ScreenShot
| Created | 2023.05.01 15:42 | Machine | s1_win7_x6401 |
| Filename | disableclr.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 6f7ee6c7d8f302d4c292508696a6dedb | ||
| sha256 | 275716b9b3bfbea8ebc3cc06d8b36bf1d247457a3972fc3acb2106d15664667e | ||
| ssdeep | 768:/7681I8d8pPbun2WrQZXOakSMVA7okqolospAM:/7ly3WUVktHsp | ||
| imphash | c8b414c149a1d1bf4fd0150a574885bd | ||
| impfuzzy | 48:Uw52BuOzQmCmQlKyUFZ80Jtn7y+qFGrTXg:Uw52BukDCmQlSmwp7PqFG3g | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| info | The executable uses a known packer |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win_Backdoor_AsyncRAT_Zero | Win Backdoor AsyncRAT | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x407074 GetFileSize
0x407078 WriteFile
0x40707c SetFilePointer
0x407080 FlushViewOfFile
0x407084 GetFileAttributesA
0x407088 GetModuleFileNameA
0x40708c GetSystemInfo
0x407090 GlobalFree
0x407094 GlobalAlloc
0x407098 CopyFileA
0x40709c LoadLibraryA
0x4070a0 LocalFree
0x4070a4 LocalAlloc
0x4070a8 QueryDosDeviceA
0x4070ac GetCurrentProcess
0x4070b0 FindClose
0x4070b4 FindFirstFileA
0x4070b8 GetFileTime
0x4070bc SetFileTime
0x4070c0 TerminateProcess
0x4070c4 GetTickCount
0x4070c8 Sleep
0x4070cc CreateFileA
0x4070d0 CreateFileMappingA
0x4070d4 MapViewOfFile
0x4070d8 HeapFree
0x4070dc IsBadReadPtr
0x4070e0 UnmapViewOfFile
0x4070e4 CreateToolhelp32Snapshot
0x4070e8 Module32First
0x4070ec Module32Next
0x4070f0 GetModuleHandleA
0x4070f4 GetProcAddress
0x4070f8 OpenProcess
0x4070fc CloseHandle
0x407100 GetStdHandle
0x407104 GetConsoleScreenBufferInfo
0x407108 SetConsoleTextAttribute
0x40710c SetFileAttributesA
0x407110 DeleteFileA
0x407114 GetLastError
0x407118 MoveFileExA
0x40711c GetProcessHeap
0x407120 HeapAlloc
0x407124 FreeLibrary
USER32.dll
0x40719c GetUserObjectSecurity
ADVAPI32.dll
0x407000 ControlService
0x407004 GetAce
0x407008 DeleteAce
0x40700c GetSecurityDescriptorDacl
0x407010 GetFileSecurityA
0x407014 GetNamedSecurityInfoA
0x407018 BuildExplicitAccessWithNameA
0x40701c AllocateAndInitializeSid
0x407020 SetEntriesInAclA
0x407024 SetNamedSecurityInfoA
0x407028 FreeSid
0x40702c LookupPrivilegeValueA
0x407030 AdjustTokenPrivileges
0x407034 OpenProcessToken
0x407038 GetTokenInformation
0x40703c GetSecurityDescriptorOwner
0x407040 IsValidSid
0x407044 LookupAccountSidA
0x407048 StartServiceA
0x40704c EnumDependentServicesA
0x407050 QueryServiceStatusEx
0x407054 OpenServiceA
0x407058 ChangeServiceConfig2A
0x40705c OpenSCManagerA
0x407060 EnumServicesStatusExA
0x407064 CloseServiceHandle
0x407068 CheckTokenMembership
0x40706c GetAclInformation
imagehlp.dll
0x4071a4 CheckSumMappedFile
MSVCRT.dll
0x40712c _vsnprintf
0x407130 _controlfp
0x407134 atoi
0x407138 _strcmpi
0x40713c strlen
0x407140 printf
0x407144 memset
0x407148 _strnicmp
0x40714c _except_handler3
0x407150 _local_unwind2
0x407154 _splitpath
0x407158 memcmp
0x40715c memcpy
0x407160 free
0x407164 malloc
0x407168 strncpy
0x40716c _exit
0x407170 _XcptFilter
0x407174 exit
0x407178 __p___initenv
0x40717c __getmainargs
0x407180 _initterm
0x407184 __setusermatherr
0x407188 _adjust_fdiv
0x40718c __p__commode
0x407190 __p__fmode
0x407194 __set_app_type
EAT(Export Address Table) is none
KERNEL32.dll
0x407074 GetFileSize
0x407078 WriteFile
0x40707c SetFilePointer
0x407080 FlushViewOfFile
0x407084 GetFileAttributesA
0x407088 GetModuleFileNameA
0x40708c GetSystemInfo
0x407090 GlobalFree
0x407094 GlobalAlloc
0x407098 CopyFileA
0x40709c LoadLibraryA
0x4070a0 LocalFree
0x4070a4 LocalAlloc
0x4070a8 QueryDosDeviceA
0x4070ac GetCurrentProcess
0x4070b0 FindClose
0x4070b4 FindFirstFileA
0x4070b8 GetFileTime
0x4070bc SetFileTime
0x4070c0 TerminateProcess
0x4070c4 GetTickCount
0x4070c8 Sleep
0x4070cc CreateFileA
0x4070d0 CreateFileMappingA
0x4070d4 MapViewOfFile
0x4070d8 HeapFree
0x4070dc IsBadReadPtr
0x4070e0 UnmapViewOfFile
0x4070e4 CreateToolhelp32Snapshot
0x4070e8 Module32First
0x4070ec Module32Next
0x4070f0 GetModuleHandleA
0x4070f4 GetProcAddress
0x4070f8 OpenProcess
0x4070fc CloseHandle
0x407100 GetStdHandle
0x407104 GetConsoleScreenBufferInfo
0x407108 SetConsoleTextAttribute
0x40710c SetFileAttributesA
0x407110 DeleteFileA
0x407114 GetLastError
0x407118 MoveFileExA
0x40711c GetProcessHeap
0x407120 HeapAlloc
0x407124 FreeLibrary
USER32.dll
0x40719c GetUserObjectSecurity
ADVAPI32.dll
0x407000 ControlService
0x407004 GetAce
0x407008 DeleteAce
0x40700c GetSecurityDescriptorDacl
0x407010 GetFileSecurityA
0x407014 GetNamedSecurityInfoA
0x407018 BuildExplicitAccessWithNameA
0x40701c AllocateAndInitializeSid
0x407020 SetEntriesInAclA
0x407024 SetNamedSecurityInfoA
0x407028 FreeSid
0x40702c LookupPrivilegeValueA
0x407030 AdjustTokenPrivileges
0x407034 OpenProcessToken
0x407038 GetTokenInformation
0x40703c GetSecurityDescriptorOwner
0x407040 IsValidSid
0x407044 LookupAccountSidA
0x407048 StartServiceA
0x40704c EnumDependentServicesA
0x407050 QueryServiceStatusEx
0x407054 OpenServiceA
0x407058 ChangeServiceConfig2A
0x40705c OpenSCManagerA
0x407060 EnumServicesStatusExA
0x407064 CloseServiceHandle
0x407068 CheckTokenMembership
0x40706c GetAclInformation
imagehlp.dll
0x4071a4 CheckSumMappedFile
MSVCRT.dll
0x40712c _vsnprintf
0x407130 _controlfp
0x407134 atoi
0x407138 _strcmpi
0x40713c strlen
0x407140 printf
0x407144 memset
0x407148 _strnicmp
0x40714c _except_handler3
0x407150 _local_unwind2
0x407154 _splitpath
0x407158 memcmp
0x40715c memcpy
0x407160 free
0x407164 malloc
0x407168 strncpy
0x40716c _exit
0x407170 _XcptFilter
0x407174 exit
0x407178 __p___initenv
0x40717c __getmainargs
0x407180 _initterm
0x407184 __setusermatherr
0x407188 _adjust_fdiv
0x40718c __p__commode
0x407190 __p__fmode
0x407194 __set_app_type
EAT(Export Address Table) is none