ScreenShot
| Created | 2021.06.28 07:49 | Machine | s1_win7_x6402 |
| Filename | new_user | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 796b3e4674b68b33c906ce32c3275d83 | ||
| sha256 | afb5cbe324865253c7a9dcadbe66c66746ea360f0cd184a2f4e1bbf104533ccd | ||
| ssdeep | 196608:FaSSW6I52i0ezA2avJ25OjX7qo+YDuTNROilLZGfNaSvY9P0QmXSSZINaWMFUtnr:gSS6/3ahKOjrqquTNROilLZoazsQmrZ0 | ||
| imphash | b4a4f42eeacc77c5d3caaa7d5ec68819 | ||
| impfuzzy | 24:jOovFFdUDmWlKAWk/KblJKu9UMGaGfjEq9cgcf8prXjDAS1jtlopl79TYoEOrRZE:CcWzWc59cgcfErXgS1jtlopp9YcgBr | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0xabe000 GetCommandLineA
0xabe004 GetTickCount
0xabe008 GetLastError
0xabe00c GetVersion
0xabe010 GetCurrentProcess
0xabe014 GetProcessHeap
0xabe018 GetEnvironmentStrings
0xabe01c VirtualAlloc
0xabe020 GetSystemInfo
0xabe024 GetModuleHandleA
0xabe028 GetProcAddress
0xabe02c TlsGetValue
0xabe030 TlsSetValue
0xabe034 AcquireSRWLockExclusive
0xabe038 ReleaseSRWLockExclusive
0xabe03c AcquireSRWLockShared
0xabe040 ReleaseSRWLockShared
0xabe044 SetLastError
0xabe048 GetEnvironmentVariableW
0xabe04c GetStdHandle
0xabe050 GetConsoleMode
0xabe054 WriteFile
0xabe058 WriteConsoleW
0xabe05c GetCurrentThread
0xabe060 RtlCaptureContext
0xabe064 ReleaseMutex
0xabe068 GetCurrentDirectoryW
0xabe06c WaitForSingleObjectEx
0xabe070 LoadLibraryA
0xabe074 CreateMutexA
0xabe078 CloseHandle
0xabe07c TlsAlloc
0xabe080 GetModuleHandleW
0xabe084 FormatMessageW
0xabe088 InitializeCriticalSection
0xabe08c TryEnterCriticalSection
0xabe090 LeaveCriticalSection
0xabe094 EnterCriticalSection
0xabe098 HeapAlloc
0xabe09c HeapFree
0xabe0a0 HeapReAlloc
0xabe0a4 AddVectoredExceptionHandler
0xabe0a8 SetThreadStackGuarantee
0xabe0ac CreateFileW
0xabe0b0 QueryPerformanceCounter
0xabe0b4 GetCurrentProcessId
0xabe0b8 GetCurrentThreadId
0xabe0bc GetSystemTimeAsFileTime
0xabe0c0 InitializeSListHead
0xabe0c4 IsDebuggerPresent
0xabe0c8 UnhandledExceptionFilter
0xabe0cc SetUnhandledExceptionFilter
0xabe0d0 GetStartupInfoW
0xabe0d4 IsProcessorFeaturePresent
0xabe0d8 TerminateProcess
0xabe0dc RtlUnwind
0xabe0e0 DeleteCriticalSection
0xabe0e4 InitializeCriticalSectionAndSpinCount
0xabe0e8 TlsFree
0xabe0ec FreeLibrary
0xabe0f0 LoadLibraryExW
0xabe0f4 RaiseException
0xabe0f8 GetModuleFileNameW
0xabe0fc ExitProcess
0xabe100 GetModuleHandleExW
0xabe104 GetCommandLineW
0xabe108 FindClose
0xabe10c FindFirstFileExW
0xabe110 FindNextFileW
0xabe114 IsValidCodePage
0xabe118 GetACP
0xabe11c GetOEMCP
0xabe120 GetCPInfo
0xabe124 MultiByteToWideChar
0xabe128 WideCharToMultiByte
0xabe12c GetEnvironmentStringsW
0xabe130 FreeEnvironmentStringsW
0xabe134 SetEnvironmentVariableW
0xabe138 SetStdHandle
0xabe13c GetFileType
0xabe140 GetStringTypeW
0xabe144 CompareStringW
0xabe148 LCMapStringW
0xabe14c HeapSize
0xabe150 FlushFileBuffers
0xabe154 GetConsoleCP
0xabe158 SetFilePointerEx
0xabe15c DecodePointer
EAT(Export Address Table) is none
KERNEL32.dll
0xabe000 GetCommandLineA
0xabe004 GetTickCount
0xabe008 GetLastError
0xabe00c GetVersion
0xabe010 GetCurrentProcess
0xabe014 GetProcessHeap
0xabe018 GetEnvironmentStrings
0xabe01c VirtualAlloc
0xabe020 GetSystemInfo
0xabe024 GetModuleHandleA
0xabe028 GetProcAddress
0xabe02c TlsGetValue
0xabe030 TlsSetValue
0xabe034 AcquireSRWLockExclusive
0xabe038 ReleaseSRWLockExclusive
0xabe03c AcquireSRWLockShared
0xabe040 ReleaseSRWLockShared
0xabe044 SetLastError
0xabe048 GetEnvironmentVariableW
0xabe04c GetStdHandle
0xabe050 GetConsoleMode
0xabe054 WriteFile
0xabe058 WriteConsoleW
0xabe05c GetCurrentThread
0xabe060 RtlCaptureContext
0xabe064 ReleaseMutex
0xabe068 GetCurrentDirectoryW
0xabe06c WaitForSingleObjectEx
0xabe070 LoadLibraryA
0xabe074 CreateMutexA
0xabe078 CloseHandle
0xabe07c TlsAlloc
0xabe080 GetModuleHandleW
0xabe084 FormatMessageW
0xabe088 InitializeCriticalSection
0xabe08c TryEnterCriticalSection
0xabe090 LeaveCriticalSection
0xabe094 EnterCriticalSection
0xabe098 HeapAlloc
0xabe09c HeapFree
0xabe0a0 HeapReAlloc
0xabe0a4 AddVectoredExceptionHandler
0xabe0a8 SetThreadStackGuarantee
0xabe0ac CreateFileW
0xabe0b0 QueryPerformanceCounter
0xabe0b4 GetCurrentProcessId
0xabe0b8 GetCurrentThreadId
0xabe0bc GetSystemTimeAsFileTime
0xabe0c0 InitializeSListHead
0xabe0c4 IsDebuggerPresent
0xabe0c8 UnhandledExceptionFilter
0xabe0cc SetUnhandledExceptionFilter
0xabe0d0 GetStartupInfoW
0xabe0d4 IsProcessorFeaturePresent
0xabe0d8 TerminateProcess
0xabe0dc RtlUnwind
0xabe0e0 DeleteCriticalSection
0xabe0e4 InitializeCriticalSectionAndSpinCount
0xabe0e8 TlsFree
0xabe0ec FreeLibrary
0xabe0f0 LoadLibraryExW
0xabe0f4 RaiseException
0xabe0f8 GetModuleFileNameW
0xabe0fc ExitProcess
0xabe100 GetModuleHandleExW
0xabe104 GetCommandLineW
0xabe108 FindClose
0xabe10c FindFirstFileExW
0xabe110 FindNextFileW
0xabe114 IsValidCodePage
0xabe118 GetACP
0xabe11c GetOEMCP
0xabe120 GetCPInfo
0xabe124 MultiByteToWideChar
0xabe128 WideCharToMultiByte
0xabe12c GetEnvironmentStringsW
0xabe130 FreeEnvironmentStringsW
0xabe134 SetEnvironmentVariableW
0xabe138 SetStdHandle
0xabe13c GetFileType
0xabe140 GetStringTypeW
0xabe144 CompareStringW
0xabe148 LCMapStringW
0xabe14c HeapSize
0xabe150 FlushFileBuffers
0xabe154 GetConsoleCP
0xabe158 SetFilePointerEx
0xabe15c DecodePointer
EAT(Export Address Table) is none