ScreenShot
| Created | 2023.01.22 15:45 | Machine | s1_win7_x6401 |
| Filename | NoNameProc.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 5 detected (Malicious, score) | ||
| md5 | 4ea2c030393e9e918bae4c1989c1e05f | ||
| sha256 | 671e6d007aed4164ac23fbd2cfa309a0664a989f995b6c906bca9631cfd3767a | ||
| ssdeep | 98304:5OoORURe3FhiW1J3qo1FOKSBbiWz1umNk7P82hBzw:5O3RUY3WWP7jO1BtYmNk7v | ||
| imphash | 263bb5fe55aec9bc3d280e206574ef4b | ||
| impfuzzy | 48:xLHcpVwHtMS17BgPpXQmZ7OH9/KA/XSv09sjKFzGSY+nB6UyCES5Fmn:9cpVwHtMS17BgPpXh7+dN7/mn | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| watch | Creates or sets a registry key to a long series of bytes |
| watch | Stores an executable in the registry |
| notice | Creates executable files on the filesystem |
| notice | File has been identified by 5 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Command line console output was observed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (10cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140145028 WriteConsoleW
0x140145030 HeapSize
0x140145038 CreateFileW
0x140145040 GetProcessHeap
0x140145048 SetStdHandle
0x140145050 FreeEnvironmentStringsW
0x140145058 GetEnvironmentStringsW
0x140145060 GetCommandLineW
0x140145068 SetEndOfFile
0x140145070 GetOEMCP
0x140145078 GetACP
0x140145080 IsValidCodePage
0x140145088 FindNextFileW
0x140145090 FindFirstFileExW
0x140145098 FindClose
0x1401450a0 HeapReAlloc
0x1401450a8 WinExec
0x1401450b0 CloseHandle
0x1401450b8 GetLastError
0x1401450c0 GetCommandLineA
0x1401450c8 Sleep
0x1401450d0 EnterCriticalSection
0x1401450d8 LeaveCriticalSection
0x1401450e0 InitializeCriticalSectionEx
0x1401450e8 DeleteCriticalSection
0x1401450f0 EncodePointer
0x1401450f8 DecodePointer
0x140145100 MultiByteToWideChar
0x140145108 WideCharToMultiByte
0x140145110 LCMapStringEx
0x140145118 GetStringTypeW
0x140145120 GetCPInfo
0x140145128 RtlCaptureContext
0x140145130 RtlLookupFunctionEntry
0x140145138 RtlVirtualUnwind
0x140145140 UnhandledExceptionFilter
0x140145148 SetUnhandledExceptionFilter
0x140145150 GetCurrentProcess
0x140145158 TerminateProcess
0x140145160 IsProcessorFeaturePresent
0x140145168 QueryPerformanceCounter
0x140145170 GetCurrentProcessId
0x140145178 GetCurrentThreadId
0x140145180 GetSystemTimeAsFileTime
0x140145188 InitializeSListHead
0x140145190 IsDebuggerPresent
0x140145198 GetStartupInfoW
0x1401451a0 GetModuleHandleW
0x1401451a8 RtlUnwindEx
0x1401451b0 RtlPcToFileHeader
0x1401451b8 RaiseException
0x1401451c0 SetLastError
0x1401451c8 InitializeCriticalSectionAndSpinCount
0x1401451d0 TlsAlloc
0x1401451d8 TlsGetValue
0x1401451e0 TlsSetValue
0x1401451e8 TlsFree
0x1401451f0 FreeLibrary
0x1401451f8 GetProcAddress
0x140145200 LoadLibraryExW
0x140145208 GetStdHandle
0x140145210 WriteFile
0x140145218 GetModuleFileNameW
0x140145220 ExitProcess
0x140145228 GetModuleHandleExW
0x140145230 GetFileSizeEx
0x140145238 SetFilePointerEx
0x140145240 GetFileType
0x140145248 FlushFileBuffers
0x140145250 GetConsoleOutputCP
0x140145258 GetConsoleMode
0x140145260 HeapFree
0x140145268 HeapAlloc
0x140145270 FlsAlloc
0x140145278 FlsGetValue
0x140145280 FlsSetValue
0x140145288 FlsFree
0x140145290 LCMapStringW
0x140145298 GetLocaleInfoW
0x1401452a0 IsValidLocale
0x1401452a8 GetUserDefaultLCID
0x1401452b0 EnumSystemLocalesW
0x1401452b8 DeleteFileW
0x1401452c0 ReadFile
0x1401452c8 ReadConsoleW
0x1401452d0 RtlUnwind
USER32.dll
0x1401452e0 DefWindowProcW
0x1401452e8 DestroyWindow
0x1401452f0 CreateWindowExW
0x1401452f8 EndDialog
0x140145300 RegisterClassExW
0x140145308 LoadAcceleratorsW
0x140145310 LoadStringW
0x140145318 ShowWindow
0x140145320 GetMessageW
0x140145328 TranslateAcceleratorW
0x140145330 TranslateMessage
0x140145338 LoadIconW
0x140145340 LoadCursorW
0x140145348 PostQuitMessage
0x140145350 DialogBoxParamW
0x140145358 UpdateWindow
0x140145360 BeginPaint
0x140145368 EndPaint
0x140145370 DispatchMessageW
ADVAPI32.dll
0x140145000 RegCloseKey
0x140145008 RegSetValueExA
0x140145010 RegOpenKeyExA
0x140145018 RegCreateKeyA
EAT(Export Address Table) is none
KERNEL32.dll
0x140145028 WriteConsoleW
0x140145030 HeapSize
0x140145038 CreateFileW
0x140145040 GetProcessHeap
0x140145048 SetStdHandle
0x140145050 FreeEnvironmentStringsW
0x140145058 GetEnvironmentStringsW
0x140145060 GetCommandLineW
0x140145068 SetEndOfFile
0x140145070 GetOEMCP
0x140145078 GetACP
0x140145080 IsValidCodePage
0x140145088 FindNextFileW
0x140145090 FindFirstFileExW
0x140145098 FindClose
0x1401450a0 HeapReAlloc
0x1401450a8 WinExec
0x1401450b0 CloseHandle
0x1401450b8 GetLastError
0x1401450c0 GetCommandLineA
0x1401450c8 Sleep
0x1401450d0 EnterCriticalSection
0x1401450d8 LeaveCriticalSection
0x1401450e0 InitializeCriticalSectionEx
0x1401450e8 DeleteCriticalSection
0x1401450f0 EncodePointer
0x1401450f8 DecodePointer
0x140145100 MultiByteToWideChar
0x140145108 WideCharToMultiByte
0x140145110 LCMapStringEx
0x140145118 GetStringTypeW
0x140145120 GetCPInfo
0x140145128 RtlCaptureContext
0x140145130 RtlLookupFunctionEntry
0x140145138 RtlVirtualUnwind
0x140145140 UnhandledExceptionFilter
0x140145148 SetUnhandledExceptionFilter
0x140145150 GetCurrentProcess
0x140145158 TerminateProcess
0x140145160 IsProcessorFeaturePresent
0x140145168 QueryPerformanceCounter
0x140145170 GetCurrentProcessId
0x140145178 GetCurrentThreadId
0x140145180 GetSystemTimeAsFileTime
0x140145188 InitializeSListHead
0x140145190 IsDebuggerPresent
0x140145198 GetStartupInfoW
0x1401451a0 GetModuleHandleW
0x1401451a8 RtlUnwindEx
0x1401451b0 RtlPcToFileHeader
0x1401451b8 RaiseException
0x1401451c0 SetLastError
0x1401451c8 InitializeCriticalSectionAndSpinCount
0x1401451d0 TlsAlloc
0x1401451d8 TlsGetValue
0x1401451e0 TlsSetValue
0x1401451e8 TlsFree
0x1401451f0 FreeLibrary
0x1401451f8 GetProcAddress
0x140145200 LoadLibraryExW
0x140145208 GetStdHandle
0x140145210 WriteFile
0x140145218 GetModuleFileNameW
0x140145220 ExitProcess
0x140145228 GetModuleHandleExW
0x140145230 GetFileSizeEx
0x140145238 SetFilePointerEx
0x140145240 GetFileType
0x140145248 FlushFileBuffers
0x140145250 GetConsoleOutputCP
0x140145258 GetConsoleMode
0x140145260 HeapFree
0x140145268 HeapAlloc
0x140145270 FlsAlloc
0x140145278 FlsGetValue
0x140145280 FlsSetValue
0x140145288 FlsFree
0x140145290 LCMapStringW
0x140145298 GetLocaleInfoW
0x1401452a0 IsValidLocale
0x1401452a8 GetUserDefaultLCID
0x1401452b0 EnumSystemLocalesW
0x1401452b8 DeleteFileW
0x1401452c0 ReadFile
0x1401452c8 ReadConsoleW
0x1401452d0 RtlUnwind
USER32.dll
0x1401452e0 DefWindowProcW
0x1401452e8 DestroyWindow
0x1401452f0 CreateWindowExW
0x1401452f8 EndDialog
0x140145300 RegisterClassExW
0x140145308 LoadAcceleratorsW
0x140145310 LoadStringW
0x140145318 ShowWindow
0x140145320 GetMessageW
0x140145328 TranslateAcceleratorW
0x140145330 TranslateMessage
0x140145338 LoadIconW
0x140145340 LoadCursorW
0x140145348 PostQuitMessage
0x140145350 DialogBoxParamW
0x140145358 UpdateWindow
0x140145360 BeginPaint
0x140145368 EndPaint
0x140145370 DispatchMessageW
ADVAPI32.dll
0x140145000 RegCloseKey
0x140145008 RegSetValueExA
0x140145010 RegOpenKeyExA
0x140145018 RegCreateKeyA
EAT(Export Address Table) is none