ScreenShot
| Created | 2024.05.18 20:08 | Machine | s1_win7_x6403 |
| Filename | swizzzz.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 05b11e7b711b4aaa512029ffcb529b5a | ||
| sha256 | 2aab2ca39749b21877d1c52526009f9f5d251d934205e9f671a9e84cecd55afa | ||
| ssdeep | 24576:IOuNAyNC+m6+Xs9Fp1RtKmYmy6Mmp78eR/VRgAiHIXOTR1/6:IOgCg+Xs9FpztKmYc78O9MIXq1/6 | ||
| imphash | 7dec55701c2e13edf19d56a39cee7be9 | ||
| impfuzzy | 48:Hn19dIcpVqzWs9xLzXtXkrtteEGzPpmKuFZ+jN3k:H1PIcpVqzW2x/XtX+tteEGTpmr/ | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
GDI32.dll
0x485000 GetClipBox
USER32.dll
0x485200 PostQuitMessage
KERNEL32.dll
0x485008 CreateFileW
0x48500c HeapSize
0x485010 VirtualAlloc
0x485014 WaitForSingleObject
0x485018 GetModuleHandleA
0x48501c FreeConsole
0x485020 CreateThread
0x485024 GetProcAddress
0x485028 MultiByteToWideChar
0x48502c FormatMessageA
0x485030 GetStringTypeW
0x485034 WideCharToMultiByte
0x485038 GetCurrentThreadId
0x48503c CloseHandle
0x485040 WaitForSingleObjectEx
0x485044 Sleep
0x485048 SwitchToThread
0x48504c GetExitCodeThread
0x485050 GetNativeSystemInfo
0x485054 EnterCriticalSection
0x485058 LeaveCriticalSection
0x48505c InitializeCriticalSectionEx
0x485060 DeleteCriticalSection
0x485064 EncodePointer
0x485068 DecodePointer
0x48506c LocalFree
0x485070 GetLocaleInfoEx
0x485074 LCMapStringEx
0x485078 ReleaseSRWLockExclusive
0x48507c AcquireSRWLockExclusive
0x485080 TryAcquireSRWLockExclusive
0x485084 WakeConditionVariable
0x485088 WakeAllConditionVariable
0x48508c SleepConditionVariableSRW
0x485090 QueryPerformanceCounter
0x485094 QueryPerformanceFrequency
0x485098 SetFileInformationByHandle
0x48509c GetTempPathW
0x4850a0 InitOnceExecuteOnce
0x4850a4 CreateEventExW
0x4850a8 CreateSemaphoreExW
0x4850ac FlushProcessWriteBuffers
0x4850b0 GetCurrentProcessorNumber
0x4850b4 GetSystemTimeAsFileTime
0x4850b8 GetTickCount64
0x4850bc FreeLibraryWhenCallbackReturns
0x4850c0 CreateThreadpoolTimer
0x4850c4 SetThreadpoolTimer
0x4850c8 WaitForThreadpoolTimerCallbacks
0x4850cc CloseThreadpoolTimer
0x4850d0 CreateThreadpoolWait
0x4850d4 SetThreadpoolWait
0x4850d8 CloseThreadpoolWait
0x4850dc GetModuleHandleW
0x4850e0 GetFileInformationByHandleEx
0x4850e4 CreateSymbolicLinkW
0x4850e8 CompareStringEx
0x4850ec GetCPInfo
0x4850f0 IsProcessorFeaturePresent
0x4850f4 UnhandledExceptionFilter
0x4850f8 SetUnhandledExceptionFilter
0x4850fc GetCurrentProcess
0x485100 TerminateProcess
0x485104 GetCurrentProcessId
0x485108 InitializeSListHead
0x48510c IsDebuggerPresent
0x485110 GetStartupInfoW
0x485114 GetProcessHeap
0x485118 RaiseException
0x48511c RtlUnwind
0x485120 InterlockedPushEntrySList
0x485124 InterlockedFlushSList
0x485128 GetLastError
0x48512c SetLastError
0x485130 InitializeCriticalSectionAndSpinCount
0x485134 TlsAlloc
0x485138 TlsGetValue
0x48513c TlsSetValue
0x485140 TlsFree
0x485144 FreeLibrary
0x485148 LoadLibraryExW
0x48514c ExitThread
0x485150 ResumeThread
0x485154 FreeLibraryAndExitThread
0x485158 GetModuleHandleExW
0x48515c GetStdHandle
0x485160 WriteFile
0x485164 GetModuleFileNameW
0x485168 ExitProcess
0x48516c HeapAlloc
0x485170 HeapFree
0x485174 GetCurrentThread
0x485178 GetDateFormatW
0x48517c GetTimeFormatW
0x485180 CompareStringW
0x485184 LCMapStringW
0x485188 GetLocaleInfoW
0x48518c IsValidLocale
0x485190 GetUserDefaultLCID
0x485194 EnumSystemLocalesW
0x485198 SetConsoleCtrlHandler
0x48519c GetFileType
0x4851a0 FlushFileBuffers
0x4851a4 GetConsoleOutputCP
0x4851a8 GetConsoleMode
0x4851ac ReadFile
0x4851b0 GetFileSizeEx
0x4851b4 SetFilePointerEx
0x4851b8 ReadConsoleW
0x4851bc HeapReAlloc
0x4851c0 GetTimeZoneInformation
0x4851c4 OutputDebugStringW
0x4851c8 FindClose
0x4851cc FindFirstFileExW
0x4851d0 FindNextFileW
0x4851d4 IsValidCodePage
0x4851d8 GetACP
0x4851dc GetOEMCP
0x4851e0 GetCommandLineA
0x4851e4 GetCommandLineW
0x4851e8 GetEnvironmentStringsW
0x4851ec FreeEnvironmentStringsW
0x4851f0 SetEnvironmentVariableW
0x4851f4 SetStdHandle
0x4851f8 WriteConsoleW
EAT(Export Address Table) is none
GDI32.dll
0x485000 GetClipBox
USER32.dll
0x485200 PostQuitMessage
KERNEL32.dll
0x485008 CreateFileW
0x48500c HeapSize
0x485010 VirtualAlloc
0x485014 WaitForSingleObject
0x485018 GetModuleHandleA
0x48501c FreeConsole
0x485020 CreateThread
0x485024 GetProcAddress
0x485028 MultiByteToWideChar
0x48502c FormatMessageA
0x485030 GetStringTypeW
0x485034 WideCharToMultiByte
0x485038 GetCurrentThreadId
0x48503c CloseHandle
0x485040 WaitForSingleObjectEx
0x485044 Sleep
0x485048 SwitchToThread
0x48504c GetExitCodeThread
0x485050 GetNativeSystemInfo
0x485054 EnterCriticalSection
0x485058 LeaveCriticalSection
0x48505c InitializeCriticalSectionEx
0x485060 DeleteCriticalSection
0x485064 EncodePointer
0x485068 DecodePointer
0x48506c LocalFree
0x485070 GetLocaleInfoEx
0x485074 LCMapStringEx
0x485078 ReleaseSRWLockExclusive
0x48507c AcquireSRWLockExclusive
0x485080 TryAcquireSRWLockExclusive
0x485084 WakeConditionVariable
0x485088 WakeAllConditionVariable
0x48508c SleepConditionVariableSRW
0x485090 QueryPerformanceCounter
0x485094 QueryPerformanceFrequency
0x485098 SetFileInformationByHandle
0x48509c GetTempPathW
0x4850a0 InitOnceExecuteOnce
0x4850a4 CreateEventExW
0x4850a8 CreateSemaphoreExW
0x4850ac FlushProcessWriteBuffers
0x4850b0 GetCurrentProcessorNumber
0x4850b4 GetSystemTimeAsFileTime
0x4850b8 GetTickCount64
0x4850bc FreeLibraryWhenCallbackReturns
0x4850c0 CreateThreadpoolTimer
0x4850c4 SetThreadpoolTimer
0x4850c8 WaitForThreadpoolTimerCallbacks
0x4850cc CloseThreadpoolTimer
0x4850d0 CreateThreadpoolWait
0x4850d4 SetThreadpoolWait
0x4850d8 CloseThreadpoolWait
0x4850dc GetModuleHandleW
0x4850e0 GetFileInformationByHandleEx
0x4850e4 CreateSymbolicLinkW
0x4850e8 CompareStringEx
0x4850ec GetCPInfo
0x4850f0 IsProcessorFeaturePresent
0x4850f4 UnhandledExceptionFilter
0x4850f8 SetUnhandledExceptionFilter
0x4850fc GetCurrentProcess
0x485100 TerminateProcess
0x485104 GetCurrentProcessId
0x485108 InitializeSListHead
0x48510c IsDebuggerPresent
0x485110 GetStartupInfoW
0x485114 GetProcessHeap
0x485118 RaiseException
0x48511c RtlUnwind
0x485120 InterlockedPushEntrySList
0x485124 InterlockedFlushSList
0x485128 GetLastError
0x48512c SetLastError
0x485130 InitializeCriticalSectionAndSpinCount
0x485134 TlsAlloc
0x485138 TlsGetValue
0x48513c TlsSetValue
0x485140 TlsFree
0x485144 FreeLibrary
0x485148 LoadLibraryExW
0x48514c ExitThread
0x485150 ResumeThread
0x485154 FreeLibraryAndExitThread
0x485158 GetModuleHandleExW
0x48515c GetStdHandle
0x485160 WriteFile
0x485164 GetModuleFileNameW
0x485168 ExitProcess
0x48516c HeapAlloc
0x485170 HeapFree
0x485174 GetCurrentThread
0x485178 GetDateFormatW
0x48517c GetTimeFormatW
0x485180 CompareStringW
0x485184 LCMapStringW
0x485188 GetLocaleInfoW
0x48518c IsValidLocale
0x485190 GetUserDefaultLCID
0x485194 EnumSystemLocalesW
0x485198 SetConsoleCtrlHandler
0x48519c GetFileType
0x4851a0 FlushFileBuffers
0x4851a4 GetConsoleOutputCP
0x4851a8 GetConsoleMode
0x4851ac ReadFile
0x4851b0 GetFileSizeEx
0x4851b4 SetFilePointerEx
0x4851b8 ReadConsoleW
0x4851bc HeapReAlloc
0x4851c0 GetTimeZoneInformation
0x4851c4 OutputDebugStringW
0x4851c8 FindClose
0x4851cc FindFirstFileExW
0x4851d0 FindNextFileW
0x4851d4 IsValidCodePage
0x4851d8 GetACP
0x4851dc GetOEMCP
0x4851e0 GetCommandLineA
0x4851e4 GetCommandLineW
0x4851e8 GetEnvironmentStringsW
0x4851ec FreeEnvironmentStringsW
0x4851f0 SetEnvironmentVariableW
0x4851f4 SetStdHandle
0x4851f8 WriteConsoleW
EAT(Export Address Table) is none