ScreenShot
| Created | 2021.08.05 17:42 | Machine | s1_win7_x6402 |
| Filename | javase.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 5cae01aea8ed390ce9bec17b6c1237e4 | ||
| sha256 | 19896a23d7b054625c2f6b1ee1551a0da68ad25cddbb24510a3b74578418e618 | ||
| ssdeep | 3072:n3vg+rJrkQVOUPrxLExK08A+MQ20AFHxH32Hdxkq5:n3vg+rOgOyrNEI3AxQUHK | ||
| imphash | 55fa9bd502457bea13d3626a68dc1cad | ||
| impfuzzy | 96:83+ppWcRFRrLGLsUKIJ57XBbp0gwCjVsG49xXjV7jV5qnaEjhFyqKJvTgGqhA:Z7VPkVb4PXpf2bjhTKJv1qhA | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| info | Checks amount of memory in system |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14001e100 DeleteCriticalSection
0x14001e108 WaitForSingleObjectEx
0x14001e110 GetCurrentProcess
0x14001e118 GetCurrentThreadId
0x14001e120 ResumeThread
0x14001e128 SetPriorityClass
0x14001e130 OpenProcess
0x14001e138 FreeLibrary
0x14001e140 LoadLibraryW
0x14001e148 MulDiv
0x14001e150 CopyFileW
0x14001e158 MoveFileExW
0x14001e160 InitializeCriticalSectionEx
0x14001e168 TerminateProcess
0x14001e170 LoadLibraryExA
0x14001e178 VirtualFree
0x14001e180 VirtualAlloc
0x14001e188 FlushInstructionCache
0x14001e190 InterlockedPushEntrySList
0x14001e198 InterlockedPopEntrySList
0x14001e1a0 GetProcessHeap
0x14001e1a8 HeapFree
0x14001e1b0 HeapAlloc
0x14001e1b8 OutputDebugStringW
0x14001e1c0 InitializeSListHead
0x14001e1c8 EnterCriticalSection
0x14001e1d0 LeaveCriticalSection
0x14001e1d8 DecodePointer
0x14001e1e0 RaiseException
0x14001e1e8 SetFileAttributesW
0x14001e1f0 GetFileAttributesW
0x14001e1f8 DeleteFileW
0x14001e200 ExpandEnvironmentStringsW
0x14001e208 GetCommandLineW
0x14001e210 SizeofResource
0x14001e218 LockResource
0x14001e220 LoadResource
0x14001e228 FindResourceExW
0x14001e230 GetSystemWindowsDirectoryW
0x14001e238 SleepEx
0x14001e240 SetLastError
0x14001e248 CloseHandle
0x14001e250 VerifyVersionInfoW
0x14001e258 GetModuleHandleW
0x14001e260 VerSetConditionMask
0x14001e268 MultiByteToWideChar
0x14001e270 GetProcAddress
0x14001e278 GetModuleFileNameW
0x14001e280 GetTickCount64
0x14001e288 QueryPerformanceCounter
0x14001e290 GetLastError
0x14001e298 GetSystemTimeAsFileTime
0x14001e2a0 GetCurrentProcessId
0x14001e2a8 IsProcessorFeaturePresent
0x14001e2b0 GetStartupInfoW
0x14001e2b8 SetUnhandledExceptionFilter
0x14001e2c0 UnhandledExceptionFilter
0x14001e2c8 IsDebuggerPresent
0x14001e2d0 RtlVirtualUnwind
0x14001e2d8 RtlLookupFunctionEntry
0x14001e2e0 RtlCaptureContext
0x14001e2e8 EncodePointer
0x14001e2f0 InitOnceExecuteOnce
USER32.dll
0x14001e318 EndPaint
0x14001e320 GetWindowTextW
0x14001e328 GetClientRect
0x14001e330 BeginPaint
0x14001e338 LoadImageW
0x14001e340 MonitorFromWindow
0x14001e348 ChangeWindowMessageFilter
0x14001e350 GetDC
0x14001e358 SetWindowLongPtrW
0x14001e360 UnregisterClassW
0x14001e368 DialogBoxParamW
0x14001e370 SendMessageW
0x14001e378 SetWindowTextW
0x14001e380 DrawIconEx
0x14001e388 EndDialog
0x14001e390 GetDlgItem
GDI32.dll
0x14001e0f0 GetDeviceCaps
COMDLG32.dll
0x14001e0e0 GetOpenFileNameW
ADVAPI32.dll
0x14001e000 RegDeleteTreeW
0x14001e008 RegSetValueExW
0x14001e010 RegOpenKeyExW
0x14001e018 RegCreateKeyExW
0x14001e020 RegCloseKey
0x14001e028 SetTokenInformation
0x14001e030 RevertToSelf
0x14001e038 InitializeAcl
0x14001e040 GetTokenInformation
0x14001e048 GetLengthSid
0x14001e050 GetAce
0x14001e058 FreeSid
0x14001e060 EqualSid
0x14001e068 DuplicateTokenEx
0x14001e070 CreateRestrictedToken
0x14001e078 AllocateAndInitializeSid
0x14001e080 AdjustTokenPrivileges
0x14001e088 AddAce
0x14001e090 AddAccessAllowedAce
0x14001e098 OpenProcessToken
0x14001e0a0 SetThreadToken
0x14001e0a8 CreateProcessAsUserW
0x14001e0b0 StartServiceW
0x14001e0b8 QueryServiceStatusEx
0x14001e0c0 OpenServiceW
0x14001e0c8 OpenSCManagerW
0x14001e0d0 CloseServiceHandle
SHELL32.dll
0x14001e300 DragQueryFileW
0x14001e308 DragFinish
ole32.dll
0x14001e5f0 CoInitializeEx
WTSAPI32.dll
0x14001e3b8 WTSQueryUserToken
0x14001e3c0 WTSEnumerateProcessesW
0x14001e3c8 WTSFreeMemory
USERENV.dll
0x14001e3a0 DestroyEnvironmentBlock
0x14001e3a8 CreateEnvironmentBlock
msvcrt.dll
0x14001e3f8 abort
0x14001e400 fseek
0x14001e408 __C_specific_handler
0x14001e410 _cexit
0x14001e418 ??0exception@@QEAA@AEBQEBD@Z
0x14001e420 __setusermatherr
0x14001e428 _initterm
0x14001e430 _initterm_e
0x14001e438 exit
0x14001e440 _exit
0x14001e448 _c_exit
0x14001e450 __wgetmainargs
0x14001e458 atexit
0x14001e460 _wcmdln
0x14001e468 _lock
0x14001e470 _unlock
0x14001e478 _fseeki64
0x14001e480 ?terminate@@YAXXZ
0x14001e488 _strtoi64
0x14001e490 _strtoui64
0x14001e498 ??0exception@@QEAA@XZ
0x14001e4a0 ??0exception@@QEAA@AEBV0@@Z
0x14001e4a8 ??1exception@@UEAA@XZ
0x14001e4b0 ?what@exception@@UEBAPEBDXZ
0x14001e4b8 _XcptFilter
0x14001e4c0 fsetpos
0x14001e4c8 fwrite
0x14001e4d0 memmove
0x14001e4d8 memcpy
0x14001e4e0 ??2@YAPEAX_K@Z
0x14001e4e8 memset
0x14001e4f0 setlocale
0x14001e4f8 ??3@YAXPEAX@Z
0x14001e500 memcmp
0x14001e508 localeconv
0x14001e510 ungetc
0x14001e518 setvbuf
0x14001e520 fread
0x14001e528 fputc
0x14001e530 fgetpos
0x14001e538 fgetc
0x14001e540 fflush
0x14001e548 fclose
0x14001e550 strtod
0x14001e558 _set_fmode
0x14001e560 malloc
0x14001e568 free
0x14001e570 _wcsicmp
0x14001e578 wcsrchr
0x14001e580 _errno
0x14001e588 ??_V@YAXPEAX@Z
0x14001e590 __CxxFrameHandler3
0x14001e598 _CxxThrowException
0x14001e5a0 _wcsnicmp
0x14001e5a8 _iob
0x14001e5b0 _vsnprintf
0x14001e5b8 __set_app_type
0x14001e5c0 _commode
0x14001e5c8 wcslen
0x14001e5d0 __dllonexit
0x14001e5d8 wcsstr
0x14001e5e0 _wfsopen
msvcp60.dll
0x14001e3d8 _Toupper
0x14001e3e0 _Tolower
0x14001e3e8 _Getctype
EAT(Export Address Table) is none
KERNEL32.dll
0x14001e100 DeleteCriticalSection
0x14001e108 WaitForSingleObjectEx
0x14001e110 GetCurrentProcess
0x14001e118 GetCurrentThreadId
0x14001e120 ResumeThread
0x14001e128 SetPriorityClass
0x14001e130 OpenProcess
0x14001e138 FreeLibrary
0x14001e140 LoadLibraryW
0x14001e148 MulDiv
0x14001e150 CopyFileW
0x14001e158 MoveFileExW
0x14001e160 InitializeCriticalSectionEx
0x14001e168 TerminateProcess
0x14001e170 LoadLibraryExA
0x14001e178 VirtualFree
0x14001e180 VirtualAlloc
0x14001e188 FlushInstructionCache
0x14001e190 InterlockedPushEntrySList
0x14001e198 InterlockedPopEntrySList
0x14001e1a0 GetProcessHeap
0x14001e1a8 HeapFree
0x14001e1b0 HeapAlloc
0x14001e1b8 OutputDebugStringW
0x14001e1c0 InitializeSListHead
0x14001e1c8 EnterCriticalSection
0x14001e1d0 LeaveCriticalSection
0x14001e1d8 DecodePointer
0x14001e1e0 RaiseException
0x14001e1e8 SetFileAttributesW
0x14001e1f0 GetFileAttributesW
0x14001e1f8 DeleteFileW
0x14001e200 ExpandEnvironmentStringsW
0x14001e208 GetCommandLineW
0x14001e210 SizeofResource
0x14001e218 LockResource
0x14001e220 LoadResource
0x14001e228 FindResourceExW
0x14001e230 GetSystemWindowsDirectoryW
0x14001e238 SleepEx
0x14001e240 SetLastError
0x14001e248 CloseHandle
0x14001e250 VerifyVersionInfoW
0x14001e258 GetModuleHandleW
0x14001e260 VerSetConditionMask
0x14001e268 MultiByteToWideChar
0x14001e270 GetProcAddress
0x14001e278 GetModuleFileNameW
0x14001e280 GetTickCount64
0x14001e288 QueryPerformanceCounter
0x14001e290 GetLastError
0x14001e298 GetSystemTimeAsFileTime
0x14001e2a0 GetCurrentProcessId
0x14001e2a8 IsProcessorFeaturePresent
0x14001e2b0 GetStartupInfoW
0x14001e2b8 SetUnhandledExceptionFilter
0x14001e2c0 UnhandledExceptionFilter
0x14001e2c8 IsDebuggerPresent
0x14001e2d0 RtlVirtualUnwind
0x14001e2d8 RtlLookupFunctionEntry
0x14001e2e0 RtlCaptureContext
0x14001e2e8 EncodePointer
0x14001e2f0 InitOnceExecuteOnce
USER32.dll
0x14001e318 EndPaint
0x14001e320 GetWindowTextW
0x14001e328 GetClientRect
0x14001e330 BeginPaint
0x14001e338 LoadImageW
0x14001e340 MonitorFromWindow
0x14001e348 ChangeWindowMessageFilter
0x14001e350 GetDC
0x14001e358 SetWindowLongPtrW
0x14001e360 UnregisterClassW
0x14001e368 DialogBoxParamW
0x14001e370 SendMessageW
0x14001e378 SetWindowTextW
0x14001e380 DrawIconEx
0x14001e388 EndDialog
0x14001e390 GetDlgItem
GDI32.dll
0x14001e0f0 GetDeviceCaps
COMDLG32.dll
0x14001e0e0 GetOpenFileNameW
ADVAPI32.dll
0x14001e000 RegDeleteTreeW
0x14001e008 RegSetValueExW
0x14001e010 RegOpenKeyExW
0x14001e018 RegCreateKeyExW
0x14001e020 RegCloseKey
0x14001e028 SetTokenInformation
0x14001e030 RevertToSelf
0x14001e038 InitializeAcl
0x14001e040 GetTokenInformation
0x14001e048 GetLengthSid
0x14001e050 GetAce
0x14001e058 FreeSid
0x14001e060 EqualSid
0x14001e068 DuplicateTokenEx
0x14001e070 CreateRestrictedToken
0x14001e078 AllocateAndInitializeSid
0x14001e080 AdjustTokenPrivileges
0x14001e088 AddAce
0x14001e090 AddAccessAllowedAce
0x14001e098 OpenProcessToken
0x14001e0a0 SetThreadToken
0x14001e0a8 CreateProcessAsUserW
0x14001e0b0 StartServiceW
0x14001e0b8 QueryServiceStatusEx
0x14001e0c0 OpenServiceW
0x14001e0c8 OpenSCManagerW
0x14001e0d0 CloseServiceHandle
SHELL32.dll
0x14001e300 DragQueryFileW
0x14001e308 DragFinish
ole32.dll
0x14001e5f0 CoInitializeEx
WTSAPI32.dll
0x14001e3b8 WTSQueryUserToken
0x14001e3c0 WTSEnumerateProcessesW
0x14001e3c8 WTSFreeMemory
USERENV.dll
0x14001e3a0 DestroyEnvironmentBlock
0x14001e3a8 CreateEnvironmentBlock
msvcrt.dll
0x14001e3f8 abort
0x14001e400 fseek
0x14001e408 __C_specific_handler
0x14001e410 _cexit
0x14001e418 ??0exception@@QEAA@AEBQEBD@Z
0x14001e420 __setusermatherr
0x14001e428 _initterm
0x14001e430 _initterm_e
0x14001e438 exit
0x14001e440 _exit
0x14001e448 _c_exit
0x14001e450 __wgetmainargs
0x14001e458 atexit
0x14001e460 _wcmdln
0x14001e468 _lock
0x14001e470 _unlock
0x14001e478 _fseeki64
0x14001e480 ?terminate@@YAXXZ
0x14001e488 _strtoi64
0x14001e490 _strtoui64
0x14001e498 ??0exception@@QEAA@XZ
0x14001e4a0 ??0exception@@QEAA@AEBV0@@Z
0x14001e4a8 ??1exception@@UEAA@XZ
0x14001e4b0 ?what@exception@@UEBAPEBDXZ
0x14001e4b8 _XcptFilter
0x14001e4c0 fsetpos
0x14001e4c8 fwrite
0x14001e4d0 memmove
0x14001e4d8 memcpy
0x14001e4e0 ??2@YAPEAX_K@Z
0x14001e4e8 memset
0x14001e4f0 setlocale
0x14001e4f8 ??3@YAXPEAX@Z
0x14001e500 memcmp
0x14001e508 localeconv
0x14001e510 ungetc
0x14001e518 setvbuf
0x14001e520 fread
0x14001e528 fputc
0x14001e530 fgetpos
0x14001e538 fgetc
0x14001e540 fflush
0x14001e548 fclose
0x14001e550 strtod
0x14001e558 _set_fmode
0x14001e560 malloc
0x14001e568 free
0x14001e570 _wcsicmp
0x14001e578 wcsrchr
0x14001e580 _errno
0x14001e588 ??_V@YAXPEAX@Z
0x14001e590 __CxxFrameHandler3
0x14001e598 _CxxThrowException
0x14001e5a0 _wcsnicmp
0x14001e5a8 _iob
0x14001e5b0 _vsnprintf
0x14001e5b8 __set_app_type
0x14001e5c0 _commode
0x14001e5c8 wcslen
0x14001e5d0 __dllonexit
0x14001e5d8 wcsstr
0x14001e5e0 _wfsopen
msvcp60.dll
0x14001e3d8 _Toupper
0x14001e3e0 _Tolower
0x14001e3e8 _Getctype
EAT(Export Address Table) is none