ScreenShot
| Created | 2023.11.16 20:31 | Machine | s1_win7_x6401 |
| Filename | etchCore-0.x86.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 1f0669f13dc0545917e8397063f806db | ||
| sha256 | 3596e8fa5e19e860a2029fa4ab7a4f95fadf073feb88e4f82b19a093e1e2737c | ||
| ssdeep | 3072:p7r/errfwn06z/ZfqnN2/koPvEPsx9GYaKPST8BM4pFFJ:p7infwfQN288t9kIBM4pPJ | ||
| imphash | 55d05e5267c1de07a1891bc6ae8ec4ee | ||
| impfuzzy | 24:mDndgsy++dHvthTRQ4AGbvWaJr+JstEsF0e4Rp9eyVGSEfNGMxRqQo49kk:D++dPthVQ4ZVAVcSE1GMbqQNkk | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1001c000 GetProcAddress
0x1001c004 GetVersion
0x1001c008 Sleep
0x1001c00c LoadLibraryA
0x1001c010 GetSystemDirectoryA
0x1001c014 GetLastError
0x1001c018 SystemTimeToFileTime
0x1001c01c GetSystemTime
0x1001c020 OutputDebugStringA
0x1001c024 RtlUnwind
0x1001c028 InterlockedExchange
0x1001c02c InterlockedCompareExchange
0x1001c030 TerminateProcess
0x1001c034 GetCurrentProcess
0x1001c038 UnhandledExceptionFilter
0x1001c03c SetUnhandledExceptionFilter
0x1001c040 QueryPerformanceCounter
0x1001c044 GetTickCount
0x1001c048 GetCurrentThreadId
0x1001c04c FreeLibrary
0x1001c050 GetCurrentProcessId
0x1001c054 GetSystemTimeAsFileTime
WS2_32.dll
0x1001c05c WSASetLastError
0x1001c060 getservbyport
0x1001c064 ntohs
0x1001c068 gethostbyaddr
0x1001c06c getservbyname
0x1001c070 htonl
0x1001c074 inet_ntoa
0x1001c078 gethostbyname
0x1001c07c WSAGetLastError
0x1001c080 inet_addr
0x1001c084 getsockopt
0x1001c088 WSAStartup
0x1001c08c listen
0x1001c090 ind
0x1001c094 closesocket
0x1001c098 setsockopt
0x1001c09c socket
0x1001c0a0 select
0x1001c0a4 connect
0x1001c0a8 ioctlsocket
0x1001c0ac send
0x1001c0b0 recv
0x1001c0b4 htons
msvcrt.dll
0x1001c0bc _XcptFilter
0x1001c0c0 _initterm
0x1001c0c4 _adjust_fdiv
0x1001c0c8 isleadbyte
0x1001c0cc _itoa
0x1001c0d0 wctomb
0x1001c0d4 __badioinfo
0x1001c0d8 __pioinfo
0x1001c0dc _fileno
0x1001c0e0 _lseeki64
0x1001c0e4 _write
0x1001c0e8 _isatty
0x1001c0ec realloc
0x1001c0f0 sprintf
0x1001c0f4 memchr
0x1001c0f8 tolower
0x1001c0fc toupper
0x1001c100 strtoul
0x1001c104 calloc
0x1001c108 memcmp
0x1001c10c _snprintf
0x1001c110 strcmp
0x1001c114 printf
0x1001c118 strlen
0x1001c11c memcpy
0x1001c120 free
0x1001c124 malloc
0x1001c128 abort
0x1001c12c fprintf
0x1001c130 memmove
0x1001c134 memset
0x1001c138 _iob
0x1001c13c strchr
0x1001c140 _errno
0x1001c144 _amsg_exit
EAT(Export Address Table) Library
0x1000171a DaveEntry
KERNEL32.dll
0x1001c000 GetProcAddress
0x1001c004 GetVersion
0x1001c008 Sleep
0x1001c00c LoadLibraryA
0x1001c010 GetSystemDirectoryA
0x1001c014 GetLastError
0x1001c018 SystemTimeToFileTime
0x1001c01c GetSystemTime
0x1001c020 OutputDebugStringA
0x1001c024 RtlUnwind
0x1001c028 InterlockedExchange
0x1001c02c InterlockedCompareExchange
0x1001c030 TerminateProcess
0x1001c034 GetCurrentProcess
0x1001c038 UnhandledExceptionFilter
0x1001c03c SetUnhandledExceptionFilter
0x1001c040 QueryPerformanceCounter
0x1001c044 GetTickCount
0x1001c048 GetCurrentThreadId
0x1001c04c FreeLibrary
0x1001c050 GetCurrentProcessId
0x1001c054 GetSystemTimeAsFileTime
WS2_32.dll
0x1001c05c WSASetLastError
0x1001c060 getservbyport
0x1001c064 ntohs
0x1001c068 gethostbyaddr
0x1001c06c getservbyname
0x1001c070 htonl
0x1001c074 inet_ntoa
0x1001c078 gethostbyname
0x1001c07c WSAGetLastError
0x1001c080 inet_addr
0x1001c084 getsockopt
0x1001c088 WSAStartup
0x1001c08c listen
0x1001c090 ind
0x1001c094 closesocket
0x1001c098 setsockopt
0x1001c09c socket
0x1001c0a0 select
0x1001c0a4 connect
0x1001c0a8 ioctlsocket
0x1001c0ac send
0x1001c0b0 recv
0x1001c0b4 htons
msvcrt.dll
0x1001c0bc _XcptFilter
0x1001c0c0 _initterm
0x1001c0c4 _adjust_fdiv
0x1001c0c8 isleadbyte
0x1001c0cc _itoa
0x1001c0d0 wctomb
0x1001c0d4 __badioinfo
0x1001c0d8 __pioinfo
0x1001c0dc _fileno
0x1001c0e0 _lseeki64
0x1001c0e4 _write
0x1001c0e8 _isatty
0x1001c0ec realloc
0x1001c0f0 sprintf
0x1001c0f4 memchr
0x1001c0f8 tolower
0x1001c0fc toupper
0x1001c100 strtoul
0x1001c104 calloc
0x1001c108 memcmp
0x1001c10c _snprintf
0x1001c110 strcmp
0x1001c114 printf
0x1001c118 strlen
0x1001c11c memcpy
0x1001c120 free
0x1001c124 malloc
0x1001c128 abort
0x1001c12c fprintf
0x1001c130 memmove
0x1001c134 memset
0x1001c138 _iob
0x1001c13c strchr
0x1001c140 _errno
0x1001c144 _amsg_exit
EAT(Export Address Table) Library
0x1000171a DaveEntry