ScreenShot
| Created | 2023.11.14 08:08 | Machine | s1_win7_x6403 |
| Filename | taskeng.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 8cd79908aa72e2f763392a9fe45b46db | ||
| sha256 | 61b37bf1f1ab876f1b9f0d6e407e7086f80c3f3fdea1ac7946c29464f8d66af3 | ||
| ssdeep | 3072:EQFxZmgnIYhD8ZhnfXOCAvKjZRro15mQsANtX6FK8YBbo7WqfeTJp5zx:PFxZmgnh5knGnqVo1wQz3XTxB19p51 | ||
| imphash | 2d4597ea2a42b64a9f6e58b86605cad9 | ||
| impfuzzy | 24:5p4unMUIu9QHuOGOovjXsDYcfhtIRbJe1l39R/RIAOlvjMwzyD5CEQ4EvBC:5p/UBoXpcptIR+p36AONpmBQvBC | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | Executes one or more WMI queries |
| notice | Executes one or more WMI queries which can be used to identify virtual machines |
| info | Queries for the computername |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41e010 CloseHandle
0x41e014 GetCurrentProcess
0x41e018 MultiByteToWideChar
0x41e01c WriteConsoleW
0x41e020 CreateFileW
0x41e024 GetModuleFileNameA
0x41e028 DeleteCriticalSection
0x41e02c InitializeCriticalSectionEx
0x41e030 GetLastError
0x41e034 RaiseException
0x41e038 FindClose
0x41e03c DecodePointer
0x41e040 GetConsoleMode
0x41e044 GetConsoleOutputCP
0x41e048 FlushFileBuffers
0x41e04c GetStringTypeW
0x41e050 SetStdHandle
0x41e054 GetProcessHeap
0x41e058 SetEnvironmentVariableW
0x41e05c FreeEnvironmentStringsW
0x41e060 GetEnvironmentStringsW
0x41e064 GetCommandLineW
0x41e068 GetCommandLineA
0x41e06c QueryPerformanceCounter
0x41e070 GetCurrentThreadId
0x41e074 GetSystemTimeAsFileTime
0x41e078 GetModuleHandleW
0x41e07c GetProcAddress
0x41e080 EnterCriticalSection
0x41e084 LeaveCriticalSection
0x41e088 LocalFree
0x41e08c IsDebuggerPresent
0x41e090 OutputDebugStringW
0x41e094 IsProcessorFeaturePresent
0x41e098 UnhandledExceptionFilter
0x41e09c SetUnhandledExceptionFilter
0x41e0a0 GetStartupInfoW
0x41e0a4 GetCurrentProcessId
0x41e0a8 InitializeSListHead
0x41e0ac TerminateProcess
0x41e0b0 RtlUnwind
0x41e0b4 SetLastError
0x41e0b8 EncodePointer
0x41e0bc InitializeCriticalSectionAndSpinCount
0x41e0c0 TlsAlloc
0x41e0c4 TlsGetValue
0x41e0c8 TlsSetValue
0x41e0cc TlsFree
0x41e0d0 FreeLibrary
0x41e0d4 LoadLibraryExW
0x41e0d8 GetModuleHandleExW
0x41e0dc ExitProcess
0x41e0e0 GetModuleFileNameW
0x41e0e4 GetStdHandle
0x41e0e8 WriteFile
0x41e0ec HeapFree
0x41e0f0 HeapAlloc
0x41e0f4 WideCharToMultiByte
0x41e0f8 CompareStringW
0x41e0fc LCMapStringW
0x41e100 DeleteFileW
0x41e104 GetFileType
0x41e108 SetFilePointerEx
0x41e10c HeapSize
0x41e110 HeapReAlloc
0x41e114 FindFirstFileExW
0x41e118 FindNextFileW
0x41e11c IsValidCodePage
0x41e120 GetACP
0x41e124 GetOEMCP
0x41e128 GetCPInfo
ADVAPI32.dll
0x41e000 RegisterEventSourceA
0x41e004 RegGetValueA
0x41e008 ReportEventA
OLEAUT32.dll
0x41e130 SysFreeString
0x41e134 SysAllocString
0x41e138 SysAllocStringLen
0x41e13c VariantClear
0x41e140 VariantInit
SHLWAPI.dll
0x41e148 StrStrIA
0x41e14c StrStrIW
msi.dll
0x41e154 None
0x41e158 None
EAT(Export Address Table) is none
KERNEL32.dll
0x41e010 CloseHandle
0x41e014 GetCurrentProcess
0x41e018 MultiByteToWideChar
0x41e01c WriteConsoleW
0x41e020 CreateFileW
0x41e024 GetModuleFileNameA
0x41e028 DeleteCriticalSection
0x41e02c InitializeCriticalSectionEx
0x41e030 GetLastError
0x41e034 RaiseException
0x41e038 FindClose
0x41e03c DecodePointer
0x41e040 GetConsoleMode
0x41e044 GetConsoleOutputCP
0x41e048 FlushFileBuffers
0x41e04c GetStringTypeW
0x41e050 SetStdHandle
0x41e054 GetProcessHeap
0x41e058 SetEnvironmentVariableW
0x41e05c FreeEnvironmentStringsW
0x41e060 GetEnvironmentStringsW
0x41e064 GetCommandLineW
0x41e068 GetCommandLineA
0x41e06c QueryPerformanceCounter
0x41e070 GetCurrentThreadId
0x41e074 GetSystemTimeAsFileTime
0x41e078 GetModuleHandleW
0x41e07c GetProcAddress
0x41e080 EnterCriticalSection
0x41e084 LeaveCriticalSection
0x41e088 LocalFree
0x41e08c IsDebuggerPresent
0x41e090 OutputDebugStringW
0x41e094 IsProcessorFeaturePresent
0x41e098 UnhandledExceptionFilter
0x41e09c SetUnhandledExceptionFilter
0x41e0a0 GetStartupInfoW
0x41e0a4 GetCurrentProcessId
0x41e0a8 InitializeSListHead
0x41e0ac TerminateProcess
0x41e0b0 RtlUnwind
0x41e0b4 SetLastError
0x41e0b8 EncodePointer
0x41e0bc InitializeCriticalSectionAndSpinCount
0x41e0c0 TlsAlloc
0x41e0c4 TlsGetValue
0x41e0c8 TlsSetValue
0x41e0cc TlsFree
0x41e0d0 FreeLibrary
0x41e0d4 LoadLibraryExW
0x41e0d8 GetModuleHandleExW
0x41e0dc ExitProcess
0x41e0e0 GetModuleFileNameW
0x41e0e4 GetStdHandle
0x41e0e8 WriteFile
0x41e0ec HeapFree
0x41e0f0 HeapAlloc
0x41e0f4 WideCharToMultiByte
0x41e0f8 CompareStringW
0x41e0fc LCMapStringW
0x41e100 DeleteFileW
0x41e104 GetFileType
0x41e108 SetFilePointerEx
0x41e10c HeapSize
0x41e110 HeapReAlloc
0x41e114 FindFirstFileExW
0x41e118 FindNextFileW
0x41e11c IsValidCodePage
0x41e120 GetACP
0x41e124 GetOEMCP
0x41e128 GetCPInfo
ADVAPI32.dll
0x41e000 RegisterEventSourceA
0x41e004 RegGetValueA
0x41e008 ReportEventA
OLEAUT32.dll
0x41e130 SysFreeString
0x41e134 SysAllocString
0x41e138 SysAllocStringLen
0x41e13c VariantClear
0x41e140 VariantInit
SHLWAPI.dll
0x41e148 StrStrIA
0x41e14c StrStrIW
msi.dll
0x41e154 None
0x41e158 None
EAT(Export Address Table) is none