ScreenShot
| Created | 2023.06.27 07:38 | Machine | s1_win7_x6401 |
| Filename | build.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 9a9385a7d86a94281327c8c1a9f2305d | ||
| sha256 | 6b209f87abd2ba2ac812bce1ab1c9738b2ca93626bbd6cac56de7a6dcbaa49b7 | ||
| ssdeep | 6144:4UlJCncdRDmHJRGu3u0dp24DY1Ovpe+pf:4yJlTmpRv3FdI4DjvpeU | ||
| imphash | efaf82812fcbfbe92dea95a0b4ee6ab0 | ||
| impfuzzy | 48:4E9YpdP0W5+fcjt/tMtCjdSU93AQCQGAKLAr:tUsW5+fcjtVMtC5SU9wr7e | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x401000 GetVolumeNameForVolumeMountPointA
0x401004 GetComputerNameA
0x401008 GetDateFormatW
0x40100c TlsGetValue
0x401010 VirtualQuery
0x401014 SetEndOfFile
0x401018 ClearCommError
0x40101c EnumCalendarInfoW
0x401020 ReadConsoleA
0x401024 GetCurrentProcess
0x401028 LockFile
0x40102c GetTickCount
0x401030 GetConsoleAliasesA
0x401034 FormatMessageA
0x401038 GetWindowsDirectoryA
0x40103c GetVolumePathNameW
0x401040 FindResourceExA
0x401044 LoadLibraryW
0x401048 IsValidLocale
0x40104c SetCommConfig
0x401050 ReadConsoleInputA
0x401054 GetSystemWindowsDirectoryA
0x401058 WriteConsoleW
0x40105c ReplaceFileW
0x401060 GetCompressedFileSizeA
0x401064 GetACP
0x401068 GetStringTypeExA
0x40106c InterlockedExchange
0x401070 GetProfileIntA
0x401074 GetLogicalDriveStringsA
0x401078 OpenMutexW
0x40107c GetLastError
0x401080 GetCurrentDirectoryW
0x401084 SetLastError
0x401088 GetProcAddress
0x40108c BeginUpdateResourceW
0x401090 CopyFileA
0x401094 LoadLibraryA
0x401098 DeleteTimerQueue
0x40109c SetCurrentDirectoryW
0x4010a0 BeginUpdateResourceA
0x4010a4 GetModuleFileNameA
0x4010a8 CreateMutexA
0x4010ac PurgeComm
0x4010b0 FatalAppExitA
0x4010b4 OpenSemaphoreW
0x4010b8 ReleaseMutex
0x4010bc GetVersionExA
0x4010c0 FindNextVolumeA
0x4010c4 CloseHandle
0x4010c8 CreateFileA
0x4010cc FlushFileBuffers
0x4010d0 GetConsoleOutputCP
0x4010d4 WriteConsoleA
0x4010d8 InterlockedIncrement
0x4010dc InterlockedDecrement
0x4010e0 Sleep
0x4010e4 InitializeCriticalSection
0x4010e8 DeleteCriticalSection
0x4010ec EnterCriticalSection
0x4010f0 LeaveCriticalSection
0x4010f4 UnhandledExceptionFilter
0x4010f8 SetUnhandledExceptionFilter
0x4010fc MultiByteToWideChar
0x401100 GetCommandLineA
0x401104 GetStartupInfoA
0x401108 HeapFree
0x40110c RtlUnwind
0x401110 RaiseException
0x401114 GetModuleHandleW
0x401118 ExitProcess
0x40111c WriteFile
0x401120 GetStdHandle
0x401124 TerminateProcess
0x401128 IsDebuggerPresent
0x40112c HeapAlloc
0x401130 GetCPInfo
0x401134 GetOEMCP
0x401138 IsValidCodePage
0x40113c TlsAlloc
0x401140 TlsSetValue
0x401144 TlsFree
0x401148 GetCurrentThreadId
0x40114c SetHandleCount
0x401150 GetFileType
0x401154 FreeEnvironmentStringsA
0x401158 GetEnvironmentStrings
0x40115c FreeEnvironmentStringsW
0x401160 WideCharToMultiByte
0x401164 GetEnvironmentStringsW
0x401168 HeapCreate
0x40116c VirtualFree
0x401170 QueryPerformanceCounter
0x401174 GetCurrentProcessId
0x401178 GetSystemTimeAsFileTime
0x40117c HeapSize
0x401180 VirtualAlloc
0x401184 HeapReAlloc
0x401188 GetLocaleInfoA
0x40118c GetStringTypeA
0x401190 GetStringTypeW
0x401194 InitializeCriticalSectionAndSpinCount
0x401198 SetFilePointer
0x40119c GetConsoleCP
0x4011a0 GetConsoleMode
0x4011a4 LCMapStringA
0x4011a8 LCMapStringW
0x4011ac SetStdHandle
USER32.dll
0x4011b4 CharUpperBuffA
0x4011b8 LoadMenuW
0x4011bc GetSysColorBrush
0x4011c0 SetCaretPos
0x4011c4 GetClipboardOwner
0x4011c8 CharToOemBuffA
EAT(Export Address Table) is none
KERNEL32.dll
0x401000 GetVolumeNameForVolumeMountPointA
0x401004 GetComputerNameA
0x401008 GetDateFormatW
0x40100c TlsGetValue
0x401010 VirtualQuery
0x401014 SetEndOfFile
0x401018 ClearCommError
0x40101c EnumCalendarInfoW
0x401020 ReadConsoleA
0x401024 GetCurrentProcess
0x401028 LockFile
0x40102c GetTickCount
0x401030 GetConsoleAliasesA
0x401034 FormatMessageA
0x401038 GetWindowsDirectoryA
0x40103c GetVolumePathNameW
0x401040 FindResourceExA
0x401044 LoadLibraryW
0x401048 IsValidLocale
0x40104c SetCommConfig
0x401050 ReadConsoleInputA
0x401054 GetSystemWindowsDirectoryA
0x401058 WriteConsoleW
0x40105c ReplaceFileW
0x401060 GetCompressedFileSizeA
0x401064 GetACP
0x401068 GetStringTypeExA
0x40106c InterlockedExchange
0x401070 GetProfileIntA
0x401074 GetLogicalDriveStringsA
0x401078 OpenMutexW
0x40107c GetLastError
0x401080 GetCurrentDirectoryW
0x401084 SetLastError
0x401088 GetProcAddress
0x40108c BeginUpdateResourceW
0x401090 CopyFileA
0x401094 LoadLibraryA
0x401098 DeleteTimerQueue
0x40109c SetCurrentDirectoryW
0x4010a0 BeginUpdateResourceA
0x4010a4 GetModuleFileNameA
0x4010a8 CreateMutexA
0x4010ac PurgeComm
0x4010b0 FatalAppExitA
0x4010b4 OpenSemaphoreW
0x4010b8 ReleaseMutex
0x4010bc GetVersionExA
0x4010c0 FindNextVolumeA
0x4010c4 CloseHandle
0x4010c8 CreateFileA
0x4010cc FlushFileBuffers
0x4010d0 GetConsoleOutputCP
0x4010d4 WriteConsoleA
0x4010d8 InterlockedIncrement
0x4010dc InterlockedDecrement
0x4010e0 Sleep
0x4010e4 InitializeCriticalSection
0x4010e8 DeleteCriticalSection
0x4010ec EnterCriticalSection
0x4010f0 LeaveCriticalSection
0x4010f4 UnhandledExceptionFilter
0x4010f8 SetUnhandledExceptionFilter
0x4010fc MultiByteToWideChar
0x401100 GetCommandLineA
0x401104 GetStartupInfoA
0x401108 HeapFree
0x40110c RtlUnwind
0x401110 RaiseException
0x401114 GetModuleHandleW
0x401118 ExitProcess
0x40111c WriteFile
0x401120 GetStdHandle
0x401124 TerminateProcess
0x401128 IsDebuggerPresent
0x40112c HeapAlloc
0x401130 GetCPInfo
0x401134 GetOEMCP
0x401138 IsValidCodePage
0x40113c TlsAlloc
0x401140 TlsSetValue
0x401144 TlsFree
0x401148 GetCurrentThreadId
0x40114c SetHandleCount
0x401150 GetFileType
0x401154 FreeEnvironmentStringsA
0x401158 GetEnvironmentStrings
0x40115c FreeEnvironmentStringsW
0x401160 WideCharToMultiByte
0x401164 GetEnvironmentStringsW
0x401168 HeapCreate
0x40116c VirtualFree
0x401170 QueryPerformanceCounter
0x401174 GetCurrentProcessId
0x401178 GetSystemTimeAsFileTime
0x40117c HeapSize
0x401180 VirtualAlloc
0x401184 HeapReAlloc
0x401188 GetLocaleInfoA
0x40118c GetStringTypeA
0x401190 GetStringTypeW
0x401194 InitializeCriticalSectionAndSpinCount
0x401198 SetFilePointer
0x40119c GetConsoleCP
0x4011a0 GetConsoleMode
0x4011a4 LCMapStringA
0x4011a8 LCMapStringW
0x4011ac SetStdHandle
USER32.dll
0x4011b4 CharUpperBuffA
0x4011b8 LoadMenuW
0x4011bc GetSysColorBrush
0x4011c0 SetCaretPos
0x4011c4 GetClipboardOwner
0x4011c8 CharToOemBuffA
EAT(Export Address Table) is none