Report - ZeroBOX

ScreenShot

Info
Location map


Created	2021.08.20 09:17	Machine	s1_win7_x6402
Filename	fibo.exe
Type	PE32 executable (GUI) Intel 80386, for MS Windows
AI Score	7	Behavior Score	9.8
ZERO API	file : clean
VT API (file)	21 detected (lnJn, malicious, high confidence, Artemis, Unsafe, ZelphiCO, dLW@ayQhGXai, Delf, MBKT, GenKryptik, FJGO, Remcos, XPACK, kcloud, Wacatac, score, MachineLearning, Anomalous, Generic@ML, RDML, N8+x3Lj+hiET8dmCugDABg, Kryptik, EPYG)
md5	18bd1660bcab90d7ae7236da4a070918
sha256	f20912c3fa922cf6ec2bb9ce5bbad2aa505ccb7d397a968c76bfc7bd49b458af
ssdeep	12288:Qq8SB+x3pPT30Sv6kGDbdYMqFMS7kLWa4H+NZ6rq436TD9dFSKt8Ed8Fj0RIRcDg:r5UzPT3Bv6L9kaDNZAcFSXvVRQyP
imphash	cd897a852beb0d729ee0e0d2a4c10746
impfuzzy	192:oN3MSbuucDSUvK9EPoHXyAo7qKeJG1uTAjPbOQHe:O3BcI9nW1usjPbOQ+

Network IP location

Signature (22cnts)

Level	Description
warning	File has been identified by 21 AntiVirus engines on VirusTotal as malicious
watch	Allocates execute permission to another process indicative of possible code injection
watch	Creates a thread using CreateRemoteThread in a non-child process indicative of process injection
watch	Installs itself for autorun at Windows startup
watch	Manipulates memory of a non-child process indicative of process injection
watch	Network activity contains more than one unique useragent
watch	One or more of the buffers contains an embedded PE file
watch	Potential code injection by writing to the memory of another process
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice	Creates a suspicious process
notice	Creates executable files on the filesystem
notice	One or more potentially interesting buffers were extracted
notice	Performs some HTTP requests
notice	Uses Windows utilities for basic Windows functionality
notice	Yara rule detected in process memory
info	Command line console output was observed
info	Queries for the computername
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)
info	The executable uses a known packer
info	The file contains an unknown PE resource name possibly indicative of a packer

Rules (38cnts)

Level	Name	Description	Collection
watch	Malicious_Library_Zero	Malicious_Library	binaries (download)
watch	Malicious_Library_Zero	Malicious_Library	binaries (upload)
watch	Network_Downloader	File Downloader	memory
watch	UPX_Zero	UPX packed file	binaries (download)
watch	UPX_Zero	UPX packed file	binaries (upload)
notice	Code_injection	Code injection with CreateRemoteThread in a remote process	memory
notice	Create_Service	Create a windows service	memory
notice	Escalate_priviledges	Escalate priviledges	memory
notice	KeyLogger	Run a KeyLogger	memory
notice	local_credential_Steal	Steal credential	memory
notice	Network_DGA	Communication using DGA	memory
notice	Network_DNS	Communications use DNS	memory
notice	Network_FTP	Communications over FTP	memory
notice	Network_HTTP	Communications over HTTP	memory
notice	Network_P2P_Win	Communications over P2P network	memory
notice	Network_TCP_Socket	Communications over RAW Socket	memory
notice	ScreenShot	Take ScreenShot	memory
notice	Sniff_Audio	Record Audio	memory
notice	Str_Win32_Http_API	Match Windows Http API call	memory
notice	Str_Win32_Internet_API	Match Windows Inet API call	memory
info	anti_dbg	Checks if being debugged	memory
info	antisb_threatExpert	Anti-Sandbox checks for ThreatExpert	memory
info	Check_Dlls	(no description)	memory
info	DebuggerCheck__GlobalFlags	(no description)	memory
info	DebuggerCheck__QueryInfo	(no description)	memory
info	DebuggerCheck__RemoteAPI	(no description)	memory
info	DebuggerException__ConsoleCtrl	(no description)	memory
info	DebuggerException__SetConsoleCtrl	(no description)	memory
info	DebuggerHiding__Active	(no description)	memory
info	DebuggerHiding__Thread	(no description)	memory
info	disable_dep	Bypass DEP	memory
info	IsPE32	(no description)	binaries (download)
info	IsPE32	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (download)
info	PE_Header_Zero	PE File Signature	binaries (upload)
info	SEH__vectored	(no description)	memory
info	ThreadControl__Context	(no description)	memory
info	win_hook	Affect hook table	memory

Network (9cnts) ?

Request	ASN Co	IP4	ZERO ?
https://a2ooiw.sn.files.1drv.com/y4mE7XbSQXuZC9yYWp7AUZU0ZKgvmTacBuyD7WsIASM6IO9-p1TuQ8utdj6pKiooBRT7NSppFynY2HU1E7LUO7MTQprfN3i3jeghtE0I055rFBxTM0RGdo2IK0TDKRmgj68KbY9MMsf_ejwdv1lkwxXjAuH1OrWGGrYHCcD-ohf6XGb9Nv4UPD9_gKiMQXEj0jeN9Iazhno6ozmNeNyI-iWlg/Dhfj whois	MICROSOFT-CORP-MSN-AS-BLOCK	13.107.42.12	clean
https://onedrive.live.com/download?cid=D6676A9A61E841F3&resid=D6676A9A61E841F3%21128&authkey=AHwv5d2XqgZhJTg whois	MICROSOFT-CORP-MSN-AS-BLOCK	13.107.42.13	clean
https://a2ooiw.sn.files.1drv.com/y4m-DtusEGdlWhmlRB9W9DH3UrnVHV-LboxupN_yLq3KU4drRJETI9tgtkiUXtXaK5FqWdNquQhyxx9L_gwMLPJUY_k5XNap3ppghjTnPIUW47IPZ_7LmMTNgwxNhuipdELBpTC5ecx-Tgn_IjtpNErT657fkkX2jFJT_IDJQoqSSG2_v9bq7nuKh8C0RynsDJnNPeRRHVd2P8852lisgHDgg/Dhfj whois	MICROSOFT-CORP-MSN-AS-BLOCK	13.107.42.12	clean
onedrive.live.com whois	MICROSOFT-CORP-MSN-AS-BLOCK	13.107.42.13	mailcious
twistednerd.dvrlists.com whois	IP-Only Networks AB	62.102.148.152	mailcious
a2ooiw.sn.files.1drv.com whois	MICROSOFT-CORP-MSN-AS-BLOCK	13.107.42.12	clean
13.107.42.13 whois	MICROSOFT-CORP-MSN-AS-BLOCK	13.107.42.13	mailcious
13.107.42.12 whois	MICROSOFT-CORP-MSN-AS-BLOCK	13.107.42.12	malware
62.102.148.152 whois	IP-Only Networks AB	62.102.148.152	clean

Suricata ids

PE API

IAT(Import Address Table) Library

oleaut32.dll
0x4a886c SysFreeString
0x4a8870 SysReAllocStringLen
0x4a8874 SysAllocStringLen
advapi32.dll
0x4a887c RegQueryValueExA
0x4a8880 RegOpenKeyExA
0x4a8884 RegCloseKey
user32.dll
0x4a888c GetKeyboardType
0x4a8890 DestroyWindow
0x4a8894 LoadStringA
0x4a8898 MessageBoxA
0x4a889c CharNextA
kernel32.dll
0x4a88a4 GetACP
0x4a88a8 Sleep
0x4a88ac VirtualFree
0x4a88b0 VirtualAlloc
0x4a88b4 GetCurrentThreadId
0x4a88b8 InterlockedDecrement
0x4a88bc InterlockedIncrement
0x4a88c0 VirtualQuery
0x4a88c4 WideCharToMultiByte
0x4a88c8 MultiByteToWideChar
0x4a88cc lstrlenA
0x4a88d0 lstrcpynA
0x4a88d4 LoadLibraryExA
0x4a88d8 GetThreadLocale
0x4a88dc GetStartupInfoA
0x4a88e0 GetProcAddress
0x4a88e4 GetModuleHandleA
0x4a88e8 GetModuleFileNameA
0x4a88ec GetLocaleInfoA
0x4a88f0 GetLastError
0x4a88f4 GetCommandLineA
0x4a88f8 FreeLibrary
0x4a88fc FindFirstFileA
0x4a8900 FindClose
0x4a8904 ExitProcess
0x4a8908 CompareStringA
0x4a890c WriteFile
0x4a8910 UnhandledExceptionFilter
0x4a8914 SetFilePointer
0x4a8918 SetEndOfFile
0x4a891c RtlUnwind
0x4a8920 ReadFile
0x4a8924 RaiseException
0x4a8928 GetStdHandle
0x4a892c GetFileSize
0x4a8930 GetFileType
0x4a8934 CreateFileA
0x4a8938 CloseHandle
kernel32.dll
0x4a8940 TlsSetValue
0x4a8944 TlsGetValue
0x4a8948 LocalAlloc
0x4a894c GetModuleHandleA
user32.dll
0x4a8954 CreateWindowExA
0x4a8958 WindowFromPoint
0x4a895c WaitMessage
0x4a8960 UpdateWindow
0x4a8964 UnregisterClassA
0x4a8968 UnhookWindowsHookEx
0x4a896c TranslateMessage
0x4a8970 TranslateMDISysAccel
0x4a8974 TrackPopupMenu
0x4a8978 SystemParametersInfoA
0x4a897c ShowWindow
0x4a8980 ShowScrollBar
0x4a8984 ShowOwnedPopups
0x4a8988 ShowCaret
0x4a898c SetWindowsHookExA
0x4a8990 SetWindowPos
0x4a8994 SetWindowPlacement
0x4a8998 SetWindowLongW
0x4a899c SetWindowLongA
0x4a89a0 SetTimer
0x4a89a4 SetScrollRange
0x4a89a8 SetScrollPos
0x4a89ac SetScrollInfo
0x4a89b0 SetRect
0x4a89b4 SetPropA
0x4a89b8 SetParent
0x4a89bc SetMenuItemInfoA
0x4a89c0 SetMenu
0x4a89c4 SetForegroundWindow
0x4a89c8 SetFocus
0x4a89cc SetCursor
0x4a89d0 SetClipboardData
0x4a89d4 SetClassLongA
0x4a89d8 SetCapture
0x4a89dc SetActiveWindow
0x4a89e0 SendMessageW
0x4a89e4 SendMessageA
0x4a89e8 ScrollWindow
0x4a89ec ScreenToClient
0x4a89f0 RemovePropA
0x4a89f4 RemoveMenu
0x4a89f8 ReleaseDC
0x4a89fc ReleaseCapture
0x4a8a00 RegisterWindowMessageA
0x4a8a04 RegisterClipboardFormatA
0x4a8a08 RegisterClassA
0x4a8a0c RedrawWindow
0x4a8a10 PtInRect
0x4a8a14 PostQuitMessage
0x4a8a18 PostMessageA
0x4a8a1c PeekMessageW
0x4a8a20 PeekMessageA
0x4a8a24 OpenClipboard
0x4a8a28 OffsetRect
0x4a8a2c OemToCharA
0x4a8a30 NotifyWinEvent
0x4a8a34 MessageBoxA
0x4a8a38 MessageBeep
0x4a8a3c MapWindowPoints
0x4a8a40 MapVirtualKeyA
0x4a8a44 LoadStringA
0x4a8a48 LoadKeyboardLayoutA
0x4a8a4c LoadIconA
0x4a8a50 LoadCursorA
0x4a8a54 LoadBitmapA
0x4a8a58 KillTimer
0x4a8a5c IsZoomed
0x4a8a60 IsWindowVisible
0x4a8a64 IsWindowUnicode
0x4a8a68 IsWindowEnabled
0x4a8a6c IsWindow
0x4a8a70 IsRectEmpty
0x4a8a74 IsIconic
0x4a8a78 IsDialogMessageW
0x4a8a7c IsDialogMessageA
0x4a8a80 IsChild
0x4a8a84 InvalidateRect
0x4a8a88 IntersectRect
0x4a8a8c InsertMenuItemA
0x4a8a90 InsertMenuA
0x4a8a94 InflateRect
0x4a8a98 HideCaret
0x4a8a9c GetWindowThreadProcessId
0x4a8aa0 GetWindowTextA
0x4a8aa4 GetWindowRect
0x4a8aa8 GetWindowPlacement
0x4a8aac GetWindowLongW
0x4a8ab0 GetWindowLongA
0x4a8ab4 GetWindowDC
0x4a8ab8 GetTopWindow
0x4a8abc GetSystemMetrics
0x4a8ac0 GetSystemMenu
0x4a8ac4 GetSysColorBrush
0x4a8ac8 GetSysColor
0x4a8acc GetSubMenu
0x4a8ad0 GetScrollRange
0x4a8ad4 GetScrollPos
0x4a8ad8 GetScrollInfo
0x4a8adc GetPropA
0x4a8ae0 GetParent
0x4a8ae4 GetWindow
0x4a8ae8 GetMessageTime
0x4a8aec GetMessagePos
0x4a8af0 GetMenuStringA
0x4a8af4 GetMenuState
0x4a8af8 GetMenuItemInfoA
0x4a8afc GetMenuItemID
0x4a8b00 GetMenuItemCount
0x4a8b04 GetMenu
0x4a8b08 GetLastActivePopup
0x4a8b0c GetKeyboardState
0x4a8b10 GetKeyboardLayoutNameA
0x4a8b14 GetKeyboardLayoutList
0x4a8b18 GetKeyboardLayout
0x4a8b1c GetKeyState
0x4a8b20 GetKeyNameTextA
0x4a8b24 GetIconInfo
0x4a8b28 GetForegroundWindow
0x4a8b2c GetFocus
0x4a8b30 GetDlgItem
0x4a8b34 GetDesktopWindow
0x4a8b38 GetDCEx
0x4a8b3c GetDC
0x4a8b40 GetCursorPos
0x4a8b44 GetCursor
0x4a8b48 GetClipboardData
0x4a8b4c GetClientRect
0x4a8b50 GetClassLongA
0x4a8b54 GetClassInfoA
0x4a8b58 GetCapture
0x4a8b5c GetActiveWindow
0x4a8b60 FrameRect
0x4a8b64 FindWindowA
0x4a8b68 FillRect
0x4a8b6c EqualRect
0x4a8b70 EnumWindows
0x4a8b74 EnumThreadWindows
0x4a8b78 EnumChildWindows
0x4a8b7c EndPaint
0x4a8b80 EnableWindow
0x4a8b84 EnableScrollBar
0x4a8b88 EnableMenuItem
0x4a8b8c EmptyClipboard
0x4a8b90 DrawTextA
0x4a8b94 DrawStateA
0x4a8b98 DrawMenuBar
0x4a8b9c DrawIconEx
0x4a8ba0 DrawIcon
0x4a8ba4 DrawFrameControl
0x4a8ba8 DrawEdge
0x4a8bac DispatchMessageW
0x4a8bb0 DispatchMessageA
0x4a8bb4 DestroyWindow
0x4a8bb8 DestroyMenu
0x4a8bbc DestroyIcon
0x4a8bc0 DestroyCursor
0x4a8bc4 DeleteMenu
0x4a8bc8 DefWindowProcA
0x4a8bcc DefMDIChildProcA
0x4a8bd0 DefFrameProcA
0x4a8bd4 CreatePopupMenu
0x4a8bd8 CreateMenu
0x4a8bdc CreateIcon
0x4a8be0 CloseClipboard
0x4a8be4 ClientToScreen
0x4a8be8 CheckMenuItem
0x4a8bec CallWindowProcA
0x4a8bf0 CallNextHookEx
0x4a8bf4 BeginPaint
0x4a8bf8 CharNextA
0x4a8bfc CharLowerBuffA
0x4a8c00 CharLowerA
0x4a8c04 CharUpperBuffA
0x4a8c08 CharToOemA
0x4a8c0c AdjustWindowRectEx
0x4a8c10 ActivateKeyboardLayout
gdi32.dll
0x4a8c18 UnrealizeObject
0x4a8c1c StretchBlt
0x4a8c20 SetWindowOrgEx
0x4a8c24 SetWinMetaFileBits
0x4a8c28 SetViewportOrgEx
0x4a8c2c SetTextColor
0x4a8c30 SetStretchBltMode
0x4a8c34 SetROP2
0x4a8c38 SetPixel
0x4a8c3c SetMapMode
0x4a8c40 SetEnhMetaFileBits
0x4a8c44 SetDIBColorTable
0x4a8c48 SetBrushOrgEx
0x4a8c4c SetBkMode
0x4a8c50 SetBkColor
0x4a8c54 SelectPalette
0x4a8c58 SelectObject
0x4a8c5c SaveDC
0x4a8c60 RoundRect
0x4a8c64 RestoreDC
0x4a8c68 Rectangle
0x4a8c6c RectVisible
0x4a8c70 RealizePalette
0x4a8c74 Polyline
0x4a8c78 Polygon
0x4a8c7c PlayEnhMetaFile
0x4a8c80 PatBlt
0x4a8c84 MoveToEx
0x4a8c88 MaskBlt
0x4a8c8c LineTo
0x4a8c90 LPtoDP
0x4a8c94 IntersectClipRect
0x4a8c98 GetWindowOrgEx
0x4a8c9c GetWinMetaFileBits
0x4a8ca0 GetTextMetricsA
0x4a8ca4 GetTextExtentPointA
0x4a8ca8 GetTextExtentPoint32A
0x4a8cac GetSystemPaletteEntries
0x4a8cb0 GetStockObject
0x4a8cb4 GetRgnBox
0x4a8cb8 GetPixel
0x4a8cbc GetPaletteEntries
0x4a8cc0 GetObjectA
0x4a8cc4 GetEnhMetaFilePaletteEntries
0x4a8cc8 GetEnhMetaFileHeader
0x4a8ccc GetEnhMetaFileDescriptionA
0x4a8cd0 GetEnhMetaFileBits
0x4a8cd4 GetDeviceCaps
0x4a8cd8 GetDIBits
0x4a8cdc GetDIBColorTable
0x4a8ce0 GetDCOrgEx
0x4a8ce4 GetCurrentPositionEx
0x4a8ce8 GetClipBox
0x4a8cec GetBrushOrgEx
0x4a8cf0 GetBitmapBits
0x4a8cf4 GdiFlush
0x4a8cf8 ExtTextOutA
0x4a8cfc ExcludeClipRect
0x4a8d00 Ellipse
0x4a8d04 DeleteObject
0x4a8d08 DeleteEnhMetaFile
0x4a8d0c DeleteDC
0x4a8d10 CreateSolidBrush
0x4a8d14 CreatePenIndirect
0x4a8d18 CreatePalette
0x4a8d1c CreateHalftonePalette
0x4a8d20 CreateFontIndirectA
0x4a8d24 CreateEnhMetaFileA
0x4a8d28 CreateDIBitmap
0x4a8d2c CreateDIBSection
0x4a8d30 CreateCompatibleDC
0x4a8d34 CreateCompatibleBitmap
0x4a8d38 CreateBrushIndirect
0x4a8d3c CreateBitmap
0x4a8d40 CopyEnhMetaFileA
0x4a8d44 CloseEnhMetaFile
0x4a8d48 BitBlt
version.dll
0x4a8d50 VerQueryValueA
0x4a8d54 GetFileVersionInfoSizeA
0x4a8d58 GetFileVersionInfoA
kernel32.dll
0x4a8d60 lstrcpyA
0x4a8d64 _lwrite
0x4a8d68 _lcreat
0x4a8d6c _lclose
0x4a8d70 WriteFile
0x4a8d74 WaitForSingleObject
0x4a8d78 VirtualQuery
0x4a8d7c VirtualProtect
0x4a8d80 VirtualAlloc
0x4a8d84 SizeofResource
0x4a8d88 SetThreadLocale
0x4a8d8c SetFilePointer
0x4a8d90 SetEvent
0x4a8d94 SetErrorMode
0x4a8d98 SetEndOfFile
0x4a8d9c ResetEvent
0x4a8da0 ReadFile
0x4a8da4 MultiByteToWideChar
0x4a8da8 MulDiv
0x4a8dac LockResource
0x4a8db0 LoadResource
0x4a8db4 LoadLibraryA
0x4a8db8 LeaveCriticalSection
0x4a8dbc InitializeCriticalSection
0x4a8dc0 GlobalUnlock
0x4a8dc4 GlobalSize
0x4a8dc8 GlobalLock
0x4a8dcc GlobalFree
0x4a8dd0 GlobalFindAtomA
0x4a8dd4 GlobalDeleteAtom
0x4a8dd8 GlobalAlloc
0x4a8ddc GlobalAddAtomA
0x4a8de0 GetVersionExA
0x4a8de4 GetVersion
0x4a8de8 GetUserDefaultLCID
0x4a8dec GetTickCount
0x4a8df0 GetThreadLocale
0x4a8df4 GetTempPathA
0x4a8df8 GetStdHandle
0x4a8dfc GetProcAddress
0x4a8e00 GetModuleHandleA
0x4a8e04 GetModuleFileNameA
0x4a8e08 GetLocaleInfoA
0x4a8e0c GetLocalTime
0x4a8e10 GetLastError
0x4a8e14 GetFullPathNameA
0x4a8e18 GetFileAttributesA
0x4a8e1c GetDiskFreeSpaceA
0x4a8e20 GetDateFormatA
0x4a8e24 GetCurrentThreadId
0x4a8e28 GetCurrentProcessId
0x4a8e2c GetCPInfo
0x4a8e30 FreeResource
0x4a8e34 InterlockedExchange
0x4a8e38 FreeLibrary
0x4a8e3c FormatMessageA
0x4a8e40 FindResourceA
0x4a8e44 EnumCalendarInfoA
0x4a8e48 EnterCriticalSection
0x4a8e4c DeleteFileA
0x4a8e50 DeleteCriticalSection
0x4a8e54 CreateThread
0x4a8e58 CreateFileA
0x4a8e5c CreateEventA
0x4a8e60 CompareStringA
0x4a8e64 CloseHandle
advapi32.dll
0x4a8e6c RegQueryValueExA
0x4a8e70 RegOpenKeyExA
0x4a8e74 RegFlushKey
0x4a8e78 RegCloseKey
oleaut32.dll
0x4a8e80 GetErrorInfo
0x4a8e84 VariantInit
0x4a8e88 SysFreeString
ole32.dll
0x4a8e90 CreateStreamOnHGlobal
0x4a8e94 IsAccelerator
0x4a8e98 OleDraw
0x4a8e9c OleSetMenuDescriptor
0x4a8ea0 CoCreateInstance
0x4a8ea4 CoGetClassObject
0x4a8ea8 CoUninitialize
0x4a8eac CoInitialize
0x4a8eb0 IsEqualGUID
kernel32.dll
0x4a8eb8 Sleep
oleaut32.dll
0x4a8ec0 SafeArrayPtrOfIndex
0x4a8ec4 SafeArrayGetUBound
0x4a8ec8 SafeArrayGetLBound
0x4a8ecc SafeArrayCreate
0x4a8ed0 VariantChangeType
0x4a8ed4 VariantCopyInd
0x4a8ed8 VariantCopy
0x4a8edc VariantClear
0x4a8ee0 VariantInit
comctl32.dll
0x4a8ee8 _TrackMouseEvent
0x4a8eec ImageList_SetIconSize
0x4a8ef0 ImageList_GetIconSize
0x4a8ef4 ImageList_Write
0x4a8ef8 ImageList_Read
0x4a8efc ImageList_GetDragImage
0x4a8f00 ImageList_DragShowNolock
0x4a8f04 ImageList_DragMove
0x4a8f08 ImageList_DragLeave
0x4a8f0c ImageList_DragEnter
0x4a8f10 ImageList_EndDrag
0x4a8f14 ImageList_BeginDrag
0x4a8f18 ImageList_Remove
0x4a8f1c ImageList_DrawEx
0x4a8f20 ImageList_Replace
0x4a8f24 ImageList_Draw
0x4a8f28 ImageList_GetBkColor
0x4a8f2c ImageList_SetBkColor
0x4a8f30 ImageList_Add
0x4a8f34 ImageList_GetImageCount
0x4a8f38 ImageList_Destroy
0x4a8f3c ImageList_Create
comdlg32.dll
0x4a8f44 GetOpenFileNameA
oleacc.dll
0x4a8f4c LresultFromObject
winmm.dll
0x4a8f54 sndPlaySoundA

EAT(Export Address Table) is none

Report - fibo.exe

Signature (22cnts)

Rules (38cnts)

Network (9cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure