ScreenShot
| Created | 2023.12.26 07:52 | Machine | s1_win7_x6403 |
| Filename | timeSync.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | e3ded33168c7758f7f04792b755ff57a | ||
| sha256 | 4c8d23a8beed45f76088d52945ba5e2c88313a0242413f990eaa5ce69a1946b6 | ||
| ssdeep | 3072:OB81RLHpUWYz+BlZgmAOWCOxwf5e0tOMtM9nRPaWEND:08vLJUWYz+HZgJCdfo0M3ab | ||
| imphash | d592f9fbc648747984999d4f80ee816c | ||
| impfuzzy | 24:+P25sdTlJcDYeCToRxv+Gyq24K2+fcgGBt1nncHuOZyvnRT4iTpBtKlGHFE:7sdNY+S+fcgGBt1nMuRcitBtKb | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x427014 BackupSeek
0x427018 GetModuleHandleW
0x42701c GetCommConfig
0x427020 GetProcessHeap
0x427024 LoadLibraryW
0x427028 SizeofResource
0x42702c CreateFileW
0x427030 ExitThread
0x427034 GetVolumePathNameA
0x427038 InterlockedExchange
0x42703c GetLastError
0x427040 SetLastError
0x427044 GetProcAddress
0x427048 VirtualAlloc
0x42704c BeginUpdateResourceW
0x427050 OpenMutexA
0x427054 WriteConsoleA
0x427058 LocalAlloc
0x42705c RemoveDirectoryW
0x427060 CreateHardLinkA
0x427064 AddAtomA
0x427068 OpenJobObjectW
0x42706c DeviceIoControl
0x427070 GlobalFindAtomW
0x427074 FindFirstVolumeMountPointA
0x427078 VirtualProtect
0x42707c _lopen
0x427080 GetVersionExA
0x427084 FindAtomW
0x427088 GetWindowsDirectoryW
0x42708c EnumResourceLanguagesW
0x427090 OpenFileMappingA
0x427094 SuspendThread
0x427098 LCMapStringW
0x42709c lstrcpyA
0x4270a0 EnumCalendarInfoW
0x4270a4 GetCurrentProcess
0x4270a8 InterlockedIncrement
0x4270ac BeginUpdateResourceA
0x4270b0 GetComputerNameA
0x4270b4 InterlockedDecrement
0x4270b8 Sleep
0x4270bc InitializeCriticalSection
0x4270c0 DeleteCriticalSection
0x4270c4 EnterCriticalSection
0x4270c8 LeaveCriticalSection
0x4270cc GetStartupInfoW
0x4270d0 RaiseException
0x4270d4 RtlUnwind
0x4270d8 UnhandledExceptionFilter
0x4270dc SetUnhandledExceptionFilter
0x4270e0 HeapFree
0x4270e4 GetCPInfo
0x4270e8 GetACP
0x4270ec GetOEMCP
0x4270f0 IsValidCodePage
0x4270f4 TlsGetValue
0x4270f8 TlsAlloc
0x4270fc TlsSetValue
0x427100 TlsFree
0x427104 GetCurrentThreadId
0x427108 TerminateProcess
0x42710c IsDebuggerPresent
0x427110 HeapAlloc
0x427114 ExitProcess
0x427118 WriteFile
0x42711c GetStdHandle
0x427120 GetModuleFileNameA
0x427124 GetModuleFileNameW
0x427128 FreeEnvironmentStringsW
0x42712c GetEnvironmentStringsW
0x427130 GetCommandLineW
0x427134 SetHandleCount
0x427138 GetFileType
0x42713c GetStartupInfoA
0x427140 HeapCreate
0x427144 VirtualFree
0x427148 QueryPerformanceCounter
0x42714c GetTickCount
0x427150 GetCurrentProcessId
0x427154 GetSystemTimeAsFileTime
0x427158 HeapSize
0x42715c HeapReAlloc
0x427160 GetLocaleInfoA
0x427164 GetStringTypeA
0x427168 MultiByteToWideChar
0x42716c GetStringTypeW
0x427170 LCMapStringA
0x427174 WideCharToMultiByte
0x427178 GetModuleHandleA
0x42717c LoadLibraryA
0x427180 InitializeCriticalSectionAndSpinCount
USER32.dll
0x427188 SetCaretPos
0x42718c WindowFromDC
GDI32.dll
0x42700c GetDeviceGammaRamp
ADVAPI32.dll
0x427000 BackupEventLogA
0x427004 ClearEventLogA
EAT(Export Address Table) is none
KERNEL32.dll
0x427014 BackupSeek
0x427018 GetModuleHandleW
0x42701c GetCommConfig
0x427020 GetProcessHeap
0x427024 LoadLibraryW
0x427028 SizeofResource
0x42702c CreateFileW
0x427030 ExitThread
0x427034 GetVolumePathNameA
0x427038 InterlockedExchange
0x42703c GetLastError
0x427040 SetLastError
0x427044 GetProcAddress
0x427048 VirtualAlloc
0x42704c BeginUpdateResourceW
0x427050 OpenMutexA
0x427054 WriteConsoleA
0x427058 LocalAlloc
0x42705c RemoveDirectoryW
0x427060 CreateHardLinkA
0x427064 AddAtomA
0x427068 OpenJobObjectW
0x42706c DeviceIoControl
0x427070 GlobalFindAtomW
0x427074 FindFirstVolumeMountPointA
0x427078 VirtualProtect
0x42707c _lopen
0x427080 GetVersionExA
0x427084 FindAtomW
0x427088 GetWindowsDirectoryW
0x42708c EnumResourceLanguagesW
0x427090 OpenFileMappingA
0x427094 SuspendThread
0x427098 LCMapStringW
0x42709c lstrcpyA
0x4270a0 EnumCalendarInfoW
0x4270a4 GetCurrentProcess
0x4270a8 InterlockedIncrement
0x4270ac BeginUpdateResourceA
0x4270b0 GetComputerNameA
0x4270b4 InterlockedDecrement
0x4270b8 Sleep
0x4270bc InitializeCriticalSection
0x4270c0 DeleteCriticalSection
0x4270c4 EnterCriticalSection
0x4270c8 LeaveCriticalSection
0x4270cc GetStartupInfoW
0x4270d0 RaiseException
0x4270d4 RtlUnwind
0x4270d8 UnhandledExceptionFilter
0x4270dc SetUnhandledExceptionFilter
0x4270e0 HeapFree
0x4270e4 GetCPInfo
0x4270e8 GetACP
0x4270ec GetOEMCP
0x4270f0 IsValidCodePage
0x4270f4 TlsGetValue
0x4270f8 TlsAlloc
0x4270fc TlsSetValue
0x427100 TlsFree
0x427104 GetCurrentThreadId
0x427108 TerminateProcess
0x42710c IsDebuggerPresent
0x427110 HeapAlloc
0x427114 ExitProcess
0x427118 WriteFile
0x42711c GetStdHandle
0x427120 GetModuleFileNameA
0x427124 GetModuleFileNameW
0x427128 FreeEnvironmentStringsW
0x42712c GetEnvironmentStringsW
0x427130 GetCommandLineW
0x427134 SetHandleCount
0x427138 GetFileType
0x42713c GetStartupInfoA
0x427140 HeapCreate
0x427144 VirtualFree
0x427148 QueryPerformanceCounter
0x42714c GetTickCount
0x427150 GetCurrentProcessId
0x427154 GetSystemTimeAsFileTime
0x427158 HeapSize
0x42715c HeapReAlloc
0x427160 GetLocaleInfoA
0x427164 GetStringTypeA
0x427168 MultiByteToWideChar
0x42716c GetStringTypeW
0x427170 LCMapStringA
0x427174 WideCharToMultiByte
0x427178 GetModuleHandleA
0x42717c LoadLibraryA
0x427180 InitializeCriticalSectionAndSpinCount
USER32.dll
0x427188 SetCaretPos
0x42718c WindowFromDC
GDI32.dll
0x42700c GetDeviceGammaRamp
ADVAPI32.dll
0x427000 BackupEventLogA
0x427004 ClearEventLogA
EAT(Export Address Table) is none