ScreenShot
| Created | 2021.10.26 09:27 | Machine | s1_win7_x6401 |
| Filename | index.php | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 759a6c2271e358bf787f203f1549d813 | ||
| sha256 | 834a6b7eec3fd0974e4601c23874a69abd1ce895aec20818b6a3dbdd1bbdde9e | ||
| ssdeep | 12288:cnteXHO3hyFL9Myyc5W2fi/2+imc2qJ0aWosUGbBNyrnJ7CcS:cEXHqyFL9+6Wd/2bIq+aOpvynJ7Cz | ||
| imphash | 2b7a2a2feb79758ff89fe54c66664c92 | ||
| impfuzzy | 24:Gu9Esi+811wMcDR4xQ4lB8LO31tEW/J3IbdcQIlyv9Z9GS3jMxg:M+Vqm631tJScHK9eSCg | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x48e008 GetCurrentProcess
0x48e00c SetEnvironmentVariableW
0x48e010 GetEnvironmentStringsW
0x48e014 SetEvent
0x48e018 SleepEx
0x48e01c GetTickCount
0x48e020 ReadConsoleW
0x48e024 FindActCtxSectionStringA
0x48e028 GlobalAlloc
0x48e02c InitAtomTable
0x48e030 FindNextVolumeW
0x48e034 GetTapePosition
0x48e038 GetMailslotInfo
0x48e03c CreateActCtxA
0x48e040 SetConsoleTitleA
0x48e044 Module32First
0x48e048 GetCPInfoExW
0x48e04c GetLastError
0x48e050 GetProcAddress
0x48e054 VirtualAlloc
0x48e058 GetAtomNameA
0x48e05c LoadLibraryA
0x48e060 WriteConsoleA
0x48e064 BeginUpdateResourceA
0x48e068 GetProcessShutdownParameters
0x48e06c LoadLibraryExA
0x48e070 GetProcessAffinityMask
0x48e074 ReleaseMutex
0x48e078 EndUpdateResourceA
0x48e07c GetVersionExA
0x48e080 FindNextVolumeA
0x48e084 lstrcpyW
0x48e088 LCMapStringW
0x48e08c GetModuleFileNameW
0x48e090 HeapReAlloc
0x48e094 EncodePointer
0x48e098 DecodePointer
0x48e09c GetModuleHandleW
0x48e0a0 ExitProcess
0x48e0a4 GetCommandLineW
0x48e0a8 HeapSetInformation
0x48e0ac GetStartupInfoW
0x48e0b0 RaiseException
0x48e0b4 UnhandledExceptionFilter
0x48e0b8 SetUnhandledExceptionFilter
0x48e0bc IsDebuggerPresent
0x48e0c0 TerminateProcess
0x48e0c4 HeapAlloc
0x48e0c8 HeapFree
0x48e0cc IsProcessorFeaturePresent
0x48e0d0 TlsAlloc
0x48e0d4 TlsGetValue
0x48e0d8 TlsSetValue
0x48e0dc TlsFree
0x48e0e0 InterlockedIncrement
0x48e0e4 SetLastError
0x48e0e8 GetCurrentThreadId
0x48e0ec InterlockedDecrement
0x48e0f0 ReadFile
0x48e0f4 EnterCriticalSection
0x48e0f8 LeaveCriticalSection
0x48e0fc SetHandleCount
0x48e100 GetStdHandle
0x48e104 InitializeCriticalSectionAndSpinCount
0x48e108 GetFileType
0x48e10c DeleteCriticalSection
0x48e110 SetFilePointer
0x48e114 GetCPInfo
0x48e118 GetACP
0x48e11c GetOEMCP
0x48e120 IsValidCodePage
0x48e124 CloseHandle
0x48e128 LoadLibraryW
0x48e12c WriteFile
0x48e130 FreeEnvironmentStringsW
0x48e134 HeapCreate
0x48e138 QueryPerformanceCounter
0x48e13c GetCurrentProcessId
0x48e140 GetSystemTimeAsFileTime
0x48e144 WideCharToMultiByte
0x48e148 GetConsoleCP
0x48e14c GetConsoleMode
0x48e150 Sleep
0x48e154 MultiByteToWideChar
0x48e158 RtlUnwind
0x48e15c SetStdHandle
0x48e160 FlushFileBuffers
0x48e164 GetStringTypeW
0x48e168 HeapSize
0x48e16c WriteConsoleW
0x48e170 CreateFileW
GDI32.dll
0x48e000 GetBitmapBits
EAT(Export Address Table) is none
KERNEL32.dll
0x48e008 GetCurrentProcess
0x48e00c SetEnvironmentVariableW
0x48e010 GetEnvironmentStringsW
0x48e014 SetEvent
0x48e018 SleepEx
0x48e01c GetTickCount
0x48e020 ReadConsoleW
0x48e024 FindActCtxSectionStringA
0x48e028 GlobalAlloc
0x48e02c InitAtomTable
0x48e030 FindNextVolumeW
0x48e034 GetTapePosition
0x48e038 GetMailslotInfo
0x48e03c CreateActCtxA
0x48e040 SetConsoleTitleA
0x48e044 Module32First
0x48e048 GetCPInfoExW
0x48e04c GetLastError
0x48e050 GetProcAddress
0x48e054 VirtualAlloc
0x48e058 GetAtomNameA
0x48e05c LoadLibraryA
0x48e060 WriteConsoleA
0x48e064 BeginUpdateResourceA
0x48e068 GetProcessShutdownParameters
0x48e06c LoadLibraryExA
0x48e070 GetProcessAffinityMask
0x48e074 ReleaseMutex
0x48e078 EndUpdateResourceA
0x48e07c GetVersionExA
0x48e080 FindNextVolumeA
0x48e084 lstrcpyW
0x48e088 LCMapStringW
0x48e08c GetModuleFileNameW
0x48e090 HeapReAlloc
0x48e094 EncodePointer
0x48e098 DecodePointer
0x48e09c GetModuleHandleW
0x48e0a0 ExitProcess
0x48e0a4 GetCommandLineW
0x48e0a8 HeapSetInformation
0x48e0ac GetStartupInfoW
0x48e0b0 RaiseException
0x48e0b4 UnhandledExceptionFilter
0x48e0b8 SetUnhandledExceptionFilter
0x48e0bc IsDebuggerPresent
0x48e0c0 TerminateProcess
0x48e0c4 HeapAlloc
0x48e0c8 HeapFree
0x48e0cc IsProcessorFeaturePresent
0x48e0d0 TlsAlloc
0x48e0d4 TlsGetValue
0x48e0d8 TlsSetValue
0x48e0dc TlsFree
0x48e0e0 InterlockedIncrement
0x48e0e4 SetLastError
0x48e0e8 GetCurrentThreadId
0x48e0ec InterlockedDecrement
0x48e0f0 ReadFile
0x48e0f4 EnterCriticalSection
0x48e0f8 LeaveCriticalSection
0x48e0fc SetHandleCount
0x48e100 GetStdHandle
0x48e104 InitializeCriticalSectionAndSpinCount
0x48e108 GetFileType
0x48e10c DeleteCriticalSection
0x48e110 SetFilePointer
0x48e114 GetCPInfo
0x48e118 GetACP
0x48e11c GetOEMCP
0x48e120 IsValidCodePage
0x48e124 CloseHandle
0x48e128 LoadLibraryW
0x48e12c WriteFile
0x48e130 FreeEnvironmentStringsW
0x48e134 HeapCreate
0x48e138 QueryPerformanceCounter
0x48e13c GetCurrentProcessId
0x48e140 GetSystemTimeAsFileTime
0x48e144 WideCharToMultiByte
0x48e148 GetConsoleCP
0x48e14c GetConsoleMode
0x48e150 Sleep
0x48e154 MultiByteToWideChar
0x48e158 RtlUnwind
0x48e15c SetStdHandle
0x48e160 FlushFileBuffers
0x48e164 GetStringTypeW
0x48e168 HeapSize
0x48e16c WriteConsoleW
0x48e170 CreateFileW
GDI32.dll
0x48e000 GetBitmapBits
EAT(Export Address Table) is none