ScreenShot
| Created | 2022.03.26 19:18 | Machine | s1_win7_x6402 |
| Filename | rundll322.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | a5dd94434c702493d4577e966134b303 | ||
| sha256 | a26f4219815c297c705060b77595ef76e35e9e2bedbeb5afb3357cdc5ba2717f | ||
| ssdeep | 384:ovAw66vILDbNRhbHeJh8+oXBjxJd5IyYQGSbdkDjkoebjDISVjNW8SCW0:ovAOQbSEln5IyYpamDjobj8ShSA | ||
| imphash | d8fc1a3614d526e7111f36ddb837bb41 | ||
| impfuzzy | 24:yBVugnD69CjkGW2OSO2TR8+tQS0W9JvOSLk/KAESwkg+fR:qUgW9SAF2V8+tQS0WjvOSY/KAX/g+R | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | Foreign language identified in PE resource |
| info | This executable has a PDB path |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x10010b8 _except_handler3
0x10010bc _wtoi
0x10010c0 _vsnwprintf
KERNEL32.dll
0x1001010 FreeLibrary
0x1001014 LocalFree
0x1001018 lstrlenA
0x100101c WideCharToMultiByte
0x1001020 LocalAlloc
0x1001024 lstrlenW
0x1001028 GetProcAddress
0x100102c FormatMessageW
0x1001030 GetLastError
0x1001034 LoadLibraryW
0x1001038 ActivateActCtx
0x100103c CreateActCtxW
0x1001040 SearchPathW
0x1001044 GetFileAttributesW
0x1001048 ReleaseActCtx
0x100104c DeactivateActCtx
0x1001050 SetErrorMode
0x1001054 ExitProcess
0x1001058 GetModuleHandleW
0x100105c GetStartupInfoW
0x1001060 GetCommandLineW
0x1001064 QueryPerformanceCounter
0x1001068 GetTickCount
0x100106c GetCurrentThreadId
0x1001070 GetCurrentProcessId
0x1001074 GetSystemTimeAsFileTime
0x1001078 TerminateProcess
0x100107c GetCurrentProcess
0x1001080 UnhandledExceptionFilter
0x1001084 SetUnhandledExceptionFilter
GDI32.dll
0x1001000 GetStockObject
USER32.dll
0x100108c RegisterClassW
0x1001090 LoadStringW
0x1001094 CharNextW
0x1001098 SetClassLongW
0x100109c LoadIconW
0x10010a0 DefWindowProcW
0x10010a4 CreateWindowExW
0x10010a8 MessageBoxW
0x10010ac LoadCursorW
0x10010b0 DestroyWindow
IMAGEHLP.dll
0x1001008 ImageDirectoryEntryToData
EAT(Export Address Table) is none
msvcrt.dll
0x10010b8 _except_handler3
0x10010bc _wtoi
0x10010c0 _vsnwprintf
KERNEL32.dll
0x1001010 FreeLibrary
0x1001014 LocalFree
0x1001018 lstrlenA
0x100101c WideCharToMultiByte
0x1001020 LocalAlloc
0x1001024 lstrlenW
0x1001028 GetProcAddress
0x100102c FormatMessageW
0x1001030 GetLastError
0x1001034 LoadLibraryW
0x1001038 ActivateActCtx
0x100103c CreateActCtxW
0x1001040 SearchPathW
0x1001044 GetFileAttributesW
0x1001048 ReleaseActCtx
0x100104c DeactivateActCtx
0x1001050 SetErrorMode
0x1001054 ExitProcess
0x1001058 GetModuleHandleW
0x100105c GetStartupInfoW
0x1001060 GetCommandLineW
0x1001064 QueryPerformanceCounter
0x1001068 GetTickCount
0x100106c GetCurrentThreadId
0x1001070 GetCurrentProcessId
0x1001074 GetSystemTimeAsFileTime
0x1001078 TerminateProcess
0x100107c GetCurrentProcess
0x1001080 UnhandledExceptionFilter
0x1001084 SetUnhandledExceptionFilter
GDI32.dll
0x1001000 GetStockObject
USER32.dll
0x100108c RegisterClassW
0x1001090 LoadStringW
0x1001094 CharNextW
0x1001098 SetClassLongW
0x100109c LoadIconW
0x10010a0 DefWindowProcW
0x10010a4 CreateWindowExW
0x10010a8 MessageBoxW
0x10010ac LoadCursorW
0x10010b0 DestroyWindow
IMAGEHLP.dll
0x1001008 ImageDirectoryEntryToData
EAT(Export Address Table) is none