ScreenShot
| Created | 2024.05.30 10:20 | Machine | s1_win7_x6403 |
| Filename | download.php | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 9432487a269c081629913454ecb414df | ||
| sha256 | a3ebd46b5703b0912e0b11afd22c4be127e1214c704c8692b4671e1f8f181689 | ||
| ssdeep | 3072:Rs/YSFL85RG/zqFezTb/HzwTs7rVk5vZW5no5Numh:RYYSFL85AbBTn/7r67Aonumh | ||
| imphash | c87681bc7d24f70a0333a098fab3161e | ||
| impfuzzy | 24:rdbPak/kC1bkrIJcDAjgEgOovEG/LiJEpQFBRyv9kRT4ljMCcoYl73:rRafsXPVG/mMl9gcDcoYl | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40d000 GlobalDeleteAtom
0x40d004 TryEnterCriticalSection
0x40d008 GetNumaProcessorNode
0x40d00c InterlockedDecrement
0x40d010 GetComputerNameW
0x40d014 GetTimeFormatA
0x40d018 GetModuleHandleW
0x40d01c EnumTimeFormatsA
0x40d020 ReadFileScatter
0x40d024 WriteConsoleOutputA
0x40d028 InterlockedPopEntrySList
0x40d02c GetConsoleAliasW
0x40d030 SetConsoleTitleA
0x40d034 GetConsoleAliasesW
0x40d038 SetLastError
0x40d03c GetProcAddress
0x40d040 GetProcessHeaps
0x40d044 LocalLock
0x40d048 LoadLibraryA
0x40d04c UnhandledExceptionFilter
0x40d050 FreeEnvironmentStringsW
0x40d054 BuildCommDCBA
0x40d058 GetShortPathNameW
0x40d05c GetFileInformationByHandle
0x40d060 LocalFileTimeToFileTime
0x40d064 MultiByteToWideChar
0x40d068 GetCommandLineA
0x40d06c GetStartupInfoA
0x40d070 RaiseException
0x40d074 RtlUnwind
0x40d078 TerminateProcess
0x40d07c GetCurrentProcess
0x40d080 SetUnhandledExceptionFilter
0x40d084 IsDebuggerPresent
0x40d088 GetCPInfo
0x40d08c InterlockedIncrement
0x40d090 GetACP
0x40d094 GetOEMCP
0x40d098 IsValidCodePage
0x40d09c TlsGetValue
0x40d0a0 TlsAlloc
0x40d0a4 TlsSetValue
0x40d0a8 TlsFree
0x40d0ac GetCurrentThreadId
0x40d0b0 GetLastError
0x40d0b4 HeapAlloc
0x40d0b8 HeapFree
0x40d0bc Sleep
0x40d0c0 ExitProcess
0x40d0c4 WriteFile
0x40d0c8 GetStdHandle
0x40d0cc GetModuleFileNameA
0x40d0d0 FreeEnvironmentStringsA
0x40d0d4 GetEnvironmentStrings
0x40d0d8 WideCharToMultiByte
0x40d0dc GetEnvironmentStringsW
0x40d0e0 SetHandleCount
0x40d0e4 GetFileType
0x40d0e8 DeleteCriticalSection
0x40d0ec HeapCreate
0x40d0f0 VirtualFree
0x40d0f4 QueryPerformanceCounter
0x40d0f8 GetTickCount
0x40d0fc GetCurrentProcessId
0x40d100 GetSystemTimeAsFileTime
0x40d104 SetFilePointer
0x40d108 GetConsoleCP
0x40d10c GetConsoleMode
0x40d110 EnterCriticalSection
0x40d114 LeaveCriticalSection
0x40d118 LCMapStringA
0x40d11c LCMapStringW
0x40d120 GetStringTypeA
0x40d124 GetStringTypeW
0x40d128 GetLocaleInfoA
0x40d12c VirtualAlloc
0x40d130 HeapReAlloc
0x40d134 HeapSize
0x40d138 InitializeCriticalSectionAndSpinCount
0x40d13c SetStdHandle
0x40d140 WriteConsoleA
0x40d144 GetConsoleOutputCP
0x40d148 WriteConsoleW
0x40d14c CreateFileA
0x40d150 CloseHandle
0x40d154 FlushFileBuffers
EAT(Export Address Table) is none
KERNEL32.dll
0x40d000 GlobalDeleteAtom
0x40d004 TryEnterCriticalSection
0x40d008 GetNumaProcessorNode
0x40d00c InterlockedDecrement
0x40d010 GetComputerNameW
0x40d014 GetTimeFormatA
0x40d018 GetModuleHandleW
0x40d01c EnumTimeFormatsA
0x40d020 ReadFileScatter
0x40d024 WriteConsoleOutputA
0x40d028 InterlockedPopEntrySList
0x40d02c GetConsoleAliasW
0x40d030 SetConsoleTitleA
0x40d034 GetConsoleAliasesW
0x40d038 SetLastError
0x40d03c GetProcAddress
0x40d040 GetProcessHeaps
0x40d044 LocalLock
0x40d048 LoadLibraryA
0x40d04c UnhandledExceptionFilter
0x40d050 FreeEnvironmentStringsW
0x40d054 BuildCommDCBA
0x40d058 GetShortPathNameW
0x40d05c GetFileInformationByHandle
0x40d060 LocalFileTimeToFileTime
0x40d064 MultiByteToWideChar
0x40d068 GetCommandLineA
0x40d06c GetStartupInfoA
0x40d070 RaiseException
0x40d074 RtlUnwind
0x40d078 TerminateProcess
0x40d07c GetCurrentProcess
0x40d080 SetUnhandledExceptionFilter
0x40d084 IsDebuggerPresent
0x40d088 GetCPInfo
0x40d08c InterlockedIncrement
0x40d090 GetACP
0x40d094 GetOEMCP
0x40d098 IsValidCodePage
0x40d09c TlsGetValue
0x40d0a0 TlsAlloc
0x40d0a4 TlsSetValue
0x40d0a8 TlsFree
0x40d0ac GetCurrentThreadId
0x40d0b0 GetLastError
0x40d0b4 HeapAlloc
0x40d0b8 HeapFree
0x40d0bc Sleep
0x40d0c0 ExitProcess
0x40d0c4 WriteFile
0x40d0c8 GetStdHandle
0x40d0cc GetModuleFileNameA
0x40d0d0 FreeEnvironmentStringsA
0x40d0d4 GetEnvironmentStrings
0x40d0d8 WideCharToMultiByte
0x40d0dc GetEnvironmentStringsW
0x40d0e0 SetHandleCount
0x40d0e4 GetFileType
0x40d0e8 DeleteCriticalSection
0x40d0ec HeapCreate
0x40d0f0 VirtualFree
0x40d0f4 QueryPerformanceCounter
0x40d0f8 GetTickCount
0x40d0fc GetCurrentProcessId
0x40d100 GetSystemTimeAsFileTime
0x40d104 SetFilePointer
0x40d108 GetConsoleCP
0x40d10c GetConsoleMode
0x40d110 EnterCriticalSection
0x40d114 LeaveCriticalSection
0x40d118 LCMapStringA
0x40d11c LCMapStringW
0x40d120 GetStringTypeA
0x40d124 GetStringTypeW
0x40d128 GetLocaleInfoA
0x40d12c VirtualAlloc
0x40d130 HeapReAlloc
0x40d134 HeapSize
0x40d138 InitializeCriticalSectionAndSpinCount
0x40d13c SetStdHandle
0x40d140 WriteConsoleA
0x40d144 GetConsoleOutputCP
0x40d148 WriteConsoleW
0x40d14c CreateFileA
0x40d150 CloseHandle
0x40d154 FlushFileBuffers
EAT(Export Address Table) is none