ScreenShot
| Created | 2021.11.08 12:28 | Machine | s1_win7_x6401 |
| Filename | spho.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | ac8d80e539e4db0a1cddaf2a0910949d | ||
| sha256 | dada727f10c46b26e6fb75da05540898304a7621d14576a057b9e29120fbb5b6 | ||
| ssdeep | 24576:2GaBYVTUlGU0NMJSP/xjRHft1Uyl0hHb+1XOBDAhlITUwVA:nTUoUuM0X5Vtyylk+1XOBDYc | ||
| imphash | ad35223e42e488e819f8bab49b2709bc | ||
| impfuzzy | 24:1/jkrk8bG2SzkSNuvOGfIi1cDHhdhPlyoOovVtUVgcpluiyv92/J3I+6RjMzdBgT:2K1zuRgyn2tZcpsb98uG0T | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4fd000 FillConsoleOutputCharacterA
0x4fd004 SetProcessAffinityMask
0x4fd008 GetConsoleAliasesLengthW
0x4fd00c GetDefaultCommConfigW
0x4fd010 ReadConsoleA
0x4fd014 QueryPerformanceCounter
0x4fd018 GetEnvironmentStringsW
0x4fd01c BackupSeek
0x4fd020 GetTickCount
0x4fd024 GlobalAlloc
0x4fd028 GetFirmwareEnvironmentVariableA
0x4fd02c LoadLibraryW
0x4fd030 SizeofResource
0x4fd034 GetSystemWindowsDirectoryA
0x4fd038 HeapValidate
0x4fd03c SetConsoleCursorPosition
0x4fd040 GetAtomNameW
0x4fd044 LCMapStringA
0x4fd048 GetLastError
0x4fd04c GetProcAddress
0x4fd050 VirtualAlloc
0x4fd054 SetStdHandle
0x4fd058 LoadLibraryA
0x4fd05c WriteConsoleA
0x4fd060 BeginUpdateResourceA
0x4fd064 SetSystemTime
0x4fd068 GetModuleFileNameA
0x4fd06c SetConsoleCursorInfo
0x4fd070 UpdateResourceW
0x4fd074 GetProcessAffinityMask
0x4fd078 AddConsoleAliasA
0x4fd07c SetFileValidData
0x4fd080 FindNextVolumeA
0x4fd084 lstrcpyW
0x4fd088 CreateFileW
0x4fd08c WriteConsoleW
0x4fd090 HeapAlloc
0x4fd094 GetModuleHandleW
0x4fd098 ExitProcess
0x4fd09c DecodePointer
0x4fd0a0 GetCommandLineA
0x4fd0a4 HeapSetInformation
0x4fd0a8 GetStartupInfoW
0x4fd0ac UnhandledExceptionFilter
0x4fd0b0 SetUnhandledExceptionFilter
0x4fd0b4 IsDebuggerPresent
0x4fd0b8 EncodePointer
0x4fd0bc TerminateProcess
0x4fd0c0 GetCurrentProcess
0x4fd0c4 HeapFree
0x4fd0c8 IsProcessorFeaturePresent
0x4fd0cc WriteFile
0x4fd0d0 GetStdHandle
0x4fd0d4 GetModuleFileNameW
0x4fd0d8 HeapCreate
0x4fd0dc EnterCriticalSection
0x4fd0e0 LeaveCriticalSection
0x4fd0e4 InitializeCriticalSectionAndSpinCount
0x4fd0e8 RtlUnwind
0x4fd0ec SetHandleCount
0x4fd0f0 GetFileType
0x4fd0f4 DeleteCriticalSection
0x4fd0f8 SetFilePointer
0x4fd0fc CloseHandle
0x4fd100 TlsAlloc
0x4fd104 TlsGetValue
0x4fd108 TlsSetValue
0x4fd10c TlsFree
0x4fd110 InterlockedIncrement
0x4fd114 SetLastError
0x4fd118 GetCurrentThreadId
0x4fd11c InterlockedDecrement
0x4fd120 FreeEnvironmentStringsW
0x4fd124 WideCharToMultiByte
0x4fd128 GetCurrentProcessId
0x4fd12c GetSystemTimeAsFileTime
0x4fd130 Sleep
0x4fd134 CreateFileA
0x4fd138 GetCPInfo
0x4fd13c GetACP
0x4fd140 GetOEMCP
0x4fd144 IsValidCodePage
0x4fd148 GetConsoleCP
0x4fd14c GetConsoleMode
0x4fd150 FlushFileBuffers
0x4fd154 HeapSize
0x4fd158 RaiseException
0x4fd15c HeapReAlloc
0x4fd160 SetEndOfFile
0x4fd164 GetProcessHeap
0x4fd168 MultiByteToWideChar
0x4fd16c ReadFile
0x4fd170 LCMapStringW
0x4fd174 GetStringTypeW
USER32.dll
0x4fd17c SetCursorPos
EAT(Export Address Table) is none
KERNEL32.dll
0x4fd000 FillConsoleOutputCharacterA
0x4fd004 SetProcessAffinityMask
0x4fd008 GetConsoleAliasesLengthW
0x4fd00c GetDefaultCommConfigW
0x4fd010 ReadConsoleA
0x4fd014 QueryPerformanceCounter
0x4fd018 GetEnvironmentStringsW
0x4fd01c BackupSeek
0x4fd020 GetTickCount
0x4fd024 GlobalAlloc
0x4fd028 GetFirmwareEnvironmentVariableA
0x4fd02c LoadLibraryW
0x4fd030 SizeofResource
0x4fd034 GetSystemWindowsDirectoryA
0x4fd038 HeapValidate
0x4fd03c SetConsoleCursorPosition
0x4fd040 GetAtomNameW
0x4fd044 LCMapStringA
0x4fd048 GetLastError
0x4fd04c GetProcAddress
0x4fd050 VirtualAlloc
0x4fd054 SetStdHandle
0x4fd058 LoadLibraryA
0x4fd05c WriteConsoleA
0x4fd060 BeginUpdateResourceA
0x4fd064 SetSystemTime
0x4fd068 GetModuleFileNameA
0x4fd06c SetConsoleCursorInfo
0x4fd070 UpdateResourceW
0x4fd074 GetProcessAffinityMask
0x4fd078 AddConsoleAliasA
0x4fd07c SetFileValidData
0x4fd080 FindNextVolumeA
0x4fd084 lstrcpyW
0x4fd088 CreateFileW
0x4fd08c WriteConsoleW
0x4fd090 HeapAlloc
0x4fd094 GetModuleHandleW
0x4fd098 ExitProcess
0x4fd09c DecodePointer
0x4fd0a0 GetCommandLineA
0x4fd0a4 HeapSetInformation
0x4fd0a8 GetStartupInfoW
0x4fd0ac UnhandledExceptionFilter
0x4fd0b0 SetUnhandledExceptionFilter
0x4fd0b4 IsDebuggerPresent
0x4fd0b8 EncodePointer
0x4fd0bc TerminateProcess
0x4fd0c0 GetCurrentProcess
0x4fd0c4 HeapFree
0x4fd0c8 IsProcessorFeaturePresent
0x4fd0cc WriteFile
0x4fd0d0 GetStdHandle
0x4fd0d4 GetModuleFileNameW
0x4fd0d8 HeapCreate
0x4fd0dc EnterCriticalSection
0x4fd0e0 LeaveCriticalSection
0x4fd0e4 InitializeCriticalSectionAndSpinCount
0x4fd0e8 RtlUnwind
0x4fd0ec SetHandleCount
0x4fd0f0 GetFileType
0x4fd0f4 DeleteCriticalSection
0x4fd0f8 SetFilePointer
0x4fd0fc CloseHandle
0x4fd100 TlsAlloc
0x4fd104 TlsGetValue
0x4fd108 TlsSetValue
0x4fd10c TlsFree
0x4fd110 InterlockedIncrement
0x4fd114 SetLastError
0x4fd118 GetCurrentThreadId
0x4fd11c InterlockedDecrement
0x4fd120 FreeEnvironmentStringsW
0x4fd124 WideCharToMultiByte
0x4fd128 GetCurrentProcessId
0x4fd12c GetSystemTimeAsFileTime
0x4fd130 Sleep
0x4fd134 CreateFileA
0x4fd138 GetCPInfo
0x4fd13c GetACP
0x4fd140 GetOEMCP
0x4fd144 IsValidCodePage
0x4fd148 GetConsoleCP
0x4fd14c GetConsoleMode
0x4fd150 FlushFileBuffers
0x4fd154 HeapSize
0x4fd158 RaiseException
0x4fd15c HeapReAlloc
0x4fd160 SetEndOfFile
0x4fd164 GetProcessHeap
0x4fd168 MultiByteToWideChar
0x4fd16c ReadFile
0x4fd170 LCMapStringW
0x4fd174 GetStringTypeW
USER32.dll
0x4fd17c SetCursorPos
EAT(Export Address Table) is none