ScreenShot
| Created | 2023.05.31 00:26 | Machine | s1_win7_x6401 |
| Filename | Builder.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 1866f69cfaeeda3915074a0aab36717a | ||
| sha256 | b17d9682fd03dc7d18fb141718d6fc90b59e76ee6b8f39f2ace385600fad7c68 | ||
| ssdeep | 3072:qguAgTsGLYEZl70PsLko1Gs2T/0oim/JbRZzlZ2pJqq:q5twsLko1Gs2T/pPlZ2fq | ||
| imphash | 6dbf27f4c70fe2c8ed3e0122ba75d641 | ||
| impfuzzy | 48:ZpfCWbmuGk8vgLVt6P4lpNRAC+9XQwt0QSEwo4oILDyoHrLBWzIdkLj6eBB:ZpfCWbmuGk8vgLVt/lRAP/DFWNiB | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| info | Checks amount of memory in system |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14001a038 FindNextFileW
0x14001a040 GetCurrentProcess
0x14001a048 GetModuleHandleExW
0x14001a050 GetModuleFileNameW
0x14001a058 LeaveCriticalSection
0x14001a060 InitializeCriticalSection
0x14001a068 GetEnvironmentVariableW
0x14001a070 FindClose
0x14001a078 MultiByteToWideChar
0x14001a080 GetLastError
0x14001a088 GetFileAttributesExW
0x14001a090 GetFullPathNameW
0x14001a098 GetProcAddress
0x14001a0a0 DeleteCriticalSection
0x14001a0a8 WideCharToMultiByte
0x14001a0b0 IsWow64Process
0x14001a0b8 LoadLibraryExW
0x14001a0c0 FreeLibrary
0x14001a0c8 TlsFree
0x14001a0d0 TlsSetValue
0x14001a0d8 TlsGetValue
0x14001a0e0 TlsAlloc
0x14001a0e8 EnterCriticalSection
0x14001a0f0 FindFirstFileExW
0x14001a0f8 OutputDebugStringW
0x14001a100 LoadLibraryA
0x14001a108 GetModuleHandleW
0x14001a110 InitializeCriticalSectionAndSpinCount
0x14001a118 SetLastError
0x14001a120 RaiseException
0x14001a128 RtlPcToFileHeader
0x14001a130 RtlUnwindEx
0x14001a138 InitializeSListHead
0x14001a140 GetSystemTimeAsFileTime
0x14001a148 GetCurrentThreadId
0x14001a150 GetCurrentProcessId
0x14001a158 QueryPerformanceCounter
0x14001a160 IsDebuggerPresent
0x14001a168 IsProcessorFeaturePresent
0x14001a170 TerminateProcess
0x14001a178 SetUnhandledExceptionFilter
0x14001a180 UnhandledExceptionFilter
0x14001a188 RtlVirtualUnwind
0x14001a190 RtlLookupFunctionEntry
0x14001a198 RtlCaptureContext
0x14001a1a0 LCMapStringEx
0x14001a1a8 DecodePointer
0x14001a1b0 EncodePointer
0x14001a1b8 InitializeCriticalSectionEx
0x14001a1c0 GetStringTypeW
USER32.dll
0x14001a1e0 MessageBoxW
SHELL32.dll
0x14001a1d0 ShellExecuteW
ADVAPI32.dll
0x14001a000 RegOpenKeyExW
0x14001a008 RegGetValueW
0x14001a010 DeregisterEventSource
0x14001a018 RegisterEventSourceW
0x14001a020 ReportEventW
0x14001a028 RegCloseKey
api-ms-win-crt-runtime-l1-1-0.dll
0x14001a2a0 _exit
0x14001a2a8 __p___argc
0x14001a2b0 _initterm_e
0x14001a2b8 _initterm
0x14001a2c0 _get_initial_wide_environment
0x14001a2c8 _invalid_parameter_noinfo_noreturn
0x14001a2d0 _initialize_wide_environment
0x14001a2d8 _configure_wide_argv
0x14001a2e0 _initialize_onexit_table
0x14001a2e8 _set_app_type
0x14001a2f0 __p___wargv
0x14001a2f8 _seh_filter_exe
0x14001a300 _register_onexit_function
0x14001a308 _cexit
0x14001a310 terminate
0x14001a318 _errno
0x14001a320 exit
0x14001a328 abort
0x14001a330 _crt_atexit
0x14001a338 _c_exit
0x14001a340 _register_thread_local_exe_atexit_callback
api-ms-win-crt-stdio-l1-1-0.dll
0x14001a350 setvbuf
0x14001a358 fflush
0x14001a360 _wfopen
0x14001a368 __stdio_common_vswprintf
0x14001a370 __stdio_common_vfwprintf
0x14001a378 _set_fmode
0x14001a380 __stdio_common_vsprintf_s
0x14001a388 __acrt_iob_func
0x14001a390 fputwc
0x14001a398 fputws
0x14001a3a0 __p__commode
api-ms-win-crt-heap-l1-1-0.dll
0x14001a208 _set_new_mode
0x14001a210 _callnewh
0x14001a218 free
0x14001a220 malloc
0x14001a228 calloc
api-ms-win-crt-string-l1-1-0.dll
0x14001a3b0 wcsnlen
0x14001a3b8 strcpy_s
0x14001a3c0 _wcsdup
0x14001a3c8 strcspn
0x14001a3d0 wcsncmp
0x14001a3d8 toupper
api-ms-win-crt-convert-l1-1-0.dll
0x14001a1f0 _wtoi
0x14001a1f8 wcstoul
api-ms-win-crt-locale-l1-1-0.dll
0x14001a238 setlocale
0x14001a240 ___lc_locale_name_func
0x14001a248 localeconv
0x14001a250 _unlock_locales
0x14001a258 _lock_locales
0x14001a260 ___mb_cur_max_func
0x14001a268 _configthreadlocale
0x14001a270 __pctype_func
0x14001a278 ___lc_codepage_func
api-ms-win-crt-math-l1-1-0.dll
0x14001a288 frexp
0x14001a290 __setusermatherr
api-ms-win-crt-time-l1-1-0.dll
0x14001a3e8 _gmtime64_s
0x14001a3f0 _time64
0x14001a3f8 wcsftime
EAT(Export Address Table) is none
KERNEL32.dll
0x14001a038 FindNextFileW
0x14001a040 GetCurrentProcess
0x14001a048 GetModuleHandleExW
0x14001a050 GetModuleFileNameW
0x14001a058 LeaveCriticalSection
0x14001a060 InitializeCriticalSection
0x14001a068 GetEnvironmentVariableW
0x14001a070 FindClose
0x14001a078 MultiByteToWideChar
0x14001a080 GetLastError
0x14001a088 GetFileAttributesExW
0x14001a090 GetFullPathNameW
0x14001a098 GetProcAddress
0x14001a0a0 DeleteCriticalSection
0x14001a0a8 WideCharToMultiByte
0x14001a0b0 IsWow64Process
0x14001a0b8 LoadLibraryExW
0x14001a0c0 FreeLibrary
0x14001a0c8 TlsFree
0x14001a0d0 TlsSetValue
0x14001a0d8 TlsGetValue
0x14001a0e0 TlsAlloc
0x14001a0e8 EnterCriticalSection
0x14001a0f0 FindFirstFileExW
0x14001a0f8 OutputDebugStringW
0x14001a100 LoadLibraryA
0x14001a108 GetModuleHandleW
0x14001a110 InitializeCriticalSectionAndSpinCount
0x14001a118 SetLastError
0x14001a120 RaiseException
0x14001a128 RtlPcToFileHeader
0x14001a130 RtlUnwindEx
0x14001a138 InitializeSListHead
0x14001a140 GetSystemTimeAsFileTime
0x14001a148 GetCurrentThreadId
0x14001a150 GetCurrentProcessId
0x14001a158 QueryPerformanceCounter
0x14001a160 IsDebuggerPresent
0x14001a168 IsProcessorFeaturePresent
0x14001a170 TerminateProcess
0x14001a178 SetUnhandledExceptionFilter
0x14001a180 UnhandledExceptionFilter
0x14001a188 RtlVirtualUnwind
0x14001a190 RtlLookupFunctionEntry
0x14001a198 RtlCaptureContext
0x14001a1a0 LCMapStringEx
0x14001a1a8 DecodePointer
0x14001a1b0 EncodePointer
0x14001a1b8 InitializeCriticalSectionEx
0x14001a1c0 GetStringTypeW
USER32.dll
0x14001a1e0 MessageBoxW
SHELL32.dll
0x14001a1d0 ShellExecuteW
ADVAPI32.dll
0x14001a000 RegOpenKeyExW
0x14001a008 RegGetValueW
0x14001a010 DeregisterEventSource
0x14001a018 RegisterEventSourceW
0x14001a020 ReportEventW
0x14001a028 RegCloseKey
api-ms-win-crt-runtime-l1-1-0.dll
0x14001a2a0 _exit
0x14001a2a8 __p___argc
0x14001a2b0 _initterm_e
0x14001a2b8 _initterm
0x14001a2c0 _get_initial_wide_environment
0x14001a2c8 _invalid_parameter_noinfo_noreturn
0x14001a2d0 _initialize_wide_environment
0x14001a2d8 _configure_wide_argv
0x14001a2e0 _initialize_onexit_table
0x14001a2e8 _set_app_type
0x14001a2f0 __p___wargv
0x14001a2f8 _seh_filter_exe
0x14001a300 _register_onexit_function
0x14001a308 _cexit
0x14001a310 terminate
0x14001a318 _errno
0x14001a320 exit
0x14001a328 abort
0x14001a330 _crt_atexit
0x14001a338 _c_exit
0x14001a340 _register_thread_local_exe_atexit_callback
api-ms-win-crt-stdio-l1-1-0.dll
0x14001a350 setvbuf
0x14001a358 fflush
0x14001a360 _wfopen
0x14001a368 __stdio_common_vswprintf
0x14001a370 __stdio_common_vfwprintf
0x14001a378 _set_fmode
0x14001a380 __stdio_common_vsprintf_s
0x14001a388 __acrt_iob_func
0x14001a390 fputwc
0x14001a398 fputws
0x14001a3a0 __p__commode
api-ms-win-crt-heap-l1-1-0.dll
0x14001a208 _set_new_mode
0x14001a210 _callnewh
0x14001a218 free
0x14001a220 malloc
0x14001a228 calloc
api-ms-win-crt-string-l1-1-0.dll
0x14001a3b0 wcsnlen
0x14001a3b8 strcpy_s
0x14001a3c0 _wcsdup
0x14001a3c8 strcspn
0x14001a3d0 wcsncmp
0x14001a3d8 toupper
api-ms-win-crt-convert-l1-1-0.dll
0x14001a1f0 _wtoi
0x14001a1f8 wcstoul
api-ms-win-crt-locale-l1-1-0.dll
0x14001a238 setlocale
0x14001a240 ___lc_locale_name_func
0x14001a248 localeconv
0x14001a250 _unlock_locales
0x14001a258 _lock_locales
0x14001a260 ___mb_cur_max_func
0x14001a268 _configthreadlocale
0x14001a270 __pctype_func
0x14001a278 ___lc_codepage_func
api-ms-win-crt-math-l1-1-0.dll
0x14001a288 frexp
0x14001a290 __setusermatherr
api-ms-win-crt-time-l1-1-0.dll
0x14001a3e8 _gmtime64_s
0x14001a3f0 _time64
0x14001a3f8 wcsftime
EAT(Export Address Table) is none