ScreenShot
| Created | 2023.11.02 07:46 | Machine | s1_win7_x6401 |
| Filename | haloup.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 3e6ed1ceb52c1d4e9ef09cd3aebe7741 | ||
| sha256 | 95d9d5b89db68830e63fd9a10a2f308a396f9ed6c15dcf9f7c5aec09521bffa3 | ||
| ssdeep | 3072:L1M+yKVKnVo54uZVgUIf+WO86K20A6jfxMhjhHzlCzw7EoP06yt5RME0KtA/qyVG:8CqOVgUIfE86K2UjpuH0FKzqyVRztNA | ||
| imphash | 2aba094e0216215635ebd81a1f48adb4 | ||
| impfuzzy | 24:Ij2vieDHuOGOovq2cpVWQMS1o02tuBg3JBl3eDoroVgv5GM4aZ7OGCeEQn:nBOcpV1MS14tuBgPpXZ3Z7OJbQ | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140025000 CreateDirectoryW
0x140025008 WaitForSingleObject
0x140025010 GetFileAttributesW
0x140025018 OpenEventW
0x140025020 CreateEventW
0x140025028 MultiByteToWideChar
0x140025030 GetLastError
0x140025038 GetFileAttributesA
0x140025040 SetFileAttributesA
0x140025048 VerSetConditionMask
0x140025050 CreateProcessW
0x140025058 IsDebuggerPresent
0x140025060 SetEndOfFile
0x140025068 WriteConsoleW
0x140025070 HeapSize
0x140025078 CreateFileW
0x140025080 GetProcessHeap
0x140025088 CloseHandle
0x140025090 VerifyVersionInfoW
0x140025098 GetModuleFileNameW
0x1400250a0 SetStdHandle
0x1400250a8 FreeEnvironmentStringsW
0x1400250b0 GetEnvironmentStringsW
0x1400250b8 GetCommandLineW
0x1400250c0 GetCommandLineA
0x1400250c8 GetOEMCP
0x1400250d0 GetACP
0x1400250d8 IsValidCodePage
0x1400250e0 FindNextFileW
0x1400250e8 FindFirstFileExW
0x1400250f0 FindClose
0x1400250f8 GetStringTypeW
0x140025100 WideCharToMultiByte
0x140025108 EnterCriticalSection
0x140025110 LeaveCriticalSection
0x140025118 InitializeCriticalSectionEx
0x140025120 DeleteCriticalSection
0x140025128 EncodePointer
0x140025130 DecodePointer
0x140025138 LocalFree
0x140025140 LCMapStringEx
0x140025148 GetCPInfo
0x140025150 QueryPerformanceCounter
0x140025158 GetCurrentProcessId
0x140025160 GetCurrentThreadId
0x140025168 GetSystemTimeAsFileTime
0x140025170 InitializeSListHead
0x140025178 RtlCaptureContext
0x140025180 RtlLookupFunctionEntry
0x140025188 RtlVirtualUnwind
0x140025190 UnhandledExceptionFilter
0x140025198 SetUnhandledExceptionFilter
0x1400251a0 GetStartupInfoW
0x1400251a8 IsProcessorFeaturePresent
0x1400251b0 GetModuleHandleW
0x1400251b8 GetCurrentProcess
0x1400251c0 TerminateProcess
0x1400251c8 RtlUnwindEx
0x1400251d0 RtlPcToFileHeader
0x1400251d8 RaiseException
0x1400251e0 SetLastError
0x1400251e8 InitializeCriticalSectionAndSpinCount
0x1400251f0 TlsAlloc
0x1400251f8 TlsGetValue
0x140025200 TlsSetValue
0x140025208 TlsFree
0x140025210 FreeLibrary
0x140025218 GetProcAddress
0x140025220 LoadLibraryExW
0x140025228 ExitProcess
0x140025230 GetModuleHandleExW
0x140025238 GetStdHandle
0x140025240 WriteFile
0x140025248 HeapAlloc
0x140025250 HeapFree
0x140025258 GetFileType
0x140025260 GetFileSizeEx
0x140025268 SetFilePointerEx
0x140025270 FlushFileBuffers
0x140025278 GetConsoleOutputCP
0x140025280 GetConsoleMode
0x140025288 FlsAlloc
0x140025290 FlsGetValue
0x140025298 FlsSetValue
0x1400252a0 FlsFree
0x1400252a8 LCMapStringW
0x1400252b0 GetLocaleInfoW
0x1400252b8 IsValidLocale
0x1400252c0 GetUserDefaultLCID
0x1400252c8 EnumSystemLocalesW
0x1400252d0 DeleteFileW
0x1400252d8 ReadFile
0x1400252e0 ReadConsoleW
0x1400252e8 HeapReAlloc
0x1400252f0 RtlUnwind
OLEAUT32.dll
0x140025300 VariantClear
EAT(Export Address Table) is none
KERNEL32.dll
0x140025000 CreateDirectoryW
0x140025008 WaitForSingleObject
0x140025010 GetFileAttributesW
0x140025018 OpenEventW
0x140025020 CreateEventW
0x140025028 MultiByteToWideChar
0x140025030 GetLastError
0x140025038 GetFileAttributesA
0x140025040 SetFileAttributesA
0x140025048 VerSetConditionMask
0x140025050 CreateProcessW
0x140025058 IsDebuggerPresent
0x140025060 SetEndOfFile
0x140025068 WriteConsoleW
0x140025070 HeapSize
0x140025078 CreateFileW
0x140025080 GetProcessHeap
0x140025088 CloseHandle
0x140025090 VerifyVersionInfoW
0x140025098 GetModuleFileNameW
0x1400250a0 SetStdHandle
0x1400250a8 FreeEnvironmentStringsW
0x1400250b0 GetEnvironmentStringsW
0x1400250b8 GetCommandLineW
0x1400250c0 GetCommandLineA
0x1400250c8 GetOEMCP
0x1400250d0 GetACP
0x1400250d8 IsValidCodePage
0x1400250e0 FindNextFileW
0x1400250e8 FindFirstFileExW
0x1400250f0 FindClose
0x1400250f8 GetStringTypeW
0x140025100 WideCharToMultiByte
0x140025108 EnterCriticalSection
0x140025110 LeaveCriticalSection
0x140025118 InitializeCriticalSectionEx
0x140025120 DeleteCriticalSection
0x140025128 EncodePointer
0x140025130 DecodePointer
0x140025138 LocalFree
0x140025140 LCMapStringEx
0x140025148 GetCPInfo
0x140025150 QueryPerformanceCounter
0x140025158 GetCurrentProcessId
0x140025160 GetCurrentThreadId
0x140025168 GetSystemTimeAsFileTime
0x140025170 InitializeSListHead
0x140025178 RtlCaptureContext
0x140025180 RtlLookupFunctionEntry
0x140025188 RtlVirtualUnwind
0x140025190 UnhandledExceptionFilter
0x140025198 SetUnhandledExceptionFilter
0x1400251a0 GetStartupInfoW
0x1400251a8 IsProcessorFeaturePresent
0x1400251b0 GetModuleHandleW
0x1400251b8 GetCurrentProcess
0x1400251c0 TerminateProcess
0x1400251c8 RtlUnwindEx
0x1400251d0 RtlPcToFileHeader
0x1400251d8 RaiseException
0x1400251e0 SetLastError
0x1400251e8 InitializeCriticalSectionAndSpinCount
0x1400251f0 TlsAlloc
0x1400251f8 TlsGetValue
0x140025200 TlsSetValue
0x140025208 TlsFree
0x140025210 FreeLibrary
0x140025218 GetProcAddress
0x140025220 LoadLibraryExW
0x140025228 ExitProcess
0x140025230 GetModuleHandleExW
0x140025238 GetStdHandle
0x140025240 WriteFile
0x140025248 HeapAlloc
0x140025250 HeapFree
0x140025258 GetFileType
0x140025260 GetFileSizeEx
0x140025268 SetFilePointerEx
0x140025270 FlushFileBuffers
0x140025278 GetConsoleOutputCP
0x140025280 GetConsoleMode
0x140025288 FlsAlloc
0x140025290 FlsGetValue
0x140025298 FlsSetValue
0x1400252a0 FlsFree
0x1400252a8 LCMapStringW
0x1400252b0 GetLocaleInfoW
0x1400252b8 IsValidLocale
0x1400252c0 GetUserDefaultLCID
0x1400252c8 EnumSystemLocalesW
0x1400252d0 DeleteFileW
0x1400252d8 ReadFile
0x1400252e0 ReadConsoleW
0x1400252e8 HeapReAlloc
0x1400252f0 RtlUnwind
OLEAUT32.dll
0x140025300 VariantClear
EAT(Export Address Table) is none