ScreenShot
| Created | 2023.07.18 18:22 | Machine | s1_win7_x6403 |
| Filename | sss.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 17 detected (malicious, high confidence, Attribute, HighConfidence, score, high, Probably Heur, ExeHeaderL, susgen, confidence) | ||
| md5 | 94d1bb33b8c22334e339d4462d4c0636 | ||
| sha256 | 1816f609045e9bdeabc08ee94ded8ba9123aa36c592bef7772c437436a88643c | ||
| ssdeep | 49152:L4XigPUFDotZnjagK7TB/bxTxZt9FAxp/R8A3a2V4nEsKpXc1b/r8NSMqmgEI/K/:j0MoHrYhoxp7BV4EXpXcWNSMZVnIY | ||
| imphash | 4a8089c2c09cfd483e4279c6abfb675e | ||
| impfuzzy | 24:+udMRQw1WiXI2Pi41TkyWo7J9LMu5FpadNDW:/MRQCW/2PifoF9LM3a | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 17 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x1404c8000 SetFileCompletionNotificationModes
oleaut32.dll
0x1404c8010 SafeArrayUnaccessData
crypt32.dll
0x1404c8020 CertVerifyCertificateChainPolicy
user32.dll
0x1404c8030 SetClipboardData
advapi32.dll
0x1404c8040 RegQueryValueExW
crypt.dll
0x1404c8050 BCryptOpenAlgorithmProvider
ws2_32.dll
0x1404c8060 getaddrinfo
ntdll.dll
0x1404c8070 NtCreateFile
secur32.dll
0x1404c8080 EncryptMessage
gdi32.dll
0x1404c8090 DeleteDC
ole32.dll
0x1404c80a0 CoSetProxyBlanket
VCRUNTIME140.dll
0x1404c80b0 __current_exception_context
api-ms-win-crt-string-l1-1-0.dll
0x1404c80c0 strcmp
api-ms-win-crt-heap-l1-1-0.dll
0x1404c80d0 free
api-ms-win-crt-utility-l1-1-0.dll
0x1404c80e0 _rotl64
api-ms-win-crt-time-l1-1-0.dll
0x1404c80f0 _localtime64_s
api-ms-win-crt-math-l1-1-0.dll
0x1404c8100 _dclass
api-ms-win-crt-runtime-l1-1-0.dll
0x1404c8110 _register_thread_local_exe_atexit_callback
api-ms-win-crt-stdio-l1-1-0.dll
0x1404c8120 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x1404c8130 _configthreadlocale
kernel32.dll
0x1404c8140 GetSystemTimeAsFileTime
kernel32.dll
0x1404c8150 HeapAlloc
0x1404c8158 HeapFree
0x1404c8160 ExitProcess
0x1404c8168 LoadLibraryA
0x1404c8170 GetModuleHandleA
0x1404c8178 GetProcAddress
EAT(Export Address Table) is none
kernel32.dll
0x1404c8000 SetFileCompletionNotificationModes
oleaut32.dll
0x1404c8010 SafeArrayUnaccessData
crypt32.dll
0x1404c8020 CertVerifyCertificateChainPolicy
user32.dll
0x1404c8030 SetClipboardData
advapi32.dll
0x1404c8040 RegQueryValueExW
crypt.dll
0x1404c8050 BCryptOpenAlgorithmProvider
ws2_32.dll
0x1404c8060 getaddrinfo
ntdll.dll
0x1404c8070 NtCreateFile
secur32.dll
0x1404c8080 EncryptMessage
gdi32.dll
0x1404c8090 DeleteDC
ole32.dll
0x1404c80a0 CoSetProxyBlanket
VCRUNTIME140.dll
0x1404c80b0 __current_exception_context
api-ms-win-crt-string-l1-1-0.dll
0x1404c80c0 strcmp
api-ms-win-crt-heap-l1-1-0.dll
0x1404c80d0 free
api-ms-win-crt-utility-l1-1-0.dll
0x1404c80e0 _rotl64
api-ms-win-crt-time-l1-1-0.dll
0x1404c80f0 _localtime64_s
api-ms-win-crt-math-l1-1-0.dll
0x1404c8100 _dclass
api-ms-win-crt-runtime-l1-1-0.dll
0x1404c8110 _register_thread_local_exe_atexit_callback
api-ms-win-crt-stdio-l1-1-0.dll
0x1404c8120 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x1404c8130 _configthreadlocale
kernel32.dll
0x1404c8140 GetSystemTimeAsFileTime
kernel32.dll
0x1404c8150 HeapAlloc
0x1404c8158 HeapFree
0x1404c8160 ExitProcess
0x1404c8168 LoadLibraryA
0x1404c8170 GetModuleHandleA
0x1404c8178 GetProcAddress
EAT(Export Address Table) is none