ScreenShot
| Created | 2023.05.23 16:27 | Machine | s1_win7_x6402 |
| Filename | nc.exe | ||
| Type | PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 47 detected (NetCat, HackTool, Misc, BrowseFox, Eldorado, malicious, high confidence, RemoteAdmin, AM potentially unsafe, score, ebbxjp, Tool, Cometer, HKTL, SGeneric, NetTool, Detected, ai score=99, unsafe, CLOUD, I48oIyZSh24, susgen, grayware, confidence, 100%) | ||
| md5 | e0db1d3d47e312ef62e5b0c74dceafe5 | ||
| sha256 | b3b207dfab2f429cc352ba125be32a0cae69fe4bf8563ab7d0128bba8c57a71c | ||
| ssdeep | 768:SyMPVzXjrEX3wVdvEs/immkrYKoc4KYIoxU:DMPdrEGdvfamnnT4lIoG | ||
| imphash | 98ce7b6533cbd67993e36dafb4e95946 | ||
| impfuzzy | 24:PkS2CNzlDHcLdbLNxb77sbX535vJlTomvl8TUqx6uZ++MufVno3yAKjI3bm8js8:MdCNxchP37sbXl5vJlT1vbqewtno3cm | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 47 AntiVirus engines on VirusTotal as malicious |
| info | Command line console output was observed |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40b228 CloseHandle
0x40b22c CreatePipe
0x40b230 CreateProcessA
0x40b234 CreateThread
0x40b238 DeleteCriticalSection
0x40b23c DisconnectNamedPipe
0x40b240 DuplicateHandle
0x40b244 EnterCriticalSection
0x40b248 ExitProcess
0x40b24c ExitThread
0x40b250 FreeConsole
0x40b254 FreeLibrary
0x40b258 GetCurrentProcess
0x40b25c GetLastError
0x40b260 GetModuleHandleA
0x40b264 GetProcAddress
0x40b268 GetStdHandle
0x40b26c InitializeCriticalSection
0x40b270 LeaveCriticalSection
0x40b274 LoadLibraryA
0x40b278 PeekNamedPipe
0x40b27c ReadFile
0x40b280 SetUnhandledExceptionFilter
0x40b284 Sleep
0x40b288 TerminateProcess
0x40b28c TerminateThread
0x40b290 TlsGetValue
0x40b294 VirtualProtect
0x40b298 VirtualQuery
0x40b29c WaitForMultipleObjects
0x40b2a0 WriteFile
msvcrt.dll
0x40b2a8 _close
0x40b2ac _dup
0x40b2b0 _itoa
0x40b2b4 _kbhit
0x40b2b8 _open
0x40b2bc _read
0x40b2c0 _strcmpi
0x40b2c4 _strnicmp
0x40b2c8 _write
msvcrt.dll
0x40b2d0 __getmainargs
0x40b2d4 __p__environ
0x40b2d8 __p__fmode
0x40b2dc __set_app_type
0x40b2e0 _cexit
0x40b2e4 _errno
0x40b2e8 _iob
0x40b2ec _isatty
0x40b2f0 _onexit
0x40b2f4 _setjmp
0x40b2f8 _setmode
0x40b2fc _sleep
0x40b300 _winmajor
0x40b304 abort
0x40b308 atexit
0x40b30c atoi
0x40b310 calloc
0x40b314 exit
0x40b318 fflush
0x40b31c fprintf
0x40b320 fputc
0x40b324 free
0x40b328 fwrite
0x40b32c getenv
0x40b330 gets
0x40b334 longjmp
0x40b338 malloc
0x40b33c memcmp
0x40b340 memcpy
0x40b344 memset
0x40b348 rand
0x40b34c signal
0x40b350 sprintf
0x40b354 srand
0x40b358 strcat
0x40b35c strchr
0x40b360 strcmp
0x40b364 strcpy
0x40b368 strlen
0x40b36c strncmp
0x40b370 strncpy
0x40b374 time
0x40b378 vfprintf
WSOCK32.DLL
0x40b380 WSACleanup
0x40b384 WSAGetLastError
0x40b388 WSASetLastError
0x40b38c WSAStartup
0x40b390 __WSAFDIsSet
0x40b394 accept
0x40b398 ind
0x40b39c closesocket
0x40b3a0 connect
0x40b3a4 gethostbyaddr
0x40b3a8 gethostbyname
0x40b3ac getservbyname
0x40b3b0 getservbyport
0x40b3b4 getsockname
0x40b3b8 htons
0x40b3bc inet_addr
0x40b3c0 inet_ntoa
0x40b3c4 listen
0x40b3c8 ntohs
0x40b3cc recv
0x40b3d0 recvfrom
0x40b3d4 select
0x40b3d8 send
0x40b3dc setsockopt
0x40b3e0 shutdown
0x40b3e4 socket
EAT(Export Address Table) is none
KERNEL32.dll
0x40b228 CloseHandle
0x40b22c CreatePipe
0x40b230 CreateProcessA
0x40b234 CreateThread
0x40b238 DeleteCriticalSection
0x40b23c DisconnectNamedPipe
0x40b240 DuplicateHandle
0x40b244 EnterCriticalSection
0x40b248 ExitProcess
0x40b24c ExitThread
0x40b250 FreeConsole
0x40b254 FreeLibrary
0x40b258 GetCurrentProcess
0x40b25c GetLastError
0x40b260 GetModuleHandleA
0x40b264 GetProcAddress
0x40b268 GetStdHandle
0x40b26c InitializeCriticalSection
0x40b270 LeaveCriticalSection
0x40b274 LoadLibraryA
0x40b278 PeekNamedPipe
0x40b27c ReadFile
0x40b280 SetUnhandledExceptionFilter
0x40b284 Sleep
0x40b288 TerminateProcess
0x40b28c TerminateThread
0x40b290 TlsGetValue
0x40b294 VirtualProtect
0x40b298 VirtualQuery
0x40b29c WaitForMultipleObjects
0x40b2a0 WriteFile
msvcrt.dll
0x40b2a8 _close
0x40b2ac _dup
0x40b2b0 _itoa
0x40b2b4 _kbhit
0x40b2b8 _open
0x40b2bc _read
0x40b2c0 _strcmpi
0x40b2c4 _strnicmp
0x40b2c8 _write
msvcrt.dll
0x40b2d0 __getmainargs
0x40b2d4 __p__environ
0x40b2d8 __p__fmode
0x40b2dc __set_app_type
0x40b2e0 _cexit
0x40b2e4 _errno
0x40b2e8 _iob
0x40b2ec _isatty
0x40b2f0 _onexit
0x40b2f4 _setjmp
0x40b2f8 _setmode
0x40b2fc _sleep
0x40b300 _winmajor
0x40b304 abort
0x40b308 atexit
0x40b30c atoi
0x40b310 calloc
0x40b314 exit
0x40b318 fflush
0x40b31c fprintf
0x40b320 fputc
0x40b324 free
0x40b328 fwrite
0x40b32c getenv
0x40b330 gets
0x40b334 longjmp
0x40b338 malloc
0x40b33c memcmp
0x40b340 memcpy
0x40b344 memset
0x40b348 rand
0x40b34c signal
0x40b350 sprintf
0x40b354 srand
0x40b358 strcat
0x40b35c strchr
0x40b360 strcmp
0x40b364 strcpy
0x40b368 strlen
0x40b36c strncmp
0x40b370 strncpy
0x40b374 time
0x40b378 vfprintf
WSOCK32.DLL
0x40b380 WSACleanup
0x40b384 WSAGetLastError
0x40b388 WSASetLastError
0x40b38c WSAStartup
0x40b390 __WSAFDIsSet
0x40b394 accept
0x40b398 ind
0x40b39c closesocket
0x40b3a0 connect
0x40b3a4 gethostbyaddr
0x40b3a8 gethostbyname
0x40b3ac getservbyname
0x40b3b0 getservbyport
0x40b3b4 getsockname
0x40b3b8 htons
0x40b3bc inet_addr
0x40b3c0 inet_ntoa
0x40b3c4 listen
0x40b3c8 ntohs
0x40b3cc recv
0x40b3d0 recvfrom
0x40b3d4 select
0x40b3d8 send
0x40b3dc setsockopt
0x40b3e0 shutdown
0x40b3e4 socket
EAT(Export Address Table) is none