ScreenShot
| Created | 2021.07.31 14:01 | Machine | s1_win7_x6402 |
| Filename | winscp.com | ||
| Type | PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | f998fcd26455fb41278f8887ecb5594e | ||
| sha256 | f32611ce3a28fda2932bbdd856a0604866b9f3dbbc21407cb846baeb4684dd2f | ||
| ssdeep | 6144:RkdBy6tHmG676IS8i5cSXX6a8sg4iAA+KXK:2y6tHe76IS8i5LXviAAj6 | ||
| imphash | 4930629d52bba909dc99b790c62376e0 | ||
| impfuzzy | 48:YqXOeCt29Yw1Vyr+TZcVdLqB/TVK4XxURX3uKQL:YqXTCg71Arwc3mB/pK4XIA | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| info | Command line console output was observed |
| info | One or more processes crashed |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_PWS_Loki_Zero | Win32 PWS Loki | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.DLL
0x4481e8 CloseHandle
0x4481ec CreateEventW
0x4481f0 CreateFileA
0x4481f4 CreateFileMappingA
0x4481f8 CreateFileMappingW
0x4481fc CreateJobObjectW
0x448200 CreateProcessW
0x448204 CreateThread
0x448208 DeleteCriticalSection
0x44820c DeleteFileA
0x448210 EnterCriticalSection
0x448214 ExitProcess
0x448218 FlushConsoleInputBuffer
0x44821c FormatMessageW
0x448220 GetACP
0x448224 GetCPInfo
0x448228 GetCommandLineW
0x44822c GetConsoleCP
0x448230 GetConsoleMode
0x448234 GetConsoleOutputCP
0x448238 GetConsoleTitleW
0x44823c GetCurrentProcessId
0x448240 GetCurrentThreadId
0x448244 GetEnvironmentStrings
0x448248 GetEnvironmentStringsW
0x44824c GetExitCodeProcess
0x448250 GetFileAttributesA
0x448254 GetFileType
0x448258 GetLastError
0x44825c GetLocalTime
0x448260 GetLocaleInfoA
0x448264 GetModuleFileNameA
0x448268 GetModuleFileNameW
0x44826c GetModuleHandleA
0x448270 GetModuleHandleW
0x448274 GetOEMCP
0x448278 GetProcAddress
0x44827c GetProcessHeap
0x448280 GetStartupInfoA
0x448284 GetStartupInfoW
0x448288 GetStdHandle
0x44828c GetStringTypeA
0x448290 GetStringTypeW
0x448294 GetSystemDefaultLangID
0x448298 GetTimeZoneInformation
0x44829c GetUserDefaultLCID
0x4482a0 GetVersion
0x4482a4 GetVersionExA
0x4482a8 GetVersionExW
0x4482ac HeapAlloc
0x4482b0 HeapFree
0x4482b4 InitializeCriticalSection
0x4482b8 InterlockedDecrement
0x4482bc InterlockedExchange
0x4482c0 InterlockedIncrement
0x4482c4 IsDBCSLeadByteEx
0x4482c8 IsDebuggerPresent
0x4482cc IsValidLocale
0x4482d0 LCMapStringA
0x4482d4 LCMapStringW
0x4482d8 LeaveCriticalSection
0x4482dc LoadLibraryA
0x4482e0 LocalFree
0x4482e4 MapViewOfFile
0x4482e8 MultiByteToWideChar
0x4482ec OpenEventW
0x4482f0 OpenFileMappingA
0x4482f4 PeekConsoleInputW
0x4482f8 RaiseException
0x4482fc ReadConsoleInputW
0x448300 ReadConsoleW
0x448304 ReadFile
0x448308 RtlUnwind
0x44830c SetConsoleCP
0x448310 SetConsoleCtrlHandler
0x448314 SetConsoleMode
0x448318 SetConsoleOutputCP
0x44831c SetConsoleTitleW
0x448320 SetEvent
0x448324 SetFilePointer
0x448328 SetHandleCount
0x44832c SetInformationJobObject
0x448330 SetLastError
0x448334 SetThreadLocale
0x448338 Sleep
0x44833c TerminateProcess
0x448340 TlsAlloc
0x448344 TlsFree
0x448348 TlsGetValue
0x44834c TlsSetValue
0x448350 UnmapViewOfFile
0x448354 VirtualAlloc
0x448358 VirtualFree
0x44835c VirtualQuery
0x448360 WaitForMultipleObjects
0x448364 WaitForSingleObject
0x448368 WideCharToMultiByte
0x44836c WriteConsoleA
0x448370 WriteConsoleInputW
0x448374 WriteConsoleW
0x448378 WriteFile
VERSION.DLL
0x448390 GetFileVersionInfoSizeW
0x448394 GetFileVersionInfoW
0x448398 VerQueryValueW
USER32.DLL
0x4483bc CharUpperBuffW
0x4483c0 EnumThreadWindows
0x4483c4 GetAsyncKeyState
0x4483c8 MessageBoxA
0x4483cc wsprintfA
0x4483d0 wsprintfW
EAT(Export Address Table) Library
0x401181 __GetExceptDLLinfo
0x42f0ac ___CPPdebugHook
KERNEL32.DLL
0x4481e8 CloseHandle
0x4481ec CreateEventW
0x4481f0 CreateFileA
0x4481f4 CreateFileMappingA
0x4481f8 CreateFileMappingW
0x4481fc CreateJobObjectW
0x448200 CreateProcessW
0x448204 CreateThread
0x448208 DeleteCriticalSection
0x44820c DeleteFileA
0x448210 EnterCriticalSection
0x448214 ExitProcess
0x448218 FlushConsoleInputBuffer
0x44821c FormatMessageW
0x448220 GetACP
0x448224 GetCPInfo
0x448228 GetCommandLineW
0x44822c GetConsoleCP
0x448230 GetConsoleMode
0x448234 GetConsoleOutputCP
0x448238 GetConsoleTitleW
0x44823c GetCurrentProcessId
0x448240 GetCurrentThreadId
0x448244 GetEnvironmentStrings
0x448248 GetEnvironmentStringsW
0x44824c GetExitCodeProcess
0x448250 GetFileAttributesA
0x448254 GetFileType
0x448258 GetLastError
0x44825c GetLocalTime
0x448260 GetLocaleInfoA
0x448264 GetModuleFileNameA
0x448268 GetModuleFileNameW
0x44826c GetModuleHandleA
0x448270 GetModuleHandleW
0x448274 GetOEMCP
0x448278 GetProcAddress
0x44827c GetProcessHeap
0x448280 GetStartupInfoA
0x448284 GetStartupInfoW
0x448288 GetStdHandle
0x44828c GetStringTypeA
0x448290 GetStringTypeW
0x448294 GetSystemDefaultLangID
0x448298 GetTimeZoneInformation
0x44829c GetUserDefaultLCID
0x4482a0 GetVersion
0x4482a4 GetVersionExA
0x4482a8 GetVersionExW
0x4482ac HeapAlloc
0x4482b0 HeapFree
0x4482b4 InitializeCriticalSection
0x4482b8 InterlockedDecrement
0x4482bc InterlockedExchange
0x4482c0 InterlockedIncrement
0x4482c4 IsDBCSLeadByteEx
0x4482c8 IsDebuggerPresent
0x4482cc IsValidLocale
0x4482d0 LCMapStringA
0x4482d4 LCMapStringW
0x4482d8 LeaveCriticalSection
0x4482dc LoadLibraryA
0x4482e0 LocalFree
0x4482e4 MapViewOfFile
0x4482e8 MultiByteToWideChar
0x4482ec OpenEventW
0x4482f0 OpenFileMappingA
0x4482f4 PeekConsoleInputW
0x4482f8 RaiseException
0x4482fc ReadConsoleInputW
0x448300 ReadConsoleW
0x448304 ReadFile
0x448308 RtlUnwind
0x44830c SetConsoleCP
0x448310 SetConsoleCtrlHandler
0x448314 SetConsoleMode
0x448318 SetConsoleOutputCP
0x44831c SetConsoleTitleW
0x448320 SetEvent
0x448324 SetFilePointer
0x448328 SetHandleCount
0x44832c SetInformationJobObject
0x448330 SetLastError
0x448334 SetThreadLocale
0x448338 Sleep
0x44833c TerminateProcess
0x448340 TlsAlloc
0x448344 TlsFree
0x448348 TlsGetValue
0x44834c TlsSetValue
0x448350 UnmapViewOfFile
0x448354 VirtualAlloc
0x448358 VirtualFree
0x44835c VirtualQuery
0x448360 WaitForMultipleObjects
0x448364 WaitForSingleObject
0x448368 WideCharToMultiByte
0x44836c WriteConsoleA
0x448370 WriteConsoleInputW
0x448374 WriteConsoleW
0x448378 WriteFile
VERSION.DLL
0x448390 GetFileVersionInfoSizeW
0x448394 GetFileVersionInfoW
0x448398 VerQueryValueW
USER32.DLL
0x4483bc CharUpperBuffW
0x4483c0 EnumThreadWindows
0x4483c4 GetAsyncKeyState
0x4483c8 MessageBoxA
0x4483cc wsprintfA
0x4483d0 wsprintfW
EAT(Export Address Table) Library
0x401181 __GetExceptDLLinfo
0x42f0ac ___CPPdebugHook