ScreenShot
| Created | 2022.08.10 18:32 | Machine | s1_win7_x6402 |
| Filename | Screenshot 2022-08-10 1024634534531232131325345354787721151 - Microsoft Office 365 Online.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 7c22121f33af2bad8656ac09300416ee | ||
| sha256 | 3d46e95284f93bbb76b3b7e1bf0e1b2d51e8a9411c2b6e649112f22f92de63c2 | ||
| ssdeep | 3072:EMibZuTpOeyp0uTpOMckAKckAGDpA5NlKrss1ywKrss1ySZDvYONDzVFdC5wFVHv:B3F23FukA1kAb0rEbrESZU8wFjNHNI | ||
| imphash | 476969f0db7933adc8a837a099dcb8ae | ||
| impfuzzy | 12:jJbDZDoACPXJ1XJwdTGKTdYwd9MopqBBYZ83sh/Aa0+dYYKdB+GHGVXvD1FU63jx:d/ZDozLKBRd2oUu8cw+dqB5mVf5FMq | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x401000 GetLastError
0x401004 GetSystemDirectoryW
0x401008 FreeLibrary
0x40100c GetModuleHandleW
0x401010 GetProcAddress
0x401014 LoadLibraryExW
0x401018 DecodePointer
0x40101c IsDebuggerPresent
0x401020 SetUnhandledExceptionFilter
0x401024 UnhandledExceptionFilter
0x401028 GetCurrentProcess
0x40102c TerminateProcess
0x401030 EncodePointer
0x401034 GetStartupInfoW
0x401038 InterlockedCompareExchange
0x40103c Sleep
0x401040 InterlockedExchange
0x401044 WerRegisterMemoryBlock
0x401048 VirtualProtect
0x40104c GetTickCount
0x401050 GetSystemTimeAsFileTime
0x401054 GetCurrentThreadId
0x401058 GetCurrentProcessId
0x40105c HeapSetInformation
0x401060 GetProcessHeap
0x401064 QueryPerformanceCounter
MSVCR100.dll
0x40106c _invoke_watson
0x401070 _controlfp_s
0x401074 _except_handler4_common
0x401078 _lock
0x40107c __dllonexit
0x401080 _unlock
0x401084 ?terminate@@YAXXZ
0x401088 _crt_debugger_hook
0x40108c __set_app_type
0x401090 _fmode
0x401094 _commode
0x401098 __setusermatherr
0x40109c _configthreadlocale
0x4010a0 _initterm_e
0x4010a4 _initterm
0x4010a8 _acmdln
0x4010ac exit
0x4010b0 _ismbblead
0x4010b4 _XcptFilter
0x4010b8 _exit
0x4010bc _cexit
0x4010c0 __getmainargs
0x4010c4 _amsg_exit
0x4010c8 wcsncat_s
0x4010cc _onexit
EAT(Export Address Table) Library
0x401f3e DllGetLCID
0x401934 wdCommandDispatch
0x40193e wdGetApplicationObject
KERNEL32.dll
0x401000 GetLastError
0x401004 GetSystemDirectoryW
0x401008 FreeLibrary
0x40100c GetModuleHandleW
0x401010 GetProcAddress
0x401014 LoadLibraryExW
0x401018 DecodePointer
0x40101c IsDebuggerPresent
0x401020 SetUnhandledExceptionFilter
0x401024 UnhandledExceptionFilter
0x401028 GetCurrentProcess
0x40102c TerminateProcess
0x401030 EncodePointer
0x401034 GetStartupInfoW
0x401038 InterlockedCompareExchange
0x40103c Sleep
0x401040 InterlockedExchange
0x401044 WerRegisterMemoryBlock
0x401048 VirtualProtect
0x40104c GetTickCount
0x401050 GetSystemTimeAsFileTime
0x401054 GetCurrentThreadId
0x401058 GetCurrentProcessId
0x40105c HeapSetInformation
0x401060 GetProcessHeap
0x401064 QueryPerformanceCounter
MSVCR100.dll
0x40106c _invoke_watson
0x401070 _controlfp_s
0x401074 _except_handler4_common
0x401078 _lock
0x40107c __dllonexit
0x401080 _unlock
0x401084 ?terminate@@YAXXZ
0x401088 _crt_debugger_hook
0x40108c __set_app_type
0x401090 _fmode
0x401094 _commode
0x401098 __setusermatherr
0x40109c _configthreadlocale
0x4010a0 _initterm_e
0x4010a4 _initterm
0x4010a8 _acmdln
0x4010ac exit
0x4010b0 _ismbblead
0x4010b4 _XcptFilter
0x4010b8 _exit
0x4010bc _cexit
0x4010c0 __getmainargs
0x4010c4 _amsg_exit
0x4010c8 wcsncat_s
0x4010cc _onexit
EAT(Export Address Table) Library
0x401f3e DllGetLCID
0x401934 wdCommandDispatch
0x40193e wdGetApplicationObject