ScreenShot
| Created | 2023.11.15 07:53 | Machine | s1_win7_x6403 |
| Filename | wsclient.1.25.win.03.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | b27323c59498426807574a20824ac525 | ||
| sha256 | df5397b08e1b72fbf42290033aa11934e895488c93b76e608542fbb49d2e0f98 | ||
| ssdeep | 6144:tE4bq2jLXveqB+HcDYjOHBhpbiQ4UdnZYrOCa0PEIfuQrk:tEwq2PXvy0YOjpbiQ3nZSPEIfe | ||
| imphash | dbe7ea52e4aa8fe765398b6553e86868 | ||
| impfuzzy | 48:0RlEAVvKOYYVbXcp+5Lv9KJWXqWBRbLpQYc3zXycZYd:zAVKgVbXcp+5Lv+WaWBRbLpQYPcZYd | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x4431a0 inet_pton
0x4431a4 getaddrinfo
0x4431a8 WSAStartup
0x4431ac htonl
0x4431b0 inet_ntop
0x4431b4 htons
0x4431b8 freeaddrinfo
0x4431bc accept
0x4431c0 connect
0x4431c4 recvfrom
0x4431c8 recv
0x4431cc sendto
0x4431d0 getpeername
0x4431d4 getsockname
0x4431d8 getsockopt
0x4431dc ioctlsocket
0x4431e0 WSAGetLastError
0x4431e4 ind
0x4431e8 closesocket
0x4431ec listen
0x4431f0 send
0x4431f4 socket
0x4431f8 ntohl
0x4431fc WSAIoctl
0x443200 ntohs
dbghelp.dll
0x443208 SymInitialize
0x44320c SymFunctionTableAccess64
0x443210 SymGetModuleBase64
0x443214 MiniDumpWriteDump
0x443218 StackWalk64
0x44321c SymFromAddr
KERNEL32.dll
0x443010 GetEnvironmentStringsW
0x443014 GetCPInfo
0x443018 GetOEMCP
0x44301c GetACP
0x443020 IsValidCodePage
0x443024 FindFirstFileExW
0x443028 GetFileSizeEx
0x44302c DeleteFileW
0x443030 SetFilePointerEx
0x443034 SetStdHandle
0x443038 HeapReAlloc
0x44303c FlushFileBuffers
0x443040 LCMapStringW
0x443044 CompareStringW
0x443048 HeapFree
0x44304c WriteConsoleW
0x443050 HeapSize
0x443054 GetFileAttributesExW
0x443058 SetEndOfFile
0x44305c CreateProcessW
0x443060 GetExitCodeProcess
0x443064 Sleep
0x443068 GetModuleFileNameA
0x44306c GetCurrentProcess
0x443070 LockFile
0x443074 GetCurrentThreadId
0x443078 FreeEnvironmentStringsW
0x44307c GetCurrentThread
0x443080 CloseHandle
0x443084 GetCurrentProcessId
0x443088 SetUnhandledExceptionFilter
0x44308c EnterCriticalSection
0x443090 LeaveCriticalSection
0x443094 InitializeCriticalSection
0x443098 DeleteCriticalSection
0x44309c GetLocalTime
0x4430a0 QueryPerformanceFrequency
0x4430a4 QueryPerformanceCounter
0x4430a8 FormatMessageA
0x4430ac FindClose
0x4430b0 FindNextFileW
0x4430b4 GetLastError
0x4430b8 MultiByteToWideChar
0x4430bc WideCharToMultiByte
0x4430c0 InitializeSRWLock
0x4430c4 InitOnceExecuteOnce
0x4430c8 SetLastError
0x4430cc GetHandleInformation
0x4430d0 GetTickCount64
0x4430d4 ReleaseSRWLockExclusive
0x4430d8 AcquireSRWLockExclusive
0x4430dc ReleaseSRWLockShared
0x4430e0 GetQueuedCompletionStatusEx
0x4430e4 GetProcAddress
0x4430e8 AcquireSRWLockShared
0x4430ec GetModuleHandleW
0x4430f0 CreateIoCompletionPort
0x4430f4 SetFileCompletionNotificationModes
0x4430f8 HeapAlloc
0x4430fc DecodePointer
0x443100 GetStringTypeW
0x443104 GetProcessHeap
0x443108 CreateFileA
0x44310c UnhandledExceptionFilter
0x443110 TerminateProcess
0x443114 IsProcessorFeaturePresent
0x443118 GetSystemTimeAsFileTime
0x44311c InitializeSListHead
0x443120 IsDebuggerPresent
0x443124 GetStartupInfoW
0x443128 RtlUnwind
0x44312c InitializeCriticalSectionAndSpinCount
0x443130 TlsAlloc
0x443134 TlsGetValue
0x443138 TlsSetValue
0x44313c TlsFree
0x443140 FreeLibrary
0x443144 LoadLibraryExW
0x443148 EncodePointer
0x44314c RaiseException
0x443150 ExitProcess
0x443154 GetModuleHandleExW
0x443158 GetCommandLineA
0x44315c GetCommandLineW
0x443160 GetTimeZoneInformation
0x443164 ReadFile
0x443168 CreateFileW
0x44316c GetFileType
0x443170 GetStdHandle
0x443174 WriteFile
0x443178 GetModuleFileNameW
0x44317c SetEnvironmentVariableW
0x443180 SetCurrentDirectoryW
0x443184 GetCurrentDirectoryW
0x443188 DuplicateHandle
0x44318c GetConsoleMode
0x443190 ReadConsoleW
0x443194 GetConsoleOutputCP
0x443198 WaitForSingleObject
ADVAPI32.dll
0x443000 CryptGenRandom
0x443004 CryptReleaseContext
0x443008 CryptAcquireContextA
EAT(Export Address Table) is none
WS2_32.dll
0x4431a0 inet_pton
0x4431a4 getaddrinfo
0x4431a8 WSAStartup
0x4431ac htonl
0x4431b0 inet_ntop
0x4431b4 htons
0x4431b8 freeaddrinfo
0x4431bc accept
0x4431c0 connect
0x4431c4 recvfrom
0x4431c8 recv
0x4431cc sendto
0x4431d0 getpeername
0x4431d4 getsockname
0x4431d8 getsockopt
0x4431dc ioctlsocket
0x4431e0 WSAGetLastError
0x4431e4 ind
0x4431e8 closesocket
0x4431ec listen
0x4431f0 send
0x4431f4 socket
0x4431f8 ntohl
0x4431fc WSAIoctl
0x443200 ntohs
dbghelp.dll
0x443208 SymInitialize
0x44320c SymFunctionTableAccess64
0x443210 SymGetModuleBase64
0x443214 MiniDumpWriteDump
0x443218 StackWalk64
0x44321c SymFromAddr
KERNEL32.dll
0x443010 GetEnvironmentStringsW
0x443014 GetCPInfo
0x443018 GetOEMCP
0x44301c GetACP
0x443020 IsValidCodePage
0x443024 FindFirstFileExW
0x443028 GetFileSizeEx
0x44302c DeleteFileW
0x443030 SetFilePointerEx
0x443034 SetStdHandle
0x443038 HeapReAlloc
0x44303c FlushFileBuffers
0x443040 LCMapStringW
0x443044 CompareStringW
0x443048 HeapFree
0x44304c WriteConsoleW
0x443050 HeapSize
0x443054 GetFileAttributesExW
0x443058 SetEndOfFile
0x44305c CreateProcessW
0x443060 GetExitCodeProcess
0x443064 Sleep
0x443068 GetModuleFileNameA
0x44306c GetCurrentProcess
0x443070 LockFile
0x443074 GetCurrentThreadId
0x443078 FreeEnvironmentStringsW
0x44307c GetCurrentThread
0x443080 CloseHandle
0x443084 GetCurrentProcessId
0x443088 SetUnhandledExceptionFilter
0x44308c EnterCriticalSection
0x443090 LeaveCriticalSection
0x443094 InitializeCriticalSection
0x443098 DeleteCriticalSection
0x44309c GetLocalTime
0x4430a0 QueryPerformanceFrequency
0x4430a4 QueryPerformanceCounter
0x4430a8 FormatMessageA
0x4430ac FindClose
0x4430b0 FindNextFileW
0x4430b4 GetLastError
0x4430b8 MultiByteToWideChar
0x4430bc WideCharToMultiByte
0x4430c0 InitializeSRWLock
0x4430c4 InitOnceExecuteOnce
0x4430c8 SetLastError
0x4430cc GetHandleInformation
0x4430d0 GetTickCount64
0x4430d4 ReleaseSRWLockExclusive
0x4430d8 AcquireSRWLockExclusive
0x4430dc ReleaseSRWLockShared
0x4430e0 GetQueuedCompletionStatusEx
0x4430e4 GetProcAddress
0x4430e8 AcquireSRWLockShared
0x4430ec GetModuleHandleW
0x4430f0 CreateIoCompletionPort
0x4430f4 SetFileCompletionNotificationModes
0x4430f8 HeapAlloc
0x4430fc DecodePointer
0x443100 GetStringTypeW
0x443104 GetProcessHeap
0x443108 CreateFileA
0x44310c UnhandledExceptionFilter
0x443110 TerminateProcess
0x443114 IsProcessorFeaturePresent
0x443118 GetSystemTimeAsFileTime
0x44311c InitializeSListHead
0x443120 IsDebuggerPresent
0x443124 GetStartupInfoW
0x443128 RtlUnwind
0x44312c InitializeCriticalSectionAndSpinCount
0x443130 TlsAlloc
0x443134 TlsGetValue
0x443138 TlsSetValue
0x44313c TlsFree
0x443140 FreeLibrary
0x443144 LoadLibraryExW
0x443148 EncodePointer
0x44314c RaiseException
0x443150 ExitProcess
0x443154 GetModuleHandleExW
0x443158 GetCommandLineA
0x44315c GetCommandLineW
0x443160 GetTimeZoneInformation
0x443164 ReadFile
0x443168 CreateFileW
0x44316c GetFileType
0x443170 GetStdHandle
0x443174 WriteFile
0x443178 GetModuleFileNameW
0x44317c SetEnvironmentVariableW
0x443180 SetCurrentDirectoryW
0x443184 GetCurrentDirectoryW
0x443188 DuplicateHandle
0x44318c GetConsoleMode
0x443190 ReadConsoleW
0x443194 GetConsoleOutputCP
0x443198 WaitForSingleObject
ADVAPI32.dll
0x443000 CryptGenRandom
0x443004 CryptReleaseContext
0x443008 CryptAcquireContextA
EAT(Export Address Table) is none