ScreenShot
| Created | 2023.03.06 09:35 | Machine | s1_win7_x6403 |
| Filename | esp.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 31 detected (AIDetectNet, malicious, moderate confidence, Lazy, Artemis, Vuur, grayware, confidence, Attribute, HighConfidence, score, TrojanX, Generic ML PUA, Static AI, Suspicious PE, SGeneric, BScope, Exxroute, ai score=88, R002H07C423, Generic@AI, RDML, mqFDNvdxmNEjadcLDPEFhQ, PossibleThreat) | ||
| md5 | af46c0772ef6c5378f13502c1ee065cc | ||
| sha256 | 71bea60f505b82bc588d789e8104bd13246dc328f78a7a0681f6846590d9c4c7 | ||
| ssdeep | 6144:EWA+TS+aGmKG9WDS/0Eh0wvRJ1FtGZn2OyR7va3iGzx:32Xt7MS/0zEHFtGiC3P1 | ||
| imphash | 01dce9628c8aca1bd1ecfed365b726b5 | ||
| impfuzzy | 96:8zu2Rx3Kt113tuY7mwz2iFEWWJdA+/sao/5CNk9fnjYyJ2i:buY7o0tfjYyJ2i | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 31 AntiVirus engines on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x439018 DeleteCriticalSection
0x43901c ReadProcessMemory
0x439020 CreateToolhelp32Snapshot
0x439024 Process32NextW
0x439028 Process32FirstW
0x43902c CloseHandle
0x439030 Module32FirstW
0x439034 WideCharToMultiByte
0x439038 Module32NextW
0x43903c MultiByteToWideChar
0x439040 GlobalAlloc
0x439044 GlobalFree
0x439048 GlobalLock
0x43904c GlobalUnlock
0x439050 QueryPerformanceFrequency
0x439054 GetProcAddress
0x439058 QueryPerformanceCounter
0x43905c OpenProcess
0x439060 VirtualQueryEx
0x439064 GetModuleHandleW
0x439068 IsDebuggerPresent
0x43906c OutputDebugStringW
0x439070 InitializeCriticalSectionAndSpinCount
0x439074 CreateEventW
0x439078 UnhandledExceptionFilter
0x43907c SetUnhandledExceptionFilter
0x439080 GetCurrentProcess
0x439084 TerminateProcess
0x439088 IsProcessorFeaturePresent
0x43908c GetStartupInfoW
0x439090 GetCurrentProcessId
0x439094 GetCurrentThreadId
0x439098 GetSystemTimeAsFileTime
0x43909c InitializeSListHead
0x4390a0 GetLastError
0x4390a4 InitializeCriticalSectionEx
USER32.dll
0x4390f8 GetWindowLongW
0x4390fc DefWindowProcW
0x439100 GetWindowRect
0x439104 DestroyWindow
0x439108 SetWindowPos
0x43910c RegisterClassExW
0x439110 ShowWindow
0x439114 DispatchMessageW
0x439118 PeekMessageW
0x43911c CreateWindowExA
0x439120 SetLayeredWindowAttributes
0x439124 TranslateMessage
0x439128 SetWindowLongW
0x43912c PostQuitMessage
0x439130 GetCursorPos
0x439134 UnregisterClassW
0x439138 SetClipboardData
0x43913c GetClipboardData
0x439140 EmptyClipboard
0x439144 FindWindowA
0x439148 UpdateWindow
0x43914c MessageBoxW
0x439150 GetAsyncKeyState
0x439154 mouse_event
0x439158 GetKeyState
0x43915c CloseClipboard
0x439160 OpenClipboard
0x439164 ClientToScreen
0x439168 GetCapture
0x43916c ScreenToClient
0x439170 LoadCursorW
0x439174 SetCapture
0x439178 SetCursor
0x43917c GetClientRect
0x439180 ReleaseCapture
0x439184 SetCursorPos
MSVCP140.dll
0x4390ac ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
0x4390b0 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
0x4390b4 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
0x4390b8 ?_Xlength_error@std@@YAXPBD@Z
0x4390bc ?_Throw_Cpp_error@std@@YAXH@Z
0x4390c0 ?setiosflags@std@@YA?AU?$_Smanip@H@1@H@Z
0x4390c4 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x4390c8 ?uncaught_exception@std@@YA_NXZ
0x4390cc _Cnd_do_broadcast_at_thread_exit
0x4390d0 _Thrd_id
0x4390d4 _Thrd_join
0x4390d8 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
0x4390dc ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
0x4390e0 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
0x4390e4 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
0x4390e8 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
0x4390ec ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
0x4390f0 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
d3d11.dll
0x4392bc D3D11CreateDeviceAndSwapChain
dwmapi.dll
0x4392c4 DwmExtendFrameIntoClientArea
IMM32.dll
0x439008 ImmGetContext
0x43900c ImmReleaseContext
0x439010 ImmSetCompositionWindow
D3DCOMPILER_47.dll
0x439000 D3DCompile
XINPUT1_4.dll
0x4391c4 None
0x4391c8 None
VCRUNTIME140.dll
0x43918c _CxxThrowException
0x439190 _except_handler4_common
0x439194 __current_exception_context
0x439198 __current_exception
0x43919c memset
0x4391a0 memmove
0x4391a4 strstr
0x4391a8 memcpy
0x4391ac memchr
0x4391b0 __std_exception_copy
0x4391b4 __std_exception_destroy
0x4391b8 __std_terminate
0x4391bc __CxxFrameHandler3
api-ms-win-crt-heap-l1-1-0.dll
0x4391d0 _callnewh
0x4391d4 malloc
0x4391d8 _set_new_mode
0x4391dc free
api-ms-win-crt-runtime-l1-1-0.dll
0x43921c _initterm_e
0x439220 exit
0x439224 _exit
0x439228 _invalid_parameter_noinfo_noreturn
0x43922c _c_exit
0x439230 _register_thread_local_exe_atexit_callback
0x439234 _get_wide_winmain_command_line
0x439238 _initialize_wide_environment
0x43923c _beginthreadex
0x439240 _controlfp_s
0x439244 _configure_wide_argv
0x439248 terminate
0x43924c _set_app_type
0x439250 _initterm
0x439254 _seh_filter_exe
0x439258 _cexit
0x43925c _crt_atexit
0x439260 _register_onexit_function
0x439264 _initialize_onexit_table
api-ms-win-crt-stdio-l1-1-0.dll
0x43926c __acrt_iob_func
0x439270 ftell
0x439274 fclose
0x439278 _set_fmode
0x43927c __stdio_common_vsprintf
0x439280 __p__commode
0x439284 fflush
0x439288 __stdio_common_vsscanf
0x43928c fread
0x439290 fwrite
0x439294 _wfopen
0x439298 fseek
api-ms-win-crt-string-l1-1-0.dll
0x4392a0 strcpy_s
0x4392a4 strncpy
api-ms-win-crt-utility-l1-1-0.dll
0x4392b4 qsort
api-ms-win-crt-time-l1-1-0.dll
0x4392ac clock
api-ms-win-crt-math-l1-1-0.dll
0x4391ec _libm_sse2_sqrt_precise
0x4391f0 _libm_sse2_pow_precise
0x4391f4 floor
0x4391f8 _libm_sse2_acos_precise
0x4391fc _libm_sse2_cos_precise
0x439200 _libm_sse2_log_precise
0x439204 _CIfmod
0x439208 __setusermatherr
0x43920c ceil
0x439210 _CIatan2
0x439214 _libm_sse2_sin_precise
api-ms-win-crt-locale-l1-1-0.dll
0x4391e4 _configthreadlocale
EAT(Export Address Table) is none
KERNEL32.dll
0x439018 DeleteCriticalSection
0x43901c ReadProcessMemory
0x439020 CreateToolhelp32Snapshot
0x439024 Process32NextW
0x439028 Process32FirstW
0x43902c CloseHandle
0x439030 Module32FirstW
0x439034 WideCharToMultiByte
0x439038 Module32NextW
0x43903c MultiByteToWideChar
0x439040 GlobalAlloc
0x439044 GlobalFree
0x439048 GlobalLock
0x43904c GlobalUnlock
0x439050 QueryPerformanceFrequency
0x439054 GetProcAddress
0x439058 QueryPerformanceCounter
0x43905c OpenProcess
0x439060 VirtualQueryEx
0x439064 GetModuleHandleW
0x439068 IsDebuggerPresent
0x43906c OutputDebugStringW
0x439070 InitializeCriticalSectionAndSpinCount
0x439074 CreateEventW
0x439078 UnhandledExceptionFilter
0x43907c SetUnhandledExceptionFilter
0x439080 GetCurrentProcess
0x439084 TerminateProcess
0x439088 IsProcessorFeaturePresent
0x43908c GetStartupInfoW
0x439090 GetCurrentProcessId
0x439094 GetCurrentThreadId
0x439098 GetSystemTimeAsFileTime
0x43909c InitializeSListHead
0x4390a0 GetLastError
0x4390a4 InitializeCriticalSectionEx
USER32.dll
0x4390f8 GetWindowLongW
0x4390fc DefWindowProcW
0x439100 GetWindowRect
0x439104 DestroyWindow
0x439108 SetWindowPos
0x43910c RegisterClassExW
0x439110 ShowWindow
0x439114 DispatchMessageW
0x439118 PeekMessageW
0x43911c CreateWindowExA
0x439120 SetLayeredWindowAttributes
0x439124 TranslateMessage
0x439128 SetWindowLongW
0x43912c PostQuitMessage
0x439130 GetCursorPos
0x439134 UnregisterClassW
0x439138 SetClipboardData
0x43913c GetClipboardData
0x439140 EmptyClipboard
0x439144 FindWindowA
0x439148 UpdateWindow
0x43914c MessageBoxW
0x439150 GetAsyncKeyState
0x439154 mouse_event
0x439158 GetKeyState
0x43915c CloseClipboard
0x439160 OpenClipboard
0x439164 ClientToScreen
0x439168 GetCapture
0x43916c ScreenToClient
0x439170 LoadCursorW
0x439174 SetCapture
0x439178 SetCursor
0x43917c GetClientRect
0x439180 ReleaseCapture
0x439184 SetCursorPos
MSVCP140.dll
0x4390ac ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
0x4390b0 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
0x4390b4 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
0x4390b8 ?_Xlength_error@std@@YAXPBD@Z
0x4390bc ?_Throw_Cpp_error@std@@YAXH@Z
0x4390c0 ?setiosflags@std@@YA?AU?$_Smanip@H@1@H@Z
0x4390c4 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x4390c8 ?uncaught_exception@std@@YA_NXZ
0x4390cc _Cnd_do_broadcast_at_thread_exit
0x4390d0 _Thrd_id
0x4390d4 _Thrd_join
0x4390d8 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
0x4390dc ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
0x4390e0 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
0x4390e4 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
0x4390e8 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
0x4390ec ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
0x4390f0 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
d3d11.dll
0x4392bc D3D11CreateDeviceAndSwapChain
dwmapi.dll
0x4392c4 DwmExtendFrameIntoClientArea
IMM32.dll
0x439008 ImmGetContext
0x43900c ImmReleaseContext
0x439010 ImmSetCompositionWindow
D3DCOMPILER_47.dll
0x439000 D3DCompile
XINPUT1_4.dll
0x4391c4 None
0x4391c8 None
VCRUNTIME140.dll
0x43918c _CxxThrowException
0x439190 _except_handler4_common
0x439194 __current_exception_context
0x439198 __current_exception
0x43919c memset
0x4391a0 memmove
0x4391a4 strstr
0x4391a8 memcpy
0x4391ac memchr
0x4391b0 __std_exception_copy
0x4391b4 __std_exception_destroy
0x4391b8 __std_terminate
0x4391bc __CxxFrameHandler3
api-ms-win-crt-heap-l1-1-0.dll
0x4391d0 _callnewh
0x4391d4 malloc
0x4391d8 _set_new_mode
0x4391dc free
api-ms-win-crt-runtime-l1-1-0.dll
0x43921c _initterm_e
0x439220 exit
0x439224 _exit
0x439228 _invalid_parameter_noinfo_noreturn
0x43922c _c_exit
0x439230 _register_thread_local_exe_atexit_callback
0x439234 _get_wide_winmain_command_line
0x439238 _initialize_wide_environment
0x43923c _beginthreadex
0x439240 _controlfp_s
0x439244 _configure_wide_argv
0x439248 terminate
0x43924c _set_app_type
0x439250 _initterm
0x439254 _seh_filter_exe
0x439258 _cexit
0x43925c _crt_atexit
0x439260 _register_onexit_function
0x439264 _initialize_onexit_table
api-ms-win-crt-stdio-l1-1-0.dll
0x43926c __acrt_iob_func
0x439270 ftell
0x439274 fclose
0x439278 _set_fmode
0x43927c __stdio_common_vsprintf
0x439280 __p__commode
0x439284 fflush
0x439288 __stdio_common_vsscanf
0x43928c fread
0x439290 fwrite
0x439294 _wfopen
0x439298 fseek
api-ms-win-crt-string-l1-1-0.dll
0x4392a0 strcpy_s
0x4392a4 strncpy
api-ms-win-crt-utility-l1-1-0.dll
0x4392b4 qsort
api-ms-win-crt-time-l1-1-0.dll
0x4392ac clock
api-ms-win-crt-math-l1-1-0.dll
0x4391ec _libm_sse2_sqrt_precise
0x4391f0 _libm_sse2_pow_precise
0x4391f4 floor
0x4391f8 _libm_sse2_acos_precise
0x4391fc _libm_sse2_cos_precise
0x439200 _libm_sse2_log_precise
0x439204 _CIfmod
0x439208 __setusermatherr
0x43920c ceil
0x439210 _CIatan2
0x439214 _libm_sse2_sin_precise
api-ms-win-crt-locale-l1-1-0.dll
0x4391e4 _configthreadlocale
EAT(Export Address Table) is none