ScreenShot
| Created | 2023.10.20 18:17 | Machine | s1_win7_x6401 |
| Filename | salut.json.exe | ||
| Type | PE32+ executable (DLL) (console) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 3 detected (Artemis) | ||
| md5 | 971dd6c48909adf98861fb8457125faa | ||
| sha256 | 9d80eb4be1e9139a03a6aa3f053fec14ed1880251b1f13d85d84d7d64dddd581 | ||
| ssdeep | 49152:LrALKQaCAFe5VtmMOAfJb4S7TVi2a17aaQsPdSCrXADRkC+rMoUQhebOT1NvekX+:fA2cfd4S3s2aMr87LHF9SJv | ||
| imphash | 8db009bfac1c47ecc3d9737743a3b8e2 | ||
| impfuzzy | 48:hWMe8XOToR9Nl3kn1zGW2TZ4WKYXrjxQbx8Gy3Rhiss:hWX8X0oRjen1k4Tk/xQbx8Gy3Rho | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| watch | Uses Sysinternals tools in order to add additional command line functionality |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | File has been identified by 3 AntiVirus engines on VirusTotal as malicious |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1803506d0 AcquireSRWLockExclusive
0x1803506d8 CloseHandle
0x1803506e0 CompareStringW
0x1803506e8 CreateDirectoryA
0x1803506f0 CreateEventW
0x1803506f8 CreateFileA
0x180350700 CreateFileMappingA
0x180350708 CreateFileMappingW
0x180350710 CreateFileW
0x180350718 CreateThread
0x180350720 DeleteCriticalSection
0x180350728 DeleteFileA
0x180350730 EncodePointer
0x180350738 EnterCriticalSection
0x180350740 EnumSystemLocalesW
0x180350748 ExitProcess
0x180350750 ExitThread
0x180350758 FileTimeToSystemTime
0x180350760 FindClose
0x180350768 FindFirstFileA
0x180350770 FindFirstFileExW
0x180350778 FindNextFileA
0x180350780 FindNextFileW
0x180350788 FlsAlloc
0x180350790 FlsFree
0x180350798 FlsGetValue
0x1803507a0 FlsSetValue
0x1803507a8 FlushFileBuffers
0x1803507b0 FormatMessageA
0x1803507b8 FreeEnvironmentStringsW
0x1803507c0 FreeLibrary
0x1803507c8 FreeLibraryAndExitThread
0x1803507d0 GetACP
0x1803507d8 GetCPInfo
0x1803507e0 GetCommandLineA
0x1803507e8 GetCommandLineW
0x1803507f0 GetConsoleMode
0x1803507f8 GetConsoleOutputCP
0x180350800 GetCurrencyFormatEx
0x180350808 GetCurrentDirectoryW
0x180350810 GetCurrentProcess
0x180350818 GetCurrentProcessId
0x180350820 GetCurrentThreadId
0x180350828 GetDateFormatW
0x180350830 GetDynamicTimeZoneInformation
0x180350838 GetEnvironmentStringsW
0x180350840 GetFileAttributesA
0x180350848 GetFileAttributesExA
0x180350850 GetFileInformationByHandle
0x180350858 GetFileSizeEx
0x180350860 GetFileType
0x180350868 GetGeoInfoW
0x180350870 GetLastError
0x180350878 GetLocalTime
0x180350880 GetLocaleInfoEx
0x180350888 GetLocaleInfoW
0x180350890 GetLogicalProcessorInformation
0x180350898 GetLogicalProcessorInformationEx
0x1803508a0 GetMaximumProcessorCount
0x1803508a8 GetMaximumProcessorGroupCount
0x1803508b0 GetModuleFileNameW
0x1803508b8 GetModuleHandleA
0x1803508c0 GetModuleHandleExW
0x1803508c8 GetModuleHandleW
0x1803508d0 GetNumberFormatEx
0x1803508d8 GetOEMCP
0x1803508e0 GetProcAddress
0x1803508e8 GetProcessHeap
0x1803508f0 GetStartupInfoW
0x1803508f8 GetStdHandle
0x180350900 GetStringTypeW
0x180350908 GetSystemInfo
0x180350910 GetSystemTimeAsFileTime
0x180350918 GetTempPathA
0x180350920 GetTimeFormatW
0x180350928 GetTimeZoneInformation
0x180350930 GetUserDefaultLCID
0x180350938 GetUserGeoID
0x180350940 HeapAlloc
0x180350948 HeapFree
0x180350950 HeapReAlloc
0x180350958 HeapSize
0x180350960 InitOnceExecuteOnce
0x180350968 InitializeConditionVariable
0x180350970 InitializeCriticalSectionAndSpinCount
0x180350978 InitializeSListHead
0x180350980 InitializeSRWLock
0x180350988 InterlockedFlushSList
0x180350990 InterlockedPushEntrySList
0x180350998 IsDebuggerPresent
0x1803509a0 IsProcessorFeaturePresent
0x1803509a8 IsValidCodePage
0x1803509b0 IsValidLocale
0x1803509b8 LCMapStringW
0x1803509c0 LeaveCriticalSection
0x1803509c8 LoadLibraryExW
0x1803509d0 LoadLibraryW
0x1803509d8 LocalFree
0x1803509e0 LockFile
0x1803509e8 MapViewOfFile
0x1803509f0 MoveFileA
0x1803509f8 MultiByteToWideChar
0x180350a00 PeekNamedPipe
0x180350a08 QueryPerformanceCounter
0x180350a10 QueryPerformanceFrequency
0x180350a18 RaiseException
0x180350a20 ReadConsoleW
0x180350a28 ReadFile
0x180350a30 ReleaseSRWLockExclusive
0x180350a38 RemoveDirectoryA
0x180350a40 ReplaceFileA
0x180350a48 ResetEvent
0x180350a50 ResolveLocaleName
0x180350a58 RtlCaptureContext
0x180350a60 RtlLookupFunctionEntry
0x180350a68 RtlPcToFileHeader
0x180350a70 RtlUnwind
0x180350a78 RtlUnwindEx
0x180350a80 RtlVirtualUnwind
0x180350a88 SetEndOfFile
0x180350a90 SetEnvironmentVariableW
0x180350a98 SetEvent
0x180350aa0 SetFilePointerEx
0x180350aa8 SetLastError
0x180350ab0 SetStdHandle
0x180350ab8 SetUnhandledExceptionFilter
0x180350ac0 Sleep
0x180350ac8 SleepConditionVariableSRW
0x180350ad0 SwitchToThread
0x180350ad8 SystemTimeToTzSpecificLocalTime
0x180350ae0 TerminateProcess
0x180350ae8 TlsAlloc
0x180350af0 TlsFree
0x180350af8 TlsGetValue
0x180350b00 TlsSetValue
0x180350b08 UnhandledExceptionFilter
0x180350b10 UnlockFile
0x180350b18 UnmapViewOfFile
0x180350b20 VirtualAlloc
0x180350b28 WaitForSingleObject
0x180350b30 WaitForSingleObjectEx
0x180350b38 WakeAllConditionVariable
0x180350b40 WakeConditionVariable
0x180350b48 WideCharToMultiByte
0x180350b50 WriteConsoleW
0x180350b58 WriteFile
ADVAPI32.dll
0x180350b68 RegCloseKey
0x180350b70 RegEnumKeyExW
0x180350b78 RegOpenKeyExW
0x180350b80 RegQueryInfoKeyW
0x180350b88 RegQueryValueExW
EAT(Export Address Table) Library
0x18015ad90 OptimizationGuideEntityAnnotatorAnnotateGetOutputMetadataAtIndex
0x18015ad60 OptimizationGuideEntityAnnotatorAnnotateGetOutputMetadataScoreAtIndex
0x18015ad30 OptimizationGuideEntityAnnotatorAnnotateJobCreate
0x18015adc0 OptimizationGuideEntityAnnotatorAnnotateJobDelete
0x180002680 OptimizationGuideEntityAnnotatorCreateFromOptions
0x18015ad00 OptimizationGuideEntityAnnotatorDelete
0x18015adf0 OptimizationGuideEntityAnnotatorEntityMetadataJobCreate
0x18015afa0 OptimizationGuideEntityAnnotatorEntityMetadataJobDelete
0x18015ace0 OptimizationGuideEntityAnnotatorGetCreationError
0x180002670 OptimizationGuideEntityAnnotatorGetMaxSupportedFeatureFlag
0x1800033a0 OptimizationGuideEntityAnnotatorOptionsAddModelSlice
0x18015afd0 OptimizationGuideEntityAnnotatorOptionsCreate
0x18015aff0 OptimizationGuideEntityAnnotatorOptionsDelete
0x180003220 OptimizationGuideEntityAnnotatorOptionsSetModelFilePath
0x1800032a0 OptimizationGuideEntityAnnotatorOptionsSetModelMetadataFilePath
0x180003320 OptimizationGuideEntityAnnotatorOptionsSetWordEmbeddingsFilePath
0x180002930 OptimizationGuideEntityAnnotatorRunAnnotateJob
0x18015ae20 OptimizationGuideEntityAnnotatorRunEntityMetadataJob
0x18015b1c0 OptimizationGuideEntityMetadataGetCollectionAtIndex
0x18015b1a0 OptimizationGuideEntityMetadataGetCollectionsCount
0x18015b020 OptimizationGuideEntityMetadataGetEntityID
0x18015b130 OptimizationGuideEntityMetadataGetHumanReadableAliasAtIndex
0x18015b110 OptimizationGuideEntityMetadataGetHumanReadableAliasesCount
0x18015b040 OptimizationGuideEntityMetadataGetHumanReadableCategoriesCount
0x18015b050 OptimizationGuideEntityMetadataGetHumanReadableCategoryNameAtIndex
0x18015b0b0 OptimizationGuideEntityMetadataGetHumanReadableCategoryScoreAtIndex
0x18015b030 OptimizationGuideEntityMetadataGetHumanReadableName
KERNEL32.dll
0x1803506d0 AcquireSRWLockExclusive
0x1803506d8 CloseHandle
0x1803506e0 CompareStringW
0x1803506e8 CreateDirectoryA
0x1803506f0 CreateEventW
0x1803506f8 CreateFileA
0x180350700 CreateFileMappingA
0x180350708 CreateFileMappingW
0x180350710 CreateFileW
0x180350718 CreateThread
0x180350720 DeleteCriticalSection
0x180350728 DeleteFileA
0x180350730 EncodePointer
0x180350738 EnterCriticalSection
0x180350740 EnumSystemLocalesW
0x180350748 ExitProcess
0x180350750 ExitThread
0x180350758 FileTimeToSystemTime
0x180350760 FindClose
0x180350768 FindFirstFileA
0x180350770 FindFirstFileExW
0x180350778 FindNextFileA
0x180350780 FindNextFileW
0x180350788 FlsAlloc
0x180350790 FlsFree
0x180350798 FlsGetValue
0x1803507a0 FlsSetValue
0x1803507a8 FlushFileBuffers
0x1803507b0 FormatMessageA
0x1803507b8 FreeEnvironmentStringsW
0x1803507c0 FreeLibrary
0x1803507c8 FreeLibraryAndExitThread
0x1803507d0 GetACP
0x1803507d8 GetCPInfo
0x1803507e0 GetCommandLineA
0x1803507e8 GetCommandLineW
0x1803507f0 GetConsoleMode
0x1803507f8 GetConsoleOutputCP
0x180350800 GetCurrencyFormatEx
0x180350808 GetCurrentDirectoryW
0x180350810 GetCurrentProcess
0x180350818 GetCurrentProcessId
0x180350820 GetCurrentThreadId
0x180350828 GetDateFormatW
0x180350830 GetDynamicTimeZoneInformation
0x180350838 GetEnvironmentStringsW
0x180350840 GetFileAttributesA
0x180350848 GetFileAttributesExA
0x180350850 GetFileInformationByHandle
0x180350858 GetFileSizeEx
0x180350860 GetFileType
0x180350868 GetGeoInfoW
0x180350870 GetLastError
0x180350878 GetLocalTime
0x180350880 GetLocaleInfoEx
0x180350888 GetLocaleInfoW
0x180350890 GetLogicalProcessorInformation
0x180350898 GetLogicalProcessorInformationEx
0x1803508a0 GetMaximumProcessorCount
0x1803508a8 GetMaximumProcessorGroupCount
0x1803508b0 GetModuleFileNameW
0x1803508b8 GetModuleHandleA
0x1803508c0 GetModuleHandleExW
0x1803508c8 GetModuleHandleW
0x1803508d0 GetNumberFormatEx
0x1803508d8 GetOEMCP
0x1803508e0 GetProcAddress
0x1803508e8 GetProcessHeap
0x1803508f0 GetStartupInfoW
0x1803508f8 GetStdHandle
0x180350900 GetStringTypeW
0x180350908 GetSystemInfo
0x180350910 GetSystemTimeAsFileTime
0x180350918 GetTempPathA
0x180350920 GetTimeFormatW
0x180350928 GetTimeZoneInformation
0x180350930 GetUserDefaultLCID
0x180350938 GetUserGeoID
0x180350940 HeapAlloc
0x180350948 HeapFree
0x180350950 HeapReAlloc
0x180350958 HeapSize
0x180350960 InitOnceExecuteOnce
0x180350968 InitializeConditionVariable
0x180350970 InitializeCriticalSectionAndSpinCount
0x180350978 InitializeSListHead
0x180350980 InitializeSRWLock
0x180350988 InterlockedFlushSList
0x180350990 InterlockedPushEntrySList
0x180350998 IsDebuggerPresent
0x1803509a0 IsProcessorFeaturePresent
0x1803509a8 IsValidCodePage
0x1803509b0 IsValidLocale
0x1803509b8 LCMapStringW
0x1803509c0 LeaveCriticalSection
0x1803509c8 LoadLibraryExW
0x1803509d0 LoadLibraryW
0x1803509d8 LocalFree
0x1803509e0 LockFile
0x1803509e8 MapViewOfFile
0x1803509f0 MoveFileA
0x1803509f8 MultiByteToWideChar
0x180350a00 PeekNamedPipe
0x180350a08 QueryPerformanceCounter
0x180350a10 QueryPerformanceFrequency
0x180350a18 RaiseException
0x180350a20 ReadConsoleW
0x180350a28 ReadFile
0x180350a30 ReleaseSRWLockExclusive
0x180350a38 RemoveDirectoryA
0x180350a40 ReplaceFileA
0x180350a48 ResetEvent
0x180350a50 ResolveLocaleName
0x180350a58 RtlCaptureContext
0x180350a60 RtlLookupFunctionEntry
0x180350a68 RtlPcToFileHeader
0x180350a70 RtlUnwind
0x180350a78 RtlUnwindEx
0x180350a80 RtlVirtualUnwind
0x180350a88 SetEndOfFile
0x180350a90 SetEnvironmentVariableW
0x180350a98 SetEvent
0x180350aa0 SetFilePointerEx
0x180350aa8 SetLastError
0x180350ab0 SetStdHandle
0x180350ab8 SetUnhandledExceptionFilter
0x180350ac0 Sleep
0x180350ac8 SleepConditionVariableSRW
0x180350ad0 SwitchToThread
0x180350ad8 SystemTimeToTzSpecificLocalTime
0x180350ae0 TerminateProcess
0x180350ae8 TlsAlloc
0x180350af0 TlsFree
0x180350af8 TlsGetValue
0x180350b00 TlsSetValue
0x180350b08 UnhandledExceptionFilter
0x180350b10 UnlockFile
0x180350b18 UnmapViewOfFile
0x180350b20 VirtualAlloc
0x180350b28 WaitForSingleObject
0x180350b30 WaitForSingleObjectEx
0x180350b38 WakeAllConditionVariable
0x180350b40 WakeConditionVariable
0x180350b48 WideCharToMultiByte
0x180350b50 WriteConsoleW
0x180350b58 WriteFile
ADVAPI32.dll
0x180350b68 RegCloseKey
0x180350b70 RegEnumKeyExW
0x180350b78 RegOpenKeyExW
0x180350b80 RegQueryInfoKeyW
0x180350b88 RegQueryValueExW
EAT(Export Address Table) Library
0x18015ad90 OptimizationGuideEntityAnnotatorAnnotateGetOutputMetadataAtIndex
0x18015ad60 OptimizationGuideEntityAnnotatorAnnotateGetOutputMetadataScoreAtIndex
0x18015ad30 OptimizationGuideEntityAnnotatorAnnotateJobCreate
0x18015adc0 OptimizationGuideEntityAnnotatorAnnotateJobDelete
0x180002680 OptimizationGuideEntityAnnotatorCreateFromOptions
0x18015ad00 OptimizationGuideEntityAnnotatorDelete
0x18015adf0 OptimizationGuideEntityAnnotatorEntityMetadataJobCreate
0x18015afa0 OptimizationGuideEntityAnnotatorEntityMetadataJobDelete
0x18015ace0 OptimizationGuideEntityAnnotatorGetCreationError
0x180002670 OptimizationGuideEntityAnnotatorGetMaxSupportedFeatureFlag
0x1800033a0 OptimizationGuideEntityAnnotatorOptionsAddModelSlice
0x18015afd0 OptimizationGuideEntityAnnotatorOptionsCreate
0x18015aff0 OptimizationGuideEntityAnnotatorOptionsDelete
0x180003220 OptimizationGuideEntityAnnotatorOptionsSetModelFilePath
0x1800032a0 OptimizationGuideEntityAnnotatorOptionsSetModelMetadataFilePath
0x180003320 OptimizationGuideEntityAnnotatorOptionsSetWordEmbeddingsFilePath
0x180002930 OptimizationGuideEntityAnnotatorRunAnnotateJob
0x18015ae20 OptimizationGuideEntityAnnotatorRunEntityMetadataJob
0x18015b1c0 OptimizationGuideEntityMetadataGetCollectionAtIndex
0x18015b1a0 OptimizationGuideEntityMetadataGetCollectionsCount
0x18015b020 OptimizationGuideEntityMetadataGetEntityID
0x18015b130 OptimizationGuideEntityMetadataGetHumanReadableAliasAtIndex
0x18015b110 OptimizationGuideEntityMetadataGetHumanReadableAliasesCount
0x18015b040 OptimizationGuideEntityMetadataGetHumanReadableCategoriesCount
0x18015b050 OptimizationGuideEntityMetadataGetHumanReadableCategoryNameAtIndex
0x18015b0b0 OptimizationGuideEntityMetadataGetHumanReadableCategoryScoreAtIndex
0x18015b030 OptimizationGuideEntityMetadataGetHumanReadableName