ScreenShot
| Created | 2023.11.14 06:13 | Machine | s1_win7_x6401 |
| Filename | unk.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | ca42b110a0926f8aa00abd2500d520cb | ||
| sha256 | 3db31868fb120145ea8358bd7c845c4d8d852e331c5597737ef5b838a2ba5493 | ||
| ssdeep | 3072:TjK7aZ9vY2ah04DeyjLi5XrprYP+SmPw66IiHC:TjKeZnaa4SyjWV1r8+PE5HC | ||
| imphash | 2a23fc43adb75eb52daff624fc121b31 | ||
| impfuzzy | 24:p5oaor7D1zQKPzBMI1/muKavt/2CrOD1Eu93ZrD/SeUUG9OTw08JKinjT:PA1LbN/dKavtVaD19wObif | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x140006220 ConvertSidToStringSidW
0x140006228 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x140006230 GetTokenInformation
0x140006238 OpenProcessToken
0x140006240 RegCloseKey
0x140006248 RegOpenKeyExW
0x140006250 RegQueryValueExW
0x140006258 RegSetValueExW
0x140006260 SystemFunction036
SHELL32.dll
0x140006270 CommandLineToArgvW
KERNEL32.dll
0x140006280 CloseHandle
0x140006288 CreateDirectoryW
0x140006290 CreateFileW
0x140006298 CreateProcessW
0x1400062a0 DosDateTimeToFileTime
0x1400062a8 DuplicateHandle
0x1400062b0 EnumResourceNamesW
0x1400062b8 ExitProcess
0x1400062c0 ExpandEnvironmentStringsW
0x1400062c8 FindResourceW
0x1400062d0 FlushFileBuffers
0x1400062d8 FreeLibrary
0x1400062e0 GetCommandLineW
0x1400062e8 GetCurrentProcess
0x1400062f0 GetCurrentProcessId
0x1400062f8 GetCurrentThreadId
0x140006300 GetEnvironmentVariableW
0x140006308 GetExitCodeProcess
0x140006310 GetFileAttributesW
0x140006318 GetFileInformationByHandleEx
0x140006320 GetLastError
0x140006328 GetModuleFileNameW
0x140006330 GetModuleHandleW
0x140006338 GetProcAddress
0x140006340 GetProcessHeap
0x140006348 GetSystemInfo
0x140006350 GetSystemTimeAsFileTime
0x140006358 GetTempPathW
0x140006360 GetVolumeInformationW
0x140006368 GetVolumePathNameW
0x140006370 HeapAlloc
0x140006378 HeapFree
0x140006380 IsProcessorFeaturePresent
0x140006388 LoadLibraryExA
0x140006390 LoadLibraryExW
0x140006398 LoadResource
0x1400063a0 LocalAlloc
0x1400063a8 LocalFileTimeToFileTime
0x1400063b0 LocalFree
0x1400063b8 LockResource
0x1400063c0 MultiByteToWideChar
0x1400063c8 QueryPerformanceCounter
0x1400063d0 RaiseException
0x1400063d8 ReadFile
0x1400063e0 RtlCaptureContext
0x1400063e8 RtlLookupFunctionEntry
0x1400063f0 RtlVirtualUnwind
0x1400063f8 SetFileInformationByHandle
0x140006400 SetFilePointer
0x140006408 SetLastError
0x140006410 SetProcessWorkingSetSize
0x140006418 SetUnhandledExceptionFilter
0x140006420 SizeofResource
0x140006428 Sleep
0x140006430 TerminateProcess
0x140006438 UnhandledExceptionFilter
0x140006440 VirtualProtect
0x140006448 VirtualQuery
0x140006450 WaitForSingleObject
0x140006458 WideCharToMultiByte
0x140006460 WriteFile
0x140006468 lstrcmpiW
0x140006470 lstrlenW
EAT(Export Address Table) is none
ADVAPI32.dll
0x140006220 ConvertSidToStringSidW
0x140006228 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x140006230 GetTokenInformation
0x140006238 OpenProcessToken
0x140006240 RegCloseKey
0x140006248 RegOpenKeyExW
0x140006250 RegQueryValueExW
0x140006258 RegSetValueExW
0x140006260 SystemFunction036
SHELL32.dll
0x140006270 CommandLineToArgvW
KERNEL32.dll
0x140006280 CloseHandle
0x140006288 CreateDirectoryW
0x140006290 CreateFileW
0x140006298 CreateProcessW
0x1400062a0 DosDateTimeToFileTime
0x1400062a8 DuplicateHandle
0x1400062b0 EnumResourceNamesW
0x1400062b8 ExitProcess
0x1400062c0 ExpandEnvironmentStringsW
0x1400062c8 FindResourceW
0x1400062d0 FlushFileBuffers
0x1400062d8 FreeLibrary
0x1400062e0 GetCommandLineW
0x1400062e8 GetCurrentProcess
0x1400062f0 GetCurrentProcessId
0x1400062f8 GetCurrentThreadId
0x140006300 GetEnvironmentVariableW
0x140006308 GetExitCodeProcess
0x140006310 GetFileAttributesW
0x140006318 GetFileInformationByHandleEx
0x140006320 GetLastError
0x140006328 GetModuleFileNameW
0x140006330 GetModuleHandleW
0x140006338 GetProcAddress
0x140006340 GetProcessHeap
0x140006348 GetSystemInfo
0x140006350 GetSystemTimeAsFileTime
0x140006358 GetTempPathW
0x140006360 GetVolumeInformationW
0x140006368 GetVolumePathNameW
0x140006370 HeapAlloc
0x140006378 HeapFree
0x140006380 IsProcessorFeaturePresent
0x140006388 LoadLibraryExA
0x140006390 LoadLibraryExW
0x140006398 LoadResource
0x1400063a0 LocalAlloc
0x1400063a8 LocalFileTimeToFileTime
0x1400063b0 LocalFree
0x1400063b8 LockResource
0x1400063c0 MultiByteToWideChar
0x1400063c8 QueryPerformanceCounter
0x1400063d0 RaiseException
0x1400063d8 ReadFile
0x1400063e0 RtlCaptureContext
0x1400063e8 RtlLookupFunctionEntry
0x1400063f0 RtlVirtualUnwind
0x1400063f8 SetFileInformationByHandle
0x140006400 SetFilePointer
0x140006408 SetLastError
0x140006410 SetProcessWorkingSetSize
0x140006418 SetUnhandledExceptionFilter
0x140006420 SizeofResource
0x140006428 Sleep
0x140006430 TerminateProcess
0x140006438 UnhandledExceptionFilter
0x140006440 VirtualProtect
0x140006448 VirtualQuery
0x140006450 WaitForSingleObject
0x140006458 WideCharToMultiByte
0x140006460 WriteFile
0x140006468 lstrcmpiW
0x140006470 lstrlenW
EAT(Export Address Table) is none