ScreenShot
| Created | 2023.09.30 13:01 | Machine | s1_win7_x6403 |
| Filename | WinDhcp.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 21 detected (AIDetectMalware, malicious, Rozena, Eldorado, Attribute, HighConfidence, high confidence, score, EPACK, Gen2, Krypt, Wacatac, Detected, kC3zMNTE3QN, Static AI, Suspicious PE, confidence) | ||
| md5 | d381d9db9cbd1b60afdfb4f05e52a775 | ||
| sha256 | 3e488cd6f6cc7b35713c321dc58b63fa95ba9c69248008109b7bf9a543add7e9 | ||
| ssdeep | 98304:Qp4L/JhqnNKIjRFlrDlyzVd/dCR36YDAbJC5kZne:QeL/JhqNRrhyXCR3FAbfhe | ||
| imphash | 0fdd3d21d2193b717f076a70dfaa659c | ||
| impfuzzy | 12:YRJRJJoARZqRVPXJHqV0MHHGf5XGXKiEG6eGJwk6lm/GaJqniZJn:8fjBcVK0MGf5XGf6Zykom/GCqiZJn | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 21 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14052b198 DeleteCriticalSection
0x14052b1a0 EnterCriticalSection
0x14052b1a8 GetLastError
0x14052b1b0 InitializeCriticalSection
0x14052b1b8 LeaveCriticalSection
0x14052b1c0 SetUnhandledExceptionFilter
0x14052b1c8 Sleep
0x14052b1d0 TlsGetValue
0x14052b1d8 VirtualProtect
0x14052b1e0 VirtualQuery
msvcrt.dll
0x14052b1f0 __C_specific_handler
0x14052b1f8 __getmainargs
0x14052b200 __initenv
0x14052b208 __iob_func
0x14052b210 __set_app_type
0x14052b218 __setusermatherr
0x14052b220 _amsg_exit
0x14052b228 _cexit
0x14052b230 _commode
0x14052b238 _fmode
0x14052b240 _initterm
0x14052b248 _onexit
0x14052b250 abort
0x14052b258 calloc
0x14052b260 exit
0x14052b268 fprintf
0x14052b270 fputs
0x14052b278 free
0x14052b280 malloc
0x14052b288 memset
0x14052b290 signal
0x14052b298 strlen
0x14052b2a0 strncmp
0x14052b2a8 vfprintf
0x14052b2b0 wcscat
0x14052b2b8 wcscpy
0x14052b2c0 wcslen
0x14052b2c8 wcsncmp
0x14052b2d0 wcsstr
0x14052b2d8 _wcsnicmp
0x14052b2e0 _wcsicmp
EAT(Export Address Table) is none
KERNEL32.dll
0x14052b198 DeleteCriticalSection
0x14052b1a0 EnterCriticalSection
0x14052b1a8 GetLastError
0x14052b1b0 InitializeCriticalSection
0x14052b1b8 LeaveCriticalSection
0x14052b1c0 SetUnhandledExceptionFilter
0x14052b1c8 Sleep
0x14052b1d0 TlsGetValue
0x14052b1d8 VirtualProtect
0x14052b1e0 VirtualQuery
msvcrt.dll
0x14052b1f0 __C_specific_handler
0x14052b1f8 __getmainargs
0x14052b200 __initenv
0x14052b208 __iob_func
0x14052b210 __set_app_type
0x14052b218 __setusermatherr
0x14052b220 _amsg_exit
0x14052b228 _cexit
0x14052b230 _commode
0x14052b238 _fmode
0x14052b240 _initterm
0x14052b248 _onexit
0x14052b250 abort
0x14052b258 calloc
0x14052b260 exit
0x14052b268 fprintf
0x14052b270 fputs
0x14052b278 free
0x14052b280 malloc
0x14052b288 memset
0x14052b290 signal
0x14052b298 strlen
0x14052b2a0 strncmp
0x14052b2a8 vfprintf
0x14052b2b0 wcscat
0x14052b2b8 wcscpy
0x14052b2c0 wcslen
0x14052b2c8 wcsncmp
0x14052b2d0 wcsstr
0x14052b2d8 _wcsnicmp
0x14052b2e0 _wcsicmp
EAT(Export Address Table) is none