ScreenShot
| Created | 2021.06.25 13:35 | Machine | s1_win7_x6401 |
| Filename | sbd.exe | ||
| Type | PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 47 detected (SkypeSpam, Trafog, Unsafe, Generik, ShadowIntRat, malicious, CYFP, Attribute, HighConfidence, ebjkhd, CLOUD, Malware@#2jaxvtct8gtn6, HKTL, SECBD, Tool, cckj, Xema, R368588, ai score=100, Svhl, GenAsa, BaB64VgWBBs, confidence, 100%, susgen) | ||
| md5 | 5485aa8dca6edb85db42e315026a7f1c | ||
| sha256 | 3d10a895e55cd0d5ff6df19f06526ae6ebd6925af6ea9657dad06df818892c27 | ||
| ssdeep | 768:F6mICfINvZX1xTMhv9bxQEU7UL+AfTtArA4APbm3B6B1P:SxN9wh9pIROWrFEm34j | ||
| imphash | b03da7779b6bc341c4a4276acc2db918 | ||
| impfuzzy | 24:v5cX53gjJgomvlrq+vZ2qFIbLgv5bRyZbVjL+ufVnoCAKuI3Rjsm:v5cXlgjJg1vpq+H4Iwf1tnos9 | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 47 AntiVirus engines on VirusTotal as malicious |
| info | Command line console output was observed |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x4121dc _getpid
0x4121e0 _itoa
0x4121e4 _kbhit
0x4121e8 _read
0x4121ec _strdup
0x4121f0 _write
msvcrt.dll
0x4121fc __getmainargs
0x412200 __p___argv
0x412204 __p__environ
0x412208 __p__fmode
0x41220c __set_app_type
0x412210 _cexit
0x412214 _errno
0x412218 _iob
0x41221c _isatty
0x412220 _onexit
0x412224 _setmode
0x412228 _stricmp
0x41222c _vsnprintf
0x412230 abort
0x412234 atexit
0x412238 atoi
0x41223c fprintf
0x412240 fputc
0x412244 free
0x412248 fwrite
0x41224c getenv
0x412250 malloc
0x412254 memcpy
0x412258 memset
0x41225c printf
0x412260 signal
0x412264 strchr
0x412268 strerror
0x41226c strlen
0x412270 strncmp
0x412274 strstr
0x412278 vfprintf
KERNEL32.dll
0x412284 AddAtomA
0x412288 CloseHandle
0x41228c CreatePipe
0x412290 CreateProcessA
0x412294 CreateSemaphoreA
0x412298 CreateThread
0x41229c DisconnectNamedPipe
0x4122a0 DuplicateHandle
0x4122a4 ExitProcess
0x4122a8 ExitThread
0x4122ac FindAtomA
0x4122b0 FreeConsole
0x4122b4 GetAtomNameA
0x4122b8 GetCurrentProcess
0x4122bc GetLastError
0x4122c0 GetSystemTime
0x4122c4 PeekNamedPipe
0x4122c8 ReadFile
0x4122cc ReleaseSemaphore
0x4122d0 SetUnhandledExceptionFilter
0x4122d4 Sleep
0x4122d8 TerminateProcess
0x4122dc WaitForMultipleObjects
0x4122e0 WaitForSingleObject
0x4122e4 WriteFile
WSOCK32.DLL
0x4122f0 WSACleanup
0x4122f4 WSAGetLastError
0x4122f8 WSAStartup
0x4122fc __WSAFDIsSet
0x412300 accept
0x412304 ind
0x412308 closesocket
0x41230c connect
0x412310 gethostbyaddr
0x412314 gethostbyname
0x412318 getsockname
0x41231c htonl
0x412320 htons
0x412324 inet_addr
0x412328 inet_ntoa
0x41232c listen
0x412330 ntohs
0x412334 recv
0x412338 select
0x41233c send
0x412340 setsockopt
0x412344 socket
EAT(Export Address Table) is none
msvcrt.dll
0x4121dc _getpid
0x4121e0 _itoa
0x4121e4 _kbhit
0x4121e8 _read
0x4121ec _strdup
0x4121f0 _write
msvcrt.dll
0x4121fc __getmainargs
0x412200 __p___argv
0x412204 __p__environ
0x412208 __p__fmode
0x41220c __set_app_type
0x412210 _cexit
0x412214 _errno
0x412218 _iob
0x41221c _isatty
0x412220 _onexit
0x412224 _setmode
0x412228 _stricmp
0x41222c _vsnprintf
0x412230 abort
0x412234 atexit
0x412238 atoi
0x41223c fprintf
0x412240 fputc
0x412244 free
0x412248 fwrite
0x41224c getenv
0x412250 malloc
0x412254 memcpy
0x412258 memset
0x41225c printf
0x412260 signal
0x412264 strchr
0x412268 strerror
0x41226c strlen
0x412270 strncmp
0x412274 strstr
0x412278 vfprintf
KERNEL32.dll
0x412284 AddAtomA
0x412288 CloseHandle
0x41228c CreatePipe
0x412290 CreateProcessA
0x412294 CreateSemaphoreA
0x412298 CreateThread
0x41229c DisconnectNamedPipe
0x4122a0 DuplicateHandle
0x4122a4 ExitProcess
0x4122a8 ExitThread
0x4122ac FindAtomA
0x4122b0 FreeConsole
0x4122b4 GetAtomNameA
0x4122b8 GetCurrentProcess
0x4122bc GetLastError
0x4122c0 GetSystemTime
0x4122c4 PeekNamedPipe
0x4122c8 ReadFile
0x4122cc ReleaseSemaphore
0x4122d0 SetUnhandledExceptionFilter
0x4122d4 Sleep
0x4122d8 TerminateProcess
0x4122dc WaitForMultipleObjects
0x4122e0 WaitForSingleObject
0x4122e4 WriteFile
WSOCK32.DLL
0x4122f0 WSACleanup
0x4122f4 WSAGetLastError
0x4122f8 WSAStartup
0x4122fc __WSAFDIsSet
0x412300 accept
0x412304 ind
0x412308 closesocket
0x41230c connect
0x412310 gethostbyaddr
0x412314 gethostbyname
0x412318 getsockname
0x41231c htonl
0x412320 htons
0x412324 inet_addr
0x412328 inet_ntoa
0x41232c listen
0x412330 ntohs
0x412334 recv
0x412338 select
0x41233c send
0x412340 setsockopt
0x412344 socket
EAT(Export Address Table) is none