ScreenShot
| Created | 2024.01.16 07:59 | Machine | s1_win7_x6401 |
| Filename | 2-3-1_2023-12-14_13-35.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 95f70460434d32448cfb8e78e77edb14 | ||
| sha256 | 28a08faeade7234ec9b0e78b780c1787137581641c57ef6e8088d314b447751a | ||
| ssdeep | 3072:yRxm2/NDzdE3AlymGqo8bMufXYcNEFyxWvdOD5oF1KDsBTgn:yRxd/NDzmMymFBbMuDeFyxSpPUsBT | ||
| imphash | 1d53e2bb204b1531bc66fb5a5f6443a4 | ||
| impfuzzy | 24:Btkrk4XBJexFfkUBZ6duy4lJcDX3/4jUvuUTM6YKrxvQvtKLOovJ50+cfplOFQ8h:Mp6fpZ6duyR2dEgtK6grcfp/bSZb | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x420008 CreateFileA
0x42000c GlobalDeleteAtom
0x420010 EnumCalendarInfoA
0x420014 GetConsoleAliasesLengthW
0x420018 InterlockedIncrement
0x42001c GetCurrentProcess
0x420020 InterlockedCompareExchange
0x420024 GetComputerNameW
0x420028 OpenSemaphoreA
0x42002c GetModuleHandleW
0x420030 GetTickCount
0x420034 GlobalAlloc
0x420038 LoadLibraryW
0x42003c Sleep
0x420040 AssignProcessToJobObject
0x420044 SizeofResource
0x420048 GetSystemWindowsDirectoryA
0x42004c EnumResourceLanguagesA
0x420050 GetVolumePathNameA
0x420054 FlushFileBuffers
0x420058 LCMapStringA
0x42005c InterlockedExchange
0x420060 OpenMutexW
0x420064 GetComputerNameA
0x420068 SetLastError
0x42006c GetProcAddress
0x420070 GetProcessHeaps
0x420074 VirtualAlloc
0x420078 BeginUpdateResourceW
0x42007c BackupWrite
0x420080 EnumDateFormatsExA
0x420084 SetComputerNameA
0x420088 LoadLibraryA
0x42008c CreateFileMappingA
0x420090 FindFirstVolumeMountPointW
0x420094 GlobalFindAtomW
0x420098 CreateIoCompletionPort
0x42009c FindFirstChangeNotificationA
0x4200a0 VirtualProtect
0x4200a4 SetCalendarInfoA
0x4200a8 GetVersionExA
0x4200ac FindAtomW
0x4200b0 GlobalAddAtomW
0x4200b4 OpenFileMappingA
0x4200b8 TlsFree
0x4200bc GetLastError
0x4200c0 GetFullPathNameW
0x4200c4 UnhandledExceptionFilter
0x4200c8 SetUnhandledExceptionFilter
0x4200cc ExitProcess
0x4200d0 GetCommandLineA
0x4200d4 GetStartupInfoA
0x4200d8 WriteFile
0x4200dc GetStdHandle
0x4200e0 GetModuleFileNameA
0x4200e4 GetCPInfo
0x4200e8 InterlockedDecrement
0x4200ec GetACP
0x4200f0 GetOEMCP
0x4200f4 IsValidCodePage
0x4200f8 TlsGetValue
0x4200fc TlsAlloc
0x420100 TlsSetValue
0x420104 GetCurrentThreadId
0x420108 HeapSize
0x42010c HeapFree
0x420110 TerminateProcess
0x420114 IsDebuggerPresent
0x420118 DeleteCriticalSection
0x42011c LeaveCriticalSection
0x420120 EnterCriticalSection
0x420124 InitializeCriticalSectionAndSpinCount
0x420128 FreeEnvironmentStringsA
0x42012c GetEnvironmentStrings
0x420130 FreeEnvironmentStringsW
0x420134 WideCharToMultiByte
0x420138 GetEnvironmentStringsW
0x42013c SetHandleCount
0x420140 GetFileType
0x420144 HeapCreate
0x420148 VirtualFree
0x42014c QueryPerformanceCounter
0x420150 GetCurrentProcessId
0x420154 GetSystemTimeAsFileTime
0x420158 MultiByteToWideChar
0x42015c LCMapStringW
0x420160 GetStringTypeA
0x420164 GetStringTypeW
0x420168 GetLocaleInfoA
0x42016c HeapAlloc
0x420170 HeapReAlloc
0x420174 RtlUnwind
GDI32.dll
0x420000 GetDeviceGammaRamp
EAT(Export Address Table) is none
KERNEL32.dll
0x420008 CreateFileA
0x42000c GlobalDeleteAtom
0x420010 EnumCalendarInfoA
0x420014 GetConsoleAliasesLengthW
0x420018 InterlockedIncrement
0x42001c GetCurrentProcess
0x420020 InterlockedCompareExchange
0x420024 GetComputerNameW
0x420028 OpenSemaphoreA
0x42002c GetModuleHandleW
0x420030 GetTickCount
0x420034 GlobalAlloc
0x420038 LoadLibraryW
0x42003c Sleep
0x420040 AssignProcessToJobObject
0x420044 SizeofResource
0x420048 GetSystemWindowsDirectoryA
0x42004c EnumResourceLanguagesA
0x420050 GetVolumePathNameA
0x420054 FlushFileBuffers
0x420058 LCMapStringA
0x42005c InterlockedExchange
0x420060 OpenMutexW
0x420064 GetComputerNameA
0x420068 SetLastError
0x42006c GetProcAddress
0x420070 GetProcessHeaps
0x420074 VirtualAlloc
0x420078 BeginUpdateResourceW
0x42007c BackupWrite
0x420080 EnumDateFormatsExA
0x420084 SetComputerNameA
0x420088 LoadLibraryA
0x42008c CreateFileMappingA
0x420090 FindFirstVolumeMountPointW
0x420094 GlobalFindAtomW
0x420098 CreateIoCompletionPort
0x42009c FindFirstChangeNotificationA
0x4200a0 VirtualProtect
0x4200a4 SetCalendarInfoA
0x4200a8 GetVersionExA
0x4200ac FindAtomW
0x4200b0 GlobalAddAtomW
0x4200b4 OpenFileMappingA
0x4200b8 TlsFree
0x4200bc GetLastError
0x4200c0 GetFullPathNameW
0x4200c4 UnhandledExceptionFilter
0x4200c8 SetUnhandledExceptionFilter
0x4200cc ExitProcess
0x4200d0 GetCommandLineA
0x4200d4 GetStartupInfoA
0x4200d8 WriteFile
0x4200dc GetStdHandle
0x4200e0 GetModuleFileNameA
0x4200e4 GetCPInfo
0x4200e8 InterlockedDecrement
0x4200ec GetACP
0x4200f0 GetOEMCP
0x4200f4 IsValidCodePage
0x4200f8 TlsGetValue
0x4200fc TlsAlloc
0x420100 TlsSetValue
0x420104 GetCurrentThreadId
0x420108 HeapSize
0x42010c HeapFree
0x420110 TerminateProcess
0x420114 IsDebuggerPresent
0x420118 DeleteCriticalSection
0x42011c LeaveCriticalSection
0x420120 EnterCriticalSection
0x420124 InitializeCriticalSectionAndSpinCount
0x420128 FreeEnvironmentStringsA
0x42012c GetEnvironmentStrings
0x420130 FreeEnvironmentStringsW
0x420134 WideCharToMultiByte
0x420138 GetEnvironmentStringsW
0x42013c SetHandleCount
0x420140 GetFileType
0x420144 HeapCreate
0x420148 VirtualFree
0x42014c QueryPerformanceCounter
0x420150 GetCurrentProcessId
0x420154 GetSystemTimeAsFileTime
0x420158 MultiByteToWideChar
0x42015c LCMapStringW
0x420160 GetStringTypeA
0x420164 GetStringTypeW
0x420168 GetLocaleInfoA
0x42016c HeapAlloc
0x420170 HeapReAlloc
0x420174 RtlUnwind
GDI32.dll
0x420000 GetDeviceGammaRamp
EAT(Export Address Table) is none