ScreenShot
| Created | 2024.04.01 07:56 | Machine | s1_win7_x6401 |
| Filename | current.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | ba76ca8c8922219555a894663329c3e5 | ||
| sha256 | e1330b5e8d14691a985bf45fdc726ce7277ee98128791244290e9b5f79200818 | ||
| ssdeep | 6144:9Bu3yjLainfTBWyDAxYhBZsQ1qexRbxNsfblidAarZfhfhWJ:LKyHainfTIyDAABCsqkbxNsfBiWarZfq | ||
| imphash | b2c192dde66d798d732cf15b9e7a6998 | ||
| impfuzzy | 24:arlCkrkSnkcTgVakVH1VV4WWvCD+4EYbKPv9njRZLOtZt5QcrliJ3I+HRyv0T4Q9:arlFDD1v6tZtWcrcC0cg/xkSeVo | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x411000 GetSystemDefaultLangID
0x411004 DebugActiveProcess
0x411008 GetDateFormatW
0x41100c CreateFileA
0x411010 GetConsoleAliasesLengthW
0x411014 GetNumaProcessorNode
0x411018 HeapAlloc
0x41101c InterlockedIncrement
0x411020 HeapFree
0x411024 CreateHardLinkA
0x411028 ConnectNamedPipe
0x41102c GetModuleHandleW
0x411030 ReadConsoleOutputA
0x411034 GlobalAlloc
0x411038 GlobalFindAtomA
0x41103c LoadLibraryW
0x411040 GetLocaleInfoW
0x411044 GetConsoleAliasExesLengthW
0x411048 GetFileAttributesA
0x41104c lstrcpynW
0x411050 GetAtomNameW
0x411054 LocalHandle
0x411058 GetModuleFileNameW
0x41105c FindNextVolumeMountPointW
0x411060 SetConsoleTitleA
0x411064 WritePrivateProfileStringW
0x411068 GetThreadLocale
0x41106c GetProcAddress
0x411070 SetComputerNameA
0x411074 SetCalendarInfoW
0x411078 SetConsoleDisplayMode
0x41107c WaitForMultipleObjects
0x411080 SetSystemTime
0x411084 SetConsoleTitleW
0x411088 HeapSetInformation
0x41108c VirtualProtect
0x411090 GetCurrentDirectoryA
0x411094 DeleteCriticalSection
0x411098 FindAtomW
0x41109c CreateFileW
0x4110a0 ReadFile
0x4110a4 FlushFileBuffers
0x4110a8 EncodePointer
0x4110ac DecodePointer
0x4110b0 ExitProcess
0x4110b4 GetCommandLineW
0x4110b8 GetStartupInfoW
0x4110bc RaiseException
0x4110c0 TerminateProcess
0x4110c4 GetCurrentProcess
0x4110c8 UnhandledExceptionFilter
0x4110cc SetUnhandledExceptionFilter
0x4110d0 IsDebuggerPresent
0x4110d4 GetLastError
0x4110d8 IsProcessorFeaturePresent
0x4110dc WriteFile
0x4110e0 GetStdHandle
0x4110e4 HeapCreate
0x4110e8 EnterCriticalSection
0x4110ec LeaveCriticalSection
0x4110f0 Sleep
0x4110f4 HeapSize
0x4110f8 InitializeCriticalSectionAndSpinCount
0x4110fc TlsAlloc
0x411100 TlsGetValue
0x411104 TlsSetValue
0x411108 TlsFree
0x41110c SetLastError
0x411110 GetCurrentThreadId
0x411114 InterlockedDecrement
0x411118 FreeEnvironmentStringsW
0x41111c GetEnvironmentStringsW
0x411120 SetHandleCount
0x411124 GetFileType
0x411128 QueryPerformanceCounter
0x41112c GetTickCount
0x411130 GetCurrentProcessId
0x411134 GetSystemTimeAsFileTime
0x411138 SetFilePointer
0x41113c WideCharToMultiByte
0x411140 GetConsoleCP
0x411144 GetConsoleMode
0x411148 GetCPInfo
0x41114c GetACP
0x411150 GetOEMCP
0x411154 IsValidCodePage
0x411158 RtlUnwind
0x41115c MultiByteToWideChar
0x411160 HeapReAlloc
0x411164 SetStdHandle
0x411168 WriteConsoleW
0x41116c LCMapStringW
0x411170 GetStringTypeW
0x411174 CloseHandle
USER32.dll
0x41117c GetMonitorInfoW
0x411180 LoadIconA
0x411184 CopyRect
WINHTTP.dll
0x41118c WinHttpCloseHandle
0x411190 WinHttpAddRequestHeaders
EAT(Export Address Table) is none
KERNEL32.dll
0x411000 GetSystemDefaultLangID
0x411004 DebugActiveProcess
0x411008 GetDateFormatW
0x41100c CreateFileA
0x411010 GetConsoleAliasesLengthW
0x411014 GetNumaProcessorNode
0x411018 HeapAlloc
0x41101c InterlockedIncrement
0x411020 HeapFree
0x411024 CreateHardLinkA
0x411028 ConnectNamedPipe
0x41102c GetModuleHandleW
0x411030 ReadConsoleOutputA
0x411034 GlobalAlloc
0x411038 GlobalFindAtomA
0x41103c LoadLibraryW
0x411040 GetLocaleInfoW
0x411044 GetConsoleAliasExesLengthW
0x411048 GetFileAttributesA
0x41104c lstrcpynW
0x411050 GetAtomNameW
0x411054 LocalHandle
0x411058 GetModuleFileNameW
0x41105c FindNextVolumeMountPointW
0x411060 SetConsoleTitleA
0x411064 WritePrivateProfileStringW
0x411068 GetThreadLocale
0x41106c GetProcAddress
0x411070 SetComputerNameA
0x411074 SetCalendarInfoW
0x411078 SetConsoleDisplayMode
0x41107c WaitForMultipleObjects
0x411080 SetSystemTime
0x411084 SetConsoleTitleW
0x411088 HeapSetInformation
0x41108c VirtualProtect
0x411090 GetCurrentDirectoryA
0x411094 DeleteCriticalSection
0x411098 FindAtomW
0x41109c CreateFileW
0x4110a0 ReadFile
0x4110a4 FlushFileBuffers
0x4110a8 EncodePointer
0x4110ac DecodePointer
0x4110b0 ExitProcess
0x4110b4 GetCommandLineW
0x4110b8 GetStartupInfoW
0x4110bc RaiseException
0x4110c0 TerminateProcess
0x4110c4 GetCurrentProcess
0x4110c8 UnhandledExceptionFilter
0x4110cc SetUnhandledExceptionFilter
0x4110d0 IsDebuggerPresent
0x4110d4 GetLastError
0x4110d8 IsProcessorFeaturePresent
0x4110dc WriteFile
0x4110e0 GetStdHandle
0x4110e4 HeapCreate
0x4110e8 EnterCriticalSection
0x4110ec LeaveCriticalSection
0x4110f0 Sleep
0x4110f4 HeapSize
0x4110f8 InitializeCriticalSectionAndSpinCount
0x4110fc TlsAlloc
0x411100 TlsGetValue
0x411104 TlsSetValue
0x411108 TlsFree
0x41110c SetLastError
0x411110 GetCurrentThreadId
0x411114 InterlockedDecrement
0x411118 FreeEnvironmentStringsW
0x41111c GetEnvironmentStringsW
0x411120 SetHandleCount
0x411124 GetFileType
0x411128 QueryPerformanceCounter
0x41112c GetTickCount
0x411130 GetCurrentProcessId
0x411134 GetSystemTimeAsFileTime
0x411138 SetFilePointer
0x41113c WideCharToMultiByte
0x411140 GetConsoleCP
0x411144 GetConsoleMode
0x411148 GetCPInfo
0x41114c GetACP
0x411150 GetOEMCP
0x411154 IsValidCodePage
0x411158 RtlUnwind
0x41115c MultiByteToWideChar
0x411160 HeapReAlloc
0x411164 SetStdHandle
0x411168 WriteConsoleW
0x41116c LCMapStringW
0x411170 GetStringTypeW
0x411174 CloseHandle
USER32.dll
0x41117c GetMonitorInfoW
0x411180 LoadIconA
0x411184 CopyRect
WINHTTP.dll
0x41118c WinHttpCloseHandle
0x411190 WinHttpAddRequestHeaders
EAT(Export Address Table) is none