ScreenShot
| Created | 2023.11.16 07:54 | Machine | s1_win7_x6401 |
| Filename | crypted.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 8ddb35a58ac6c397b91541620a493008 | ||
| sha256 | 525b154b2bae8eda0627e58af0dbeaceda5cd83589a7d697700a9bc9780d8940 | ||
| ssdeep | 12288:vlaZgr31TIkkJxauYuRWdSA6t3FzhC1K1C:vzBTbk9t3eQ1C | ||
| imphash | 1d9d99952303d4d2f177266c5cd8e5fb | ||
| impfuzzy | 48:OgQv0jkwF5QhLhtED9xR1WZRJaXtXB96c+jthVGzSpU63TuFZ+O:O8j7CyxR1WZ6XtXBcc+jthVGGpUfH | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
GDI32.dll
0x482068 RestoreDC
USER32.dll
0x48232c GetGestureInfo
0x482330 GetPointerDeviceRects
0x482334 RegisterShellHookWindow
0x482338 InflateRect
0x48233c GetProcessWindowStation
0x482340 EnableMouseInPointer
0x482344 IsWindowVisible
0x482348 SetDoubleClickTime
0x48234c ValidateRgn
ADVAPI32.dll
0x482000 MapGenericMask
0x482004 InitializeAcl
COMCTL32.dll
0x482034 ImageList_Read
0x482038 None
KERNEL32.dll
0x482098 GetConsoleMode
0x48209c HeapReAlloc
0x4820a0 FlushFileBuffers
0x4820a4 GetProcessHeap
0x4820a8 ReadFile
0x4820ac ReadConsoleW
0x4820b0 CreateFileW
0x4820b4 WriteConsoleW
0x4820b8 HeapSize
0x4820bc GetConsoleOutputCP
0x4820c0 FreeConsole
0x4820c4 QueryPerformanceCounter
0x4820c8 QueryPerformanceFrequency
0x4820cc CloseHandle
0x4820d0 WaitForSingleObjectEx
0x4820d4 Sleep
0x4820d8 SwitchToThread
0x4820dc GetCurrentThreadId
0x4820e0 GetExitCodeThread
0x4820e4 GetNativeSystemInfo
0x4820e8 SetFileInformationByHandle
0x4820ec GetTempPathW
0x4820f0 FlsAlloc
0x4820f4 FlsGetValue
0x4820f8 FlsSetValue
0x4820fc FlsFree
0x482100 InitializeSRWLock
0x482104 ReleaseSRWLockExclusive
0x482108 AcquireSRWLockExclusive
0x48210c TryAcquireSRWLockExclusive
0x482110 InitializeCriticalSectionEx
0x482114 InitOnceExecuteOnce
0x482118 InitializeConditionVariable
0x48211c WakeConditionVariable
0x482120 WakeAllConditionVariable
0x482124 SleepConditionVariableCS
0x482128 SleepConditionVariableSRW
0x48212c CreateEventExW
0x482130 CreateSemaphoreExW
0x482134 FlushProcessWriteBuffers
0x482138 GetCurrentProcessorNumber
0x48213c GetSystemTimeAsFileTime
0x482140 GetTickCount64
0x482144 FreeLibraryWhenCallbackReturns
0x482148 CreateThreadpoolWork
0x48214c SubmitThreadpoolWork
0x482150 CloseThreadpoolWork
0x482154 CreateThreadpoolTimer
0x482158 SetThreadpoolTimer
0x48215c WaitForThreadpoolTimerCallbacks
0x482160 CloseThreadpoolTimer
0x482164 CreateThreadpoolWait
0x482168 SetThreadpoolWait
0x48216c CloseThreadpoolWait
0x482170 GetModuleHandleW
0x482174 GetProcAddress
0x482178 GetFileInformationByHandleEx
0x48217c CreateSymbolicLinkW
0x482180 FormatMessageA
0x482184 LocalFree
0x482188 GetLocaleInfoEx
0x48218c EnterCriticalSection
0x482190 LeaveCriticalSection
0x482194 DeleteCriticalSection
0x482198 UnhandledExceptionFilter
0x48219c SetUnhandledExceptionFilter
0x4821a0 GetCurrentProcess
0x4821a4 TerminateProcess
0x4821a8 IsProcessorFeaturePresent
0x4821ac GetCurrentProcessId
0x4821b0 InitializeSListHead
0x4821b4 IsDebuggerPresent
0x4821b8 GetStartupInfoW
0x4821bc GetStringTypeW
0x4821c0 RaiseException
0x4821c4 RtlUnwind
0x4821c8 InterlockedPushEntrySList
0x4821cc InterlockedFlushSList
0x4821d0 GetLastError
0x4821d4 SetLastError
0x4821d8 EncodePointer
0x4821dc InitializeCriticalSectionAndSpinCount
0x4821e0 TlsAlloc
0x4821e4 TlsGetValue
0x4821e8 TlsSetValue
0x4821ec TlsFree
0x4821f0 FreeLibrary
0x4821f4 LoadLibraryExW
0x4821f8 CreateThread
0x4821fc ExitThread
0x482200 ResumeThread
0x482204 FreeLibraryAndExitThread
0x482208 GetModuleHandleExW
0x48220c GetStdHandle
0x482210 WriteFile
0x482214 GetModuleFileNameW
0x482218 ExitProcess
0x48221c GetCommandLineA
0x482220 GetCommandLineW
0x482224 GetCurrentThread
0x482228 HeapAlloc
0x48222c HeapFree
0x482230 GetDateFormatW
0x482234 GetTimeFormatW
0x482238 CompareStringW
0x48223c LCMapStringW
0x482240 GetLocaleInfoW
0x482244 IsValidLocale
0x482248 GetUserDefaultLCID
0x48224c EnumSystemLocalesW
0x482250 SetConsoleCtrlHandler
0x482254 GetFileType
0x482258 GetFileSizeEx
0x48225c SetFilePointerEx
0x482260 OutputDebugStringW
0x482264 FindClose
0x482268 FindFirstFileExW
0x48226c FindNextFileW
0x482270 IsValidCodePage
0x482274 GetACP
0x482278 GetOEMCP
0x48227c GetCPInfo
0x482280 MultiByteToWideChar
0x482284 WideCharToMultiByte
0x482288 GetEnvironmentStringsW
0x48228c FreeEnvironmentStringsW
0x482290 SetEnvironmentVariableW
0x482294 SetStdHandle
0x482298 DecodePointer
EAT(Export Address Table) is none
GDI32.dll
0x482068 RestoreDC
USER32.dll
0x48232c GetGestureInfo
0x482330 GetPointerDeviceRects
0x482334 RegisterShellHookWindow
0x482338 InflateRect
0x48233c GetProcessWindowStation
0x482340 EnableMouseInPointer
0x482344 IsWindowVisible
0x482348 SetDoubleClickTime
0x48234c ValidateRgn
ADVAPI32.dll
0x482000 MapGenericMask
0x482004 InitializeAcl
COMCTL32.dll
0x482034 ImageList_Read
0x482038 None
KERNEL32.dll
0x482098 GetConsoleMode
0x48209c HeapReAlloc
0x4820a0 FlushFileBuffers
0x4820a4 GetProcessHeap
0x4820a8 ReadFile
0x4820ac ReadConsoleW
0x4820b0 CreateFileW
0x4820b4 WriteConsoleW
0x4820b8 HeapSize
0x4820bc GetConsoleOutputCP
0x4820c0 FreeConsole
0x4820c4 QueryPerformanceCounter
0x4820c8 QueryPerformanceFrequency
0x4820cc CloseHandle
0x4820d0 WaitForSingleObjectEx
0x4820d4 Sleep
0x4820d8 SwitchToThread
0x4820dc GetCurrentThreadId
0x4820e0 GetExitCodeThread
0x4820e4 GetNativeSystemInfo
0x4820e8 SetFileInformationByHandle
0x4820ec GetTempPathW
0x4820f0 FlsAlloc
0x4820f4 FlsGetValue
0x4820f8 FlsSetValue
0x4820fc FlsFree
0x482100 InitializeSRWLock
0x482104 ReleaseSRWLockExclusive
0x482108 AcquireSRWLockExclusive
0x48210c TryAcquireSRWLockExclusive
0x482110 InitializeCriticalSectionEx
0x482114 InitOnceExecuteOnce
0x482118 InitializeConditionVariable
0x48211c WakeConditionVariable
0x482120 WakeAllConditionVariable
0x482124 SleepConditionVariableCS
0x482128 SleepConditionVariableSRW
0x48212c CreateEventExW
0x482130 CreateSemaphoreExW
0x482134 FlushProcessWriteBuffers
0x482138 GetCurrentProcessorNumber
0x48213c GetSystemTimeAsFileTime
0x482140 GetTickCount64
0x482144 FreeLibraryWhenCallbackReturns
0x482148 CreateThreadpoolWork
0x48214c SubmitThreadpoolWork
0x482150 CloseThreadpoolWork
0x482154 CreateThreadpoolTimer
0x482158 SetThreadpoolTimer
0x48215c WaitForThreadpoolTimerCallbacks
0x482160 CloseThreadpoolTimer
0x482164 CreateThreadpoolWait
0x482168 SetThreadpoolWait
0x48216c CloseThreadpoolWait
0x482170 GetModuleHandleW
0x482174 GetProcAddress
0x482178 GetFileInformationByHandleEx
0x48217c CreateSymbolicLinkW
0x482180 FormatMessageA
0x482184 LocalFree
0x482188 GetLocaleInfoEx
0x48218c EnterCriticalSection
0x482190 LeaveCriticalSection
0x482194 DeleteCriticalSection
0x482198 UnhandledExceptionFilter
0x48219c SetUnhandledExceptionFilter
0x4821a0 GetCurrentProcess
0x4821a4 TerminateProcess
0x4821a8 IsProcessorFeaturePresent
0x4821ac GetCurrentProcessId
0x4821b0 InitializeSListHead
0x4821b4 IsDebuggerPresent
0x4821b8 GetStartupInfoW
0x4821bc GetStringTypeW
0x4821c0 RaiseException
0x4821c4 RtlUnwind
0x4821c8 InterlockedPushEntrySList
0x4821cc InterlockedFlushSList
0x4821d0 GetLastError
0x4821d4 SetLastError
0x4821d8 EncodePointer
0x4821dc InitializeCriticalSectionAndSpinCount
0x4821e0 TlsAlloc
0x4821e4 TlsGetValue
0x4821e8 TlsSetValue
0x4821ec TlsFree
0x4821f0 FreeLibrary
0x4821f4 LoadLibraryExW
0x4821f8 CreateThread
0x4821fc ExitThread
0x482200 ResumeThread
0x482204 FreeLibraryAndExitThread
0x482208 GetModuleHandleExW
0x48220c GetStdHandle
0x482210 WriteFile
0x482214 GetModuleFileNameW
0x482218 ExitProcess
0x48221c GetCommandLineA
0x482220 GetCommandLineW
0x482224 GetCurrentThread
0x482228 HeapAlloc
0x48222c HeapFree
0x482230 GetDateFormatW
0x482234 GetTimeFormatW
0x482238 CompareStringW
0x48223c LCMapStringW
0x482240 GetLocaleInfoW
0x482244 IsValidLocale
0x482248 GetUserDefaultLCID
0x48224c EnumSystemLocalesW
0x482250 SetConsoleCtrlHandler
0x482254 GetFileType
0x482258 GetFileSizeEx
0x48225c SetFilePointerEx
0x482260 OutputDebugStringW
0x482264 FindClose
0x482268 FindFirstFileExW
0x48226c FindNextFileW
0x482270 IsValidCodePage
0x482274 GetACP
0x482278 GetOEMCP
0x48227c GetCPInfo
0x482280 MultiByteToWideChar
0x482284 WideCharToMultiByte
0x482288 GetEnvironmentStringsW
0x48228c FreeEnvironmentStringsW
0x482290 SetEnvironmentVariableW
0x482294 SetStdHandle
0x482298 DecodePointer
EAT(Export Address Table) is none