ScreenShot
| Created | 2024.01.08 07:44 | Machine | s1_win7_x6401 |
| Filename | movie.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | bc7963a7d0a8b745e704d22bbc2c3e03 | ||
| sha256 | e46cf506bfb4234c04ff59e043986e5a3b2ff8fa04c316aefdc0d0c0e72a2c18 | ||
| ssdeep | 6144:nC5hyUR+MhyfUj6qfovXYfIrvQ/zabJzYbLkBWBXpMcwLbjJgSqtUg83T36XE24r:v+BovmID/mQmpMcmSSIU16XE2e5L | ||
| imphash | 55ad6bfe47219bd08f4db9b7b6e7d559 | ||
| impfuzzy | 48:Wlb0wRJISQ4S5eZAxEk/iT0MoEvSYTIAPA+0Wy1EVJr+XGMnwA5OBZEKyABQGC+p:3KP9T1jtH7EGHvd | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x420030 HeapCreate
0x420034 GetModuleHandleA
0x420038 CreateEventA
0x42003c WaitForSingleObject
0x420040 CloseHandle
0x420044 HeapDestroy
0x420048 GetModuleFileNameW
0x42004c lstrlenW
0x420050 HeapFree
0x420054 MulDiv
0x420058 GetProcessHeap
0x42005c HeapAlloc
0x420060 GetStartupInfoA
USER32.dll
0x4200fc GetScrollRange
0x420100 GetClassInfoExW
0x420104 GetClassInfoW
0x420108 FillRect
0x42010c CharUpperBuffW
0x420110 DispatchMessageW
0x420114 KillTimer
0x420118 EndMenu
0x42011c PeekMessageW
0x420120 EndPaint
0x420124 FrameRect
0x420128 IsIconic
0x42012c LoadBitmapW
0x420130 GetWindowTextW
0x420134 DestroyWindow
0x420138 SetScrollPos
0x42013c DrawMenuBar
0x420140 GetMenuStringW
0x420144 DrawIcon
0x420148 GetClientRect
0x42014c BeginPaint
0x420150 DeleteMenu
0x420154 LoadIconW
0x420158 CopyImage
0x42015c ShowCaret
0x420160 DefFrameProcW
0x420164 LoadCursorW
0x420168 RegisterClassW
0x42016c SetTimer
0x420170 GetDCEx
0x420174 CreateMenu
0x420178 IsZoomed
0x42017c DrawFocusRect
0x420180 GetSystemMenu
0x420184 GetScrollPos
0x420188 CreateWindowExW
0x42018c GetMenuItemInfoW
0x420190 DestroyMenu
0x420194 GetCursor
0x420198 DefMDIChildProcW
0x42019c ReleaseDC
0x4201a0 GetScrollInfo
0x4201a4 DestroyCursor
0x4201a8 EnableWindow
0x4201ac ShowWindow
0x4201b0 CreateAcceleratorTableW
0x4201b4 InsertMenuW
0x4201b8 GetDlgCtrlID
0x4201bc SetMenuItemInfoW
0x4201c0 CreateIcon
GDI32.dll
0x420000 RestoreDC
0x420004 Polygon
0x420008 MoveToEx
0x42000c CreateICW
0x420010 RectVisible
0x420014 CreatePalette
0x420018 GetTextMetricsW
0x42001c PolyBezierTo
0x420020 SetRectRgn
0x420024 CreateDCW
0x420028 GetWindowOrgEx
ole32.dll
0x4201c8 CoInitialize
0x4201cc CoTaskMemFree
0x4201d0 CoCreateInstance
0x4201d4 CoTaskMemAlloc
0x4201d8 CoUninitialize
OLEAUT32.dll
0x4200b4 SafeArrayCreate
0x4200b8 SafeArrayAccessData
0x4200bc VariantChangeType
0x4200c0 SysFreeString
0x4200c4 SysAllocStringLen
0x4200c8 SafeArrayGetUBound
0x4200cc SafeArrayUnaccessData
0x4200d0 SafeArrayGetElement
0x4200d4 GetErrorInfo
0x4200d8 VariantInit
0x4200dc SysReAllocStringLen
0x4200e0 VariantCopy
0x4200e4 SafeArrayPtrOfIndex
0x4200e8 SafeArrayGetLBound
0x4200ec VariantCopyInd
0x4200f0 SafeArrayPutElement
0x4200f4 VariantClear
MSVCRT.dll
0x420068 __p__fmode
0x42006c _adjust_fdiv
0x420070 __setusermatherr
0x420074 _initterm
0x420078 __getmainargs
0x42007c _acmdln
0x420080 exit
0x420084 _XcptFilter
0x420088 _exit
0x42008c memcpy
0x420090 qsort
0x420094 wcsrchr
0x420098 memset
0x42009c wcschr
0x4200a0 __set_app_type
0x4200a4 _except_handler3
0x4200a8 _controlfp
0x4200ac __p__commode
EAT(Export Address Table) is none
KERNEL32.dll
0x420030 HeapCreate
0x420034 GetModuleHandleA
0x420038 CreateEventA
0x42003c WaitForSingleObject
0x420040 CloseHandle
0x420044 HeapDestroy
0x420048 GetModuleFileNameW
0x42004c lstrlenW
0x420050 HeapFree
0x420054 MulDiv
0x420058 GetProcessHeap
0x42005c HeapAlloc
0x420060 GetStartupInfoA
USER32.dll
0x4200fc GetScrollRange
0x420100 GetClassInfoExW
0x420104 GetClassInfoW
0x420108 FillRect
0x42010c CharUpperBuffW
0x420110 DispatchMessageW
0x420114 KillTimer
0x420118 EndMenu
0x42011c PeekMessageW
0x420120 EndPaint
0x420124 FrameRect
0x420128 IsIconic
0x42012c LoadBitmapW
0x420130 GetWindowTextW
0x420134 DestroyWindow
0x420138 SetScrollPos
0x42013c DrawMenuBar
0x420140 GetMenuStringW
0x420144 DrawIcon
0x420148 GetClientRect
0x42014c BeginPaint
0x420150 DeleteMenu
0x420154 LoadIconW
0x420158 CopyImage
0x42015c ShowCaret
0x420160 DefFrameProcW
0x420164 LoadCursorW
0x420168 RegisterClassW
0x42016c SetTimer
0x420170 GetDCEx
0x420174 CreateMenu
0x420178 IsZoomed
0x42017c DrawFocusRect
0x420180 GetSystemMenu
0x420184 GetScrollPos
0x420188 CreateWindowExW
0x42018c GetMenuItemInfoW
0x420190 DestroyMenu
0x420194 GetCursor
0x420198 DefMDIChildProcW
0x42019c ReleaseDC
0x4201a0 GetScrollInfo
0x4201a4 DestroyCursor
0x4201a8 EnableWindow
0x4201ac ShowWindow
0x4201b0 CreateAcceleratorTableW
0x4201b4 InsertMenuW
0x4201b8 GetDlgCtrlID
0x4201bc SetMenuItemInfoW
0x4201c0 CreateIcon
GDI32.dll
0x420000 RestoreDC
0x420004 Polygon
0x420008 MoveToEx
0x42000c CreateICW
0x420010 RectVisible
0x420014 CreatePalette
0x420018 GetTextMetricsW
0x42001c PolyBezierTo
0x420020 SetRectRgn
0x420024 CreateDCW
0x420028 GetWindowOrgEx
ole32.dll
0x4201c8 CoInitialize
0x4201cc CoTaskMemFree
0x4201d0 CoCreateInstance
0x4201d4 CoTaskMemAlloc
0x4201d8 CoUninitialize
OLEAUT32.dll
0x4200b4 SafeArrayCreate
0x4200b8 SafeArrayAccessData
0x4200bc VariantChangeType
0x4200c0 SysFreeString
0x4200c4 SysAllocStringLen
0x4200c8 SafeArrayGetUBound
0x4200cc SafeArrayUnaccessData
0x4200d0 SafeArrayGetElement
0x4200d4 GetErrorInfo
0x4200d8 VariantInit
0x4200dc SysReAllocStringLen
0x4200e0 VariantCopy
0x4200e4 SafeArrayPtrOfIndex
0x4200e8 SafeArrayGetLBound
0x4200ec VariantCopyInd
0x4200f0 SafeArrayPutElement
0x4200f4 VariantClear
MSVCRT.dll
0x420068 __p__fmode
0x42006c _adjust_fdiv
0x420070 __setusermatherr
0x420074 _initterm
0x420078 __getmainargs
0x42007c _acmdln
0x420080 exit
0x420084 _XcptFilter
0x420088 _exit
0x42008c memcpy
0x420090 qsort
0x420094 wcsrchr
0x420098 memset
0x42009c wcschr
0x4200a0 __set_app_type
0x4200a4 _except_handler3
0x4200a8 _controlfp
0x4200ac __p__commode
EAT(Export Address Table) is none