Report - ZeroBOX

ScreenShot

Info
Location map


Created	2021.10.08 11:48	Machine	s1_win7_x6401
Filename	vbc.exe
Type	PE32 executable (GUI) Intel 80386, for MS Windows
AI Score	6	Behavior Score	9.2
ZERO API	file : malware
VT API (file)	29 detected (malicious, high confidence, Siggen15, GenericKD, Unsafe, ZelphiCO, WKW@a04NNpoi, Rescoms, Eldorado, Delf, Remcos, Infected, ai score=99, kcloud, Phonzy, score, R002H0CJ721, EQAC)
md5	1e600b33bd5e1420472158c1b2e145a5
sha256	f5447c22561c0692e385ef3c0ef0ed84d4ce35042f0839bddd7de9aeaa1f777a
ssdeep	12288:5siTtPf0MEakNE3XqKkjY2N04kY7CE5L0S4rrMGdMpGyS:KaF0MEakNMrkE2hkY7CE5L0S4PMGdM
imphash	a85da29f7c79b749e46738d8b965ea53
impfuzzy	96:oO4nYo3Me5cubuu27xSUvK9eesoWGXE7yXhpeU8JS10+YdDwPOQC/:oN3MybuuaxSUvK9tso1XE7yyG1Q+POQY

Network IP location

Signature (20cnts)

Level	Description
warning	File has been identified by 29 AntiVirus engines on VirusTotal as malicious
watch	Allocates execute permission to another process indicative of possible code injection
watch	Creates a thread using CreateRemoteThread in a non-child process indicative of process injection
watch	Installs itself for autorun at Windows startup
watch	Manipulates memory of a non-child process indicative of process injection
watch	Network activity contains more than one unique useragent
watch	One or more of the buffers contains an embedded PE file
watch	Potential code injection by writing to the memory of another process
watch	Uses Sysinternals tools in order to add additional command line functionality
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice	Creates executable files on the filesystem
notice	HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice	One or more potentially interesting buffers were extracted
notice	Performs some HTTP requests
notice	Sends data using the HTTP POST Method
info	One or more processes crashed
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)
info	The executable uses a known packer
info	The file contains an unknown PE resource name possibly indicative of a packer

Rules (10cnts)

Level	Name	Description	Collection
watch	Admin_Tool_IN_Zero	Admin Tool Sysinternals	binaries (download)
watch	Admin_Tool_IN_Zero	Admin Tool Sysinternals	binaries (upload)
watch	Malicious_Library_Zero	Malicious_Library	binaries (download)
watch	Malicious_Library_Zero	Malicious_Library	binaries (upload)
watch	UPX_Zero	UPX packed file	binaries (download)
watch	UPX_Zero	UPX packed file	binaries (upload)
info	IsPE32	(no description)	binaries (download)
info	IsPE32	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (download)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (48cnts) ?

Request	ASN Co	IP4	Rule ?	ZERO ?
http://www.rosalia-pilates-angers.com/rqan/ whois	BeotelNet-ISP d.o.o	109.106.246.213		clean
http://www.buyinsurance24.com/rqan/ whois	Hostinger International Limited	156.67.222.73		clean
http://www.panda.wiki/rqan/ whois	GOOGLE	34.102.136.180		clean
http://www.moyue27.com/rqan/?3ff82=fRmTyhAx8Z7hI8&JzrHHFG8=+TqAOEONCPJUJSnFrnPpRXI/OAAPmI2ScBE7Ik0F+IdHCDjx385zAg9GOBgk6UUD1+VchaMA whois	GOOGLE	34.102.136.180	6094	mailcious
http://www.healthychefla.com/rqan/?JzrHHFG8=/u0lPg3tD0NXN01NZLIHWrUSxah+ttp+ICIzBMCDLsLXpz/De852rL6zDjoreHfIej37Aik5&3ff82=fRmTyhAx8Z7hI8 whois	CONFLUENCE-NETWORK-INC	208.91.197.91		clean
http://www.rosalia-pilates-angers.com/rqan/?JzrHHFG8=rpp+0QkQ3qVKCMOBOGYYzv2WLoTrYDsmUwusKofq8rFyUHqdXA6Sg5y77/rj9N63Y4/bVg+k&3ff82=fRmTyhAx8Z7hI8 whois	BeotelNet-ISP d.o.o	109.106.246.213		clean
http://www.panda.wiki/rqan/?3ff82=fRmTyhAx8Z7hI8&JzrHHFG8=gU5bSh/7CfqjrE2rpuf/eAzoAuSxVzybBMr2Pb3WbUhF/rLA2ILmBnXhSTyTcKBMivgEyoIy whois	GOOGLE	34.102.136.180		clean
http://www.apollonfitnessvrn.club/rqan/?3ff82=fRmTyhAx8Z7hI8&JzrHHFG8=VaQWeC1wRDDYU4/NF2iTKwsfx5eozyAXQ0Gm/adfAr5XvoDihf8e+XMwTRN2DLyVGLBuVunR whois		185.215.4.67		clean
http://www.ramashi.com/rqan/ whois	UAB Rakrejus	79.98.25.1		clean
http://www.moyue27.com/rqan/ whois	GOOGLE	34.102.136.180	6094	mailcious
http://www.apollonfitnessvrn.club/rqan/ whois		185.215.4.67		clean
http://www.healthychefla.com/rqan/ whois	CONFLUENCE-NETWORK-INC	208.91.197.91		clean
http://www.deliciousrecipe.xyz/rqan/?JzrHHFG8=TkYqMerVxz/XEBbc3qELjgfNr9F8Q7KtV2VQM2Jzmym+o2tqQPbvsTw8MJro3B5iUwTS7PrT&3ff82=fRmTyhAx8Z7hI8 whois	CLOUDFLARENET	172.67.152.251		clean
http://www.reviewbyornex.online/rqan/ whois	Hostinger International Limited	2.57.90.16		clean
http://www.ramashi.com/rqan/?JzrHHFG8=vOTuanZ5p+2kLOFJYcpBQYvwAM9pdzvrw3jIxlWAVr8jEAhUJWM6CEHoBExo5IsFxCN4cKyY&3ff82=fRmTyhAx8Z7hI8 whois	UAB Rakrejus	79.98.25.1		clean
http://www.cardboutiqueapp.com/rqan/?JzrHHFG8=7XmFwjbCeixI2TDSYCNwr0HgHUHoiQEi/VPj3ka7wDWICz/dm8qqNJY2vVzGU6p/p2qyOoMU&3ff82=fRmTyhAx8Z7hI8 whois	Ddos-guard Ltd	185.129.100.113		clean
http://www.reviewbyornex.online/rqan/?3ff82=fRmTyhAx8Z7hI8&JzrHHFG8=+YDaRZ0OalPDBvWQzxJiu3wS+1PqAY+bKICnQ4MGVASGkx7sRjvvr1ChSauunu02Av4WswUS whois	Hostinger International Limited	2.57.90.16		clean
http://www.deliciousrecipe.xyz/rqan/ whois	CLOUDFLARENET	172.67.152.251		clean
http://www.buyinsurance24.com/rqan/?3ff82=fRmTyhAx8Z7hI8&JzrHHFG8=IsEdVHV5NqrP52w/RLJIM650zUtDtKNfdYF6IcU+A2DjJJEAliTsmnu18VuJSk4dLK+eOU5k whois	Hostinger International Limited	156.67.222.73		clean
http://www.cardboutiqueapp.com/rqan/ whois	Ddos-guard Ltd	185.129.100.113		clean
https://5wxd1a.am.files.1drv.com/y4mJal6C0wcPc5EPc39Ol16AXikXzZQsUwOSxwiu1Ka6vH42e9Jx63Tz12DoO_Kb4fWQaHwB9hUzn00kQTKgFdW5XzXrBDWMwHDp36xxREnAS1mPv1kHNe_GUZ_ZPF0z2aZCVXBB65_Tg1cI2waYhNxVxfyYY7-nM4gEtwT_MWR62mM1CAEBu4U8UQAuvqkIdMrSKTd4ZLYGeZOsPvp9f7lWA/Sgve whois	MICROSOFT-CORP-MSN-AS-BLOCK	13.107.42.12		clean
https://onedrive.live.com/download?cid=4697057C65B5346F&resid=4697057C65B5346F%21539&authkey=AMY6Ch3k70HIvEs whois	MICROSOFT-CORP-MSN-AS-BLOCK	13.107.42.13		mailcious
https://5wxd1a.am.files.1drv.com/y4mHzZ-8Zvq2RFbhxYzwYTofdoEqTb8Ea40s6OQGA-1Sk1tMrMjOZ7rAoFyUfgFnRgDxm_zDpDZsmhjzmuswZgu3M13FXlKWeGMoidEGGtV5jWCCU2HKuIqL7n1nfBOIhOYUrVuY71NXgLrL39KcbqZYyGjUCtqlPDN53hjLb2CxVa2tA-2Q2lRuPzMv81fpMRD395ch94TTC_gXYCKkK31pg/Sgve whois	MICROSOFT-CORP-MSN-AS-BLOCK	13.107.42.12		clean
www.panda.wiki whois	GOOGLE	34.102.136.180		clean
www.mapara-foundation.net whois				clean
onedrive.live.com whois	MICROSOFT-CORP-MSN-AS-BLOCK	13.107.42.13		mailcious
www.healthychefla.com whois	CONFLUENCE-NETWORK-INC	208.91.197.91		clean
www.ramashi.com whois	UAB Rakrejus	79.98.25.1		clean
www.reviewbyornex.online whois	Hostinger International Limited	2.57.90.16		clean
www.buyinsurance24.com whois	Hostinger International Limited	156.67.222.73		clean
www.rosalia-pilates-angers.com whois	BeotelNet-ISP d.o.o	109.106.246.213		clean
www.deliciousrecipe.xyz whois	CLOUDFLARENET	104.21.49.221		clean
www.moyue27.com whois	GOOGLE	34.102.136.180		clean
www.cardboutiqueapp.com whois	Ddos-guard Ltd	185.129.100.113		clean
www.century21nokta.com whois				clean
www.apollonfitnessvrn.club whois		185.215.4.67		clean
5wxd1a.am.files.1drv.com whois	MICROSOFT-CORP-MSN-AS-BLOCK	13.107.42.12		clean
185.215.4.67 whois		185.215.4.67		clean
79.98.25.1 whois	UAB Rakrejus	79.98.25.1		mailcious
13.107.42.13 whois	MICROSOFT-CORP-MSN-AS-BLOCK	13.107.42.13		mailcious
13.107.42.12 whois	MICROSOFT-CORP-MSN-AS-BLOCK	13.107.42.12		malware
34.102.136.180 whois	GOOGLE	34.102.136.180		mailcious
185.129.100.113 whois	Ddos-guard Ltd	185.129.100.113		clean
109.106.246.213 whois	BeotelNet-ISP d.o.o	109.106.246.213		clean
2.57.90.16 whois	Hostinger International Limited	2.57.90.16		mailcious
156.67.222.73 whois	Hostinger International Limited	156.67.222.73		malware
208.91.197.91 whois	CONFLUENCE-NETWORK-INC	208.91.197.91		mailcious
104.21.49.221 whois	CLOUDFLARENET	104.21.49.221		clean

Suricata ids

PE API

IAT(Import Address Table) Library

oleaut32.dll
0x46171c SysFreeString
0x461720 SysReAllocStringLen
0x461724 SysAllocStringLen
advapi32.dll
0x46172c RegQueryValueExA
0x461730 RegOpenKeyExA
0x461734 RegCloseKey
user32.dll
0x46173c GetKeyboardType
0x461740 DestroyWindow
0x461744 LoadStringA
0x461748 MessageBoxA
0x46174c CharNextA
kernel32.dll
0x461754 GetACP
0x461758 Sleep
0x46175c VirtualFree
0x461760 VirtualAlloc
0x461764 GetCurrentThreadId
0x461768 InterlockedDecrement
0x46176c InterlockedIncrement
0x461770 VirtualQuery
0x461774 WideCharToMultiByte
0x461778 MultiByteToWideChar
0x46177c lstrlenA
0x461780 lstrcpynA
0x461784 LoadLibraryExA
0x461788 GetThreadLocale
0x46178c GetStartupInfoA
0x461790 GetProcAddress
0x461794 GetModuleHandleA
0x461798 GetModuleFileNameA
0x46179c GetLocaleInfoA
0x4617a0 GetLastError
0x4617a4 GetCommandLineA
0x4617a8 FreeLibrary
0x4617ac FindFirstFileA
0x4617b0 FindClose
0x4617b4 ExitProcess
0x4617b8 CompareStringA
0x4617bc WriteFile
0x4617c0 UnhandledExceptionFilter
0x4617c4 SetFilePointer
0x4617c8 SetEndOfFile
0x4617cc RtlUnwind
0x4617d0 ReadFile
0x4617d4 RaiseException
0x4617d8 GetStdHandle
0x4617dc GetFileSize
0x4617e0 GetFileType
0x4617e4 CreateFileA
0x4617e8 CloseHandle
kernel32.dll
0x4617f0 TlsSetValue
0x4617f4 TlsGetValue
0x4617f8 LocalAlloc
0x4617fc GetModuleHandleA
user32.dll
0x461804 CreateWindowExA
0x461808 WindowFromPoint
0x46180c WaitMessage
0x461810 ValidateRect
0x461814 UpdateWindow
0x461818 UnregisterClassA
0x46181c UnhookWindowsHookEx
0x461820 TranslateMessage
0x461824 TranslateMDISysAccel
0x461828 TrackPopupMenu
0x46182c SystemParametersInfoA
0x461830 ShowWindow
0x461834 ShowScrollBar
0x461838 ShowOwnedPopups
0x46183c SetWindowsHookExA
0x461840 SetWindowTextA
0x461844 SetWindowPos
0x461848 SetWindowPlacement
0x46184c SetWindowLongW
0x461850 SetWindowLongA
0x461854 SetTimer
0x461858 SetScrollRange
0x46185c SetScrollPos
0x461860 SetScrollInfo
0x461864 SetRect
0x461868 SetPropA
0x46186c SetParent
0x461870 SetMenuItemInfoA
0x461874 SetMenu
0x461878 SetForegroundWindow
0x46187c SetFocus
0x461880 SetCursor
0x461884 SetClassLongA
0x461888 SetCapture
0x46188c SetActiveWindow
0x461890 SendMessageW
0x461894 SendMessageA
0x461898 ScrollWindow
0x46189c ScreenToClient
0x4618a0 RemovePropA
0x4618a4 RemoveMenu
0x4618a8 ReleaseDC
0x4618ac ReleaseCapture
0x4618b0 RegisterWindowMessageA
0x4618b4 RegisterClipboardFormatA
0x4618b8 RegisterClassA
0x4618bc RedrawWindow
0x4618c0 PtInRect
0x4618c4 PostQuitMessage
0x4618c8 PostMessageA
0x4618cc PeekMessageW
0x4618d0 PeekMessageA
0x4618d4 OffsetRect
0x4618d8 OemToCharA
0x4618dc MsgWaitForMultipleObjects
0x4618e0 MessageBoxA
0x4618e4 MapWindowPoints
0x4618e8 MapVirtualKeyA
0x4618ec LoadStringA
0x4618f0 LoadKeyboardLayoutA
0x4618f4 LoadIconA
0x4618f8 LoadCursorA
0x4618fc LoadBitmapA
0x461900 KillTimer
0x461904 IsZoomed
0x461908 IsWindowVisible
0x46190c IsWindowUnicode
0x461910 IsWindowEnabled
0x461914 IsWindow
0x461918 IsRectEmpty
0x46191c IsIconic
0x461920 IsDialogMessageW
0x461924 IsDialogMessageA
0x461928 IsChild
0x46192c InvalidateRect
0x461930 IntersectRect
0x461934 InsertMenuItemA
0x461938 InsertMenuA
0x46193c InflateRect
0x461940 GetWindowThreadProcessId
0x461944 GetWindowTextA
0x461948 GetWindowRect
0x46194c GetWindowPlacement
0x461950 GetWindowLongW
0x461954 GetWindowLongA
0x461958 GetWindowDC
0x46195c GetTopWindow
0x461960 GetSystemMetrics
0x461964 GetSystemMenu
0x461968 GetSysColorBrush
0x46196c GetSysColor
0x461970 GetSubMenu
0x461974 GetScrollRange
0x461978 GetScrollPos
0x46197c GetScrollInfo
0x461980 GetPropA
0x461984 GetParent
0x461988 GetWindow
0x46198c GetMessagePos
0x461990 GetMenuStringA
0x461994 GetMenuState
0x461998 GetMenuItemInfoA
0x46199c GetMenuItemID
0x4619a0 GetMenuItemCount
0x4619a4 GetMenu
0x4619a8 GetLastActivePopup
0x4619ac GetKeyboardState
0x4619b0 GetKeyboardLayoutNameA
0x4619b4 GetKeyboardLayoutList
0x4619b8 GetKeyboardLayout
0x4619bc GetKeyState
0x4619c0 GetKeyNameTextA
0x4619c4 GetIconInfo
0x4619c8 GetForegroundWindow
0x4619cc GetFocus
0x4619d0 GetDesktopWindow
0x4619d4 GetDCEx
0x4619d8 GetDC
0x4619dc GetCursorPos
0x4619e0 GetCursor
0x4619e4 GetClientRect
0x4619e8 GetClassLongA
0x4619ec GetClassInfoA
0x4619f0 GetCapture
0x4619f4 GetActiveWindow
0x4619f8 FrameRect
0x4619fc FindWindowA
0x461a00 FillRect
0x461a04 EqualRect
0x461a08 EnumWindows
0x461a0c EnumThreadWindows
0x461a10 EnumChildWindows
0x461a14 EndPaint
0x461a18 EnableWindow
0x461a1c EnableScrollBar
0x461a20 EnableMenuItem
0x461a24 DrawTextA
0x461a28 DrawMenuBar
0x461a2c DrawIconEx
0x461a30 DrawIcon
0x461a34 DrawFrameControl
0x461a38 DrawEdge
0x461a3c DispatchMessageW
0x461a40 DispatchMessageA
0x461a44 DestroyWindow
0x461a48 DestroyMenu
0x461a4c DestroyIcon
0x461a50 DestroyCursor
0x461a54 DeleteMenu
0x461a58 DefWindowProcA
0x461a5c DefMDIChildProcA
0x461a60 DefFrameProcA
0x461a64 CreatePopupMenu
0x461a68 CreateMenu
0x461a6c CreateIcon
0x461a70 ClientToScreen
0x461a74 CheckMenuItem
0x461a78 CallWindowProcA
0x461a7c CallNextHookEx
0x461a80 BeginPaint
0x461a84 CharNextA
0x461a88 CharLowerA
0x461a8c CharToOemA
0x461a90 AdjustWindowRectEx
0x461a94 ActivateKeyboardLayout
gdi32.dll
0x461a9c UnrealizeObject
0x461aa0 StretchBlt
0x461aa4 SetWindowOrgEx
0x461aa8 SetViewportOrgEx
0x461aac SetTextColor
0x461ab0 SetStretchBltMode
0x461ab4 SetROP2
0x461ab8 SetPixel
0x461abc SetDIBColorTable
0x461ac0 SetBrushOrgEx
0x461ac4 SetBkMode
0x461ac8 SetBkColor
0x461acc SelectPalette
0x461ad0 SelectObject
0x461ad4 SaveDC
0x461ad8 RestoreDC
0x461adc Rectangle
0x461ae0 RectVisible
0x461ae4 RealizePalette
0x461ae8 PatBlt
0x461aec MoveToEx
0x461af0 MaskBlt
0x461af4 LineTo
0x461af8 IntersectClipRect
0x461afc GetWindowOrgEx
0x461b00 GetTextMetricsA
0x461b04 GetTextExtentPoint32A
0x461b08 GetSystemPaletteEntries
0x461b0c GetStockObject
0x461b10 GetRgnBox
0x461b14 GetPixel
0x461b18 GetPaletteEntries
0x461b1c GetObjectA
0x461b20 GetDeviceCaps
0x461b24 GetDIBits
0x461b28 GetDIBColorTable
0x461b2c GetDCOrgEx
0x461b30 GetCurrentPositionEx
0x461b34 GetClipBox
0x461b38 GetBrushOrgEx
0x461b3c GetBitmapBits
0x461b40 ExcludeClipRect
0x461b44 DeleteObject
0x461b48 DeleteDC
0x461b4c CreateSolidBrush
0x461b50 CreatePenIndirect
0x461b54 CreatePen
0x461b58 CreatePalette
0x461b5c CreateHalftonePalette
0x461b60 CreateFontIndirectA
0x461b64 CreateDIBitmap
0x461b68 CreateDIBSection
0x461b6c CreateCompatibleDC
0x461b70 CreateCompatibleBitmap
0x461b74 CreateBrushIndirect
0x461b78 CreateBitmap
0x461b7c BitBlt
version.dll
0x461b84 VerQueryValueA
0x461b88 GetFileVersionInfoSizeA
0x461b8c GetFileVersionInfoA
kernel32.dll
0x461b94 lstrcpyA
0x461b98 WriteFile
0x461b9c WaitForSingleObject
0x461ba0 VirtualQuery
0x461ba4 VirtualProtect
0x461ba8 VirtualAlloc
0x461bac SizeofResource
0x461bb0 SetThreadLocale
0x461bb4 SetFilePointer
0x461bb8 SetEvent
0x461bbc SetErrorMode
0x461bc0 SetEndOfFile
0x461bc4 ResetEvent
0x461bc8 ReadFile
0x461bcc MulDiv
0x461bd0 LockResource
0x461bd4 LoadResource
0x461bd8 LoadLibraryA
0x461bdc LeaveCriticalSection
0x461be0 InitializeCriticalSection
0x461be4 GlobalFindAtomA
0x461be8 GlobalDeleteAtom
0x461bec GlobalAddAtomA
0x461bf0 GetVersionExA
0x461bf4 GetVersion
0x461bf8 GetTickCount
0x461bfc GetThreadLocale
0x461c00 GetStdHandle
0x461c04 GetProcAddress
0x461c08 GetModuleHandleA
0x461c0c GetModuleFileNameA
0x461c10 GetLocaleInfoA
0x461c14 GetLocalTime
0x461c18 GetLastError
0x461c1c GetFullPathNameA
0x461c20 GetDiskFreeSpaceA
0x461c24 GetDateFormatA
0x461c28 GetCurrentThreadId
0x461c2c GetCurrentProcessId
0x461c30 GetCPInfo
0x461c34 FreeResource
0x461c38 InterlockedExchange
0x461c3c FreeLibrary
0x461c40 FormatMessageA
0x461c44 FindResourceA
0x461c48 EnumCalendarInfoA
0x461c4c EnterCriticalSection
0x461c50 DeleteCriticalSection
0x461c54 CreateThread
0x461c58 CreateFileA
0x461c5c CreateEventA
0x461c60 CompareStringA
0x461c64 CloseHandle
advapi32.dll
0x461c6c RegQueryValueExA
0x461c70 RegOpenKeyExA
0x461c74 RegFlushKey
0x461c78 RegCloseKey
kernel32.dll
0x461c80 Sleep
oleaut32.dll
0x461c88 SafeArrayPtrOfIndex
0x461c8c SafeArrayGetUBound
0x461c90 SafeArrayGetLBound
0x461c94 SafeArrayCreate
0x461c98 VariantChangeType
0x461c9c VariantCopy
0x461ca0 VariantClear
0x461ca4 VariantInit
comctl32.dll
0x461cac _TrackMouseEvent
0x461cb0 ImageList_SetIconSize
0x461cb4 ImageList_GetIconSize
0x461cb8 ImageList_Write
0x461cbc ImageList_Read
0x461cc0 ImageList_DragShowNolock
0x461cc4 ImageList_DragMove
0x461cc8 ImageList_DragLeave
0x461ccc ImageList_DragEnter
0x461cd0 ImageList_EndDrag
0x461cd4 ImageList_BeginDrag
0x461cd8 ImageList_Remove
0x461cdc ImageList_DrawEx
0x461ce0 ImageList_Draw
0x461ce4 ImageList_GetBkColor
0x461ce8 ImageList_SetBkColor
0x461cec ImageList_Add
0x461cf0 ImageList_GetImageCount
0x461cf4 ImageList_Destroy
0x461cf8 ImageList_Create
0x461cfc InitCommonControls
URL
0x461d04 InetIsOffline

EAT(Export Address Table) is none

Report - vbc.exe

Signature (20cnts)

Rules (10cnts)

Network (48cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure