ScreenShot
| Created | 2023.10.23 16:50 | Machine | s1_win7_x6401 |
| Filename | herom.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 979c731d6aee4715335cd65dd1bcc21e | ||
| sha256 | 4e03e19eea2aed7a0b52b5c51743aa70aeec876a80f8b2940236d08393384f76 | ||
| ssdeep | 49152:WfI6sWe9yNqOH806IWx6CFilOWqMKOLPlNfO:WP29y/+iUWUOLPlNm | ||
| imphash | 1d0e3506c01cb61e9312cbea4911e92e | ||
| impfuzzy | 48:oBA6UyokRjS/Svn6gAkK/gylSYcx02GIeXGSqIYayb4yOpZ9Bfcmp:oBP4cRGIeXGSqIYayb4yYZ/fcy | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Command line console output was observed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
OLEAUT32.dll
0x41c158 SysAllocStringLen
0x41c15c VariantClear
0x41c160 SysStringLen
USER32.dll
0x41c170 DialogBoxParamW
0x41c174 SetWindowLongW
0x41c178 GetWindowLongW
0x41c17c GetDlgItem
0x41c180 LoadStringW
0x41c184 CharUpperW
0x41c188 DestroyWindow
0x41c18c EndDialog
0x41c190 PostMessageW
0x41c194 SetWindowTextW
0x41c198 ShowWindow
0x41c19c MessageBoxW
0x41c1a0 SetTimer
0x41c1a4 SendMessageW
0x41c1a8 LoadIconW
0x41c1ac KillTimer
SHELL32.dll
0x41c168 ShellExecuteExW
MSVCRT.dll
0x41c0e8 _controlfp
0x41c0ec __set_app_type
0x41c0f0 __p__fmode
0x41c0f4 __p__commode
0x41c0f8 _adjust_fdiv
0x41c0fc __setusermatherr
0x41c100 _initterm
0x41c104 __getmainargs
0x41c108 _acmdln
0x41c10c exit
0x41c110 _XcptFilter
0x41c114 _exit
0x41c118 ?terminate@@YAXXZ
0x41c11c ??1type_info@@UAE@XZ
0x41c120 _except_handler3
0x41c124 _beginthreadex
0x41c128 memset
0x41c12c wcsstr
0x41c130 free
0x41c134 malloc
0x41c138 memcpy
0x41c13c _CxxThrowException
0x41c140 _purecall
0x41c144 memmove
0x41c148 memcmp
0x41c14c wcscmp
0x41c150 __CxxFrameHandler
KERNEL32.dll
0x41c000 GetStartupInfoA
0x41c004 InitializeCriticalSection
0x41c008 ReleaseSemaphore
0x41c00c CreateSemaphoreW
0x41c010 ResetEvent
0x41c014 SetEvent
0x41c018 CreateEventW
0x41c01c lstrlenW
0x41c020 lstrcatW
0x41c024 VirtualFree
0x41c028 VirtualAlloc
0x41c02c Sleep
0x41c030 GetStdHandle
0x41c034 GlobalMemoryStatus
0x41c038 GetSystemInfo
0x41c03c GetCurrentProcess
0x41c040 GetProcessAffinityMask
0x41c044 SetEndOfFile
0x41c048 WriteFile
0x41c04c ReadFile
0x41c050 SetFilePointer
0x41c054 GetFileSize
0x41c058 GetFileInformationByHandle
0x41c05c GetFileAttributesW
0x41c060 GetModuleHandleA
0x41c064 FindNextFileW
0x41c068 FindFirstFileW
0x41c06c FindClose
0x41c070 GetCurrentThreadId
0x41c074 GetTickCount
0x41c078 GetTempPathW
0x41c07c GetCurrentDirectoryW
0x41c080 SetCurrentDirectoryW
0x41c084 SetLastError
0x41c088 DeleteFileW
0x41c08c CreateDirectoryW
0x41c090 GetModuleHandleW
0x41c094 GetProcAddress
0x41c098 RemoveDirectoryW
0x41c09c SetFileAttributesW
0x41c0a0 CreateFileW
0x41c0a4 SetFileTime
0x41c0a8 GetSystemDirectoryW
0x41c0ac GetCurrentProcessId
0x41c0b0 FormatMessageW
0x41c0b4 LocalFree
0x41c0b8 GetModuleFileNameW
0x41c0bc LoadLibraryExW
0x41c0c0 DeleteCriticalSection
0x41c0c4 EnterCriticalSection
0x41c0c8 LeaveCriticalSection
0x41c0cc GetLastError
0x41c0d0 GetVersionExW
0x41c0d4 GetCommandLineW
0x41c0d8 CreateProcessW
0x41c0dc CloseHandle
0x41c0e0 WaitForSingleObject
EAT(Export Address Table) is none
OLEAUT32.dll
0x41c158 SysAllocStringLen
0x41c15c VariantClear
0x41c160 SysStringLen
USER32.dll
0x41c170 DialogBoxParamW
0x41c174 SetWindowLongW
0x41c178 GetWindowLongW
0x41c17c GetDlgItem
0x41c180 LoadStringW
0x41c184 CharUpperW
0x41c188 DestroyWindow
0x41c18c EndDialog
0x41c190 PostMessageW
0x41c194 SetWindowTextW
0x41c198 ShowWindow
0x41c19c MessageBoxW
0x41c1a0 SetTimer
0x41c1a4 SendMessageW
0x41c1a8 LoadIconW
0x41c1ac KillTimer
SHELL32.dll
0x41c168 ShellExecuteExW
MSVCRT.dll
0x41c0e8 _controlfp
0x41c0ec __set_app_type
0x41c0f0 __p__fmode
0x41c0f4 __p__commode
0x41c0f8 _adjust_fdiv
0x41c0fc __setusermatherr
0x41c100 _initterm
0x41c104 __getmainargs
0x41c108 _acmdln
0x41c10c exit
0x41c110 _XcptFilter
0x41c114 _exit
0x41c118 ?terminate@@YAXXZ
0x41c11c ??1type_info@@UAE@XZ
0x41c120 _except_handler3
0x41c124 _beginthreadex
0x41c128 memset
0x41c12c wcsstr
0x41c130 free
0x41c134 malloc
0x41c138 memcpy
0x41c13c _CxxThrowException
0x41c140 _purecall
0x41c144 memmove
0x41c148 memcmp
0x41c14c wcscmp
0x41c150 __CxxFrameHandler
KERNEL32.dll
0x41c000 GetStartupInfoA
0x41c004 InitializeCriticalSection
0x41c008 ReleaseSemaphore
0x41c00c CreateSemaphoreW
0x41c010 ResetEvent
0x41c014 SetEvent
0x41c018 CreateEventW
0x41c01c lstrlenW
0x41c020 lstrcatW
0x41c024 VirtualFree
0x41c028 VirtualAlloc
0x41c02c Sleep
0x41c030 GetStdHandle
0x41c034 GlobalMemoryStatus
0x41c038 GetSystemInfo
0x41c03c GetCurrentProcess
0x41c040 GetProcessAffinityMask
0x41c044 SetEndOfFile
0x41c048 WriteFile
0x41c04c ReadFile
0x41c050 SetFilePointer
0x41c054 GetFileSize
0x41c058 GetFileInformationByHandle
0x41c05c GetFileAttributesW
0x41c060 GetModuleHandleA
0x41c064 FindNextFileW
0x41c068 FindFirstFileW
0x41c06c FindClose
0x41c070 GetCurrentThreadId
0x41c074 GetTickCount
0x41c078 GetTempPathW
0x41c07c GetCurrentDirectoryW
0x41c080 SetCurrentDirectoryW
0x41c084 SetLastError
0x41c088 DeleteFileW
0x41c08c CreateDirectoryW
0x41c090 GetModuleHandleW
0x41c094 GetProcAddress
0x41c098 RemoveDirectoryW
0x41c09c SetFileAttributesW
0x41c0a0 CreateFileW
0x41c0a4 SetFileTime
0x41c0a8 GetSystemDirectoryW
0x41c0ac GetCurrentProcessId
0x41c0b0 FormatMessageW
0x41c0b4 LocalFree
0x41c0b8 GetModuleFileNameW
0x41c0bc LoadLibraryExW
0x41c0c0 DeleteCriticalSection
0x41c0c4 EnterCriticalSection
0x41c0c8 LeaveCriticalSection
0x41c0cc GetLastError
0x41c0d0 GetVersionExW
0x41c0d4 GetCommandLineW
0x41c0d8 CreateProcessW
0x41c0dc CloseHandle
0x41c0e0 WaitForSingleObject
EAT(Export Address Table) is none