ScreenShot
Created | 2023.08.31 10:43 | Machine | s1_win7_x6401 |
Filename | t.php | ||
Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | |||
md5 | ce212477efea0109d5fe886a6396f4b4 | ||
sha256 | 27c9055e8f0011a74da6128f2b2f8a5e596d5647f046488b5c78a42d24ed488a | ||
ssdeep | 12288:BqlI8nyOrk/09drnix9Lo/k9crJmEcUKx12UAXXWRfH:BmyOrkM9lk9Lo/k9crJmEcUKx1252JH | ||
imphash | e5e63fcb065def1635ff4d5f87c69b37 | ||
impfuzzy | 6:XAxoE4ANj77t3MzmV3y1ZfP7+OPjIUAZVebPXhXTQwETOGrOliPEcJOMREcJ4izd:oDNj79CbfCObYZ8vhU43YPXJ1XJMzs |
Network IP location
Signature (3cnts)
Level | Description |
---|---|
notice | The binary likely contains encrypted or compressed data indicative of a packer |
info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
info | This executable has a PDB path |
Rules (5cnts)
Level | Name | Description | Collection |
---|---|---|---|
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsDLL | (no description) | binaries (upload) |
info | IsPE64 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x18009b000 CloseHandle
0x18009b008 ReleaseMutex
0x18009b010 WaitForSingleObject
0x18009b018 CreateMutexA
0x18009b020 GetSystemInfo
0x18009b028 VirtualAlloc
0x18009b030 VirtualFree
0x18009b038 GetStartupInfoW
0x18009b040 IsDebuggerPresent
0x18009b048 InitializeSListHead
0x18009b050 DisableThreadLibraryCalls
0x18009b058 GetSystemTimeAsFileTime
0x18009b060 GetCurrentThreadId
0x18009b068 GetCurrentProcessId
0x18009b070 QueryPerformanceCounter
0x18009b078 IsProcessorFeaturePresent
0x18009b080 TerminateProcess
0x18009b088 GetCurrentProcess
0x18009b090 SetUnhandledExceptionFilter
0x18009b098 UnhandledExceptionFilter
0x18009b0a0 RtlVirtualUnwind
0x18009b0a8 RtlLookupFunctionEntry
0x18009b0b0 RtlCaptureContext
0x18009b0b8 GetModuleHandleW
EAT(Export Address Table) Library
0x180001037 qcre2_callout_enumerate_8
0x180001087 qcre2_code_copy_8
0x1800012a8 qcre2_code_copy_with_tables_8
0x1800011db qcre2_code_free_8
0x18000128f qcre2_compile_8
0x1800011fe qcre2_compile_context_copy_8
0x1800010aa qcre2_compile_context_create_8
0x18000125d qcre2_compile_context_free_8
0x1800011a9 qcre2_config_8
0x180001064 qcre2_convert_context_copy_8
0x180001041 qcre2_convert_context_create_8
0x18000100f qcre2_convert_context_free_8
0x1800012ad qcre2_converted_pattern_free_8
0x180001212 qcre2_dfa_match_8
0x18000122b qcre2_general_context_copy_8
0x180001307 qcre2_general_context_create_8
0x1800011e5 qcre2_general_context_free_8
0x180001181 qcre2_get_error_message_8
0x1800011cc qcre2_get_mark_8
0x1800010d2 qcre2_get_match_data_size_8
0x180001267 qcre2_get_ovector_count_8
0x180001109 qcre2_get_ovector_pointer_8
0x18000129e qcre2_get_startchar_8
0x180001343 qcre2_jit_compile_8
0x180001113 qcre2_jit_free_unused_memory_8
0x18000126c qcre2_jit_match_8
0x1800012da qcre2_jit_stack_assign_8
0x1800012fd qcre2_jit_stack_create_8
0x18000105a qcre2_jit_stack_free_8
0x180001262 qcre2_maketables_8
0x180001334 qcre2_maketables_free_8
0x18000135c qcre2_match_8
0x180001366 qcre2_match_context_copy_8
0x180001280 qcre2_match_context_create_8
0x1800012ee qcre2_match_context_free_8
0x180001046 qcre2_match_data_create_8
0x180001316 qcre2_match_data_create_from_pattern_8
0x1800012a3 qcre2_match_data_free_8
0x180001069 qcre2_pattern_convert_8
0x1800011c7 qcre2_pattern_info_8
0x1800010eb qcre2_serialize_decode_8
0x18000106e qcre2_serialize_encode_8
0x180001050 qcre2_serialize_free_8
0x1800011e0 qcre2_serialize_get_number_of_codes_8
0x18000133e qcre2_set_bsr_8
0x180001186 qcre2_set_callout_8
0x180001339 qcre2_set_character_tables_8
0x180001195 qcre2_set_compile_extra_options_8
0x18000105f qcre2_set_compile_recursion_guard_8
0x1800010d7 qcre2_set_depth_limit_8
0x180001285 qcre2_set_glob_escape_8
0x1800010b9 qcre2_set_glob_separator_8
0x1800012f8 qcre2_set_heap_limit_8
0x180001091 qcre2_set_match_limit_8
0x1800012c1 qcre2_set_max_pattern_length_8
0x18000119a qcre2_set_newline_8
0x180001258 qcre2_set_offset_limit_8
0x18000101e qcre2_set_parens_nest_limit_8
0x18000111d qcre2_set_recursion_limit_8
0x180001104 qcre2_set_recursion_memory_management_8
0x18000102d qcre2_set_substitute_callout_8
0x180001023 qcre2_substitute_8
0x1800011ea qcre2_substring_copy_byname_8
0x180001005 qcre2_substring_copy_bynumber_8
0x1800010c3 qcre2_substring_free_8
0x180001348 qcre2_substring_get_byname_8
0x1800011d1 qcre2_substring_get_bynumber_8
0x180001177 qcre2_substring_length_byname_8
0x18000103c qcre2_substring_length_bynumber_8
0x180001082 qcre2_substring_list_free_8
0x180001325 qcre2_substring_list_get_8
0x180001140 qcre2_substring_nametable_scan_8
0x180067ce0 scab
KERNEL32.dll
0x18009b000 CloseHandle
0x18009b008 ReleaseMutex
0x18009b010 WaitForSingleObject
0x18009b018 CreateMutexA
0x18009b020 GetSystemInfo
0x18009b028 VirtualAlloc
0x18009b030 VirtualFree
0x18009b038 GetStartupInfoW
0x18009b040 IsDebuggerPresent
0x18009b048 InitializeSListHead
0x18009b050 DisableThreadLibraryCalls
0x18009b058 GetSystemTimeAsFileTime
0x18009b060 GetCurrentThreadId
0x18009b068 GetCurrentProcessId
0x18009b070 QueryPerformanceCounter
0x18009b078 IsProcessorFeaturePresent
0x18009b080 TerminateProcess
0x18009b088 GetCurrentProcess
0x18009b090 SetUnhandledExceptionFilter
0x18009b098 UnhandledExceptionFilter
0x18009b0a0 RtlVirtualUnwind
0x18009b0a8 RtlLookupFunctionEntry
0x18009b0b0 RtlCaptureContext
0x18009b0b8 GetModuleHandleW
EAT(Export Address Table) Library
0x180001037 qcre2_callout_enumerate_8
0x180001087 qcre2_code_copy_8
0x1800012a8 qcre2_code_copy_with_tables_8
0x1800011db qcre2_code_free_8
0x18000128f qcre2_compile_8
0x1800011fe qcre2_compile_context_copy_8
0x1800010aa qcre2_compile_context_create_8
0x18000125d qcre2_compile_context_free_8
0x1800011a9 qcre2_config_8
0x180001064 qcre2_convert_context_copy_8
0x180001041 qcre2_convert_context_create_8
0x18000100f qcre2_convert_context_free_8
0x1800012ad qcre2_converted_pattern_free_8
0x180001212 qcre2_dfa_match_8
0x18000122b qcre2_general_context_copy_8
0x180001307 qcre2_general_context_create_8
0x1800011e5 qcre2_general_context_free_8
0x180001181 qcre2_get_error_message_8
0x1800011cc qcre2_get_mark_8
0x1800010d2 qcre2_get_match_data_size_8
0x180001267 qcre2_get_ovector_count_8
0x180001109 qcre2_get_ovector_pointer_8
0x18000129e qcre2_get_startchar_8
0x180001343 qcre2_jit_compile_8
0x180001113 qcre2_jit_free_unused_memory_8
0x18000126c qcre2_jit_match_8
0x1800012da qcre2_jit_stack_assign_8
0x1800012fd qcre2_jit_stack_create_8
0x18000105a qcre2_jit_stack_free_8
0x180001262 qcre2_maketables_8
0x180001334 qcre2_maketables_free_8
0x18000135c qcre2_match_8
0x180001366 qcre2_match_context_copy_8
0x180001280 qcre2_match_context_create_8
0x1800012ee qcre2_match_context_free_8
0x180001046 qcre2_match_data_create_8
0x180001316 qcre2_match_data_create_from_pattern_8
0x1800012a3 qcre2_match_data_free_8
0x180001069 qcre2_pattern_convert_8
0x1800011c7 qcre2_pattern_info_8
0x1800010eb qcre2_serialize_decode_8
0x18000106e qcre2_serialize_encode_8
0x180001050 qcre2_serialize_free_8
0x1800011e0 qcre2_serialize_get_number_of_codes_8
0x18000133e qcre2_set_bsr_8
0x180001186 qcre2_set_callout_8
0x180001339 qcre2_set_character_tables_8
0x180001195 qcre2_set_compile_extra_options_8
0x18000105f qcre2_set_compile_recursion_guard_8
0x1800010d7 qcre2_set_depth_limit_8
0x180001285 qcre2_set_glob_escape_8
0x1800010b9 qcre2_set_glob_separator_8
0x1800012f8 qcre2_set_heap_limit_8
0x180001091 qcre2_set_match_limit_8
0x1800012c1 qcre2_set_max_pattern_length_8
0x18000119a qcre2_set_newline_8
0x180001258 qcre2_set_offset_limit_8
0x18000101e qcre2_set_parens_nest_limit_8
0x18000111d qcre2_set_recursion_limit_8
0x180001104 qcre2_set_recursion_memory_management_8
0x18000102d qcre2_set_substitute_callout_8
0x180001023 qcre2_substitute_8
0x1800011ea qcre2_substring_copy_byname_8
0x180001005 qcre2_substring_copy_bynumber_8
0x1800010c3 qcre2_substring_free_8
0x180001348 qcre2_substring_get_byname_8
0x1800011d1 qcre2_substring_get_bynumber_8
0x180001177 qcre2_substring_length_byname_8
0x18000103c qcre2_substring_length_bynumber_8
0x180001082 qcre2_substring_list_free_8
0x180001325 qcre2_substring_list_get_8
0x180001140 qcre2_substring_nametable_scan_8
0x180067ce0 scab