ScreenShot
| Created | 2023.09.14 07:50 | Machine | s1_win7_x6403 |
| Filename | Mar.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | |||
| md5 | 55f845c433e637594aaf872e41fda207 | ||
| sha256 | f9f9b154f928549c7a4b484909f41352048ce8148c678f4ec32c807c1d173a39 | ||
| ssdeep | 6144:GUG2bcUH6Z0+ReEjhVsJgAmkMAIeuudb8MT8AOacOZS:GU9bIeEdVsJqeuudbFT8SZS | ||
| imphash | 44e769941d2c6ad88bf42ac4adb36135 | ||
| impfuzzy | 48:ggXSEHhwGOKZEc+JyXtoS1xGoZccgTg36wRLPwNWI:pXS5GjEc+J8toS1xGoZctWRLov | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x439028 CloseHandle
0x43902c GetSystemInfo
0x439030 CreateThread
0x439034 GetThreadContext
0x439038 GetProcAddress
0x43903c VirtualAllocEx
0x439040 RemoveDirectoryA
0x439044 CreateFileA
0x439048 CreateProcessA
0x43904c CreateDirectoryA
0x439050 SetThreadContext
0x439054 SetEndOfFile
0x439058 HeapSize
0x43905c GetProcessHeap
0x439060 SetEnvironmentVariableW
0x439064 GetFileAttributesA
0x439068 GetLastError
0x43906c GetTempPathA
0x439070 Sleep
0x439074 GetModuleHandleA
0x439078 SetCurrentDirectoryA
0x43907c ResumeThread
0x439080 GetComputerNameExW
0x439084 GetVersionExW
0x439088 CreateMutexA
0x43908c VirtualAlloc
0x439090 WriteFile
0x439094 VirtualFree
0x439098 WriteProcessMemory
0x43909c GetModuleFileNameA
0x4390a0 ReadProcessMemory
0x4390a4 ReadFile
0x4390a8 FreeEnvironmentStringsW
0x4390ac GetEnvironmentStringsW
0x4390b0 GetOEMCP
0x4390b4 GetACP
0x4390b8 IsValidCodePage
0x4390bc FindNextFileW
0x4390c0 FindFirstFileExW
0x4390c4 FindClose
0x4390c8 GetTimeZoneInformation
0x4390cc HeapReAlloc
0x4390d0 ReadConsoleW
0x4390d4 SetStdHandle
0x4390d8 GetFullPathNameW
0x4390dc GetCurrentDirectoryW
0x4390e0 DeleteFileW
0x4390e4 EnumSystemLocalesW
0x4390e8 GetUserDefaultLCID
0x4390ec IsValidLocale
0x4390f0 HeapAlloc
0x4390f4 HeapFree
0x4390f8 GetConsoleMode
0x4390fc GetConsoleCP
0x439100 FlushFileBuffers
0x439104 SetFilePointerEx
0x439108 WideCharToMultiByte
0x43910c EnterCriticalSection
0x439110 LeaveCriticalSection
0x439114 DeleteCriticalSection
0x439118 SetLastError
0x43911c InitializeCriticalSectionAndSpinCount
0x439120 CreateEventW
0x439124 SwitchToThread
0x439128 TlsAlloc
0x43912c TlsGetValue
0x439130 TlsSetValue
0x439134 TlsFree
0x439138 GetSystemTimeAsFileTime
0x43913c GetModuleHandleW
0x439140 EncodePointer
0x439144 DecodePointer
0x439148 MultiByteToWideChar
0x43914c CompareStringW
0x439150 LCMapStringW
0x439154 GetLocaleInfoW
0x439158 GetStringTypeW
0x43915c GetCPInfo
0x439160 SetEvent
0x439164 ResetEvent
0x439168 WaitForSingleObjectEx
0x43916c UnhandledExceptionFilter
0x439170 SetUnhandledExceptionFilter
0x439174 GetCurrentProcess
0x439178 TerminateProcess
0x43917c IsProcessorFeaturePresent
0x439180 IsDebuggerPresent
0x439184 GetStartupInfoW
0x439188 QueryPerformanceCounter
0x43918c GetCurrentProcessId
0x439190 GetCurrentThreadId
0x439194 InitializeSListHead
0x439198 RaiseException
0x43919c RtlUnwind
0x4391a0 FreeLibrary
0x4391a4 LoadLibraryExW
0x4391a8 ExitProcess
0x4391ac GetModuleHandleExW
0x4391b0 CreateFileW
0x4391b4 GetDriveTypeW
0x4391b8 GetFileInformationByHandle
0x4391bc GetFileType
0x4391c0 PeekNamedPipe
0x4391c4 SystemTimeToTzSpecificLocalTime
0x4391c8 FileTimeToSystemTime
0x4391cc GetModuleFileNameW
0x4391d0 GetStdHandle
0x4391d4 GetCommandLineA
0x4391d8 GetCommandLineW
0x4391dc GetFileSizeEx
0x4391e0 WriteConsoleW
ADVAPI32.dll
0x439000 RegCloseKey
0x439004 RegQueryValueExA
0x439008 GetSidSubAuthorityCount
0x43900c GetSidSubAuthority
0x439010 GetUserNameA
0x439014 LookupAccountNameA
0x439018 RegSetValueExA
0x43901c RegOpenKeyExA
0x439020 GetSidIdentifierAuthority
SHELL32.dll
0x4391e8 ShellExecuteA
0x4391ec None
0x4391f0 SHGetFolderPathA
WININET.dll
0x4391f8 HttpOpenRequestA
0x4391fc InternetReadFile
0x439200 InternetConnectA
0x439204 HttpSendRequestA
0x439208 InternetCloseHandle
0x43920c InternetOpenA
0x439210 InternetOpenW
0x439214 InternetOpenUrlA
EAT(Export Address Table) is none
KERNEL32.dll
0x439028 CloseHandle
0x43902c GetSystemInfo
0x439030 CreateThread
0x439034 GetThreadContext
0x439038 GetProcAddress
0x43903c VirtualAllocEx
0x439040 RemoveDirectoryA
0x439044 CreateFileA
0x439048 CreateProcessA
0x43904c CreateDirectoryA
0x439050 SetThreadContext
0x439054 SetEndOfFile
0x439058 HeapSize
0x43905c GetProcessHeap
0x439060 SetEnvironmentVariableW
0x439064 GetFileAttributesA
0x439068 GetLastError
0x43906c GetTempPathA
0x439070 Sleep
0x439074 GetModuleHandleA
0x439078 SetCurrentDirectoryA
0x43907c ResumeThread
0x439080 GetComputerNameExW
0x439084 GetVersionExW
0x439088 CreateMutexA
0x43908c VirtualAlloc
0x439090 WriteFile
0x439094 VirtualFree
0x439098 WriteProcessMemory
0x43909c GetModuleFileNameA
0x4390a0 ReadProcessMemory
0x4390a4 ReadFile
0x4390a8 FreeEnvironmentStringsW
0x4390ac GetEnvironmentStringsW
0x4390b0 GetOEMCP
0x4390b4 GetACP
0x4390b8 IsValidCodePage
0x4390bc FindNextFileW
0x4390c0 FindFirstFileExW
0x4390c4 FindClose
0x4390c8 GetTimeZoneInformation
0x4390cc HeapReAlloc
0x4390d0 ReadConsoleW
0x4390d4 SetStdHandle
0x4390d8 GetFullPathNameW
0x4390dc GetCurrentDirectoryW
0x4390e0 DeleteFileW
0x4390e4 EnumSystemLocalesW
0x4390e8 GetUserDefaultLCID
0x4390ec IsValidLocale
0x4390f0 HeapAlloc
0x4390f4 HeapFree
0x4390f8 GetConsoleMode
0x4390fc GetConsoleCP
0x439100 FlushFileBuffers
0x439104 SetFilePointerEx
0x439108 WideCharToMultiByte
0x43910c EnterCriticalSection
0x439110 LeaveCriticalSection
0x439114 DeleteCriticalSection
0x439118 SetLastError
0x43911c InitializeCriticalSectionAndSpinCount
0x439120 CreateEventW
0x439124 SwitchToThread
0x439128 TlsAlloc
0x43912c TlsGetValue
0x439130 TlsSetValue
0x439134 TlsFree
0x439138 GetSystemTimeAsFileTime
0x43913c GetModuleHandleW
0x439140 EncodePointer
0x439144 DecodePointer
0x439148 MultiByteToWideChar
0x43914c CompareStringW
0x439150 LCMapStringW
0x439154 GetLocaleInfoW
0x439158 GetStringTypeW
0x43915c GetCPInfo
0x439160 SetEvent
0x439164 ResetEvent
0x439168 WaitForSingleObjectEx
0x43916c UnhandledExceptionFilter
0x439170 SetUnhandledExceptionFilter
0x439174 GetCurrentProcess
0x439178 TerminateProcess
0x43917c IsProcessorFeaturePresent
0x439180 IsDebuggerPresent
0x439184 GetStartupInfoW
0x439188 QueryPerformanceCounter
0x43918c GetCurrentProcessId
0x439190 GetCurrentThreadId
0x439194 InitializeSListHead
0x439198 RaiseException
0x43919c RtlUnwind
0x4391a0 FreeLibrary
0x4391a4 LoadLibraryExW
0x4391a8 ExitProcess
0x4391ac GetModuleHandleExW
0x4391b0 CreateFileW
0x4391b4 GetDriveTypeW
0x4391b8 GetFileInformationByHandle
0x4391bc GetFileType
0x4391c0 PeekNamedPipe
0x4391c4 SystemTimeToTzSpecificLocalTime
0x4391c8 FileTimeToSystemTime
0x4391cc GetModuleFileNameW
0x4391d0 GetStdHandle
0x4391d4 GetCommandLineA
0x4391d8 GetCommandLineW
0x4391dc GetFileSizeEx
0x4391e0 WriteConsoleW
ADVAPI32.dll
0x439000 RegCloseKey
0x439004 RegQueryValueExA
0x439008 GetSidSubAuthorityCount
0x43900c GetSidSubAuthority
0x439010 GetUserNameA
0x439014 LookupAccountNameA
0x439018 RegSetValueExA
0x43901c RegOpenKeyExA
0x439020 GetSidIdentifierAuthority
SHELL32.dll
0x4391e8 ShellExecuteA
0x4391ec None
0x4391f0 SHGetFolderPathA
WININET.dll
0x4391f8 HttpOpenRequestA
0x4391fc InternetReadFile
0x439200 InternetConnectA
0x439204 HttpSendRequestA
0x439208 InternetCloseHandle
0x43920c InternetOpenA
0x439210 InternetOpenW
0x439214 InternetOpenUrlA
EAT(Export Address Table) is none