ScreenShot
| Created | 2023.04.11 09:43 | Machine | s1_win7_x6402 |
| Filename | asdsada.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | cbbdef6c4d82eb4ff01ed43f1e641907 | ||
| sha256 | 37a5d7960b09d3f0ec4c8d39203ce285a9ced3c70c3e3fbd5c6f3f21678bdec4 | ||
| ssdeep | 1536:qce5tx7pMyapco9fGaIZ0rViEddJo9YLndeB5SvE6LSvaNIsWWcdv+mh1FB3x3hC:qLx7my0cA1IZxMJo9YLnUBoLSCov+mhM | ||
| imphash | c53787f039f9c23a754046adc2fd2ddf | ||
| impfuzzy | 24:dj0DftMS17bJnc+pl39TyoBUSOovbO9Ziv2jMM:8tMS17lc+pp9yX3AW | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40d000 GetLastError
0x40d004 LoadLibraryA
0x40d008 GetProcAddress
0x40d00c WriteConsoleW
0x40d010 UnhandledExceptionFilter
0x40d014 SetUnhandledExceptionFilter
0x40d018 GetCurrentProcess
0x40d01c TerminateProcess
0x40d020 IsProcessorFeaturePresent
0x40d024 QueryPerformanceCounter
0x40d028 GetCurrentProcessId
0x40d02c GetCurrentThreadId
0x40d030 GetSystemTimeAsFileTime
0x40d034 InitializeSListHead
0x40d038 IsDebuggerPresent
0x40d03c GetStartupInfoW
0x40d040 GetModuleHandleW
0x40d044 RtlUnwind
0x40d048 SetLastError
0x40d04c EnterCriticalSection
0x40d050 LeaveCriticalSection
0x40d054 DeleteCriticalSection
0x40d058 InitializeCriticalSectionAndSpinCount
0x40d05c TlsAlloc
0x40d060 TlsGetValue
0x40d064 TlsSetValue
0x40d068 TlsFree
0x40d06c FreeLibrary
0x40d070 LoadLibraryExW
0x40d074 RaiseException
0x40d078 GetStdHandle
0x40d07c WriteFile
0x40d080 GetModuleFileNameW
0x40d084 ExitProcess
0x40d088 GetModuleHandleExW
0x40d08c HeapAlloc
0x40d090 HeapFree
0x40d094 FindClose
0x40d098 FindFirstFileExW
0x40d09c FindNextFileW
0x40d0a0 IsValidCodePage
0x40d0a4 GetACP
0x40d0a8 GetOEMCP
0x40d0ac GetCPInfo
0x40d0b0 GetCommandLineA
0x40d0b4 GetCommandLineW
0x40d0b8 MultiByteToWideChar
0x40d0bc WideCharToMultiByte
0x40d0c0 GetEnvironmentStringsW
0x40d0c4 FreeEnvironmentStringsW
0x40d0c8 SetStdHandle
0x40d0cc GetFileType
0x40d0d0 GetStringTypeW
0x40d0d4 LCMapStringW
0x40d0d8 GetProcessHeap
0x40d0dc HeapSize
0x40d0e0 HeapReAlloc
0x40d0e4 FlushFileBuffers
0x40d0e8 GetConsoleCP
0x40d0ec GetConsoleMode
0x40d0f0 SetFilePointerEx
0x40d0f4 CreateFileW
0x40d0f8 CloseHandle
0x40d0fc DecodePointer
EAT(Export Address Table) is none
KERNEL32.dll
0x40d000 GetLastError
0x40d004 LoadLibraryA
0x40d008 GetProcAddress
0x40d00c WriteConsoleW
0x40d010 UnhandledExceptionFilter
0x40d014 SetUnhandledExceptionFilter
0x40d018 GetCurrentProcess
0x40d01c TerminateProcess
0x40d020 IsProcessorFeaturePresent
0x40d024 QueryPerformanceCounter
0x40d028 GetCurrentProcessId
0x40d02c GetCurrentThreadId
0x40d030 GetSystemTimeAsFileTime
0x40d034 InitializeSListHead
0x40d038 IsDebuggerPresent
0x40d03c GetStartupInfoW
0x40d040 GetModuleHandleW
0x40d044 RtlUnwind
0x40d048 SetLastError
0x40d04c EnterCriticalSection
0x40d050 LeaveCriticalSection
0x40d054 DeleteCriticalSection
0x40d058 InitializeCriticalSectionAndSpinCount
0x40d05c TlsAlloc
0x40d060 TlsGetValue
0x40d064 TlsSetValue
0x40d068 TlsFree
0x40d06c FreeLibrary
0x40d070 LoadLibraryExW
0x40d074 RaiseException
0x40d078 GetStdHandle
0x40d07c WriteFile
0x40d080 GetModuleFileNameW
0x40d084 ExitProcess
0x40d088 GetModuleHandleExW
0x40d08c HeapAlloc
0x40d090 HeapFree
0x40d094 FindClose
0x40d098 FindFirstFileExW
0x40d09c FindNextFileW
0x40d0a0 IsValidCodePage
0x40d0a4 GetACP
0x40d0a8 GetOEMCP
0x40d0ac GetCPInfo
0x40d0b0 GetCommandLineA
0x40d0b4 GetCommandLineW
0x40d0b8 MultiByteToWideChar
0x40d0bc WideCharToMultiByte
0x40d0c0 GetEnvironmentStringsW
0x40d0c4 FreeEnvironmentStringsW
0x40d0c8 SetStdHandle
0x40d0cc GetFileType
0x40d0d0 GetStringTypeW
0x40d0d4 LCMapStringW
0x40d0d8 GetProcessHeap
0x40d0dc HeapSize
0x40d0e0 HeapReAlloc
0x40d0e4 FlushFileBuffers
0x40d0e8 GetConsoleCP
0x40d0ec GetConsoleMode
0x40d0f0 SetFilePointerEx
0x40d0f4 CreateFileW
0x40d0f8 CloseHandle
0x40d0fc DecodePointer
EAT(Export Address Table) is none