ScreenShot
| Created | 2023.12.12 08:00 | Machine | s1_win7_x6401 |
| Filename | gpupdate.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | |||
| md5 | d03630dc968aae232a10fc0507727977 | ||
| sha256 | c9b5ab87aa09c521ab00abe664291bb2e833f018f0c8f3c00b719e35f101f140 | ||
| ssdeep | 12288:0zYbDqnj2GqNqHUDjvAYE9XuLk4AfANMMBKoociXh8NPhLXlD1zXxMAPqNaoT+r5:Hbunj2Giq0fIIKoo4NPhLCEmTvkEhuN | ||
| imphash | db4ab6e1189e6a7c04676f37a85daa4b | ||
| impfuzzy | 24:dYZMSA02t3bSxoeD/chyJnc+plv85vNZLOovbOdJsTpzZHu9hZlXuxz9Qp:QAt3bSO8cAc+pGJb63dhZ5ul96 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | HKTL_CobaltStrike_Beacon_Strings | Identifies strings used in Cobalt Strike Beacon DLL | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140201000 GetLastError
0x140201008 WideCharToMultiByte
0x140201010 CloseHandle
0x140201018 MultiByteToWideChar
0x140201020 CreateFileW
0x140201028 ReadConsoleW
0x140201030 ReadFile
0x140201038 SetFilePointerEx
0x140201040 GetFileSizeEx
0x140201048 GetConsoleMode
0x140201050 GetCurrentThreadId
0x140201058 RtlCaptureContext
0x140201060 RtlLookupFunctionEntry
0x140201068 RtlVirtualUnwind
0x140201070 UnhandledExceptionFilter
0x140201078 SetUnhandledExceptionFilter
0x140201080 GetCurrentProcess
0x140201088 TerminateProcess
0x140201090 IsProcessorFeaturePresent
0x140201098 IsDebuggerPresent
0x1402010a0 RaiseException
0x1402010a8 QueryPerformanceCounter
0x1402010b0 GetCurrentProcessId
0x1402010b8 GetSystemTimeAsFileTime
0x1402010c0 InitializeSListHead
0x1402010c8 GetStartupInfoW
0x1402010d0 GetModuleHandleW
0x1402010d8 HeapAlloc
0x1402010e0 HeapFree
0x1402010e8 GetProcessHeap
0x1402010f0 VirtualQuery
0x1402010f8 FreeLibrary
0x140201100 GetProcAddress
0x140201108 RtlUnwindEx
0x140201110 InterlockedPushEntrySList
0x140201118 InterlockedFlushSList
0x140201120 GetModuleFileNameW
0x140201128 LoadLibraryExW
0x140201130 SetLastError
0x140201138 EnterCriticalSection
0x140201140 LeaveCriticalSection
0x140201148 DeleteCriticalSection
0x140201150 InitializeCriticalSectionAndSpinCount
0x140201158 TlsAlloc
0x140201160 TlsGetValue
0x140201168 TlsSetValue
0x140201170 TlsFree
0x140201178 EncodePointer
0x140201180 RtlPcToFileHeader
0x140201188 GetStdHandle
0x140201190 GetFileType
0x140201198 GetModuleHandleExW
0x1402011a0 WriteConsoleW
0x1402011a8 WriteFile
0x1402011b0 ExitProcess
0x1402011b8 GetCommandLineA
0x1402011c0 GetCommandLineW
0x1402011c8 HeapSize
0x1402011d0 HeapValidate
0x1402011d8 GetSystemInfo
0x1402011e0 OutputDebugStringW
0x1402011e8 SetConsoleCtrlHandler
0x1402011f0 GetCurrentThread
0x1402011f8 FindClose
0x140201200 FindFirstFileExW
0x140201208 FindNextFileW
0x140201210 IsValidCodePage
0x140201218 GetACP
0x140201220 GetOEMCP
0x140201228 GetCPInfo
0x140201230 GetEnvironmentStringsW
0x140201238 FreeEnvironmentStringsW
0x140201240 SetEnvironmentVariableW
0x140201248 SetStdHandle
0x140201250 GetStringTypeW
0x140201258 GetLocaleInfoW
0x140201260 IsValidLocale
0x140201268 GetUserDefaultLCID
0x140201270 EnumSystemLocalesW
0x140201278 GetTempPathW
0x140201280 FlsAlloc
0x140201288 FlsGetValue
0x140201290 FlsSetValue
0x140201298 FlsFree
0x1402012a0 GetDateFormatW
0x1402012a8 GetTimeFormatW
0x1402012b0 CompareStringW
0x1402012b8 LCMapStringW
0x1402012c0 HeapReAlloc
0x1402012c8 HeapQueryInformation
0x1402012d0 FlushFileBuffers
0x1402012d8 GetConsoleOutputCP
0x1402012e0 RtlUnwind
USER32.dll
0x1402013d0 CharLowerA
ole32.dll
0x140201430 CoTaskMemAlloc
0x140201438 CoTaskMemFree
EAT(Export Address Table) is none
KERNEL32.dll
0x140201000 GetLastError
0x140201008 WideCharToMultiByte
0x140201010 CloseHandle
0x140201018 MultiByteToWideChar
0x140201020 CreateFileW
0x140201028 ReadConsoleW
0x140201030 ReadFile
0x140201038 SetFilePointerEx
0x140201040 GetFileSizeEx
0x140201048 GetConsoleMode
0x140201050 GetCurrentThreadId
0x140201058 RtlCaptureContext
0x140201060 RtlLookupFunctionEntry
0x140201068 RtlVirtualUnwind
0x140201070 UnhandledExceptionFilter
0x140201078 SetUnhandledExceptionFilter
0x140201080 GetCurrentProcess
0x140201088 TerminateProcess
0x140201090 IsProcessorFeaturePresent
0x140201098 IsDebuggerPresent
0x1402010a0 RaiseException
0x1402010a8 QueryPerformanceCounter
0x1402010b0 GetCurrentProcessId
0x1402010b8 GetSystemTimeAsFileTime
0x1402010c0 InitializeSListHead
0x1402010c8 GetStartupInfoW
0x1402010d0 GetModuleHandleW
0x1402010d8 HeapAlloc
0x1402010e0 HeapFree
0x1402010e8 GetProcessHeap
0x1402010f0 VirtualQuery
0x1402010f8 FreeLibrary
0x140201100 GetProcAddress
0x140201108 RtlUnwindEx
0x140201110 InterlockedPushEntrySList
0x140201118 InterlockedFlushSList
0x140201120 GetModuleFileNameW
0x140201128 LoadLibraryExW
0x140201130 SetLastError
0x140201138 EnterCriticalSection
0x140201140 LeaveCriticalSection
0x140201148 DeleteCriticalSection
0x140201150 InitializeCriticalSectionAndSpinCount
0x140201158 TlsAlloc
0x140201160 TlsGetValue
0x140201168 TlsSetValue
0x140201170 TlsFree
0x140201178 EncodePointer
0x140201180 RtlPcToFileHeader
0x140201188 GetStdHandle
0x140201190 GetFileType
0x140201198 GetModuleHandleExW
0x1402011a0 WriteConsoleW
0x1402011a8 WriteFile
0x1402011b0 ExitProcess
0x1402011b8 GetCommandLineA
0x1402011c0 GetCommandLineW
0x1402011c8 HeapSize
0x1402011d0 HeapValidate
0x1402011d8 GetSystemInfo
0x1402011e0 OutputDebugStringW
0x1402011e8 SetConsoleCtrlHandler
0x1402011f0 GetCurrentThread
0x1402011f8 FindClose
0x140201200 FindFirstFileExW
0x140201208 FindNextFileW
0x140201210 IsValidCodePage
0x140201218 GetACP
0x140201220 GetOEMCP
0x140201228 GetCPInfo
0x140201230 GetEnvironmentStringsW
0x140201238 FreeEnvironmentStringsW
0x140201240 SetEnvironmentVariableW
0x140201248 SetStdHandle
0x140201250 GetStringTypeW
0x140201258 GetLocaleInfoW
0x140201260 IsValidLocale
0x140201268 GetUserDefaultLCID
0x140201270 EnumSystemLocalesW
0x140201278 GetTempPathW
0x140201280 FlsAlloc
0x140201288 FlsGetValue
0x140201290 FlsSetValue
0x140201298 FlsFree
0x1402012a0 GetDateFormatW
0x1402012a8 GetTimeFormatW
0x1402012b0 CompareStringW
0x1402012b8 LCMapStringW
0x1402012c0 HeapReAlloc
0x1402012c8 HeapQueryInformation
0x1402012d0 FlushFileBuffers
0x1402012d8 GetConsoleOutputCP
0x1402012e0 RtlUnwind
USER32.dll
0x1402013d0 CharLowerA
ole32.dll
0x140201430 CoTaskMemAlloc
0x140201438 CoTaskMemFree
EAT(Export Address Table) is none