ScreenShot
| Created | 2024.04.03 07:44 | Machine | s1_win7_x6401 |
| Filename | poc.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 7098e2467a9d9569b0a8054b2d9d3e96 | ||
| sha256 | ae9c335764e6a21a6e09be414e3e6e41753e877aba6a8597fca2d7ea182006db | ||
| ssdeep | 3072:fNJbKIhzzk7ScLU2ExfqZguySlk6VFYmOtomdB:fvXzqNL/ExfkguRFydB | ||
| imphash | 46f0e900dfa7e915e36f6b82189c55c7 | ||
| impfuzzy | 24:tkfjBcVQjZ9L0uBbS6bi6926mM9h29HD4Tg94upAbzAKaihfHRtBy7JYDMLSYSy1:CfNcVEL5Bbirkdk1YwLSYSV0Rd | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14001c2b0 CreateThread
0x14001c2b8 DeleteCriticalSection
0x14001c2c0 EnterCriticalSection
0x14001c2c8 GetLastError
0x14001c2d0 InitializeCriticalSection
0x14001c2d8 LeaveCriticalSection
0x14001c2e0 SetUnhandledExceptionFilter
0x14001c2e8 Sleep
0x14001c2f0 TlsGetValue
0x14001c2f8 VirtualAlloc
0x14001c300 VirtualProtect
0x14001c308 VirtualQuery
0x14001c310 WaitForSingleObject
api-ms-win-crt-environment-l1-1-0.dll
0x14001c320 __p__environ
0x14001c328 __p__wenviron
api-ms-win-crt-heap-l1-1-0.dll
0x14001c338 _set_new_mode
0x14001c340 calloc
0x14001c348 free
0x14001c350 malloc
api-ms-win-crt-math-l1-1-0.dll
0x14001c360 __setusermatherr
api-ms-win-crt-private-l1-1-0.dll
0x14001c370 __C_specific_handler
0x14001c378 memcpy
0x14001c380 memmove
api-ms-win-crt-runtime-l1-1-0.dll
0x14001c390 __p___argc
0x14001c398 __p___argv
0x14001c3a0 __p___wargv
0x14001c3a8 _cexit
0x14001c3b0 _configure_narrow_argv
0x14001c3b8 _configure_wide_argv
0x14001c3c0 _crt_at_quick_exit
0x14001c3c8 _crt_atexit
0x14001c3d0 _exit
0x14001c3d8 _initialize_narrow_environment
0x14001c3e0 _initialize_wide_environment
0x14001c3e8 _initterm
0x14001c3f0 _set_app_type
0x14001c3f8 _set_invalid_parameter_handler
0x14001c400 abort
0x14001c408 exit
0x14001c410 signal
api-ms-win-crt-stdio-l1-1-0.dll
0x14001c420 __acrt_iob_func
0x14001c428 __p__commode
0x14001c430 __p__fmode
0x14001c438 __stdio_common_vfprintf
0x14001c440 __stdio_common_vfwprintf
0x14001c448 fwrite
api-ms-win-crt-string-l1-1-0.dll
0x14001c458 strlen
0x14001c460 strncmp
api-ms-win-crt-time-l1-1-0.dll
0x14001c470 __daylight
0x14001c478 __timezone
0x14001c480 __tzname
0x14001c488 _tzset
EAT(Export Address Table) is none
KERNEL32.dll
0x14001c2b0 CreateThread
0x14001c2b8 DeleteCriticalSection
0x14001c2c0 EnterCriticalSection
0x14001c2c8 GetLastError
0x14001c2d0 InitializeCriticalSection
0x14001c2d8 LeaveCriticalSection
0x14001c2e0 SetUnhandledExceptionFilter
0x14001c2e8 Sleep
0x14001c2f0 TlsGetValue
0x14001c2f8 VirtualAlloc
0x14001c300 VirtualProtect
0x14001c308 VirtualQuery
0x14001c310 WaitForSingleObject
api-ms-win-crt-environment-l1-1-0.dll
0x14001c320 __p__environ
0x14001c328 __p__wenviron
api-ms-win-crt-heap-l1-1-0.dll
0x14001c338 _set_new_mode
0x14001c340 calloc
0x14001c348 free
0x14001c350 malloc
api-ms-win-crt-math-l1-1-0.dll
0x14001c360 __setusermatherr
api-ms-win-crt-private-l1-1-0.dll
0x14001c370 __C_specific_handler
0x14001c378 memcpy
0x14001c380 memmove
api-ms-win-crt-runtime-l1-1-0.dll
0x14001c390 __p___argc
0x14001c398 __p___argv
0x14001c3a0 __p___wargv
0x14001c3a8 _cexit
0x14001c3b0 _configure_narrow_argv
0x14001c3b8 _configure_wide_argv
0x14001c3c0 _crt_at_quick_exit
0x14001c3c8 _crt_atexit
0x14001c3d0 _exit
0x14001c3d8 _initialize_narrow_environment
0x14001c3e0 _initialize_wide_environment
0x14001c3e8 _initterm
0x14001c3f0 _set_app_type
0x14001c3f8 _set_invalid_parameter_handler
0x14001c400 abort
0x14001c408 exit
0x14001c410 signal
api-ms-win-crt-stdio-l1-1-0.dll
0x14001c420 __acrt_iob_func
0x14001c428 __p__commode
0x14001c430 __p__fmode
0x14001c438 __stdio_common_vfprintf
0x14001c440 __stdio_common_vfwprintf
0x14001c448 fwrite
api-ms-win-crt-string-l1-1-0.dll
0x14001c458 strlen
0x14001c460 strncmp
api-ms-win-crt-time-l1-1-0.dll
0x14001c470 __daylight
0x14001c478 __timezone
0x14001c480 __tzname
0x14001c488 _tzset
EAT(Export Address Table) is none