ScreenShot
| Created | 2024.05.14 08:10 | Machine | s1_win7_x6403 |
| Filename | msgbox.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 4 detected (Malicious, score, Attribute, HighConfidence, susgen) | ||
| md5 | 69592b2d2f12c492e954ff8943b7900a | ||
| sha256 | b5fe9412f4fc4a7b23a7823cedfc8bb81aa85673ba0bd8ce09feb24b36198b1b | ||
| ssdeep | 192:L93qzCrkzolmlpeNxMtyBzcm3Q5tfMcmD:L93qer6uxD3ND | ||
| imphash | a5f6bfcb177d74a13b44500e58164334 | ||
| impfuzzy | 24:S6YgMyWNwyWPWUByBSfJCJLocAD29hbzABAihTK4Tg9ZyBbQLSQMu5FT2tF78vH:QNgT419rZyBMLSQMPtB8vH | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 4 AntiVirus engines on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x140002080 MessageBoxA
VCRUNTIME140.dll
0x140002090 __C_specific_handler
0x140002098 __current_exception
0x1400020a0 __current_exception_context
0x1400020a8 memset
0x1400020b0 memcpy
api-ms-win-crt-runtime-l1-1-0.dll
0x1400020f0 terminate
0x1400020f8 _seh_filter_exe
0x140002100 _set_app_type
0x140002108 _register_onexit_function
0x140002110 _register_thread_local_exe_atexit_callback
0x140002118 _c_exit
0x140002120 _cexit
0x140002128 __p___argv
0x140002130 __p___argc
0x140002138 _crt_atexit
0x140002140 _exit
0x140002148 exit
0x140002150 _initterm_e
0x140002158 _initterm
0x140002160 _get_initial_narrow_environment
0x140002168 _initialize_narrow_environment
0x140002170 _configure_narrow_argv
0x140002178 _initialize_onexit_table
api-ms-win-crt-math-l1-1-0.dll
0x1400020e0 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x140002188 __p__commode
0x140002190 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x1400020d0 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x1400020c0 _set_new_mode
KERNEL32.dll
0x140002000 GetSystemTimeAsFileTime
0x140002008 RtlLookupFunctionEntry
0x140002010 RtlVirtualUnwind
0x140002018 UnhandledExceptionFilter
0x140002020 SetUnhandledExceptionFilter
0x140002028 GetCurrentProcess
0x140002030 TerminateProcess
0x140002038 IsProcessorFeaturePresent
0x140002040 GetModuleHandleW
0x140002048 IsDebuggerPresent
0x140002050 InitializeSListHead
0x140002058 RtlCaptureContext
0x140002060 GetCurrentThreadId
0x140002068 GetCurrentProcessId
0x140002070 QueryPerformanceCounter
EAT(Export Address Table) is none
USER32.dll
0x140002080 MessageBoxA
VCRUNTIME140.dll
0x140002090 __C_specific_handler
0x140002098 __current_exception
0x1400020a0 __current_exception_context
0x1400020a8 memset
0x1400020b0 memcpy
api-ms-win-crt-runtime-l1-1-0.dll
0x1400020f0 terminate
0x1400020f8 _seh_filter_exe
0x140002100 _set_app_type
0x140002108 _register_onexit_function
0x140002110 _register_thread_local_exe_atexit_callback
0x140002118 _c_exit
0x140002120 _cexit
0x140002128 __p___argv
0x140002130 __p___argc
0x140002138 _crt_atexit
0x140002140 _exit
0x140002148 exit
0x140002150 _initterm_e
0x140002158 _initterm
0x140002160 _get_initial_narrow_environment
0x140002168 _initialize_narrow_environment
0x140002170 _configure_narrow_argv
0x140002178 _initialize_onexit_table
api-ms-win-crt-math-l1-1-0.dll
0x1400020e0 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x140002188 __p__commode
0x140002190 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x1400020d0 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x1400020c0 _set_new_mode
KERNEL32.dll
0x140002000 GetSystemTimeAsFileTime
0x140002008 RtlLookupFunctionEntry
0x140002010 RtlVirtualUnwind
0x140002018 UnhandledExceptionFilter
0x140002020 SetUnhandledExceptionFilter
0x140002028 GetCurrentProcess
0x140002030 TerminateProcess
0x140002038 IsProcessorFeaturePresent
0x140002040 GetModuleHandleW
0x140002048 IsDebuggerPresent
0x140002050 InitializeSListHead
0x140002058 RtlCaptureContext
0x140002060 GetCurrentThreadId
0x140002068 GetCurrentProcessId
0x140002070 QueryPerformanceCounter
EAT(Export Address Table) is none