ScreenShot
| Created | 2023.11.11 16:37 | Machine | s1_win7_x6402 |
| Filename | appx.jpg.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | |||
| md5 | 2b4ce8a4efe44bca4f79f8ca5a9588d8 | ||
| sha256 | e579629f0fb73632032fe80e7f156eb7826093f6f1d07695b4d40b8833c265c1 | ||
| ssdeep | 24576:zjFPcsRZviJwTSRzdfgSLbirY1cO3EwNTVnS/k2:KJwmpfgONTGk2 | ||
| imphash | 41dd104e06c4aa32835a136e502b8530 | ||
| impfuzzy | 96:aT8eWxQoH1jBnmZpvXXZTjxNPR1yX1PJ0Q:aT8eWhVjQVpyF+Q | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
wininterop.dll
0x4b2460 GetInstallDetailsPayload
0x4b2464 SignalInitializeCrashReporting
ADVAPI32.dll
0x4b246c EventRegister
0x4b2470 EventUnregister
0x4b2474 EventWrite
0x4b2478 RegCloseKey
0x4b247c RegGetValueW
0x4b2480 RegOpenKeyExW
0x4b2484 RegQueryValueExW
0x4b2488 SystemFunction036
WINMM.dll
0x4b2490 timeGetTime
KERNEL32.dll
0x4b2498 AcquireSRWLockExclusive
0x4b249c CloseHandle
0x4b24a0 CompareStringW
0x4b24a4 CreateEventW
0x4b24a8 CreateFileMappingW
0x4b24ac CreateFileW
0x4b24b0 CreateThread
0x4b24b4 DecodePointer
0x4b24b8 DeleteCriticalSection
0x4b24bc EncodePointer
0x4b24c0 EnterCriticalSection
0x4b24c4 EnumSystemLocalesW
0x4b24c8 ExitProcess
0x4b24cc ExitThread
0x4b24d0 ExpandEnvironmentStringsW
0x4b24d4 FindClose
0x4b24d8 FindFirstFileExW
0x4b24dc FindNextFileW
0x4b24e0 FlsAlloc
0x4b24e4 FlsSetValue
0x4b24e8 FlushFileBuffers
0x4b24ec FormatMessageA
0x4b24f0 FreeEnvironmentStringsW
0x4b24f4 FreeLibrary
0x4b24f8 FreeLibraryAndExitThread
0x4b24fc GetACP
0x4b2500 GetCPInfo
0x4b2504 GetCommandLineA
0x4b2508 GetCommandLineW
0x4b250c GetComputerNameExW
0x4b2510 GetConsoleMode
0x4b2514 GetConsoleOutputCP
0x4b2518 GetCurrentDirectoryW
0x4b251c GetCurrentProcess
0x4b2520 GetCurrentProcessId
0x4b2524 GetCurrentThread
0x4b2528 GetCurrentThreadId
0x4b252c GetDateFormatW
0x4b2530 GetDriveTypeW
0x4b2534 GetEnvironmentStringsW
0x4b2538 GetEnvironmentVariableW
0x4b253c GetFileAttributesW
0x4b2540 GetFileSizeEx
0x4b2544 GetFileType
0x4b2548 GetFullPathNameW
0x4b254c GetLastError
0x4b2550 GetLocalTime
0x4b2554 GetLocaleInfoW
0x4b2558 GetLogicalProcessorInformation
0x4b255c GetModuleFileNameW
0x4b2560 GetModuleHandleA
0x4b2564 GetModuleHandleExW
0x4b2568 GetModuleHandleW
0x4b256c GetNativeSystemInfo
0x4b2570 GetOEMCP
0x4b2574 GetProcAddress
0x4b2578 GetProcessHeap
0x4b257c GetProductInfo
0x4b2580 GetStartupInfoW
0x4b2584 GetStdHandle
0x4b2588 GetStringTypeW
0x4b258c GetSystemDirectoryW
0x4b2590 GetSystemInfo
0x4b2594 GetSystemTimeAsFileTime
0x4b2598 GetTempPathW
0x4b259c GetThreadId
0x4b25a0 GetThreadPriority
0x4b25a4 GetTickCount
0x4b25a8 GetTimeFormatW
0x4b25ac GetTimeZoneInformation
0x4b25b0 GetUserDefaultLCID
0x4b25b4 GetVersionExW
0x4b25b8 GetWindowsDirectoryW
0x4b25bc InitOnceExecuteOnce
0x4b25c0 InitializeCriticalSectionAndSpinCount
0x4b25c4 InitializeSListHead
0x4b25c8 IsDebuggerPresent
0x4b25cc IsProcessorFeaturePresent
0x4b25d0 IsValidCodePage
0x4b25d4 IsValidLocale
0x4b25d8 IsWow64Process
0x4b25dc LCMapStringW
0x4b25e0 LeaveCriticalSection
0x4b25e4 LoadLibraryExA
0x4b25e8 LoadLibraryExW
0x4b25ec LoadLibraryW
0x4b25f0 LocalFree
0x4b25f4 MapViewOfFile
0x4b25f8 MultiByteToWideChar
0x4b25fc OutputDebugStringA
0x4b2600 QueryPerformanceCounter
0x4b2604 QueryPerformanceFrequency
0x4b2608 QueryThreadCycleTime
0x4b260c RaiseException
0x4b2610 ReadConsoleW
0x4b2614 ReadFile
0x4b2618 ReleaseSRWLockExclusive
0x4b261c ResetEvent
0x4b2620 RtlCaptureStackBackTrace
0x4b2624 RtlUnwind
0x4b2628 SetCurrentDirectoryW
0x4b262c SetEnvironmentVariableW
0x4b2630 SetEvent
0x4b2634 SetFilePointerEx
0x4b2638 SetLastError
0x4b263c SetProcessShutdownParameters
0x4b2640 SetStdHandle
0x4b2644 SetThreadPriority
0x4b2648 SetUnhandledExceptionFilter
0x4b264c Sleep
0x4b2650 SleepConditionVariableSRW
0x4b2654 TerminateProcess
0x4b2658 TlsAlloc
0x4b265c TlsFree
0x4b2660 TlsGetValue
0x4b2664 TlsSetValue
0x4b2668 TryAcquireSRWLockExclusive
0x4b266c UnhandledExceptionFilter
0x4b2670 UnmapViewOfFile
0x4b2674 VirtualAlloc
0x4b2678 VirtualFree
0x4b267c VirtualProtect
0x4b2680 VirtualQuery
0x4b2684 WaitForSingleObject
0x4b2688 WaitForSingleObjectEx
0x4b268c WakeAllConditionVariable
0x4b2690 WakeConditionVariable
0x4b2694 WideCharToMultiByte
0x4b2698 WriteConsoleW
0x4b269c WriteFile
SHELL32.dll
0x4b26a4 CommandLineToArgvW
0x4b26a8 SHGetFolderPathW
0x4b26ac SHGetKnownFolderPath
ole32.dll
0x4b26b4 CoCreateInstance
0x4b26b8 CoTaskMemFree
OLEAUT32.dll
0x4b26c0 SysAllocString
0x4b26c4 SysAllocStringLen
0x4b26c8 SysFreeString
0x4b26cc VariantClear
EAT(Export Address Table) Library
0x45c560 GetHandleVerifier
wininterop.dll
0x4b2460 GetInstallDetailsPayload
0x4b2464 SignalInitializeCrashReporting
ADVAPI32.dll
0x4b246c EventRegister
0x4b2470 EventUnregister
0x4b2474 EventWrite
0x4b2478 RegCloseKey
0x4b247c RegGetValueW
0x4b2480 RegOpenKeyExW
0x4b2484 RegQueryValueExW
0x4b2488 SystemFunction036
WINMM.dll
0x4b2490 timeGetTime
KERNEL32.dll
0x4b2498 AcquireSRWLockExclusive
0x4b249c CloseHandle
0x4b24a0 CompareStringW
0x4b24a4 CreateEventW
0x4b24a8 CreateFileMappingW
0x4b24ac CreateFileW
0x4b24b0 CreateThread
0x4b24b4 DecodePointer
0x4b24b8 DeleteCriticalSection
0x4b24bc EncodePointer
0x4b24c0 EnterCriticalSection
0x4b24c4 EnumSystemLocalesW
0x4b24c8 ExitProcess
0x4b24cc ExitThread
0x4b24d0 ExpandEnvironmentStringsW
0x4b24d4 FindClose
0x4b24d8 FindFirstFileExW
0x4b24dc FindNextFileW
0x4b24e0 FlsAlloc
0x4b24e4 FlsSetValue
0x4b24e8 FlushFileBuffers
0x4b24ec FormatMessageA
0x4b24f0 FreeEnvironmentStringsW
0x4b24f4 FreeLibrary
0x4b24f8 FreeLibraryAndExitThread
0x4b24fc GetACP
0x4b2500 GetCPInfo
0x4b2504 GetCommandLineA
0x4b2508 GetCommandLineW
0x4b250c GetComputerNameExW
0x4b2510 GetConsoleMode
0x4b2514 GetConsoleOutputCP
0x4b2518 GetCurrentDirectoryW
0x4b251c GetCurrentProcess
0x4b2520 GetCurrentProcessId
0x4b2524 GetCurrentThread
0x4b2528 GetCurrentThreadId
0x4b252c GetDateFormatW
0x4b2530 GetDriveTypeW
0x4b2534 GetEnvironmentStringsW
0x4b2538 GetEnvironmentVariableW
0x4b253c GetFileAttributesW
0x4b2540 GetFileSizeEx
0x4b2544 GetFileType
0x4b2548 GetFullPathNameW
0x4b254c GetLastError
0x4b2550 GetLocalTime
0x4b2554 GetLocaleInfoW
0x4b2558 GetLogicalProcessorInformation
0x4b255c GetModuleFileNameW
0x4b2560 GetModuleHandleA
0x4b2564 GetModuleHandleExW
0x4b2568 GetModuleHandleW
0x4b256c GetNativeSystemInfo
0x4b2570 GetOEMCP
0x4b2574 GetProcAddress
0x4b2578 GetProcessHeap
0x4b257c GetProductInfo
0x4b2580 GetStartupInfoW
0x4b2584 GetStdHandle
0x4b2588 GetStringTypeW
0x4b258c GetSystemDirectoryW
0x4b2590 GetSystemInfo
0x4b2594 GetSystemTimeAsFileTime
0x4b2598 GetTempPathW
0x4b259c GetThreadId
0x4b25a0 GetThreadPriority
0x4b25a4 GetTickCount
0x4b25a8 GetTimeFormatW
0x4b25ac GetTimeZoneInformation
0x4b25b0 GetUserDefaultLCID
0x4b25b4 GetVersionExW
0x4b25b8 GetWindowsDirectoryW
0x4b25bc InitOnceExecuteOnce
0x4b25c0 InitializeCriticalSectionAndSpinCount
0x4b25c4 InitializeSListHead
0x4b25c8 IsDebuggerPresent
0x4b25cc IsProcessorFeaturePresent
0x4b25d0 IsValidCodePage
0x4b25d4 IsValidLocale
0x4b25d8 IsWow64Process
0x4b25dc LCMapStringW
0x4b25e0 LeaveCriticalSection
0x4b25e4 LoadLibraryExA
0x4b25e8 LoadLibraryExW
0x4b25ec LoadLibraryW
0x4b25f0 LocalFree
0x4b25f4 MapViewOfFile
0x4b25f8 MultiByteToWideChar
0x4b25fc OutputDebugStringA
0x4b2600 QueryPerformanceCounter
0x4b2604 QueryPerformanceFrequency
0x4b2608 QueryThreadCycleTime
0x4b260c RaiseException
0x4b2610 ReadConsoleW
0x4b2614 ReadFile
0x4b2618 ReleaseSRWLockExclusive
0x4b261c ResetEvent
0x4b2620 RtlCaptureStackBackTrace
0x4b2624 RtlUnwind
0x4b2628 SetCurrentDirectoryW
0x4b262c SetEnvironmentVariableW
0x4b2630 SetEvent
0x4b2634 SetFilePointerEx
0x4b2638 SetLastError
0x4b263c SetProcessShutdownParameters
0x4b2640 SetStdHandle
0x4b2644 SetThreadPriority
0x4b2648 SetUnhandledExceptionFilter
0x4b264c Sleep
0x4b2650 SleepConditionVariableSRW
0x4b2654 TerminateProcess
0x4b2658 TlsAlloc
0x4b265c TlsFree
0x4b2660 TlsGetValue
0x4b2664 TlsSetValue
0x4b2668 TryAcquireSRWLockExclusive
0x4b266c UnhandledExceptionFilter
0x4b2670 UnmapViewOfFile
0x4b2674 VirtualAlloc
0x4b2678 VirtualFree
0x4b267c VirtualProtect
0x4b2680 VirtualQuery
0x4b2684 WaitForSingleObject
0x4b2688 WaitForSingleObjectEx
0x4b268c WakeAllConditionVariable
0x4b2690 WakeConditionVariable
0x4b2694 WideCharToMultiByte
0x4b2698 WriteConsoleW
0x4b269c WriteFile
SHELL32.dll
0x4b26a4 CommandLineToArgvW
0x4b26a8 SHGetFolderPathW
0x4b26ac SHGetKnownFolderPath
ole32.dll
0x4b26b4 CoCreateInstance
0x4b26b8 CoTaskMemFree
OLEAUT32.dll
0x4b26c0 SysAllocString
0x4b26c4 SysAllocStringLen
0x4b26c8 SysFreeString
0x4b26cc VariantClear
EAT(Export Address Table) Library
0x45c560 GetHandleVerifier