ScreenShot
| Created | 2021.11.08 12:26 | Machine | s1_win7_x6401 |
| Filename | pafile.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | ba4f475636064002f09563282879f2a4 | ||
| sha256 | 1fa14c09b00a29ea5cdd1a4ef9bb38579e85bb70e2e63e45b0e883be8dda94f4 | ||
| ssdeep | 12288:yf6c2kvMKXW2i9nhXIZWFnwiv8gHunnn7s:BczezaWFn6gQA | ||
| imphash | ad35223e42e488e819f8bab49b2709bc | ||
| impfuzzy | 24:1/jkrk8bG2SzkSNuvOGfIi1cDHhdhPlyoOovVtUVgcpluiyv92/J3I+6RjMzdBgT:2K1zuRgyn2tZcpsb98uG0T | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x45e000 FillConsoleOutputCharacterA
0x45e004 SetProcessAffinityMask
0x45e008 GetConsoleAliasesLengthW
0x45e00c GetDefaultCommConfigW
0x45e010 ReadConsoleA
0x45e014 QueryPerformanceCounter
0x45e018 GetEnvironmentStringsW
0x45e01c BackupSeek
0x45e020 GetTickCount
0x45e024 GlobalAlloc
0x45e028 GetFirmwareEnvironmentVariableA
0x45e02c LoadLibraryW
0x45e030 SizeofResource
0x45e034 GetSystemWindowsDirectoryA
0x45e038 HeapValidate
0x45e03c SetConsoleCursorPosition
0x45e040 GetAtomNameW
0x45e044 LCMapStringA
0x45e048 GetLastError
0x45e04c GetProcAddress
0x45e050 VirtualAlloc
0x45e054 SetStdHandle
0x45e058 LoadLibraryA
0x45e05c WriteConsoleA
0x45e060 BeginUpdateResourceA
0x45e064 SetSystemTime
0x45e068 GetModuleFileNameA
0x45e06c SetConsoleCursorInfo
0x45e070 UpdateResourceW
0x45e074 GetProcessAffinityMask
0x45e078 AddConsoleAliasA
0x45e07c SetFileValidData
0x45e080 FindNextVolumeA
0x45e084 lstrcpyW
0x45e088 CreateFileW
0x45e08c WriteConsoleW
0x45e090 HeapAlloc
0x45e094 GetModuleHandleW
0x45e098 ExitProcess
0x45e09c DecodePointer
0x45e0a0 GetCommandLineA
0x45e0a4 HeapSetInformation
0x45e0a8 GetStartupInfoW
0x45e0ac UnhandledExceptionFilter
0x45e0b0 SetUnhandledExceptionFilter
0x45e0b4 IsDebuggerPresent
0x45e0b8 EncodePointer
0x45e0bc TerminateProcess
0x45e0c0 GetCurrentProcess
0x45e0c4 HeapFree
0x45e0c8 IsProcessorFeaturePresent
0x45e0cc WriteFile
0x45e0d0 GetStdHandle
0x45e0d4 GetModuleFileNameW
0x45e0d8 HeapCreate
0x45e0dc EnterCriticalSection
0x45e0e0 LeaveCriticalSection
0x45e0e4 InitializeCriticalSectionAndSpinCount
0x45e0e8 RtlUnwind
0x45e0ec SetHandleCount
0x45e0f0 GetFileType
0x45e0f4 DeleteCriticalSection
0x45e0f8 SetFilePointer
0x45e0fc CloseHandle
0x45e100 TlsAlloc
0x45e104 TlsGetValue
0x45e108 TlsSetValue
0x45e10c TlsFree
0x45e110 InterlockedIncrement
0x45e114 SetLastError
0x45e118 GetCurrentThreadId
0x45e11c InterlockedDecrement
0x45e120 FreeEnvironmentStringsW
0x45e124 WideCharToMultiByte
0x45e128 GetCurrentProcessId
0x45e12c GetSystemTimeAsFileTime
0x45e130 Sleep
0x45e134 CreateFileA
0x45e138 GetCPInfo
0x45e13c GetACP
0x45e140 GetOEMCP
0x45e144 IsValidCodePage
0x45e148 GetConsoleCP
0x45e14c GetConsoleMode
0x45e150 FlushFileBuffers
0x45e154 HeapSize
0x45e158 RaiseException
0x45e15c HeapReAlloc
0x45e160 SetEndOfFile
0x45e164 GetProcessHeap
0x45e168 MultiByteToWideChar
0x45e16c ReadFile
0x45e170 LCMapStringW
0x45e174 GetStringTypeW
USER32.dll
0x45e17c SetCursorPos
EAT(Export Address Table) is none
KERNEL32.dll
0x45e000 FillConsoleOutputCharacterA
0x45e004 SetProcessAffinityMask
0x45e008 GetConsoleAliasesLengthW
0x45e00c GetDefaultCommConfigW
0x45e010 ReadConsoleA
0x45e014 QueryPerformanceCounter
0x45e018 GetEnvironmentStringsW
0x45e01c BackupSeek
0x45e020 GetTickCount
0x45e024 GlobalAlloc
0x45e028 GetFirmwareEnvironmentVariableA
0x45e02c LoadLibraryW
0x45e030 SizeofResource
0x45e034 GetSystemWindowsDirectoryA
0x45e038 HeapValidate
0x45e03c SetConsoleCursorPosition
0x45e040 GetAtomNameW
0x45e044 LCMapStringA
0x45e048 GetLastError
0x45e04c GetProcAddress
0x45e050 VirtualAlloc
0x45e054 SetStdHandle
0x45e058 LoadLibraryA
0x45e05c WriteConsoleA
0x45e060 BeginUpdateResourceA
0x45e064 SetSystemTime
0x45e068 GetModuleFileNameA
0x45e06c SetConsoleCursorInfo
0x45e070 UpdateResourceW
0x45e074 GetProcessAffinityMask
0x45e078 AddConsoleAliasA
0x45e07c SetFileValidData
0x45e080 FindNextVolumeA
0x45e084 lstrcpyW
0x45e088 CreateFileW
0x45e08c WriteConsoleW
0x45e090 HeapAlloc
0x45e094 GetModuleHandleW
0x45e098 ExitProcess
0x45e09c DecodePointer
0x45e0a0 GetCommandLineA
0x45e0a4 HeapSetInformation
0x45e0a8 GetStartupInfoW
0x45e0ac UnhandledExceptionFilter
0x45e0b0 SetUnhandledExceptionFilter
0x45e0b4 IsDebuggerPresent
0x45e0b8 EncodePointer
0x45e0bc TerminateProcess
0x45e0c0 GetCurrentProcess
0x45e0c4 HeapFree
0x45e0c8 IsProcessorFeaturePresent
0x45e0cc WriteFile
0x45e0d0 GetStdHandle
0x45e0d4 GetModuleFileNameW
0x45e0d8 HeapCreate
0x45e0dc EnterCriticalSection
0x45e0e0 LeaveCriticalSection
0x45e0e4 InitializeCriticalSectionAndSpinCount
0x45e0e8 RtlUnwind
0x45e0ec SetHandleCount
0x45e0f0 GetFileType
0x45e0f4 DeleteCriticalSection
0x45e0f8 SetFilePointer
0x45e0fc CloseHandle
0x45e100 TlsAlloc
0x45e104 TlsGetValue
0x45e108 TlsSetValue
0x45e10c TlsFree
0x45e110 InterlockedIncrement
0x45e114 SetLastError
0x45e118 GetCurrentThreadId
0x45e11c InterlockedDecrement
0x45e120 FreeEnvironmentStringsW
0x45e124 WideCharToMultiByte
0x45e128 GetCurrentProcessId
0x45e12c GetSystemTimeAsFileTime
0x45e130 Sleep
0x45e134 CreateFileA
0x45e138 GetCPInfo
0x45e13c GetACP
0x45e140 GetOEMCP
0x45e144 IsValidCodePage
0x45e148 GetConsoleCP
0x45e14c GetConsoleMode
0x45e150 FlushFileBuffers
0x45e154 HeapSize
0x45e158 RaiseException
0x45e15c HeapReAlloc
0x45e160 SetEndOfFile
0x45e164 GetProcessHeap
0x45e168 MultiByteToWideChar
0x45e16c ReadFile
0x45e170 LCMapStringW
0x45e174 GetStringTypeW
USER32.dll
0x45e17c SetCursorPos
EAT(Export Address Table) is none