ScreenShot
| Created | 2023.02.18 19:56 | Machine | s1_win7_x6401 |
| Filename | 4f9b33bcf1b1be488fa71c43223c2bcc1ab7b67c7276604e8078fac994495693_2668-2609adb6c0fe997b.exe_ | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | e150069a927d4d93c451de82721a0b4c | ||
| sha256 | 4f9b33bcf1b1be488fa71c43223c2bcc1ab7b67c7276604e8078fac994495693 | ||
| ssdeep | 1536:7TXIPfSbS9vMBN7rQOJ7CFToTCzhcRguhwxTyPCb3lZpdym4dy7p:fYXlvq7jSP1cR2prbpdCY9 | ||
| imphash | f684d92b9f422a300c7887269a8d42f3 | ||
| impfuzzy | 12:zSdqzTZBzhctPXJYKTdYwd9tXJyFUy5QGu4GXGXKRBy5guJ:L1BzeVRdzUFh5T0XG/PJ | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0xc51000 HeapSetInformation
0xc51004 GetCurrentProcess
0xc51008 TerminateProcess
0xc5100c GetSystemTimeAsFileTime
0xc51010 GetCurrentProcessId
0xc51014 GetCurrentThreadId
0xc51018 GetTickCount
0xc5101c QueryPerformanceCounter
0xc51020 GetModuleHandleA
0xc51024 SetUnhandledExceptionFilter
0xc51028 GetStartupInfoW
0xc5102c InterlockedCompareExchange
0xc51030 Sleep
0xc51034 InterlockedExchange
0xc51038 UnhandledExceptionFilter
msvcrt.dll
0xc51048 _except_handler4_common
0xc5104c _controlfp
0xc51050 ?terminate@@YAXXZ
0xc51054 __set_app_type
0xc51058 __p__fmode
0xc5105c __p__commode
0xc51060 __setusermatherr
0xc51064 _amsg_exit
0xc51068 _initterm
0xc5106c _wcmdln
0xc51070 exit
0xc51074 _XcptFilter
0xc51078 _exit
0xc5107c _cexit
0xc51080 __wgetmainargs
colorui.dll
0xc51040 LaunchColorCpl
EAT(Export Address Table) is none
KERNEL32.dll
0xc51000 HeapSetInformation
0xc51004 GetCurrentProcess
0xc51008 TerminateProcess
0xc5100c GetSystemTimeAsFileTime
0xc51010 GetCurrentProcessId
0xc51014 GetCurrentThreadId
0xc51018 GetTickCount
0xc5101c QueryPerformanceCounter
0xc51020 GetModuleHandleA
0xc51024 SetUnhandledExceptionFilter
0xc51028 GetStartupInfoW
0xc5102c InterlockedCompareExchange
0xc51030 Sleep
0xc51034 InterlockedExchange
0xc51038 UnhandledExceptionFilter
msvcrt.dll
0xc51048 _except_handler4_common
0xc5104c _controlfp
0xc51050 ?terminate@@YAXXZ
0xc51054 __set_app_type
0xc51058 __p__fmode
0xc5105c __p__commode
0xc51060 __setusermatherr
0xc51064 _amsg_exit
0xc51068 _initterm
0xc5106c _wcmdln
0xc51070 exit
0xc51074 _XcptFilter
0xc51078 _exit
0xc5107c _cexit
0xc51080 __wgetmainargs
colorui.dll
0xc51040 LaunchColorCpl
EAT(Export Address Table) is none