ScreenShot
| Created | 2021.11.23 07:56 | Machine | s1_win7_x6403 |
| Filename | robert.png | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 65a43f945729062784e3ca1edb043a20 | ||
| sha256 | 7ffde8b798c33691794db4b89165243d790669ce5e659402758574120aaacf00 | ||
| ssdeep | 49152:VXVvZV1grmM2tVoXvxKWsAUZVsxWDkOtJ2ivlC:VXVvZV1grmM2tVoXvxKWsAUZVsxWDkOM | ||
| imphash | d31639bc44b992226d49e6ecf1a2a248 | ||
| impfuzzy | 96:hDYslkvnoP6WhVhXu5I1ApeCHVT8vXLWSYJyQl:usonoPlVx5GH/JyQl | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
mfc140.dll
0x405134 None
0x405138 None
0x40513c None
0x405140 None
0x405144 None
0x405148 None
0x40514c None
0x405150 None
0x405154 None
0x405158 None
0x40515c None
0x405160 None
0x405164 None
0x405168 None
0x40516c None
0x405170 None
0x405174 None
0x405178 None
0x40517c None
0x405180 None
0x405184 None
0x405188 None
0x40518c None
0x405190 None
0x405194 None
0x405198 None
0x40519c None
0x4051a0 None
0x4051a4 None
0x4051a8 None
0x4051ac None
0x4051b0 None
0x4051b4 None
0x4051b8 None
0x4051bc None
0x4051c0 None
0x4051c4 None
0x4051c8 None
0x4051cc None
0x4051d0 None
0x4051d4 None
0x4051d8 None
0x4051dc None
0x4051e0 None
0x4051e4 None
0x4051e8 None
0x4051ec None
0x4051f0 None
0x4051f4 None
0x4051f8 None
0x4051fc None
0x405200 None
0x405204 None
0x405208 None
0x40520c None
0x405210 None
0x405214 None
0x405218 None
0x40521c None
0x405220 None
0x405224 None
0x405228 None
0x40522c None
0x405230 None
0x405234 None
0x405238 None
0x40523c None
0x405240 None
0x405244 None
0x405248 None
0x40524c None
0x405250 None
0x405254 None
0x405258 None
0x40525c None
0x405260 None
0x405264 None
0x405268 None
0x40526c None
0x405270 None
0x405274 None
0x405278 None
0x40527c None
0x405280 None
0x405284 None
0x405288 None
0x40528c None
0x405290 None
0x405294 None
0x405298 None
0x40529c None
0x4052a0 None
0x4052a4 None
0x4052a8 None
0x4052ac None
0x4052b0 None
0x4052b4 None
0x4052b8 None
0x4052bc None
0x4052c0 None
0x4052c4 None
0x4052c8 None
0x4052cc None
0x4052d0 None
0x4052d4 None
0x4052d8 None
0x4052dc None
0x4052e0 None
0x4052e4 None
0x4052e8 None
0x4052ec None
0x4052f0 None
0x4052f4 None
0x4052f8 None
0x4052fc None
0x405300 None
0x405304 None
0x405308 None
0x40530c None
0x405310 None
0x405314 None
0x405318 None
0x40531c None
0x405320 None
0x405324 None
0x405328 None
0x40532c None
0x405330 None
0x405334 None
0x405338 None
0x40533c None
0x405340 None
0x405344 None
0x405348 None
0x40534c None
0x405350 None
0x405354 None
0x405358 None
0x40535c None
0x405360 None
0x405364 None
0x405368 None
0x40536c None
0x405370 None
0x405374 None
0x405378 None
0x40537c None
0x405380 None
0x405384 None
0x405388 None
0x40538c None
0x405390 None
0x405394 None
0x405398 None
0x40539c None
0x4053a0 None
0x4053a4 None
0x4053a8 None
0x4053ac None
0x4053b0 None
0x4053b4 None
0x4053b8 None
0x4053bc None
0x4053c0 None
0x4053c4 None
0x4053c8 None
0x4053cc None
0x4053d0 None
0x4053d4 None
0x4053d8 None
0x4053dc None
0x4053e0 None
0x4053e4 None
0x4053e8 None
0x4053ec None
0x4053f0 None
0x4053f4 None
0x4053f8 None
0x4053fc None
0x405400 None
0x405404 None
0x405408 None
0x40540c None
0x405410 None
0x405414 None
0x405418 None
0x40541c None
0x405420 None
0x405424 None
0x405428 None
0x40542c None
0x405430 None
0x405434 None
0x405438 None
0x40543c None
0x405440 None
0x405444 None
0x405448 None
0x40544c None
0x405450 None
0x405454 None
0x405458 None
0x40545c None
0x405460 None
0x405464 None
0x405468 None
0x40546c None
0x405470 None
0x405474 None
0x405478 None
0x40547c None
0x405480 None
0x405484 None
0x405488 None
0x40548c None
0x405490 None
0x405494 None
0x405498 None
0x40549c None
0x4054a0 None
0x4054a4 None
0x4054a8 None
0x4054ac None
0x4054b0 None
0x4054b4 None
0x4054b8 None
0x4054bc None
0x4054c0 None
0x4054c4 None
0x4054c8 None
0x4054cc None
0x4054d0 None
0x4054d4 None
0x4054d8 None
0x4054dc None
0x4054e0 None
0x4054e4 None
0x4054e8 None
0x4054ec None
0x4054f0 None
0x4054f4 None
0x4054f8 None
0x4054fc None
0x405500 None
0x405504 None
0x405508 None
0x40550c None
KERNEL32.dll
0x405000 HeapAlloc
0x405004 HeapReAlloc
0x405008 HeapFree
0x40500c GetLastError
0x405010 LeaveCriticalSection
0x405014 InitializeCriticalSectionAndSpinCount
0x405018 DeleteCriticalSection
0x40501c FreeResource
0x405020 ExitProcess
0x405024 InitializeCriticalSection
0x405028 WaitForMultipleObjects
0x40502c EnterCriticalSection
0x405030 OutputDebugStringW
0x405034 Sleep
0x405038 TlsGetValue
0x40503c CreateFileA
0x405040 WideCharToMultiByte
0x405044 GetModuleHandleW
0x405048 GetProcAddress
0x40504c TerminateProcess
0x405050 GetCurrentProcess
0x405054 InitializeSListHead
0x405058 GetSystemTimeAsFileTime
0x40505c GetCurrentThreadId
0x405060 GetCurrentProcessId
0x405064 QueryPerformanceCounter
0x405068 GetStartupInfoW
0x40506c SetUnhandledExceptionFilter
0x405070 UnhandledExceptionFilter
0x405074 IsDebuggerPresent
0x405078 IsProcessorFeaturePresent
0x40507c CreateEventW
0x405080 CloseHandle
USER32.dll
0x405088 LoadCursorA
0x40508c LoadAcceleratorsA
0x405090 LoadMenuA
0x405094 EnableWindow
0x405098 GetWindowLongA
0x40509c SetWindowLongA
0x4050a0 UpdateWindow
0x4050a4 SendMessageA
VCRUNTIME140.dll
0x4050ac __CxxFrameHandler3
0x4050b0 memset
0x4050b4 __vcrt_InitializeCriticalSectionEx
0x4050b8 _except_handler4_common
api-ms-win-crt-heap-l1-1-0.dll
0x4050c0 _set_new_mode
0x4050c4 free
api-ms-win-crt-runtime-l1-1-0.dll
0x4050e0 _controlfp_s
0x4050e4 terminate
0x4050e8 _configure_narrow_argv
0x4050ec _register_thread_local_exe_atexit_callback
0x4050f0 _initialize_narrow_environment
0x4050f4 _exit
0x4050f8 exit
0x4050fc _initterm_e
0x405100 _initterm
0x405104 _get_narrow_winmain_command_line
0x405108 _c_exit
0x40510c _set_app_type
0x405110 _seh_filter_exe
0x405114 _cexit
0x405118 _crt_atexit
0x40511c _register_onexit_function
0x405120 _initialize_onexit_table
api-ms-win-crt-math-l1-1-0.dll
0x4050d8 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x405128 __p__commode
0x40512c _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x4050cc _configthreadlocale
0x4050d0 _setmbcp
EAT(Export Address Table) is none
mfc140.dll
0x405134 None
0x405138 None
0x40513c None
0x405140 None
0x405144 None
0x405148 None
0x40514c None
0x405150 None
0x405154 None
0x405158 None
0x40515c None
0x405160 None
0x405164 None
0x405168 None
0x40516c None
0x405170 None
0x405174 None
0x405178 None
0x40517c None
0x405180 None
0x405184 None
0x405188 None
0x40518c None
0x405190 None
0x405194 None
0x405198 None
0x40519c None
0x4051a0 None
0x4051a4 None
0x4051a8 None
0x4051ac None
0x4051b0 None
0x4051b4 None
0x4051b8 None
0x4051bc None
0x4051c0 None
0x4051c4 None
0x4051c8 None
0x4051cc None
0x4051d0 None
0x4051d4 None
0x4051d8 None
0x4051dc None
0x4051e0 None
0x4051e4 None
0x4051e8 None
0x4051ec None
0x4051f0 None
0x4051f4 None
0x4051f8 None
0x4051fc None
0x405200 None
0x405204 None
0x405208 None
0x40520c None
0x405210 None
0x405214 None
0x405218 None
0x40521c None
0x405220 None
0x405224 None
0x405228 None
0x40522c None
0x405230 None
0x405234 None
0x405238 None
0x40523c None
0x405240 None
0x405244 None
0x405248 None
0x40524c None
0x405250 None
0x405254 None
0x405258 None
0x40525c None
0x405260 None
0x405264 None
0x405268 None
0x40526c None
0x405270 None
0x405274 None
0x405278 None
0x40527c None
0x405280 None
0x405284 None
0x405288 None
0x40528c None
0x405290 None
0x405294 None
0x405298 None
0x40529c None
0x4052a0 None
0x4052a4 None
0x4052a8 None
0x4052ac None
0x4052b0 None
0x4052b4 None
0x4052b8 None
0x4052bc None
0x4052c0 None
0x4052c4 None
0x4052c8 None
0x4052cc None
0x4052d0 None
0x4052d4 None
0x4052d8 None
0x4052dc None
0x4052e0 None
0x4052e4 None
0x4052e8 None
0x4052ec None
0x4052f0 None
0x4052f4 None
0x4052f8 None
0x4052fc None
0x405300 None
0x405304 None
0x405308 None
0x40530c None
0x405310 None
0x405314 None
0x405318 None
0x40531c None
0x405320 None
0x405324 None
0x405328 None
0x40532c None
0x405330 None
0x405334 None
0x405338 None
0x40533c None
0x405340 None
0x405344 None
0x405348 None
0x40534c None
0x405350 None
0x405354 None
0x405358 None
0x40535c None
0x405360 None
0x405364 None
0x405368 None
0x40536c None
0x405370 None
0x405374 None
0x405378 None
0x40537c None
0x405380 None
0x405384 None
0x405388 None
0x40538c None
0x405390 None
0x405394 None
0x405398 None
0x40539c None
0x4053a0 None
0x4053a4 None
0x4053a8 None
0x4053ac None
0x4053b0 None
0x4053b4 None
0x4053b8 None
0x4053bc None
0x4053c0 None
0x4053c4 None
0x4053c8 None
0x4053cc None
0x4053d0 None
0x4053d4 None
0x4053d8 None
0x4053dc None
0x4053e0 None
0x4053e4 None
0x4053e8 None
0x4053ec None
0x4053f0 None
0x4053f4 None
0x4053f8 None
0x4053fc None
0x405400 None
0x405404 None
0x405408 None
0x40540c None
0x405410 None
0x405414 None
0x405418 None
0x40541c None
0x405420 None
0x405424 None
0x405428 None
0x40542c None
0x405430 None
0x405434 None
0x405438 None
0x40543c None
0x405440 None
0x405444 None
0x405448 None
0x40544c None
0x405450 None
0x405454 None
0x405458 None
0x40545c None
0x405460 None
0x405464 None
0x405468 None
0x40546c None
0x405470 None
0x405474 None
0x405478 None
0x40547c None
0x405480 None
0x405484 None
0x405488 None
0x40548c None
0x405490 None
0x405494 None
0x405498 None
0x40549c None
0x4054a0 None
0x4054a4 None
0x4054a8 None
0x4054ac None
0x4054b0 None
0x4054b4 None
0x4054b8 None
0x4054bc None
0x4054c0 None
0x4054c4 None
0x4054c8 None
0x4054cc None
0x4054d0 None
0x4054d4 None
0x4054d8 None
0x4054dc None
0x4054e0 None
0x4054e4 None
0x4054e8 None
0x4054ec None
0x4054f0 None
0x4054f4 None
0x4054f8 None
0x4054fc None
0x405500 None
0x405504 None
0x405508 None
0x40550c None
KERNEL32.dll
0x405000 HeapAlloc
0x405004 HeapReAlloc
0x405008 HeapFree
0x40500c GetLastError
0x405010 LeaveCriticalSection
0x405014 InitializeCriticalSectionAndSpinCount
0x405018 DeleteCriticalSection
0x40501c FreeResource
0x405020 ExitProcess
0x405024 InitializeCriticalSection
0x405028 WaitForMultipleObjects
0x40502c EnterCriticalSection
0x405030 OutputDebugStringW
0x405034 Sleep
0x405038 TlsGetValue
0x40503c CreateFileA
0x405040 WideCharToMultiByte
0x405044 GetModuleHandleW
0x405048 GetProcAddress
0x40504c TerminateProcess
0x405050 GetCurrentProcess
0x405054 InitializeSListHead
0x405058 GetSystemTimeAsFileTime
0x40505c GetCurrentThreadId
0x405060 GetCurrentProcessId
0x405064 QueryPerformanceCounter
0x405068 GetStartupInfoW
0x40506c SetUnhandledExceptionFilter
0x405070 UnhandledExceptionFilter
0x405074 IsDebuggerPresent
0x405078 IsProcessorFeaturePresent
0x40507c CreateEventW
0x405080 CloseHandle
USER32.dll
0x405088 LoadCursorA
0x40508c LoadAcceleratorsA
0x405090 LoadMenuA
0x405094 EnableWindow
0x405098 GetWindowLongA
0x40509c SetWindowLongA
0x4050a0 UpdateWindow
0x4050a4 SendMessageA
VCRUNTIME140.dll
0x4050ac __CxxFrameHandler3
0x4050b0 memset
0x4050b4 __vcrt_InitializeCriticalSectionEx
0x4050b8 _except_handler4_common
api-ms-win-crt-heap-l1-1-0.dll
0x4050c0 _set_new_mode
0x4050c4 free
api-ms-win-crt-runtime-l1-1-0.dll
0x4050e0 _controlfp_s
0x4050e4 terminate
0x4050e8 _configure_narrow_argv
0x4050ec _register_thread_local_exe_atexit_callback
0x4050f0 _initialize_narrow_environment
0x4050f4 _exit
0x4050f8 exit
0x4050fc _initterm_e
0x405100 _initterm
0x405104 _get_narrow_winmain_command_line
0x405108 _c_exit
0x40510c _set_app_type
0x405110 _seh_filter_exe
0x405114 _cexit
0x405118 _crt_atexit
0x40511c _register_onexit_function
0x405120 _initialize_onexit_table
api-ms-win-crt-math-l1-1-0.dll
0x4050d8 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x405128 __p__commode
0x40512c _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x4050cc _configthreadlocale
0x4050d0 _setmbcp
EAT(Export Address Table) is none