ScreenShot
| Created | 2021.10.04 10:19 | Machine | s1_win7_x6402 |
| Filename | hofile.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 6b40855b1ad38b1aeeefd7a6592370cf | ||
| sha256 | 61413b9922fa95b779baf8d51fa4cc34a73e99a13a5d913644232857330df738 | ||
| ssdeep | 12288:xiHZEj38ZPu+KuLjy5Fszc5M0mZnLYbKPsRy9f4+zxp6L:xi6D8hRjnYbmlEWsU36L | ||
| imphash | c15bb6cf111ec297d5d1e54944f0caf3 | ||
| impfuzzy | 24:UokroOovFPhv1SFdED8Sa7uJXOaV4wlb61R+fjlntsMZ6LJ3NQuOZyvuTzZrnlLg:1ecPhsdaO2w+fRtsMZINsuuXZ7O | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x461000 HeapReAlloc
0x461004 GlobalDeleteAtom
0x461008 GetLocaleInfoA
0x46100c InterlockedIncrement
0x461010 GetQueuedCompletionStatus
0x461014 GetEnvironmentStringsW
0x461018 SetEvent
0x46101c ReadConsoleW
0x461020 GetCommandLineA
0x461024 CreateActCtxW
0x461028 GlobalAlloc
0x46102c CopyFileW
0x461030 FreeConsole
0x461034 LeaveCriticalSection
0x461038 HeapCreate
0x46103c GetFileAttributesW
0x461040 WriteConsoleW
0x461044 GetModuleFileNameW
0x461048 lstrlenW
0x46104c SetConsoleTitleA
0x461050 FlushFileBuffers
0x461054 DeactivateActCtx
0x461058 InterlockedExchange
0x46105c GetProcAddress
0x461060 BeginUpdateResourceW
0x461064 RemoveDirectoryA
0x461068 VerLanguageNameW
0x46106c LocalAlloc
0x461070 SetConsoleWindowInfo
0x461074 GetTapeParameters
0x461078 SetEnvironmentVariableA
0x46107c SetConsoleTitleW
0x461080 GetModuleHandleA
0x461084 EraseTape
0x461088 VirtualProtect
0x46108c EndUpdateResourceA
0x461090 FindFirstVolumeW
0x461094 GetCurrentProcessId
0x461098 GetPrivateProfileSectionW
0x46109c FindNextVolumeA
0x4610a0 lstrcpyW
0x4610a4 GetConsoleOutputCP
0x4610a8 WideCharToMultiByte
0x4610ac InterlockedDecrement
0x4610b0 InterlockedCompareExchange
0x4610b4 MultiByteToWideChar
0x4610b8 Sleep
0x4610bc InitializeCriticalSection
0x4610c0 DeleteCriticalSection
0x4610c4 EnterCriticalSection
0x4610c8 GetLastError
0x4610cc HeapFree
0x4610d0 TerminateProcess
0x4610d4 GetCurrentProcess
0x4610d8 UnhandledExceptionFilter
0x4610dc SetUnhandledExceptionFilter
0x4610e0 IsDebuggerPresent
0x4610e4 HeapAlloc
0x4610e8 GetStartupInfoW
0x4610ec GetCPInfo
0x4610f0 RtlUnwind
0x4610f4 RaiseException
0x4610f8 LCMapStringW
0x4610fc LCMapStringA
0x461100 GetStringTypeW
0x461104 VirtualFree
0x461108 VirtualAlloc
0x46110c GetModuleHandleW
0x461110 TlsGetValue
0x461114 TlsAlloc
0x461118 TlsSetValue
0x46111c TlsFree
0x461120 SetLastError
0x461124 GetCurrentThreadId
0x461128 SetFilePointer
0x46112c CloseHandle
0x461130 ExitProcess
0x461134 WriteFile
0x461138 GetStdHandle
0x46113c GetModuleFileNameA
0x461140 FreeEnvironmentStringsW
0x461144 GetCommandLineW
0x461148 SetHandleCount
0x46114c GetFileType
0x461150 GetStartupInfoA
0x461154 QueryPerformanceCounter
0x461158 GetTickCount
0x46115c GetSystemTimeAsFileTime
0x461160 GetStringTypeA
0x461164 HeapSize
0x461168 GetACP
0x46116c GetOEMCP
0x461170 IsValidCodePage
0x461174 GetUserDefaultLCID
0x461178 EnumSystemLocalesA
0x46117c IsValidLocale
0x461180 InitializeCriticalSectionAndSpinCount
0x461184 CreateFileA
0x461188 SetStdHandle
0x46118c GetConsoleCP
0x461190 GetConsoleMode
0x461194 LoadLibraryA
0x461198 GetLocaleInfoW
0x46119c SetEndOfFile
0x4611a0 GetProcessHeap
0x4611a4 ReadFile
0x4611a8 WriteConsoleA
EAT(Export Address Table) Library
0x401763 @GetFirstVice@8
KERNEL32.dll
0x461000 HeapReAlloc
0x461004 GlobalDeleteAtom
0x461008 GetLocaleInfoA
0x46100c InterlockedIncrement
0x461010 GetQueuedCompletionStatus
0x461014 GetEnvironmentStringsW
0x461018 SetEvent
0x46101c ReadConsoleW
0x461020 GetCommandLineA
0x461024 CreateActCtxW
0x461028 GlobalAlloc
0x46102c CopyFileW
0x461030 FreeConsole
0x461034 LeaveCriticalSection
0x461038 HeapCreate
0x46103c GetFileAttributesW
0x461040 WriteConsoleW
0x461044 GetModuleFileNameW
0x461048 lstrlenW
0x46104c SetConsoleTitleA
0x461050 FlushFileBuffers
0x461054 DeactivateActCtx
0x461058 InterlockedExchange
0x46105c GetProcAddress
0x461060 BeginUpdateResourceW
0x461064 RemoveDirectoryA
0x461068 VerLanguageNameW
0x46106c LocalAlloc
0x461070 SetConsoleWindowInfo
0x461074 GetTapeParameters
0x461078 SetEnvironmentVariableA
0x46107c SetConsoleTitleW
0x461080 GetModuleHandleA
0x461084 EraseTape
0x461088 VirtualProtect
0x46108c EndUpdateResourceA
0x461090 FindFirstVolumeW
0x461094 GetCurrentProcessId
0x461098 GetPrivateProfileSectionW
0x46109c FindNextVolumeA
0x4610a0 lstrcpyW
0x4610a4 GetConsoleOutputCP
0x4610a8 WideCharToMultiByte
0x4610ac InterlockedDecrement
0x4610b0 InterlockedCompareExchange
0x4610b4 MultiByteToWideChar
0x4610b8 Sleep
0x4610bc InitializeCriticalSection
0x4610c0 DeleteCriticalSection
0x4610c4 EnterCriticalSection
0x4610c8 GetLastError
0x4610cc HeapFree
0x4610d0 TerminateProcess
0x4610d4 GetCurrentProcess
0x4610d8 UnhandledExceptionFilter
0x4610dc SetUnhandledExceptionFilter
0x4610e0 IsDebuggerPresent
0x4610e4 HeapAlloc
0x4610e8 GetStartupInfoW
0x4610ec GetCPInfo
0x4610f0 RtlUnwind
0x4610f4 RaiseException
0x4610f8 LCMapStringW
0x4610fc LCMapStringA
0x461100 GetStringTypeW
0x461104 VirtualFree
0x461108 VirtualAlloc
0x46110c GetModuleHandleW
0x461110 TlsGetValue
0x461114 TlsAlloc
0x461118 TlsSetValue
0x46111c TlsFree
0x461120 SetLastError
0x461124 GetCurrentThreadId
0x461128 SetFilePointer
0x46112c CloseHandle
0x461130 ExitProcess
0x461134 WriteFile
0x461138 GetStdHandle
0x46113c GetModuleFileNameA
0x461140 FreeEnvironmentStringsW
0x461144 GetCommandLineW
0x461148 SetHandleCount
0x46114c GetFileType
0x461150 GetStartupInfoA
0x461154 QueryPerformanceCounter
0x461158 GetTickCount
0x46115c GetSystemTimeAsFileTime
0x461160 GetStringTypeA
0x461164 HeapSize
0x461168 GetACP
0x46116c GetOEMCP
0x461170 IsValidCodePage
0x461174 GetUserDefaultLCID
0x461178 EnumSystemLocalesA
0x46117c IsValidLocale
0x461180 InitializeCriticalSectionAndSpinCount
0x461184 CreateFileA
0x461188 SetStdHandle
0x46118c GetConsoleCP
0x461190 GetConsoleMode
0x461194 LoadLibraryA
0x461198 GetLocaleInfoW
0x46119c SetEndOfFile
0x4611a0 GetProcessHeap
0x4611a4 ReadFile
0x4611a8 WriteConsoleA
EAT(Export Address Table) Library
0x401763 @GetFirstVice@8