ScreenShot
| Created | 2021.07.06 15:26 | Machine | s1_win7_x6401 |
| Filename | MsMpEng.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 8cc83221870dd07144e63df594c391d9 | ||
| sha256 | 33bc14d231a4afaa18f06513766d5f69d8b88f1e697cd127d24fb4b72ad44c7a | ||
| ssdeep | 384:NDr3WIqWJ1q//0GftpBjRwtxO4HRN7uJlYaibn6:FLe8ifJkuUaY6 | ||
| imphash | 6e73693d0e907f1ab7f324b64d2b9866 | ||
| impfuzzy | 3:snMO/OywkPpXhdOy+JSHXXLCbAJSHXX0AZAJSbolWxzvyLsSqHQLAUGrTLLML:oZ/OiXhhebVUAZpjJeOrrML | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Antivirus | Contains references to security software | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x403000 ExitProcess
0x403004 QueryPerformanceCounter
0x403008 GetCurrentProcessId
0x40300c GetCurrentThreadId
0x403010 GetSystemTimeAsFileTime
0x403014 GetTickCount
mpsvc.dll
0x40301c ServiceCrtMain
EAT(Export Address Table) is none
KERNEL32.dll
0x403000 ExitProcess
0x403004 QueryPerformanceCounter
0x403008 GetCurrentProcessId
0x40300c GetCurrentThreadId
0x403010 GetSystemTimeAsFileTime
0x403014 GetTickCount
mpsvc.dll
0x40301c ServiceCrtMain
EAT(Export Address Table) is none