ScreenShot
| Created | 2023.09.18 07:50 | Machine | s1_win7_x6403 |
| Filename | index.php | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 5ba328846dad5cb3e3a41f579d25b7fd | ||
| sha256 | 006eeeaf0491717f1021983f1ebbfc8ff71d854730229818fc45f432014d63f3 | ||
| ssdeep | 3072:CID0ozRIGKOmrGBB/Ej0IBfopYXuCD3CbTwowx8jKJ:C0zCGKfrGi0IxopWbCbcoY8j | ||
| imphash | 942ca992441c585d4cf2a9252e32648a | ||
| impfuzzy | 24:FkbG2SE0Zz+fmarPPpkrkRIOov/FYV4rAZfWykKsUFzFqOvMpIORb2pO5xXDRttv:d1ZZq8EmYQ4v+wM9ttfcIe7vc7UXg | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x401010 MoveFileExW
0x401014 ReadConsoleA
0x401018 InterlockedDecrement
0x40101c SetDefaultCommConfigW
0x401020 GetEnvironmentStringsW
0x401024 GetUserDefaultLCID
0x401028 SetConsoleScreenBufferSize
0x40102c AddConsoleAliasW
0x401030 SetVolumeMountPointW
0x401034 GetComputerNameW
0x401038 GetModuleHandleW
0x40103c GetCommConfig
0x401040 GetConsoleAliasesLengthA
0x401044 SetFileTime
0x401048 GetCommandLineA
0x40104c GetDriveTypeA
0x401050 GetEnvironmentStrings
0x401054 GetPrivateProfileIntA
0x401058 LoadLibraryW
0x40105c TerminateThread
0x401060 ReadConsoleInputA
0x401064 CopyFileW
0x401068 SetConsoleCP
0x40106c EnumSystemCodePagesA
0x401070 GetACP
0x401074 GetConsoleAliasExesA
0x401078 GetStartupInfoW
0x40107c DisconnectNamedPipe
0x401080 CreateJobObjectA
0x401084 GetNamedPipeHandleStateW
0x401088 FindFirstFileA
0x40108c GetLastError
0x401090 GetCurrentDirectoryW
0x401094 RemoveDirectoryA
0x401098 LoadLibraryA
0x40109c LocalAlloc
0x4010a0 GetFileType
0x4010a4 FindNextFileA
0x4010a8 FreeEnvironmentStringsW
0x4010ac FindNextFileW
0x4010b0 VirtualProtect
0x4010b4 PurgeComm
0x4010b8 EnumDateFormatsW
0x4010bc FatalAppExitA
0x4010c0 GetShortPathNameW
0x4010c4 FindFirstVolumeA
0x4010c8 FindAtomW
0x4010cc GetWindowsDirectoryW
0x4010d0 EnumSystemLocalesW
0x4010d4 SetStdHandle
0x4010d8 WriteConsoleW
0x4010dc FindFirstFileW
0x4010e0 SetInformationJobObject
0x4010e4 GetVolumePathNameA
0x4010e8 GetCommandLineW
0x4010ec CloseHandle
0x4010f0 CreateFileW
0x4010f4 MoveFileA
0x4010f8 HeapFree
0x4010fc HeapAlloc
0x401100 EncodePointer
0x401104 DecodePointer
0x401108 HeapSetInformation
0x40110c HeapCreate
0x401110 GetProcAddress
0x401114 ExitProcess
0x401118 WriteFile
0x40111c GetStdHandle
0x401120 GetModuleFileNameW
0x401124 UnhandledExceptionFilter
0x401128 SetUnhandledExceptionFilter
0x40112c IsDebuggerPresent
0x401130 TerminateProcess
0x401134 GetCurrentProcess
0x401138 Sleep
0x40113c HeapSize
0x401140 EnterCriticalSection
0x401144 LeaveCriticalSection
0x401148 SetHandleCount
0x40114c InitializeCriticalSectionAndSpinCount
0x401150 DeleteCriticalSection
0x401154 TlsAlloc
0x401158 TlsGetValue
0x40115c TlsSetValue
0x401160 TlsFree
0x401164 InterlockedIncrement
0x401168 SetLastError
0x40116c GetCurrentThreadId
0x401170 QueryPerformanceCounter
0x401174 GetTickCount
0x401178 GetCurrentProcessId
0x40117c GetSystemTimeAsFileTime
0x401180 HeapReAlloc
0x401184 RtlUnwind
0x401188 GetCPInfo
0x40118c GetOEMCP
0x401190 IsValidCodePage
0x401194 WideCharToMultiByte
0x401198 IsProcessorFeaturePresent
0x40119c GetConsoleCP
0x4011a0 GetConsoleMode
0x4011a4 FlushFileBuffers
0x4011a8 LCMapStringW
0x4011ac MultiByteToWideChar
0x4011b0 GetStringTypeW
0x4011b4 SetFilePointer
USER32.dll
0x4011c4 CharUpperW
GDI32.dll
0x401000 SelectPalette
0x401004 GetTextFaceW
0x401008 GetCharWidthA
SHELL32.dll
0x4011bc DragFinish
WINHTTP.dll
0x4011cc WinHttpGetProxyForUrl
EAT(Export Address Table) is none
KERNEL32.dll
0x401010 MoveFileExW
0x401014 ReadConsoleA
0x401018 InterlockedDecrement
0x40101c SetDefaultCommConfigW
0x401020 GetEnvironmentStringsW
0x401024 GetUserDefaultLCID
0x401028 SetConsoleScreenBufferSize
0x40102c AddConsoleAliasW
0x401030 SetVolumeMountPointW
0x401034 GetComputerNameW
0x401038 GetModuleHandleW
0x40103c GetCommConfig
0x401040 GetConsoleAliasesLengthA
0x401044 SetFileTime
0x401048 GetCommandLineA
0x40104c GetDriveTypeA
0x401050 GetEnvironmentStrings
0x401054 GetPrivateProfileIntA
0x401058 LoadLibraryW
0x40105c TerminateThread
0x401060 ReadConsoleInputA
0x401064 CopyFileW
0x401068 SetConsoleCP
0x40106c EnumSystemCodePagesA
0x401070 GetACP
0x401074 GetConsoleAliasExesA
0x401078 GetStartupInfoW
0x40107c DisconnectNamedPipe
0x401080 CreateJobObjectA
0x401084 GetNamedPipeHandleStateW
0x401088 FindFirstFileA
0x40108c GetLastError
0x401090 GetCurrentDirectoryW
0x401094 RemoveDirectoryA
0x401098 LoadLibraryA
0x40109c LocalAlloc
0x4010a0 GetFileType
0x4010a4 FindNextFileA
0x4010a8 FreeEnvironmentStringsW
0x4010ac FindNextFileW
0x4010b0 VirtualProtect
0x4010b4 PurgeComm
0x4010b8 EnumDateFormatsW
0x4010bc FatalAppExitA
0x4010c0 GetShortPathNameW
0x4010c4 FindFirstVolumeA
0x4010c8 FindAtomW
0x4010cc GetWindowsDirectoryW
0x4010d0 EnumSystemLocalesW
0x4010d4 SetStdHandle
0x4010d8 WriteConsoleW
0x4010dc FindFirstFileW
0x4010e0 SetInformationJobObject
0x4010e4 GetVolumePathNameA
0x4010e8 GetCommandLineW
0x4010ec CloseHandle
0x4010f0 CreateFileW
0x4010f4 MoveFileA
0x4010f8 HeapFree
0x4010fc HeapAlloc
0x401100 EncodePointer
0x401104 DecodePointer
0x401108 HeapSetInformation
0x40110c HeapCreate
0x401110 GetProcAddress
0x401114 ExitProcess
0x401118 WriteFile
0x40111c GetStdHandle
0x401120 GetModuleFileNameW
0x401124 UnhandledExceptionFilter
0x401128 SetUnhandledExceptionFilter
0x40112c IsDebuggerPresent
0x401130 TerminateProcess
0x401134 GetCurrentProcess
0x401138 Sleep
0x40113c HeapSize
0x401140 EnterCriticalSection
0x401144 LeaveCriticalSection
0x401148 SetHandleCount
0x40114c InitializeCriticalSectionAndSpinCount
0x401150 DeleteCriticalSection
0x401154 TlsAlloc
0x401158 TlsGetValue
0x40115c TlsSetValue
0x401160 TlsFree
0x401164 InterlockedIncrement
0x401168 SetLastError
0x40116c GetCurrentThreadId
0x401170 QueryPerformanceCounter
0x401174 GetTickCount
0x401178 GetCurrentProcessId
0x40117c GetSystemTimeAsFileTime
0x401180 HeapReAlloc
0x401184 RtlUnwind
0x401188 GetCPInfo
0x40118c GetOEMCP
0x401190 IsValidCodePage
0x401194 WideCharToMultiByte
0x401198 IsProcessorFeaturePresent
0x40119c GetConsoleCP
0x4011a0 GetConsoleMode
0x4011a4 FlushFileBuffers
0x4011a8 LCMapStringW
0x4011ac MultiByteToWideChar
0x4011b0 GetStringTypeW
0x4011b4 SetFilePointer
USER32.dll
0x4011c4 CharUpperW
GDI32.dll
0x401000 SelectPalette
0x401004 GetTextFaceW
0x401008 GetCharWidthA
SHELL32.dll
0x4011bc DragFinish
WINHTTP.dll
0x4011cc WinHttpGetProxyForUrl
EAT(Export Address Table) is none