ScreenShot
| Created | 2024.04.30 07:35 | Machine | s1_win7_x6403 |
| Filename | nc.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 39 detected (AIDetectMalware, NetCat, GenericPMF, S519521, Tool, unsafe, Save, Attribute, HighConfidence, malicious, high confidence, RemoteAdmin, AB potentially unsafe, FileRepMalware, NetTool, bdjcw, HackTool, CLASSIC, Swrort, Detected, Malware@#2dvdauwhvkdjy, NetCatTool, ACIZ, AppCare, Xema, GenAsa, A4aPacTnkXA, NylLqj) | ||
| md5 | a5a74d73fbf4a6f0b75f074de316277e | ||
| sha256 | 4f46ef9f5543cd4ca10f4908886e78dccf77b66e5ede7de8e6ec59148309b88b | ||
| ssdeep | 1536:fN73r1u2oMdLz3e/wqBXG50ekkAQXRZl:fB3r8y3e4qBXUjZl | ||
| imphash | 817ba6863ea361b46ad51f6d64ce5e28 | ||
| impfuzzy | 24:EfKAR9G/asOn32Br+v3TLpOov+biPu8Gp4l3RQbpV0X1DkTR8MVyvaBgFQH8EdP:Kkug5iVGpUt2V8baB/dP | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 39 AntiVirus engines on VirusTotal as malicious |
| info | Command line console output was observed |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | NMap | NMAP | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x40b120 __WSAFDIsSet
0x40b124 select
0x40b128 listen
0x40b12c getsockname
0x40b130 recvfrom
0x40b134 accept
0x40b138 WSASetLastError
0x40b13c socket
0x40b140 setsockopt
0x40b144 ind
0x40b148 connect
0x40b14c htons
0x40b150 getservbyport
0x40b154 ntohs
0x40b158 getservbyname
0x40b15c inet_addr
0x40b160 gethostbyname
0x40b164 inet_ntoa
0x40b168 gethostbyaddr
0x40b16c WSAGetLastError
0x40b170 WSAStartup
0x40b174 WSACleanup
0x40b178 closesocket
0x40b17c recv
0x40b180 send
KERNEL32.dll
0x40b000 GetCommandLineA
0x40b004 CreateFileA
0x40b008 GetNumberOfConsoleInputEvents
0x40b00c PeekConsoleInputA
0x40b010 LCMapStringW
0x40b014 LCMapStringA
0x40b018 GetSystemInfo
0x40b01c VirtualProtect
0x40b020 GetLocaleInfoA
0x40b024 GetStringTypeW
0x40b028 GetStringTypeA
0x40b02c HeapSize
0x40b030 SetStdHandle
0x40b034 SetFilePointer
0x40b038 SetEnvironmentVariableA
0x40b03c GetOEMCP
0x40b040 GetACP
0x40b044 CompareStringW
0x40b048 GetCPInfo
0x40b04c MultiByteToWideChar
0x40b050 CompareStringA
0x40b054 VirtualQuery
0x40b058 GetLastError
0x40b05c CloseHandle
0x40b060 CreateProcessA
0x40b064 DuplicateHandle
0x40b068 GetCurrentProcess
0x40b06c ExitThread
0x40b070 Sleep
0x40b074 ReadFile
0x40b078 PeekNamedPipe
0x40b07c WriteFile
0x40b080 CreatePipe
0x40b084 DisconnectNamedPipe
0x40b088 TerminateProcess
0x40b08c WaitForMultipleObjects
0x40b090 TerminateThread
0x40b094 CreateThread
0x40b098 GetStdHandle
0x40b09c FreeConsole
0x40b0a0 ExitProcess
0x40b0a4 HeapFree
0x40b0a8 HeapAlloc
0x40b0ac GetProcAddress
0x40b0b0 GetModuleHandleA
0x40b0b4 GetSystemTimeAsFileTime
0x40b0b8 SetEndOfFile
0x40b0bc GetVersionExA
0x40b0c0 QueryPerformanceCounter
0x40b0c4 GetTickCount
0x40b0c8 GetCurrentThreadId
0x40b0cc GetCurrentProcessId
0x40b0d0 GetModuleFileNameA
0x40b0d4 HeapDestroy
0x40b0d8 HeapCreate
0x40b0dc VirtualFree
0x40b0e0 VirtualAlloc
0x40b0e4 HeapReAlloc
0x40b0e8 WideCharToMultiByte
0x40b0ec SetHandleCount
0x40b0f0 GetFileType
0x40b0f4 GetStartupInfoA
0x40b0f8 FlushFileBuffers
0x40b0fc RtlUnwind
0x40b100 UnhandledExceptionFilter
0x40b104 FreeEnvironmentStringsA
0x40b108 GetEnvironmentStrings
0x40b10c FreeEnvironmentStringsW
0x40b110 GetEnvironmentStringsW
0x40b114 LoadLibraryA
0x40b118 InterlockedExchange
EAT(Export Address Table) is none
WS2_32.dll
0x40b120 __WSAFDIsSet
0x40b124 select
0x40b128 listen
0x40b12c getsockname
0x40b130 recvfrom
0x40b134 accept
0x40b138 WSASetLastError
0x40b13c socket
0x40b140 setsockopt
0x40b144 ind
0x40b148 connect
0x40b14c htons
0x40b150 getservbyport
0x40b154 ntohs
0x40b158 getservbyname
0x40b15c inet_addr
0x40b160 gethostbyname
0x40b164 inet_ntoa
0x40b168 gethostbyaddr
0x40b16c WSAGetLastError
0x40b170 WSAStartup
0x40b174 WSACleanup
0x40b178 closesocket
0x40b17c recv
0x40b180 send
KERNEL32.dll
0x40b000 GetCommandLineA
0x40b004 CreateFileA
0x40b008 GetNumberOfConsoleInputEvents
0x40b00c PeekConsoleInputA
0x40b010 LCMapStringW
0x40b014 LCMapStringA
0x40b018 GetSystemInfo
0x40b01c VirtualProtect
0x40b020 GetLocaleInfoA
0x40b024 GetStringTypeW
0x40b028 GetStringTypeA
0x40b02c HeapSize
0x40b030 SetStdHandle
0x40b034 SetFilePointer
0x40b038 SetEnvironmentVariableA
0x40b03c GetOEMCP
0x40b040 GetACP
0x40b044 CompareStringW
0x40b048 GetCPInfo
0x40b04c MultiByteToWideChar
0x40b050 CompareStringA
0x40b054 VirtualQuery
0x40b058 GetLastError
0x40b05c CloseHandle
0x40b060 CreateProcessA
0x40b064 DuplicateHandle
0x40b068 GetCurrentProcess
0x40b06c ExitThread
0x40b070 Sleep
0x40b074 ReadFile
0x40b078 PeekNamedPipe
0x40b07c WriteFile
0x40b080 CreatePipe
0x40b084 DisconnectNamedPipe
0x40b088 TerminateProcess
0x40b08c WaitForMultipleObjects
0x40b090 TerminateThread
0x40b094 CreateThread
0x40b098 GetStdHandle
0x40b09c FreeConsole
0x40b0a0 ExitProcess
0x40b0a4 HeapFree
0x40b0a8 HeapAlloc
0x40b0ac GetProcAddress
0x40b0b0 GetModuleHandleA
0x40b0b4 GetSystemTimeAsFileTime
0x40b0b8 SetEndOfFile
0x40b0bc GetVersionExA
0x40b0c0 QueryPerformanceCounter
0x40b0c4 GetTickCount
0x40b0c8 GetCurrentThreadId
0x40b0cc GetCurrentProcessId
0x40b0d0 GetModuleFileNameA
0x40b0d4 HeapDestroy
0x40b0d8 HeapCreate
0x40b0dc VirtualFree
0x40b0e0 VirtualAlloc
0x40b0e4 HeapReAlloc
0x40b0e8 WideCharToMultiByte
0x40b0ec SetHandleCount
0x40b0f0 GetFileType
0x40b0f4 GetStartupInfoA
0x40b0f8 FlushFileBuffers
0x40b0fc RtlUnwind
0x40b100 UnhandledExceptionFilter
0x40b104 FreeEnvironmentStringsA
0x40b108 GetEnvironmentStrings
0x40b10c FreeEnvironmentStringsW
0x40b110 GetEnvironmentStringsW
0x40b114 LoadLibraryA
0x40b118 InterlockedExchange
EAT(Export Address Table) is none