ScreenShot
| Created | 2023.12.15 08:32 | Machine | s1_win7_x6401 |
| Filename | zjq.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 7426f45e80013988c47df9618e9e147c | ||
| sha256 | 68ba83d55b2b3f1e4e6ca38fe1c8bbf95d3e0a6c8804484643d33af2c135f902 | ||
| ssdeep | 1536:MAB2SK+dmfdmT6soyimaPXRYgGeWkSdL3lRnAUvMFMQiNjRs09QTm96XQZ:hB27MK1Y+SdL3lRnoqR79QpAZ | ||
| imphash | 9c83b566c4df06e0307cfadb697cf291 | ||
| impfuzzy | 24:8fg1JmncJ8a0meOX0MC95XGDZ8k1K1oDqNuZn:8fg1ccJLebzJGV8k1uoqk | ||
Network IP location
Signature (0cnts)
| Level | Description |
|---|
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | MinGW | Used MinGW (Win GCC) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40821c DeleteCriticalSection
0x408224 EnterCriticalSection
0x40822c GetCurrentProcess
0x408234 GetCurrentProcessId
0x40823c GetCurrentThreadId
0x408244 GetLastError
0x40824c GetStartupInfoA
0x408254 GetSystemTimeAsFileTime
0x40825c GetTickCount
0x408264 InitializeCriticalSection
0x40826c LeaveCriticalSection
0x408274 QueryPerformanceCounter
0x40827c RtlAddFunctionTable
0x408284 RtlCaptureContext
0x40828c RtlLookupFunctionEntry
0x408294 RtlVirtualUnwind
0x40829c SetUnhandledExceptionFilter
0x4082a4 Sleep
0x4082ac TerminateProcess
0x4082b4 TlsGetValue
0x4082bc UnhandledExceptionFilter
0x4082c4 VirtualAlloc
0x4082cc VirtualFree
0x4082d4 VirtualProtect
0x4082dc VirtualQuery
msvcrt.dll
0x4082ec __C_specific_handler
0x4082f4 __dllonexit
0x4082fc __getmainargs
0x408304 __initenv
0x40830c __iob_func
0x408314 __lconv_init
0x40831c __set_app_type
0x408324 __setusermatherr
0x40832c _acmdln
0x408334 _amsg_exit
0x40833c _cexit
0x408344 _fmode
0x40834c _initterm
0x408354 _lock
0x40835c _onexit
0x408364 _unlock
0x40836c abort
0x408374 calloc
0x40837c exit
0x408384 fclose
0x40838c fgets
0x408394 fopen
0x40839c fprintf
0x4083a4 free
0x4083ac fwrite
0x4083b4 malloc
0x4083bc memcpy
0x4083c4 puts
0x4083cc signal
0x4083d4 sscanf
0x4083dc strlen
0x4083e4 strncmp
0x4083ec vfprintf
EAT(Export Address Table) is none
KERNEL32.dll
0x40821c DeleteCriticalSection
0x408224 EnterCriticalSection
0x40822c GetCurrentProcess
0x408234 GetCurrentProcessId
0x40823c GetCurrentThreadId
0x408244 GetLastError
0x40824c GetStartupInfoA
0x408254 GetSystemTimeAsFileTime
0x40825c GetTickCount
0x408264 InitializeCriticalSection
0x40826c LeaveCriticalSection
0x408274 QueryPerformanceCounter
0x40827c RtlAddFunctionTable
0x408284 RtlCaptureContext
0x40828c RtlLookupFunctionEntry
0x408294 RtlVirtualUnwind
0x40829c SetUnhandledExceptionFilter
0x4082a4 Sleep
0x4082ac TerminateProcess
0x4082b4 TlsGetValue
0x4082bc UnhandledExceptionFilter
0x4082c4 VirtualAlloc
0x4082cc VirtualFree
0x4082d4 VirtualProtect
0x4082dc VirtualQuery
msvcrt.dll
0x4082ec __C_specific_handler
0x4082f4 __dllonexit
0x4082fc __getmainargs
0x408304 __initenv
0x40830c __iob_func
0x408314 __lconv_init
0x40831c __set_app_type
0x408324 __setusermatherr
0x40832c _acmdln
0x408334 _amsg_exit
0x40833c _cexit
0x408344 _fmode
0x40834c _initterm
0x408354 _lock
0x40835c _onexit
0x408364 _unlock
0x40836c abort
0x408374 calloc
0x40837c exit
0x408384 fclose
0x40838c fgets
0x408394 fopen
0x40839c fprintf
0x4083a4 free
0x4083ac fwrite
0x4083b4 malloc
0x4083bc memcpy
0x4083c4 puts
0x4083cc signal
0x4083d4 sscanf
0x4083dc strlen
0x4083e4 strncmp
0x4083ec vfprintf
EAT(Export Address Table) is none