ScreenShot
| Created | 2023.05.22 08:48 | Machine | s1_win7_x6401 |
| Filename | clp2.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 21 detected (Lazy, unsafe, malicious, Attribute, HighConfidence, moderate confidence, Kryptik, AGen, CrypterX, Generic ML PUA, score, ai score=81, susgen, confidence) | ||
| md5 | 114802905a97d79114782772cc7106cb | ||
| sha256 | 4ca5ed8d0d1fcc84349cf03ce8157e0727f6bc31cb93649c75565730542ba85a | ||
| ssdeep | 98304:GtXzxJ+uYdXyw8YDFb/smHOteMy0gXc0pSi5H+nYqwEomKfHMACl2h/Xg:Gz5Y1yCtsQ0gXc0U8enYqXTEMpiY | ||
| imphash | c983ca29445c3b0f29b987d079b73fc4 | ||
| impfuzzy | 96:0VUHJcpVYMS1YtuBgPpnm7ScI1AXJ4Zcp+AjxtvuGzvVq:EQWnEfZ4pgc | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 21 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140624000 Process32NextW
0x140624008 GlobalSize
0x140624010 GetSystemDirectoryA
0x140624018 GlobalAlloc
0x140624020 Process32FirstW
0x140624028 CloseHandle
0x140624030 GlobalLock
0x140624038 GetLastError
0x140624040 GlobalUnlock
0x140624048 WriteConsoleW
0x140624050 HeapSize
0x140624058 GetProcessHeap
0x140624060 SetStdHandle
0x140624068 SetEnvironmentVariableW
0x140624070 FreeEnvironmentStringsW
0x140624078 GetEnvironmentStringsW
0x140624080 CopyFileA
0x140624088 Sleep
0x140624090 CreateToolhelp32Snapshot
0x140624098 CreateMutexA
0x1406240a0 VirtualAlloc
0x1406240a8 WinExec
0x1406240b0 GetModuleFileNameA
0x1406240b8 MultiByteToWideChar
0x1406240c0 LocalFree
0x1406240c8 FormatMessageA
0x1406240d0 CreateDirectoryW
0x1406240d8 CreateFileW
0x1406240e0 FindClose
0x1406240e8 FindFirstFileExW
0x1406240f0 FindNextFileW
0x1406240f8 SetEndOfFile
0x140624100 SetFilePointerEx
0x140624108 AreFileApisANSI
0x140624110 WideCharToMultiByte
0x140624118 GetStringTypeW
0x140624120 LCMapStringEx
0x140624128 EnterCriticalSection
0x140624130 LeaveCriticalSection
0x140624138 InitializeCriticalSectionEx
0x140624140 DeleteCriticalSection
0x140624148 EncodePointer
0x140624150 DecodePointer
0x140624158 CompareStringEx
0x140624160 GetCPInfo
0x140624168 QueryPerformanceCounter
0x140624170 GetCurrentProcessId
0x140624178 GetCurrentThreadId
0x140624180 GetSystemTimeAsFileTime
0x140624188 InitializeSListHead
0x140624190 RtlCaptureContext
0x140624198 RtlLookupFunctionEntry
0x1406241a0 RtlVirtualUnwind
0x1406241a8 IsDebuggerPresent
0x1406241b0 UnhandledExceptionFilter
0x1406241b8 SetUnhandledExceptionFilter
0x1406241c0 GetStartupInfoW
0x1406241c8 IsProcessorFeaturePresent
0x1406241d0 GetModuleHandleW
0x1406241d8 GetCurrentProcess
0x1406241e0 TerminateProcess
0x1406241e8 RtlUnwindEx
0x1406241f0 RtlPcToFileHeader
0x1406241f8 RaiseException
0x140624200 SetLastError
0x140624208 InitializeCriticalSectionAndSpinCount
0x140624210 TlsAlloc
0x140624218 TlsGetValue
0x140624220 TlsSetValue
0x140624228 TlsFree
0x140624230 FreeLibrary
0x140624238 GetProcAddress
0x140624240 LoadLibraryExW
0x140624248 ReadFile
0x140624250 ExitProcess
0x140624258 GetModuleHandleExW
0x140624260 GetStdHandle
0x140624268 WriteFile
0x140624270 GetModuleFileNameW
0x140624278 GetCommandLineA
0x140624280 GetCommandLineW
0x140624288 GetConsoleMode
0x140624290 ReadConsoleW
0x140624298 GetFileType
0x1406242a0 GetFileSizeEx
0x1406242a8 FlushFileBuffers
0x1406242b0 GetConsoleOutputCP
0x1406242b8 HeapFree
0x1406242c0 HeapAlloc
0x1406242c8 FlsAlloc
0x1406242d0 FlsGetValue
0x1406242d8 FlsSetValue
0x1406242e0 FlsFree
0x1406242e8 CompareStringW
0x1406242f0 LCMapStringW
0x1406242f8 GetLocaleInfoW
0x140624300 IsValidLocale
0x140624308 GetUserDefaultLCID
0x140624310 EnumSystemLocalesW
0x140624318 DeleteFileW
0x140624320 HeapReAlloc
0x140624328 IsValidCodePage
0x140624330 GetACP
0x140624338 GetOEMCP
0x140624340 RtlUnwind
USER32.dll
0x140624350 EmptyClipboard
0x140624358 GetClipboardData
0x140624360 SetClipboardData
0x140624368 CloseClipboard
0x140624370 OpenClipboard
ADVAPI32.dll
0x140624380 RegQueryInfoKeyW
0x140624388 RegCreateKeyExA
0x140624390 RegSetValueExA
0x140624398 RegOpenKeyExA
0x1406243a0 RegEnumKeyExA
0x1406243a8 RegCloseKey
KERNEL32.dll
0x1406243b8 GetSystemTimeAsFileTime
0x1406243c0 CreateEventA
0x1406243c8 GetModuleHandleA
0x1406243d0 TerminateProcess
0x1406243d8 GetCurrentProcess
0x1406243e0 CreateToolhelp32Snapshot
0x1406243e8 Thread32First
0x1406243f0 GetCurrentProcessId
0x1406243f8 GetCurrentThreadId
0x140624400 OpenThread
0x140624408 Thread32Next
0x140624410 CloseHandle
0x140624418 SuspendThread
0x140624420 ResumeThread
0x140624428 WriteProcessMemory
0x140624430 GetSystemInfo
0x140624438 VirtualAlloc
0x140624440 VirtualProtect
0x140624448 VirtualFree
0x140624450 GetProcessAffinityMask
0x140624458 SetProcessAffinityMask
0x140624460 GetCurrentThread
0x140624468 SetThreadAffinityMask
0x140624470 Sleep
0x140624478 LoadLibraryA
0x140624480 FreeLibrary
0x140624488 GetTickCount
0x140624490 SystemTimeToFileTime
0x140624498 FileTimeToSystemTime
0x1406244a0 GlobalFree
0x1406244a8 HeapAlloc
0x1406244b0 HeapFree
0x1406244b8 GetProcAddress
0x1406244c0 ExitProcess
0x1406244c8 EnterCriticalSection
0x1406244d0 LeaveCriticalSection
0x1406244d8 InitializeCriticalSection
0x1406244e0 DeleteCriticalSection
0x1406244e8 MultiByteToWideChar
0x1406244f0 GetModuleHandleW
0x1406244f8 LoadResource
0x140624500 FindResourceExW
0x140624508 FindResourceExA
0x140624510 WideCharToMultiByte
0x140624518 GetThreadLocale
0x140624520 GetUserDefaultLCID
0x140624528 GetSystemDefaultLCID
0x140624530 EnumResourceNamesA
0x140624538 EnumResourceNamesW
0x140624540 EnumResourceLanguagesA
0x140624548 EnumResourceLanguagesW
0x140624550 EnumResourceTypesA
0x140624558 EnumResourceTypesW
0x140624560 CreateFileW
0x140624568 LoadLibraryW
0x140624570 GetLastError
0x140624578 FlushFileBuffers
0x140624580 FlsSetValue
0x140624588 GetCommandLineA
0x140624590 GetCPInfo
0x140624598 GetACP
0x1406245a0 GetOEMCP
0x1406245a8 IsValidCodePage
0x1406245b0 EncodePointer
0x1406245b8 DecodePointer
0x1406245c0 FlsGetValue
0x1406245c8 FlsFree
0x1406245d0 SetLastError
0x1406245d8 FlsAlloc
0x1406245e0 UnhandledExceptionFilter
0x1406245e8 SetUnhandledExceptionFilter
0x1406245f0 IsDebuggerPresent
0x1406245f8 RtlVirtualUnwind
0x140624600 RtlLookupFunctionEntry
0x140624608 RtlCaptureContext
0x140624610 RaiseException
0x140624618 RtlPcToFileHeader
0x140624620 RtlUnwindEx
0x140624628 LCMapStringA
0x140624630 LCMapStringW
0x140624638 SetHandleCount
0x140624640 GetStdHandle
0x140624648 GetFileType
0x140624650 GetStartupInfoA
0x140624658 GetModuleFileNameA
0x140624660 FreeEnvironmentStringsA
0x140624668 GetEnvironmentStrings
0x140624670 FreeEnvironmentStringsW
0x140624678 GetEnvironmentStringsW
0x140624680 HeapSetInformation
0x140624688 HeapCreate
0x140624690 HeapDestroy
0x140624698 QueryPerformanceCounter
0x1406246a0 GetStringTypeA
0x1406246a8 GetStringTypeW
0x1406246b0 GetLocaleInfoA
0x1406246b8 HeapSize
0x1406246c0 WriteFile
0x1406246c8 SetFilePointer
0x1406246d0 GetConsoleCP
0x1406246d8 GetConsoleMode
0x1406246e0 HeapReAlloc
0x1406246e8 InitializeCriticalSectionAndSpinCount
0x1406246f0 SetStdHandle
0x1406246f8 WriteConsoleA
0x140624700 GetConsoleOutputCP
0x140624708 WriteConsoleW
0x140624710 CreateFileA
EAT(Export Address Table) is none
KERNEL32.dll
0x140624000 Process32NextW
0x140624008 GlobalSize
0x140624010 GetSystemDirectoryA
0x140624018 GlobalAlloc
0x140624020 Process32FirstW
0x140624028 CloseHandle
0x140624030 GlobalLock
0x140624038 GetLastError
0x140624040 GlobalUnlock
0x140624048 WriteConsoleW
0x140624050 HeapSize
0x140624058 GetProcessHeap
0x140624060 SetStdHandle
0x140624068 SetEnvironmentVariableW
0x140624070 FreeEnvironmentStringsW
0x140624078 GetEnvironmentStringsW
0x140624080 CopyFileA
0x140624088 Sleep
0x140624090 CreateToolhelp32Snapshot
0x140624098 CreateMutexA
0x1406240a0 VirtualAlloc
0x1406240a8 WinExec
0x1406240b0 GetModuleFileNameA
0x1406240b8 MultiByteToWideChar
0x1406240c0 LocalFree
0x1406240c8 FormatMessageA
0x1406240d0 CreateDirectoryW
0x1406240d8 CreateFileW
0x1406240e0 FindClose
0x1406240e8 FindFirstFileExW
0x1406240f0 FindNextFileW
0x1406240f8 SetEndOfFile
0x140624100 SetFilePointerEx
0x140624108 AreFileApisANSI
0x140624110 WideCharToMultiByte
0x140624118 GetStringTypeW
0x140624120 LCMapStringEx
0x140624128 EnterCriticalSection
0x140624130 LeaveCriticalSection
0x140624138 InitializeCriticalSectionEx
0x140624140 DeleteCriticalSection
0x140624148 EncodePointer
0x140624150 DecodePointer
0x140624158 CompareStringEx
0x140624160 GetCPInfo
0x140624168 QueryPerformanceCounter
0x140624170 GetCurrentProcessId
0x140624178 GetCurrentThreadId
0x140624180 GetSystemTimeAsFileTime
0x140624188 InitializeSListHead
0x140624190 RtlCaptureContext
0x140624198 RtlLookupFunctionEntry
0x1406241a0 RtlVirtualUnwind
0x1406241a8 IsDebuggerPresent
0x1406241b0 UnhandledExceptionFilter
0x1406241b8 SetUnhandledExceptionFilter
0x1406241c0 GetStartupInfoW
0x1406241c8 IsProcessorFeaturePresent
0x1406241d0 GetModuleHandleW
0x1406241d8 GetCurrentProcess
0x1406241e0 TerminateProcess
0x1406241e8 RtlUnwindEx
0x1406241f0 RtlPcToFileHeader
0x1406241f8 RaiseException
0x140624200 SetLastError
0x140624208 InitializeCriticalSectionAndSpinCount
0x140624210 TlsAlloc
0x140624218 TlsGetValue
0x140624220 TlsSetValue
0x140624228 TlsFree
0x140624230 FreeLibrary
0x140624238 GetProcAddress
0x140624240 LoadLibraryExW
0x140624248 ReadFile
0x140624250 ExitProcess
0x140624258 GetModuleHandleExW
0x140624260 GetStdHandle
0x140624268 WriteFile
0x140624270 GetModuleFileNameW
0x140624278 GetCommandLineA
0x140624280 GetCommandLineW
0x140624288 GetConsoleMode
0x140624290 ReadConsoleW
0x140624298 GetFileType
0x1406242a0 GetFileSizeEx
0x1406242a8 FlushFileBuffers
0x1406242b0 GetConsoleOutputCP
0x1406242b8 HeapFree
0x1406242c0 HeapAlloc
0x1406242c8 FlsAlloc
0x1406242d0 FlsGetValue
0x1406242d8 FlsSetValue
0x1406242e0 FlsFree
0x1406242e8 CompareStringW
0x1406242f0 LCMapStringW
0x1406242f8 GetLocaleInfoW
0x140624300 IsValidLocale
0x140624308 GetUserDefaultLCID
0x140624310 EnumSystemLocalesW
0x140624318 DeleteFileW
0x140624320 HeapReAlloc
0x140624328 IsValidCodePage
0x140624330 GetACP
0x140624338 GetOEMCP
0x140624340 RtlUnwind
USER32.dll
0x140624350 EmptyClipboard
0x140624358 GetClipboardData
0x140624360 SetClipboardData
0x140624368 CloseClipboard
0x140624370 OpenClipboard
ADVAPI32.dll
0x140624380 RegQueryInfoKeyW
0x140624388 RegCreateKeyExA
0x140624390 RegSetValueExA
0x140624398 RegOpenKeyExA
0x1406243a0 RegEnumKeyExA
0x1406243a8 RegCloseKey
KERNEL32.dll
0x1406243b8 GetSystemTimeAsFileTime
0x1406243c0 CreateEventA
0x1406243c8 GetModuleHandleA
0x1406243d0 TerminateProcess
0x1406243d8 GetCurrentProcess
0x1406243e0 CreateToolhelp32Snapshot
0x1406243e8 Thread32First
0x1406243f0 GetCurrentProcessId
0x1406243f8 GetCurrentThreadId
0x140624400 OpenThread
0x140624408 Thread32Next
0x140624410 CloseHandle
0x140624418 SuspendThread
0x140624420 ResumeThread
0x140624428 WriteProcessMemory
0x140624430 GetSystemInfo
0x140624438 VirtualAlloc
0x140624440 VirtualProtect
0x140624448 VirtualFree
0x140624450 GetProcessAffinityMask
0x140624458 SetProcessAffinityMask
0x140624460 GetCurrentThread
0x140624468 SetThreadAffinityMask
0x140624470 Sleep
0x140624478 LoadLibraryA
0x140624480 FreeLibrary
0x140624488 GetTickCount
0x140624490 SystemTimeToFileTime
0x140624498 FileTimeToSystemTime
0x1406244a0 GlobalFree
0x1406244a8 HeapAlloc
0x1406244b0 HeapFree
0x1406244b8 GetProcAddress
0x1406244c0 ExitProcess
0x1406244c8 EnterCriticalSection
0x1406244d0 LeaveCriticalSection
0x1406244d8 InitializeCriticalSection
0x1406244e0 DeleteCriticalSection
0x1406244e8 MultiByteToWideChar
0x1406244f0 GetModuleHandleW
0x1406244f8 LoadResource
0x140624500 FindResourceExW
0x140624508 FindResourceExA
0x140624510 WideCharToMultiByte
0x140624518 GetThreadLocale
0x140624520 GetUserDefaultLCID
0x140624528 GetSystemDefaultLCID
0x140624530 EnumResourceNamesA
0x140624538 EnumResourceNamesW
0x140624540 EnumResourceLanguagesA
0x140624548 EnumResourceLanguagesW
0x140624550 EnumResourceTypesA
0x140624558 EnumResourceTypesW
0x140624560 CreateFileW
0x140624568 LoadLibraryW
0x140624570 GetLastError
0x140624578 FlushFileBuffers
0x140624580 FlsSetValue
0x140624588 GetCommandLineA
0x140624590 GetCPInfo
0x140624598 GetACP
0x1406245a0 GetOEMCP
0x1406245a8 IsValidCodePage
0x1406245b0 EncodePointer
0x1406245b8 DecodePointer
0x1406245c0 FlsGetValue
0x1406245c8 FlsFree
0x1406245d0 SetLastError
0x1406245d8 FlsAlloc
0x1406245e0 UnhandledExceptionFilter
0x1406245e8 SetUnhandledExceptionFilter
0x1406245f0 IsDebuggerPresent
0x1406245f8 RtlVirtualUnwind
0x140624600 RtlLookupFunctionEntry
0x140624608 RtlCaptureContext
0x140624610 RaiseException
0x140624618 RtlPcToFileHeader
0x140624620 RtlUnwindEx
0x140624628 LCMapStringA
0x140624630 LCMapStringW
0x140624638 SetHandleCount
0x140624640 GetStdHandle
0x140624648 GetFileType
0x140624650 GetStartupInfoA
0x140624658 GetModuleFileNameA
0x140624660 FreeEnvironmentStringsA
0x140624668 GetEnvironmentStrings
0x140624670 FreeEnvironmentStringsW
0x140624678 GetEnvironmentStringsW
0x140624680 HeapSetInformation
0x140624688 HeapCreate
0x140624690 HeapDestroy
0x140624698 QueryPerformanceCounter
0x1406246a0 GetStringTypeA
0x1406246a8 GetStringTypeW
0x1406246b0 GetLocaleInfoA
0x1406246b8 HeapSize
0x1406246c0 WriteFile
0x1406246c8 SetFilePointer
0x1406246d0 GetConsoleCP
0x1406246d8 GetConsoleMode
0x1406246e0 HeapReAlloc
0x1406246e8 InitializeCriticalSectionAndSpinCount
0x1406246f0 SetStdHandle
0x1406246f8 WriteConsoleA
0x140624700 GetConsoleOutputCP
0x140624708 WriteConsoleW
0x140624710 CreateFileA
EAT(Export Address Table) is none