ScreenShot
| Created | 2023.12.15 08:46 | Machine | s1_win7_x6403 |
| Filename | 7.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 58fc6de6c4e5d2fda63565d54feb9e75 | ||
| sha256 | 72c98287b2e8f85ea7bb87834b6ce1ce7ce7f41a8c97a81b307d4d4bf900922b | ||
| ssdeep | 12288:FSjMK6lrdOCdlki5Zc0EyR35ksye/X16PJz5tghj+:FSjieCd+i5s+Jks1foxz5Whj+ | ||
| imphash | e259e7887a8fdcfd8f819c076b7ef10c | ||
| impfuzzy | 96:oAkPzJRG4XNnOa1gquTXRvfcJLxm0B9cLTB:oAkL64XNnOaJkOm0BG | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| info | Command line console output was observed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
OLEAUT32.dll
0x479210 VariantCopy
0x479214 SysAllocStringLen
0x479218 SysAllocString
0x47921c SysFreeString
0x479220 SysStringLen
0x479224 VariantClear
USER32.dll
0x47922c CharUpperW
ADVAPI32.dll
0x479000 OpenProcessToken
0x479004 GetFileSecurityW
0x479008 SetFileSecurityW
0x47900c RegQueryValueExW
0x479010 RegCloseKey
0x479014 RegOpenKeyExW
0x479018 AdjustTokenPrivileges
0x47901c LookupPrivilegeValueW
MSVCRT.dll
0x47916c _controlfp
0x479170 __set_app_type
0x479174 __p__fmode
0x479178 __p__commode
0x47917c _adjust_fdiv
0x479180 __setusermatherr
0x479184 _initterm
0x479188 __getmainargs
0x47918c __p___initenv
0x479190 _XcptFilter
0x479194 _exit
0x479198 _onexit
0x47919c __dllonexit
0x4791a0 ??1type_info@@UAE@XZ
0x4791a4 ?terminate@@YAXXZ
0x4791a8 _except_handler3
0x4791ac _beginthreadex
0x4791b0 exit
0x4791b4 realloc
0x4791b8 _ftol
0x4791bc memset
0x4791c0 strlen
0x4791c4 wcscmp
0x4791c8 wcsstr
0x4791cc strcmp
0x4791d0 memmove
0x4791d4 fputs
0x4791d8 fputc
0x4791dc fflush
0x4791e0 fgetc
0x4791e4 _iob
0x4791e8 free
0x4791ec malloc
0x4791f0 memcmp
0x4791f4 _purecall
0x4791f8 memcpy
0x4791fc _CxxThrowException
0x479200 __CxxFrameHandler
0x479204 _isatty
0x479208 _fileno
KERNEL32.dll
0x479024 SetThreadAffinityMask
0x479028 CreateEventW
0x47902c SetEvent
0x479030 ResetEvent
0x479034 CreateSemaphoreW
0x479038 ReleaseSemaphore
0x47903c InitializeCriticalSection
0x479040 WaitForSingleObject
0x479044 SetFileAttributesW
0x479048 InterlockedIncrement
0x47904c GetVersion
0x479050 VirtualFree
0x479054 VirtualAlloc
0x479058 SetConsoleMode
0x47905c GetConsoleMode
0x479060 GetVersionExW
0x479064 SetFileApisToOEM
0x479068 GetCommandLineW
0x47906c GetConsoleScreenBufferInfo
0x479070 SetConsoleCtrlHandler
0x479074 DeleteCriticalSection
0x479078 EnterCriticalSection
0x47907c LeaveCriticalSection
0x479080 QueryPerformanceFrequency
0x479084 QueryPerformanceCounter
0x479088 GetProcessTimes
0x47908c OpenEventW
0x479090 OpenFileMappingW
0x479094 MapViewOfFile
0x479098 UnmapViewOfFile
0x47909c SetProcessAffinityMask
0x4790a0 GetStdHandle
0x4790a4 GetSystemTimeAsFileTime
0x4790a8 FileTimeToDosDateTime
0x4790ac IsProcessorFeaturePresent
0x4790b0 GlobalMemoryStatus
0x4790b4 GetSystemInfo
0x4790b8 GetProcessAffinityMask
0x4790bc FileTimeToLocalFileTime
0x4790c0 FileTimeToSystemTime
0x4790c4 CompareFileTime
0x4790c8 GetCurrentProcess
0x4790cc GetDiskFreeSpaceW
0x4790d0 SetEndOfFile
0x4790d4 WriteFile
0x4790d8 GetLastError
0x4790dc MultiByteToWideChar
0x4790e0 WideCharToMultiByte
0x4790e4 FreeLibrary
0x4790e8 LoadLibraryW
0x4790ec GetModuleFileNameW
0x4790f0 LocalFree
0x4790f4 FormatMessageW
0x4790f8 CloseHandle
0x4790fc SetFileTime
0x479100 CreateFileW
0x479104 ReadFile
0x479108 RemoveDirectoryW
0x47910c MoveFileW
0x479110 GetProcAddress
0x479114 GetModuleHandleW
0x479118 CreateDirectoryW
0x47911c DeleteFileW
0x479120 SetLastError
0x479124 SetCurrentDirectoryW
0x479128 GetCurrentDirectoryW
0x47912c GetTempPathW
0x479130 GetCurrentProcessId
0x479134 GetTickCount
0x479138 GetCurrentThreadId
0x47913c FindClose
0x479140 FindFirstFileW
0x479144 FindNextFileW
0x479148 GetModuleHandleA
0x47914c GetFileAttributesW
0x479150 GetFileInformationByHandle
0x479154 GetLogicalDriveStringsW
0x479158 GetFileSize
0x47915c SetFilePointer
0x479160 DeviceIoControl
0x479164 ResumeThread
EAT(Export Address Table) is none
OLEAUT32.dll
0x479210 VariantCopy
0x479214 SysAllocStringLen
0x479218 SysAllocString
0x47921c SysFreeString
0x479220 SysStringLen
0x479224 VariantClear
USER32.dll
0x47922c CharUpperW
ADVAPI32.dll
0x479000 OpenProcessToken
0x479004 GetFileSecurityW
0x479008 SetFileSecurityW
0x47900c RegQueryValueExW
0x479010 RegCloseKey
0x479014 RegOpenKeyExW
0x479018 AdjustTokenPrivileges
0x47901c LookupPrivilegeValueW
MSVCRT.dll
0x47916c _controlfp
0x479170 __set_app_type
0x479174 __p__fmode
0x479178 __p__commode
0x47917c _adjust_fdiv
0x479180 __setusermatherr
0x479184 _initterm
0x479188 __getmainargs
0x47918c __p___initenv
0x479190 _XcptFilter
0x479194 _exit
0x479198 _onexit
0x47919c __dllonexit
0x4791a0 ??1type_info@@UAE@XZ
0x4791a4 ?terminate@@YAXXZ
0x4791a8 _except_handler3
0x4791ac _beginthreadex
0x4791b0 exit
0x4791b4 realloc
0x4791b8 _ftol
0x4791bc memset
0x4791c0 strlen
0x4791c4 wcscmp
0x4791c8 wcsstr
0x4791cc strcmp
0x4791d0 memmove
0x4791d4 fputs
0x4791d8 fputc
0x4791dc fflush
0x4791e0 fgetc
0x4791e4 _iob
0x4791e8 free
0x4791ec malloc
0x4791f0 memcmp
0x4791f4 _purecall
0x4791f8 memcpy
0x4791fc _CxxThrowException
0x479200 __CxxFrameHandler
0x479204 _isatty
0x479208 _fileno
KERNEL32.dll
0x479024 SetThreadAffinityMask
0x479028 CreateEventW
0x47902c SetEvent
0x479030 ResetEvent
0x479034 CreateSemaphoreW
0x479038 ReleaseSemaphore
0x47903c InitializeCriticalSection
0x479040 WaitForSingleObject
0x479044 SetFileAttributesW
0x479048 InterlockedIncrement
0x47904c GetVersion
0x479050 VirtualFree
0x479054 VirtualAlloc
0x479058 SetConsoleMode
0x47905c GetConsoleMode
0x479060 GetVersionExW
0x479064 SetFileApisToOEM
0x479068 GetCommandLineW
0x47906c GetConsoleScreenBufferInfo
0x479070 SetConsoleCtrlHandler
0x479074 DeleteCriticalSection
0x479078 EnterCriticalSection
0x47907c LeaveCriticalSection
0x479080 QueryPerformanceFrequency
0x479084 QueryPerformanceCounter
0x479088 GetProcessTimes
0x47908c OpenEventW
0x479090 OpenFileMappingW
0x479094 MapViewOfFile
0x479098 UnmapViewOfFile
0x47909c SetProcessAffinityMask
0x4790a0 GetStdHandle
0x4790a4 GetSystemTimeAsFileTime
0x4790a8 FileTimeToDosDateTime
0x4790ac IsProcessorFeaturePresent
0x4790b0 GlobalMemoryStatus
0x4790b4 GetSystemInfo
0x4790b8 GetProcessAffinityMask
0x4790bc FileTimeToLocalFileTime
0x4790c0 FileTimeToSystemTime
0x4790c4 CompareFileTime
0x4790c8 GetCurrentProcess
0x4790cc GetDiskFreeSpaceW
0x4790d0 SetEndOfFile
0x4790d4 WriteFile
0x4790d8 GetLastError
0x4790dc MultiByteToWideChar
0x4790e0 WideCharToMultiByte
0x4790e4 FreeLibrary
0x4790e8 LoadLibraryW
0x4790ec GetModuleFileNameW
0x4790f0 LocalFree
0x4790f4 FormatMessageW
0x4790f8 CloseHandle
0x4790fc SetFileTime
0x479100 CreateFileW
0x479104 ReadFile
0x479108 RemoveDirectoryW
0x47910c MoveFileW
0x479110 GetProcAddress
0x479114 GetModuleHandleW
0x479118 CreateDirectoryW
0x47911c DeleteFileW
0x479120 SetLastError
0x479124 SetCurrentDirectoryW
0x479128 GetCurrentDirectoryW
0x47912c GetTempPathW
0x479130 GetCurrentProcessId
0x479134 GetTickCount
0x479138 GetCurrentThreadId
0x47913c FindClose
0x479140 FindFirstFileW
0x479144 FindNextFileW
0x479148 GetModuleHandleA
0x47914c GetFileAttributesW
0x479150 GetFileInformationByHandle
0x479154 GetLogicalDriveStringsW
0x479158 GetFileSize
0x47915c SetFilePointer
0x479160 DeviceIoControl
0x479164 ResumeThread
EAT(Export Address Table) is none