ScreenShot
| Created | 2023.12.15 08:34 | Machine | s1_win7_x6403 |
| Filename | build.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | fc887357dde165e9b08b72b2202d5ca2 | ||
| sha256 | 55072bf248e6d52ddda86827cf40002ec216a8e92e1dbfd01a6e1d8b69c3b010 | ||
| ssdeep | 6144:uqphllr9ZNSMfOhIiP7Hm089dvYFZloH8:11r3/feIiP7mTvvYFZloH8 | ||
| imphash | 737dd90f6413684b448474eca7db9fe4 | ||
| impfuzzy | 48:qVoME9Sm/eFR+2/4jxQHQXiX1PnvKlTJGAYJ861k1vcqTjr:qWMEgm4RH/4jxQHQXiX1PviTJGt661mH | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | Creates a suspicious process |
| info | Command line console output was observed |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140018394 AddAtomA
0x14001839c AddVectoredExceptionHandler
0x1400183a4 CloseHandle
0x1400183ac CreateEventA
0x1400183b4 CreateMutexA
0x1400183bc CreateSemaphoreA
0x1400183c4 DeleteAtom
0x1400183cc DeleteCriticalSection
0x1400183d4 DuplicateHandle
0x1400183dc EnterCriticalSection
0x1400183e4 FindAtomA
0x1400183ec FormatMessageA
0x1400183f4 GetAtomNameA
0x1400183fc GetCurrentProcess
0x140018404 GetCurrentProcessId
0x14001840c GetCurrentThread
0x140018414 GetCurrentThreadId
0x14001841c GetHandleInformation
0x140018424 GetLastError
0x14001842c GetProcessAffinityMask
0x140018434 GetStartupInfoA
0x14001843c GetSystemTimeAsFileTime
0x140018444 GetThreadContext
0x14001844c GetThreadPriority
0x140018454 GetTickCount
0x14001845c InitializeCriticalSection
0x140018464 IsDBCSLeadByteEx
0x14001846c IsDebuggerPresent
0x140018474 LeaveCriticalSection
0x14001847c LocalFree
0x140018484 MultiByteToWideChar
0x14001848c OpenProcess
0x140018494 OutputDebugStringA
0x14001849c QueryPerformanceCounter
0x1400184a4 QueryPerformanceFrequency
0x1400184ac RaiseException
0x1400184b4 ReleaseMutex
0x1400184bc ReleaseSemaphore
0x1400184c4 RemoveVectoredExceptionHandler
0x1400184cc ResetEvent
0x1400184d4 ResumeThread
0x1400184dc SetEvent
0x1400184e4 SetLastError
0x1400184ec SetProcessAffinityMask
0x1400184f4 SetThreadContext
0x1400184fc SetThreadPriority
0x140018504 SetUnhandledExceptionFilter
0x14001850c Sleep
0x140018514 SuspendThread
0x14001851c TlsAlloc
0x140018524 TlsGetValue
0x14001852c TlsSetValue
0x140018534 TryEnterCriticalSection
0x14001853c VirtualProtect
0x140018544 VirtualQuery
0x14001854c WaitForMultipleObjects
0x140018554 WaitForSingleObject
0x14001855c WideCharToMultiByte
0x140018564 __C_specific_handler
msvcrt.dll
0x140018574 ___lc_codepage_func
0x14001857c ___mb_cur_max_func
0x140018584 __getmainargs
0x14001858c __initenv
0x140018594 __iob_func
0x14001859c __lconv_init
0x1400185a4 __set_app_type
0x1400185ac __setusermatherr
0x1400185b4 _acmdln
0x1400185bc _amsg_exit
0x1400185c4 _beginthreadex
0x1400185cc _cexit
0x1400185d4 _commode
0x1400185dc _endthreadex
0x1400185e4 _errno
0x1400185ec _fmode
0x1400185f4 _initterm
0x1400185fc _lock
0x140018604 _memccpy
0x14001860c _onexit
0x140018614 _setjmp
0x14001861c _strdup
0x140018624 _ultoa
0x14001862c _unlock
0x140018634 abort
0x14001863c calloc
0x140018644 exit
0x14001864c fprintf
0x140018654 fputc
0x14001865c free
0x140018664 fwrite
0x14001866c localeconv
0x140018674 longjmp
0x14001867c malloc
0x140018684 memcpy
0x14001868c memmove
0x140018694 memset
0x14001869c printf
0x1400186a4 realloc
0x1400186ac signal
0x1400186b4 strerror
0x1400186bc strlen
0x1400186c4 strncmp
0x1400186cc system
0x1400186d4 vfprintf
0x1400186dc wcslen
EAT(Export Address Table) is none
KERNEL32.dll
0x140018394 AddAtomA
0x14001839c AddVectoredExceptionHandler
0x1400183a4 CloseHandle
0x1400183ac CreateEventA
0x1400183b4 CreateMutexA
0x1400183bc CreateSemaphoreA
0x1400183c4 DeleteAtom
0x1400183cc DeleteCriticalSection
0x1400183d4 DuplicateHandle
0x1400183dc EnterCriticalSection
0x1400183e4 FindAtomA
0x1400183ec FormatMessageA
0x1400183f4 GetAtomNameA
0x1400183fc GetCurrentProcess
0x140018404 GetCurrentProcessId
0x14001840c GetCurrentThread
0x140018414 GetCurrentThreadId
0x14001841c GetHandleInformation
0x140018424 GetLastError
0x14001842c GetProcessAffinityMask
0x140018434 GetStartupInfoA
0x14001843c GetSystemTimeAsFileTime
0x140018444 GetThreadContext
0x14001844c GetThreadPriority
0x140018454 GetTickCount
0x14001845c InitializeCriticalSection
0x140018464 IsDBCSLeadByteEx
0x14001846c IsDebuggerPresent
0x140018474 LeaveCriticalSection
0x14001847c LocalFree
0x140018484 MultiByteToWideChar
0x14001848c OpenProcess
0x140018494 OutputDebugStringA
0x14001849c QueryPerformanceCounter
0x1400184a4 QueryPerformanceFrequency
0x1400184ac RaiseException
0x1400184b4 ReleaseMutex
0x1400184bc ReleaseSemaphore
0x1400184c4 RemoveVectoredExceptionHandler
0x1400184cc ResetEvent
0x1400184d4 ResumeThread
0x1400184dc SetEvent
0x1400184e4 SetLastError
0x1400184ec SetProcessAffinityMask
0x1400184f4 SetThreadContext
0x1400184fc SetThreadPriority
0x140018504 SetUnhandledExceptionFilter
0x14001850c Sleep
0x140018514 SuspendThread
0x14001851c TlsAlloc
0x140018524 TlsGetValue
0x14001852c TlsSetValue
0x140018534 TryEnterCriticalSection
0x14001853c VirtualProtect
0x140018544 VirtualQuery
0x14001854c WaitForMultipleObjects
0x140018554 WaitForSingleObject
0x14001855c WideCharToMultiByte
0x140018564 __C_specific_handler
msvcrt.dll
0x140018574 ___lc_codepage_func
0x14001857c ___mb_cur_max_func
0x140018584 __getmainargs
0x14001858c __initenv
0x140018594 __iob_func
0x14001859c __lconv_init
0x1400185a4 __set_app_type
0x1400185ac __setusermatherr
0x1400185b4 _acmdln
0x1400185bc _amsg_exit
0x1400185c4 _beginthreadex
0x1400185cc _cexit
0x1400185d4 _commode
0x1400185dc _endthreadex
0x1400185e4 _errno
0x1400185ec _fmode
0x1400185f4 _initterm
0x1400185fc _lock
0x140018604 _memccpy
0x14001860c _onexit
0x140018614 _setjmp
0x14001861c _strdup
0x140018624 _ultoa
0x14001862c _unlock
0x140018634 abort
0x14001863c calloc
0x140018644 exit
0x14001864c fprintf
0x140018654 fputc
0x14001865c free
0x140018664 fwrite
0x14001866c localeconv
0x140018674 longjmp
0x14001867c malloc
0x140018684 memcpy
0x14001868c memmove
0x140018694 memset
0x14001869c printf
0x1400186a4 realloc
0x1400186ac signal
0x1400186b4 strerror
0x1400186bc strlen
0x1400186c4 strncmp
0x1400186cc system
0x1400186d4 vfprintf
0x1400186dc wcslen
EAT(Export Address Table) is none