ScreenShot
| Created | 2021.08.20 17:16 | Machine | s1_win7_x6401 |
| Filename | index.php | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | ea3fca6fc5d1a1a9fe5098996cd215e6 | ||
| sha256 | e6c14b682da6dd740709ed770174ecc2429151adfa91b8e84637b147e86185bd | ||
| ssdeep | 6144:X10UClZNMpwNLr7PfMt2Nr2EGi3wa9a8OBRyxHRSJLNky2oxuyXRPpA5gFnL:XmFlZEwN/DMXiNmIHRS9Nh2oYiZL | ||
| imphash | 9351114812ade0773cab5940b106fe09 | ||
| impfuzzy | 24:jkrkebkDQu9ErjtZE+XB1Fj76IHM02dnoJcDS1+n8GFh8PrttoLOovEGhn2cw2B4:kzZ1XNKdd81mn8jtto6VGgcDvv0wU | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x469000 GetConsoleAliasesLengthW
0x469004 SetLocalTime
0x469008 WriteConsoleOutputW
0x46900c InterlockedIncrement
0x469010 GetConsoleAliasA
0x469014 InterlockedDecrement
0x469018 GetCurrentProcess
0x46901c ReadConsoleOutputAttribute
0x469020 SetEnvironmentVariableW
0x469024 GetEnvironmentStringsW
0x469028 WaitForSingleObject
0x46902c GetSystemDefaultLCID
0x469030 GetModuleHandleW
0x469034 EnumCalendarInfoExW
0x469038 SetThreadUILanguage
0x46903c GetConsoleTitleA
0x469040 CreateActCtxW
0x469044 GetConsoleCP
0x469048 GetSystemDirectoryW
0x46904c ReadConsoleInputA
0x469050 SetVolumeMountPointA
0x469054 GetSystemWindowsDirectoryA
0x469058 GetVersionExW
0x46905c GetFileAttributesA
0x469060 lstrcpynW
0x469064 SetConsoleCursorPosition
0x469068 SetTimeZoneInformation
0x46906c WriteConsoleW
0x469070 IsBadWritePtr
0x469074 GetMailslotInfo
0x469078 lstrcatA
0x46907c GetACP
0x469080 lstrlenW
0x469084 FlushFileBuffers
0x469088 VerifyVersionInfoW
0x46908c InterlockedExchange
0x469090 FillConsoleOutputCharacterW
0x469094 SetLastError
0x469098 GetProcAddress
0x46909c PeekConsoleInputW
0x4690a0 EnumDateFormatsExA
0x4690a4 CreateTimerQueueTimer
0x4690a8 LocalLock
0x4690ac EnterCriticalSection
0x4690b0 SetTimerQueueTimer
0x4690b4 GlobalGetAtomNameA
0x4690b8 ResetEvent
0x4690bc LocalAlloc
0x4690c0 DnsHostnameToComputerNameA
0x4690c4 SetConsoleOutputCP
0x4690c8 SetFileApisToANSI
0x4690cc BeginUpdateResourceA
0x4690d0 GetModuleHandleA
0x4690d4 HeapSetInformation
0x4690d8 GetCPInfoExA
0x4690dc FindFirstVolumeA
0x4690e0 EndUpdateResourceA
0x4690e4 GetCurrentProcessId
0x4690e8 GetConsoleProcessList
0x4690ec GetModuleFileNameW
0x4690f0 LCMapStringW
0x4690f4 LCMapStringA
0x4690f8 UnhandledExceptionFilter
0x4690fc SetUnhandledExceptionFilter
0x469100 HeapAlloc
0x469104 Sleep
0x469108 ExitProcess
0x46910c GetCommandLineA
0x469110 GetStartupInfoA
0x469114 RaiseException
0x469118 RtlUnwind
0x46911c GetLastError
0x469120 WriteFile
0x469124 GetStdHandle
0x469128 GetModuleFileNameA
0x46912c TerminateProcess
0x469130 IsDebuggerPresent
0x469134 HeapFree
0x469138 DeleteCriticalSection
0x46913c LeaveCriticalSection
0x469140 VirtualFree
0x469144 VirtualAlloc
0x469148 HeapReAlloc
0x46914c HeapCreate
0x469150 TlsGetValue
0x469154 TlsAlloc
0x469158 TlsSetValue
0x46915c TlsFree
0x469160 GetCurrentThreadId
0x469164 LoadLibraryA
0x469168 InitializeCriticalSectionAndSpinCount
0x46916c FreeEnvironmentStringsA
0x469170 GetEnvironmentStrings
0x469174 FreeEnvironmentStringsW
0x469178 WideCharToMultiByte
0x46917c SetHandleCount
0x469180 GetFileType
0x469184 QueryPerformanceCounter
0x469188 GetTickCount
0x46918c GetSystemTimeAsFileTime
0x469190 GetCPInfo
0x469194 GetOEMCP
0x469198 IsValidCodePage
0x46919c HeapSize
0x4691a0 GetLocaleInfoA
0x4691a4 GetStringTypeA
0x4691a8 MultiByteToWideChar
0x4691ac GetStringTypeW
USER32.dll
0x4691b4 RealGetWindowClassA
EAT(Export Address Table) Library
0x401065 @SetFirstEverVice@8
KERNEL32.dll
0x469000 GetConsoleAliasesLengthW
0x469004 SetLocalTime
0x469008 WriteConsoleOutputW
0x46900c InterlockedIncrement
0x469010 GetConsoleAliasA
0x469014 InterlockedDecrement
0x469018 GetCurrentProcess
0x46901c ReadConsoleOutputAttribute
0x469020 SetEnvironmentVariableW
0x469024 GetEnvironmentStringsW
0x469028 WaitForSingleObject
0x46902c GetSystemDefaultLCID
0x469030 GetModuleHandleW
0x469034 EnumCalendarInfoExW
0x469038 SetThreadUILanguage
0x46903c GetConsoleTitleA
0x469040 CreateActCtxW
0x469044 GetConsoleCP
0x469048 GetSystemDirectoryW
0x46904c ReadConsoleInputA
0x469050 SetVolumeMountPointA
0x469054 GetSystemWindowsDirectoryA
0x469058 GetVersionExW
0x46905c GetFileAttributesA
0x469060 lstrcpynW
0x469064 SetConsoleCursorPosition
0x469068 SetTimeZoneInformation
0x46906c WriteConsoleW
0x469070 IsBadWritePtr
0x469074 GetMailslotInfo
0x469078 lstrcatA
0x46907c GetACP
0x469080 lstrlenW
0x469084 FlushFileBuffers
0x469088 VerifyVersionInfoW
0x46908c InterlockedExchange
0x469090 FillConsoleOutputCharacterW
0x469094 SetLastError
0x469098 GetProcAddress
0x46909c PeekConsoleInputW
0x4690a0 EnumDateFormatsExA
0x4690a4 CreateTimerQueueTimer
0x4690a8 LocalLock
0x4690ac EnterCriticalSection
0x4690b0 SetTimerQueueTimer
0x4690b4 GlobalGetAtomNameA
0x4690b8 ResetEvent
0x4690bc LocalAlloc
0x4690c0 DnsHostnameToComputerNameA
0x4690c4 SetConsoleOutputCP
0x4690c8 SetFileApisToANSI
0x4690cc BeginUpdateResourceA
0x4690d0 GetModuleHandleA
0x4690d4 HeapSetInformation
0x4690d8 GetCPInfoExA
0x4690dc FindFirstVolumeA
0x4690e0 EndUpdateResourceA
0x4690e4 GetCurrentProcessId
0x4690e8 GetConsoleProcessList
0x4690ec GetModuleFileNameW
0x4690f0 LCMapStringW
0x4690f4 LCMapStringA
0x4690f8 UnhandledExceptionFilter
0x4690fc SetUnhandledExceptionFilter
0x469100 HeapAlloc
0x469104 Sleep
0x469108 ExitProcess
0x46910c GetCommandLineA
0x469110 GetStartupInfoA
0x469114 RaiseException
0x469118 RtlUnwind
0x46911c GetLastError
0x469120 WriteFile
0x469124 GetStdHandle
0x469128 GetModuleFileNameA
0x46912c TerminateProcess
0x469130 IsDebuggerPresent
0x469134 HeapFree
0x469138 DeleteCriticalSection
0x46913c LeaveCriticalSection
0x469140 VirtualFree
0x469144 VirtualAlloc
0x469148 HeapReAlloc
0x46914c HeapCreate
0x469150 TlsGetValue
0x469154 TlsAlloc
0x469158 TlsSetValue
0x46915c TlsFree
0x469160 GetCurrentThreadId
0x469164 LoadLibraryA
0x469168 InitializeCriticalSectionAndSpinCount
0x46916c FreeEnvironmentStringsA
0x469170 GetEnvironmentStrings
0x469174 FreeEnvironmentStringsW
0x469178 WideCharToMultiByte
0x46917c SetHandleCount
0x469180 GetFileType
0x469184 QueryPerformanceCounter
0x469188 GetTickCount
0x46918c GetSystemTimeAsFileTime
0x469190 GetCPInfo
0x469194 GetOEMCP
0x469198 IsValidCodePage
0x46919c HeapSize
0x4691a0 GetLocaleInfoA
0x4691a4 GetStringTypeA
0x4691a8 MultiByteToWideChar
0x4691ac GetStringTypeW
USER32.dll
0x4691b4 RealGetWindowClassA
EAT(Export Address Table) Library
0x401065 @SetFirstEverVice@8