ScreenShot
| Created | 2023.06.26 17:26 | Machine | s1_win7_x6401 |
| Filename | Info.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 4 detected (Malicious, score, Revenant, Detected) | ||
| md5 | 9873d7a24b69e63fee428d9fe75b9a32 | ||
| sha256 | cfc0211f77f88db3550e7c5816a6b61ce5efe626deb9c344bcaffce695c82e38 | ||
| ssdeep | 768:HyTSTZYHw/zmdFAVwVeV6Zln00EqWoCWXgs7a4E5R6XFKnID4CS:HGSBuQwF2zyFDS | ||
| imphash | 4c84c8ba374cef8f76250c04631b14fd | ||
| impfuzzy | 24:UfCcFknuxNLHWKj0d6926CYh29HSD4Tg94upAb7QzAKaihfHRtBy7JYDMLSYSySl:UfCcCuPFjS3updk1YwLSYSV0i4c7VBIA | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | File has been identified by 4 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | PhysicalDrive_20181001 | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140009ab8 CloseHandle
0x140009ac0 CreatePipe
0x140009ac8 DeleteCriticalSection
0x140009ad0 EnterCriticalSection
0x140009ad8 ExitProcess
0x140009ae0 FreeLibrary
0x140009ae8 GetLastError
0x140009af0 GetModuleHandleA
0x140009af8 GetNativeSystemInfo
0x140009b00 GetStartupInfoA
0x140009b08 GetTickCount
0x140009b10 InitializeCriticalSection
0x140009b18 K32GetModuleInformation
0x140009b20 LeaveCriticalSection
0x140009b28 LocalAlloc
0x140009b30 LocalFree
0x140009b38 LocalReAlloc
0x140009b40 ReadFile
0x140009b48 SetUnhandledExceptionFilter
0x140009b50 Sleep
0x140009b58 TlsGetValue
0x140009b60 VirtualProtect
0x140009b68 VirtualQuery
0x140009b70 __C_specific_handler
0x140009b78 lstrcmpiW
0x140009b80 lstrlenW
WINHTTP.dll
0x140009b90 WinHttpSetOption
api-ms-win-crt-convert-l1-1-0.dll
0x140009ba0 mbstowcs
api-ms-win-crt-heap-l1-1-0.dll
0x140009bb0 _set_new_mode
0x140009bb8 calloc
0x140009bc0 free
0x140009bc8 malloc
api-ms-win-crt-private-l1-1-0.dll
0x140009bd8 memcpy
0x140009be0 strchr
api-ms-win-crt-runtime-l1-1-0.dll
0x140009bf0 __p___argc
0x140009bf8 __p___argv
0x140009c00 __p___wargv
0x140009c08 __p__acmdln
0x140009c10 _cexit
0x140009c18 _configure_narrow_argv
0x140009c20 _configure_wide_argv
0x140009c28 _crt_at_quick_exit
0x140009c30 _crt_atexit
0x140009c38 _errno
0x140009c40 _exit
0x140009c48 _initialize_narrow_environment
0x140009c50 _initialize_wide_environment
0x140009c58 _initterm
0x140009c60 _set_app_type
0x140009c68 _set_invalid_parameter_handler
0x140009c70 abort
0x140009c78 exit
0x140009c80 signal
api-ms-win-crt-stdio-l1-1-0.dll
0x140009c90 __acrt_iob_func
0x140009c98 __p__commode
0x140009ca0 __p__fmode
0x140009ca8 __stdio_common_vfprintf
0x140009cb0 __stdio_common_vfwprintf
0x140009cb8 fwrite
api-ms-win-crt-string-l1-1-0.dll
0x140009cc8 memset
0x140009cd0 strlen
0x140009cd8 strncmp
0x140009ce0 tolower
api-ms-win-crt-time-l1-1-0.dll
0x140009cf0 __daylight
0x140009cf8 __timezone
0x140009d00 __tzname
0x140009d08 _time64
0x140009d10 _tzset
api-ms-win-crt-utility-l1-1-0.dll
0x140009d20 rand
0x140009d28 srand
api-ms-win-crt-multibyte-l1-1-0.dll
0x140009d38 _ismbblead
api-ms-win-crt-math-l1-1-0.dll
0x140009d48 __setusermatherr
api-ms-win-crt-environment-l1-1-0.dll
0x140009d58 __p__environ
0x140009d60 __p__wenviron
EAT(Export Address Table) is none
KERNEL32.dll
0x140009ab8 CloseHandle
0x140009ac0 CreatePipe
0x140009ac8 DeleteCriticalSection
0x140009ad0 EnterCriticalSection
0x140009ad8 ExitProcess
0x140009ae0 FreeLibrary
0x140009ae8 GetLastError
0x140009af0 GetModuleHandleA
0x140009af8 GetNativeSystemInfo
0x140009b00 GetStartupInfoA
0x140009b08 GetTickCount
0x140009b10 InitializeCriticalSection
0x140009b18 K32GetModuleInformation
0x140009b20 LeaveCriticalSection
0x140009b28 LocalAlloc
0x140009b30 LocalFree
0x140009b38 LocalReAlloc
0x140009b40 ReadFile
0x140009b48 SetUnhandledExceptionFilter
0x140009b50 Sleep
0x140009b58 TlsGetValue
0x140009b60 VirtualProtect
0x140009b68 VirtualQuery
0x140009b70 __C_specific_handler
0x140009b78 lstrcmpiW
0x140009b80 lstrlenW
WINHTTP.dll
0x140009b90 WinHttpSetOption
api-ms-win-crt-convert-l1-1-0.dll
0x140009ba0 mbstowcs
api-ms-win-crt-heap-l1-1-0.dll
0x140009bb0 _set_new_mode
0x140009bb8 calloc
0x140009bc0 free
0x140009bc8 malloc
api-ms-win-crt-private-l1-1-0.dll
0x140009bd8 memcpy
0x140009be0 strchr
api-ms-win-crt-runtime-l1-1-0.dll
0x140009bf0 __p___argc
0x140009bf8 __p___argv
0x140009c00 __p___wargv
0x140009c08 __p__acmdln
0x140009c10 _cexit
0x140009c18 _configure_narrow_argv
0x140009c20 _configure_wide_argv
0x140009c28 _crt_at_quick_exit
0x140009c30 _crt_atexit
0x140009c38 _errno
0x140009c40 _exit
0x140009c48 _initialize_narrow_environment
0x140009c50 _initialize_wide_environment
0x140009c58 _initterm
0x140009c60 _set_app_type
0x140009c68 _set_invalid_parameter_handler
0x140009c70 abort
0x140009c78 exit
0x140009c80 signal
api-ms-win-crt-stdio-l1-1-0.dll
0x140009c90 __acrt_iob_func
0x140009c98 __p__commode
0x140009ca0 __p__fmode
0x140009ca8 __stdio_common_vfprintf
0x140009cb0 __stdio_common_vfwprintf
0x140009cb8 fwrite
api-ms-win-crt-string-l1-1-0.dll
0x140009cc8 memset
0x140009cd0 strlen
0x140009cd8 strncmp
0x140009ce0 tolower
api-ms-win-crt-time-l1-1-0.dll
0x140009cf0 __daylight
0x140009cf8 __timezone
0x140009d00 __tzname
0x140009d08 _time64
0x140009d10 _tzset
api-ms-win-crt-utility-l1-1-0.dll
0x140009d20 rand
0x140009d28 srand
api-ms-win-crt-multibyte-l1-1-0.dll
0x140009d38 _ismbblead
api-ms-win-crt-math-l1-1-0.dll
0x140009d48 __setusermatherr
api-ms-win-crt-environment-l1-1-0.dll
0x140009d58 __p__environ
0x140009d60 __p__wenviron
EAT(Export Address Table) is none