ScreenShot
| Created | 2024.05.29 07:40 | Machine | s1_win7_x6403 |
| Filename | 3.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 70097b5b96f1a0bffc073f26cb4bdc42 | ||
| sha256 | b0e068b80a42c3c2c0aa55ca1530f6c2308c99e28409b294e1fc219052748946 | ||
| ssdeep | 6144:38L1iHcvI+6A8F8xkjE3xy6jUmZTb+el:sL1iHh+6ABjHZx | ||
| imphash | 9e05030e93ad507f08fdf7235d34bfbc | ||
| impfuzzy | 24:DlJftxrVRMODXSo4v78+udm9GHO4aohWv9qSBZatRlMcBtjMqAGAm1y:TrPGudoGuXkg9qSCtRKc5AGAm1y | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x410008 LocalAlloc
0x41000c GetLastError
0x410010 SetLastError
0x410014 ReadProcessMemory
0x410018 GetTickCount
0x41001c _lopen
0x410020 OpenEventA
0x410024 LoadLibraryW
0x410028 LoadLibraryExW
0x41002c GetModuleFileNameW
0x410030 GetModuleHandleW
0x410034 GetSystemDirectoryW
0x410038 CreateDirectoryW
0x41003c SetFileAttributesW
0x410040 GetVolumeInformationA
0x410044 IsBadStringPtrA
0x410048 GetProcAddress
0x41004c CommConfigDialogA
0x410050 SetComputerNameA
0x410054 SetInformationJobObject
0x410058 FindNextVolumeA
0x41005c FindFirstVolumeMountPointW
0x410060 SetVolumeMountPointA
0x410064 GetOEMCP
0x410068 GetCalendarInfoA
0x41006c GetNumberFormatA
0x410070 GetStringTypeA
0x410074 SetConsoleCursorInfo
0x410078 AllocConsole
0x41007c AddConsoleAliasW
0x410080 CloseHandle
0x410084 WriteConsoleW
0x410088 SetFilePointerEx
0x41008c SetStdHandle
0x410090 BuildCommDCBW
0x410094 InterlockedExchange
0x410098 EncodePointer
0x41009c DecodePointer
0x4100a0 RaiseException
0x4100a4 RtlUnwind
0x4100a8 GetCommandLineW
0x4100ac IsProcessorFeaturePresent
0x4100b0 HeapAlloc
0x4100b4 HeapFree
0x4100b8 ExitProcess
0x4100bc GetModuleHandleExW
0x4100c0 MultiByteToWideChar
0x4100c4 WideCharToMultiByte
0x4100c8 HeapSize
0x4100cc GetCurrentThreadId
0x4100d0 GetProcessHeap
0x4100d4 GetStdHandle
0x4100d8 GetFileType
0x4100dc DeleteCriticalSection
0x4100e0 GetStartupInfoW
0x4100e4 WriteFile
0x4100e8 QueryPerformanceCounter
0x4100ec GetCurrentProcessId
0x4100f0 GetSystemTimeAsFileTime
0x4100f4 GetEnvironmentStringsW
0x4100f8 FreeEnvironmentStringsW
0x4100fc UnhandledExceptionFilter
0x410100 SetUnhandledExceptionFilter
0x410104 InitializeCriticalSectionAndSpinCount
0x410108 Sleep
0x41010c GetCurrentProcess
0x410110 TerminateProcess
0x410114 TlsAlloc
0x410118 TlsGetValue
0x41011c TlsSetValue
0x410120 TlsFree
0x410124 IsDebuggerPresent
0x410128 LCMapStringW
0x41012c EnterCriticalSection
0x410130 LeaveCriticalSection
0x410134 IsValidCodePage
0x410138 GetACP
0x41013c GetCPInfo
0x410140 HeapReAlloc
0x410144 OutputDebugStringW
0x410148 GetStringTypeW
0x41014c FlushFileBuffers
0x410150 GetConsoleCP
0x410154 GetConsoleMode
0x410158 CreateFileW
USER32.dll
0x410160 GetSysColorBrush
0x410164 SetMenu
0x410168 DdeKeepStringHandle
GDI32.dll
0x410000 GetCharWidthA
EAT(Export Address Table) is none
KERNEL32.dll
0x410008 LocalAlloc
0x41000c GetLastError
0x410010 SetLastError
0x410014 ReadProcessMemory
0x410018 GetTickCount
0x41001c _lopen
0x410020 OpenEventA
0x410024 LoadLibraryW
0x410028 LoadLibraryExW
0x41002c GetModuleFileNameW
0x410030 GetModuleHandleW
0x410034 GetSystemDirectoryW
0x410038 CreateDirectoryW
0x41003c SetFileAttributesW
0x410040 GetVolumeInformationA
0x410044 IsBadStringPtrA
0x410048 GetProcAddress
0x41004c CommConfigDialogA
0x410050 SetComputerNameA
0x410054 SetInformationJobObject
0x410058 FindNextVolumeA
0x41005c FindFirstVolumeMountPointW
0x410060 SetVolumeMountPointA
0x410064 GetOEMCP
0x410068 GetCalendarInfoA
0x41006c GetNumberFormatA
0x410070 GetStringTypeA
0x410074 SetConsoleCursorInfo
0x410078 AllocConsole
0x41007c AddConsoleAliasW
0x410080 CloseHandle
0x410084 WriteConsoleW
0x410088 SetFilePointerEx
0x41008c SetStdHandle
0x410090 BuildCommDCBW
0x410094 InterlockedExchange
0x410098 EncodePointer
0x41009c DecodePointer
0x4100a0 RaiseException
0x4100a4 RtlUnwind
0x4100a8 GetCommandLineW
0x4100ac IsProcessorFeaturePresent
0x4100b0 HeapAlloc
0x4100b4 HeapFree
0x4100b8 ExitProcess
0x4100bc GetModuleHandleExW
0x4100c0 MultiByteToWideChar
0x4100c4 WideCharToMultiByte
0x4100c8 HeapSize
0x4100cc GetCurrentThreadId
0x4100d0 GetProcessHeap
0x4100d4 GetStdHandle
0x4100d8 GetFileType
0x4100dc DeleteCriticalSection
0x4100e0 GetStartupInfoW
0x4100e4 WriteFile
0x4100e8 QueryPerformanceCounter
0x4100ec GetCurrentProcessId
0x4100f0 GetSystemTimeAsFileTime
0x4100f4 GetEnvironmentStringsW
0x4100f8 FreeEnvironmentStringsW
0x4100fc UnhandledExceptionFilter
0x410100 SetUnhandledExceptionFilter
0x410104 InitializeCriticalSectionAndSpinCount
0x410108 Sleep
0x41010c GetCurrentProcess
0x410110 TerminateProcess
0x410114 TlsAlloc
0x410118 TlsGetValue
0x41011c TlsSetValue
0x410120 TlsFree
0x410124 IsDebuggerPresent
0x410128 LCMapStringW
0x41012c EnterCriticalSection
0x410130 LeaveCriticalSection
0x410134 IsValidCodePage
0x410138 GetACP
0x41013c GetCPInfo
0x410140 HeapReAlloc
0x410144 OutputDebugStringW
0x410148 GetStringTypeW
0x41014c FlushFileBuffers
0x410150 GetConsoleCP
0x410154 GetConsoleMode
0x410158 CreateFileW
USER32.dll
0x410160 GetSysColorBrush
0x410164 SetMenu
0x410168 DdeKeepStringHandle
GDI32.dll
0x410000 GetCharWidthA
EAT(Export Address Table) is none