ScreenShot
| Created | 2024.04.08 18:30 | Machine | s1_win7_x6403 |
| Filename | test2.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 5347852b24409aed42423f0118637f03 | ||
| sha256 | a2e678bb376d2dcec5b7d0abac428c87cd8ae75936e28c03cb4232ae97015131 | ||
| ssdeep | 49152:UAzgjdYG43A0ExPRq88tyqTtrQ5z9jzPi7mv9aM/id8T:UAuUkthD/id8 | ||
| imphash | 73a614cb0128995985b28c4e23869315 | ||
| impfuzzy | 96:n2MrXxtn7geBn0jHOCWeZ26Nv09tlWEmqK5:Nrht8jH/We9I2EmqK5 | ||
Network IP location
Signature (0cnts)
| Level | Description |
|---|
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
cryptprimitives.dll
0x1401ad198 ProcessPrng
kernel32.dll
0x1401ad208 GetQueuedCompletionStatusEx
0x1401ad210 CreateIoCompletionPort
0x1401ad218 PostQueuedCompletionStatus
0x1401ad220 SetHandleInformation
0x1401ad228 LocalFree
0x1401ad230 SetFileCompletionNotificationModes
0x1401ad238 GetSystemInfo
0x1401ad240 Sleep
0x1401ad248 lstrlenW
0x1401ad250 GetCurrentThreadId
0x1401ad258 GetSystemTimeAsFileTime
0x1401ad260 InitializeSListHead
0x1401ad268 IsDebuggerPresent
0x1401ad270 GetCurrentThread
0x1401ad278 GetLastError
0x1401ad280 AddVectoredExceptionHandler
0x1401ad288 SetThreadStackGuarantee
0x1401ad290 SwitchToThread
0x1401ad298 CreateWaitableTimerExW
0x1401ad2a0 SetWaitableTimer
0x1401ad2a8 WaitForSingleObject
0x1401ad2b0 QueryPerformanceCounter
0x1401ad2b8 UnhandledExceptionFilter
0x1401ad2c0 RtlCaptureContext
0x1401ad2c8 RtlVirtualUnwind
0x1401ad2d0 RtlLookupFunctionEntry
0x1401ad2d8 SetLastError
0x1401ad2e0 GetCurrentDirectoryW
0x1401ad2e8 SetUnhandledExceptionFilter
0x1401ad2f0 GetStdHandle
0x1401ad2f8 GetCurrentProcessId
0x1401ad300 FlushInstructionCache
0x1401ad308 QueryPerformanceFrequency
0x1401ad310 GetSystemTimePreciseAsFileTime
0x1401ad318 HeapFree
0x1401ad320 WriteProcessMemory
0x1401ad328 HeapReAlloc
0x1401ad330 ReleaseMutex
0x1401ad338 GetProcessHeap
0x1401ad340 HeapAlloc
0x1401ad348 FindNextFileW
0x1401ad350 FindClose
0x1401ad358 FindFirstFileW
0x1401ad360 GetFinalPathNameByHandleW
0x1401ad368 GetProcAddress
0x1401ad370 GetModuleHandleA
0x1401ad378 GetConsoleMode
0x1401ad380 GetCurrentProcess
0x1401ad388 GetModuleHandleW
0x1401ad390 FormatMessageW
0x1401ad398 MultiByteToWideChar
0x1401ad3a0 WriteConsoleW
0x1401ad3a8 CreateThread
0x1401ad3b0 GetFullPathNameW
0x1401ad3b8 WaitForSingleObjectEx
0x1401ad3c0 LoadLibraryA
0x1401ad3c8 CreateMutexA
0x1401ad3d0 CloseHandle
0x1401ad3d8 GetEnvironmentVariableW
0x1401ad3e0 IsProcessorFeaturePresent
ntdll.dll
0x1401ad3f0 NtCancelIoFileEx
0x1401ad3f8 NtAllocateVirtualMemory
0x1401ad400 NtWaitForSingleObject
0x1401ad408 RtlNtStatusToDosError
0x1401ad410 NtWriteVirtualMemory
0x1401ad418 NtProtectVirtualMemory
0x1401ad420 NtCreateThreadEx
0x1401ad428 NtDeviceIoControlFile
0x1401ad430 NtWriteFile
0x1401ad438 NtCreateFile
secur32.dll
0x1401ad458 AcceptSecurityContext
0x1401ad460 FreeContextBuffer
0x1401ad468 InitializeSecurityContextW
0x1401ad470 EncryptMessage
0x1401ad478 AcquireCredentialsHandleA
0x1401ad480 FreeCredentialsHandle
0x1401ad488 DeleteSecurityContext
0x1401ad490 QueryContextAttributesW
0x1401ad498 DecryptMessage
0x1401ad4a0 ApplyControlToken
advapi32.dll
0x1401ad050 RegOpenKeyExW
0x1401ad058 RegQueryValueExW
0x1401ad060 SystemFunction036
0x1401ad068 RegCloseKey
ws2_32.dll
0x1401ad4c0 send
0x1401ad4c8 recv
0x1401ad4d0 WSAIoctl
0x1401ad4d8 getpeername
0x1401ad4e0 getsockname
0x1401ad4e8 getsockopt
0x1401ad4f0 ioctlsocket
0x1401ad4f8 connect
0x1401ad500 ind
0x1401ad508 WSASocketW
0x1401ad510 setsockopt
0x1401ad518 getaddrinfo
0x1401ad520 WSAGetLastError
0x1401ad528 WSAStartup
0x1401ad530 WSACleanup
0x1401ad538 closesocket
0x1401ad540 shutdown
0x1401ad548 freeaddrinfo
0x1401ad550 WSASend
crypt32.dll
0x1401ad1a8 CertGetCertificateChain
0x1401ad1b0 CertVerifyCertificateChainPolicy
0x1401ad1b8 CertDuplicateCertificateChain
0x1401ad1c0 CertFreeCertificateChain
0x1401ad1c8 CertDuplicateCertificateContext
0x1401ad1d0 CertFreeCertificateContext
0x1401ad1d8 CertEnumCertificatesInStore
0x1401ad1e0 CertAddCertificateContextToStore
0x1401ad1e8 CertOpenStore
0x1401ad1f0 CertCloseStore
0x1401ad1f8 CertDuplicateStore
shell32.dll
0x1401ad4b0 SHGetKnownFolderPath
ole32.dll
0x1401ad448 CoTaskMemFree
crypt.dll
0x1401ad188 BCryptGenRandom
api-ms-win-core-synch-l1-2-0.dll
0x1401ad078 WakeByAddressAll
0x1401ad080 WaitOnAddress
0x1401ad088 WakeByAddressSingle
VCRUNTIME140.dll
0x1401ad000 __current_exception
0x1401ad008 __C_specific_handler
0x1401ad010 __CxxFrameHandler3
0x1401ad018 memcpy
0x1401ad020 memmove
0x1401ad028 memcmp
0x1401ad030 __current_exception_context
0x1401ad038 memset
0x1401ad040 _CxxThrowException
api-ms-win-crt-math-l1-1-0.dll
0x1401ad0c0 __setusermatherr
0x1401ad0c8 pow
api-ms-win-crt-runtime-l1-1-0.dll
0x1401ad0d8 _initialize_narrow_environment
0x1401ad0e0 _get_initial_narrow_environment
0x1401ad0e8 _initterm
0x1401ad0f0 _seh_filter_exe
0x1401ad0f8 exit
0x1401ad100 _configure_narrow_argv
0x1401ad108 __p___argc
0x1401ad110 __p___argv
0x1401ad118 _cexit
0x1401ad120 _c_exit
0x1401ad128 _register_thread_local_exe_atexit_callback
0x1401ad130 _exit
0x1401ad138 _crt_atexit
0x1401ad140 _register_onexit_function
0x1401ad148 _set_app_type
0x1401ad150 _initialize_onexit_table
0x1401ad158 _initterm_e
0x1401ad160 terminate
api-ms-win-crt-stdio-l1-1-0.dll
0x1401ad170 __p__commode
0x1401ad178 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x1401ad0b0 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x1401ad098 free
0x1401ad0a0 _set_new_mode
EAT(Export Address Table) is none
cryptprimitives.dll
0x1401ad198 ProcessPrng
kernel32.dll
0x1401ad208 GetQueuedCompletionStatusEx
0x1401ad210 CreateIoCompletionPort
0x1401ad218 PostQueuedCompletionStatus
0x1401ad220 SetHandleInformation
0x1401ad228 LocalFree
0x1401ad230 SetFileCompletionNotificationModes
0x1401ad238 GetSystemInfo
0x1401ad240 Sleep
0x1401ad248 lstrlenW
0x1401ad250 GetCurrentThreadId
0x1401ad258 GetSystemTimeAsFileTime
0x1401ad260 InitializeSListHead
0x1401ad268 IsDebuggerPresent
0x1401ad270 GetCurrentThread
0x1401ad278 GetLastError
0x1401ad280 AddVectoredExceptionHandler
0x1401ad288 SetThreadStackGuarantee
0x1401ad290 SwitchToThread
0x1401ad298 CreateWaitableTimerExW
0x1401ad2a0 SetWaitableTimer
0x1401ad2a8 WaitForSingleObject
0x1401ad2b0 QueryPerformanceCounter
0x1401ad2b8 UnhandledExceptionFilter
0x1401ad2c0 RtlCaptureContext
0x1401ad2c8 RtlVirtualUnwind
0x1401ad2d0 RtlLookupFunctionEntry
0x1401ad2d8 SetLastError
0x1401ad2e0 GetCurrentDirectoryW
0x1401ad2e8 SetUnhandledExceptionFilter
0x1401ad2f0 GetStdHandle
0x1401ad2f8 GetCurrentProcessId
0x1401ad300 FlushInstructionCache
0x1401ad308 QueryPerformanceFrequency
0x1401ad310 GetSystemTimePreciseAsFileTime
0x1401ad318 HeapFree
0x1401ad320 WriteProcessMemory
0x1401ad328 HeapReAlloc
0x1401ad330 ReleaseMutex
0x1401ad338 GetProcessHeap
0x1401ad340 HeapAlloc
0x1401ad348 FindNextFileW
0x1401ad350 FindClose
0x1401ad358 FindFirstFileW
0x1401ad360 GetFinalPathNameByHandleW
0x1401ad368 GetProcAddress
0x1401ad370 GetModuleHandleA
0x1401ad378 GetConsoleMode
0x1401ad380 GetCurrentProcess
0x1401ad388 GetModuleHandleW
0x1401ad390 FormatMessageW
0x1401ad398 MultiByteToWideChar
0x1401ad3a0 WriteConsoleW
0x1401ad3a8 CreateThread
0x1401ad3b0 GetFullPathNameW
0x1401ad3b8 WaitForSingleObjectEx
0x1401ad3c0 LoadLibraryA
0x1401ad3c8 CreateMutexA
0x1401ad3d0 CloseHandle
0x1401ad3d8 GetEnvironmentVariableW
0x1401ad3e0 IsProcessorFeaturePresent
ntdll.dll
0x1401ad3f0 NtCancelIoFileEx
0x1401ad3f8 NtAllocateVirtualMemory
0x1401ad400 NtWaitForSingleObject
0x1401ad408 RtlNtStatusToDosError
0x1401ad410 NtWriteVirtualMemory
0x1401ad418 NtProtectVirtualMemory
0x1401ad420 NtCreateThreadEx
0x1401ad428 NtDeviceIoControlFile
0x1401ad430 NtWriteFile
0x1401ad438 NtCreateFile
secur32.dll
0x1401ad458 AcceptSecurityContext
0x1401ad460 FreeContextBuffer
0x1401ad468 InitializeSecurityContextW
0x1401ad470 EncryptMessage
0x1401ad478 AcquireCredentialsHandleA
0x1401ad480 FreeCredentialsHandle
0x1401ad488 DeleteSecurityContext
0x1401ad490 QueryContextAttributesW
0x1401ad498 DecryptMessage
0x1401ad4a0 ApplyControlToken
advapi32.dll
0x1401ad050 RegOpenKeyExW
0x1401ad058 RegQueryValueExW
0x1401ad060 SystemFunction036
0x1401ad068 RegCloseKey
ws2_32.dll
0x1401ad4c0 send
0x1401ad4c8 recv
0x1401ad4d0 WSAIoctl
0x1401ad4d8 getpeername
0x1401ad4e0 getsockname
0x1401ad4e8 getsockopt
0x1401ad4f0 ioctlsocket
0x1401ad4f8 connect
0x1401ad500 ind
0x1401ad508 WSASocketW
0x1401ad510 setsockopt
0x1401ad518 getaddrinfo
0x1401ad520 WSAGetLastError
0x1401ad528 WSAStartup
0x1401ad530 WSACleanup
0x1401ad538 closesocket
0x1401ad540 shutdown
0x1401ad548 freeaddrinfo
0x1401ad550 WSASend
crypt32.dll
0x1401ad1a8 CertGetCertificateChain
0x1401ad1b0 CertVerifyCertificateChainPolicy
0x1401ad1b8 CertDuplicateCertificateChain
0x1401ad1c0 CertFreeCertificateChain
0x1401ad1c8 CertDuplicateCertificateContext
0x1401ad1d0 CertFreeCertificateContext
0x1401ad1d8 CertEnumCertificatesInStore
0x1401ad1e0 CertAddCertificateContextToStore
0x1401ad1e8 CertOpenStore
0x1401ad1f0 CertCloseStore
0x1401ad1f8 CertDuplicateStore
shell32.dll
0x1401ad4b0 SHGetKnownFolderPath
ole32.dll
0x1401ad448 CoTaskMemFree
crypt.dll
0x1401ad188 BCryptGenRandom
api-ms-win-core-synch-l1-2-0.dll
0x1401ad078 WakeByAddressAll
0x1401ad080 WaitOnAddress
0x1401ad088 WakeByAddressSingle
VCRUNTIME140.dll
0x1401ad000 __current_exception
0x1401ad008 __C_specific_handler
0x1401ad010 __CxxFrameHandler3
0x1401ad018 memcpy
0x1401ad020 memmove
0x1401ad028 memcmp
0x1401ad030 __current_exception_context
0x1401ad038 memset
0x1401ad040 _CxxThrowException
api-ms-win-crt-math-l1-1-0.dll
0x1401ad0c0 __setusermatherr
0x1401ad0c8 pow
api-ms-win-crt-runtime-l1-1-0.dll
0x1401ad0d8 _initialize_narrow_environment
0x1401ad0e0 _get_initial_narrow_environment
0x1401ad0e8 _initterm
0x1401ad0f0 _seh_filter_exe
0x1401ad0f8 exit
0x1401ad100 _configure_narrow_argv
0x1401ad108 __p___argc
0x1401ad110 __p___argv
0x1401ad118 _cexit
0x1401ad120 _c_exit
0x1401ad128 _register_thread_local_exe_atexit_callback
0x1401ad130 _exit
0x1401ad138 _crt_atexit
0x1401ad140 _register_onexit_function
0x1401ad148 _set_app_type
0x1401ad150 _initialize_onexit_table
0x1401ad158 _initterm_e
0x1401ad160 terminate
api-ms-win-crt-stdio-l1-1-0.dll
0x1401ad170 __p__commode
0x1401ad178 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x1401ad0b0 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x1401ad098 free
0x1401ad0a0 _set_new_mode
EAT(Export Address Table) is none