ScreenShot
| Created | 2022.12.20 14:33 | Machine | s1_win7_x6401 |
| Filename | ladia.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | f5399e9a1250cd605e255fdad3403457 | ||
| sha256 | a47dded62a9ebf8887438f4b2bd32387ee3fde504e0988d309229187579ecad3 | ||
| ssdeep | 6144:wrL4WE84M9Y0WjTexjLVqtN7wz00P0hGrcnkNrD7ydP9gX63QZImQKG0:mMWED0WjqjLVmb0PwGYnkBWOYQZW | ||
| imphash | 2672dcb5d3f18e5d541d0c4a1fc7ed24 | ||
| impfuzzy | 24:jkSZPfVFOObkrqcD1ZCxXJM4etLcHuOZyvDx/J3ISlRSnafNjlu8jM4lgU:jZzsYxXEtLMuDThSnafhsbU | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x401000 GetConsoleAliasA
0x401004 GetUserDefaultLCID
0x401008 GetComputerNameW
0x40100c CreateHardLinkA
0x401010 GetModuleHandleW
0x401014 GetTickCount
0x401018 TlsSetValue
0x40101c LoadLibraryW
0x401020 GetCalendarInfoW
0x401024 DeleteVolumeMountPointW
0x401028 EnumSystemCodePagesA
0x40102c MultiByteToWideChar
0x401030 LCMapStringA
0x401034 GetConsoleAliasesW
0x401038 GetLastError
0x40103c GetProcAddress
0x401040 VirtualAlloc
0x401044 CreateConsoleScreenBuffer
0x401048 CreateMemoryResourceNotification
0x40104c LoadLibraryA
0x401050 WriteConsoleA
0x401054 SetProcessWorkingSetSize
0x401058 FoldStringA
0x40105c CreateMutexA
0x401060 VirtualProtect
0x401064 SetThreadAffinityMask
0x401068 EndUpdateResourceA
0x40106c AddConsoleAliasA
0x401070 GetConsoleProcessList
0x401074 GetStartupInfoW
0x401078 HeapAlloc
0x40107c TerminateProcess
0x401080 GetCurrentProcess
0x401084 UnhandledExceptionFilter
0x401088 SetUnhandledExceptionFilter
0x40108c IsDebuggerPresent
0x401090 Sleep
0x401094 ExitProcess
0x401098 WriteFile
0x40109c GetStdHandle
0x4010a0 GetModuleFileNameA
0x4010a4 GetModuleFileNameW
0x4010a8 FreeEnvironmentStringsW
0x4010ac GetEnvironmentStringsW
0x4010b0 GetCommandLineW
0x4010b4 SetHandleCount
0x4010b8 GetFileType
0x4010bc GetStartupInfoA
0x4010c0 DeleteCriticalSection
0x4010c4 TlsGetValue
0x4010c8 TlsAlloc
0x4010cc TlsFree
0x4010d0 InterlockedIncrement
0x4010d4 SetLastError
0x4010d8 GetCurrentThreadId
0x4010dc InterlockedDecrement
0x4010e0 HeapCreate
0x4010e4 VirtualFree
0x4010e8 HeapFree
0x4010ec QueryPerformanceCounter
0x4010f0 GetCurrentProcessId
0x4010f4 GetSystemTimeAsFileTime
0x4010f8 RaiseException
0x4010fc LeaveCriticalSection
0x401100 EnterCriticalSection
0x401104 HeapReAlloc
0x401108 GetCPInfo
0x40110c GetACP
0x401110 GetOEMCP
0x401114 IsValidCodePage
0x401118 SetFilePointer
0x40111c ReadFile
0x401120 InitializeCriticalSectionAndSpinCount
0x401124 RtlUnwind
0x401128 GetModuleHandleA
0x40112c WideCharToMultiByte
0x401130 LCMapStringW
0x401134 GetStringTypeA
0x401138 GetStringTypeW
0x40113c GetLocaleInfoA
0x401140 SetStdHandle
0x401144 GetConsoleCP
0x401148 GetConsoleMode
0x40114c FlushFileBuffers
0x401150 HeapSize
0x401154 GetConsoleOutputCP
0x401158 WriteConsoleW
0x40115c CreateFileA
0x401160 CloseHandle
USER32.dll
0x401168 WindowFromDC
EAT(Export Address Table) is none
KERNEL32.dll
0x401000 GetConsoleAliasA
0x401004 GetUserDefaultLCID
0x401008 GetComputerNameW
0x40100c CreateHardLinkA
0x401010 GetModuleHandleW
0x401014 GetTickCount
0x401018 TlsSetValue
0x40101c LoadLibraryW
0x401020 GetCalendarInfoW
0x401024 DeleteVolumeMountPointW
0x401028 EnumSystemCodePagesA
0x40102c MultiByteToWideChar
0x401030 LCMapStringA
0x401034 GetConsoleAliasesW
0x401038 GetLastError
0x40103c GetProcAddress
0x401040 VirtualAlloc
0x401044 CreateConsoleScreenBuffer
0x401048 CreateMemoryResourceNotification
0x40104c LoadLibraryA
0x401050 WriteConsoleA
0x401054 SetProcessWorkingSetSize
0x401058 FoldStringA
0x40105c CreateMutexA
0x401060 VirtualProtect
0x401064 SetThreadAffinityMask
0x401068 EndUpdateResourceA
0x40106c AddConsoleAliasA
0x401070 GetConsoleProcessList
0x401074 GetStartupInfoW
0x401078 HeapAlloc
0x40107c TerminateProcess
0x401080 GetCurrentProcess
0x401084 UnhandledExceptionFilter
0x401088 SetUnhandledExceptionFilter
0x40108c IsDebuggerPresent
0x401090 Sleep
0x401094 ExitProcess
0x401098 WriteFile
0x40109c GetStdHandle
0x4010a0 GetModuleFileNameA
0x4010a4 GetModuleFileNameW
0x4010a8 FreeEnvironmentStringsW
0x4010ac GetEnvironmentStringsW
0x4010b0 GetCommandLineW
0x4010b4 SetHandleCount
0x4010b8 GetFileType
0x4010bc GetStartupInfoA
0x4010c0 DeleteCriticalSection
0x4010c4 TlsGetValue
0x4010c8 TlsAlloc
0x4010cc TlsFree
0x4010d0 InterlockedIncrement
0x4010d4 SetLastError
0x4010d8 GetCurrentThreadId
0x4010dc InterlockedDecrement
0x4010e0 HeapCreate
0x4010e4 VirtualFree
0x4010e8 HeapFree
0x4010ec QueryPerformanceCounter
0x4010f0 GetCurrentProcessId
0x4010f4 GetSystemTimeAsFileTime
0x4010f8 RaiseException
0x4010fc LeaveCriticalSection
0x401100 EnterCriticalSection
0x401104 HeapReAlloc
0x401108 GetCPInfo
0x40110c GetACP
0x401110 GetOEMCP
0x401114 IsValidCodePage
0x401118 SetFilePointer
0x40111c ReadFile
0x401120 InitializeCriticalSectionAndSpinCount
0x401124 RtlUnwind
0x401128 GetModuleHandleA
0x40112c WideCharToMultiByte
0x401130 LCMapStringW
0x401134 GetStringTypeA
0x401138 GetStringTypeW
0x40113c GetLocaleInfoA
0x401140 SetStdHandle
0x401144 GetConsoleCP
0x401148 GetConsoleMode
0x40114c FlushFileBuffers
0x401150 HeapSize
0x401154 GetConsoleOutputCP
0x401158 WriteConsoleW
0x40115c CreateFileA
0x401160 CloseHandle
USER32.dll
0x401168 WindowFromDC
EAT(Export Address Table) is none