ScreenShot
| Created | 2023.09.10 09:25 | Machine | s1_win7_x6403 |
| Filename | iexpress.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 25 detected (AIDetectMalware, Artemis, Rozena, Eldorado, Attribute, HighConfidence, malicious, high confidence, ShellcodeRunner, AGen, xbdvcj, FileRepMalware, Misc, MulDrop23, Generic Reputation PUA, Casdet, Detected, unsafe, R002H0DI923, kC3zMNTE3QN, Outbreak, confidence, 100%) | ||
| md5 | fe5be27304af34b481120a35486df496 | ||
| sha256 | 2d972eea915c809d3c76c56a960c82a58881c9c98db4c8e53d894227f958a4c9 | ||
| ssdeep | 196608:aRCetsJ8WuTEElonblp0VPt/Vg3NNJ94yD5ne:aRnCOTEEGnblp07dg3j | ||
| imphash | 0fdd3d21d2193b717f076a70dfaa659c | ||
| impfuzzy | 12:YRJRJJoARZqRVPXJHqV0MHHGf5XGXKiEG6eGJwk6lm/GaJqniZJn:8fjBcVK0MGf5XGf6Zykom/GCqiZJn | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 25 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140988198 DeleteCriticalSection
0x1409881a0 EnterCriticalSection
0x1409881a8 GetLastError
0x1409881b0 InitializeCriticalSection
0x1409881b8 LeaveCriticalSection
0x1409881c0 SetUnhandledExceptionFilter
0x1409881c8 Sleep
0x1409881d0 TlsGetValue
0x1409881d8 VirtualProtect
0x1409881e0 VirtualQuery
msvcrt.dll
0x1409881f0 __C_specific_handler
0x1409881f8 __getmainargs
0x140988200 __initenv
0x140988208 __iob_func
0x140988210 __set_app_type
0x140988218 __setusermatherr
0x140988220 _amsg_exit
0x140988228 _cexit
0x140988230 _commode
0x140988238 _fmode
0x140988240 _initterm
0x140988248 _onexit
0x140988250 abort
0x140988258 calloc
0x140988260 exit
0x140988268 fprintf
0x140988270 fputs
0x140988278 free
0x140988280 malloc
0x140988288 memset
0x140988290 signal
0x140988298 strlen
0x1409882a0 strncmp
0x1409882a8 vfprintf
0x1409882b0 wcscat
0x1409882b8 wcscpy
0x1409882c0 wcslen
0x1409882c8 wcsncmp
0x1409882d0 wcsstr
0x1409882d8 _wcsnicmp
0x1409882e0 _wcsicmp
EAT(Export Address Table) is none
KERNEL32.dll
0x140988198 DeleteCriticalSection
0x1409881a0 EnterCriticalSection
0x1409881a8 GetLastError
0x1409881b0 InitializeCriticalSection
0x1409881b8 LeaveCriticalSection
0x1409881c0 SetUnhandledExceptionFilter
0x1409881c8 Sleep
0x1409881d0 TlsGetValue
0x1409881d8 VirtualProtect
0x1409881e0 VirtualQuery
msvcrt.dll
0x1409881f0 __C_specific_handler
0x1409881f8 __getmainargs
0x140988200 __initenv
0x140988208 __iob_func
0x140988210 __set_app_type
0x140988218 __setusermatherr
0x140988220 _amsg_exit
0x140988228 _cexit
0x140988230 _commode
0x140988238 _fmode
0x140988240 _initterm
0x140988248 _onexit
0x140988250 abort
0x140988258 calloc
0x140988260 exit
0x140988268 fprintf
0x140988270 fputs
0x140988278 free
0x140988280 malloc
0x140988288 memset
0x140988290 signal
0x140988298 strlen
0x1409882a0 strncmp
0x1409882a8 vfprintf
0x1409882b0 wcscat
0x1409882b8 wcscpy
0x1409882c0 wcslen
0x1409882c8 wcsncmp
0x1409882d0 wcsstr
0x1409882d8 _wcsnicmp
0x1409882e0 _wcsicmp
EAT(Export Address Table) is none