ScreenShot
| Created | 2021.08.23 19:14 | Machine | s1_win7_x6402 |
| Filename | sefile2.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | f403b3a7bba12aa247e7195e8bb9afe5 | ||
| sha256 | 796d5fe3cd876abd58768649087f6d13060f19b2d05db4bf384d81af41317af2 | ||
| ssdeep | 6144:sjpR4StniaMAjmHxeXZKH04ZaW+9lq9IzxYHEEU0U:qRLti7UmwZKHpZaO4xow | ||
| imphash | 5c06a288f07d43206aca52d5d94444b2 | ||
| impfuzzy | 48:tXlbaOCe//mEk8VuuXM5QEqlz6O8tjaE0ec+JSPu7ssC8Y:tXlJevuXg2J6vtGE0ec+JSKssCd | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x426000 SetThreadContext
0x426004 SetFilePointer
0x426008 lstrlenA
0x42600c CopyFileExW
0x426010 TlsGetValue
0x426014 SetLocalTime
0x426018 InterlockedIncrement
0x42601c GetQueuedCompletionStatus
0x426020 GetCommState
0x426024 InterlockedDecrement
0x426028 CompareFileTime
0x42602c GlobalLock
0x426030 WaitForSingleObject
0x426034 SetEvent
0x426038 OpenSemaphoreA
0x42603c GetTickCount
0x426040 CreateNamedPipeW
0x426044 VirtualFree
0x426048 GetConsoleAliasesLengthA
0x42604c GetCommandLineA
0x426050 GetDriveTypeA
0x426054 GetPriorityClass
0x426058 GetConsoleMode
0x42605c TerminateThread
0x426060 GetSystemWindowsDirectoryA
0x426064 GetVersionExW
0x426068 SetConsoleMode
0x42606c IsProcessorFeaturePresent
0x426070 SetConsoleCursorPosition
0x426074 ReadFile
0x426078 GetOverlappedResult
0x42607c CompareStringW
0x426080 GetStartupInfoW
0x426084 GetNamedPipeHandleStateW
0x426088 GetPrivateProfileIntW
0x42608c CreateDirectoryA
0x426090 GetFileSizeEx
0x426094 SetCurrentDirectoryA
0x426098 SetThreadLocale
0x42609c GetLastError
0x4260a0 IsDBCSLeadByteEx
0x4260a4 ReadConsoleOutputCharacterA
0x4260a8 GetProcAddress
0x4260ac CopyFileA
0x4260b0 GetPrivateProfileStringA
0x4260b4 LoadLibraryA
0x4260b8 OpenMutexA
0x4260bc LocalAlloc
0x4260c0 IsSystemResumeAutomatic
0x4260c4 WriteProfileSectionW
0x4260c8 HeapWalk
0x4260cc SetNamedPipeHandleState
0x4260d0 SetConsoleTitleW
0x4260d4 FindFirstChangeNotificationA
0x4260d8 FreeEnvironmentStringsW
0x4260dc EnumResourceNamesA
0x4260e0 WriteProfileStringW
0x4260e4 FatalAppExitA
0x4260e8 GetCurrentThreadId
0x4260ec GetCPInfoExA
0x4260f0 FindAtomW
0x4260f4 LCMapStringW
0x4260f8 DeleteFileA
0x4260fc UnhandledExceptionFilter
0x426100 SetUnhandledExceptionFilter
0x426104 HeapValidate
0x426108 IsBadReadPtr
0x42610c RaiseException
0x426110 GetModuleHandleW
0x426114 Sleep
0x426118 ExitProcess
0x42611c GetModuleFileNameA
0x426120 WriteFile
0x426124 GetStdHandle
0x426128 TlsAlloc
0x42612c TlsSetValue
0x426130 TlsFree
0x426134 SetLastError
0x426138 TerminateProcess
0x42613c GetCurrentProcess
0x426140 IsDebuggerPresent
0x426144 GetModuleFileNameW
0x426148 EnterCriticalSection
0x42614c LeaveCriticalSection
0x426150 DeleteCriticalSection
0x426154 QueryPerformanceCounter
0x426158 GetCurrentProcessId
0x42615c GetSystemTimeAsFileTime
0x426160 GetEnvironmentStringsW
0x426164 GetCommandLineW
0x426168 SetHandleCount
0x42616c GetFileType
0x426170 GetStartupInfoA
0x426174 HeapDestroy
0x426178 HeapCreate
0x42617c HeapFree
0x426180 HeapAlloc
0x426184 HeapSize
0x426188 HeapReAlloc
0x42618c VirtualAlloc
0x426190 GetACP
0x426194 GetOEMCP
0x426198 GetCPInfo
0x42619c IsValidCodePage
0x4261a0 InitializeCriticalSectionAndSpinCount
0x4261a4 RtlUnwind
0x4261a8 WideCharToMultiByte
0x4261ac GetConsoleCP
0x4261b0 DebugBreak
0x4261b4 OutputDebugStringA
0x4261b8 WriteConsoleW
0x4261bc OutputDebugStringW
0x4261c0 LoadLibraryW
0x4261c4 MultiByteToWideChar
0x4261c8 LCMapStringA
0x4261cc GetStringTypeA
0x4261d0 GetStringTypeW
0x4261d4 GetLocaleInfoA
0x4261d8 SetStdHandle
0x4261dc WriteConsoleA
0x4261e0 GetConsoleOutputCP
0x4261e4 FlushFileBuffers
0x4261e8 CreateFileA
0x4261ec CloseHandle
0x4261f0 GetModuleHandleA
USER32.dll
0x4261f8 GetTitleBarInfo
WINHTTP.dll
0x426200 WinHttpCloseHandle
EAT(Export Address Table) is none
KERNEL32.dll
0x426000 SetThreadContext
0x426004 SetFilePointer
0x426008 lstrlenA
0x42600c CopyFileExW
0x426010 TlsGetValue
0x426014 SetLocalTime
0x426018 InterlockedIncrement
0x42601c GetQueuedCompletionStatus
0x426020 GetCommState
0x426024 InterlockedDecrement
0x426028 CompareFileTime
0x42602c GlobalLock
0x426030 WaitForSingleObject
0x426034 SetEvent
0x426038 OpenSemaphoreA
0x42603c GetTickCount
0x426040 CreateNamedPipeW
0x426044 VirtualFree
0x426048 GetConsoleAliasesLengthA
0x42604c GetCommandLineA
0x426050 GetDriveTypeA
0x426054 GetPriorityClass
0x426058 GetConsoleMode
0x42605c TerminateThread
0x426060 GetSystemWindowsDirectoryA
0x426064 GetVersionExW
0x426068 SetConsoleMode
0x42606c IsProcessorFeaturePresent
0x426070 SetConsoleCursorPosition
0x426074 ReadFile
0x426078 GetOverlappedResult
0x42607c CompareStringW
0x426080 GetStartupInfoW
0x426084 GetNamedPipeHandleStateW
0x426088 GetPrivateProfileIntW
0x42608c CreateDirectoryA
0x426090 GetFileSizeEx
0x426094 SetCurrentDirectoryA
0x426098 SetThreadLocale
0x42609c GetLastError
0x4260a0 IsDBCSLeadByteEx
0x4260a4 ReadConsoleOutputCharacterA
0x4260a8 GetProcAddress
0x4260ac CopyFileA
0x4260b0 GetPrivateProfileStringA
0x4260b4 LoadLibraryA
0x4260b8 OpenMutexA
0x4260bc LocalAlloc
0x4260c0 IsSystemResumeAutomatic
0x4260c4 WriteProfileSectionW
0x4260c8 HeapWalk
0x4260cc SetNamedPipeHandleState
0x4260d0 SetConsoleTitleW
0x4260d4 FindFirstChangeNotificationA
0x4260d8 FreeEnvironmentStringsW
0x4260dc EnumResourceNamesA
0x4260e0 WriteProfileStringW
0x4260e4 FatalAppExitA
0x4260e8 GetCurrentThreadId
0x4260ec GetCPInfoExA
0x4260f0 FindAtomW
0x4260f4 LCMapStringW
0x4260f8 DeleteFileA
0x4260fc UnhandledExceptionFilter
0x426100 SetUnhandledExceptionFilter
0x426104 HeapValidate
0x426108 IsBadReadPtr
0x42610c RaiseException
0x426110 GetModuleHandleW
0x426114 Sleep
0x426118 ExitProcess
0x42611c GetModuleFileNameA
0x426120 WriteFile
0x426124 GetStdHandle
0x426128 TlsAlloc
0x42612c TlsSetValue
0x426130 TlsFree
0x426134 SetLastError
0x426138 TerminateProcess
0x42613c GetCurrentProcess
0x426140 IsDebuggerPresent
0x426144 GetModuleFileNameW
0x426148 EnterCriticalSection
0x42614c LeaveCriticalSection
0x426150 DeleteCriticalSection
0x426154 QueryPerformanceCounter
0x426158 GetCurrentProcessId
0x42615c GetSystemTimeAsFileTime
0x426160 GetEnvironmentStringsW
0x426164 GetCommandLineW
0x426168 SetHandleCount
0x42616c GetFileType
0x426170 GetStartupInfoA
0x426174 HeapDestroy
0x426178 HeapCreate
0x42617c HeapFree
0x426180 HeapAlloc
0x426184 HeapSize
0x426188 HeapReAlloc
0x42618c VirtualAlloc
0x426190 GetACP
0x426194 GetOEMCP
0x426198 GetCPInfo
0x42619c IsValidCodePage
0x4261a0 InitializeCriticalSectionAndSpinCount
0x4261a4 RtlUnwind
0x4261a8 WideCharToMultiByte
0x4261ac GetConsoleCP
0x4261b0 DebugBreak
0x4261b4 OutputDebugStringA
0x4261b8 WriteConsoleW
0x4261bc OutputDebugStringW
0x4261c0 LoadLibraryW
0x4261c4 MultiByteToWideChar
0x4261c8 LCMapStringA
0x4261cc GetStringTypeA
0x4261d0 GetStringTypeW
0x4261d4 GetLocaleInfoA
0x4261d8 SetStdHandle
0x4261dc WriteConsoleA
0x4261e0 GetConsoleOutputCP
0x4261e4 FlushFileBuffers
0x4261e8 CreateFileA
0x4261ec CloseHandle
0x4261f0 GetModuleHandleA
USER32.dll
0x4261f8 GetTitleBarInfo
WINHTTP.dll
0x426200 WinHttpCloseHandle
EAT(Export Address Table) is none