ScreenShot
| Created | 2023.10.06 07:54 | Machine | s1_win7_x6403 |
| Filename | EpPDrE.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | |||
| md5 | 85d3d194ec107f5b92a7d9e6a9d06ef0 | ||
| sha256 | be1120f9457a73543597e27c1eb132ce0f833d0ca62fe67adfe6674bf48e04e4 | ||
| ssdeep | 49152:+OIhiwisGrb/TfvO90d7HjmAFd4A64nsfJ3EL9aIwSD3QI1YkMpSo9Vu2CNRCebj:7dsU9rjCFZ2EH9gl | ||
| imphash | 85cddd6092e65c1a58dd1e6e9ab9fc63 | ||
| impfuzzy | 48:qJrKxMCy9cmVKeFR+2F42xQHpdXiX1PJOmSplTJGfYJ861k1vcqTjz:qJexMCyamXRHF42xQHPXiX1Pgb7TJGQA | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| info | One or more processes crashed |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14073a45c AddAtomA
0x14073a464 AddVectoredExceptionHandler
0x14073a46c CloseHandle
0x14073a474 CreateEventA
0x14073a47c CreateFileA
0x14073a484 CreateIoCompletionPort
0x14073a48c CreateMutexA
0x14073a494 CreateSemaphoreA
0x14073a49c CreateThread
0x14073a4a4 CreateWaitableTimerExW
0x14073a4ac DeleteAtom
0x14073a4b4 DeleteCriticalSection
0x14073a4bc DuplicateHandle
0x14073a4c4 EnterCriticalSection
0x14073a4cc ExitProcess
0x14073a4d4 FindAtomA
0x14073a4dc FormatMessageA
0x14073a4e4 FreeEnvironmentStringsW
0x14073a4ec GetAtomNameA
0x14073a4f4 GetConsoleMode
0x14073a4fc GetCurrentProcess
0x14073a504 GetCurrentProcessId
0x14073a50c GetCurrentThread
0x14073a514 GetCurrentThreadId
0x14073a51c GetEnvironmentStringsW
0x14073a524 GetHandleInformation
0x14073a52c GetLastError
0x14073a534 GetProcAddress
0x14073a53c GetProcessAffinityMask
0x14073a544 GetQueuedCompletionStatusEx
0x14073a54c GetStartupInfoA
0x14073a554 GetStdHandle
0x14073a55c GetSystemDirectoryA
0x14073a564 GetSystemInfo
0x14073a56c GetSystemTimeAsFileTime
0x14073a574 GetThreadContext
0x14073a57c GetThreadPriority
0x14073a584 GetTickCount
0x14073a58c InitializeCriticalSection
0x14073a594 IsDBCSLeadByteEx
0x14073a59c IsDebuggerPresent
0x14073a5a4 LeaveCriticalSection
0x14073a5ac LoadLibraryA
0x14073a5b4 LoadLibraryW
0x14073a5bc LocalFree
0x14073a5c4 MultiByteToWideChar
0x14073a5cc OpenProcess
0x14073a5d4 OutputDebugStringA
0x14073a5dc PostQueuedCompletionStatus
0x14073a5e4 QueryPerformanceCounter
0x14073a5ec QueryPerformanceFrequency
0x14073a5f4 RaiseException
0x14073a5fc ReleaseMutex
0x14073a604 ReleaseSemaphore
0x14073a60c RemoveVectoredExceptionHandler
0x14073a614 ResetEvent
0x14073a61c ResumeThread
0x14073a624 SetConsoleCtrlHandler
0x14073a62c SetErrorMode
0x14073a634 SetEvent
0x14073a63c SetLastError
0x14073a644 SetProcessAffinityMask
0x14073a64c SetProcessPriorityBoost
0x14073a654 SetThreadContext
0x14073a65c SetThreadPriority
0x14073a664 SetUnhandledExceptionFilter
0x14073a66c SetWaitableTimer
0x14073a674 Sleep
0x14073a67c SuspendThread
0x14073a684 SwitchToThread
0x14073a68c TlsAlloc
0x14073a694 TlsGetValue
0x14073a69c TlsSetValue
0x14073a6a4 TryEnterCriticalSection
0x14073a6ac VirtualAlloc
0x14073a6b4 VirtualFree
0x14073a6bc VirtualProtect
0x14073a6c4 VirtualQuery
0x14073a6cc WaitForMultipleObjects
0x14073a6d4 WaitForSingleObject
0x14073a6dc WideCharToMultiByte
0x14073a6e4 WriteConsoleW
0x14073a6ec WriteFile
0x14073a6f4 __C_specific_handler
msvcrt.dll
0x14073a704 ___lc_codepage_func
0x14073a70c ___mb_cur_max_func
0x14073a714 __getmainargs
0x14073a71c __initenv
0x14073a724 __iob_func
0x14073a72c __lconv_init
0x14073a734 __set_app_type
0x14073a73c __setusermatherr
0x14073a744 _acmdln
0x14073a74c _amsg_exit
0x14073a754 _beginthread
0x14073a75c _beginthreadex
0x14073a764 _cexit
0x14073a76c _commode
0x14073a774 _endthreadex
0x14073a77c _errno
0x14073a784 _fmode
0x14073a78c _initterm
0x14073a794 _lock
0x14073a79c _memccpy
0x14073a7a4 _onexit
0x14073a7ac _setjmp
0x14073a7b4 _strdup
0x14073a7bc _ultoa
0x14073a7c4 _unlock
0x14073a7cc abort
0x14073a7d4 calloc
0x14073a7dc exit
0x14073a7e4 fprintf
0x14073a7ec fputc
0x14073a7f4 free
0x14073a7fc fwrite
0x14073a804 localeconv
0x14073a80c longjmp
0x14073a814 malloc
0x14073a81c memcpy
0x14073a824 memmove
0x14073a82c memset
0x14073a834 printf
0x14073a83c realloc
0x14073a844 signal
0x14073a84c strerror
0x14073a854 strlen
0x14073a85c strncmp
0x14073a864 vfprintf
0x14073a86c wcslen
EAT(Export Address Table) Library
0x1407378a0 _cgo_dummy_export
KERNEL32.dll
0x14073a45c AddAtomA
0x14073a464 AddVectoredExceptionHandler
0x14073a46c CloseHandle
0x14073a474 CreateEventA
0x14073a47c CreateFileA
0x14073a484 CreateIoCompletionPort
0x14073a48c CreateMutexA
0x14073a494 CreateSemaphoreA
0x14073a49c CreateThread
0x14073a4a4 CreateWaitableTimerExW
0x14073a4ac DeleteAtom
0x14073a4b4 DeleteCriticalSection
0x14073a4bc DuplicateHandle
0x14073a4c4 EnterCriticalSection
0x14073a4cc ExitProcess
0x14073a4d4 FindAtomA
0x14073a4dc FormatMessageA
0x14073a4e4 FreeEnvironmentStringsW
0x14073a4ec GetAtomNameA
0x14073a4f4 GetConsoleMode
0x14073a4fc GetCurrentProcess
0x14073a504 GetCurrentProcessId
0x14073a50c GetCurrentThread
0x14073a514 GetCurrentThreadId
0x14073a51c GetEnvironmentStringsW
0x14073a524 GetHandleInformation
0x14073a52c GetLastError
0x14073a534 GetProcAddress
0x14073a53c GetProcessAffinityMask
0x14073a544 GetQueuedCompletionStatusEx
0x14073a54c GetStartupInfoA
0x14073a554 GetStdHandle
0x14073a55c GetSystemDirectoryA
0x14073a564 GetSystemInfo
0x14073a56c GetSystemTimeAsFileTime
0x14073a574 GetThreadContext
0x14073a57c GetThreadPriority
0x14073a584 GetTickCount
0x14073a58c InitializeCriticalSection
0x14073a594 IsDBCSLeadByteEx
0x14073a59c IsDebuggerPresent
0x14073a5a4 LeaveCriticalSection
0x14073a5ac LoadLibraryA
0x14073a5b4 LoadLibraryW
0x14073a5bc LocalFree
0x14073a5c4 MultiByteToWideChar
0x14073a5cc OpenProcess
0x14073a5d4 OutputDebugStringA
0x14073a5dc PostQueuedCompletionStatus
0x14073a5e4 QueryPerformanceCounter
0x14073a5ec QueryPerformanceFrequency
0x14073a5f4 RaiseException
0x14073a5fc ReleaseMutex
0x14073a604 ReleaseSemaphore
0x14073a60c RemoveVectoredExceptionHandler
0x14073a614 ResetEvent
0x14073a61c ResumeThread
0x14073a624 SetConsoleCtrlHandler
0x14073a62c SetErrorMode
0x14073a634 SetEvent
0x14073a63c SetLastError
0x14073a644 SetProcessAffinityMask
0x14073a64c SetProcessPriorityBoost
0x14073a654 SetThreadContext
0x14073a65c SetThreadPriority
0x14073a664 SetUnhandledExceptionFilter
0x14073a66c SetWaitableTimer
0x14073a674 Sleep
0x14073a67c SuspendThread
0x14073a684 SwitchToThread
0x14073a68c TlsAlloc
0x14073a694 TlsGetValue
0x14073a69c TlsSetValue
0x14073a6a4 TryEnterCriticalSection
0x14073a6ac VirtualAlloc
0x14073a6b4 VirtualFree
0x14073a6bc VirtualProtect
0x14073a6c4 VirtualQuery
0x14073a6cc WaitForMultipleObjects
0x14073a6d4 WaitForSingleObject
0x14073a6dc WideCharToMultiByte
0x14073a6e4 WriteConsoleW
0x14073a6ec WriteFile
0x14073a6f4 __C_specific_handler
msvcrt.dll
0x14073a704 ___lc_codepage_func
0x14073a70c ___mb_cur_max_func
0x14073a714 __getmainargs
0x14073a71c __initenv
0x14073a724 __iob_func
0x14073a72c __lconv_init
0x14073a734 __set_app_type
0x14073a73c __setusermatherr
0x14073a744 _acmdln
0x14073a74c _amsg_exit
0x14073a754 _beginthread
0x14073a75c _beginthreadex
0x14073a764 _cexit
0x14073a76c _commode
0x14073a774 _endthreadex
0x14073a77c _errno
0x14073a784 _fmode
0x14073a78c _initterm
0x14073a794 _lock
0x14073a79c _memccpy
0x14073a7a4 _onexit
0x14073a7ac _setjmp
0x14073a7b4 _strdup
0x14073a7bc _ultoa
0x14073a7c4 _unlock
0x14073a7cc abort
0x14073a7d4 calloc
0x14073a7dc exit
0x14073a7e4 fprintf
0x14073a7ec fputc
0x14073a7f4 free
0x14073a7fc fwrite
0x14073a804 localeconv
0x14073a80c longjmp
0x14073a814 malloc
0x14073a81c memcpy
0x14073a824 memmove
0x14073a82c memset
0x14073a834 printf
0x14073a83c realloc
0x14073a844 signal
0x14073a84c strerror
0x14073a854 strlen
0x14073a85c strncmp
0x14073a864 vfprintf
0x14073a86c wcslen
EAT(Export Address Table) Library
0x1407378a0 _cgo_dummy_export