ScreenShot
| Created | 2021.11.19 08:01 | Machine | s1_win7_x6403 |
| Filename | bird.png | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 31123eebb209289d005e3e07b272cd7f | ||
| sha256 | b1c1e16cd7f490f1ca2b5939c81a11cafd0e0a12f45ae2bd6f8686ae453398df | ||
| ssdeep | 6144:zrR2md++PguXCPANM0aTnraW0hID/80WFvTqh8F/p/uwONct43j92U:H/PgFWIiW0DfT9pGHNu4B2U | ||
| imphash | 63a806c199e422807de783c1c09b5907 | ||
| impfuzzy | 96:PjjDyhsaEpzLaWu+pnAD/9CZ8v4L5L5JyQl:7j2spzej+K4B1JyQl | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
mfc140.dll
0x43110c None
0x431110 None
0x431114 None
0x431118 None
0x43111c None
0x431120 None
0x431124 None
0x431128 None
0x43112c None
0x431130 None
0x431134 None
0x431138 None
0x43113c None
0x431140 None
0x431144 None
0x431148 None
0x43114c None
0x431150 None
0x431154 None
0x431158 None
0x43115c None
0x431160 None
0x431164 None
0x431168 None
0x43116c None
0x431170 None
0x431174 None
0x431178 None
0x43117c None
0x431180 None
0x431184 None
0x431188 None
0x43118c None
0x431190 None
0x431194 None
0x431198 None
0x43119c None
0x4311a0 None
0x4311a4 None
0x4311a8 None
0x4311ac None
0x4311b0 None
0x4311b4 None
0x4311b8 None
0x4311bc None
0x4311c0 None
0x4311c4 None
0x4311c8 None
0x4311cc None
0x4311d0 None
0x4311d4 None
0x4311d8 None
0x4311dc None
0x4311e0 None
0x4311e4 None
0x4311e8 None
0x4311ec None
0x4311f0 None
0x4311f4 None
0x4311f8 None
0x4311fc None
0x431200 None
0x431204 None
0x431208 None
0x43120c None
0x431210 None
0x431214 None
0x431218 None
0x43121c None
0x431220 None
0x431224 None
0x431228 None
0x43122c None
0x431230 None
0x431234 None
0x431238 None
0x43123c None
0x431240 None
0x431244 None
0x431248 None
0x43124c None
0x431250 None
0x431254 None
0x431258 None
0x43125c None
0x431260 None
0x431264 None
0x431268 None
0x43126c None
0x431270 None
0x431274 None
0x431278 None
0x43127c None
0x431280 None
0x431284 None
0x431288 None
0x43128c None
0x431290 None
0x431294 None
0x431298 None
0x43129c None
0x4312a0 None
0x4312a4 None
0x4312a8 None
0x4312ac None
0x4312b0 None
0x4312b4 None
0x4312b8 None
0x4312bc None
0x4312c0 None
0x4312c4 None
0x4312c8 None
0x4312cc None
0x4312d0 None
0x4312d4 None
0x4312d8 None
0x4312dc None
0x4312e0 None
0x4312e4 None
0x4312e8 None
0x4312ec None
0x4312f0 None
0x4312f4 None
0x4312f8 None
0x4312fc None
0x431300 None
0x431304 None
0x431308 None
0x43130c None
0x431310 None
0x431314 None
0x431318 None
0x43131c None
0x431320 None
0x431324 None
0x431328 None
0x43132c None
0x431330 None
0x431334 None
0x431338 None
0x43133c None
0x431340 None
0x431344 None
0x431348 None
0x43134c None
0x431350 None
0x431354 None
0x431358 None
0x43135c None
0x431360 None
0x431364 None
0x431368 None
0x43136c None
0x431370 None
0x431374 None
0x431378 None
0x43137c None
0x431380 None
0x431384 None
0x431388 None
0x43138c None
0x431390 None
0x431394 None
0x431398 None
0x43139c None
0x4313a0 None
0x4313a4 None
0x4313a8 None
0x4313ac None
0x4313b0 None
0x4313b4 None
0x4313b8 None
0x4313bc None
0x4313c0 None
0x4313c4 None
0x4313c8 None
0x4313cc None
0x4313d0 None
0x4313d4 None
0x4313d8 None
0x4313dc None
0x4313e0 None
0x4313e4 None
0x4313e8 None
0x4313ec None
0x4313f0 None
0x4313f4 None
0x4313f8 None
0x4313fc None
0x431400 None
0x431404 None
0x431408 None
0x43140c None
0x431410 None
0x431414 None
0x431418 None
0x43141c None
0x431420 None
0x431424 None
0x431428 None
0x43142c None
0x431430 None
0x431434 None
0x431438 None
0x43143c None
0x431440 None
0x431444 None
0x431448 None
0x43144c None
0x431450 None
0x431454 None
0x431458 None
0x43145c None
0x431460 None
0x431464 None
0x431468 None
0x43146c None
0x431470 None
0x431474 None
0x431478 None
0x43147c None
0x431480 None
0x431484 None
0x431488 None
0x43148c None
0x431490 None
0x431494 None
0x431498 None
0x43149c None
0x4314a0 None
0x4314a4 None
0x4314a8 None
0x4314ac None
0x4314b0 None
0x4314b4 None
0x4314b8 None
0x4314bc None
0x4314c0 None
0x4314c4 None
0x4314c8 None
0x4314cc None
0x4314d0 None
0x4314d4 None
0x4314d8 None
0x4314dc None
0x4314e0 None
0x4314e4 None
KERNEL32.dll
0x431000 InitializeCriticalSectionEx
0x431004 GetLastError
0x431008 DeleteCriticalSection
0x43100c FreeResource
0x431010 ExitProcess
0x431014 OutputDebugStringW
0x431018 GetModuleHandleW
0x43101c GetProcAddress
0x431020 CloseHandle
0x431024 CreateEventW
0x431028 TerminateProcess
0x43102c GetCurrentProcess
0x431030 InitializeSListHead
0x431034 GetSystemTimeAsFileTime
0x431038 GetCurrentThreadId
0x43103c GetCurrentProcessId
0x431040 QueryPerformanceCounter
0x431044 IsProcessorFeaturePresent
0x431048 GetStartupInfoW
0x43104c SetUnhandledExceptionFilter
0x431050 UnhandledExceptionFilter
0x431054 IsDebuggerPresent
USER32.dll
0x43105c LoadCursorA
0x431060 UpdateWindow
0x431064 LoadAcceleratorsA
0x431068 EnableWindow
0x43106c SetLayeredWindowAttributes
0x431070 GetWindowLongA
0x431074 SetWindowLongA
0x431078 SendMessageA
0x43107c LoadMenuA
VCRUNTIME140.dll
0x431084 __CxxFrameHandler3
0x431088 __vcrt_InitializeCriticalSectionEx
0x43108c _except_handler4_common
0x431090 memset
api-ms-win-crt-heap-l1-1-0.dll
0x431098 _set_new_mode
0x43109c free
api-ms-win-crt-runtime-l1-1-0.dll
0x4310b8 _controlfp_s
0x4310bc terminate
0x4310c0 _configure_narrow_argv
0x4310c4 _register_thread_local_exe_atexit_callback
0x4310c8 _initialize_narrow_environment
0x4310cc _exit
0x4310d0 exit
0x4310d4 _initterm_e
0x4310d8 _initterm
0x4310dc _get_narrow_winmain_command_line
0x4310e0 _c_exit
0x4310e4 _set_app_type
0x4310e8 _seh_filter_exe
0x4310ec _cexit
0x4310f0 _crt_atexit
0x4310f4 _register_onexit_function
0x4310f8 _initialize_onexit_table
api-ms-win-crt-math-l1-1-0.dll
0x4310b0 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x431100 __p__commode
0x431104 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x4310a4 _configthreadlocale
0x4310a8 _setmbcp
EAT(Export Address Table) is none
mfc140.dll
0x43110c None
0x431110 None
0x431114 None
0x431118 None
0x43111c None
0x431120 None
0x431124 None
0x431128 None
0x43112c None
0x431130 None
0x431134 None
0x431138 None
0x43113c None
0x431140 None
0x431144 None
0x431148 None
0x43114c None
0x431150 None
0x431154 None
0x431158 None
0x43115c None
0x431160 None
0x431164 None
0x431168 None
0x43116c None
0x431170 None
0x431174 None
0x431178 None
0x43117c None
0x431180 None
0x431184 None
0x431188 None
0x43118c None
0x431190 None
0x431194 None
0x431198 None
0x43119c None
0x4311a0 None
0x4311a4 None
0x4311a8 None
0x4311ac None
0x4311b0 None
0x4311b4 None
0x4311b8 None
0x4311bc None
0x4311c0 None
0x4311c4 None
0x4311c8 None
0x4311cc None
0x4311d0 None
0x4311d4 None
0x4311d8 None
0x4311dc None
0x4311e0 None
0x4311e4 None
0x4311e8 None
0x4311ec None
0x4311f0 None
0x4311f4 None
0x4311f8 None
0x4311fc None
0x431200 None
0x431204 None
0x431208 None
0x43120c None
0x431210 None
0x431214 None
0x431218 None
0x43121c None
0x431220 None
0x431224 None
0x431228 None
0x43122c None
0x431230 None
0x431234 None
0x431238 None
0x43123c None
0x431240 None
0x431244 None
0x431248 None
0x43124c None
0x431250 None
0x431254 None
0x431258 None
0x43125c None
0x431260 None
0x431264 None
0x431268 None
0x43126c None
0x431270 None
0x431274 None
0x431278 None
0x43127c None
0x431280 None
0x431284 None
0x431288 None
0x43128c None
0x431290 None
0x431294 None
0x431298 None
0x43129c None
0x4312a0 None
0x4312a4 None
0x4312a8 None
0x4312ac None
0x4312b0 None
0x4312b4 None
0x4312b8 None
0x4312bc None
0x4312c0 None
0x4312c4 None
0x4312c8 None
0x4312cc None
0x4312d0 None
0x4312d4 None
0x4312d8 None
0x4312dc None
0x4312e0 None
0x4312e4 None
0x4312e8 None
0x4312ec None
0x4312f0 None
0x4312f4 None
0x4312f8 None
0x4312fc None
0x431300 None
0x431304 None
0x431308 None
0x43130c None
0x431310 None
0x431314 None
0x431318 None
0x43131c None
0x431320 None
0x431324 None
0x431328 None
0x43132c None
0x431330 None
0x431334 None
0x431338 None
0x43133c None
0x431340 None
0x431344 None
0x431348 None
0x43134c None
0x431350 None
0x431354 None
0x431358 None
0x43135c None
0x431360 None
0x431364 None
0x431368 None
0x43136c None
0x431370 None
0x431374 None
0x431378 None
0x43137c None
0x431380 None
0x431384 None
0x431388 None
0x43138c None
0x431390 None
0x431394 None
0x431398 None
0x43139c None
0x4313a0 None
0x4313a4 None
0x4313a8 None
0x4313ac None
0x4313b0 None
0x4313b4 None
0x4313b8 None
0x4313bc None
0x4313c0 None
0x4313c4 None
0x4313c8 None
0x4313cc None
0x4313d0 None
0x4313d4 None
0x4313d8 None
0x4313dc None
0x4313e0 None
0x4313e4 None
0x4313e8 None
0x4313ec None
0x4313f0 None
0x4313f4 None
0x4313f8 None
0x4313fc None
0x431400 None
0x431404 None
0x431408 None
0x43140c None
0x431410 None
0x431414 None
0x431418 None
0x43141c None
0x431420 None
0x431424 None
0x431428 None
0x43142c None
0x431430 None
0x431434 None
0x431438 None
0x43143c None
0x431440 None
0x431444 None
0x431448 None
0x43144c None
0x431450 None
0x431454 None
0x431458 None
0x43145c None
0x431460 None
0x431464 None
0x431468 None
0x43146c None
0x431470 None
0x431474 None
0x431478 None
0x43147c None
0x431480 None
0x431484 None
0x431488 None
0x43148c None
0x431490 None
0x431494 None
0x431498 None
0x43149c None
0x4314a0 None
0x4314a4 None
0x4314a8 None
0x4314ac None
0x4314b0 None
0x4314b4 None
0x4314b8 None
0x4314bc None
0x4314c0 None
0x4314c4 None
0x4314c8 None
0x4314cc None
0x4314d0 None
0x4314d4 None
0x4314d8 None
0x4314dc None
0x4314e0 None
0x4314e4 None
KERNEL32.dll
0x431000 InitializeCriticalSectionEx
0x431004 GetLastError
0x431008 DeleteCriticalSection
0x43100c FreeResource
0x431010 ExitProcess
0x431014 OutputDebugStringW
0x431018 GetModuleHandleW
0x43101c GetProcAddress
0x431020 CloseHandle
0x431024 CreateEventW
0x431028 TerminateProcess
0x43102c GetCurrentProcess
0x431030 InitializeSListHead
0x431034 GetSystemTimeAsFileTime
0x431038 GetCurrentThreadId
0x43103c GetCurrentProcessId
0x431040 QueryPerformanceCounter
0x431044 IsProcessorFeaturePresent
0x431048 GetStartupInfoW
0x43104c SetUnhandledExceptionFilter
0x431050 UnhandledExceptionFilter
0x431054 IsDebuggerPresent
USER32.dll
0x43105c LoadCursorA
0x431060 UpdateWindow
0x431064 LoadAcceleratorsA
0x431068 EnableWindow
0x43106c SetLayeredWindowAttributes
0x431070 GetWindowLongA
0x431074 SetWindowLongA
0x431078 SendMessageA
0x43107c LoadMenuA
VCRUNTIME140.dll
0x431084 __CxxFrameHandler3
0x431088 __vcrt_InitializeCriticalSectionEx
0x43108c _except_handler4_common
0x431090 memset
api-ms-win-crt-heap-l1-1-0.dll
0x431098 _set_new_mode
0x43109c free
api-ms-win-crt-runtime-l1-1-0.dll
0x4310b8 _controlfp_s
0x4310bc terminate
0x4310c0 _configure_narrow_argv
0x4310c4 _register_thread_local_exe_atexit_callback
0x4310c8 _initialize_narrow_environment
0x4310cc _exit
0x4310d0 exit
0x4310d4 _initterm_e
0x4310d8 _initterm
0x4310dc _get_narrow_winmain_command_line
0x4310e0 _c_exit
0x4310e4 _set_app_type
0x4310e8 _seh_filter_exe
0x4310ec _cexit
0x4310f0 _crt_atexit
0x4310f4 _register_onexit_function
0x4310f8 _initialize_onexit_table
api-ms-win-crt-math-l1-1-0.dll
0x4310b0 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x431100 __p__commode
0x431104 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x4310a4 _configthreadlocale
0x4310a8 _setmbcp
EAT(Export Address Table) is none