ScreenShot
| Created | 2023.04.11 10:55 | Machine | s1_win7_x6401 |
| Filename | iusb3mon.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 35 detected (Loader, Starter, Malicious, score, Artemis, unsafe, ABRisk, DSOO, Runner, CLOUD, AZ8D38, Tnega, Detected, Chgt, R002H0DAB23, Jkjl, susgen) | ||
| md5 | a05454a2ca6a6aa30e912a9ce1651151 | ||
| sha256 | 992e7f4ee378577bcb5f8848b945b3fa32c897505dce38416e11f153a7a4c045 | ||
| ssdeep | 12288:MDSewsWfpusDrxcoxp96ZEBFC4GaNsHn6ngD:oSJl5coEZyC41M6C | ||
| imphash | 554d3e74bc7d405afbf11e9f3c790437 | ||
| impfuzzy | 24:HlJYNTDUSYHuOCRxRcpVP5cflLjVeteOz5eMmoQMrvcGZYpOovLAwd:bS4exRcpVPyfateOz58KVZjQAW | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 35 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| info | Checks amount of memory in system |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x44f000 VirtualProtect
0x44f004 HeapFree
0x44f008 SetLastError
0x44f00c VirtualFree
0x44f010 VirtualAlloc
0x44f014 LoadLibraryA
0x44f018 GetNativeSystemInfo
0x44f01c HeapAlloc
0x44f020 GetProcAddress
0x44f024 GetProcessHeap
0x44f028 FreeLibrary
0x44f02c IsBadReadPtr
0x44f030 SetEndOfFile
0x44f034 CreateFileW
0x44f038 SetStdHandle
0x44f03c FreeEnvironmentStringsW
0x44f040 GetEnvironmentStringsW
0x44f044 GetCommandLineW
0x44f048 GetLastError
0x44f04c QueryPerformanceCounter
0x44f050 QueryPerformanceFrequency
0x44f054 EnterCriticalSection
0x44f058 LeaveCriticalSection
0x44f05c InitializeCriticalSectionEx
0x44f060 DeleteCriticalSection
0x44f064 GetCurrentThreadId
0x44f068 WideCharToMultiByte
0x44f06c EncodePointer
0x44f070 DecodePointer
0x44f074 MultiByteToWideChar
0x44f078 LCMapStringEx
0x44f07c GetSystemTimeAsFileTime
0x44f080 GetModuleHandleW
0x44f084 GetStringTypeW
0x44f088 GetCPInfo
0x44f08c InitializeSListHead
0x44f090 CloseHandle
0x44f094 InitializeCriticalSectionAndSpinCount
0x44f098 SetEvent
0x44f09c ResetEvent
0x44f0a0 WaitForSingleObjectEx
0x44f0a4 CreateEventW
0x44f0a8 IsProcessorFeaturePresent
0x44f0ac UnhandledExceptionFilter
0x44f0b0 SetUnhandledExceptionFilter
0x44f0b4 GetCurrentProcess
0x44f0b8 TerminateProcess
0x44f0bc GetCurrentProcessId
0x44f0c0 IsDebuggerPresent
0x44f0c4 GetStartupInfoW
0x44f0c8 RtlUnwind
0x44f0cc InterlockedPushEntrySList
0x44f0d0 RaiseException
0x44f0d4 TlsAlloc
0x44f0d8 TlsGetValue
0x44f0dc TlsSetValue
0x44f0e0 TlsFree
0x44f0e4 LoadLibraryExW
0x44f0e8 ReadFile
0x44f0ec GetStdHandle
0x44f0f0 WriteFile
0x44f0f4 GetModuleFileNameW
0x44f0f8 ExitProcess
0x44f0fc GetModuleHandleExW
0x44f100 SetFilePointerEx
0x44f104 GetConsoleMode
0x44f108 ReadConsoleW
0x44f10c GetFileType
0x44f110 GetConsoleOutputCP
0x44f114 GetFileSizeEx
0x44f118 HeapReAlloc
0x44f11c LCMapStringW
0x44f120 GetLocaleInfoW
0x44f124 IsValidLocale
0x44f128 GetUserDefaultLCID
0x44f12c EnumSystemLocalesW
0x44f130 FlushFileBuffers
0x44f134 HeapSize
0x44f138 FindClose
0x44f13c FindFirstFileExW
0x44f140 FindNextFileW
0x44f144 IsValidCodePage
0x44f148 GetACP
0x44f14c GetOEMCP
0x44f150 GetCommandLineA
0x44f154 WriteConsoleW
USER32.dll
0x44f15c MessageBoxW
EAT(Export Address Table) is none
KERNEL32.dll
0x44f000 VirtualProtect
0x44f004 HeapFree
0x44f008 SetLastError
0x44f00c VirtualFree
0x44f010 VirtualAlloc
0x44f014 LoadLibraryA
0x44f018 GetNativeSystemInfo
0x44f01c HeapAlloc
0x44f020 GetProcAddress
0x44f024 GetProcessHeap
0x44f028 FreeLibrary
0x44f02c IsBadReadPtr
0x44f030 SetEndOfFile
0x44f034 CreateFileW
0x44f038 SetStdHandle
0x44f03c FreeEnvironmentStringsW
0x44f040 GetEnvironmentStringsW
0x44f044 GetCommandLineW
0x44f048 GetLastError
0x44f04c QueryPerformanceCounter
0x44f050 QueryPerformanceFrequency
0x44f054 EnterCriticalSection
0x44f058 LeaveCriticalSection
0x44f05c InitializeCriticalSectionEx
0x44f060 DeleteCriticalSection
0x44f064 GetCurrentThreadId
0x44f068 WideCharToMultiByte
0x44f06c EncodePointer
0x44f070 DecodePointer
0x44f074 MultiByteToWideChar
0x44f078 LCMapStringEx
0x44f07c GetSystemTimeAsFileTime
0x44f080 GetModuleHandleW
0x44f084 GetStringTypeW
0x44f088 GetCPInfo
0x44f08c InitializeSListHead
0x44f090 CloseHandle
0x44f094 InitializeCriticalSectionAndSpinCount
0x44f098 SetEvent
0x44f09c ResetEvent
0x44f0a0 WaitForSingleObjectEx
0x44f0a4 CreateEventW
0x44f0a8 IsProcessorFeaturePresent
0x44f0ac UnhandledExceptionFilter
0x44f0b0 SetUnhandledExceptionFilter
0x44f0b4 GetCurrentProcess
0x44f0b8 TerminateProcess
0x44f0bc GetCurrentProcessId
0x44f0c0 IsDebuggerPresent
0x44f0c4 GetStartupInfoW
0x44f0c8 RtlUnwind
0x44f0cc InterlockedPushEntrySList
0x44f0d0 RaiseException
0x44f0d4 TlsAlloc
0x44f0d8 TlsGetValue
0x44f0dc TlsSetValue
0x44f0e0 TlsFree
0x44f0e4 LoadLibraryExW
0x44f0e8 ReadFile
0x44f0ec GetStdHandle
0x44f0f0 WriteFile
0x44f0f4 GetModuleFileNameW
0x44f0f8 ExitProcess
0x44f0fc GetModuleHandleExW
0x44f100 SetFilePointerEx
0x44f104 GetConsoleMode
0x44f108 ReadConsoleW
0x44f10c GetFileType
0x44f110 GetConsoleOutputCP
0x44f114 GetFileSizeEx
0x44f118 HeapReAlloc
0x44f11c LCMapStringW
0x44f120 GetLocaleInfoW
0x44f124 IsValidLocale
0x44f128 GetUserDefaultLCID
0x44f12c EnumSystemLocalesW
0x44f130 FlushFileBuffers
0x44f134 HeapSize
0x44f138 FindClose
0x44f13c FindFirstFileExW
0x44f140 FindNextFileW
0x44f144 IsValidCodePage
0x44f148 GetACP
0x44f14c GetOEMCP
0x44f150 GetCommandLineA
0x44f154 WriteConsoleW
USER32.dll
0x44f15c MessageBoxW
EAT(Export Address Table) is none