ScreenShot
| Created | 2023.10.09 12:29 | Machine | s1_win7_x6401 |
| Filename | Reservation information (date, name and etc).exe | ||
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 9809cc75b12ebaa98003f8288978f3b3 | ||
| sha256 | dd5ed75d01cbe4f1957df72a058656e7b45cb1e2e74efa6eb796fe9a7012a173 | ||
| ssdeep | 1572864:Th4QkjGuWsqebzyuGqNMnKuEqHhaPd5nC8DDkeZZZZZsOKa1pVeOKCr7ZPE:l43jRWshbzyuNMnlEqIPrzDkeZZZZZsR | ||
| imphash | 0117a0095c2d1e0d2c4b69ac02367c52 | ||
| impfuzzy | 24:QUwlgIyMUS/Ml32IK9Jdmj8iLX5XNAxWFJlhomvlA/GYqxZ9PvQuhEwVGMZn:nwzTiLXNNzFJlh1vm/GYqt3QoVGY | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| info | Checks amount of memory in system |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | ftp_command | ftp command | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.DLL
0x58421c AddAtomA
0x584220 CreateSemaphoreA
0x584224 ExitProcess
0x584228 FindAtomA
0x58422c GetAtomNameA
0x584230 GetConsoleCursorInfo
0x584234 GetConsoleMode
0x584238 GetConsoleScreenBufferInfo
0x58423c GetLastError
0x584240 GetStdHandle
0x584244 InterlockedDecrement
0x584248 InterlockedIncrement
0x58424c ReleaseSemaphore
0x584250 ScrollConsoleScreenBufferA
0x584254 SetConsoleCursorInfo
0x584258 SetConsoleCursorPosition
0x58425c SetConsoleTextAttribute
0x584260 SetLastError
0x584264 SetUnhandledExceptionFilter
0x584268 Sleep
0x58426c TlsAlloc
0x584270 TlsFree
0x584274 TlsGetValue
0x584278 TlsSetValue
0x58427c WaitForSingleObject
0x584280 WriteConsoleOutputA
msvcrt.dll
0x58428c _chmod
0x584290 _close
0x584294 _dup
0x584298 _fdopen
0x58429c _fstat
0x5842a0 _isatty
0x5842a4 _lseek
0x5842a8 _open
0x5842ac _read
0x5842b0 _rmdir
0x5842b4 _setmode
0x5842b8 _sopen
0x5842bc _stat
0x5842c0 _strdup
0x5842c4 _stricmp
0x5842c8 _unlink
0x5842cc _utime
0x5842d0 _write
msvcrt.dll
0x5842dc __getmainargs
0x5842e0 __mb_cur_max
0x5842e4 __p__environ
0x5842e8 __p__fmode
0x5842ec __set_app_type
0x5842f0 _assert
0x5842f4 _cexit
0x5842f8 _errno
0x5842fc _get_osfhandle
0x584300 _iob
0x584304 _isctype
0x584308 _kbhit
0x58430c _onexit
0x584310 _pctype
0x584314 _setmode
0x584318 abort
0x58431c atexit
0x584320 atoi
0x584324 calloc
0x584328 clearerr
0x58432c clock
0x584330 exit
0x584334 fclose
0x584338 fflush
0x58433c fopen
0x584340 fprintf
0x584344 fputc
0x584348 fputs
0x58434c fread
0x584350 free
0x584354 fseek
0x584358 ftell
0x58435c fwrite
0x584360 getenv
0x584364 malloc
0x584368 memcmp
0x58436c memcpy
0x584370 memmove
0x584374 memset
0x584378 printf
0x58437c putchar
0x584380 qsort
0x584384 rand
0x584388 realloc
0x58438c rename
0x584390 signal
0x584394 sprintf
0x584398 srand
0x58439c sscanf
0x5843a0 strcat
0x5843a4 strchr
0x5843a8 strcmp
0x5843ac strcpy
0x5843b0 strcspn
0x5843b4 strerror
0x5843b8 strlen
0x5843bc strncmp
0x5843c0 strrchr
0x5843c4 strstr
0x5843c8 strtol
0x5843cc strtoul
0x5843d0 time
0x5843d4 tolower
0x5843d8 vfprintf
EAT(Export Address Table) is none
KERNEL32.DLL
0x58421c AddAtomA
0x584220 CreateSemaphoreA
0x584224 ExitProcess
0x584228 FindAtomA
0x58422c GetAtomNameA
0x584230 GetConsoleCursorInfo
0x584234 GetConsoleMode
0x584238 GetConsoleScreenBufferInfo
0x58423c GetLastError
0x584240 GetStdHandle
0x584244 InterlockedDecrement
0x584248 InterlockedIncrement
0x58424c ReleaseSemaphore
0x584250 ScrollConsoleScreenBufferA
0x584254 SetConsoleCursorInfo
0x584258 SetConsoleCursorPosition
0x58425c SetConsoleTextAttribute
0x584260 SetLastError
0x584264 SetUnhandledExceptionFilter
0x584268 Sleep
0x58426c TlsAlloc
0x584270 TlsFree
0x584274 TlsGetValue
0x584278 TlsSetValue
0x58427c WaitForSingleObject
0x584280 WriteConsoleOutputA
msvcrt.dll
0x58428c _chmod
0x584290 _close
0x584294 _dup
0x584298 _fdopen
0x58429c _fstat
0x5842a0 _isatty
0x5842a4 _lseek
0x5842a8 _open
0x5842ac _read
0x5842b0 _rmdir
0x5842b4 _setmode
0x5842b8 _sopen
0x5842bc _stat
0x5842c0 _strdup
0x5842c4 _stricmp
0x5842c8 _unlink
0x5842cc _utime
0x5842d0 _write
msvcrt.dll
0x5842dc __getmainargs
0x5842e0 __mb_cur_max
0x5842e4 __p__environ
0x5842e8 __p__fmode
0x5842ec __set_app_type
0x5842f0 _assert
0x5842f4 _cexit
0x5842f8 _errno
0x5842fc _get_osfhandle
0x584300 _iob
0x584304 _isctype
0x584308 _kbhit
0x58430c _onexit
0x584310 _pctype
0x584314 _setmode
0x584318 abort
0x58431c atexit
0x584320 atoi
0x584324 calloc
0x584328 clearerr
0x58432c clock
0x584330 exit
0x584334 fclose
0x584338 fflush
0x58433c fopen
0x584340 fprintf
0x584344 fputc
0x584348 fputs
0x58434c fread
0x584350 free
0x584354 fseek
0x584358 ftell
0x58435c fwrite
0x584360 getenv
0x584364 malloc
0x584368 memcmp
0x58436c memcpy
0x584370 memmove
0x584374 memset
0x584378 printf
0x58437c putchar
0x584380 qsort
0x584384 rand
0x584388 realloc
0x58438c rename
0x584390 signal
0x584394 sprintf
0x584398 srand
0x58439c sscanf
0x5843a0 strcat
0x5843a4 strchr
0x5843a8 strcmp
0x5843ac strcpy
0x5843b0 strcspn
0x5843b4 strerror
0x5843b8 strlen
0x5843bc strncmp
0x5843c0 strrchr
0x5843c4 strstr
0x5843c8 strtol
0x5843cc strtoul
0x5843d0 time
0x5843d4 tolower
0x5843d8 vfprintf
EAT(Export Address Table) is none