ScreenShot
| Created | 2023.11.27 09:33 | Machine | s1_win7_x6403 |
| Filename | client.exe | ||
| Type | PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | |||
| md5 | 0170f9a9cf779fefa88e3a93dd551712 | ||
| sha256 | 980a9e9f44aca2a0503c0bdc356c97a8d72439332f0c592317454be367ff4f53 | ||
| ssdeep | 196608:mdswEiI/C5CnZTH8KxV2AonzpHgYTW2fICxPiCGzio+f:idE96gTHlV2AmzPTW2fIwiio+f | ||
| imphash | f0ea7b7844bbc5bfa9bb32efdcea957c | ||
| impfuzzy | 24:UbVjh9wO+VuT2oLtXOr6kwmDruMztxdEr6tP:GwO+VAXOmGx0oP | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| watch | Detects the presence of Wine emulator |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Command line console output was observed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | ftp_command | ftp command | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0xe93620 WriteFile
0xe93628 WriteConsoleW
0xe93630 WaitForMultipleObjects
0xe93638 WaitForSingleObject
0xe93640 VirtualQuery
0xe93648 VirtualFree
0xe93650 VirtualAlloc
0xe93658 TlsAlloc
0xe93660 SwitchToThread
0xe93668 SuspendThread
0xe93670 SetWaitableTimer
0xe93678 SetUnhandledExceptionFilter
0xe93680 SetProcessPriorityBoost
0xe93688 SetEvent
0xe93690 SetErrorMode
0xe93698 SetConsoleCtrlHandler
0xe936a0 ResumeThread
0xe936a8 PostQueuedCompletionStatus
0xe936b0 LoadLibraryA
0xe936b8 LoadLibraryW
0xe936c0 SetThreadContext
0xe936c8 GetThreadContext
0xe936d0 GetSystemInfo
0xe936d8 GetSystemDirectoryA
0xe936e0 GetStdHandle
0xe936e8 GetQueuedCompletionStatusEx
0xe936f0 GetProcessAffinityMask
0xe936f8 GetProcAddress
0xe93700 GetEnvironmentStringsW
0xe93708 GetConsoleMode
0xe93710 FreeEnvironmentStringsW
0xe93718 ExitProcess
0xe93720 DuplicateHandle
0xe93728 CreateWaitableTimerExW
0xe93730 CreateThread
0xe93738 CreateIoCompletionPort
0xe93740 CreateFileA
0xe93748 CreateEventA
0xe93750 CloseHandle
0xe93758 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0xe93620 WriteFile
0xe93628 WriteConsoleW
0xe93630 WaitForMultipleObjects
0xe93638 WaitForSingleObject
0xe93640 VirtualQuery
0xe93648 VirtualFree
0xe93650 VirtualAlloc
0xe93658 TlsAlloc
0xe93660 SwitchToThread
0xe93668 SuspendThread
0xe93670 SetWaitableTimer
0xe93678 SetUnhandledExceptionFilter
0xe93680 SetProcessPriorityBoost
0xe93688 SetEvent
0xe93690 SetErrorMode
0xe93698 SetConsoleCtrlHandler
0xe936a0 ResumeThread
0xe936a8 PostQueuedCompletionStatus
0xe936b0 LoadLibraryA
0xe936b8 LoadLibraryW
0xe936c0 SetThreadContext
0xe936c8 GetThreadContext
0xe936d0 GetSystemInfo
0xe936d8 GetSystemDirectoryA
0xe936e0 GetStdHandle
0xe936e8 GetQueuedCompletionStatusEx
0xe936f0 GetProcessAffinityMask
0xe936f8 GetProcAddress
0xe93700 GetEnvironmentStringsW
0xe93708 GetConsoleMode
0xe93710 FreeEnvironmentStringsW
0xe93718 ExitProcess
0xe93720 DuplicateHandle
0xe93728 CreateWaitableTimerExW
0xe93730 CreateThread
0xe93738 CreateIoCompletionPort
0xe93740 CreateFileA
0xe93748 CreateEventA
0xe93750 CloseHandle
0xe93758 AddVectoredExceptionHandler
EAT(Export Address Table) is none