadFileEx
0x42d0b0 SetComputerNameA
0x42d0b4 CreateMemoryResourceNotification
0x42d0b8 SearchPathA
0x42d0bc GetPrivateProfileStringA
0x42d0c0 SetFileApisToOEM
0x42d0c4 GetAtomNameA
0x42d0c8 Process32FirstW
0x42d0cc OpenWaitableTimerW
0x42d0d0 LocalAlloc
0x42d0d4 IsSystemResumeAutomatic
0x42d0d8 SetConsoleOutputCP
0x42d0dc AddAtomW
0x42d0e0 SetCommMask
0x42d0e4 GetPrivateProfileStructA
0x42d0e8 EnumResourceTypesW
0x42d0ec SetConsoleTitleW
0x42d0f0 GetModuleHandleA
0x42d0f4 FreeEnvironmentStringsW
0x42d0f8 EnumResourceNamesA
0x42d0fc GetConsoleTitleW
0x42d100 BuildCommDCBA
0x42d104 CompareStringA
0x42d108 GetConsoleCursorInfo
0x42d10c SetCalendarInfoA
0x42d110 GetVersionExA
0x42d114 GetWindowsDirectoryW
0x42d118 GetCurrentProcessId
0x42d11c InterlockedPushEntrySList
0x42d120 GetProfileSectionW
0x42d124 SuspendThread
0x42d128 LCMapStringW
0x42d12c GetVolumeInformationW
0x42d130 SetStdHandle
0x42d134 CloseHandle
0x42d138 RaiseException
0x42d13c IsProcessorFeaturePresent
0x42d140 SetVolumeLabelW
0x42d144 GetFileSize
0x42d148 GetCommandLineW
0x42d14c HeapSetInformation
0x42d150 GetStartupInfoW
0x42d154 EnterCriticalSection
0x42d158 LeaveCriticalSection
0x42d15c DecodePointer
0x42d160 TerminateProcess
0x42d164 GetCurrentProcess
0x42d168 UnhandledExceptionFilter
0x42d16c SetUnhandledExceptionFilter
0x42d170 IsDebuggerPresent
0x42d174 EncodePointer
0x42d178 GetModuleFileNameW
0x42d17c QueryPerformanceCounter
0x42d180 GetTickCount
0x42d184 GetCurrentThreadId
0x42d188 GetSystemTimeAsFileTime
0x42d18c ExitProcess
0x42d190 GetEnvironmentStringsW
0x42d194 SetHandleCount
0x42d198 InitializeCriticalSectionAndSpinCount
0x42d19c GetFileType
0x42d1a0 DeleteCriticalSection
0x42d1a4 HeapValidate
0x42d1a8 IsBadReadPtr
0x42d1ac TlsAlloc
0x42d1b0 TlsSetValue
0x42d1b4 TlsFree
0x42d1b8 SetLastError
0x42d1bc GetLastError
0x42d1c0 HeapCreate
0x42d1c4 WriteFile
0x42d1c8 RtlUnwind
0x42d1cc GetOEMCP
0x42d1d0 GetCPInfo
0x42d1d4 IsValidCodePage
0x42d1d8 OutputDebugStringA
0x42d1dc WriteConsoleW
0x42d1e0 OutputDebugStringW
0x42d1e4 LoadLibraryW
0x42d1e8 MultiByteToWideChar
0x42d1ec HeapAlloc
0x42d1f0 GetModuleFileNameA
0x42d1f4 HeapReAlloc
0x42d1f8 HeapSize
0x42d1fc HeapQueryInformation
0x42d200 HeapFree
0x42d204 GetStringTypeW
0x42d208 WideCharToMultiByte
0x42d20c FlushFileBuffers
0x42d210 GetConsoleCP
0x42d214 GetConsoleMode
0x42d218 SetFilePointer
USER32.dll
0x42d220 GetComboBoxInfo
0x42d224 GetMessageTime
0x42d228 GetMenuBarInfo
ADVAPI32.dll
0x42d000 InitiateSystemShutdownA
EAT(Export Address Table) Library
0x424580 _CallPattern@8
KERNEL32.dll
0x42d008 WriteConsoleInputW
0x42d00c CopyFileExW
0x42d010 TlsGetValue
0x42d014 SetLocalTime
0x42d018 GetDriveTypeW
0x42d01c SetEndOfFile
0x42d020 GetNumberOfConsoleInputEvents
0x42d024 FindResourceExW
0x42d028 MapUserPhysicalPages
0x42d02c InterlockedIncrement
0x42d030 GetQueuedCompletionStatus
0x42d034 GetCommState
0x42d038 InterlockedDecrement
0x42d03c ScrollConsoleScreenBufferW
0x42d040 WritePrivateProfileSectionA
0x42d044 WaitForSingleObject
0x42d048 CallNamedPipeW
0x42d04c GetModuleHandleW
0x42d050 GetPrivateProfileStringW
0x42d054 WriteFileGather
0x42d058 CreateDirectoryExW
0x42d05c Sleep
0x42d060 GetSystemTimeAdjustment
0x42d064 GlobalFlags
0x42d068 Beep
0x42d06c VerifyVersionInfoA
0x42d070 IsDBCSLeadByte
0x42d074 ReadFile
0x42d078 CreateFileW
0x42d07c GetBinaryTypeW
0x42d080 GetACP
0x42d084 lstrlenW
0x42d088 VerifyVersionInfoW
0x42d08c CreateDirectoryA
0x42d090 GetStdHandle
0x42d094 OpenMutexW
0x42d098 GetCurrentDirectoryW
0x42d09c GetProcAddress
0x42d0a0 GetComputerNameExW
0x42d0a4 FindFirstFileW
0x42d0a8 WriteProfileSectionA
0x42d0ac ReadFileEx
0x42d0b0 SetComputerNameA
0x42d0b4 CreateMemoryResourceNotification
0x42d0b8 SearchPathA
0x42d0bc GetPrivateProfileStringA
0x42d0c0 SetFileApisToOEM
0x42d0c4 GetAtomNameA
0x42d0c8 Process32FirstW
0x42d0cc OpenWaitableTimerW
0x42d0d0 LocalAlloc
0x42d0d4 IsSystemResumeAutomatic
0x42d0d8 SetConsoleOutputCP
0x42d0dc AddAtomW
0x42d0e0 SetCommMask
0x42d0e4 GetPrivateProfileStructA
0x42d0e8 EnumResourceTypesW
0x42d0ec SetConsoleTitleW
0x42d0f0 GetModuleHandleA
0x42d0f4 FreeEnvironmentStringsW
0x42d0f8 EnumResourceNamesA
0x42d0fc GetConsoleTitleW
0x42d100 BuildCommDCBA
0x42d104 CompareStringA
0x42d108 GetConsoleCursorInfo
0x42d10c SetCalendarInfoA
0x42d110 GetVersionExA
0x42d114 GetWindowsDirectoryW
0x42d118 GetCurrentProcessId
0x42d11c InterlockedPushEntrySList
0x42d120 GetProfileSectionW
0x42d124 SuspendThread
0x42d128 LCMapStringW
0x42d12c GetVolumeInformationW
0x42d130 SetStdHandle
0x42d134 CloseHandle
0x42d138 RaiseException
0x42d13c IsProcessorFeaturePresent
0x42d140 SetVolumeLabelW
0x42d144 GetFileSize
0x42d148 GetCommandLineW
0x42d14c HeapSetInformation
0x42d150 GetStartupInfoW
0x42d154 EnterCriticalSection
0x42d158 LeaveCriticalSection
0x42d15c DecodePointer
0x42d160 TerminateProcess
0x42d164 GetCurrentProcess
0x42d168 UnhandledExceptionFilter
0x42d16c SetUnhandledExceptionFilter
0x42d170 IsDebuggerPresent
0x42d174 EncodePointer
0x42d178 GetModuleFileNameW
0x42d17c QueryPerformanceCounter
0x42d180 GetTickCount
0x42d184 GetCurrentThreadId
0x42d188 GetSystemTimeAsFileTime
0x42d18c ExitProcess
0x42d190 GetEnvironmentStringsW
0x42d194 SetHandleCount
0x42d198 InitializeCriticalSectionAndSpinCount
0x42d19c GetFileType
0x42d1a0 DeleteCriticalSection
0x42d1a4 HeapValidate
0x42d1a8 IsBadReadPtr
0x42d1ac TlsAlloc
0x42d1b0 TlsSetValue
0x42d1b4 TlsFree
0x42d1b8 SetLastError
0x42d1bc GetLastError
0x42d1c0 HeapCreate
0x42d1c4 WriteFile
0x42d1c8 RtlUnwind
0x42d1cc GetOEMCP
0x42d1d0 GetCPInfo
0x42d1d4 IsValidCodePage
0x42d1d8 OutputDebugStringA
0x42d1dc WriteConsoleW
0x42d1e0 OutputDebugStringW
0x42d1e4 LoadLibraryW
0x42d1e8 MultiByteToWideChar
0x42d1ec HeapAlloc
0x42d1f0 GetModuleFileNameA
0x42d1f4 HeapReAlloc
0x42d1f8 HeapSize
0x42d1fc HeapQueryInformation
0x42d200 HeapFree
0x42d204 GetStringTypeW
0x42d208 WideCharToMultiByte
0x42d20c FlushFileBuffers
0x42d210 GetConsoleCP
0x42d214 GetConsoleMode
0x42d218 SetFilePointer
USER32.dll
0x42d220 GetComboBoxInfo
0x42d224 GetMessageTime
0x42d228 GetMenuBarInfo
ADVAPI32.dll
0x42d000 InitiateSystemShutdownA
EAT(Export Address Table) Library
0x424580 _CallPattern@8