ScreenShot
| Created | 2022.12.23 09:33 | Machine | s1_win7_x6401 |
| Filename | 2.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 19a196e6f3b44ea54ac799f9d3b8bf4c | ||
| sha256 | 01320b475214dbdfa7782958986b96dfadedbf5d27c708ab3616d3cdf1be9b34 | ||
| ssdeep | 6144:sg7O623NOV0G4qfK09ZbuouBi2HaAOL9Y2QqYCpZij33q:st629G0LqfK09jx97ijHq | ||
| imphash | 3edc9bbfbe12147b9c4d8c01ad9965ee | ||
| impfuzzy | 24:Rr9tDTcpVWZYtMS1xGhlJBl3loEOovbO3gv9FZ6GMAkEZHu9n:RncpVeYtMS1xGnplc3y9FZW | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Command line console output was observed |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
SHELL32.dll
0x428134 SHGetFolderPathAndSubDirW
KERNEL32.dll
0x428000 LoadLibraryExW
0x428004 CreateFileW
0x428008 FreeConsole
0x42800c GetProcAddress
0x428010 GetModuleHandleW
0x428014 MultiByteToWideChar
0x428018 GetStringTypeW
0x42801c WideCharToMultiByte
0x428020 EnterCriticalSection
0x428024 LeaveCriticalSection
0x428028 InitializeCriticalSectionEx
0x42802c DeleteCriticalSection
0x428030 EncodePointer
0x428034 DecodePointer
0x428038 LCMapStringEx
0x42803c GetCPInfo
0x428040 UnhandledExceptionFilter
0x428044 SetUnhandledExceptionFilter
0x428048 GetCurrentProcess
0x42804c TerminateProcess
0x428050 IsProcessorFeaturePresent
0x428054 QueryPerformanceCounter
0x428058 GetCurrentProcessId
0x42805c GetCurrentThreadId
0x428060 GetSystemTimeAsFileTime
0x428064 InitializeSListHead
0x428068 IsDebuggerPresent
0x42806c GetStartupInfoW
0x428070 HeapSize
0x428074 RaiseException
0x428078 RtlUnwind
0x42807c GetLastError
0x428080 SetLastError
0x428084 InitializeCriticalSectionAndSpinCount
0x428088 TlsAlloc
0x42808c TlsGetValue
0x428090 TlsSetValue
0x428094 TlsFree
0x428098 FreeLibrary
0x42809c WriteConsoleW
0x4280a0 GetStdHandle
0x4280a4 WriteFile
0x4280a8 GetModuleFileNameW
0x4280ac ExitProcess
0x4280b0 GetModuleHandleExW
0x4280b4 GetCommandLineA
0x4280b8 GetCommandLineW
0x4280bc HeapAlloc
0x4280c0 HeapFree
0x4280c4 GetFileType
0x4280c8 CompareStringW
0x4280cc LCMapStringW
0x4280d0 GetLocaleInfoW
0x4280d4 IsValidLocale
0x4280d8 GetUserDefaultLCID
0x4280dc EnumSystemLocalesW
0x4280e0 CloseHandle
0x4280e4 FlushFileBuffers
0x4280e8 GetConsoleOutputCP
0x4280ec GetConsoleMode
0x4280f0 ReadFile
0x4280f4 GetFileSizeEx
0x4280f8 SetFilePointerEx
0x4280fc ReadConsoleW
0x428100 HeapReAlloc
0x428104 FindClose
0x428108 FindFirstFileExW
0x42810c FindNextFileW
0x428110 IsValidCodePage
0x428114 GetACP
0x428118 GetOEMCP
0x42811c GetEnvironmentStringsW
0x428120 FreeEnvironmentStringsW
0x428124 SetEnvironmentVariableW
0x428128 SetStdHandle
0x42812c GetProcessHeap
EAT(Export Address Table) is none
SHELL32.dll
0x428134 SHGetFolderPathAndSubDirW
KERNEL32.dll
0x428000 LoadLibraryExW
0x428004 CreateFileW
0x428008 FreeConsole
0x42800c GetProcAddress
0x428010 GetModuleHandleW
0x428014 MultiByteToWideChar
0x428018 GetStringTypeW
0x42801c WideCharToMultiByte
0x428020 EnterCriticalSection
0x428024 LeaveCriticalSection
0x428028 InitializeCriticalSectionEx
0x42802c DeleteCriticalSection
0x428030 EncodePointer
0x428034 DecodePointer
0x428038 LCMapStringEx
0x42803c GetCPInfo
0x428040 UnhandledExceptionFilter
0x428044 SetUnhandledExceptionFilter
0x428048 GetCurrentProcess
0x42804c TerminateProcess
0x428050 IsProcessorFeaturePresent
0x428054 QueryPerformanceCounter
0x428058 GetCurrentProcessId
0x42805c GetCurrentThreadId
0x428060 GetSystemTimeAsFileTime
0x428064 InitializeSListHead
0x428068 IsDebuggerPresent
0x42806c GetStartupInfoW
0x428070 HeapSize
0x428074 RaiseException
0x428078 RtlUnwind
0x42807c GetLastError
0x428080 SetLastError
0x428084 InitializeCriticalSectionAndSpinCount
0x428088 TlsAlloc
0x42808c TlsGetValue
0x428090 TlsSetValue
0x428094 TlsFree
0x428098 FreeLibrary
0x42809c WriteConsoleW
0x4280a0 GetStdHandle
0x4280a4 WriteFile
0x4280a8 GetModuleFileNameW
0x4280ac ExitProcess
0x4280b0 GetModuleHandleExW
0x4280b4 GetCommandLineA
0x4280b8 GetCommandLineW
0x4280bc HeapAlloc
0x4280c0 HeapFree
0x4280c4 GetFileType
0x4280c8 CompareStringW
0x4280cc LCMapStringW
0x4280d0 GetLocaleInfoW
0x4280d4 IsValidLocale
0x4280d8 GetUserDefaultLCID
0x4280dc EnumSystemLocalesW
0x4280e0 CloseHandle
0x4280e4 FlushFileBuffers
0x4280e8 GetConsoleOutputCP
0x4280ec GetConsoleMode
0x4280f0 ReadFile
0x4280f4 GetFileSizeEx
0x4280f8 SetFilePointerEx
0x4280fc ReadConsoleW
0x428100 HeapReAlloc
0x428104 FindClose
0x428108 FindFirstFileExW
0x42810c FindNextFileW
0x428110 IsValidCodePage
0x428114 GetACP
0x428118 GetOEMCP
0x42811c GetEnvironmentStringsW
0x428120 FreeEnvironmentStringsW
0x428124 SetEnvironmentVariableW
0x428128 SetStdHandle
0x42812c GetProcessHeap
EAT(Export Address Table) is none