ScreenShot
| Created | 2021.09.03 17:16 | Machine | s1_win7_x6401 |
| Filename | sufile.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | feb9288d05f4484a9e90b6861de5c6a6 | ||
| sha256 | 0ca7e97f688770f19fb726076d916f4dfeafb21cb8fa6b082d599bcc81c6d8c6 | ||
| ssdeep | 3072:texdpLh1cCaBVPdRINnVknFXfMTksr5z6V9ENPGdwDYTuKJIX:Qx/Lh1rAxdGVkFXfMYpMGd7TuK | ||
| imphash | ecda7b3fe7f3df133ca77cddd8e4064d | ||
| impfuzzy | 24:seOu9E0Z9aTcru865DSql/0bG24oeOStslDJ3NryvDrHlRT4CplCqbjMU/8:9ZRrp5C8Sts7NYDbc2MqLE | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x419008 SetLocalTime
0x41900c InterlockedIncrement
0x419010 ReadConsoleA
0x419014 InterlockedDecrement
0x419018 GetCurrentProcess
0x41901c GetSystemWindowsDirectoryW
0x419020 SetEnvironmentVariableW
0x419024 GetEnvironmentStringsW
0x419028 GetUserDefaultLCID
0x41902c AddConsoleAliasW
0x419030 SetVolumeMountPointW
0x419034 EnumCalendarInfoExW
0x419038 WriteFile
0x41903c GetUserDefaultLangID
0x419040 GetEnvironmentStrings
0x419044 WriteConsoleOutputA
0x419048 LeaveCriticalSection
0x41904c lstrcpynW
0x419050 FindNextVolumeW
0x419054 VerifyVersionInfoA
0x419058 GetModuleFileNameW
0x41905c GetACP
0x419060 GetConsoleOutputCP
0x419064 GetProcAddress
0x419068 PeekConsoleInputW
0x41906c GetComputerNameExW
0x419070 VerLanguageNameA
0x419074 CreateTimerQueueTimer
0x419078 HeapUnlock
0x41907c LocalAlloc
0x419080 GetDefaultCommConfigA
0x419084 GetModuleHandleA
0x419088 QueueUserWorkItem
0x41908c HeapSetInformation
0x419090 GetConsoleTitleW
0x419094 ReadConsoleInputW
0x419098 GlobalReAlloc
0x41909c LCMapStringW
0x4190a0 PulseEvent
0x4190a4 GetCommandLineW
0x4190a8 UnhandledExceptionFilter
0x4190ac SetUnhandledExceptionFilter
0x4190b0 GetStartupInfoW
0x4190b4 GetModuleHandleW
0x4190b8 Sleep
0x4190bc ExitProcess
0x4190c0 GetLastError
0x4190c4 GetStdHandle
0x4190c8 GetModuleFileNameA
0x4190cc TlsGetValue
0x4190d0 TlsAlloc
0x4190d4 TlsSetValue
0x4190d8 TlsFree
0x4190dc SetLastError
0x4190e0 GetCurrentThreadId
0x4190e4 EnterCriticalSection
0x4190e8 TerminateProcess
0x4190ec IsDebuggerPresent
0x4190f0 HeapSize
0x4190f4 SetHandleCount
0x4190f8 GetFileType
0x4190fc GetStartupInfoA
0x419100 DeleteCriticalSection
0x419104 SetFilePointer
0x419108 FreeEnvironmentStringsW
0x41910c HeapCreate
0x419110 VirtualFree
0x419114 HeapFree
0x419118 QueryPerformanceCounter
0x41911c GetTickCount
0x419120 GetCurrentProcessId
0x419124 GetSystemTimeAsFileTime
0x419128 LoadLibraryA
0x41912c InitializeCriticalSectionAndSpinCount
0x419130 GetCPInfo
0x419134 GetOEMCP
0x419138 IsValidCodePage
0x41913c MultiByteToWideChar
0x419140 RtlUnwind
0x419144 HeapAlloc
0x419148 HeapReAlloc
0x41914c VirtualAlloc
0x419150 WideCharToMultiByte
0x419154 SetStdHandle
0x419158 GetLocaleInfoA
0x41915c GetStringTypeA
0x419160 GetStringTypeW
0x419164 LCMapStringA
0x419168 GetConsoleCP
0x41916c GetConsoleMode
0x419170 FlushFileBuffers
0x419174 CloseHandle
0x419178 WriteConsoleA
0x41917c WriteConsoleW
0x419180 CreateFileA
USER32.dll
0x419188 RealGetWindowClassW
GDI32.dll
0x419000 GetCharWidthFloatA
EAT(Export Address Table) is none
KERNEL32.dll
0x419008 SetLocalTime
0x41900c InterlockedIncrement
0x419010 ReadConsoleA
0x419014 InterlockedDecrement
0x419018 GetCurrentProcess
0x41901c GetSystemWindowsDirectoryW
0x419020 SetEnvironmentVariableW
0x419024 GetEnvironmentStringsW
0x419028 GetUserDefaultLCID
0x41902c AddConsoleAliasW
0x419030 SetVolumeMountPointW
0x419034 EnumCalendarInfoExW
0x419038 WriteFile
0x41903c GetUserDefaultLangID
0x419040 GetEnvironmentStrings
0x419044 WriteConsoleOutputA
0x419048 LeaveCriticalSection
0x41904c lstrcpynW
0x419050 FindNextVolumeW
0x419054 VerifyVersionInfoA
0x419058 GetModuleFileNameW
0x41905c GetACP
0x419060 GetConsoleOutputCP
0x419064 GetProcAddress
0x419068 PeekConsoleInputW
0x41906c GetComputerNameExW
0x419070 VerLanguageNameA
0x419074 CreateTimerQueueTimer
0x419078 HeapUnlock
0x41907c LocalAlloc
0x419080 GetDefaultCommConfigA
0x419084 GetModuleHandleA
0x419088 QueueUserWorkItem
0x41908c HeapSetInformation
0x419090 GetConsoleTitleW
0x419094 ReadConsoleInputW
0x419098 GlobalReAlloc
0x41909c LCMapStringW
0x4190a0 PulseEvent
0x4190a4 GetCommandLineW
0x4190a8 UnhandledExceptionFilter
0x4190ac SetUnhandledExceptionFilter
0x4190b0 GetStartupInfoW
0x4190b4 GetModuleHandleW
0x4190b8 Sleep
0x4190bc ExitProcess
0x4190c0 GetLastError
0x4190c4 GetStdHandle
0x4190c8 GetModuleFileNameA
0x4190cc TlsGetValue
0x4190d0 TlsAlloc
0x4190d4 TlsSetValue
0x4190d8 TlsFree
0x4190dc SetLastError
0x4190e0 GetCurrentThreadId
0x4190e4 EnterCriticalSection
0x4190e8 TerminateProcess
0x4190ec IsDebuggerPresent
0x4190f0 HeapSize
0x4190f4 SetHandleCount
0x4190f8 GetFileType
0x4190fc GetStartupInfoA
0x419100 DeleteCriticalSection
0x419104 SetFilePointer
0x419108 FreeEnvironmentStringsW
0x41910c HeapCreate
0x419110 VirtualFree
0x419114 HeapFree
0x419118 QueryPerformanceCounter
0x41911c GetTickCount
0x419120 GetCurrentProcessId
0x419124 GetSystemTimeAsFileTime
0x419128 LoadLibraryA
0x41912c InitializeCriticalSectionAndSpinCount
0x419130 GetCPInfo
0x419134 GetOEMCP
0x419138 IsValidCodePage
0x41913c MultiByteToWideChar
0x419140 RtlUnwind
0x419144 HeapAlloc
0x419148 HeapReAlloc
0x41914c VirtualAlloc
0x419150 WideCharToMultiByte
0x419154 SetStdHandle
0x419158 GetLocaleInfoA
0x41915c GetStringTypeA
0x419160 GetStringTypeW
0x419164 LCMapStringA
0x419168 GetConsoleCP
0x41916c GetConsoleMode
0x419170 FlushFileBuffers
0x419174 CloseHandle
0x419178 WriteConsoleA
0x41917c WriteConsoleW
0x419180 CreateFileA
USER32.dll
0x419188 RealGetWindowClassW
GDI32.dll
0x419000 GetCharWidthFloatA
EAT(Export Address Table) is none