ScreenShot
| Created | 2023.08.14 07:46 | Machine | s1_win7_x6403 |
| Filename | blackfridaydiscount.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 86ee347279e32641070f69e669ec98e2 | ||
| sha256 | 63af1bc6256086131314311b5908c85399b95dda6c4c6e84c8d77bd1b4d1fc43 | ||
| ssdeep | 3072:ZtKXz5gnSEACcYDY3MO8XqHm4ujDtyaAvgSzjhvG:TKX9MNAu0jm1jDty6 | ||
| imphash | 5980dbc90a26d848f180dd5be5bcd2cc | ||
| impfuzzy | 24:BKVjlNDoryq6bNbHOovb/J3InKQFQ8RyvDklRSnZmfWlzf:wxuYQK3D+SnZmfW1f | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40f000 GetNamedPipeInfo
0x40f004 GetTickCount
0x40f008 Sleep
0x40f00c WaitForSingleObject
0x40f010 CreateThread
0x40f014 lstrlenW
0x40f018 VirtualProtect
0x40f01c GetProcAddress
0x40f020 LoadLibraryA
0x40f024 VirtualAlloc
0x40f028 LockResource
0x40f02c LoadResource
0x40f030 SizeofResource
0x40f034 FindResourceW
0x40f038 GetModuleHandleW
0x40f03c SetCommBreak
0x40f040 GetLastError
0x40f044 CreateMutexA
0x40f048 GetModuleHandleA
0x40f04c CancelTimerQueueTimer
0x40f050 FreeConsole
0x40f054 RtlUnwind
0x40f058 GetCommandLineA
0x40f05c TlsGetValue
0x40f060 TlsAlloc
0x40f064 TlsSetValue
0x40f068 TlsFree
0x40f06c InterlockedIncrement
0x40f070 SetLastError
0x40f074 GetCurrentThreadId
0x40f078 InterlockedDecrement
0x40f07c SetUnhandledExceptionFilter
0x40f080 ExitProcess
0x40f084 WriteFile
0x40f088 GetStdHandle
0x40f08c GetModuleFileNameA
0x40f090 FreeEnvironmentStringsA
0x40f094 GetEnvironmentStrings
0x40f098 FreeEnvironmentStringsW
0x40f09c WideCharToMultiByte
0x40f0a0 GetEnvironmentStringsW
0x40f0a4 SetHandleCount
0x40f0a8 GetFileType
0x40f0ac GetStartupInfoA
0x40f0b0 DeleteCriticalSection
0x40f0b4 HeapCreate
0x40f0b8 VirtualFree
0x40f0bc HeapFree
0x40f0c0 QueryPerformanceCounter
0x40f0c4 GetCurrentProcessId
0x40f0c8 GetSystemTimeAsFileTime
0x40f0cc RaiseException
0x40f0d0 TerminateProcess
0x40f0d4 GetCurrentProcess
0x40f0d8 UnhandledExceptionFilter
0x40f0dc IsDebuggerPresent
0x40f0e0 LeaveCriticalSection
0x40f0e4 EnterCriticalSection
0x40f0e8 GetCPInfo
0x40f0ec GetACP
0x40f0f0 GetOEMCP
0x40f0f4 IsValidCodePage
0x40f0f8 InitializeCriticalSectionAndSpinCount
0x40f0fc HeapAlloc
0x40f100 HeapReAlloc
0x40f104 GetLocaleInfoA
0x40f108 GetStringTypeA
0x40f10c MultiByteToWideChar
0x40f110 GetStringTypeW
0x40f114 LCMapStringA
0x40f118 LCMapStringW
0x40f11c HeapSize
EAT(Export Address Table) is none
KERNEL32.dll
0x40f000 GetNamedPipeInfo
0x40f004 GetTickCount
0x40f008 Sleep
0x40f00c WaitForSingleObject
0x40f010 CreateThread
0x40f014 lstrlenW
0x40f018 VirtualProtect
0x40f01c GetProcAddress
0x40f020 LoadLibraryA
0x40f024 VirtualAlloc
0x40f028 LockResource
0x40f02c LoadResource
0x40f030 SizeofResource
0x40f034 FindResourceW
0x40f038 GetModuleHandleW
0x40f03c SetCommBreak
0x40f040 GetLastError
0x40f044 CreateMutexA
0x40f048 GetModuleHandleA
0x40f04c CancelTimerQueueTimer
0x40f050 FreeConsole
0x40f054 RtlUnwind
0x40f058 GetCommandLineA
0x40f05c TlsGetValue
0x40f060 TlsAlloc
0x40f064 TlsSetValue
0x40f068 TlsFree
0x40f06c InterlockedIncrement
0x40f070 SetLastError
0x40f074 GetCurrentThreadId
0x40f078 InterlockedDecrement
0x40f07c SetUnhandledExceptionFilter
0x40f080 ExitProcess
0x40f084 WriteFile
0x40f088 GetStdHandle
0x40f08c GetModuleFileNameA
0x40f090 FreeEnvironmentStringsA
0x40f094 GetEnvironmentStrings
0x40f098 FreeEnvironmentStringsW
0x40f09c WideCharToMultiByte
0x40f0a0 GetEnvironmentStringsW
0x40f0a4 SetHandleCount
0x40f0a8 GetFileType
0x40f0ac GetStartupInfoA
0x40f0b0 DeleteCriticalSection
0x40f0b4 HeapCreate
0x40f0b8 VirtualFree
0x40f0bc HeapFree
0x40f0c0 QueryPerformanceCounter
0x40f0c4 GetCurrentProcessId
0x40f0c8 GetSystemTimeAsFileTime
0x40f0cc RaiseException
0x40f0d0 TerminateProcess
0x40f0d4 GetCurrentProcess
0x40f0d8 UnhandledExceptionFilter
0x40f0dc IsDebuggerPresent
0x40f0e0 LeaveCriticalSection
0x40f0e4 EnterCriticalSection
0x40f0e8 GetCPInfo
0x40f0ec GetACP
0x40f0f0 GetOEMCP
0x40f0f4 IsValidCodePage
0x40f0f8 InitializeCriticalSectionAndSpinCount
0x40f0fc HeapAlloc
0x40f100 HeapReAlloc
0x40f104 GetLocaleInfoA
0x40f108 GetStringTypeA
0x40f10c MultiByteToWideChar
0x40f110 GetStringTypeW
0x40f114 LCMapStringA
0x40f118 LCMapStringW
0x40f11c HeapSize
EAT(Export Address Table) is none