ScreenShot
| Created | 2023.11.11 13:22 | Machine | s1_win7_x6403 |
| Filename | Aasd2wdsdas.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | c652cb73b3e3c45d34d494441d84780d | ||
| sha256 | 6dc2da7bc78a1d87a0c1bb9c379f1d58363b6ef1c39c20c31526a26112c4bc70 | ||
| ssdeep | 1536:Fakfgc4DybT7izU/zppCj/DYV654izOpt9:Fak4ED8/DgEBapt | ||
| imphash | f5a49b36f92a8b9d0577b9068b671820 | ||
| impfuzzy | 24:8fg1JcDzncLJ8a0meOX0MG95XGGZC8ETomvlqUq0vZzwL:8fg1iclLebRJGsC8ET1v9q05A | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| info | One or more processes crashed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x43e280 DeleteCriticalSection
0x43e288 EnterCriticalSection
0x43e290 GetCurrentProcess
0x43e298 GetCurrentProcessId
0x43e2a0 GetCurrentThreadId
0x43e2a8 GetLastError
0x43e2b0 GetProcAddress
0x43e2b8 GetStartupInfoA
0x43e2c0 GetSystemTimeAsFileTime
0x43e2c8 GetTickCount
0x43e2d0 InitializeCriticalSection
0x43e2d8 LeaveCriticalSection
0x43e2e0 LoadLibraryA
0x43e2e8 QueryPerformanceCounter
0x43e2f0 RtlAddFunctionTable
0x43e2f8 RtlCaptureContext
0x43e300 RtlLookupFunctionEntry
0x43e308 RtlVirtualUnwind
0x43e310 SetUnhandledExceptionFilter
0x43e318 Sleep
0x43e320 TerminateProcess
0x43e328 TlsGetValue
0x43e330 UnhandledExceptionFilter
0x43e338 VirtualAlloc
0x43e340 VirtualFree
0x43e348 VirtualProtect
0x43e350 VirtualQuery
msvcrt.dll
0x43e360 __C_specific_handler
0x43e368 __getmainargs
0x43e370 __initenv
0x43e378 __iob_func
0x43e380 __lconv_init
0x43e388 __set_app_type
0x43e390 __setusermatherr
0x43e398 _acmdln
0x43e3a0 _amsg_exit
0x43e3a8 _cexit
0x43e3b0 _fileno
0x43e3b8 _fmode
0x43e3c0 _get_osfhandle
0x43e3c8 _initterm
0x43e3d0 _onexit
0x43e3d8 _setjmp
0x43e3e0 _setmode
0x43e3e8 _wfopen
0x43e3f0 abort
0x43e3f8 calloc
0x43e400 exit
0x43e408 fflush
0x43e410 fprintf
0x43e418 fputc
0x43e420 free
0x43e428 fwrite
0x43e430 longjmp
0x43e438 malloc
0x43e440 memchr
0x43e448 memcpy
0x43e450 memset
0x43e458 printf
0x43e460 setvbuf
0x43e468 signal
0x43e470 strcmp
0x43e478 strlen
0x43e480 strncmp
0x43e488 strstr
0x43e490 vfprintf
USER32.dll
0x43e4a0 MessageBoxA
EAT(Export Address Table) is none
KERNEL32.dll
0x43e280 DeleteCriticalSection
0x43e288 EnterCriticalSection
0x43e290 GetCurrentProcess
0x43e298 GetCurrentProcessId
0x43e2a0 GetCurrentThreadId
0x43e2a8 GetLastError
0x43e2b0 GetProcAddress
0x43e2b8 GetStartupInfoA
0x43e2c0 GetSystemTimeAsFileTime
0x43e2c8 GetTickCount
0x43e2d0 InitializeCriticalSection
0x43e2d8 LeaveCriticalSection
0x43e2e0 LoadLibraryA
0x43e2e8 QueryPerformanceCounter
0x43e2f0 RtlAddFunctionTable
0x43e2f8 RtlCaptureContext
0x43e300 RtlLookupFunctionEntry
0x43e308 RtlVirtualUnwind
0x43e310 SetUnhandledExceptionFilter
0x43e318 Sleep
0x43e320 TerminateProcess
0x43e328 TlsGetValue
0x43e330 UnhandledExceptionFilter
0x43e338 VirtualAlloc
0x43e340 VirtualFree
0x43e348 VirtualProtect
0x43e350 VirtualQuery
msvcrt.dll
0x43e360 __C_specific_handler
0x43e368 __getmainargs
0x43e370 __initenv
0x43e378 __iob_func
0x43e380 __lconv_init
0x43e388 __set_app_type
0x43e390 __setusermatherr
0x43e398 _acmdln
0x43e3a0 _amsg_exit
0x43e3a8 _cexit
0x43e3b0 _fileno
0x43e3b8 _fmode
0x43e3c0 _get_osfhandle
0x43e3c8 _initterm
0x43e3d0 _onexit
0x43e3d8 _setjmp
0x43e3e0 _setmode
0x43e3e8 _wfopen
0x43e3f0 abort
0x43e3f8 calloc
0x43e400 exit
0x43e408 fflush
0x43e410 fprintf
0x43e418 fputc
0x43e420 free
0x43e428 fwrite
0x43e430 longjmp
0x43e438 malloc
0x43e440 memchr
0x43e448 memcpy
0x43e450 memset
0x43e458 printf
0x43e460 setvbuf
0x43e468 signal
0x43e470 strcmp
0x43e478 strlen
0x43e480 strncmp
0x43e488 strstr
0x43e490 vfprintf
USER32.dll
0x43e4a0 MessageBoxA
EAT(Export Address Table) is none