ScreenShot
| Created | 2021.08.10 17:56 | Machine | s1_win7_x6401 |
| Filename | dcc7975c8a99514da06323f0994cd79b.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 506695f323a3e831b28cf194e14d572a | ||
| sha256 | 5a410e2d5807f2337a8cf55a7fbfdfa490e9835e5409660591fd6fad7eafcda0 | ||
| ssdeep | 98304:dtG1sk31IjxYRPzCEqGQWxo+8hrWhbl6L5W3zcILrjjqKAvGLcHfY:fGKk3gazNQWP6LaNmSc/Y | ||
| imphash | 10d590d1f4ed2f9a6fb903cd9f148a28 | ||
| impfuzzy | 48:uBT9ZFxuUN7Olpx1O2nYTt/aE0jcGIJSFu2XWR:8PN7Ovx1FYTtyE0jcGIJSbXWR | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x426000 FileTimeToDosDateTime
0x426004 EnumResourceNamesW
0x426008 GetFileSize
0x42600c SetPriorityClass
0x426010 SetFilePointer
0x426014 CopyFileExW
0x426018 InterlockedIncrement
0x42601c InterlockedDecrement
0x426020 WaitNamedPipeA
0x426024 WriteConsoleInputA
0x426028 GetComputerNameW
0x42602c SetEvent
0x426030 FreeEnvironmentStringsA
0x426034 GetTickCount
0x426038 CreateNamedPipeW
0x42603c VirtualFree
0x426040 GetConsoleAliasesLengthA
0x426044 GetPrivateProfileStringW
0x426048 GetCommandLineA
0x42604c FindResourceExA
0x426050 GlobalAlloc
0x426054 LoadLibraryW
0x426058 GetSystemWow64DirectoryW
0x42605c GetConsoleAliasExesLengthW
0x426060 InitAtomTable
0x426064 GetFileAttributesA
0x426068 IsProcessorFeaturePresent
0x42606c CreateSemaphoreA
0x426070 SetConsoleCursorPosition
0x426074 GetBinaryTypeA
0x426078 GetSystemDirectoryA
0x42607c GetOverlappedResult
0x426080 lstrlenW
0x426084 GlobalUnlock
0x426088 CreateDirectoryA
0x42608c ReleaseActCtx
0x426090 GetStartupInfoA
0x426094 OpenMutexW
0x426098 GetHandleInformation
0x42609c GetLastError
0x4260a0 GetProcAddress
0x4260a4 GetProcessHeaps
0x4260a8 ReadFileEx
0x4260ac SetComputerNameA
0x4260b0 LoadLibraryA
0x4260b4 GetConsoleScreenBufferInfo
0x4260b8 GetExitCodeThread
0x4260bc SetCurrentDirectoryW
0x4260c0 PostQueuedCompletionStatus
0x4260c4 WriteProfileSectionW
0x4260c8 SetEnvironmentVariableA
0x4260cc WriteProfileStringA
0x4260d0 CreateIoCompletionPort
0x4260d4 GetCurrentDirectoryA
0x4260d8 CompareStringA
0x4260dc FatalAppExitA
0x4260e0 GetCurrentThreadId
0x4260e4 GetCPInfoExA
0x4260e8 GetVersionExA
0x4260ec TlsAlloc
0x4260f0 FindAtomW
0x4260f4 DeleteFileW
0x4260f8 UnregisterWaitEx
0x4260fc GetSystemTime
0x426100 LCMapStringW
0x426104 AreFileApisANSI
0x426108 UnhandledExceptionFilter
0x42610c SetUnhandledExceptionFilter
0x426110 MoveFileA
0x426114 GetStartupInfoW
0x426118 HeapValidate
0x42611c IsBadReadPtr
0x426120 RaiseException
0x426124 GetModuleHandleW
0x426128 Sleep
0x42612c ExitProcess
0x426130 GetModuleFileNameA
0x426134 WriteFile
0x426138 GetStdHandle
0x42613c EnterCriticalSection
0x426140 LeaveCriticalSection
0x426144 TerminateProcess
0x426148 GetCurrentProcess
0x42614c IsDebuggerPresent
0x426150 GetModuleFileNameW
0x426154 RtlUnwind
0x426158 GetACP
0x42615c GetOEMCP
0x426160 GetCPInfo
0x426164 IsValidCodePage
0x426168 TlsGetValue
0x42616c TlsSetValue
0x426170 TlsFree
0x426174 SetLastError
0x426178 DeleteCriticalSection
0x42617c QueryPerformanceCounter
0x426180 GetCurrentProcessId
0x426184 GetSystemTimeAsFileTime
0x426188 FreeEnvironmentStringsW
0x42618c GetEnvironmentStringsW
0x426190 GetCommandLineW
0x426194 SetHandleCount
0x426198 GetFileType
0x42619c HeapDestroy
0x4261a0 HeapCreate
0x4261a4 HeapFree
0x4261a8 HeapAlloc
0x4261ac HeapSize
0x4261b0 HeapReAlloc
0x4261b4 VirtualAlloc
0x4261b8 InitializeCriticalSectionAndSpinCount
0x4261bc DebugBreak
0x4261c0 OutputDebugStringA
0x4261c4 WriteConsoleW
0x4261c8 OutputDebugStringW
0x4261cc MultiByteToWideChar
0x4261d0 GetStringTypeA
0x4261d4 GetStringTypeW
0x4261d8 GetLocaleInfoA
0x4261dc WideCharToMultiByte
0x4261e0 LCMapStringA
0x4261e4 FlushFileBuffers
0x4261e8 GetConsoleCP
0x4261ec GetConsoleMode
0x4261f0 ReadFile
0x4261f4 CloseHandle
0x4261f8 SetStdHandle
0x4261fc WriteConsoleA
0x426200 GetConsoleOutputCP
0x426204 CreateFileA
0x426208 GetModuleHandleA
EAT(Export Address Table) is none
KERNEL32.dll
0x426000 FileTimeToDosDateTime
0x426004 EnumResourceNamesW
0x426008 GetFileSize
0x42600c SetPriorityClass
0x426010 SetFilePointer
0x426014 CopyFileExW
0x426018 InterlockedIncrement
0x42601c InterlockedDecrement
0x426020 WaitNamedPipeA
0x426024 WriteConsoleInputA
0x426028 GetComputerNameW
0x42602c SetEvent
0x426030 FreeEnvironmentStringsA
0x426034 GetTickCount
0x426038 CreateNamedPipeW
0x42603c VirtualFree
0x426040 GetConsoleAliasesLengthA
0x426044 GetPrivateProfileStringW
0x426048 GetCommandLineA
0x42604c FindResourceExA
0x426050 GlobalAlloc
0x426054 LoadLibraryW
0x426058 GetSystemWow64DirectoryW
0x42605c GetConsoleAliasExesLengthW
0x426060 InitAtomTable
0x426064 GetFileAttributesA
0x426068 IsProcessorFeaturePresent
0x42606c CreateSemaphoreA
0x426070 SetConsoleCursorPosition
0x426074 GetBinaryTypeA
0x426078 GetSystemDirectoryA
0x42607c GetOverlappedResult
0x426080 lstrlenW
0x426084 GlobalUnlock
0x426088 CreateDirectoryA
0x42608c ReleaseActCtx
0x426090 GetStartupInfoA
0x426094 OpenMutexW
0x426098 GetHandleInformation
0x42609c GetLastError
0x4260a0 GetProcAddress
0x4260a4 GetProcessHeaps
0x4260a8 ReadFileEx
0x4260ac SetComputerNameA
0x4260b0 LoadLibraryA
0x4260b4 GetConsoleScreenBufferInfo
0x4260b8 GetExitCodeThread
0x4260bc SetCurrentDirectoryW
0x4260c0 PostQueuedCompletionStatus
0x4260c4 WriteProfileSectionW
0x4260c8 SetEnvironmentVariableA
0x4260cc WriteProfileStringA
0x4260d0 CreateIoCompletionPort
0x4260d4 GetCurrentDirectoryA
0x4260d8 CompareStringA
0x4260dc FatalAppExitA
0x4260e0 GetCurrentThreadId
0x4260e4 GetCPInfoExA
0x4260e8 GetVersionExA
0x4260ec TlsAlloc
0x4260f0 FindAtomW
0x4260f4 DeleteFileW
0x4260f8 UnregisterWaitEx
0x4260fc GetSystemTime
0x426100 LCMapStringW
0x426104 AreFileApisANSI
0x426108 UnhandledExceptionFilter
0x42610c SetUnhandledExceptionFilter
0x426110 MoveFileA
0x426114 GetStartupInfoW
0x426118 HeapValidate
0x42611c IsBadReadPtr
0x426120 RaiseException
0x426124 GetModuleHandleW
0x426128 Sleep
0x42612c ExitProcess
0x426130 GetModuleFileNameA
0x426134 WriteFile
0x426138 GetStdHandle
0x42613c EnterCriticalSection
0x426140 LeaveCriticalSection
0x426144 TerminateProcess
0x426148 GetCurrentProcess
0x42614c IsDebuggerPresent
0x426150 GetModuleFileNameW
0x426154 RtlUnwind
0x426158 GetACP
0x42615c GetOEMCP
0x426160 GetCPInfo
0x426164 IsValidCodePage
0x426168 TlsGetValue
0x42616c TlsSetValue
0x426170 TlsFree
0x426174 SetLastError
0x426178 DeleteCriticalSection
0x42617c QueryPerformanceCounter
0x426180 GetCurrentProcessId
0x426184 GetSystemTimeAsFileTime
0x426188 FreeEnvironmentStringsW
0x42618c GetEnvironmentStringsW
0x426190 GetCommandLineW
0x426194 SetHandleCount
0x426198 GetFileType
0x42619c HeapDestroy
0x4261a0 HeapCreate
0x4261a4 HeapFree
0x4261a8 HeapAlloc
0x4261ac HeapSize
0x4261b0 HeapReAlloc
0x4261b4 VirtualAlloc
0x4261b8 InitializeCriticalSectionAndSpinCount
0x4261bc DebugBreak
0x4261c0 OutputDebugStringA
0x4261c4 WriteConsoleW
0x4261c8 OutputDebugStringW
0x4261cc MultiByteToWideChar
0x4261d0 GetStringTypeA
0x4261d4 GetStringTypeW
0x4261d8 GetLocaleInfoA
0x4261dc WideCharToMultiByte
0x4261e0 LCMapStringA
0x4261e4 FlushFileBuffers
0x4261e8 GetConsoleCP
0x4261ec GetConsoleMode
0x4261f0 ReadFile
0x4261f4 CloseHandle
0x4261f8 SetStdHandle
0x4261fc WriteConsoleA
0x426200 GetConsoleOutputCP
0x426204 CreateFileA
0x426208 GetModuleHandleA
EAT(Export Address Table) is none