ScreenShot
| Created | 2021.10.14 09:56 | Machine | s1_win7_x6402 |
| Filename | file.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | e1489864463ec55743b9663fb7084a96 | ||
| sha256 | b1b54db233aed52630b1839a887922afec7d5ca63f8fb0a59718d2bc64364879 | ||
| ssdeep | 12288:DbqaDUpmiwDDi394kYWTbA2Fb/eHYYC82q+TX96EFraatTT4XRJtH8n:ya4pOD+GknbA4b/eHYY9+z96AaapT4XG | ||
| imphash | ea8aa8524573fdaa0fbe03cd1215da2c | ||
| impfuzzy | 24:AigqlYJcD1RTiOSMJKOcjtlbeHRnlyv9NT4WajMng+:AjqNnpHcjtFGK9NcWG+ | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x48a000 HeapReAlloc
0x48a004 UnmapViewOfFile
0x48a008 EndUpdateResourceW
0x48a00c GetCurrentProcess
0x48a010 SleepEx
0x48a014 BackupSeek
0x48a018 ReadConsoleW
0x48a01c FindActCtxSectionStringA
0x48a020 GetEnvironmentStrings
0x48a024 GlobalAlloc
0x48a028 InitAtomTable
0x48a02c HeapDestroy
0x48a030 GetModuleFileNameW
0x48a034 CreateActCtxA
0x48a038 GetOverlappedResult
0x48a03c GetACP
0x48a040 ReleaseSemaphore
0x48a044 SetLastError
0x48a048 GetProcAddress
0x48a04c BeginUpdateResourceW
0x48a050 ResetEvent
0x48a054 WriteConsoleA
0x48a058 DebugSetProcessKillOnExit
0x48a05c GetModuleHandleA
0x48a060 GetProcessShutdownParameters
0x48a064 EraseTape
0x48a068 VirtualProtect
0x48a06c FindNextVolumeA
0x48a070 LCMapStringW
0x48a074 lstrcpyA
0x48a078 EncodePointer
0x48a07c DecodePointer
0x48a080 GetCommandLineW
0x48a084 HeapSetInformation
0x48a088 GetStartupInfoW
0x48a08c TlsAlloc
0x48a090 TlsGetValue
0x48a094 TlsSetValue
0x48a098 TlsFree
0x48a09c InterlockedIncrement
0x48a0a0 GetModuleHandleW
0x48a0a4 GetCurrentThreadId
0x48a0a8 GetLastError
0x48a0ac InterlockedDecrement
0x48a0b0 HeapAlloc
0x48a0b4 EnterCriticalSection
0x48a0b8 LeaveCriticalSection
0x48a0bc UnhandledExceptionFilter
0x48a0c0 SetUnhandledExceptionFilter
0x48a0c4 IsDebuggerPresent
0x48a0c8 TerminateProcess
0x48a0cc HeapFree
0x48a0d0 SetFilePointer
0x48a0d4 CloseHandle
0x48a0d8 ExitProcess
0x48a0dc WriteFile
0x48a0e0 GetStdHandle
0x48a0e4 FreeEnvironmentStringsW
0x48a0e8 GetEnvironmentStringsW
0x48a0ec SetHandleCount
0x48a0f0 InitializeCriticalSectionAndSpinCount
0x48a0f4 GetFileType
0x48a0f8 DeleteCriticalSection
0x48a0fc HeapCreate
0x48a100 QueryPerformanceCounter
0x48a104 GetTickCount
0x48a108 GetCurrentProcessId
0x48a10c GetSystemTimeAsFileTime
0x48a110 GetCPInfo
0x48a114 GetOEMCP
0x48a118 IsValidCodePage
0x48a11c Sleep
0x48a120 WideCharToMultiByte
0x48a124 RtlUnwind
0x48a128 SetStdHandle
0x48a12c GetConsoleCP
0x48a130 GetConsoleMode
0x48a134 FlushFileBuffers
0x48a138 LoadLibraryW
0x48a13c RaiseException
0x48a140 MultiByteToWideChar
0x48a144 GetStringTypeW
0x48a148 IsProcessorFeaturePresent
0x48a14c WriteConsoleW
0x48a150 HeapSize
0x48a154 CreateFileW
EAT(Export Address Table) is none
KERNEL32.dll
0x48a000 HeapReAlloc
0x48a004 UnmapViewOfFile
0x48a008 EndUpdateResourceW
0x48a00c GetCurrentProcess
0x48a010 SleepEx
0x48a014 BackupSeek
0x48a018 ReadConsoleW
0x48a01c FindActCtxSectionStringA
0x48a020 GetEnvironmentStrings
0x48a024 GlobalAlloc
0x48a028 InitAtomTable
0x48a02c HeapDestroy
0x48a030 GetModuleFileNameW
0x48a034 CreateActCtxA
0x48a038 GetOverlappedResult
0x48a03c GetACP
0x48a040 ReleaseSemaphore
0x48a044 SetLastError
0x48a048 GetProcAddress
0x48a04c BeginUpdateResourceW
0x48a050 ResetEvent
0x48a054 WriteConsoleA
0x48a058 DebugSetProcessKillOnExit
0x48a05c GetModuleHandleA
0x48a060 GetProcessShutdownParameters
0x48a064 EraseTape
0x48a068 VirtualProtect
0x48a06c FindNextVolumeA
0x48a070 LCMapStringW
0x48a074 lstrcpyA
0x48a078 EncodePointer
0x48a07c DecodePointer
0x48a080 GetCommandLineW
0x48a084 HeapSetInformation
0x48a088 GetStartupInfoW
0x48a08c TlsAlloc
0x48a090 TlsGetValue
0x48a094 TlsSetValue
0x48a098 TlsFree
0x48a09c InterlockedIncrement
0x48a0a0 GetModuleHandleW
0x48a0a4 GetCurrentThreadId
0x48a0a8 GetLastError
0x48a0ac InterlockedDecrement
0x48a0b0 HeapAlloc
0x48a0b4 EnterCriticalSection
0x48a0b8 LeaveCriticalSection
0x48a0bc UnhandledExceptionFilter
0x48a0c0 SetUnhandledExceptionFilter
0x48a0c4 IsDebuggerPresent
0x48a0c8 TerminateProcess
0x48a0cc HeapFree
0x48a0d0 SetFilePointer
0x48a0d4 CloseHandle
0x48a0d8 ExitProcess
0x48a0dc WriteFile
0x48a0e0 GetStdHandle
0x48a0e4 FreeEnvironmentStringsW
0x48a0e8 GetEnvironmentStringsW
0x48a0ec SetHandleCount
0x48a0f0 InitializeCriticalSectionAndSpinCount
0x48a0f4 GetFileType
0x48a0f8 DeleteCriticalSection
0x48a0fc HeapCreate
0x48a100 QueryPerformanceCounter
0x48a104 GetTickCount
0x48a108 GetCurrentProcessId
0x48a10c GetSystemTimeAsFileTime
0x48a110 GetCPInfo
0x48a114 GetOEMCP
0x48a118 IsValidCodePage
0x48a11c Sleep
0x48a120 WideCharToMultiByte
0x48a124 RtlUnwind
0x48a128 SetStdHandle
0x48a12c GetConsoleCP
0x48a130 GetConsoleMode
0x48a134 FlushFileBuffers
0x48a138 LoadLibraryW
0x48a13c RaiseException
0x48a140 MultiByteToWideChar
0x48a144 GetStringTypeW
0x48a148 IsProcessorFeaturePresent
0x48a14c WriteConsoleW
0x48a150 HeapSize
0x48a154 CreateFileW
EAT(Export Address Table) is none