ScreenShot
| Created | 2022.09.16 17:37 | Machine | s1_win7_x6403 |
| Filename | rKFGEfToHBHpqNG.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 523dd923aafdbb5c98db1a3e0609d374 | ||
| sha256 | 030a31af188750359b8629104be650e9d3a500aca70489c5835dc95741b9d7ec | ||
| ssdeep | 384:p3u/iCEnhikUvzkWS3YWKiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiLiiiiiriM:p+/unhi1zOz | ||
| imphash | ba072a972fe6c47c8cf7a0347bb0af7a | ||
| impfuzzy | 12:IvPXJwdwXJQTZNizhVIGXGXR/UV5N4GjY5vPf1L+/XtAf2hij:InPC1szLXGtI/U5vPtL+/9Af/ | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
SHELL32.dll
0x404038 ShellExecuteW
KERNEL32.dll
0x404010 SetUnhandledExceptionFilter
0x404014 GetCurrentProcess
0x404018 TerminateProcess
0x40401c UnhandledExceptionFilter
0x404020 GetCurrentProcessId
0x404024 GetCurrentThreadId
0x404028 GetSystemTimeAsFileTime
0x40402c GetTickCount
0x404030 QueryPerformanceCounter
msvcrt.dll
0x404058 _amsg_exit
0x40405c __p__fmode
0x404060 __setusermatherr
0x404064 _initterm
0x404068 _wcmdln
0x40406c ?terminate@@YAXXZ
0x404070 _controlfp
0x404074 _exit
0x404078 exit
0x40407c __p__commode
0x404080 _XcptFilter
0x404084 __set_app_type
0x404088 _except_handler4_common
0x40408c __wgetmainargs
0x404090 _cexit
ADVAPI32.dll
0x404000 EventSetInformation
0x404004 EventWriteTransfer
0x404008 EventRegister
api-ms-win-core-synch-l1-2-0.dll
0x404050 Sleep
api-ms-win-core-processthreads-l1-1-0.dll
0x404048 GetStartupInfoW
api-ms-win-core-libraryloader-l1-2-0.dll
0x404040 GetModuleHandleW
EAT(Export Address Table) is none
SHELL32.dll
0x404038 ShellExecuteW
KERNEL32.dll
0x404010 SetUnhandledExceptionFilter
0x404014 GetCurrentProcess
0x404018 TerminateProcess
0x40401c UnhandledExceptionFilter
0x404020 GetCurrentProcessId
0x404024 GetCurrentThreadId
0x404028 GetSystemTimeAsFileTime
0x40402c GetTickCount
0x404030 QueryPerformanceCounter
msvcrt.dll
0x404058 _amsg_exit
0x40405c __p__fmode
0x404060 __setusermatherr
0x404064 _initterm
0x404068 _wcmdln
0x40406c ?terminate@@YAXXZ
0x404070 _controlfp
0x404074 _exit
0x404078 exit
0x40407c __p__commode
0x404080 _XcptFilter
0x404084 __set_app_type
0x404088 _except_handler4_common
0x40408c __wgetmainargs
0x404090 _cexit
ADVAPI32.dll
0x404000 EventSetInformation
0x404004 EventWriteTransfer
0x404008 EventRegister
api-ms-win-core-synch-l1-2-0.dll
0x404050 Sleep
api-ms-win-core-processthreads-l1-1-0.dll
0x404048 GetStartupInfoW
api-ms-win-core-libraryloader-l1-2-0.dll
0x404040 GetModuleHandleW
EAT(Export Address Table) is none