ScreenShot
| Created | 2021.11.19 07:38 | Machine | s1_win7_x6401 |
| Filename | bird.png | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | e94a7d335b6c55a000bd6f4fa16e31e9 | ||
| sha256 | 98ceadbdf49b0bea5e1626e1426dcc3a73587c86afe34a5cca9ce760213134c0 | ||
| ssdeep | 3072:xN1jfAAWW0NZvvJCmw134a6XHXarF/pstBaDqwONnct437Bl3N2UL8:xN5YLHJCt134aG8F/p/uwONct43j92U | ||
| imphash | 63a806c199e422807de783c1c09b5907 | ||
| impfuzzy | 96:PjjDyhsaEpzLaWu+pnAD/9CZ8v4L5L5JyQl:7j2spzej+K4B1JyQl | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
mfc140.dll
0x43210c None
0x432110 None
0x432114 None
0x432118 None
0x43211c None
0x432120 None
0x432124 None
0x432128 None
0x43212c None
0x432130 None
0x432134 None
0x432138 None
0x43213c None
0x432140 None
0x432144 None
0x432148 None
0x43214c None
0x432150 None
0x432154 None
0x432158 None
0x43215c None
0x432160 None
0x432164 None
0x432168 None
0x43216c None
0x432170 None
0x432174 None
0x432178 None
0x43217c None
0x432180 None
0x432184 None
0x432188 None
0x43218c None
0x432190 None
0x432194 None
0x432198 None
0x43219c None
0x4321a0 None
0x4321a4 None
0x4321a8 None
0x4321ac None
0x4321b0 None
0x4321b4 None
0x4321b8 None
0x4321bc None
0x4321c0 None
0x4321c4 None
0x4321c8 None
0x4321cc None
0x4321d0 None
0x4321d4 None
0x4321d8 None
0x4321dc None
0x4321e0 None
0x4321e4 None
0x4321e8 None
0x4321ec None
0x4321f0 None
0x4321f4 None
0x4321f8 None
0x4321fc None
0x432200 None
0x432204 None
0x432208 None
0x43220c None
0x432210 None
0x432214 None
0x432218 None
0x43221c None
0x432220 None
0x432224 None
0x432228 None
0x43222c None
0x432230 None
0x432234 None
0x432238 None
0x43223c None
0x432240 None
0x432244 None
0x432248 None
0x43224c None
0x432250 None
0x432254 None
0x432258 None
0x43225c None
0x432260 None
0x432264 None
0x432268 None
0x43226c None
0x432270 None
0x432274 None
0x432278 None
0x43227c None
0x432280 None
0x432284 None
0x432288 None
0x43228c None
0x432290 None
0x432294 None
0x432298 None
0x43229c None
0x4322a0 None
0x4322a4 None
0x4322a8 None
0x4322ac None
0x4322b0 None
0x4322b4 None
0x4322b8 None
0x4322bc None
0x4322c0 None
0x4322c4 None
0x4322c8 None
0x4322cc None
0x4322d0 None
0x4322d4 None
0x4322d8 None
0x4322dc None
0x4322e0 None
0x4322e4 None
0x4322e8 None
0x4322ec None
0x4322f0 None
0x4322f4 None
0x4322f8 None
0x4322fc None
0x432300 None
0x432304 None
0x432308 None
0x43230c None
0x432310 None
0x432314 None
0x432318 None
0x43231c None
0x432320 None
0x432324 None
0x432328 None
0x43232c None
0x432330 None
0x432334 None
0x432338 None
0x43233c None
0x432340 None
0x432344 None
0x432348 None
0x43234c None
0x432350 None
0x432354 None
0x432358 None
0x43235c None
0x432360 None
0x432364 None
0x432368 None
0x43236c None
0x432370 None
0x432374 None
0x432378 None
0x43237c None
0x432380 None
0x432384 None
0x432388 None
0x43238c None
0x432390 None
0x432394 None
0x432398 None
0x43239c None
0x4323a0 None
0x4323a4 None
0x4323a8 None
0x4323ac None
0x4323b0 None
0x4323b4 None
0x4323b8 None
0x4323bc None
0x4323c0 None
0x4323c4 None
0x4323c8 None
0x4323cc None
0x4323d0 None
0x4323d4 None
0x4323d8 None
0x4323dc None
0x4323e0 None
0x4323e4 None
0x4323e8 None
0x4323ec None
0x4323f0 None
0x4323f4 None
0x4323f8 None
0x4323fc None
0x432400 None
0x432404 None
0x432408 None
0x43240c None
0x432410 None
0x432414 None
0x432418 None
0x43241c None
0x432420 None
0x432424 None
0x432428 None
0x43242c None
0x432430 None
0x432434 None
0x432438 None
0x43243c None
0x432440 None
0x432444 None
0x432448 None
0x43244c None
0x432450 None
0x432454 None
0x432458 None
0x43245c None
0x432460 None
0x432464 None
0x432468 None
0x43246c None
0x432470 None
0x432474 None
0x432478 None
0x43247c None
0x432480 None
0x432484 None
0x432488 None
0x43248c None
0x432490 None
0x432494 None
0x432498 None
0x43249c None
0x4324a0 None
0x4324a4 None
0x4324a8 None
0x4324ac None
0x4324b0 None
0x4324b4 None
0x4324b8 None
0x4324bc None
0x4324c0 None
0x4324c4 None
0x4324c8 None
0x4324cc None
0x4324d0 None
0x4324d4 None
0x4324d8 None
0x4324dc None
0x4324e0 None
0x4324e4 None
KERNEL32.dll
0x432000 InitializeCriticalSectionEx
0x432004 GetLastError
0x432008 DeleteCriticalSection
0x43200c FreeResource
0x432010 ExitProcess
0x432014 OutputDebugStringW
0x432018 GetModuleHandleW
0x43201c GetProcAddress
0x432020 CloseHandle
0x432024 CreateEventW
0x432028 TerminateProcess
0x43202c GetCurrentProcess
0x432030 InitializeSListHead
0x432034 GetSystemTimeAsFileTime
0x432038 GetCurrentThreadId
0x43203c GetCurrentProcessId
0x432040 QueryPerformanceCounter
0x432044 IsProcessorFeaturePresent
0x432048 GetStartupInfoW
0x43204c SetUnhandledExceptionFilter
0x432050 UnhandledExceptionFilter
0x432054 IsDebuggerPresent
USER32.dll
0x43205c LoadCursorA
0x432060 UpdateWindow
0x432064 LoadAcceleratorsA
0x432068 EnableWindow
0x43206c SetLayeredWindowAttributes
0x432070 GetWindowLongA
0x432074 SetWindowLongA
0x432078 SendMessageA
0x43207c LoadMenuA
VCRUNTIME140.dll
0x432084 __CxxFrameHandler3
0x432088 __vcrt_InitializeCriticalSectionEx
0x43208c _except_handler4_common
0x432090 memset
api-ms-win-crt-heap-l1-1-0.dll
0x432098 _set_new_mode
0x43209c free
api-ms-win-crt-runtime-l1-1-0.dll
0x4320b8 _controlfp_s
0x4320bc terminate
0x4320c0 _configure_narrow_argv
0x4320c4 _register_thread_local_exe_atexit_callback
0x4320c8 _initialize_narrow_environment
0x4320cc _exit
0x4320d0 exit
0x4320d4 _initterm_e
0x4320d8 _initterm
0x4320dc _get_narrow_winmain_command_line
0x4320e0 _c_exit
0x4320e4 _set_app_type
0x4320e8 _seh_filter_exe
0x4320ec _cexit
0x4320f0 _crt_atexit
0x4320f4 _register_onexit_function
0x4320f8 _initialize_onexit_table
api-ms-win-crt-math-l1-1-0.dll
0x4320b0 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x432100 __p__commode
0x432104 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x4320a4 _configthreadlocale
0x4320a8 _setmbcp
EAT(Export Address Table) is none
mfc140.dll
0x43210c None
0x432110 None
0x432114 None
0x432118 None
0x43211c None
0x432120 None
0x432124 None
0x432128 None
0x43212c None
0x432130 None
0x432134 None
0x432138 None
0x43213c None
0x432140 None
0x432144 None
0x432148 None
0x43214c None
0x432150 None
0x432154 None
0x432158 None
0x43215c None
0x432160 None
0x432164 None
0x432168 None
0x43216c None
0x432170 None
0x432174 None
0x432178 None
0x43217c None
0x432180 None
0x432184 None
0x432188 None
0x43218c None
0x432190 None
0x432194 None
0x432198 None
0x43219c None
0x4321a0 None
0x4321a4 None
0x4321a8 None
0x4321ac None
0x4321b0 None
0x4321b4 None
0x4321b8 None
0x4321bc None
0x4321c0 None
0x4321c4 None
0x4321c8 None
0x4321cc None
0x4321d0 None
0x4321d4 None
0x4321d8 None
0x4321dc None
0x4321e0 None
0x4321e4 None
0x4321e8 None
0x4321ec None
0x4321f0 None
0x4321f4 None
0x4321f8 None
0x4321fc None
0x432200 None
0x432204 None
0x432208 None
0x43220c None
0x432210 None
0x432214 None
0x432218 None
0x43221c None
0x432220 None
0x432224 None
0x432228 None
0x43222c None
0x432230 None
0x432234 None
0x432238 None
0x43223c None
0x432240 None
0x432244 None
0x432248 None
0x43224c None
0x432250 None
0x432254 None
0x432258 None
0x43225c None
0x432260 None
0x432264 None
0x432268 None
0x43226c None
0x432270 None
0x432274 None
0x432278 None
0x43227c None
0x432280 None
0x432284 None
0x432288 None
0x43228c None
0x432290 None
0x432294 None
0x432298 None
0x43229c None
0x4322a0 None
0x4322a4 None
0x4322a8 None
0x4322ac None
0x4322b0 None
0x4322b4 None
0x4322b8 None
0x4322bc None
0x4322c0 None
0x4322c4 None
0x4322c8 None
0x4322cc None
0x4322d0 None
0x4322d4 None
0x4322d8 None
0x4322dc None
0x4322e0 None
0x4322e4 None
0x4322e8 None
0x4322ec None
0x4322f0 None
0x4322f4 None
0x4322f8 None
0x4322fc None
0x432300 None
0x432304 None
0x432308 None
0x43230c None
0x432310 None
0x432314 None
0x432318 None
0x43231c None
0x432320 None
0x432324 None
0x432328 None
0x43232c None
0x432330 None
0x432334 None
0x432338 None
0x43233c None
0x432340 None
0x432344 None
0x432348 None
0x43234c None
0x432350 None
0x432354 None
0x432358 None
0x43235c None
0x432360 None
0x432364 None
0x432368 None
0x43236c None
0x432370 None
0x432374 None
0x432378 None
0x43237c None
0x432380 None
0x432384 None
0x432388 None
0x43238c None
0x432390 None
0x432394 None
0x432398 None
0x43239c None
0x4323a0 None
0x4323a4 None
0x4323a8 None
0x4323ac None
0x4323b0 None
0x4323b4 None
0x4323b8 None
0x4323bc None
0x4323c0 None
0x4323c4 None
0x4323c8 None
0x4323cc None
0x4323d0 None
0x4323d4 None
0x4323d8 None
0x4323dc None
0x4323e0 None
0x4323e4 None
0x4323e8 None
0x4323ec None
0x4323f0 None
0x4323f4 None
0x4323f8 None
0x4323fc None
0x432400 None
0x432404 None
0x432408 None
0x43240c None
0x432410 None
0x432414 None
0x432418 None
0x43241c None
0x432420 None
0x432424 None
0x432428 None
0x43242c None
0x432430 None
0x432434 None
0x432438 None
0x43243c None
0x432440 None
0x432444 None
0x432448 None
0x43244c None
0x432450 None
0x432454 None
0x432458 None
0x43245c None
0x432460 None
0x432464 None
0x432468 None
0x43246c None
0x432470 None
0x432474 None
0x432478 None
0x43247c None
0x432480 None
0x432484 None
0x432488 None
0x43248c None
0x432490 None
0x432494 None
0x432498 None
0x43249c None
0x4324a0 None
0x4324a4 None
0x4324a8 None
0x4324ac None
0x4324b0 None
0x4324b4 None
0x4324b8 None
0x4324bc None
0x4324c0 None
0x4324c4 None
0x4324c8 None
0x4324cc None
0x4324d0 None
0x4324d4 None
0x4324d8 None
0x4324dc None
0x4324e0 None
0x4324e4 None
KERNEL32.dll
0x432000 InitializeCriticalSectionEx
0x432004 GetLastError
0x432008 DeleteCriticalSection
0x43200c FreeResource
0x432010 ExitProcess
0x432014 OutputDebugStringW
0x432018 GetModuleHandleW
0x43201c GetProcAddress
0x432020 CloseHandle
0x432024 CreateEventW
0x432028 TerminateProcess
0x43202c GetCurrentProcess
0x432030 InitializeSListHead
0x432034 GetSystemTimeAsFileTime
0x432038 GetCurrentThreadId
0x43203c GetCurrentProcessId
0x432040 QueryPerformanceCounter
0x432044 IsProcessorFeaturePresent
0x432048 GetStartupInfoW
0x43204c SetUnhandledExceptionFilter
0x432050 UnhandledExceptionFilter
0x432054 IsDebuggerPresent
USER32.dll
0x43205c LoadCursorA
0x432060 UpdateWindow
0x432064 LoadAcceleratorsA
0x432068 EnableWindow
0x43206c SetLayeredWindowAttributes
0x432070 GetWindowLongA
0x432074 SetWindowLongA
0x432078 SendMessageA
0x43207c LoadMenuA
VCRUNTIME140.dll
0x432084 __CxxFrameHandler3
0x432088 __vcrt_InitializeCriticalSectionEx
0x43208c _except_handler4_common
0x432090 memset
api-ms-win-crt-heap-l1-1-0.dll
0x432098 _set_new_mode
0x43209c free
api-ms-win-crt-runtime-l1-1-0.dll
0x4320b8 _controlfp_s
0x4320bc terminate
0x4320c0 _configure_narrow_argv
0x4320c4 _register_thread_local_exe_atexit_callback
0x4320c8 _initialize_narrow_environment
0x4320cc _exit
0x4320d0 exit
0x4320d4 _initterm_e
0x4320d8 _initterm
0x4320dc _get_narrow_winmain_command_line
0x4320e0 _c_exit
0x4320e4 _set_app_type
0x4320e8 _seh_filter_exe
0x4320ec _cexit
0x4320f0 _crt_atexit
0x4320f4 _register_onexit_function
0x4320f8 _initialize_onexit_table
api-ms-win-crt-math-l1-1-0.dll
0x4320b0 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x432100 __p__commode
0x432104 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x4320a4 _configthreadlocale
0x4320a8 _setmbcp
EAT(Export Address Table) is none