ScreenShot
| Created | 2021.09.20 09:47 | Machine | s1_win7_x6401 |
| Filename | Updbdate.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 7adeb7b9a3dbc0de7fdb92c72bdb0745 | ||
| sha256 | fd9d8d1de7a566e60479fa781b6bae0707bf8fa538004ac2b6de2f447b6d40a8 | ||
| ssdeep | 6144:kTZQKVZrMEGX01KFIzkqU7F6JWzV3tJYW94stAI9uGlUyc8:AZJrMEC0/zkFppznJYMAiuGKF | ||
| imphash | 9b494192bab1e0e5f914d8f6d610f95a | ||
| impfuzzy | 48:ZOGOPvym0dgXAq+OYmOuFBKaEBqHtWtq/JcEreQI:wZ1kgXALOz/EBetWtq/JcEre7 | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41d00c CallNamedPipeA
0x41d010 SetWaitableTimer
0x41d014 InterlockedIncrement
0x41d018 GetCommState
0x41d01c InterlockedDecrement
0x41d020 GetProfileStringW
0x41d024 SetEvent
0x41d028 OpenSemaphoreA
0x41d02c FreeEnvironmentStringsA
0x41d030 CreateNamedPipeW
0x41d034 LocalFlags
0x41d038 GetNumberFormatA
0x41d03c ReadConsoleOutputA
0x41d040 SetProcessPriorityBoost
0x41d044 GetSystemTimes
0x41d048 GlobalAlloc
0x41d04c GetPrivateProfileIntA
0x41d050 GetSystemDirectoryW
0x41d054 GetVolumeInformationA
0x41d058 LoadLibraryW
0x41d05c TerminateThread
0x41d060 GetConsoleAliasExesLengthW
0x41d064 HeapDestroy
0x41d068 LeaveCriticalSection
0x41d06c FileTimeToSystemTime
0x41d070 GetCompressedFileSizeA
0x41d074 lstrlenW
0x41d078 GetPrivateProfileIntW
0x41d07c InterlockedExchange
0x41d080 CopyFileExW
0x41d084 SetThreadLocale
0x41d088 GetCPInfoExW
0x41d08c FreeLibraryAndExitThread
0x41d090 GetLastError
0x41d094 GetCurrentDirectoryW
0x41d098 GetProcAddress
0x41d09c SetStdHandle
0x41d0a0 LoadLibraryA
0x41d0a4 OpenMutexA
0x41d0a8 CreateSemaphoreW
0x41d0ac WritePrivateProfileStringA
0x41d0b0 FindAtomA
0x41d0b4 GetModuleFileNameA
0x41d0b8 CreateIoCompletionPort
0x41d0bc GetModuleHandleA
0x41d0c0 FindFirstChangeNotificationA
0x41d0c4 HeapSetInformation
0x41d0c8 FindNextFileW
0x41d0cc WriteProfileStringW
0x41d0d0 TlsAlloc
0x41d0d4 LocalSize
0x41d0d8 FindAtomW
0x41d0dc EnumResourceLanguagesW
0x41d0e0 SetFileValidData
0x41d0e4 GetSystemTime
0x41d0e8 GetProfileSectionW
0x41d0ec LCMapStringW
0x41d0f0 DeleteFileA
0x41d0f4 GetThreadContext
0x41d0f8 GetStartupInfoA
0x41d0fc GetCommandLineW
0x41d100 GetCommandLineA
0x41d104 HeapValidate
0x41d108 IsBadReadPtr
0x41d10c RaiseException
0x41d110 EnterCriticalSection
0x41d114 GetFileType
0x41d118 WriteFile
0x41d11c WideCharToMultiByte
0x41d120 GetConsoleCP
0x41d124 GetConsoleMode
0x41d128 GetModuleHandleW
0x41d12c Sleep
0x41d130 ExitProcess
0x41d134 TlsGetValue
0x41d138 TlsSetValue
0x41d13c GetCurrentThreadId
0x41d140 TlsFree
0x41d144 SetLastError
0x41d148 TerminateProcess
0x41d14c GetCurrentProcess
0x41d150 UnhandledExceptionFilter
0x41d154 SetUnhandledExceptionFilter
0x41d158 IsDebuggerPresent
0x41d15c GetModuleFileNameW
0x41d160 RtlUnwind
0x41d164 GetACP
0x41d168 GetOEMCP
0x41d16c GetCPInfo
0x41d170 IsValidCodePage
0x41d174 DeleteCriticalSection
0x41d178 QueryPerformanceCounter
0x41d17c GetTickCount
0x41d180 GetCurrentProcessId
0x41d184 GetSystemTimeAsFileTime
0x41d188 GetEnvironmentStrings
0x41d18c FreeEnvironmentStringsW
0x41d190 GetEnvironmentStringsW
0x41d194 SetHandleCount
0x41d198 GetStdHandle
0x41d19c HeapCreate
0x41d1a0 HeapFree
0x41d1a4 VirtualFree
0x41d1a8 HeapAlloc
0x41d1ac HeapSize
0x41d1b0 HeapReAlloc
0x41d1b4 VirtualAlloc
0x41d1b8 InitializeCriticalSectionAndSpinCount
0x41d1bc WriteConsoleA
0x41d1c0 GetConsoleOutputCP
0x41d1c4 WriteConsoleW
0x41d1c8 MultiByteToWideChar
0x41d1cc SetFilePointer
0x41d1d0 GetStringTypeA
0x41d1d4 GetStringTypeW
0x41d1d8 GetLocaleInfoA
0x41d1dc DebugBreak
0x41d1e0 OutputDebugStringA
0x41d1e4 OutputDebugStringW
0x41d1e8 LCMapStringA
0x41d1ec CreateFileA
0x41d1f0 CloseHandle
0x41d1f4 FlushFileBuffers
ADVAPI32.dll
0x41d000 InitiateSystemShutdownA
0x41d004 ImpersonateSelf
EAT(Export Address Table) is none
KERNEL32.dll
0x41d00c CallNamedPipeA
0x41d010 SetWaitableTimer
0x41d014 InterlockedIncrement
0x41d018 GetCommState
0x41d01c InterlockedDecrement
0x41d020 GetProfileStringW
0x41d024 SetEvent
0x41d028 OpenSemaphoreA
0x41d02c FreeEnvironmentStringsA
0x41d030 CreateNamedPipeW
0x41d034 LocalFlags
0x41d038 GetNumberFormatA
0x41d03c ReadConsoleOutputA
0x41d040 SetProcessPriorityBoost
0x41d044 GetSystemTimes
0x41d048 GlobalAlloc
0x41d04c GetPrivateProfileIntA
0x41d050 GetSystemDirectoryW
0x41d054 GetVolumeInformationA
0x41d058 LoadLibraryW
0x41d05c TerminateThread
0x41d060 GetConsoleAliasExesLengthW
0x41d064 HeapDestroy
0x41d068 LeaveCriticalSection
0x41d06c FileTimeToSystemTime
0x41d070 GetCompressedFileSizeA
0x41d074 lstrlenW
0x41d078 GetPrivateProfileIntW
0x41d07c InterlockedExchange
0x41d080 CopyFileExW
0x41d084 SetThreadLocale
0x41d088 GetCPInfoExW
0x41d08c FreeLibraryAndExitThread
0x41d090 GetLastError
0x41d094 GetCurrentDirectoryW
0x41d098 GetProcAddress
0x41d09c SetStdHandle
0x41d0a0 LoadLibraryA
0x41d0a4 OpenMutexA
0x41d0a8 CreateSemaphoreW
0x41d0ac WritePrivateProfileStringA
0x41d0b0 FindAtomA
0x41d0b4 GetModuleFileNameA
0x41d0b8 CreateIoCompletionPort
0x41d0bc GetModuleHandleA
0x41d0c0 FindFirstChangeNotificationA
0x41d0c4 HeapSetInformation
0x41d0c8 FindNextFileW
0x41d0cc WriteProfileStringW
0x41d0d0 TlsAlloc
0x41d0d4 LocalSize
0x41d0d8 FindAtomW
0x41d0dc EnumResourceLanguagesW
0x41d0e0 SetFileValidData
0x41d0e4 GetSystemTime
0x41d0e8 GetProfileSectionW
0x41d0ec LCMapStringW
0x41d0f0 DeleteFileA
0x41d0f4 GetThreadContext
0x41d0f8 GetStartupInfoA
0x41d0fc GetCommandLineW
0x41d100 GetCommandLineA
0x41d104 HeapValidate
0x41d108 IsBadReadPtr
0x41d10c RaiseException
0x41d110 EnterCriticalSection
0x41d114 GetFileType
0x41d118 WriteFile
0x41d11c WideCharToMultiByte
0x41d120 GetConsoleCP
0x41d124 GetConsoleMode
0x41d128 GetModuleHandleW
0x41d12c Sleep
0x41d130 ExitProcess
0x41d134 TlsGetValue
0x41d138 TlsSetValue
0x41d13c GetCurrentThreadId
0x41d140 TlsFree
0x41d144 SetLastError
0x41d148 TerminateProcess
0x41d14c GetCurrentProcess
0x41d150 UnhandledExceptionFilter
0x41d154 SetUnhandledExceptionFilter
0x41d158 IsDebuggerPresent
0x41d15c GetModuleFileNameW
0x41d160 RtlUnwind
0x41d164 GetACP
0x41d168 GetOEMCP
0x41d16c GetCPInfo
0x41d170 IsValidCodePage
0x41d174 DeleteCriticalSection
0x41d178 QueryPerformanceCounter
0x41d17c GetTickCount
0x41d180 GetCurrentProcessId
0x41d184 GetSystemTimeAsFileTime
0x41d188 GetEnvironmentStrings
0x41d18c FreeEnvironmentStringsW
0x41d190 GetEnvironmentStringsW
0x41d194 SetHandleCount
0x41d198 GetStdHandle
0x41d19c HeapCreate
0x41d1a0 HeapFree
0x41d1a4 VirtualFree
0x41d1a8 HeapAlloc
0x41d1ac HeapSize
0x41d1b0 HeapReAlloc
0x41d1b4 VirtualAlloc
0x41d1b8 InitializeCriticalSectionAndSpinCount
0x41d1bc WriteConsoleA
0x41d1c0 GetConsoleOutputCP
0x41d1c4 WriteConsoleW
0x41d1c8 MultiByteToWideChar
0x41d1cc SetFilePointer
0x41d1d0 GetStringTypeA
0x41d1d4 GetStringTypeW
0x41d1d8 GetLocaleInfoA
0x41d1dc DebugBreak
0x41d1e0 OutputDebugStringA
0x41d1e4 OutputDebugStringW
0x41d1e8 LCMapStringA
0x41d1ec CreateFileA
0x41d1f0 CloseHandle
0x41d1f4 FlushFileBuffers
ADVAPI32.dll
0x41d000 InitiateSystemShutdownA
0x41d004 ImpersonateSelf
EAT(Export Address Table) is none