ScreenShot
| Created | 2021.11.07 09:57 | Machine | s1_win7_x6403 |
| Filename | pub33.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 506e6aff106a5c2fe532cade93779f39 | ||
| sha256 | 9e7632c03dbae593a01af86ad90ba4821b52861f699762ea02161522f5df3bcb | ||
| ssdeep | 3072:DT/6ysWKx6FfNvicLRi5q3uaJ1Wrxpzbgqru+sxkgaBCh6X7Br:SMKoFfFiO0K1uzbgwu7igaf | ||
| imphash | 80ba2861c278646549335a754dc96d41 | ||
| impfuzzy | 24:AbG2SRFEIaNuvtI4XA9KcDpclllroOovVtUwcpluiyv92/J3I+6nujMfK318n:j1RPXAihn2tbcpsb98unkF8 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x418008 GetDefaultCommConfigW
0x41800c QueryPerformanceCounter
0x418010 HeapFree
0x418014 GetEnvironmentStringsW
0x418018 AddConsoleAliasW
0x41801c BackupSeek
0x418020 GetTickCount
0x418024 GlobalAlloc
0x418028 GetFirmwareEnvironmentVariableA
0x41802c LoadLibraryW
0x418030 SizeofResource
0x418034 SetConsoleCursorPosition
0x418038 SetThreadContext
0x41803c GetAtomNameW
0x418040 LCMapStringA
0x418044 FillConsoleOutputCharacterW
0x418048 GetLastError
0x41804c GetProcAddress
0x418050 VirtualAlloc
0x418054 BeginUpdateResourceW
0x418058 LoadLibraryA
0x41805c WriteConsoleA
0x418060 GetModuleFileNameA
0x418064 SetConsoleCursorInfo
0x418068 UpdateResourceW
0x41806c SetFileValidData
0x418070 FindNextVolumeA
0x418074 lstrcpyW
0x418078 WriteConsoleW
0x41807c SetProcessAffinityMask
0x418080 CreateFileW
0x418084 GetStringTypeW
0x418088 HeapAlloc
0x41808c GetModuleHandleW
0x418090 ExitProcess
0x418094 DecodePointer
0x418098 GetCommandLineA
0x41809c HeapSetInformation
0x4180a0 GetStartupInfoW
0x4180a4 UnhandledExceptionFilter
0x4180a8 SetUnhandledExceptionFilter
0x4180ac IsDebuggerPresent
0x4180b0 EncodePointer
0x4180b4 TerminateProcess
0x4180b8 GetCurrentProcess
0x4180bc IsProcessorFeaturePresent
0x4180c0 WriteFile
0x4180c4 GetStdHandle
0x4180c8 GetModuleFileNameW
0x4180cc HeapCreate
0x4180d0 EnterCriticalSection
0x4180d4 LeaveCriticalSection
0x4180d8 InitializeCriticalSectionAndSpinCount
0x4180dc RtlUnwind
0x4180e0 SetHandleCount
0x4180e4 GetFileType
0x4180e8 DeleteCriticalSection
0x4180ec SetFilePointer
0x4180f0 CloseHandle
0x4180f4 TlsAlloc
0x4180f8 TlsGetValue
0x4180fc TlsSetValue
0x418100 TlsFree
0x418104 InterlockedIncrement
0x418108 SetLastError
0x41810c GetCurrentThreadId
0x418110 InterlockedDecrement
0x418114 FreeEnvironmentStringsW
0x418118 WideCharToMultiByte
0x41811c GetCurrentProcessId
0x418120 GetSystemTimeAsFileTime
0x418124 RaiseException
0x418128 Sleep
0x41812c CreateFileA
0x418130 GetCPInfo
0x418134 GetACP
0x418138 GetOEMCP
0x41813c IsValidCodePage
0x418140 GetConsoleCP
0x418144 GetConsoleMode
0x418148 SetStdHandle
0x41814c FlushFileBuffers
0x418150 HeapSize
0x418154 HeapReAlloc
0x418158 SetEndOfFile
0x41815c GetProcessHeap
0x418160 MultiByteToWideChar
0x418164 ReadFile
0x418168 LCMapStringW
USER32.dll
0x418170 GetCursorPos
ADVAPI32.dll
0x418000 NotifyChangeEventLog
EAT(Export Address Table) is none
KERNEL32.dll
0x418008 GetDefaultCommConfigW
0x41800c QueryPerformanceCounter
0x418010 HeapFree
0x418014 GetEnvironmentStringsW
0x418018 AddConsoleAliasW
0x41801c BackupSeek
0x418020 GetTickCount
0x418024 GlobalAlloc
0x418028 GetFirmwareEnvironmentVariableA
0x41802c LoadLibraryW
0x418030 SizeofResource
0x418034 SetConsoleCursorPosition
0x418038 SetThreadContext
0x41803c GetAtomNameW
0x418040 LCMapStringA
0x418044 FillConsoleOutputCharacterW
0x418048 GetLastError
0x41804c GetProcAddress
0x418050 VirtualAlloc
0x418054 BeginUpdateResourceW
0x418058 LoadLibraryA
0x41805c WriteConsoleA
0x418060 GetModuleFileNameA
0x418064 SetConsoleCursorInfo
0x418068 UpdateResourceW
0x41806c SetFileValidData
0x418070 FindNextVolumeA
0x418074 lstrcpyW
0x418078 WriteConsoleW
0x41807c SetProcessAffinityMask
0x418080 CreateFileW
0x418084 GetStringTypeW
0x418088 HeapAlloc
0x41808c GetModuleHandleW
0x418090 ExitProcess
0x418094 DecodePointer
0x418098 GetCommandLineA
0x41809c HeapSetInformation
0x4180a0 GetStartupInfoW
0x4180a4 UnhandledExceptionFilter
0x4180a8 SetUnhandledExceptionFilter
0x4180ac IsDebuggerPresent
0x4180b0 EncodePointer
0x4180b4 TerminateProcess
0x4180b8 GetCurrentProcess
0x4180bc IsProcessorFeaturePresent
0x4180c0 WriteFile
0x4180c4 GetStdHandle
0x4180c8 GetModuleFileNameW
0x4180cc HeapCreate
0x4180d0 EnterCriticalSection
0x4180d4 LeaveCriticalSection
0x4180d8 InitializeCriticalSectionAndSpinCount
0x4180dc RtlUnwind
0x4180e0 SetHandleCount
0x4180e4 GetFileType
0x4180e8 DeleteCriticalSection
0x4180ec SetFilePointer
0x4180f0 CloseHandle
0x4180f4 TlsAlloc
0x4180f8 TlsGetValue
0x4180fc TlsSetValue
0x418100 TlsFree
0x418104 InterlockedIncrement
0x418108 SetLastError
0x41810c GetCurrentThreadId
0x418110 InterlockedDecrement
0x418114 FreeEnvironmentStringsW
0x418118 WideCharToMultiByte
0x41811c GetCurrentProcessId
0x418120 GetSystemTimeAsFileTime
0x418124 RaiseException
0x418128 Sleep
0x41812c CreateFileA
0x418130 GetCPInfo
0x418134 GetACP
0x418138 GetOEMCP
0x41813c IsValidCodePage
0x418140 GetConsoleCP
0x418144 GetConsoleMode
0x418148 SetStdHandle
0x41814c FlushFileBuffers
0x418150 HeapSize
0x418154 HeapReAlloc
0x418158 SetEndOfFile
0x41815c GetProcessHeap
0x418160 MultiByteToWideChar
0x418164 ReadFile
0x418168 LCMapStringW
USER32.dll
0x418170 GetCursorPos
ADVAPI32.dll
0x418000 NotifyChangeEventLog
EAT(Export Address Table) is none