ScreenShot
| Created | 2023.12.12 08:07 | Machine | s1_win7_x6401 |
| Filename | Builder.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | d49ec8360f618f61d91701143e475fbc | ||
| sha256 | 2dece16416e689ac95ae2c7b7944f4a5e37ea96ec1b59acc769216eaa6acd342 | ||
| ssdeep | 6144:tSncRlISncRl1Xav8nY6r1dQrD4bfv8nY6r1dQrDP:E4f4LXW8ZP | ||
| imphash | 9222d372923baed7aa9dfa28449a94ea | ||
| impfuzzy | 24:9H9DopK7yJlv1OovAZtQlqlEcfL7/J3IP8RyvkT4JQ:9grItZt5ecf50kcJQ | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Drops a binary and executes it |
| notice | Drops an executable to the user AppData folder |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (10cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | ASPack_Zero | ASPack packed file | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | Is_DotNET_EXE | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x409000 CreateFileA
0x409004 FindResourceA
0x409008 FreeLibrary
0x40900c LoadResource
0x409010 WriteFile
0x409014 SizeofResource
0x409018 GetProcAddress
0x40901c LoadLibraryA
0x409020 LockResource
0x409024 EnumResourceNamesA
0x409028 CloseHandle
0x40902c FreeResource
0x409030 GetWindowsDirectoryA
0x409034 OutputDebugStringA
0x409038 GetTempPathA
0x40903c GetModuleHandleW
0x409040 ExitProcess
0x409044 DecodePointer
0x409048 EncodePointer
0x40904c GetCommandLineA
0x409050 HeapSetInformation
0x409054 GetStartupInfoW
0x409058 RaiseException
0x40905c TerminateProcess
0x409060 GetCurrentProcess
0x409064 UnhandledExceptionFilter
0x409068 SetUnhandledExceptionFilter
0x40906c IsDebuggerPresent
0x409070 HeapAlloc
0x409074 GetLastError
0x409078 HeapFree
0x40907c IsProcessorFeaturePresent
0x409080 InitializeCriticalSectionAndSpinCount
0x409084 DeleteCriticalSection
0x409088 LeaveCriticalSection
0x40908c EnterCriticalSection
0x409090 LoadLibraryW
0x409094 TlsAlloc
0x409098 TlsGetValue
0x40909c TlsSetValue
0x4090a0 TlsFree
0x4090a4 InterlockedIncrement
0x4090a8 SetLastError
0x4090ac GetCurrentThreadId
0x4090b0 InterlockedDecrement
0x4090b4 GetStdHandle
0x4090b8 GetModuleFileNameW
0x4090bc Sleep
0x4090c0 HeapSize
0x4090c4 GetModuleFileNameA
0x4090c8 FreeEnvironmentStringsW
0x4090cc WideCharToMultiByte
0x4090d0 GetEnvironmentStringsW
0x4090d4 SetHandleCount
0x4090d8 GetFileType
0x4090dc HeapCreate
0x4090e0 QueryPerformanceCounter
0x4090e4 GetTickCount
0x4090e8 GetCurrentProcessId
0x4090ec GetSystemTimeAsFileTime
0x4090f0 RtlUnwind
0x4090f4 GetCPInfo
0x4090f8 GetACP
0x4090fc GetOEMCP
0x409100 IsValidCodePage
0x409104 HeapReAlloc
0x409108 LCMapStringW
0x40910c MultiByteToWideChar
0x409110 GetStringTypeW
SHELL32.dll
0x409118 ShellExecuteA
0x40911c SHGetSpecialFolderPathA
EAT(Export Address Table) is none
KERNEL32.dll
0x409000 CreateFileA
0x409004 FindResourceA
0x409008 FreeLibrary
0x40900c LoadResource
0x409010 WriteFile
0x409014 SizeofResource
0x409018 GetProcAddress
0x40901c LoadLibraryA
0x409020 LockResource
0x409024 EnumResourceNamesA
0x409028 CloseHandle
0x40902c FreeResource
0x409030 GetWindowsDirectoryA
0x409034 OutputDebugStringA
0x409038 GetTempPathA
0x40903c GetModuleHandleW
0x409040 ExitProcess
0x409044 DecodePointer
0x409048 EncodePointer
0x40904c GetCommandLineA
0x409050 HeapSetInformation
0x409054 GetStartupInfoW
0x409058 RaiseException
0x40905c TerminateProcess
0x409060 GetCurrentProcess
0x409064 UnhandledExceptionFilter
0x409068 SetUnhandledExceptionFilter
0x40906c IsDebuggerPresent
0x409070 HeapAlloc
0x409074 GetLastError
0x409078 HeapFree
0x40907c IsProcessorFeaturePresent
0x409080 InitializeCriticalSectionAndSpinCount
0x409084 DeleteCriticalSection
0x409088 LeaveCriticalSection
0x40908c EnterCriticalSection
0x409090 LoadLibraryW
0x409094 TlsAlloc
0x409098 TlsGetValue
0x40909c TlsSetValue
0x4090a0 TlsFree
0x4090a4 InterlockedIncrement
0x4090a8 SetLastError
0x4090ac GetCurrentThreadId
0x4090b0 InterlockedDecrement
0x4090b4 GetStdHandle
0x4090b8 GetModuleFileNameW
0x4090bc Sleep
0x4090c0 HeapSize
0x4090c4 GetModuleFileNameA
0x4090c8 FreeEnvironmentStringsW
0x4090cc WideCharToMultiByte
0x4090d0 GetEnvironmentStringsW
0x4090d4 SetHandleCount
0x4090d8 GetFileType
0x4090dc HeapCreate
0x4090e0 QueryPerformanceCounter
0x4090e4 GetTickCount
0x4090e8 GetCurrentProcessId
0x4090ec GetSystemTimeAsFileTime
0x4090f0 RtlUnwind
0x4090f4 GetCPInfo
0x4090f8 GetACP
0x4090fc GetOEMCP
0x409100 IsValidCodePage
0x409104 HeapReAlloc
0x409108 LCMapStringW
0x40910c MultiByteToWideChar
0x409110 GetStringTypeW
SHELL32.dll
0x409118 ShellExecuteA
0x40911c SHGetSpecialFolderPathA
EAT(Export Address Table) is none