ScreenShot
| Created | 2023.07.19 07:41 | Machine | s1_win7_x6403 |
| Filename | c9665058c3ef16b | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | |||
| VT API (file) | |||
| md5 | 0acb06da48d86e1ef15c27a4f5a3bddd | ||
| sha256 | bfa7adeda4597b70bf74a9f2032df2f87e07f2dbb46e85cb7c091b83161d6b0a | ||
| ssdeep | 12288:1NsUjyDukqiudnJkx3piQLmGLvdnTJ0CRUyF1I3Kl:1mkyDuZiCccQLmGpTrCm1I3g | ||
| imphash | 1324fa350b5f878451cc28b429b96e9b | ||
| impfuzzy | 96:u8O3oEiNw3O+fcTiX175ML5tgAZKqqqvUjh:u8O38izFwnK5E8 | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| info | Checks amount of memory in system |
| info | Command line console output was observed |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x466034 SetConsoleCtrlHandler
0x466038 GetLastError
0x46603c LocalFree
0x466040 FormatMessageW
0x466044 CreateFileW
0x466048 CloseHandle
0x46604c BackupRead
0x466050 GetCurrentProcess
0x466054 BackupSeek
0x466058 CreateHardLinkW
0x46605c SetFileTime
0x466060 DeviceIoControl
0x466064 FindClose
0x466068 FindFirstFileW
0x46606c DeleteFileW
0x466070 RemoveDirectoryW
0x466074 CreateDirectoryW
0x466078 MoveFileW
0x46607c GetShortPathNameW
0x466080 GetLongPathNameW
0x466084 SetFilePointer
0x466088 SetEndOfFile
0x46608c GetFileTime
0x466090 ReadFile
0x466094 FlushFileBuffers
0x466098 GetDriveTypeW
0x46609c GetDiskFreeSpaceExW
0x4660a0 GetVolumeInformationW
0x4660a4 GetFileAttributesW
0x4660a8 SetFileAttributesW
0x4660ac ExpandEnvironmentStringsW
0x4660b0 FindNextFileW
0x4660b4 GetVersionExW
0x4660b8 GetModuleFileNameW
0x4660bc GetCurrentDirectoryW
0x4660c0 GetFullPathNameW
0x4660c4 SetErrorMode
0x4660c8 FreeLibrary
0x4660cc LoadLibraryW
0x4660d0 LoadLibraryExW
0x4660d4 GetCurrentProcessId
0x4660d8 CompareStringA
0x4660dc Sleep
0x4660e0 GetCurrentThread
0x4660e4 SetPriorityClass
0x4660e8 SetCurrentDirectoryW
0x4660ec GetFullPathNameA
0x4660f0 InitializeCriticalSection
0x4660f4 DeleteCriticalSection
0x4660f8 EnterCriticalSection
0x4660fc LeaveCriticalSection
0x466100 CreateThread
0x466104 WaitForSingleObject
0x466108 GetProcessAffinityMask
0x46610c CreateEventW
0x466110 CreateSemaphoreW
0x466114 ReleaseSemaphore
0x466118 ResetEvent
0x46611c SetEvent
0x466120 SystemTimeToFileTime
0x466124 GetSystemTime
0x466128 SystemTimeToTzSpecificLocalTime
0x46612c FileTimeToLocalFileTime
0x466130 FileTimeToSystemTime
0x466134 TzSpecificLocalTimeToSystemTime
0x466138 LocalFileTimeToFileTime
0x46613c WideCharToMultiByte
0x466140 MultiByteToWideChar
0x466144 CompareStringW
0x466148 IsDBCSLeadByte
0x46614c GetCPInfo
0x466150 CreateFileA
0x466154 GetConsoleOutputCP
0x466158 WriteConsoleA
0x46615c SetEnvironmentVariableA
0x466160 GetLocaleInfoA
0x466164 GetStringTypeW
0x466168 WriteFile
0x46616c WriteConsoleW
0x466170 SetConsoleMode
0x466174 ReadConsoleW
0x466178 GetStdHandle
0x46617c GetFileType
0x466180 GetConsoleMode
0x466184 GetCommandLineW
0x466188 GetModuleHandleW
0x46618c GetProcAddress
0x466190 GetFileInformationByHandle
0x466194 SetThreadPriority
0x466198 SetLastError
0x46619c GetStringTypeA
0x4661a0 GetTickCount
0x4661a4 QueryPerformanceCounter
0x4661a8 GetEnvironmentStringsW
0x4661ac FreeEnvironmentStringsW
0x4661b0 HeapFree
0x4661b4 HeapReAlloc
0x4661b8 HeapAlloc
0x4661bc RtlUnwind
0x4661c0 RaiseException
0x4661c4 GetSystemTimeAsFileTime
0x4661c8 ExitProcess
0x4661cc GetCommandLineA
0x4661d0 TerminateProcess
0x4661d4 UnhandledExceptionFilter
0x4661d8 SetUnhandledExceptionFilter
0x4661dc IsDebuggerPresent
0x4661e0 HeapCreate
0x4661e4 VirtualFree
0x4661e8 VirtualAlloc
0x4661ec TlsGetValue
0x4661f0 TlsAlloc
0x4661f4 TlsSetValue
0x4661f8 TlsFree
0x4661fc InterlockedIncrement
0x466200 GetCurrentThreadId
0x466204 InterlockedDecrement
0x466208 GetACP
0x46620c GetOEMCP
0x466210 IsValidCodePage
0x466214 GetModuleFileNameA
0x466218 SetHandleCount
0x46621c GetStartupInfoA
0x466220 SetStdHandle
0x466224 GetConsoleCP
0x466228 LoadLibraryA
0x46622c InitializeCriticalSectionAndSpinCount
0x466230 HeapSize
0x466234 LCMapStringA
0x466238 LCMapStringW
0x46623c FreeEnvironmentStringsA
0x466240 GetEnvironmentStrings
USER32.dll
0x46625c CharUpperW
0x466260 CharLowerW
0x466264 MessageBeep
0x466268 ExitWindowsEx
0x46626c CharLowerA
0x466270 LoadStringW
0x466274 CharToOemBuffW
0x466278 CharToOemBuffA
0x46627c OemToCharBuffA
0x466280 OemToCharA
0x466284 CharToOemA
ADVAPI32.dll
0x466000 RegQueryValueExW
0x466004 RegCloseKey
0x466008 SetFileSecurityW
0x46600c GetFileSecurityW
0x466010 GetSecurityDescriptorLength
0x466014 OpenProcessToken
0x466018 LookupPrivilegeValueW
0x46601c AdjustTokenPrivileges
0x466020 CryptAcquireContextW
0x466024 CryptGenRandom
0x466028 CryptReleaseContext
0x46602c RegOpenKeyExW
SHELL32.dll
0x466248 SHGetMalloc
0x46624c SHGetSpecialFolderLocation
0x466250 SHGetPathFromIDListW
0x466254 SHFileOperationW
EAT(Export Address Table) is none
KERNEL32.dll
0x466034 SetConsoleCtrlHandler
0x466038 GetLastError
0x46603c LocalFree
0x466040 FormatMessageW
0x466044 CreateFileW
0x466048 CloseHandle
0x46604c BackupRead
0x466050 GetCurrentProcess
0x466054 BackupSeek
0x466058 CreateHardLinkW
0x46605c SetFileTime
0x466060 DeviceIoControl
0x466064 FindClose
0x466068 FindFirstFileW
0x46606c DeleteFileW
0x466070 RemoveDirectoryW
0x466074 CreateDirectoryW
0x466078 MoveFileW
0x46607c GetShortPathNameW
0x466080 GetLongPathNameW
0x466084 SetFilePointer
0x466088 SetEndOfFile
0x46608c GetFileTime
0x466090 ReadFile
0x466094 FlushFileBuffers
0x466098 GetDriveTypeW
0x46609c GetDiskFreeSpaceExW
0x4660a0 GetVolumeInformationW
0x4660a4 GetFileAttributesW
0x4660a8 SetFileAttributesW
0x4660ac ExpandEnvironmentStringsW
0x4660b0 FindNextFileW
0x4660b4 GetVersionExW
0x4660b8 GetModuleFileNameW
0x4660bc GetCurrentDirectoryW
0x4660c0 GetFullPathNameW
0x4660c4 SetErrorMode
0x4660c8 FreeLibrary
0x4660cc LoadLibraryW
0x4660d0 LoadLibraryExW
0x4660d4 GetCurrentProcessId
0x4660d8 CompareStringA
0x4660dc Sleep
0x4660e0 GetCurrentThread
0x4660e4 SetPriorityClass
0x4660e8 SetCurrentDirectoryW
0x4660ec GetFullPathNameA
0x4660f0 InitializeCriticalSection
0x4660f4 DeleteCriticalSection
0x4660f8 EnterCriticalSection
0x4660fc LeaveCriticalSection
0x466100 CreateThread
0x466104 WaitForSingleObject
0x466108 GetProcessAffinityMask
0x46610c CreateEventW
0x466110 CreateSemaphoreW
0x466114 ReleaseSemaphore
0x466118 ResetEvent
0x46611c SetEvent
0x466120 SystemTimeToFileTime
0x466124 GetSystemTime
0x466128 SystemTimeToTzSpecificLocalTime
0x46612c FileTimeToLocalFileTime
0x466130 FileTimeToSystemTime
0x466134 TzSpecificLocalTimeToSystemTime
0x466138 LocalFileTimeToFileTime
0x46613c WideCharToMultiByte
0x466140 MultiByteToWideChar
0x466144 CompareStringW
0x466148 IsDBCSLeadByte
0x46614c GetCPInfo
0x466150 CreateFileA
0x466154 GetConsoleOutputCP
0x466158 WriteConsoleA
0x46615c SetEnvironmentVariableA
0x466160 GetLocaleInfoA
0x466164 GetStringTypeW
0x466168 WriteFile
0x46616c WriteConsoleW
0x466170 SetConsoleMode
0x466174 ReadConsoleW
0x466178 GetStdHandle
0x46617c GetFileType
0x466180 GetConsoleMode
0x466184 GetCommandLineW
0x466188 GetModuleHandleW
0x46618c GetProcAddress
0x466190 GetFileInformationByHandle
0x466194 SetThreadPriority
0x466198 SetLastError
0x46619c GetStringTypeA
0x4661a0 GetTickCount
0x4661a4 QueryPerformanceCounter
0x4661a8 GetEnvironmentStringsW
0x4661ac FreeEnvironmentStringsW
0x4661b0 HeapFree
0x4661b4 HeapReAlloc
0x4661b8 HeapAlloc
0x4661bc RtlUnwind
0x4661c0 RaiseException
0x4661c4 GetSystemTimeAsFileTime
0x4661c8 ExitProcess
0x4661cc GetCommandLineA
0x4661d0 TerminateProcess
0x4661d4 UnhandledExceptionFilter
0x4661d8 SetUnhandledExceptionFilter
0x4661dc IsDebuggerPresent
0x4661e0 HeapCreate
0x4661e4 VirtualFree
0x4661e8 VirtualAlloc
0x4661ec TlsGetValue
0x4661f0 TlsAlloc
0x4661f4 TlsSetValue
0x4661f8 TlsFree
0x4661fc InterlockedIncrement
0x466200 GetCurrentThreadId
0x466204 InterlockedDecrement
0x466208 GetACP
0x46620c GetOEMCP
0x466210 IsValidCodePage
0x466214 GetModuleFileNameA
0x466218 SetHandleCount
0x46621c GetStartupInfoA
0x466220 SetStdHandle
0x466224 GetConsoleCP
0x466228 LoadLibraryA
0x46622c InitializeCriticalSectionAndSpinCount
0x466230 HeapSize
0x466234 LCMapStringA
0x466238 LCMapStringW
0x46623c FreeEnvironmentStringsA
0x466240 GetEnvironmentStrings
USER32.dll
0x46625c CharUpperW
0x466260 CharLowerW
0x466264 MessageBeep
0x466268 ExitWindowsEx
0x46626c CharLowerA
0x466270 LoadStringW
0x466274 CharToOemBuffW
0x466278 CharToOemBuffA
0x46627c OemToCharBuffA
0x466280 OemToCharA
0x466284 CharToOemA
ADVAPI32.dll
0x466000 RegQueryValueExW
0x466004 RegCloseKey
0x466008 SetFileSecurityW
0x46600c GetFileSecurityW
0x466010 GetSecurityDescriptorLength
0x466014 OpenProcessToken
0x466018 LookupPrivilegeValueW
0x46601c AdjustTokenPrivileges
0x466020 CryptAcquireContextW
0x466024 CryptGenRandom
0x466028 CryptReleaseContext
0x46602c RegOpenKeyExW
SHELL32.dll
0x466248 SHGetMalloc
0x46624c SHGetSpecialFolderLocation
0x466250 SHGetPathFromIDListW
0x466254 SHFileOperationW
EAT(Export Address Table) is none