ScreenShot
| Created | 2024.05.17 09:42 | Machine | s1_win7_x6403 |
| Filename | nc.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 54 detected (AIDetectMalware, NetCat, Malicious, score, GenericPMF, S519521, Tool, RemoteAdmin, unsafe, Hacktool, V3hj, high confidence, NetCat potentially unsafe, FileRepMalware, eimnse, CLASSIC, VulnWatch, Detected, ai score=100, ApplicUnsaf, g@1miisx, THOE, AppCare, NTSniff, v111, Gencirc, Static AI, Suspicious PE, susgen, NylLqj) | ||
| md5 | 1965ab1b3664aac84acb1b6e262b1b7f | ||
| sha256 | bf22960c019b1f3a7ce431948efacd23b68f32dd5d65d3aa9d6727bdccfda80d | ||
| ssdeep | 1536:8LJg1OAEuxWhXTmNquG9L0RT/ADGRMluv:8LJlAEuxAWqu3ZMluv | ||
| imphash | b47060fbcbd9d8ec9716eb4a0fdbc38f | ||
| impfuzzy | 24:EfKAR9G/asOn32Br+v3LLXbiPu8GpfdTl3RQbpV0X1DlOovfTR8MVyvaBgFQH8/:Kk+niVGpfdZtSiV8baBA | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 54 AntiVirus engines on VirusTotal as malicious |
| info | Command line console output was observed |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | NMap | NMAP | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x40b120 __WSAFDIsSet
0x40b124 select
0x40b128 listen
0x40b12c getsockname
0x40b130 recvfrom
0x40b134 accept
0x40b138 WSASetLastError
0x40b13c socket
0x40b140 setsockopt
0x40b144 ind
0x40b148 connect
0x40b14c htons
0x40b150 getservbyport
0x40b154 ntohs
0x40b158 getservbyname
0x40b15c inet_addr
0x40b160 gethostbyname
0x40b164 inet_ntoa
0x40b168 gethostbyaddr
0x40b16c WSAGetLastError
0x40b170 WSAStartup
0x40b174 WSACleanup
0x40b178 shutdown
0x40b17c closesocket
0x40b180 recv
0x40b184 send
KERNEL32.dll
0x40b000 GetSystemTimeAsFileTime
0x40b004 CreateFileA
0x40b008 GetNumberOfConsoleInputEvents
0x40b00c PeekConsoleInputA
0x40b010 LCMapStringW
0x40b014 LCMapStringA
0x40b018 GetSystemInfo
0x40b01c VirtualProtect
0x40b020 GetLocaleInfoA
0x40b024 GetStringTypeW
0x40b028 GetStringTypeA
0x40b02c HeapSize
0x40b030 SetStdHandle
0x40b034 SetFilePointer
0x40b038 SetEnvironmentVariableA
0x40b03c GetOEMCP
0x40b040 GetACP
0x40b044 CompareStringW
0x40b048 GetCPInfo
0x40b04c MultiByteToWideChar
0x40b050 CompareStringA
0x40b054 VirtualQuery
0x40b058 InterlockedExchange
0x40b05c GetLastError
0x40b060 CloseHandle
0x40b064 CreateProcessA
0x40b068 DuplicateHandle
0x40b06c GetCurrentProcess
0x40b070 ExitThread
0x40b074 Sleep
0x40b078 ReadFile
0x40b07c PeekNamedPipe
0x40b080 WriteFile
0x40b084 CreatePipe
0x40b088 DisconnectNamedPipe
0x40b08c TerminateProcess
0x40b090 WaitForMultipleObjects
0x40b094 TerminateThread
0x40b098 CreateThread
0x40b09c GetStdHandle
0x40b0a0 FreeConsole
0x40b0a4 ExitProcess
0x40b0a8 HeapFree
0x40b0ac HeapAlloc
0x40b0b0 GetProcAddress
0x40b0b4 GetModuleHandleA
0x40b0b8 SetEndOfFile
0x40b0bc GetCommandLineA
0x40b0c0 GetVersionExA
0x40b0c4 QueryPerformanceCounter
0x40b0c8 GetTickCount
0x40b0cc GetCurrentThreadId
0x40b0d0 GetCurrentProcessId
0x40b0d4 GetModuleFileNameA
0x40b0d8 HeapDestroy
0x40b0dc HeapCreate
0x40b0e0 VirtualFree
0x40b0e4 VirtualAlloc
0x40b0e8 HeapReAlloc
0x40b0ec WideCharToMultiByte
0x40b0f0 SetHandleCount
0x40b0f4 GetFileType
0x40b0f8 GetStartupInfoA
0x40b0fc FlushFileBuffers
0x40b100 RtlUnwind
0x40b104 UnhandledExceptionFilter
0x40b108 FreeEnvironmentStringsA
0x40b10c GetEnvironmentStrings
0x40b110 FreeEnvironmentStringsW
0x40b114 GetEnvironmentStringsW
0x40b118 LoadLibraryA
EAT(Export Address Table) is none
WS2_32.dll
0x40b120 __WSAFDIsSet
0x40b124 select
0x40b128 listen
0x40b12c getsockname
0x40b130 recvfrom
0x40b134 accept
0x40b138 WSASetLastError
0x40b13c socket
0x40b140 setsockopt
0x40b144 ind
0x40b148 connect
0x40b14c htons
0x40b150 getservbyport
0x40b154 ntohs
0x40b158 getservbyname
0x40b15c inet_addr
0x40b160 gethostbyname
0x40b164 inet_ntoa
0x40b168 gethostbyaddr
0x40b16c WSAGetLastError
0x40b170 WSAStartup
0x40b174 WSACleanup
0x40b178 shutdown
0x40b17c closesocket
0x40b180 recv
0x40b184 send
KERNEL32.dll
0x40b000 GetSystemTimeAsFileTime
0x40b004 CreateFileA
0x40b008 GetNumberOfConsoleInputEvents
0x40b00c PeekConsoleInputA
0x40b010 LCMapStringW
0x40b014 LCMapStringA
0x40b018 GetSystemInfo
0x40b01c VirtualProtect
0x40b020 GetLocaleInfoA
0x40b024 GetStringTypeW
0x40b028 GetStringTypeA
0x40b02c HeapSize
0x40b030 SetStdHandle
0x40b034 SetFilePointer
0x40b038 SetEnvironmentVariableA
0x40b03c GetOEMCP
0x40b040 GetACP
0x40b044 CompareStringW
0x40b048 GetCPInfo
0x40b04c MultiByteToWideChar
0x40b050 CompareStringA
0x40b054 VirtualQuery
0x40b058 InterlockedExchange
0x40b05c GetLastError
0x40b060 CloseHandle
0x40b064 CreateProcessA
0x40b068 DuplicateHandle
0x40b06c GetCurrentProcess
0x40b070 ExitThread
0x40b074 Sleep
0x40b078 ReadFile
0x40b07c PeekNamedPipe
0x40b080 WriteFile
0x40b084 CreatePipe
0x40b088 DisconnectNamedPipe
0x40b08c TerminateProcess
0x40b090 WaitForMultipleObjects
0x40b094 TerminateThread
0x40b098 CreateThread
0x40b09c GetStdHandle
0x40b0a0 FreeConsole
0x40b0a4 ExitProcess
0x40b0a8 HeapFree
0x40b0ac HeapAlloc
0x40b0b0 GetProcAddress
0x40b0b4 GetModuleHandleA
0x40b0b8 SetEndOfFile
0x40b0bc GetCommandLineA
0x40b0c0 GetVersionExA
0x40b0c4 QueryPerformanceCounter
0x40b0c8 GetTickCount
0x40b0cc GetCurrentThreadId
0x40b0d0 GetCurrentProcessId
0x40b0d4 GetModuleFileNameA
0x40b0d8 HeapDestroy
0x40b0dc HeapCreate
0x40b0e0 VirtualFree
0x40b0e4 VirtualAlloc
0x40b0e8 HeapReAlloc
0x40b0ec WideCharToMultiByte
0x40b0f0 SetHandleCount
0x40b0f4 GetFileType
0x40b0f8 GetStartupInfoA
0x40b0fc FlushFileBuffers
0x40b100 RtlUnwind
0x40b104 UnhandledExceptionFilter
0x40b108 FreeEnvironmentStringsA
0x40b10c GetEnvironmentStrings
0x40b110 FreeEnvironmentStringsW
0x40b114 GetEnvironmentStringsW
0x40b118 LoadLibraryA
EAT(Export Address Table) is none