ScreenShot
| Created | 2024.03.25 09:20 | Machine | s1_win7_x6401 |
| Filename | ncr.hta | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 32 detected (Common, Strictor, unsafe, V1md, CLOUD, ai score=89, Znyonm, MALICIOUS, Chgt, PossibleThreat, confidence) | ||
| md5 | e4fa89413c3b355aaffa71759bae88ea | ||
| sha256 | d1d5a89d99751e1d9be2671f6f29315433990e1109aa633cbfa0fae6ac0f3568 | ||
| ssdeep | 384:y7cqdIxXkRswWS/YWyiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiLiiiiiriiiih:yk0sS7wk0sS71sk0sS7hzk0sS7 | ||
| imphash | ba072a972fe6c47c8cf7a0347bb0af7a | ||
| impfuzzy | 12:IvPXJwdwXJQTZNizhVIGXGXR/UV5N4GjY5vPf1L+/XtAf2hij:InPC1szLXGtI/U5vPtL+/9Af/ | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 32 AntiVirus engines on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
SHELL32.dll
0x403038 ShellExecuteW
KERNEL32.dll
0x403010 SetUnhandledExceptionFilter
0x403014 GetCurrentProcess
0x403018 TerminateProcess
0x40301c UnhandledExceptionFilter
0x403020 GetCurrentProcessId
0x403024 GetCurrentThreadId
0x403028 GetSystemTimeAsFileTime
0x40302c GetTickCount
0x403030 QueryPerformanceCounter
msvcrt.dll
0x403058 _amsg_exit
0x40305c __p__fmode
0x403060 __setusermatherr
0x403064 _initterm
0x403068 _wcmdln
0x40306c ?terminate@@YAXXZ
0x403070 _controlfp
0x403074 _exit
0x403078 exit
0x40307c __p__commode
0x403080 _XcptFilter
0x403084 __set_app_type
0x403088 _except_handler4_common
0x40308c __wgetmainargs
0x403090 _cexit
ADVAPI32.dll
0x403000 EventSetInformation
0x403004 EventWriteTransfer
0x403008 EventRegister
api-ms-win-core-synch-l1-2-0.dll
0x403050 Sleep
api-ms-win-core-processthreads-l1-1-0.dll
0x403048 GetStartupInfoW
api-ms-win-core-libraryloader-l1-2-0.dll
0x403040 GetModuleHandleW
EAT(Export Address Table) is none
SHELL32.dll
0x403038 ShellExecuteW
KERNEL32.dll
0x403010 SetUnhandledExceptionFilter
0x403014 GetCurrentProcess
0x403018 TerminateProcess
0x40301c UnhandledExceptionFilter
0x403020 GetCurrentProcessId
0x403024 GetCurrentThreadId
0x403028 GetSystemTimeAsFileTime
0x40302c GetTickCount
0x403030 QueryPerformanceCounter
msvcrt.dll
0x403058 _amsg_exit
0x40305c __p__fmode
0x403060 __setusermatherr
0x403064 _initterm
0x403068 _wcmdln
0x40306c ?terminate@@YAXXZ
0x403070 _controlfp
0x403074 _exit
0x403078 exit
0x40307c __p__commode
0x403080 _XcptFilter
0x403084 __set_app_type
0x403088 _except_handler4_common
0x40308c __wgetmainargs
0x403090 _cexit
ADVAPI32.dll
0x403000 EventSetInformation
0x403004 EventWriteTransfer
0x403008 EventRegister
api-ms-win-core-synch-l1-2-0.dll
0x403050 Sleep
api-ms-win-core-processthreads-l1-1-0.dll
0x403048 GetStartupInfoW
api-ms-win-core-libraryloader-l1-2-0.dll
0x403040 GetModuleHandleW
EAT(Export Address Table) is none