ScreenShot
| Created | 2021.09.27 08:19 | Machine | s1_win7_x6402 |
| Filename | pub3.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | a831382bbc3598da4552c504012b48cc | ||
| sha256 | b71f2594e544eba6ce4d3c085269c8b3d610415b977de60b7d79c7d58077bc76 | ||
| ssdeep | 3072:X4ZOAcz7ZcJxPCmWWmGo/5n0J7pblF0O:X4jcpi3wuJNxmO | ||
| imphash | 1193224d221249fb1dfab2aba14a315c | ||
| impfuzzy | 24:PqewOovrN+sdv/DHFJOrab2vylbFPRv9GtdklMVv8TJ3IjT4zlLHjMn09n3p+:Pb/Q8a+rIr9Gtd1WMczdNn5+ | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x411010 MapUserPhysicalPages
0x411014 UpdateResourceA
0x411018 InterlockedIncrement
0x41101c SetEvent
0x411020 OpenSemaphoreA
0x411024 GetSystemTimeAsFileTime
0x411028 GetCommandLineA
0x41102c WriteFileGather
0x411030 CreateActCtxW
0x411034 EnumResourceTypesA
0x411038 GetEnvironmentStrings
0x41103c GlobalAlloc
0x411040 SizeofResource
0x411044 LeaveCriticalSection
0x411048 GetFileAttributesA
0x41104c FindNextVolumeW
0x411050 GetLocaleInfoA
0x411054 GetDevicePowerState
0x411058 GetProcAddress
0x41105c HeapSize
0x411060 VerLanguageNameA
0x411064 RemoveDirectoryA
0x411068 GlobalGetAtomNameA
0x41106c PrepareTape
0x411070 WriteConsoleA
0x411074 GetProcessId
0x411078 WaitForMultipleObjects
0x41107c GetModuleFileNameA
0x411080 GetModuleHandleA
0x411084 ReleaseMutex
0x411088 EndUpdateResourceA
0x41108c FindFirstVolumeW
0x411090 AddConsoleAliasA
0x411094 lstrcpyW
0x411098 ReadFile
0x41109c HeapReAlloc
0x4110a0 GetLastError
0x4110a4 HeapAlloc
0x4110a8 GetStartupInfoA
0x4110ac SetHandleCount
0x4110b0 GetStdHandle
0x4110b4 GetFileType
0x4110b8 DeleteCriticalSection
0x4110bc SetFilePointer
0x4110c0 TerminateProcess
0x4110c4 GetCurrentProcess
0x4110c8 UnhandledExceptionFilter
0x4110cc SetUnhandledExceptionFilter
0x4110d0 IsDebuggerPresent
0x4110d4 EnterCriticalSection
0x4110d8 HeapCreate
0x4110dc VirtualFree
0x4110e0 HeapFree
0x4110e4 VirtualAlloc
0x4110e8 GetModuleHandleW
0x4110ec Sleep
0x4110f0 ExitProcess
0x4110f4 WriteFile
0x4110f8 FreeEnvironmentStringsA
0x4110fc FreeEnvironmentStringsW
0x411100 WideCharToMultiByte
0x411104 GetEnvironmentStringsW
0x411108 TlsGetValue
0x41110c TlsAlloc
0x411110 TlsSetValue
0x411114 TlsFree
0x411118 SetLastError
0x41111c GetCurrentThreadId
0x411120 InterlockedDecrement
0x411124 QueryPerformanceCounter
0x411128 GetTickCount
0x41112c GetCurrentProcessId
0x411130 InitializeCriticalSectionAndSpinCount
0x411134 SetStdHandle
0x411138 RtlUnwind
0x41113c GetConsoleCP
0x411140 GetConsoleMode
0x411144 FlushFileBuffers
0x411148 LoadLibraryA
0x41114c GetCPInfo
0x411150 GetACP
0x411154 GetOEMCP
0x411158 IsValidCodePage
0x41115c GetConsoleOutputCP
0x411160 WriteConsoleW
0x411164 MultiByteToWideChar
0x411168 LCMapStringA
0x41116c LCMapStringW
0x411170 GetStringTypeA
0x411174 GetStringTypeW
0x411178 CloseHandle
0x41117c CreateFileA
USER32.dll
0x411184 GetCursorPos
GDI32.dll
0x411008 GetCharWidthFloatA
ADVAPI32.dll
0x411000 DeregisterEventSource
EAT(Export Address Table) Library
0x401000 @SetFirstEverVice@8
KERNEL32.dll
0x411010 MapUserPhysicalPages
0x411014 UpdateResourceA
0x411018 InterlockedIncrement
0x41101c SetEvent
0x411020 OpenSemaphoreA
0x411024 GetSystemTimeAsFileTime
0x411028 GetCommandLineA
0x41102c WriteFileGather
0x411030 CreateActCtxW
0x411034 EnumResourceTypesA
0x411038 GetEnvironmentStrings
0x41103c GlobalAlloc
0x411040 SizeofResource
0x411044 LeaveCriticalSection
0x411048 GetFileAttributesA
0x41104c FindNextVolumeW
0x411050 GetLocaleInfoA
0x411054 GetDevicePowerState
0x411058 GetProcAddress
0x41105c HeapSize
0x411060 VerLanguageNameA
0x411064 RemoveDirectoryA
0x411068 GlobalGetAtomNameA
0x41106c PrepareTape
0x411070 WriteConsoleA
0x411074 GetProcessId
0x411078 WaitForMultipleObjects
0x41107c GetModuleFileNameA
0x411080 GetModuleHandleA
0x411084 ReleaseMutex
0x411088 EndUpdateResourceA
0x41108c FindFirstVolumeW
0x411090 AddConsoleAliasA
0x411094 lstrcpyW
0x411098 ReadFile
0x41109c HeapReAlloc
0x4110a0 GetLastError
0x4110a4 HeapAlloc
0x4110a8 GetStartupInfoA
0x4110ac SetHandleCount
0x4110b0 GetStdHandle
0x4110b4 GetFileType
0x4110b8 DeleteCriticalSection
0x4110bc SetFilePointer
0x4110c0 TerminateProcess
0x4110c4 GetCurrentProcess
0x4110c8 UnhandledExceptionFilter
0x4110cc SetUnhandledExceptionFilter
0x4110d0 IsDebuggerPresent
0x4110d4 EnterCriticalSection
0x4110d8 HeapCreate
0x4110dc VirtualFree
0x4110e0 HeapFree
0x4110e4 VirtualAlloc
0x4110e8 GetModuleHandleW
0x4110ec Sleep
0x4110f0 ExitProcess
0x4110f4 WriteFile
0x4110f8 FreeEnvironmentStringsA
0x4110fc FreeEnvironmentStringsW
0x411100 WideCharToMultiByte
0x411104 GetEnvironmentStringsW
0x411108 TlsGetValue
0x41110c TlsAlloc
0x411110 TlsSetValue
0x411114 TlsFree
0x411118 SetLastError
0x41111c GetCurrentThreadId
0x411120 InterlockedDecrement
0x411124 QueryPerformanceCounter
0x411128 GetTickCount
0x41112c GetCurrentProcessId
0x411130 InitializeCriticalSectionAndSpinCount
0x411134 SetStdHandle
0x411138 RtlUnwind
0x41113c GetConsoleCP
0x411140 GetConsoleMode
0x411144 FlushFileBuffers
0x411148 LoadLibraryA
0x41114c GetCPInfo
0x411150 GetACP
0x411154 GetOEMCP
0x411158 IsValidCodePage
0x41115c GetConsoleOutputCP
0x411160 WriteConsoleW
0x411164 MultiByteToWideChar
0x411168 LCMapStringA
0x41116c LCMapStringW
0x411170 GetStringTypeA
0x411174 GetStringTypeW
0x411178 CloseHandle
0x41117c CreateFileA
USER32.dll
0x411184 GetCursorPos
GDI32.dll
0x411008 GetCharWidthFloatA
ADVAPI32.dll
0x411000 DeregisterEventSource
EAT(Export Address Table) Library
0x401000 @SetFirstEverVice@8