ScreenShot
| Created | 2024.04.01 07:41 | Machine | s1_win7_x6403 |
| Filename | cmd.10001.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | ce8e1592a4685f349136cb13c12e543f | ||
| sha256 | 40516869f63341f2c9a760ac0faa823a11168fdc0067beef413cd6ed9e858f07 | ||
| ssdeep | 24576:yse92KNwXkWxZiwdMeHRmXKNjhdAT2JSzrSQb92Jco0a:E2K8eexmyj/nCmwo0a | ||
| imphash | c2d457ad8ac36fc9f18d45bffcd450c2 | ||
| impfuzzy | 24:ibVjh9wOuuTkkboVaXOr6kwmDgUPMztxdEr6tl:AwOuUjXOmokx0ol | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x4e7100 WriteFile
0x4e7108 WriteConsoleW
0x4e7110 WerSetFlags
0x4e7118 WerGetFlags
0x4e7120 WaitForMultipleObjects
0x4e7128 WaitForSingleObject
0x4e7130 VirtualQuery
0x4e7138 VirtualFree
0x4e7140 VirtualAlloc
0x4e7148 TlsAlloc
0x4e7150 SwitchToThread
0x4e7158 SuspendThread
0x4e7160 SetWaitableTimer
0x4e7168 SetProcessPriorityBoost
0x4e7170 SetEvent
0x4e7178 SetErrorMode
0x4e7180 SetConsoleCtrlHandler
0x4e7188 RtlVirtualUnwind
0x4e7190 RtlLookupFunctionEntry
0x4e7198 ResumeThread
0x4e71a0 RaiseFailFastException
0x4e71a8 PostQueuedCompletionStatus
0x4e71b0 LoadLibraryW
0x4e71b8 LoadLibraryExW
0x4e71c0 SetThreadContext
0x4e71c8 GetThreadContext
0x4e71d0 GetSystemInfo
0x4e71d8 GetSystemDirectoryA
0x4e71e0 GetStdHandle
0x4e71e8 GetQueuedCompletionStatusEx
0x4e71f0 GetProcessAffinityMask
0x4e71f8 GetProcAddress
0x4e7200 GetErrorMode
0x4e7208 GetEnvironmentStringsW
0x4e7210 GetCurrentThreadId
0x4e7218 GetConsoleMode
0x4e7220 FreeEnvironmentStringsW
0x4e7228 ExitProcess
0x4e7230 DuplicateHandle
0x4e7238 CreateWaitableTimerExW
0x4e7240 CreateThread
0x4e7248 CreateIoCompletionPort
0x4e7250 CreateFileA
0x4e7258 CreateEventA
0x4e7260 CloseHandle
0x4e7268 AddVectoredExceptionHandler
0x4e7270 AddVectoredContinueHandler
EAT(Export Address Table) is none
kernel32.dll
0x4e7100 WriteFile
0x4e7108 WriteConsoleW
0x4e7110 WerSetFlags
0x4e7118 WerGetFlags
0x4e7120 WaitForMultipleObjects
0x4e7128 WaitForSingleObject
0x4e7130 VirtualQuery
0x4e7138 VirtualFree
0x4e7140 VirtualAlloc
0x4e7148 TlsAlloc
0x4e7150 SwitchToThread
0x4e7158 SuspendThread
0x4e7160 SetWaitableTimer
0x4e7168 SetProcessPriorityBoost
0x4e7170 SetEvent
0x4e7178 SetErrorMode
0x4e7180 SetConsoleCtrlHandler
0x4e7188 RtlVirtualUnwind
0x4e7190 RtlLookupFunctionEntry
0x4e7198 ResumeThread
0x4e71a0 RaiseFailFastException
0x4e71a8 PostQueuedCompletionStatus
0x4e71b0 LoadLibraryW
0x4e71b8 LoadLibraryExW
0x4e71c0 SetThreadContext
0x4e71c8 GetThreadContext
0x4e71d0 GetSystemInfo
0x4e71d8 GetSystemDirectoryA
0x4e71e0 GetStdHandle
0x4e71e8 GetQueuedCompletionStatusEx
0x4e71f0 GetProcessAffinityMask
0x4e71f8 GetProcAddress
0x4e7200 GetErrorMode
0x4e7208 GetEnvironmentStringsW
0x4e7210 GetCurrentThreadId
0x4e7218 GetConsoleMode
0x4e7220 FreeEnvironmentStringsW
0x4e7228 ExitProcess
0x4e7230 DuplicateHandle
0x4e7238 CreateWaitableTimerExW
0x4e7240 CreateThread
0x4e7248 CreateIoCompletionPort
0x4e7250 CreateFileA
0x4e7258 CreateEventA
0x4e7260 CloseHandle
0x4e7268 AddVectoredExceptionHandler
0x4e7270 AddVectoredContinueHandler
EAT(Export Address Table) is none