ScreenShot
| Created | 2023.08.07 08:45 | Machine | s1_win7_x6403 |
| Filename | RunPEx64.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | d9242e75177504019e7c8a78b0f705f2 | ||
| sha256 | 815dabae21f7d2d183806a3d98eb2316bd65f25e42b7c0345dd4ddd0a89c4105 | ||
| ssdeep | 6144:gZXcIXp0TxYDEGsWsdWePmFbI8Xy9gZ1tQAmAdRU1SAOiIgmH:gZX506QdWej8C9g8ORU1SDH | ||
| imphash | 3e2286457061b9bdef13936ef3ddc226 | ||
| impfuzzy | 24:WYj89XEHuOGOovscpVWcstyS17MdlJBl3eDoRPNSv7b5ZYGMAIBP:Wr9XUBJcpV5styS17MDpFNUpZGP | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Suricata ids
ET INFO Observed Discord Domain in DNS Lookup (discordapp .com)
ET INFO Observed Discord Domain (discordapp .com in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Observed Discord Domain (discordapp .com in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x44c000 WriteProcessMemory
0x44c004 TerminateProcess
0x44c008 GetModuleFileNameW
0x44c00c WaitForSingleObject
0x44c010 ResumeThread
0x44c014 CloseHandle
0x44c018 GetThreadContext
0x44c01c VirtualAllocEx
0x44c020 CreateProcessW
0x44c024 SetThreadContext
0x44c028 GetExitCodeProcess
0x44c02c SetStdHandle
0x44c030 FreeEnvironmentStringsW
0x44c034 GetEnvironmentStringsW
0x44c038 GetCommandLineW
0x44c03c GetCommandLineA
0x44c040 WideCharToMultiByte
0x44c044 EnterCriticalSection
0x44c048 LeaveCriticalSection
0x44c04c InitializeCriticalSectionEx
0x44c050 DeleteCriticalSection
0x44c054 EncodePointer
0x44c058 DecodePointer
0x44c05c MultiByteToWideChar
0x44c060 LCMapStringEx
0x44c064 GetStringTypeW
0x44c068 GetCPInfo
0x44c06c UnhandledExceptionFilter
0x44c070 SetUnhandledExceptionFilter
0x44c074 GetCurrentProcess
0x44c078 IsProcessorFeaturePresent
0x44c07c QueryPerformanceCounter
0x44c080 GetCurrentProcessId
0x44c084 GetCurrentThreadId
0x44c088 GetSystemTimeAsFileTime
0x44c08c InitializeSListHead
0x44c090 IsDebuggerPresent
0x44c094 GetStartupInfoW
0x44c098 GetModuleHandleW
0x44c09c RtlUnwind
0x44c0a0 RaiseException
0x44c0a4 GetLastError
0x44c0a8 SetLastError
0x44c0ac InitializeCriticalSectionAndSpinCount
0x44c0b0 TlsAlloc
0x44c0b4 TlsGetValue
0x44c0b8 TlsSetValue
0x44c0bc TlsFree
0x44c0c0 FreeLibrary
0x44c0c4 GetProcAddress
0x44c0c8 LoadLibraryExW
0x44c0cc GetModuleHandleExW
0x44c0d0 HeapAlloc
0x44c0d4 HeapValidate
0x44c0d8 GetSystemInfo
0x44c0dc GetStdHandle
0x44c0e0 WriteFile
0x44c0e4 ExitProcess
0x44c0e8 GetFileType
0x44c0ec OutputDebugStringW
0x44c0f0 WriteConsoleW
0x44c0f4 HeapFree
0x44c0f8 HeapReAlloc
0x44c0fc HeapSize
0x44c100 HeapQueryInformation
0x44c104 GetProcessHeap
0x44c108 LCMapStringW
0x44c10c GetLocaleInfoW
0x44c110 IsValidLocale
0x44c114 GetUserDefaultLCID
0x44c118 EnumSystemLocalesW
0x44c11c FlushFileBuffers
0x44c120 GetConsoleOutputCP
0x44c124 GetConsoleMode
0x44c128 ReadFile
0x44c12c GetFileSizeEx
0x44c130 SetFilePointerEx
0x44c134 ReadConsoleW
0x44c138 FindClose
0x44c13c FindFirstFileExW
0x44c140 FindNextFileW
0x44c144 IsValidCodePage
0x44c148 GetACP
0x44c14c GetOEMCP
0x44c150 CreateFileW
WININET.dll
0x44c158 InternetOpenW
0x44c15c InternetOpenUrlA
0x44c160 InternetCloseHandle
0x44c164 InternetReadFile
EAT(Export Address Table) is none
KERNEL32.dll
0x44c000 WriteProcessMemory
0x44c004 TerminateProcess
0x44c008 GetModuleFileNameW
0x44c00c WaitForSingleObject
0x44c010 ResumeThread
0x44c014 CloseHandle
0x44c018 GetThreadContext
0x44c01c VirtualAllocEx
0x44c020 CreateProcessW
0x44c024 SetThreadContext
0x44c028 GetExitCodeProcess
0x44c02c SetStdHandle
0x44c030 FreeEnvironmentStringsW
0x44c034 GetEnvironmentStringsW
0x44c038 GetCommandLineW
0x44c03c GetCommandLineA
0x44c040 WideCharToMultiByte
0x44c044 EnterCriticalSection
0x44c048 LeaveCriticalSection
0x44c04c InitializeCriticalSectionEx
0x44c050 DeleteCriticalSection
0x44c054 EncodePointer
0x44c058 DecodePointer
0x44c05c MultiByteToWideChar
0x44c060 LCMapStringEx
0x44c064 GetStringTypeW
0x44c068 GetCPInfo
0x44c06c UnhandledExceptionFilter
0x44c070 SetUnhandledExceptionFilter
0x44c074 GetCurrentProcess
0x44c078 IsProcessorFeaturePresent
0x44c07c QueryPerformanceCounter
0x44c080 GetCurrentProcessId
0x44c084 GetCurrentThreadId
0x44c088 GetSystemTimeAsFileTime
0x44c08c InitializeSListHead
0x44c090 IsDebuggerPresent
0x44c094 GetStartupInfoW
0x44c098 GetModuleHandleW
0x44c09c RtlUnwind
0x44c0a0 RaiseException
0x44c0a4 GetLastError
0x44c0a8 SetLastError
0x44c0ac InitializeCriticalSectionAndSpinCount
0x44c0b0 TlsAlloc
0x44c0b4 TlsGetValue
0x44c0b8 TlsSetValue
0x44c0bc TlsFree
0x44c0c0 FreeLibrary
0x44c0c4 GetProcAddress
0x44c0c8 LoadLibraryExW
0x44c0cc GetModuleHandleExW
0x44c0d0 HeapAlloc
0x44c0d4 HeapValidate
0x44c0d8 GetSystemInfo
0x44c0dc GetStdHandle
0x44c0e0 WriteFile
0x44c0e4 ExitProcess
0x44c0e8 GetFileType
0x44c0ec OutputDebugStringW
0x44c0f0 WriteConsoleW
0x44c0f4 HeapFree
0x44c0f8 HeapReAlloc
0x44c0fc HeapSize
0x44c100 HeapQueryInformation
0x44c104 GetProcessHeap
0x44c108 LCMapStringW
0x44c10c GetLocaleInfoW
0x44c110 IsValidLocale
0x44c114 GetUserDefaultLCID
0x44c118 EnumSystemLocalesW
0x44c11c FlushFileBuffers
0x44c120 GetConsoleOutputCP
0x44c124 GetConsoleMode
0x44c128 ReadFile
0x44c12c GetFileSizeEx
0x44c130 SetFilePointerEx
0x44c134 ReadConsoleW
0x44c138 FindClose
0x44c13c FindFirstFileExW
0x44c140 FindNextFileW
0x44c144 IsValidCodePage
0x44c148 GetACP
0x44c14c GetOEMCP
0x44c150 CreateFileW
WININET.dll
0x44c158 InternetOpenW
0x44c15c InternetOpenUrlA
0x44c160 InternetCloseHandle
0x44c164 InternetReadFile
EAT(Export Address Table) is none