ScreenShot
| Created | 2024.04.12 15:09 | Machine | s1_win7_x6401 |
| Filename | wormr.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | c6f9d01d211a535eb819a7bb0057a77a | ||
| sha256 | 3a7926816890498b4b28caeb0017fc5adea97a222c2c63f2e477e3dab269971a | ||
| ssdeep | 1536:COlCGjrZRlV1eCE6cWzPLoZh4hb0qfWT5M4:DLrV1eCjx0Z2ewWT5r | ||
| imphash | d450bcae35dd205865d1ae0b90837f42 | ||
| impfuzzy | 24:WjE9yGuGK4ti6i19XDI/D8XJYBLBmunEpZwu42d1wYqAo+B7y7qjJZCV1G3bTXgr:/7P/QXJYtjbyrvV7y7qjJZCTGrTXK+qt | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | Foreign language identified in PE resource |
| info | The executable uses a known packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x408044 WaitForSingleObject
0x408048 WinExec
0x40804c WriteFile
0x408050 CreateFileA
0x408054 LockResource
0x408058 LoadResource
0x40805c SizeofResource
0x408060 FindResourceA
0x408064 EnumResourceNamesA
0x408068 EndUpdateResourceA
0x40806c lstrlenA
0x408070 UpdateResourceA
0x408074 GetSystemInfo
0x408078 GlobalFree
0x40807c ReadFile
0x408080 GlobalAlloc
0x408084 GetFileSize
0x408088 GetFileAttributesA
0x40808c lstrcatA
0x408090 GetLastError
0x408094 CopyFileA
0x408098 GetModuleHandleA
0x40809c GetStartupInfoA
0x4080a0 GetComputerNameA
0x4080a4 GetSystemDefaultUILanguage
0x4080a8 GetModuleFileNameA
0x4080ac GetTempPathA
0x4080b0 MoveFileA
0x4080b4 MoveFileExA
0x4080b8 CreateThread
0x4080bc CloseHandle
0x4080c0 GetCurrentProcessId
0x4080c4 lstrcpyA
0x4080c8 GetCurrentProcess
0x4080cc ExitThread
0x4080d0 Sleep
0x4080d4 GetTickCount
0x4080d8 LoadLibraryA
0x4080dc BeginUpdateResourceA
0x4080e0 GetProcAddress
USER32.dll
0x408188 wsprintfA
ADVAPI32.dll
0x408000 OpenSCManagerA
0x408004 LockServiceDatabase
0x408008 ChangeServiceConfig2A
0x40800c UnlockServiceDatabase
0x408010 OpenServiceA
0x408014 StartServiceA
0x408018 RegSetValueExA
0x40801c CloseServiceHandle
0x408020 StartServiceCtrlDispatcherA
0x408024 RegisterServiceCtrlHandlerA
0x408028 SetServiceStatus
0x40802c RegOpenKeyExA
0x408030 RegOpenKeyA
0x408034 RegQueryValueExA
0x408038 RegCloseKey
0x40803c CreateServiceA
MSVCRT.dll
0x4080e8 _initterm
0x4080ec memcpy
0x4080f0 ??3@YAXPAX@Z
0x4080f4 strlen
0x4080f8 sprintf
0x4080fc _controlfp
0x408100 time
0x408104 rand
0x408108 srand
0x40810c memset
0x408110 fprintf
0x408114 printf
0x408118 _except_handler3
0x40811c _local_unwind2
0x408120 __CxxFrameHandler
0x408124 _ftol
0x408128 strcpy
0x40812c strcat
0x408130 strstr
0x408134 atoi
0x408138 exit
0x40813c system
0x408140 strcmp
0x408144 strncmp
0x408148 free
0x40814c ??2@YAPAXI@Z
0x408150 _iob
0x408154 __dllonexit
0x408158 _onexit
0x40815c _exit
0x408160 _XcptFilter
0x408164 _acmdln
0x408168 __getmainargs
0x40816c localtime
0x408170 __setusermatherr
0x408174 _adjust_fdiv
0x408178 __p__commode
0x40817c __p__fmode
0x408180 __set_app_type
WS2_32.dll
0x4081a4 WSACleanup
0x4081a8 sendto
0x4081ac htonl
0x4081b0 setsockopt
0x4081b4 WSAGetLastError
0x4081b8 WSASocketA
0x4081bc socket
0x4081c0 gethostbyname
0x4081c4 send
0x4081c8 recv
0x4081cc __WSAFDIsSet
0x4081d0 select
0x4081d4 htons
0x4081d8 connect
0x4081dc closesocket
0x4081e0 WSAStartup
0x4081e4 inet_addr
0x4081e8 WSAIoctl
WININET.dll
0x408190 InternetOpenA
0x408194 InternetOpenUrlA
0x408198 InternetReadFile
0x40819c InternetCloseHandle
iphlpapi.dll
0x4081f0 GetIfTable
EAT(Export Address Table) is none
KERNEL32.dll
0x408044 WaitForSingleObject
0x408048 WinExec
0x40804c WriteFile
0x408050 CreateFileA
0x408054 LockResource
0x408058 LoadResource
0x40805c SizeofResource
0x408060 FindResourceA
0x408064 EnumResourceNamesA
0x408068 EndUpdateResourceA
0x40806c lstrlenA
0x408070 UpdateResourceA
0x408074 GetSystemInfo
0x408078 GlobalFree
0x40807c ReadFile
0x408080 GlobalAlloc
0x408084 GetFileSize
0x408088 GetFileAttributesA
0x40808c lstrcatA
0x408090 GetLastError
0x408094 CopyFileA
0x408098 GetModuleHandleA
0x40809c GetStartupInfoA
0x4080a0 GetComputerNameA
0x4080a4 GetSystemDefaultUILanguage
0x4080a8 GetModuleFileNameA
0x4080ac GetTempPathA
0x4080b0 MoveFileA
0x4080b4 MoveFileExA
0x4080b8 CreateThread
0x4080bc CloseHandle
0x4080c0 GetCurrentProcessId
0x4080c4 lstrcpyA
0x4080c8 GetCurrentProcess
0x4080cc ExitThread
0x4080d0 Sleep
0x4080d4 GetTickCount
0x4080d8 LoadLibraryA
0x4080dc BeginUpdateResourceA
0x4080e0 GetProcAddress
USER32.dll
0x408188 wsprintfA
ADVAPI32.dll
0x408000 OpenSCManagerA
0x408004 LockServiceDatabase
0x408008 ChangeServiceConfig2A
0x40800c UnlockServiceDatabase
0x408010 OpenServiceA
0x408014 StartServiceA
0x408018 RegSetValueExA
0x40801c CloseServiceHandle
0x408020 StartServiceCtrlDispatcherA
0x408024 RegisterServiceCtrlHandlerA
0x408028 SetServiceStatus
0x40802c RegOpenKeyExA
0x408030 RegOpenKeyA
0x408034 RegQueryValueExA
0x408038 RegCloseKey
0x40803c CreateServiceA
MSVCRT.dll
0x4080e8 _initterm
0x4080ec memcpy
0x4080f0 ??3@YAXPAX@Z
0x4080f4 strlen
0x4080f8 sprintf
0x4080fc _controlfp
0x408100 time
0x408104 rand
0x408108 srand
0x40810c memset
0x408110 fprintf
0x408114 printf
0x408118 _except_handler3
0x40811c _local_unwind2
0x408120 __CxxFrameHandler
0x408124 _ftol
0x408128 strcpy
0x40812c strcat
0x408130 strstr
0x408134 atoi
0x408138 exit
0x40813c system
0x408140 strcmp
0x408144 strncmp
0x408148 free
0x40814c ??2@YAPAXI@Z
0x408150 _iob
0x408154 __dllonexit
0x408158 _onexit
0x40815c _exit
0x408160 _XcptFilter
0x408164 _acmdln
0x408168 __getmainargs
0x40816c localtime
0x408170 __setusermatherr
0x408174 _adjust_fdiv
0x408178 __p__commode
0x40817c __p__fmode
0x408180 __set_app_type
WS2_32.dll
0x4081a4 WSACleanup
0x4081a8 sendto
0x4081ac htonl
0x4081b0 setsockopt
0x4081b4 WSAGetLastError
0x4081b8 WSASocketA
0x4081bc socket
0x4081c0 gethostbyname
0x4081c4 send
0x4081c8 recv
0x4081cc __WSAFDIsSet
0x4081d0 select
0x4081d4 htons
0x4081d8 connect
0x4081dc closesocket
0x4081e0 WSAStartup
0x4081e4 inet_addr
0x4081e8 WSAIoctl
WININET.dll
0x408190 InternetOpenA
0x408194 InternetOpenUrlA
0x408198 InternetReadFile
0x40819c InternetCloseHandle
iphlpapi.dll
0x4081f0 GetIfTable
EAT(Export Address Table) is none