ScreenShot
| Created | 2023.12.24 12:50 | Machine | s1_win7_x6403 |
| Filename | launcher | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | c6a1ab972148e30f1da590a43b107411 | ||
| sha256 | 749c1035385ed05bbcf4100bf8411c0354bd4804147aeac0c68829e6bb7a1dc2 | ||
| ssdeep | 393216:XyFwUPSKpwj4H5QWdUjqxT3g5wThwWRxjqKHGo0dI:WwypGsHGWdUjq93g4hjbjqdo0dI | ||
| imphash | c7a9c503673bbe4feb8930a3d66bc9de | ||
| impfuzzy | 12:GqQsmjEhv57gnQ6oBz3rScHVT3bTOZGqAJcDW:fQsmagnQVJ3rHZadNDW | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
d3d9.dll
0x1407a6000 Direct3DCreate9
WS2_32.dll
0x1407a6010 getsockopt
CRYPT32.dll
0x1407a6020 CertFindExtension
WLDAP32.dll
0x1407a6030 None
Normaliz.dll
0x1407a6040 IdnToUnicode
KERNEL32.dll
0x1407a6050 GetFileInformationByHandle
USER32.dll
0x1407a6060 PostQuitMessage
GDI32.dll
0x1407a6070 GetDeviceCaps
ADVAPI32.dll
0x1407a6080 CryptEncrypt
WINHTTP.dll
0x1407a6090 WinHttpReceiveResponse
crypt.dll
0x1407a60a0 BCryptGenRandom
IMM32.dll
0x1407a60b0 ImmSetCompositionWindow
KERNEL32.dll
0x1407a60c0 GetSystemTimeAsFileTime
KERNEL32.dll
0x1407a60d0 HeapAlloc
0x1407a60d8 HeapFree
0x1407a60e0 ExitProcess
0x1407a60e8 LoadLibraryA
0x1407a60f0 GetModuleHandleA
0x1407a60f8 GetProcAddress
EAT(Export Address Table) is none
d3d9.dll
0x1407a6000 Direct3DCreate9
WS2_32.dll
0x1407a6010 getsockopt
CRYPT32.dll
0x1407a6020 CertFindExtension
WLDAP32.dll
0x1407a6030 None
Normaliz.dll
0x1407a6040 IdnToUnicode
KERNEL32.dll
0x1407a6050 GetFileInformationByHandle
USER32.dll
0x1407a6060 PostQuitMessage
GDI32.dll
0x1407a6070 GetDeviceCaps
ADVAPI32.dll
0x1407a6080 CryptEncrypt
WINHTTP.dll
0x1407a6090 WinHttpReceiveResponse
crypt.dll
0x1407a60a0 BCryptGenRandom
IMM32.dll
0x1407a60b0 ImmSetCompositionWindow
KERNEL32.dll
0x1407a60c0 GetSystemTimeAsFileTime
KERNEL32.dll
0x1407a60d0 HeapAlloc
0x1407a60d8 HeapFree
0x1407a60e0 ExitProcess
0x1407a60e8 LoadLibraryA
0x1407a60f0 GetModuleHandleA
0x1407a60f8 GetProcAddress
EAT(Export Address Table) is none