ScreenShot
| Created | 2021.11.10 09:52 | Machine | s1_win7_x6403 |
| Filename | _-Name | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | d46b39b3c3a6dc15a18e90c0b28d5bc3 | ||
| sha256 | 2d40da8ee687152fcb99a36442390885767b667005dba437a79e6d12c91cd7a9 | ||
| ssdeep | 3072:nOFp965ht3hLKKKKKU8AAFTbp8ELQHsoOJNuYnZIWH2qWUwZr+EM4EIGKEc6iZjM:OF5fJXnIZRS5 | ||
| imphash | b6317d1e6220c7fb983c3c3d4ac71735 | ||
| impfuzzy | 48:LGJ+09/nB/KAXKC+lycJrzl9FkL+jS6n92HMESfz7C0tKq9LcD:Ihhay6n92HMESfz7BtKwLcD | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x40a154 GetMessageW
0x40a158 TranslateMessage
0x40a15c DispatchMessageW
0x40a160 LoadCursorW
0x40a164 RegisterClassExW
0x40a168 EnumWindows
0x40a16c PostQuitMessage
0x40a170 DefWindowProcW
0x40a174 CreateWindowExW
0x40a178 ShowWindow
0x40a17c UpdateWindow
0x40a180 IsRectEmpty
0x40a184 SetWindowPos
0x40a188 OffsetRect
0x40a18c IntersectRect
0x40a190 GetDesktopWindow
0x40a194 GetShellWindow
0x40a198 FindWindowW
0x40a19c GetSystemMetrics
0x40a1a0 GetWindowLongW
0x40a1a4 GetWindowRect
0x40a1a8 FindWindowExW
0x40a1ac GetWindowThreadProcessId
0x40a1b0 GetClassNameW
NvSmartMax.dll
0x40a138 NvSmartMaxNotifyAppHWND
0x40a13c NvSmartMax_OnSetWorkArea
0x40a140 NVUnHook
0x40a144 NvSmartMaxShutdown
0x40a148 GetMaxToGridRect
0x40a14c SmartMaxLookupProcessName
KERNEL32.dll
0x40a000 GetStdHandle
0x40a004 FlushFileBuffers
0x40a008 CreateFileA
0x40a00c HeapSize
0x40a010 GetLocaleInfoA
0x40a014 GetStringTypeW
0x40a018 GetStringTypeA
0x40a01c LCMapStringW
0x40a020 LCMapStringA
0x40a024 WriteConsoleW
0x40a028 GetConsoleOutputCP
0x40a02c WriteConsoleA
0x40a030 SetStdHandle
0x40a034 RtlUnwind
0x40a038 HeapReAlloc
0x40a03c VirtualAlloc
0x40a040 HeapAlloc
0x40a044 InitializeCriticalSectionAndSpinCount
0x40a048 LoadLibraryA
0x40a04c MultiByteToWideChar
0x40a050 IsValidCodePage
0x40a054 GetOEMCP
0x40a058 GetACP
0x40a05c GetCPInfo
0x40a060 LeaveCriticalSection
0x40a064 EnterCriticalSection
0x40a068 GetConsoleMode
0x40a06c lstrcmpW
0x40a070 CloseHandle
0x40a074 WaitForSingleObject
0x40a078 GetLastError
0x40a07c OpenEventW
0x40a080 CreateThread
0x40a084 GetCurrentThreadId
0x40a088 SetDllDirectoryW
0x40a08c SetCurrentDirectoryW
0x40a090 GetEnvironmentVariableW
0x40a094 Wow64DisableWow64FsRedirection
0x40a098 IsWow64Process
0x40a09c GetCurrentProcess
0x40a0a0 CreateMutexW
0x40a0a4 GetCommandLineA
0x40a0a8 GetStartupInfoA
0x40a0ac TerminateProcess
0x40a0b0 UnhandledExceptionFilter
0x40a0b4 SetUnhandledExceptionFilter
0x40a0b8 IsDebuggerPresent
0x40a0bc GetModuleHandleW
0x40a0c0 Sleep
0x40a0c4 GetProcAddress
0x40a0c8 ExitProcess
0x40a0cc WriteFile
0x40a0d0 GetModuleFileNameA
0x40a0d4 FreeEnvironmentStringsA
0x40a0d8 GetEnvironmentStrings
0x40a0dc FreeEnvironmentStringsW
0x40a0e0 WideCharToMultiByte
0x40a0e4 GetEnvironmentStringsW
0x40a0e8 SetHandleCount
0x40a0ec GetFileType
0x40a0f0 DeleteCriticalSection
0x40a0f4 TlsGetValue
0x40a0f8 TlsAlloc
0x40a0fc TlsSetValue
0x40a100 TlsFree
0x40a104 InterlockedIncrement
0x40a108 SetLastError
0x40a10c InterlockedDecrement
0x40a110 HeapCreate
0x40a114 VirtualFree
0x40a118 HeapFree
0x40a11c QueryPerformanceCounter
0x40a120 GetTickCount
0x40a124 GetCurrentProcessId
0x40a128 GetSystemTimeAsFileTime
0x40a12c SetFilePointer
0x40a130 GetConsoleCP
EAT(Export Address Table) is none
USER32.dll
0x40a154 GetMessageW
0x40a158 TranslateMessage
0x40a15c DispatchMessageW
0x40a160 LoadCursorW
0x40a164 RegisterClassExW
0x40a168 EnumWindows
0x40a16c PostQuitMessage
0x40a170 DefWindowProcW
0x40a174 CreateWindowExW
0x40a178 ShowWindow
0x40a17c UpdateWindow
0x40a180 IsRectEmpty
0x40a184 SetWindowPos
0x40a188 OffsetRect
0x40a18c IntersectRect
0x40a190 GetDesktopWindow
0x40a194 GetShellWindow
0x40a198 FindWindowW
0x40a19c GetSystemMetrics
0x40a1a0 GetWindowLongW
0x40a1a4 GetWindowRect
0x40a1a8 FindWindowExW
0x40a1ac GetWindowThreadProcessId
0x40a1b0 GetClassNameW
NvSmartMax.dll
0x40a138 NvSmartMaxNotifyAppHWND
0x40a13c NvSmartMax_OnSetWorkArea
0x40a140 NVUnHook
0x40a144 NvSmartMaxShutdown
0x40a148 GetMaxToGridRect
0x40a14c SmartMaxLookupProcessName
KERNEL32.dll
0x40a000 GetStdHandle
0x40a004 FlushFileBuffers
0x40a008 CreateFileA
0x40a00c HeapSize
0x40a010 GetLocaleInfoA
0x40a014 GetStringTypeW
0x40a018 GetStringTypeA
0x40a01c LCMapStringW
0x40a020 LCMapStringA
0x40a024 WriteConsoleW
0x40a028 GetConsoleOutputCP
0x40a02c WriteConsoleA
0x40a030 SetStdHandle
0x40a034 RtlUnwind
0x40a038 HeapReAlloc
0x40a03c VirtualAlloc
0x40a040 HeapAlloc
0x40a044 InitializeCriticalSectionAndSpinCount
0x40a048 LoadLibraryA
0x40a04c MultiByteToWideChar
0x40a050 IsValidCodePage
0x40a054 GetOEMCP
0x40a058 GetACP
0x40a05c GetCPInfo
0x40a060 LeaveCriticalSection
0x40a064 EnterCriticalSection
0x40a068 GetConsoleMode
0x40a06c lstrcmpW
0x40a070 CloseHandle
0x40a074 WaitForSingleObject
0x40a078 GetLastError
0x40a07c OpenEventW
0x40a080 CreateThread
0x40a084 GetCurrentThreadId
0x40a088 SetDllDirectoryW
0x40a08c SetCurrentDirectoryW
0x40a090 GetEnvironmentVariableW
0x40a094 Wow64DisableWow64FsRedirection
0x40a098 IsWow64Process
0x40a09c GetCurrentProcess
0x40a0a0 CreateMutexW
0x40a0a4 GetCommandLineA
0x40a0a8 GetStartupInfoA
0x40a0ac TerminateProcess
0x40a0b0 UnhandledExceptionFilter
0x40a0b4 SetUnhandledExceptionFilter
0x40a0b8 IsDebuggerPresent
0x40a0bc GetModuleHandleW
0x40a0c0 Sleep
0x40a0c4 GetProcAddress
0x40a0c8 ExitProcess
0x40a0cc WriteFile
0x40a0d0 GetModuleFileNameA
0x40a0d4 FreeEnvironmentStringsA
0x40a0d8 GetEnvironmentStrings
0x40a0dc FreeEnvironmentStringsW
0x40a0e0 WideCharToMultiByte
0x40a0e4 GetEnvironmentStringsW
0x40a0e8 SetHandleCount
0x40a0ec GetFileType
0x40a0f0 DeleteCriticalSection
0x40a0f4 TlsGetValue
0x40a0f8 TlsAlloc
0x40a0fc TlsSetValue
0x40a100 TlsFree
0x40a104 InterlockedIncrement
0x40a108 SetLastError
0x40a10c InterlockedDecrement
0x40a110 HeapCreate
0x40a114 VirtualFree
0x40a118 HeapFree
0x40a11c QueryPerformanceCounter
0x40a120 GetTickCount
0x40a124 GetCurrentProcessId
0x40a128 GetSystemTimeAsFileTime
0x40a12c SetFilePointer
0x40a130 GetConsoleCP
EAT(Export Address Table) is none