ScreenShot
| Created | 2021.07.09 10:00 | Machine | s1_win7_x6402 |
| Filename | search.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 5662b035afe1d5d0673378cae8c3a963 | ||
| sha256 | 25cf264589639fc27c6dc012e33e5fa8054add3915d9265e934d849f763e5b51 | ||
| ssdeep | 12288:TTR3MmXDrLa5sRcebpagznCUAiK5rN0jtsPquZciAGGhh93eN0hLiNojYkIcpwdL:58mTMucoznCRZN0jt0twGKnfckIcKdb/ | ||
| imphash | f0bfc1cc0e395e0b7ca1dd0906a94aca | ||
| impfuzzy | 48:OVTae6Or1VPmiN8lDEo2BTOFR+fcft2MaEG00KdTcgjD+D:MlxT0YhT2+fcftKEGLKdTcgji | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Raccoon_Stealer_1_Zero | Raccoon Stealer | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4ce000 GetComputerNameA
0x4ce004 SearchPathW
0x4ce008 WritePrivateProfileStructA
0x4ce00c GetConsoleAliasesLengthW
0x4ce010 TlsGetValue
0x4ce014 SetLocalTime
0x4ce018 CommConfigDialogA
0x4ce01c FindResourceExW
0x4ce020 GetProcessIoCounters
0x4ce024 MapUserPhysicalPages
0x4ce028 FreeLibrary
0x4ce02c CallNamedPipeA
0x4ce030 GetCommState
0x4ce034 InterlockedDecrement
0x4ce038 ZombifyActCtx
0x4ce03c ScrollConsoleScreenBufferW
0x4ce040 SetDefaultCommConfigW
0x4ce044 GetSystemWindowsDirectoryW
0x4ce048 GetNamedPipeHandleStateA
0x4ce04c GlobalLock
0x4ce050 SetConsoleScreenBufferSize
0x4ce054 WriteConsoleInputA
0x4ce058 SetComputerNameW
0x4ce05c CreateDirectoryExA
0x4ce060 GetModuleHandleW
0x4ce064 CreateNamedPipeW
0x4ce068 GetPrivateProfileStringW
0x4ce06c WriteFileGather
0x4ce070 SetProcessPriorityBoost
0x4ce074 GetSystemDirectoryW
0x4ce078 LoadLibraryW
0x4ce07c GetConsoleMode
0x4ce080 SetCommConfig
0x4ce084 SizeofResource
0x4ce088 GetSystemWow64DirectoryW
0x4ce08c GetSystemTimeAdjustment
0x4ce090 InterlockedPopEntrySList
0x4ce094 GlobalFlags
0x4ce098 ReadFile
0x4ce09c GetBinaryTypeW
0x4ce0a0 GetOverlappedResult
0x4ce0a4 CompareStringW
0x4ce0a8 ExitThread
0x4ce0ac lstrlenW
0x4ce0b0 GetStartupInfoW
0x4ce0b4 VerifyVersionInfoW
0x4ce0b8 CreateDirectoryA
0x4ce0bc GetProfileIntA
0x4ce0c0 GetFileSizeEx
0x4ce0c4 SetCurrentDirectoryA
0x4ce0c8 OpenMutexW
0x4ce0cc GetCurrentDirectoryW
0x4ce0d0 GetThreadLocale
0x4ce0d4 ReadConsoleOutputCharacterA
0x4ce0d8 GetProcessHeaps
0x4ce0dc SetVolumeLabelW
0x4ce0e0 WriteProfileSectionA
0x4ce0e4 SetStdHandle
0x4ce0e8 GetAtomNameA
0x4ce0ec LoadLibraryA
0x4ce0f0 LocalAlloc
0x4ce0f4 SetCalendarInfoW
0x4ce0f8 SetConsoleCtrlHandler
0x4ce0fc SetConsoleWindowInfo
0x4ce100 GetTapeParameters
0x4ce104 WTSGetActiveConsoleSessionId
0x4ce108 SetConsoleTitleW
0x4ce10c GetProcessShutdownParameters
0x4ce110 CreateMutexA
0x4ce114 FreeEnvironmentStringsW
0x4ce118 RequestWakeupLatency
0x4ce11c VirtualProtect
0x4ce120 GetCPInfoExA
0x4ce124 GetVersionExA
0x4ce128 FindAtomW
0x4ce12c GetWindowsDirectoryW
0x4ce130 GetVersion
0x4ce134 GetVolumeNameForVolumeMountPointW
0x4ce138 DeleteFileW
0x4ce13c FindActCtxSectionStringW
0x4ce140 GetProfileSectionW
0x4ce144 LCMapStringW
0x4ce148 CopyFileExA
0x4ce14c CommConfigDialogW
0x4ce150 InterlockedIncrement
0x4ce154 Sleep
0x4ce158 InitializeCriticalSection
0x4ce15c DeleteCriticalSection
0x4ce160 EnterCriticalSection
0x4ce164 LeaveCriticalSection
0x4ce168 TerminateProcess
0x4ce16c GetCurrentProcess
0x4ce170 UnhandledExceptionFilter
0x4ce174 SetUnhandledExceptionFilter
0x4ce178 IsDebuggerPresent
0x4ce17c GetModuleFileNameW
0x4ce180 GetCommandLineA
0x4ce184 GetStartupInfoA
0x4ce188 HeapValidate
0x4ce18c IsBadReadPtr
0x4ce190 RaiseException
0x4ce194 RtlUnwind
0x4ce198 GetLastError
0x4ce19c GetFileType
0x4ce1a0 WriteFile
0x4ce1a4 WideCharToMultiByte
0x4ce1a8 GetConsoleCP
0x4ce1ac GetProcAddress
0x4ce1b0 TlsAlloc
0x4ce1b4 TlsSetValue
0x4ce1b8 GetCurrentThreadId
0x4ce1bc TlsFree
0x4ce1c0 SetLastError
0x4ce1c4 GetACP
0x4ce1c8 GetOEMCP
0x4ce1cc GetCPInfo
0x4ce1d0 IsValidCodePage
0x4ce1d4 DebugBreak
0x4ce1d8 GetStdHandle
0x4ce1dc OutputDebugStringA
0x4ce1e0 WriteConsoleW
0x4ce1e4 OutputDebugStringW
0x4ce1e8 ExitProcess
0x4ce1ec QueryPerformanceCounter
0x4ce1f0 GetTickCount
0x4ce1f4 GetCurrentProcessId
0x4ce1f8 GetSystemTimeAsFileTime
0x4ce1fc GetModuleFileNameA
0x4ce200 FreeEnvironmentStringsA
0x4ce204 GetEnvironmentStrings
0x4ce208 GetEnvironmentStringsW
0x4ce20c SetHandleCount
0x4ce210 HeapDestroy
0x4ce214 HeapCreate
0x4ce218 HeapFree
0x4ce21c VirtualFree
0x4ce220 FlushFileBuffers
0x4ce224 HeapAlloc
0x4ce228 HeapSize
0x4ce22c HeapReAlloc
0x4ce230 VirtualAlloc
0x4ce234 MultiByteToWideChar
0x4ce238 GetStringTypeA
0x4ce23c GetStringTypeW
0x4ce240 GetLocaleInfoA
0x4ce244 InitializeCriticalSectionAndSpinCount
0x4ce248 WriteConsoleA
0x4ce24c GetConsoleOutputCP
0x4ce250 SetFilePointer
0x4ce254 LCMapStringA
0x4ce258 CreateFileA
0x4ce25c CloseHandle
0x4ce260 GetModuleHandleA
USER32.dll
0x4ce268 GetComboBoxInfo
0x4ce26c GetCursorInfo
EAT(Export Address Table) Library
0x4cb4f0 _hockey@4
0x4cb4e0 _hyppo@4
KERNEL32.dll
0x4ce000 GetComputerNameA
0x4ce004 SearchPathW
0x4ce008 WritePrivateProfileStructA
0x4ce00c GetConsoleAliasesLengthW
0x4ce010 TlsGetValue
0x4ce014 SetLocalTime
0x4ce018 CommConfigDialogA
0x4ce01c FindResourceExW
0x4ce020 GetProcessIoCounters
0x4ce024 MapUserPhysicalPages
0x4ce028 FreeLibrary
0x4ce02c CallNamedPipeA
0x4ce030 GetCommState
0x4ce034 InterlockedDecrement
0x4ce038 ZombifyActCtx
0x4ce03c ScrollConsoleScreenBufferW
0x4ce040 SetDefaultCommConfigW
0x4ce044 GetSystemWindowsDirectoryW
0x4ce048 GetNamedPipeHandleStateA
0x4ce04c GlobalLock
0x4ce050 SetConsoleScreenBufferSize
0x4ce054 WriteConsoleInputA
0x4ce058 SetComputerNameW
0x4ce05c CreateDirectoryExA
0x4ce060 GetModuleHandleW
0x4ce064 CreateNamedPipeW
0x4ce068 GetPrivateProfileStringW
0x4ce06c WriteFileGather
0x4ce070 SetProcessPriorityBoost
0x4ce074 GetSystemDirectoryW
0x4ce078 LoadLibraryW
0x4ce07c GetConsoleMode
0x4ce080 SetCommConfig
0x4ce084 SizeofResource
0x4ce088 GetSystemWow64DirectoryW
0x4ce08c GetSystemTimeAdjustment
0x4ce090 InterlockedPopEntrySList
0x4ce094 GlobalFlags
0x4ce098 ReadFile
0x4ce09c GetBinaryTypeW
0x4ce0a0 GetOverlappedResult
0x4ce0a4 CompareStringW
0x4ce0a8 ExitThread
0x4ce0ac lstrlenW
0x4ce0b0 GetStartupInfoW
0x4ce0b4 VerifyVersionInfoW
0x4ce0b8 CreateDirectoryA
0x4ce0bc GetProfileIntA
0x4ce0c0 GetFileSizeEx
0x4ce0c4 SetCurrentDirectoryA
0x4ce0c8 OpenMutexW
0x4ce0cc GetCurrentDirectoryW
0x4ce0d0 GetThreadLocale
0x4ce0d4 ReadConsoleOutputCharacterA
0x4ce0d8 GetProcessHeaps
0x4ce0dc SetVolumeLabelW
0x4ce0e0 WriteProfileSectionA
0x4ce0e4 SetStdHandle
0x4ce0e8 GetAtomNameA
0x4ce0ec LoadLibraryA
0x4ce0f0 LocalAlloc
0x4ce0f4 SetCalendarInfoW
0x4ce0f8 SetConsoleCtrlHandler
0x4ce0fc SetConsoleWindowInfo
0x4ce100 GetTapeParameters
0x4ce104 WTSGetActiveConsoleSessionId
0x4ce108 SetConsoleTitleW
0x4ce10c GetProcessShutdownParameters
0x4ce110 CreateMutexA
0x4ce114 FreeEnvironmentStringsW
0x4ce118 RequestWakeupLatency
0x4ce11c VirtualProtect
0x4ce120 GetCPInfoExA
0x4ce124 GetVersionExA
0x4ce128 FindAtomW
0x4ce12c GetWindowsDirectoryW
0x4ce130 GetVersion
0x4ce134 GetVolumeNameForVolumeMountPointW
0x4ce138 DeleteFileW
0x4ce13c FindActCtxSectionStringW
0x4ce140 GetProfileSectionW
0x4ce144 LCMapStringW
0x4ce148 CopyFileExA
0x4ce14c CommConfigDialogW
0x4ce150 InterlockedIncrement
0x4ce154 Sleep
0x4ce158 InitializeCriticalSection
0x4ce15c DeleteCriticalSection
0x4ce160 EnterCriticalSection
0x4ce164 LeaveCriticalSection
0x4ce168 TerminateProcess
0x4ce16c GetCurrentProcess
0x4ce170 UnhandledExceptionFilter
0x4ce174 SetUnhandledExceptionFilter
0x4ce178 IsDebuggerPresent
0x4ce17c GetModuleFileNameW
0x4ce180 GetCommandLineA
0x4ce184 GetStartupInfoA
0x4ce188 HeapValidate
0x4ce18c IsBadReadPtr
0x4ce190 RaiseException
0x4ce194 RtlUnwind
0x4ce198 GetLastError
0x4ce19c GetFileType
0x4ce1a0 WriteFile
0x4ce1a4 WideCharToMultiByte
0x4ce1a8 GetConsoleCP
0x4ce1ac GetProcAddress
0x4ce1b0 TlsAlloc
0x4ce1b4 TlsSetValue
0x4ce1b8 GetCurrentThreadId
0x4ce1bc TlsFree
0x4ce1c0 SetLastError
0x4ce1c4 GetACP
0x4ce1c8 GetOEMCP
0x4ce1cc GetCPInfo
0x4ce1d0 IsValidCodePage
0x4ce1d4 DebugBreak
0x4ce1d8 GetStdHandle
0x4ce1dc OutputDebugStringA
0x4ce1e0 WriteConsoleW
0x4ce1e4 OutputDebugStringW
0x4ce1e8 ExitProcess
0x4ce1ec QueryPerformanceCounter
0x4ce1f0 GetTickCount
0x4ce1f4 GetCurrentProcessId
0x4ce1f8 GetSystemTimeAsFileTime
0x4ce1fc GetModuleFileNameA
0x4ce200 FreeEnvironmentStringsA
0x4ce204 GetEnvironmentStrings
0x4ce208 GetEnvironmentStringsW
0x4ce20c SetHandleCount
0x4ce210 HeapDestroy
0x4ce214 HeapCreate
0x4ce218 HeapFree
0x4ce21c VirtualFree
0x4ce220 FlushFileBuffers
0x4ce224 HeapAlloc
0x4ce228 HeapSize
0x4ce22c HeapReAlloc
0x4ce230 VirtualAlloc
0x4ce234 MultiByteToWideChar
0x4ce238 GetStringTypeA
0x4ce23c GetStringTypeW
0x4ce240 GetLocaleInfoA
0x4ce244 InitializeCriticalSectionAndSpinCount
0x4ce248 WriteConsoleA
0x4ce24c GetConsoleOutputCP
0x4ce250 SetFilePointer
0x4ce254 LCMapStringA
0x4ce258 CreateFileA
0x4ce25c CloseHandle
0x4ce260 GetModuleHandleA
USER32.dll
0x4ce268 GetComboBoxInfo
0x4ce26c GetCursorInfo
EAT(Export Address Table) Library
0x4cb4f0 _hockey@4
0x4cb4e0 _hyppo@4