ScreenShot
| Created | 2023.10.02 08:41 | Machine | s1_win7_x6402 |
| Filename | afkjo.txt.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | fface24ac296a898cca3f46bc0abcd58 | ||
| sha256 | bc60a7b54f05b982ef5d088047903f67a4bf52f5ffe834b7268c316ea44df962 | ||
| ssdeep | 192:ALKf4my3ssAnktY67AN3BwQbqVx9XP5EvvL27yrwIi6yFz1gYuswZlskR:+/18s1tvHAqVDP5Evvq7UwInyJ19wc2 | ||
| imphash | 74112afb67d4cb152ebd8ee76f449460 | ||
| impfuzzy | 12:Wj7WsjkAGfDvZGd3zaLPXJ1XJBwDcNaXA4wxrjic7r4G:WjTkfDRljLjwoNaw4wxsG | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| info | Checks amount of memory in system |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x402000 WaitForSingleObject
0x402004 CreateFileW
0x402008 GetSystemDirectoryW
0x40200c lstrcatW
0x402010 LockResource
0x402014 CloseHandle
0x402018 LoadLibraryW
0x40201c GetTempPathW
0x402020 FindResourceW
0x402024 GetWindowsDirectoryW
0x402028 GetProcAddress
0x40202c ExitProcess
0x402030 TerminateProcess
0x402034 GetCurrentProcess
0x402038 IsProcessorFeaturePresent
0x40203c GetModuleFileNameW
0x402040 WriteFile
0x402044 LoadResource
0x402048 SizeofResource
0x40204c SetUnhandledExceptionFilter
0x402050 UnhandledExceptionFilter
USER32.dll
0x402068 MessageBoxW
SHELL32.dll
0x402058 None
0x40205c SHCreateItemFromParsingName
0x402060 ShellExecuteExW
ole32.dll
0x402070 CoCreateInstance
0x402074 CoUninitialize
0x402078 CoInitialize
0x40207c CoGetObject
EAT(Export Address Table) is none
KERNEL32.dll
0x402000 WaitForSingleObject
0x402004 CreateFileW
0x402008 GetSystemDirectoryW
0x40200c lstrcatW
0x402010 LockResource
0x402014 CloseHandle
0x402018 LoadLibraryW
0x40201c GetTempPathW
0x402020 FindResourceW
0x402024 GetWindowsDirectoryW
0x402028 GetProcAddress
0x40202c ExitProcess
0x402030 TerminateProcess
0x402034 GetCurrentProcess
0x402038 IsProcessorFeaturePresent
0x40203c GetModuleFileNameW
0x402040 WriteFile
0x402044 LoadResource
0x402048 SizeofResource
0x40204c SetUnhandledExceptionFilter
0x402050 UnhandledExceptionFilter
USER32.dll
0x402068 MessageBoxW
SHELL32.dll
0x402058 None
0x40205c SHCreateItemFromParsingName
0x402060 ShellExecuteExW
ole32.dll
0x402070 CoCreateInstance
0x402074 CoUninitialize
0x402078 CoInitialize
0x40207c CoGetObject
EAT(Export Address Table) is none