ScreenShot
| Created | 2023.12.15 08:30 | Machine | s1_win7_x6403 |
| Filename | iox.exe | ||
| Type | PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | |||
| md5 | 9db2d314dd3f704a02051ef5ea210993 | ||
| sha256 | c6cf82919b809967d9d90ea73772a8aa1c1eb3bc59252d977500f64f1a0d6731 | ||
| ssdeep | 49152:rPxfoRnTLWPW2szKDygg0DJ2g7X2gcIT:DxUTN2szK | ||
| imphash | 1cd364a9e949d5ecebd6c614e64bc545 | ||
| impfuzzy | 12:5ObVj7NkOREXPXJHeOAThTAqAGIR6kW0mDruMzTZGHrYXOeUP:UbVjhkO+VuTdLS6kNmDruMztir6UP | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| watch | Detects the presence of Wine emulator |
| info | Command line console output was observed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x634020 WriteFile
0x634028 WriteConsoleW
0x634030 WaitForMultipleObjects
0x634038 WaitForSingleObject
0x634040 VirtualQuery
0x634048 VirtualFree
0x634050 VirtualAlloc
0x634058 SwitchToThread
0x634060 SetWaitableTimer
0x634068 SetUnhandledExceptionFilter
0x634070 SetProcessPriorityBoost
0x634078 SetEvent
0x634080 SetErrorMode
0x634088 SetConsoleCtrlHandler
0x634090 LoadLibraryA
0x634098 LoadLibraryW
0x6340a0 GetSystemInfo
0x6340a8 GetSystemDirectoryA
0x6340b0 GetStdHandle
0x6340b8 GetQueuedCompletionStatus
0x6340c0 GetProcessAffinityMask
0x6340c8 GetProcAddress
0x6340d0 GetEnvironmentStringsW
0x6340d8 GetConsoleMode
0x6340e0 FreeEnvironmentStringsW
0x6340e8 ExitProcess
0x6340f0 DuplicateHandle
0x6340f8 CreateThread
0x634100 CreateIoCompletionPort
0x634108 CreateEventA
0x634110 CloseHandle
0x634118 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x634020 WriteFile
0x634028 WriteConsoleW
0x634030 WaitForMultipleObjects
0x634038 WaitForSingleObject
0x634040 VirtualQuery
0x634048 VirtualFree
0x634050 VirtualAlloc
0x634058 SwitchToThread
0x634060 SetWaitableTimer
0x634068 SetUnhandledExceptionFilter
0x634070 SetProcessPriorityBoost
0x634078 SetEvent
0x634080 SetErrorMode
0x634088 SetConsoleCtrlHandler
0x634090 LoadLibraryA
0x634098 LoadLibraryW
0x6340a0 GetSystemInfo
0x6340a8 GetSystemDirectoryA
0x6340b0 GetStdHandle
0x6340b8 GetQueuedCompletionStatus
0x6340c0 GetProcessAffinityMask
0x6340c8 GetProcAddress
0x6340d0 GetEnvironmentStringsW
0x6340d8 GetConsoleMode
0x6340e0 FreeEnvironmentStringsW
0x6340e8 ExitProcess
0x6340f0 DuplicateHandle
0x6340f8 CreateThread
0x634100 CreateIoCompletionPort
0x634108 CreateEventA
0x634110 CloseHandle
0x634118 AddVectoredExceptionHandler
EAT(Export Address Table) is none