ScreenShot
| Created | 2023.08.11 08:57 | Machine | s1_win7_x6401 |
| Filename | dfgdfg.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 78bc9c35531a7e1a31af3bdff4083df6 | ||
| sha256 | 108dd8675ad26778748b563a1f590fef6f9875d484002e3d48adb7268358263d | ||
| ssdeep | 196608:SdrOnwUbN9pdNqVWEwLnN+HDc/Up7sSpoVmPYYfW/:SVRUb5dN65ON+AMWS6VmlW/ | ||
| imphash | f703aa9b810df020d0dd2bd35bc21329 | ||
| impfuzzy | 48:hW5W6GtfbdXHoOS6EfpcmG2JG6w7koqtB:hW5W6GtfbdXH+fpcmG2JGJRqtB | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | One or more potentially interesting buffers were extracted |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0xbb838c AcquireSRWLockExclusive
0xbb8394 AcquireSRWLockShared
0xbb839c AddVectoredExceptionHandler
0xbb83a4 CloseHandle
0xbb83ac CreateFileMappingA
0xbb83b4 CreateFileW
0xbb83bc CreateMutexA
0xbb83c4 CreateToolhelp32Snapshot
0xbb83cc DuplicateHandle
0xbb83d4 GetConsoleMode
0xbb83dc GetCurrentDirectoryW
0xbb83e4 GetCurrentProcess
0xbb83ec GetCurrentThread
0xbb83f4 GetEnvironmentVariableW
0xbb83fc GetFileInformationByHandle
0xbb8404 GetFileInformationByHandleEx
0xbb840c GetFullPathNameW
0xbb8414 GetLastError
0xbb841c GetModuleHandleA
0xbb8424 GetProcAddress
0xbb842c GetProcessHeap
0xbb8434 GetStartupInfoA
0xbb843c GetStdHandle
0xbb8444 HeapAlloc
0xbb844c HeapFree
0xbb8454 HeapReAlloc
0xbb845c InitOnceBeginInitialize
0xbb8464 InitOnceComplete
0xbb846c LoadLibraryA
0xbb8474 MapViewOfFile
0xbb847c Module32FirstW
0xbb8484 Module32NextW
0xbb848c MultiByteToWideChar
0xbb8494 ReleaseMutex
0xbb849c ReleaseSRWLockExclusive
0xbb84a4 ReleaseSRWLockShared
0xbb84ac SetLastError
0xbb84b4 SetThreadStackGuarantee
0xbb84bc SetUnhandledExceptionFilter
0xbb84c4 Sleep
0xbb84cc TlsAlloc
0xbb84d4 TlsFree
0xbb84dc TlsGetValue
0xbb84e4 TlsSetValue
0xbb84ec TryAcquireSRWLockExclusive
0xbb84f4 UnmapViewOfFile
0xbb84fc WaitForSingleObject
0xbb8504 WaitForSingleObjectEx
0xbb850c WriteConsoleW
ntdll.dll
0xbb851c NtAllocateVirtualMemory
0xbb8524 NtProtectVirtualMemory
0xbb852c NtQueueApcThread
0xbb8534 NtTestAlert
0xbb853c NtWriteFile
0xbb8544 NtWriteVirtualMemory
0xbb854c RtlCaptureContext
0xbb8554 RtlLookupFunctionEntry
0xbb855c RtlNtStatusToDosError
KERNEL32.dll
0xbb856c DeleteCriticalSection
0xbb8574 EnterCriticalSection
0xbb857c InitializeCriticalSection
0xbb8584 LeaveCriticalSection
0xbb858c RaiseException
0xbb8594 RtlUnwindEx
0xbb859c RtlVirtualUnwind
0xbb85a4 VirtualProtect
0xbb85ac VirtualQuery
0xbb85b4 __C_specific_handler
msvcrt.dll
0xbb85c4 __getmainargs
0xbb85cc __initenv
0xbb85d4 __iob_func
0xbb85dc __lconv_init
0xbb85e4 __set_app_type
0xbb85ec __setusermatherr
0xbb85f4 _acmdln
0xbb85fc _amsg_exit
0xbb8604 _cexit
0xbb860c _commode
0xbb8614 _fmode
0xbb861c _fpreset
0xbb8624 _initterm
0xbb862c _onexit
0xbb8634 abort
0xbb863c calloc
0xbb8644 exit
0xbb864c fprintf
0xbb8654 free
0xbb865c fwrite
0xbb8664 malloc
0xbb866c memcmp
0xbb8674 memcpy
0xbb867c memmove
0xbb8684 memset
0xbb868c signal
0xbb8694 strlen
0xbb869c strncmp
0xbb86a4 vfprintf
EAT(Export Address Table) is none
KERNEL32.dll
0xbb838c AcquireSRWLockExclusive
0xbb8394 AcquireSRWLockShared
0xbb839c AddVectoredExceptionHandler
0xbb83a4 CloseHandle
0xbb83ac CreateFileMappingA
0xbb83b4 CreateFileW
0xbb83bc CreateMutexA
0xbb83c4 CreateToolhelp32Snapshot
0xbb83cc DuplicateHandle
0xbb83d4 GetConsoleMode
0xbb83dc GetCurrentDirectoryW
0xbb83e4 GetCurrentProcess
0xbb83ec GetCurrentThread
0xbb83f4 GetEnvironmentVariableW
0xbb83fc GetFileInformationByHandle
0xbb8404 GetFileInformationByHandleEx
0xbb840c GetFullPathNameW
0xbb8414 GetLastError
0xbb841c GetModuleHandleA
0xbb8424 GetProcAddress
0xbb842c GetProcessHeap
0xbb8434 GetStartupInfoA
0xbb843c GetStdHandle
0xbb8444 HeapAlloc
0xbb844c HeapFree
0xbb8454 HeapReAlloc
0xbb845c InitOnceBeginInitialize
0xbb8464 InitOnceComplete
0xbb846c LoadLibraryA
0xbb8474 MapViewOfFile
0xbb847c Module32FirstW
0xbb8484 Module32NextW
0xbb848c MultiByteToWideChar
0xbb8494 ReleaseMutex
0xbb849c ReleaseSRWLockExclusive
0xbb84a4 ReleaseSRWLockShared
0xbb84ac SetLastError
0xbb84b4 SetThreadStackGuarantee
0xbb84bc SetUnhandledExceptionFilter
0xbb84c4 Sleep
0xbb84cc TlsAlloc
0xbb84d4 TlsFree
0xbb84dc TlsGetValue
0xbb84e4 TlsSetValue
0xbb84ec TryAcquireSRWLockExclusive
0xbb84f4 UnmapViewOfFile
0xbb84fc WaitForSingleObject
0xbb8504 WaitForSingleObjectEx
0xbb850c WriteConsoleW
ntdll.dll
0xbb851c NtAllocateVirtualMemory
0xbb8524 NtProtectVirtualMemory
0xbb852c NtQueueApcThread
0xbb8534 NtTestAlert
0xbb853c NtWriteFile
0xbb8544 NtWriteVirtualMemory
0xbb854c RtlCaptureContext
0xbb8554 RtlLookupFunctionEntry
0xbb855c RtlNtStatusToDosError
KERNEL32.dll
0xbb856c DeleteCriticalSection
0xbb8574 EnterCriticalSection
0xbb857c InitializeCriticalSection
0xbb8584 LeaveCriticalSection
0xbb858c RaiseException
0xbb8594 RtlUnwindEx
0xbb859c RtlVirtualUnwind
0xbb85a4 VirtualProtect
0xbb85ac VirtualQuery
0xbb85b4 __C_specific_handler
msvcrt.dll
0xbb85c4 __getmainargs
0xbb85cc __initenv
0xbb85d4 __iob_func
0xbb85dc __lconv_init
0xbb85e4 __set_app_type
0xbb85ec __setusermatherr
0xbb85f4 _acmdln
0xbb85fc _amsg_exit
0xbb8604 _cexit
0xbb860c _commode
0xbb8614 _fmode
0xbb861c _fpreset
0xbb8624 _initterm
0xbb862c _onexit
0xbb8634 abort
0xbb863c calloc
0xbb8644 exit
0xbb864c fprintf
0xbb8654 free
0xbb865c fwrite
0xbb8664 malloc
0xbb866c memcmp
0xbb8674 memcpy
0xbb867c memmove
0xbb8684 memset
0xbb868c signal
0xbb8694 strlen
0xbb869c strncmp
0xbb86a4 vfprintf
EAT(Export Address Table) is none