ScreenShot
| Created | 2021.11.01 18:29 | Machine | s1_win7_x6402 |
| Filename | pub3.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 2abbb910ba6b974e574842637c05dad6 | ||
| sha256 | de91e456d436a843b1dd01aabaeddfbc51284987b569cb20ea793db6ccf212cb | ||
| ssdeep | 3072:etXwBR1Vm6eqlljWJ2gPjT75/0SX1649N03:zfm6eeq2g375H1b9N | ||
| imphash | 9fa6fda3b52d9c76911daaba6b825179 | ||
| impfuzzy | 24:/u9EIKiX+ZGIIFDSInW1OovurIlyv9fcjtulgJ3In4VGSUjMzgllTn:Rw+MJYK9fcjtueZkSY7T | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x418000 HeapReAlloc
0x418004 FindVolumeClose
0x418008 FindFirstChangeNotificationW
0x41800c FindResourceExW
0x418010 HeapAlloc
0x418014 EndUpdateResourceW
0x418018 SetEnvironmentVariableW
0x41801c GetEnvironmentStringsW
0x418020 AddConsoleAliasW
0x418024 SetEvent
0x418028 FlushConsoleInputBuffer
0x41802c SleepEx
0x418030 GetTickCount
0x418034 GetProcessHeap
0x418038 FindActCtxSectionStringA
0x41803c GlobalAlloc
0x418040 InitAtomTable
0x418044 FindNextVolumeW
0x418048 GetTapePosition
0x41804c WriteConsoleW
0x418050 GetMailslotInfo
0x418054 GetModuleFileNameW
0x418058 CreateActCtxA
0x41805c BindIoCompletionCallback
0x418060 GetProcAddress
0x418064 VirtualAlloc
0x418068 BeginUpdateResourceW
0x41806c GetAtomNameA
0x418070 LoadLibraryA
0x418074 GetModuleFileNameA
0x418078 GetProcessAffinityMask
0x41807c TlsFree
0x418080 lstrcpyA
0x418084 CreateFileW
0x418088 HeapSize
0x41808c DecodePointer
0x418090 EncodePointer
0x418094 GetCommandLineA
0x418098 HeapSetInformation
0x41809c GetStartupInfoW
0x4180a0 IsProcessorFeaturePresent
0x4180a4 GetLastError
0x4180a8 WideCharToMultiByte
0x4180ac SetHandleCount
0x4180b0 GetStdHandle
0x4180b4 InitializeCriticalSectionAndSpinCount
0x4180b8 GetFileType
0x4180bc DeleteCriticalSection
0x4180c0 EnterCriticalSection
0x4180c4 LeaveCriticalSection
0x4180c8 UnhandledExceptionFilter
0x4180cc SetUnhandledExceptionFilter
0x4180d0 IsDebuggerPresent
0x4180d4 TerminateProcess
0x4180d8 GetCurrentProcess
0x4180dc RtlUnwind
0x4180e0 SetFilePointer
0x4180e4 TlsAlloc
0x4180e8 TlsGetValue
0x4180ec TlsSetValue
0x4180f0 InterlockedIncrement
0x4180f4 GetModuleHandleW
0x4180f8 SetLastError
0x4180fc GetCurrentThreadId
0x418100 InterlockedDecrement
0x418104 HeapFree
0x418108 CloseHandle
0x41810c ExitProcess
0x418110 WriteFile
0x418114 FreeEnvironmentStringsW
0x418118 HeapCreate
0x41811c QueryPerformanceCounter
0x418120 GetCurrentProcessId
0x418124 GetSystemTimeAsFileTime
0x418128 GetConsoleCP
0x41812c GetConsoleMode
0x418130 GetCPInfo
0x418134 GetACP
0x418138 GetOEMCP
0x41813c IsValidCodePage
0x418140 Sleep
0x418144 CreateFileA
0x418148 SetStdHandle
0x41814c FlushFileBuffers
0x418150 LoadLibraryW
0x418154 RaiseException
0x418158 MultiByteToWideChar
0x41815c LCMapStringW
0x418160 GetStringTypeW
0x418164 SetEndOfFile
0x418168 ReadFile
USER32.dll
0x418170 SetCursorPos
EAT(Export Address Table) is none
KERNEL32.dll
0x418000 HeapReAlloc
0x418004 FindVolumeClose
0x418008 FindFirstChangeNotificationW
0x41800c FindResourceExW
0x418010 HeapAlloc
0x418014 EndUpdateResourceW
0x418018 SetEnvironmentVariableW
0x41801c GetEnvironmentStringsW
0x418020 AddConsoleAliasW
0x418024 SetEvent
0x418028 FlushConsoleInputBuffer
0x41802c SleepEx
0x418030 GetTickCount
0x418034 GetProcessHeap
0x418038 FindActCtxSectionStringA
0x41803c GlobalAlloc
0x418040 InitAtomTable
0x418044 FindNextVolumeW
0x418048 GetTapePosition
0x41804c WriteConsoleW
0x418050 GetMailslotInfo
0x418054 GetModuleFileNameW
0x418058 CreateActCtxA
0x41805c BindIoCompletionCallback
0x418060 GetProcAddress
0x418064 VirtualAlloc
0x418068 BeginUpdateResourceW
0x41806c GetAtomNameA
0x418070 LoadLibraryA
0x418074 GetModuleFileNameA
0x418078 GetProcessAffinityMask
0x41807c TlsFree
0x418080 lstrcpyA
0x418084 CreateFileW
0x418088 HeapSize
0x41808c DecodePointer
0x418090 EncodePointer
0x418094 GetCommandLineA
0x418098 HeapSetInformation
0x41809c GetStartupInfoW
0x4180a0 IsProcessorFeaturePresent
0x4180a4 GetLastError
0x4180a8 WideCharToMultiByte
0x4180ac SetHandleCount
0x4180b0 GetStdHandle
0x4180b4 InitializeCriticalSectionAndSpinCount
0x4180b8 GetFileType
0x4180bc DeleteCriticalSection
0x4180c0 EnterCriticalSection
0x4180c4 LeaveCriticalSection
0x4180c8 UnhandledExceptionFilter
0x4180cc SetUnhandledExceptionFilter
0x4180d0 IsDebuggerPresent
0x4180d4 TerminateProcess
0x4180d8 GetCurrentProcess
0x4180dc RtlUnwind
0x4180e0 SetFilePointer
0x4180e4 TlsAlloc
0x4180e8 TlsGetValue
0x4180ec TlsSetValue
0x4180f0 InterlockedIncrement
0x4180f4 GetModuleHandleW
0x4180f8 SetLastError
0x4180fc GetCurrentThreadId
0x418100 InterlockedDecrement
0x418104 HeapFree
0x418108 CloseHandle
0x41810c ExitProcess
0x418110 WriteFile
0x418114 FreeEnvironmentStringsW
0x418118 HeapCreate
0x41811c QueryPerformanceCounter
0x418120 GetCurrentProcessId
0x418124 GetSystemTimeAsFileTime
0x418128 GetConsoleCP
0x41812c GetConsoleMode
0x418130 GetCPInfo
0x418134 GetACP
0x418138 GetOEMCP
0x41813c IsValidCodePage
0x418140 Sleep
0x418144 CreateFileA
0x418148 SetStdHandle
0x41814c FlushFileBuffers
0x418150 LoadLibraryW
0x418154 RaiseException
0x418158 MultiByteToWideChar
0x41815c LCMapStringW
0x418160 GetStringTypeW
0x418164 SetEndOfFile
0x418168 ReadFile
USER32.dll
0x418170 SetCursorPos
EAT(Export Address Table) is none