ScreenShot
| Created | 2024.06.05 07:29 | Machine | s1_win7_x6401 |
| Filename | swizzzz.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | a74811b7e2d71612463144c69c0ca7e2 | ||
| sha256 | 3d07b09f83f2fc5dcb7f2429cac9a37160181da77df5a429e37b98dd685f239f | ||
| ssdeep | 6144:IsCv/QNuZNjDPp9XC2Fgd6dwiJLR8ATGb5gBJYgEltzK5d5Sw+tuhdZUui/EO:I/+uZNjDPNGeR85+YgEf25CtuhLi/EO | ||
| imphash | 02a32319c1a5805c42ff71c370a0c784 | ||
| impfuzzy | 24:YjsexqaKxcpVGDPcsGtXGhlJBl393PLOovbO3kFZMv1GMAkEZHu9J:YxqfcpVPsGtXGnpN630FZGb | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x425000 CloseHandle
0x425004 WaitForSingleObjectEx
0x425008 CreateThread
0x42500c VirtualAlloc
0x425010 FreeConsole
0x425014 QueryPerformanceCounter
0x425018 QueryPerformanceFrequency
0x42501c Sleep
0x425020 GetCurrentThreadId
0x425024 GetExitCodeThread
0x425028 ReleaseSRWLockExclusive
0x42502c WideCharToMultiByte
0x425030 EnterCriticalSection
0x425034 LeaveCriticalSection
0x425038 InitializeCriticalSectionEx
0x42503c DeleteCriticalSection
0x425040 GetSystemTimeAsFileTime
0x425044 GetModuleHandleW
0x425048 GetProcAddress
0x42504c WakeAllConditionVariable
0x425050 EncodePointer
0x425054 DecodePointer
0x425058 MultiByteToWideChar
0x42505c LCMapStringEx
0x425060 GetStringTypeW
0x425064 GetCPInfo
0x425068 IsProcessorFeaturePresent
0x42506c GetCurrentProcessId
0x425070 InitializeSListHead
0x425074 IsDebuggerPresent
0x425078 UnhandledExceptionFilter
0x42507c SetUnhandledExceptionFilter
0x425080 GetStartupInfoW
0x425084 GetCurrentProcess
0x425088 TerminateProcess
0x42508c CreateFileW
0x425090 RaiseException
0x425094 RtlUnwind
0x425098 GetLastError
0x42509c SetLastError
0x4250a0 InitializeCriticalSectionAndSpinCount
0x4250a4 TlsAlloc
0x4250a8 TlsGetValue
0x4250ac TlsSetValue
0x4250b0 TlsFree
0x4250b4 FreeLibrary
0x4250b8 LoadLibraryExW
0x4250bc ExitThread
0x4250c0 FreeLibraryAndExitThread
0x4250c4 GetModuleHandleExW
0x4250c8 GetStdHandle
0x4250cc WriteFile
0x4250d0 GetModuleFileNameW
0x4250d4 ExitProcess
0x4250d8 GetCommandLineA
0x4250dc GetCommandLineW
0x4250e0 HeapAlloc
0x4250e4 HeapFree
0x4250e8 CompareStringW
0x4250ec LCMapStringW
0x4250f0 GetLocaleInfoW
0x4250f4 IsValidLocale
0x4250f8 GetUserDefaultLCID
0x4250fc EnumSystemLocalesW
0x425100 GetFileType
0x425104 FlushFileBuffers
0x425108 GetConsoleOutputCP
0x42510c GetConsoleMode
0x425110 ReadFile
0x425114 GetFileSizeEx
0x425118 SetFilePointerEx
0x42511c ReadConsoleW
0x425120 HeapReAlloc
0x425124 FindClose
0x425128 FindFirstFileExW
0x42512c FindNextFileW
0x425130 IsValidCodePage
0x425134 GetACP
0x425138 GetOEMCP
0x42513c GetEnvironmentStringsW
0x425140 FreeEnvironmentStringsW
0x425144 SetEnvironmentVariableW
0x425148 SetStdHandle
0x42514c GetProcessHeap
0x425150 HeapSize
0x425154 WriteConsoleW
EAT(Export Address Table) is none
KERNEL32.dll
0x425000 CloseHandle
0x425004 WaitForSingleObjectEx
0x425008 CreateThread
0x42500c VirtualAlloc
0x425010 FreeConsole
0x425014 QueryPerformanceCounter
0x425018 QueryPerformanceFrequency
0x42501c Sleep
0x425020 GetCurrentThreadId
0x425024 GetExitCodeThread
0x425028 ReleaseSRWLockExclusive
0x42502c WideCharToMultiByte
0x425030 EnterCriticalSection
0x425034 LeaveCriticalSection
0x425038 InitializeCriticalSectionEx
0x42503c DeleteCriticalSection
0x425040 GetSystemTimeAsFileTime
0x425044 GetModuleHandleW
0x425048 GetProcAddress
0x42504c WakeAllConditionVariable
0x425050 EncodePointer
0x425054 DecodePointer
0x425058 MultiByteToWideChar
0x42505c LCMapStringEx
0x425060 GetStringTypeW
0x425064 GetCPInfo
0x425068 IsProcessorFeaturePresent
0x42506c GetCurrentProcessId
0x425070 InitializeSListHead
0x425074 IsDebuggerPresent
0x425078 UnhandledExceptionFilter
0x42507c SetUnhandledExceptionFilter
0x425080 GetStartupInfoW
0x425084 GetCurrentProcess
0x425088 TerminateProcess
0x42508c CreateFileW
0x425090 RaiseException
0x425094 RtlUnwind
0x425098 GetLastError
0x42509c SetLastError
0x4250a0 InitializeCriticalSectionAndSpinCount
0x4250a4 TlsAlloc
0x4250a8 TlsGetValue
0x4250ac TlsSetValue
0x4250b0 TlsFree
0x4250b4 FreeLibrary
0x4250b8 LoadLibraryExW
0x4250bc ExitThread
0x4250c0 FreeLibraryAndExitThread
0x4250c4 GetModuleHandleExW
0x4250c8 GetStdHandle
0x4250cc WriteFile
0x4250d0 GetModuleFileNameW
0x4250d4 ExitProcess
0x4250d8 GetCommandLineA
0x4250dc GetCommandLineW
0x4250e0 HeapAlloc
0x4250e4 HeapFree
0x4250e8 CompareStringW
0x4250ec LCMapStringW
0x4250f0 GetLocaleInfoW
0x4250f4 IsValidLocale
0x4250f8 GetUserDefaultLCID
0x4250fc EnumSystemLocalesW
0x425100 GetFileType
0x425104 FlushFileBuffers
0x425108 GetConsoleOutputCP
0x42510c GetConsoleMode
0x425110 ReadFile
0x425114 GetFileSizeEx
0x425118 SetFilePointerEx
0x42511c ReadConsoleW
0x425120 HeapReAlloc
0x425124 FindClose
0x425128 FindFirstFileExW
0x42512c FindNextFileW
0x425130 IsValidCodePage
0x425134 GetACP
0x425138 GetOEMCP
0x42513c GetEnvironmentStringsW
0x425140 FreeEnvironmentStringsW
0x425144 SetEnvironmentVariableW
0x425148 SetStdHandle
0x42514c GetProcessHeap
0x425150 HeapSize
0x425154 WriteConsoleW
EAT(Export Address Table) is none