ScreenShot
| Created | 2024.03.21 07:19 | Machine | s1_win7_x6403 |
| Filename | timeSync.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 287c0ab11acffca7b5ce14f4d8ae3f4d | ||
| sha256 | 8cbafb0ebfb5e7d1cdd0970e10083d987106413aa1dc36df7e9f906d213c7bc1 | ||
| ssdeep | 3072:H9wnPgPpDuBJhXV8y3t3HvMxoBa+xrCvfnJj2Mu5WDeph3s1dP4oriARVF8TMCkA:HqnPgPpD4XVH39/x2q8eTs/vriKVkk | ||
| imphash | b15b414076b0d8dd5fe0c12cfe7bf2ab | ||
| impfuzzy | 24:0wTHbb69Jw35CzovObDpdTI11iOov5s5Dcdy8Rnlyv9EJ3IjSIFjMjVAxbc:V7o+Co38sxcLK98MSIyAxQ | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40900c InterlockedIncrement
0x409010 GetProfileSectionA
0x409014 SetComputerNameW
0x409018 SetEvent
0x40901c GetNumaAvailableMemoryNode
0x409020 GetModuleHandleW
0x409024 GetTickCount
0x409028 LoadLibraryW
0x40902c GetFileAttributesA
0x409030 HeapCreate
0x409034 HeapValidate
0x409038 GetAtomNameW
0x40903c GetModuleFileNameW
0x409040 FindNextVolumeMountPointW
0x409044 SetUnhandledExceptionFilter
0x409048 GetConsoleOutputCP
0x40904c GetLastError
0x409050 GetCurrentDirectoryW
0x409054 GetThreadLocale
0x409058 ReadConsoleOutputCharacterA
0x40905c GetProcAddress
0x409060 HeapSize
0x409064 LoadLibraryA
0x409068 SetCalendarInfoW
0x40906c GlobalFindAtomW
0x409070 CreatePipe
0x409074 FindAtomW
0x409078 SetStdHandle
0x40907c SetFilePointer
0x409080 GetLocaleInfoA
0x409084 SetConsoleTitleA
0x409088 CreateFileA
0x40908c WriteConsoleW
0x409090 CloseHandle
0x409094 HeapAlloc
0x409098 HeapReAlloc
0x40909c GetCommandLineA
0x4090a0 HeapSetInformation
0x4090a4 GetStartupInfoW
0x4090a8 TerminateProcess
0x4090ac GetCurrentProcess
0x4090b0 UnhandledExceptionFilter
0x4090b4 IsDebuggerPresent
0x4090b8 ExitProcess
0x4090bc DecodePointer
0x4090c0 WriteFile
0x4090c4 GetStdHandle
0x4090c8 EncodePointer
0x4090cc EnterCriticalSection
0x4090d0 LeaveCriticalSection
0x4090d4 HeapFree
0x4090d8 GetModuleFileNameA
0x4090dc FreeEnvironmentStringsW
0x4090e0 WideCharToMultiByte
0x4090e4 GetEnvironmentStringsW
0x4090e8 SetHandleCount
0x4090ec InitializeCriticalSectionAndSpinCount
0x4090f0 GetFileType
0x4090f4 DeleteCriticalSection
0x4090f8 TlsAlloc
0x4090fc TlsGetValue
0x409100 TlsSetValue
0x409104 TlsFree
0x409108 SetLastError
0x40910c GetCurrentThreadId
0x409110 InterlockedDecrement
0x409114 QueryPerformanceCounter
0x409118 GetCurrentProcessId
0x40911c GetSystemTimeAsFileTime
0x409120 Sleep
0x409124 RtlUnwind
0x409128 GetCPInfo
0x40912c GetACP
0x409130 GetOEMCP
0x409134 IsValidCodePage
0x409138 MultiByteToWideChar
0x40913c GetConsoleCP
0x409140 GetConsoleMode
0x409144 FlushFileBuffers
0x409148 IsProcessorFeaturePresent
0x40914c LCMapStringW
0x409150 GetStringTypeW
0x409154 ReadFile
0x409158 CreateFileW
USER32.dll
0x409160 GetMonitorInfoW
ADVAPI32.dll
0x409000 OpenThreadToken
0x409004 IsValidSid
WINHTTP.dll
0x409168 WinHttpCreateUrl
EAT(Export Address Table) is none
KERNEL32.dll
0x40900c InterlockedIncrement
0x409010 GetProfileSectionA
0x409014 SetComputerNameW
0x409018 SetEvent
0x40901c GetNumaAvailableMemoryNode
0x409020 GetModuleHandleW
0x409024 GetTickCount
0x409028 LoadLibraryW
0x40902c GetFileAttributesA
0x409030 HeapCreate
0x409034 HeapValidate
0x409038 GetAtomNameW
0x40903c GetModuleFileNameW
0x409040 FindNextVolumeMountPointW
0x409044 SetUnhandledExceptionFilter
0x409048 GetConsoleOutputCP
0x40904c GetLastError
0x409050 GetCurrentDirectoryW
0x409054 GetThreadLocale
0x409058 ReadConsoleOutputCharacterA
0x40905c GetProcAddress
0x409060 HeapSize
0x409064 LoadLibraryA
0x409068 SetCalendarInfoW
0x40906c GlobalFindAtomW
0x409070 CreatePipe
0x409074 FindAtomW
0x409078 SetStdHandle
0x40907c SetFilePointer
0x409080 GetLocaleInfoA
0x409084 SetConsoleTitleA
0x409088 CreateFileA
0x40908c WriteConsoleW
0x409090 CloseHandle
0x409094 HeapAlloc
0x409098 HeapReAlloc
0x40909c GetCommandLineA
0x4090a0 HeapSetInformation
0x4090a4 GetStartupInfoW
0x4090a8 TerminateProcess
0x4090ac GetCurrentProcess
0x4090b0 UnhandledExceptionFilter
0x4090b4 IsDebuggerPresent
0x4090b8 ExitProcess
0x4090bc DecodePointer
0x4090c0 WriteFile
0x4090c4 GetStdHandle
0x4090c8 EncodePointer
0x4090cc EnterCriticalSection
0x4090d0 LeaveCriticalSection
0x4090d4 HeapFree
0x4090d8 GetModuleFileNameA
0x4090dc FreeEnvironmentStringsW
0x4090e0 WideCharToMultiByte
0x4090e4 GetEnvironmentStringsW
0x4090e8 SetHandleCount
0x4090ec InitializeCriticalSectionAndSpinCount
0x4090f0 GetFileType
0x4090f4 DeleteCriticalSection
0x4090f8 TlsAlloc
0x4090fc TlsGetValue
0x409100 TlsSetValue
0x409104 TlsFree
0x409108 SetLastError
0x40910c GetCurrentThreadId
0x409110 InterlockedDecrement
0x409114 QueryPerformanceCounter
0x409118 GetCurrentProcessId
0x40911c GetSystemTimeAsFileTime
0x409120 Sleep
0x409124 RtlUnwind
0x409128 GetCPInfo
0x40912c GetACP
0x409130 GetOEMCP
0x409134 IsValidCodePage
0x409138 MultiByteToWideChar
0x40913c GetConsoleCP
0x409140 GetConsoleMode
0x409144 FlushFileBuffers
0x409148 IsProcessorFeaturePresent
0x40914c LCMapStringW
0x409150 GetStringTypeW
0x409154 ReadFile
0x409158 CreateFileW
USER32.dll
0x409160 GetMonitorInfoW
ADVAPI32.dll
0x409000 OpenThreadToken
0x409004 IsValidSid
WINHTTP.dll
0x409168 WinHttpCreateUrl
EAT(Export Address Table) is none