ScreenShot
| Created | 2023.08.11 08:59 | Machine | s1_win7_x6403 |
| Filename | server.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 539796b3c5bfeecd94ad28751c257fd6 | ||
| sha256 | 04e826b96233b7285ed00a6a964ae824086ed97483a98a051743494f27466005 | ||
| ssdeep | 49152:3Z9J2CPi88LzZOcgmbqBv22bDr50CmxTXm5VIU6ibh5z:y9BG2z3+bh5 | ||
| imphash | 3e14ebb453f1bba86f75349e9b49dfb9 | ||
| impfuzzy | 96:XJupWwTxrWrzY/XPStWtjWQHqi990TNDtjl0a:ZsWwBWrQ/4QHq2Gtjl0a | ||
Network IP location
Signature (0cnts)
| Level | Description |
|---|
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x1401c3178 MultiByteToWideChar
0x1401c3180 WriteConsoleW
0x1401c3188 SetLastError
0x1401c3190 GetCurrentDirectoryW
0x1401c3198 WaitForSingleObjectEx
0x1401c31a0 LoadLibraryA
0x1401c31a8 CreateMutexA
0x1401c31b0 GetCurrentProcess
0x1401c31b8 ReleaseMutex
0x1401c31c0 GetEnvironmentVariableW
0x1401c31c8 RtlLookupFunctionEntry
0x1401c31d0 GetModuleHandleW
0x1401c31d8 FormatMessageW
0x1401c31e0 GetCommandLineW
0x1401c31e8 SetFileCompletionNotificationModes
0x1401c31f0 CreateFileW
0x1401c31f8 GetFullPathNameW
0x1401c3200 GetFinalPathNameByHandleW
0x1401c3208 SetFilePointerEx
0x1401c3210 FindNextFileW
0x1401c3218 CreateDirectoryW
0x1401c3220 FindFirstFileW
0x1401c3228 FindClose
0x1401c3230 CreateIoCompletionPort
0x1401c3238 GetCurrentThread
0x1401c3240 AcquireSRWLockExclusive
0x1401c3248 ExitProcess
0x1401c3250 QueryPerformanceCounter
0x1401c3258 QueryPerformanceFrequency
0x1401c3260 GetSystemTimeAsFileTime
0x1401c3268 RtlCaptureContext
0x1401c3270 AcquireSRWLockShared
0x1401c3278 ReleaseSRWLockShared
0x1401c3280 DeleteFileW
0x1401c3288 SetHandleInformation
0x1401c3290 DuplicateHandle
0x1401c3298 SleepConditionVariableSRW
0x1401c32a0 WakeAllConditionVariable
0x1401c32a8 PostQueuedCompletionStatus
0x1401c32b0 WakeConditionVariable
0x1401c32b8 GetQueuedCompletionStatusEx
0x1401c32c0 GetFileType
0x1401c32c8 SwitchToThread
0x1401c32d0 GetCurrentThreadId
0x1401c32d8 SetConsoleCtrlHandler
0x1401c32e0 CreateThread
0x1401c32e8 RtlVirtualUnwind
0x1401c32f0 GetFileInformationByHandle
0x1401c32f8 SystemTimeToTzSpecificLocalTime
0x1401c3300 WaitForSingleObject
0x1401c3308 MoveFileExW
0x1401c3310 GetModuleHandleA
0x1401c3318 CopyFileExW
0x1401c3320 GetFileInformationByHandleEx
0x1401c3328 GetSystemInfo
0x1401c3330 SetThreadStackGuarantee
0x1401c3338 AddVectoredExceptionHandler
0x1401c3340 GetProcAddress
0x1401c3348 InitializeSListHead
0x1401c3350 IsDebuggerPresent
0x1401c3358 UnhandledExceptionFilter
0x1401c3360 SetUnhandledExceptionFilter
0x1401c3368 IsProcessorFeaturePresent
0x1401c3370 CloseHandle
0x1401c3378 GetStdHandle
0x1401c3380 ReleaseSRWLockExclusive
0x1401c3388 TryAcquireSRWLockExclusive
0x1401c3390 SystemTimeToFileTime
0x1401c3398 SetConsoleTextAttribute
0x1401c33a0 GetConsoleScreenBufferInfo
0x1401c33a8 GetLastError
0x1401c33b0 SetConsoleMode
0x1401c33b8 GetConsoleMode
0x1401c33c0 HeapReAlloc
0x1401c33c8 HeapFree
0x1401c33d0 GetProcessHeap
0x1401c33d8 HeapAlloc
0x1401c33e0 SetFileInformationByHandle
0x1401c33e8 GetModuleFileNameW
0x1401c33f0 GetCurrentProcessId
0x1401c33f8 TerminateProcess
ws2_32.dll
0x1401c3440 recv
0x1401c3448 getsockname
0x1401c3450 WSACleanup
0x1401c3458 WSAStartup
0x1401c3460 freeaddrinfo
0x1401c3468 WSASend
0x1401c3470 shutdown
0x1401c3478 closesocket
0x1401c3480 send
0x1401c3488 WSAIoctl
0x1401c3490 setsockopt
0x1401c3498 accept
0x1401c34a0 WSAGetLastError
0x1401c34a8 ioctlsocket
0x1401c34b0 listen
0x1401c34b8 ind
0x1401c34c0 WSASocketW
0x1401c34c8 getaddrinfo
iphlpapi.dll
0x1401c3168 GetAdaptersAddresses
ntdll.dll
0x1401c3408 RtlNtStatusToDosError
0x1401c3410 NtDeviceIoControlFile
0x1401c3418 NtCancelIoFileEx
0x1401c3420 NtWriteFile
0x1401c3428 NtCreateFile
0x1401c3430 NtReadFile
crypt.dll
0x1401c3158 BCryptGenRandom
advapi32.dll
0x1401c3050 SystemFunction036
VCRUNTIME140.dll
0x1401c3000 memcpy
0x1401c3008 __CxxFrameHandler3
0x1401c3010 __current_exception_context
0x1401c3018 memmove
0x1401c3020 memcmp
0x1401c3028 memset
0x1401c3030 _CxxThrowException
0x1401c3038 __C_specific_handler
0x1401c3040 __current_exception
api-ms-win-crt-string-l1-1-0.dll
0x1401c3148 strlen
api-ms-win-crt-runtime-l1-1-0.dll
0x1401c3098 exit
0x1401c30a0 _exit
0x1401c30a8 _cexit
0x1401c30b0 _c_exit
0x1401c30b8 _initterm_e
0x1401c30c0 _initialize_narrow_environment
0x1401c30c8 _configure_narrow_argv
0x1401c30d0 _initterm
0x1401c30d8 _set_app_type
0x1401c30e0 _register_thread_local_exe_atexit_callback
0x1401c30e8 _initialize_onexit_table
0x1401c30f0 _register_onexit_function
0x1401c30f8 _crt_atexit
0x1401c3100 _get_initial_narrow_environment
0x1401c3108 terminate
0x1401c3110 __p___argc
0x1401c3118 _seh_filter_exe
0x1401c3120 __p___argv
api-ms-win-crt-math-l1-1-0.dll
0x1401c3088 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x1401c3130 __p__commode
0x1401c3138 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x1401c3078 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x1401c3060 _set_new_mode
0x1401c3068 free
EAT(Export Address Table) is none
kernel32.dll
0x1401c3178 MultiByteToWideChar
0x1401c3180 WriteConsoleW
0x1401c3188 SetLastError
0x1401c3190 GetCurrentDirectoryW
0x1401c3198 WaitForSingleObjectEx
0x1401c31a0 LoadLibraryA
0x1401c31a8 CreateMutexA
0x1401c31b0 GetCurrentProcess
0x1401c31b8 ReleaseMutex
0x1401c31c0 GetEnvironmentVariableW
0x1401c31c8 RtlLookupFunctionEntry
0x1401c31d0 GetModuleHandleW
0x1401c31d8 FormatMessageW
0x1401c31e0 GetCommandLineW
0x1401c31e8 SetFileCompletionNotificationModes
0x1401c31f0 CreateFileW
0x1401c31f8 GetFullPathNameW
0x1401c3200 GetFinalPathNameByHandleW
0x1401c3208 SetFilePointerEx
0x1401c3210 FindNextFileW
0x1401c3218 CreateDirectoryW
0x1401c3220 FindFirstFileW
0x1401c3228 FindClose
0x1401c3230 CreateIoCompletionPort
0x1401c3238 GetCurrentThread
0x1401c3240 AcquireSRWLockExclusive
0x1401c3248 ExitProcess
0x1401c3250 QueryPerformanceCounter
0x1401c3258 QueryPerformanceFrequency
0x1401c3260 GetSystemTimeAsFileTime
0x1401c3268 RtlCaptureContext
0x1401c3270 AcquireSRWLockShared
0x1401c3278 ReleaseSRWLockShared
0x1401c3280 DeleteFileW
0x1401c3288 SetHandleInformation
0x1401c3290 DuplicateHandle
0x1401c3298 SleepConditionVariableSRW
0x1401c32a0 WakeAllConditionVariable
0x1401c32a8 PostQueuedCompletionStatus
0x1401c32b0 WakeConditionVariable
0x1401c32b8 GetQueuedCompletionStatusEx
0x1401c32c0 GetFileType
0x1401c32c8 SwitchToThread
0x1401c32d0 GetCurrentThreadId
0x1401c32d8 SetConsoleCtrlHandler
0x1401c32e0 CreateThread
0x1401c32e8 RtlVirtualUnwind
0x1401c32f0 GetFileInformationByHandle
0x1401c32f8 SystemTimeToTzSpecificLocalTime
0x1401c3300 WaitForSingleObject
0x1401c3308 MoveFileExW
0x1401c3310 GetModuleHandleA
0x1401c3318 CopyFileExW
0x1401c3320 GetFileInformationByHandleEx
0x1401c3328 GetSystemInfo
0x1401c3330 SetThreadStackGuarantee
0x1401c3338 AddVectoredExceptionHandler
0x1401c3340 GetProcAddress
0x1401c3348 InitializeSListHead
0x1401c3350 IsDebuggerPresent
0x1401c3358 UnhandledExceptionFilter
0x1401c3360 SetUnhandledExceptionFilter
0x1401c3368 IsProcessorFeaturePresent
0x1401c3370 CloseHandle
0x1401c3378 GetStdHandle
0x1401c3380 ReleaseSRWLockExclusive
0x1401c3388 TryAcquireSRWLockExclusive
0x1401c3390 SystemTimeToFileTime
0x1401c3398 SetConsoleTextAttribute
0x1401c33a0 GetConsoleScreenBufferInfo
0x1401c33a8 GetLastError
0x1401c33b0 SetConsoleMode
0x1401c33b8 GetConsoleMode
0x1401c33c0 HeapReAlloc
0x1401c33c8 HeapFree
0x1401c33d0 GetProcessHeap
0x1401c33d8 HeapAlloc
0x1401c33e0 SetFileInformationByHandle
0x1401c33e8 GetModuleFileNameW
0x1401c33f0 GetCurrentProcessId
0x1401c33f8 TerminateProcess
ws2_32.dll
0x1401c3440 recv
0x1401c3448 getsockname
0x1401c3450 WSACleanup
0x1401c3458 WSAStartup
0x1401c3460 freeaddrinfo
0x1401c3468 WSASend
0x1401c3470 shutdown
0x1401c3478 closesocket
0x1401c3480 send
0x1401c3488 WSAIoctl
0x1401c3490 setsockopt
0x1401c3498 accept
0x1401c34a0 WSAGetLastError
0x1401c34a8 ioctlsocket
0x1401c34b0 listen
0x1401c34b8 ind
0x1401c34c0 WSASocketW
0x1401c34c8 getaddrinfo
iphlpapi.dll
0x1401c3168 GetAdaptersAddresses
ntdll.dll
0x1401c3408 RtlNtStatusToDosError
0x1401c3410 NtDeviceIoControlFile
0x1401c3418 NtCancelIoFileEx
0x1401c3420 NtWriteFile
0x1401c3428 NtCreateFile
0x1401c3430 NtReadFile
crypt.dll
0x1401c3158 BCryptGenRandom
advapi32.dll
0x1401c3050 SystemFunction036
VCRUNTIME140.dll
0x1401c3000 memcpy
0x1401c3008 __CxxFrameHandler3
0x1401c3010 __current_exception_context
0x1401c3018 memmove
0x1401c3020 memcmp
0x1401c3028 memset
0x1401c3030 _CxxThrowException
0x1401c3038 __C_specific_handler
0x1401c3040 __current_exception
api-ms-win-crt-string-l1-1-0.dll
0x1401c3148 strlen
api-ms-win-crt-runtime-l1-1-0.dll
0x1401c3098 exit
0x1401c30a0 _exit
0x1401c30a8 _cexit
0x1401c30b0 _c_exit
0x1401c30b8 _initterm_e
0x1401c30c0 _initialize_narrow_environment
0x1401c30c8 _configure_narrow_argv
0x1401c30d0 _initterm
0x1401c30d8 _set_app_type
0x1401c30e0 _register_thread_local_exe_atexit_callback
0x1401c30e8 _initialize_onexit_table
0x1401c30f0 _register_onexit_function
0x1401c30f8 _crt_atexit
0x1401c3100 _get_initial_narrow_environment
0x1401c3108 terminate
0x1401c3110 __p___argc
0x1401c3118 _seh_filter_exe
0x1401c3120 __p___argv
api-ms-win-crt-math-l1-1-0.dll
0x1401c3088 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x1401c3130 __p__commode
0x1401c3138 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x1401c3078 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x1401c3060 _set_new_mode
0x1401c3068 free
EAT(Export Address Table) is none