ScreenShot
| Created | 2023.07.28 17:43 | Machine | s1_win7_x6403 |
| Filename | iiis12211221.iso | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 3 detected (Artemis, Seheq) | ||
| md5 | 4406fceeb2803aebc2345867a9ae292c | ||
| sha256 | f04715827e5453b33ba6fae8475b8c45150b27cc1361441648c46d13025283d2 | ||
| ssdeep | 49152:zc9IJxGbYcDnhX6hwQDUwHDdBS1xaQPswrawjF0NYSzvR5xHGy:zyI45PswrawjF0NYSzvR5xHt | ||
| imphash | 2040608358bd331a7563b43255e14cef | ||
| impfuzzy | 24:h1EUy/+SQ0eeDo1XOjFYxz+fcmtXJrBFlvmOovGquVtMviJ9Anlyvd8OT4ljMPH:h1ly/40eRlz+fcmtXnhzLtwNK3cu | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 3 AntiVirus engines on VirusTotal as malicious |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x1802032a8 DefWindowProcA
0x1802032b0 CreateWindowExA
0x1802032b8 GetClassInfoA
0x1802032c0 DestroyWindow
0x1802032c8 LoadCursorA
0x1802032d0 RegisterClassA
ole32.dll
0x1802032e0 CoTaskMemFree
KERNEL32.dll
0x180203000 IsDebuggerPresent
0x180203008 FlushFileBuffers
0x180203010 CreateFileW
0x180203018 GetStringTypeW
0x180203020 LCMapStringW
0x180203028 Sleep
0x180203030 FreeLibrary
0x180203038 GetProcAddress
0x180203040 LoadLibraryA
0x180203048 GetModuleHandleA
0x180203050 GetProcessAffinityMask
0x180203058 GetCurrentProcess
0x180203060 GetSystemInfo
0x180203068 CreateSemaphoreA
0x180203070 WaitForSingleObject
0x180203078 ReleaseSemaphore
0x180203080 CloseHandle
0x180203088 CreateEventA
0x180203090 ResetEvent
0x180203098 SetEvent
0x1802030a0 CreateThread
0x1802030a8 GetCurrentThreadId
0x1802030b0 InitializeCriticalSection
0x1802030b8 DeleteCriticalSection
0x1802030c0 EnterCriticalSection
0x1802030c8 LeaveCriticalSection
0x1802030d0 RaiseException
0x1802030d8 SetThreadGroupAffinity
0x1802030e0 GetNumaNodeProcessorMaskEx
0x1802030e8 GetActiveProcessorCount
0x1802030f0 GetActiveProcessorGroupCount
0x1802030f8 GetLastError
0x180203100 HeapFree
0x180203108 HeapAlloc
0x180203110 RtlUnwindEx
0x180203118 FlsSetValue
0x180203120 GetCommandLineA
0x180203128 RtlPcToFileHeader
0x180203130 RtlLookupFunctionEntry
0x180203138 DecodePointer
0x180203140 EncodePointer
0x180203148 TerminateProcess
0x180203150 UnhandledExceptionFilter
0x180203158 SetUnhandledExceptionFilter
0x180203160 RtlVirtualUnwind
0x180203168 RtlCaptureContext
0x180203170 HeapSetInformation
0x180203178 GetVersion
0x180203180 HeapCreate
0x180203188 HeapDestroy
0x180203190 GetModuleHandleW
0x180203198 ExitProcess
0x1802031a0 WriteFile
0x1802031a8 GetStdHandle
0x1802031b0 GetModuleFileNameW
0x1802031b8 FlsGetValue
0x1802031c0 FlsFree
0x1802031c8 SetLastError
0x1802031d0 FlsAlloc
0x1802031d8 SetHandleCount
0x1802031e0 InitializeCriticalSectionAndSpinCount
0x1802031e8 GetFileType
0x1802031f0 GetStartupInfoW
0x1802031f8 GetModuleFileNameA
0x180203200 FreeEnvironmentStringsW
0x180203208 WideCharToMultiByte
0x180203210 GetEnvironmentStringsW
0x180203218 QueryPerformanceCounter
0x180203220 GetTickCount
0x180203228 GetCurrentProcessId
0x180203230 GetSystemTimeAsFileTime
0x180203238 SetFilePointer
0x180203240 GetConsoleCP
0x180203248 GetConsoleMode
0x180203250 GetCPInfo
0x180203258 GetACP
0x180203260 GetOEMCP
0x180203268 IsValidCodePage
0x180203270 LoadLibraryW
0x180203278 HeapReAlloc
0x180203280 HeapSize
0x180203288 SetStdHandle
0x180203290 WriteConsoleW
0x180203298 MultiByteToWideChar
EAT(Export Address Table) Library
0x1800084e0 h264in_Video_GetAPIExt
0x180008390 open_h264in_Video_stream
0x180008200 open_h264in_Video_stream_ex
USER32.dll
0x1802032a8 DefWindowProcA
0x1802032b0 CreateWindowExA
0x1802032b8 GetClassInfoA
0x1802032c0 DestroyWindow
0x1802032c8 LoadCursorA
0x1802032d0 RegisterClassA
ole32.dll
0x1802032e0 CoTaskMemFree
KERNEL32.dll
0x180203000 IsDebuggerPresent
0x180203008 FlushFileBuffers
0x180203010 CreateFileW
0x180203018 GetStringTypeW
0x180203020 LCMapStringW
0x180203028 Sleep
0x180203030 FreeLibrary
0x180203038 GetProcAddress
0x180203040 LoadLibraryA
0x180203048 GetModuleHandleA
0x180203050 GetProcessAffinityMask
0x180203058 GetCurrentProcess
0x180203060 GetSystemInfo
0x180203068 CreateSemaphoreA
0x180203070 WaitForSingleObject
0x180203078 ReleaseSemaphore
0x180203080 CloseHandle
0x180203088 CreateEventA
0x180203090 ResetEvent
0x180203098 SetEvent
0x1802030a0 CreateThread
0x1802030a8 GetCurrentThreadId
0x1802030b0 InitializeCriticalSection
0x1802030b8 DeleteCriticalSection
0x1802030c0 EnterCriticalSection
0x1802030c8 LeaveCriticalSection
0x1802030d0 RaiseException
0x1802030d8 SetThreadGroupAffinity
0x1802030e0 GetNumaNodeProcessorMaskEx
0x1802030e8 GetActiveProcessorCount
0x1802030f0 GetActiveProcessorGroupCount
0x1802030f8 GetLastError
0x180203100 HeapFree
0x180203108 HeapAlloc
0x180203110 RtlUnwindEx
0x180203118 FlsSetValue
0x180203120 GetCommandLineA
0x180203128 RtlPcToFileHeader
0x180203130 RtlLookupFunctionEntry
0x180203138 DecodePointer
0x180203140 EncodePointer
0x180203148 TerminateProcess
0x180203150 UnhandledExceptionFilter
0x180203158 SetUnhandledExceptionFilter
0x180203160 RtlVirtualUnwind
0x180203168 RtlCaptureContext
0x180203170 HeapSetInformation
0x180203178 GetVersion
0x180203180 HeapCreate
0x180203188 HeapDestroy
0x180203190 GetModuleHandleW
0x180203198 ExitProcess
0x1802031a0 WriteFile
0x1802031a8 GetStdHandle
0x1802031b0 GetModuleFileNameW
0x1802031b8 FlsGetValue
0x1802031c0 FlsFree
0x1802031c8 SetLastError
0x1802031d0 FlsAlloc
0x1802031d8 SetHandleCount
0x1802031e0 InitializeCriticalSectionAndSpinCount
0x1802031e8 GetFileType
0x1802031f0 GetStartupInfoW
0x1802031f8 GetModuleFileNameA
0x180203200 FreeEnvironmentStringsW
0x180203208 WideCharToMultiByte
0x180203210 GetEnvironmentStringsW
0x180203218 QueryPerformanceCounter
0x180203220 GetTickCount
0x180203228 GetCurrentProcessId
0x180203230 GetSystemTimeAsFileTime
0x180203238 SetFilePointer
0x180203240 GetConsoleCP
0x180203248 GetConsoleMode
0x180203250 GetCPInfo
0x180203258 GetACP
0x180203260 GetOEMCP
0x180203268 IsValidCodePage
0x180203270 LoadLibraryW
0x180203278 HeapReAlloc
0x180203280 HeapSize
0x180203288 SetStdHandle
0x180203290 WriteConsoleW
0x180203298 MultiByteToWideChar
EAT(Export Address Table) Library
0x1800084e0 h264in_Video_GetAPIExt
0x180008390 open_h264in_Video_stream
0x180008200 open_h264in_Video_stream_ex