ScreenShot
| Created | 2024.05.31 07:38 | Machine | s1_win7_x6401 |
| Filename | gold.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | |||
| md5 | 0b7e08a8268a6d413a322ff62d389bf9 | ||
| sha256 | d23a10b3ff0c565ea8ee7f54bcded0582e1e621ebad69d4523d6746f6d8e0e65 | ||
| ssdeep | 24576:i3KN/uUnwZcPggVmmNp7c/8B2LF8jfjiKriA4BthZ:i3KDwZqggVmmH7F258jfjiKr/4BB | ||
| imphash | 34738ce7256c19c4934900ea37dfbbd6 | ||
| impfuzzy | 48:Oi9JcpVJx7WsBjzXtXqrtte4GzPpm8uFZGVN3Y:OiTcpVJx7WKnXtXQtte4GTpmdH | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x531000 GetNumberOfEventLogRecords
KERNEL32.dll
0x531030 WaitForSingleObjectEx
0x531034 CreateThread
0x531038 VirtualAlloc
0x53103c FreeConsole
0x531040 CloseHandle
0x531044 Sleep
0x531048 SwitchToThread
0x53104c GetCurrentThreadId
0x531050 GetExitCodeThread
0x531054 GetNativeSystemInfo
0x531058 FormatMessageA
0x53105c WideCharToMultiByte
0x531060 EnterCriticalSection
0x531064 LeaveCriticalSection
0x531068 InitializeCriticalSectionEx
0x53106c DeleteCriticalSection
0x531070 QueryPerformanceCounter
0x531074 QueryPerformanceFrequency
0x531078 ReleaseSRWLockExclusive
0x53107c AcquireSRWLockExclusive
0x531080 TryAcquireSRWLockExclusive
0x531084 WakeConditionVariable
0x531088 WakeAllConditionVariable
0x53108c SleepConditionVariableSRW
0x531090 LocalFree
0x531094 GetLocaleInfoEx
0x531098 EncodePointer
0x53109c DecodePointer
0x5310a0 MultiByteToWideChar
0x5310a4 LCMapStringEx
0x5310a8 SetFileInformationByHandle
0x5310ac GetTempPathW
0x5310b0 InitOnceExecuteOnce
0x5310b4 CreateEventExW
0x5310b8 CreateSemaphoreExW
0x5310bc FlushProcessWriteBuffers
0x5310c0 GetCurrentProcessorNumber
0x5310c4 GetSystemTimeAsFileTime
0x5310c8 GetTickCount64
0x5310cc FreeLibraryWhenCallbackReturns
0x5310d0 CreateThreadpoolTimer
0x5310d4 SetThreadpoolTimer
0x5310d8 WaitForThreadpoolTimerCallbacks
0x5310dc CloseThreadpoolTimer
0x5310e0 CreateThreadpoolWait
0x5310e4 SetThreadpoolWait
0x5310e8 CloseThreadpoolWait
0x5310ec GetModuleHandleW
0x5310f0 GetProcAddress
0x5310f4 GetFileInformationByHandleEx
0x5310f8 CreateSymbolicLinkW
0x5310fc GetStringTypeW
0x531100 CompareStringEx
0x531104 GetCPInfo
0x531108 IsProcessorFeaturePresent
0x53110c UnhandledExceptionFilter
0x531110 SetUnhandledExceptionFilter
0x531114 GetCurrentProcess
0x531118 TerminateProcess
0x53111c GetCurrentProcessId
0x531120 InitializeSListHead
0x531124 IsDebuggerPresent
0x531128 GetStartupInfoW
0x53112c CreateFileW
0x531130 RaiseException
0x531134 RtlUnwind
0x531138 InterlockedPushEntrySList
0x53113c InterlockedFlushSList
0x531140 GetLastError
0x531144 SetLastError
0x531148 InitializeCriticalSectionAndSpinCount
0x53114c TlsAlloc
0x531150 TlsGetValue
0x531154 TlsSetValue
0x531158 TlsFree
0x53115c FreeLibrary
0x531160 LoadLibraryExW
0x531164 ExitThread
0x531168 ResumeThread
0x53116c FreeLibraryAndExitThread
0x531170 GetModuleHandleExW
0x531174 GetStdHandle
0x531178 WriteFile
0x53117c GetModuleFileNameW
0x531180 ExitProcess
0x531184 GetCurrentThread
0x531188 HeapAlloc
0x53118c HeapFree
0x531190 GetDateFormatW
0x531194 GetTimeFormatW
0x531198 CompareStringW
0x53119c LCMapStringW
0x5311a0 GetLocaleInfoW
0x5311a4 IsValidLocale
0x5311a8 GetUserDefaultLCID
0x5311ac EnumSystemLocalesW
0x5311b0 GetFileType
0x5311b4 SetConsoleCtrlHandler
0x5311b8 FlushFileBuffers
0x5311bc GetConsoleOutputCP
0x5311c0 GetConsoleMode
0x5311c4 ReadFile
0x5311c8 GetFileSizeEx
0x5311cc SetFilePointerEx
0x5311d0 ReadConsoleW
0x5311d4 HeapReAlloc
0x5311d8 GetTimeZoneInformation
0x5311dc OutputDebugStringW
0x5311e0 FindClose
0x5311e4 FindFirstFileExW
0x5311e8 FindNextFileW
0x5311ec IsValidCodePage
0x5311f0 GetACP
0x5311f4 GetOEMCP
0x5311f8 GetCommandLineA
0x5311fc GetCommandLineW
0x531200 GetEnvironmentStringsW
0x531204 FreeEnvironmentStringsW
0x531208 SetEnvironmentVariableW
0x53120c SetStdHandle
0x531210 GetProcessHeap
0x531214 HeapSize
0x531218 WriteConsoleW
EAT(Export Address Table) is none
ADVAPI32.dll
0x531000 GetNumberOfEventLogRecords
KERNEL32.dll
0x531030 WaitForSingleObjectEx
0x531034 CreateThread
0x531038 VirtualAlloc
0x53103c FreeConsole
0x531040 CloseHandle
0x531044 Sleep
0x531048 SwitchToThread
0x53104c GetCurrentThreadId
0x531050 GetExitCodeThread
0x531054 GetNativeSystemInfo
0x531058 FormatMessageA
0x53105c WideCharToMultiByte
0x531060 EnterCriticalSection
0x531064 LeaveCriticalSection
0x531068 InitializeCriticalSectionEx
0x53106c DeleteCriticalSection
0x531070 QueryPerformanceCounter
0x531074 QueryPerformanceFrequency
0x531078 ReleaseSRWLockExclusive
0x53107c AcquireSRWLockExclusive
0x531080 TryAcquireSRWLockExclusive
0x531084 WakeConditionVariable
0x531088 WakeAllConditionVariable
0x53108c SleepConditionVariableSRW
0x531090 LocalFree
0x531094 GetLocaleInfoEx
0x531098 EncodePointer
0x53109c DecodePointer
0x5310a0 MultiByteToWideChar
0x5310a4 LCMapStringEx
0x5310a8 SetFileInformationByHandle
0x5310ac GetTempPathW
0x5310b0 InitOnceExecuteOnce
0x5310b4 CreateEventExW
0x5310b8 CreateSemaphoreExW
0x5310bc FlushProcessWriteBuffers
0x5310c0 GetCurrentProcessorNumber
0x5310c4 GetSystemTimeAsFileTime
0x5310c8 GetTickCount64
0x5310cc FreeLibraryWhenCallbackReturns
0x5310d0 CreateThreadpoolTimer
0x5310d4 SetThreadpoolTimer
0x5310d8 WaitForThreadpoolTimerCallbacks
0x5310dc CloseThreadpoolTimer
0x5310e0 CreateThreadpoolWait
0x5310e4 SetThreadpoolWait
0x5310e8 CloseThreadpoolWait
0x5310ec GetModuleHandleW
0x5310f0 GetProcAddress
0x5310f4 GetFileInformationByHandleEx
0x5310f8 CreateSymbolicLinkW
0x5310fc GetStringTypeW
0x531100 CompareStringEx
0x531104 GetCPInfo
0x531108 IsProcessorFeaturePresent
0x53110c UnhandledExceptionFilter
0x531110 SetUnhandledExceptionFilter
0x531114 GetCurrentProcess
0x531118 TerminateProcess
0x53111c GetCurrentProcessId
0x531120 InitializeSListHead
0x531124 IsDebuggerPresent
0x531128 GetStartupInfoW
0x53112c CreateFileW
0x531130 RaiseException
0x531134 RtlUnwind
0x531138 InterlockedPushEntrySList
0x53113c InterlockedFlushSList
0x531140 GetLastError
0x531144 SetLastError
0x531148 InitializeCriticalSectionAndSpinCount
0x53114c TlsAlloc
0x531150 TlsGetValue
0x531154 TlsSetValue
0x531158 TlsFree
0x53115c FreeLibrary
0x531160 LoadLibraryExW
0x531164 ExitThread
0x531168 ResumeThread
0x53116c FreeLibraryAndExitThread
0x531170 GetModuleHandleExW
0x531174 GetStdHandle
0x531178 WriteFile
0x53117c GetModuleFileNameW
0x531180 ExitProcess
0x531184 GetCurrentThread
0x531188 HeapAlloc
0x53118c HeapFree
0x531190 GetDateFormatW
0x531194 GetTimeFormatW
0x531198 CompareStringW
0x53119c LCMapStringW
0x5311a0 GetLocaleInfoW
0x5311a4 IsValidLocale
0x5311a8 GetUserDefaultLCID
0x5311ac EnumSystemLocalesW
0x5311b0 GetFileType
0x5311b4 SetConsoleCtrlHandler
0x5311b8 FlushFileBuffers
0x5311bc GetConsoleOutputCP
0x5311c0 GetConsoleMode
0x5311c4 ReadFile
0x5311c8 GetFileSizeEx
0x5311cc SetFilePointerEx
0x5311d0 ReadConsoleW
0x5311d4 HeapReAlloc
0x5311d8 GetTimeZoneInformation
0x5311dc OutputDebugStringW
0x5311e0 FindClose
0x5311e4 FindFirstFileExW
0x5311e8 FindNextFileW
0x5311ec IsValidCodePage
0x5311f0 GetACP
0x5311f4 GetOEMCP
0x5311f8 GetCommandLineA
0x5311fc GetCommandLineW
0x531200 GetEnvironmentStringsW
0x531204 FreeEnvironmentStringsW
0x531208 SetEnvironmentVariableW
0x53120c SetStdHandle
0x531210 GetProcessHeap
0x531214 HeapSize
0x531218 WriteConsoleW
EAT(Export Address Table) is none