ScreenShot
| Created | 2021.10.27 18:05 | Machine | s1_win7_x6401 |
| Filename | jb5wrmt56.rar | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | f793cad74aae9dab113ac269b4aab998 | ||
| sha256 | 9eb19bed596c23b08f71e513953cddb5c69783ae9cfebc8359d311a53623be9e | ||
| ssdeep | 24576:fqgoo0Xddxgc/0bsfKi7cicm5Vkr3AhQPpkTsp1CvfnP:RVmdGsfKiuOVkAWhkTICvfnP | ||
| imphash | fec6347409359392dbfa6d952a9bec45 | ||
| impfuzzy | 24:CuHvI8Oc+WcJBliSZD56tMS1TMvpa9VPtxviyWkjsnTDPZpgWgOOovbOPZHuqu9/:HtOc+Hl6tMS1TMvUHtRByPZuH3g | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4c8000 GetModuleFileNameA
0x4c8004 GetEnvironmentVariableA
0x4c8008 GetCurrentDirectoryA
0x4c800c GetTempPathA
0x4c8010 OpenMutexA
0x4c8014 VirtualProtectEx
0x4c8018 FlushFileBuffers
0x4c801c EnterCriticalSection
0x4c8020 LeaveCriticalSection
0x4c8024 DeleteCriticalSection
0x4c8028 EncodePointer
0x4c802c DecodePointer
0x4c8030 SetLastError
0x4c8034 InitializeCriticalSectionAndSpinCount
0x4c8038 CreateEventW
0x4c803c SwitchToThread
0x4c8040 TlsAlloc
0x4c8044 TlsGetValue
0x4c8048 TlsSetValue
0x4c804c TlsFree
0x4c8050 GetSystemTimeAsFileTime
0x4c8054 GetTickCount
0x4c8058 GetModuleHandleW
0x4c805c GetProcAddress
0x4c8060 WideCharToMultiByte
0x4c8064 MultiByteToWideChar
0x4c8068 GetStringTypeW
0x4c806c CompareStringW
0x4c8070 LCMapStringW
0x4c8074 GetLocaleInfoW
0x4c8078 GetCPInfo
0x4c807c UnhandledExceptionFilter
0x4c8080 SetUnhandledExceptionFilter
0x4c8084 GetCurrentProcess
0x4c8088 TerminateProcess
0x4c808c IsProcessorFeaturePresent
0x4c8090 QueryPerformanceCounter
0x4c8094 GetCurrentProcessId
0x4c8098 GetCurrentThreadId
0x4c809c InitializeSListHead
0x4c80a0 IsDebuggerPresent
0x4c80a4 GetStartupInfoW
0x4c80a8 RtlUnwind
0x4c80ac RaiseException
0x4c80b0 InterlockedPushEntrySList
0x4c80b4 InterlockedFlushSList
0x4c80b8 GetLastError
0x4c80bc FreeLibrary
0x4c80c0 LoadLibraryExW
0x4c80c4 GetModuleFileNameW
0x4c80c8 GetModuleHandleExW
0x4c80cc HeapAlloc
0x4c80d0 HeapValidate
0x4c80d4 GetSystemInfo
0x4c80d8 ExitProcess
0x4c80dc GetStdHandle
0x4c80e0 GetFileType
0x4c80e4 WriteFile
0x4c80e8 OutputDebugStringA
0x4c80ec OutputDebugStringW
0x4c80f0 WriteConsoleW
0x4c80f4 CloseHandle
0x4c80f8 WaitForSingleObjectEx
0x4c80fc CreateThread
0x4c8100 SetConsoleCtrlHandler
0x4c8104 GetCurrentThread
0x4c8108 GetDateFormatW
0x4c810c GetTimeFormatW
0x4c8110 IsValidLocale
0x4c8114 GetUserDefaultLCID
0x4c8118 EnumSystemLocalesW
0x4c811c HeapFree
0x4c8120 HeapReAlloc
0x4c8124 HeapSize
0x4c8128 HeapQueryInformation
0x4c812c GetACP
0x4c8130 GetProcessHeap
0x4c8134 GetTimeZoneInformation
0x4c8138 FindClose
0x4c813c FindFirstFileExA
0x4c8140 FindFirstFileExW
0x4c8144 FindNextFileA
0x4c8148 FindNextFileW
0x4c814c IsValidCodePage
0x4c8150 GetOEMCP
0x4c8154 GetCommandLineA
0x4c8158 GetCommandLineW
0x4c815c GetEnvironmentStringsW
0x4c8160 FreeEnvironmentStringsW
0x4c8164 SetEnvironmentVariableA
0x4c8168 SetEnvironmentVariableW
0x4c816c SetStdHandle
0x4c8170 GetConsoleCP
0x4c8174 GetConsoleMode
0x4c8178 SetFilePointerEx
0x4c817c CreateFileW
EAT(Export Address Table) Library
0x49fe70 Historybelieve
0x49f9b0 Lastelement
0x49ff60 Mass
KERNEL32.dll
0x4c8000 GetModuleFileNameA
0x4c8004 GetEnvironmentVariableA
0x4c8008 GetCurrentDirectoryA
0x4c800c GetTempPathA
0x4c8010 OpenMutexA
0x4c8014 VirtualProtectEx
0x4c8018 FlushFileBuffers
0x4c801c EnterCriticalSection
0x4c8020 LeaveCriticalSection
0x4c8024 DeleteCriticalSection
0x4c8028 EncodePointer
0x4c802c DecodePointer
0x4c8030 SetLastError
0x4c8034 InitializeCriticalSectionAndSpinCount
0x4c8038 CreateEventW
0x4c803c SwitchToThread
0x4c8040 TlsAlloc
0x4c8044 TlsGetValue
0x4c8048 TlsSetValue
0x4c804c TlsFree
0x4c8050 GetSystemTimeAsFileTime
0x4c8054 GetTickCount
0x4c8058 GetModuleHandleW
0x4c805c GetProcAddress
0x4c8060 WideCharToMultiByte
0x4c8064 MultiByteToWideChar
0x4c8068 GetStringTypeW
0x4c806c CompareStringW
0x4c8070 LCMapStringW
0x4c8074 GetLocaleInfoW
0x4c8078 GetCPInfo
0x4c807c UnhandledExceptionFilter
0x4c8080 SetUnhandledExceptionFilter
0x4c8084 GetCurrentProcess
0x4c8088 TerminateProcess
0x4c808c IsProcessorFeaturePresent
0x4c8090 QueryPerformanceCounter
0x4c8094 GetCurrentProcessId
0x4c8098 GetCurrentThreadId
0x4c809c InitializeSListHead
0x4c80a0 IsDebuggerPresent
0x4c80a4 GetStartupInfoW
0x4c80a8 RtlUnwind
0x4c80ac RaiseException
0x4c80b0 InterlockedPushEntrySList
0x4c80b4 InterlockedFlushSList
0x4c80b8 GetLastError
0x4c80bc FreeLibrary
0x4c80c0 LoadLibraryExW
0x4c80c4 GetModuleFileNameW
0x4c80c8 GetModuleHandleExW
0x4c80cc HeapAlloc
0x4c80d0 HeapValidate
0x4c80d4 GetSystemInfo
0x4c80d8 ExitProcess
0x4c80dc GetStdHandle
0x4c80e0 GetFileType
0x4c80e4 WriteFile
0x4c80e8 OutputDebugStringA
0x4c80ec OutputDebugStringW
0x4c80f0 WriteConsoleW
0x4c80f4 CloseHandle
0x4c80f8 WaitForSingleObjectEx
0x4c80fc CreateThread
0x4c8100 SetConsoleCtrlHandler
0x4c8104 GetCurrentThread
0x4c8108 GetDateFormatW
0x4c810c GetTimeFormatW
0x4c8110 IsValidLocale
0x4c8114 GetUserDefaultLCID
0x4c8118 EnumSystemLocalesW
0x4c811c HeapFree
0x4c8120 HeapReAlloc
0x4c8124 HeapSize
0x4c8128 HeapQueryInformation
0x4c812c GetACP
0x4c8130 GetProcessHeap
0x4c8134 GetTimeZoneInformation
0x4c8138 FindClose
0x4c813c FindFirstFileExA
0x4c8140 FindFirstFileExW
0x4c8144 FindNextFileA
0x4c8148 FindNextFileW
0x4c814c IsValidCodePage
0x4c8150 GetOEMCP
0x4c8154 GetCommandLineA
0x4c8158 GetCommandLineW
0x4c815c GetEnvironmentStringsW
0x4c8160 FreeEnvironmentStringsW
0x4c8164 SetEnvironmentVariableA
0x4c8168 SetEnvironmentVariableW
0x4c816c SetStdHandle
0x4c8170 GetConsoleCP
0x4c8174 GetConsoleMode
0x4c8178 SetFilePointerEx
0x4c817c CreateFileW
EAT(Export Address Table) Library
0x49fe70 Historybelieve
0x49f9b0 Lastelement
0x49ff60 Mass