ScreenShot
| Created | 2024.06.05 07:34 | Machine | s1_win7_x6403 |
| Filename | upd.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | |||
| md5 | e8a7d0c6dedce0d4a403908a29273d43 | ||
| sha256 | 672f24842aeb72d7bd8d64e78aaba5f3a953409ce21cfe97d3a80e7ef67f232a | ||
| ssdeep | 24576:uVKlwZW7rdhSklldluAi8XBBv3b1bNtFPEh8OyPe+ZkGRACQX48n9pJSQ2KxLqYV:LlwZEDSWercBvB7xEdr2dRqucwcr | ||
| imphash | 2ad7a6fc0b5c8e7718253b0849024261 | ||
| impfuzzy | 24:cj1E0cpVWclK+eDvGtXGhlJBl393PLOovbO3kFZMv1GMAkEZHu9J:t0cpV57WGtXGnpN630FZGb | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x425000 VirtualAlloc
0x425004 WaitForSingleObjectEx
0x425008 CloseHandle
0x42500c FreeConsole
0x425010 CreateThread
0x425014 WideCharToMultiByte
0x425018 GetCurrentThreadId
0x42501c GetExitCodeThread
0x425020 EnterCriticalSection
0x425024 LeaveCriticalSection
0x425028 InitializeCriticalSectionEx
0x42502c DeleteCriticalSection
0x425030 EncodePointer
0x425034 DecodePointer
0x425038 MultiByteToWideChar
0x42503c LCMapStringEx
0x425040 ReleaseSRWLockExclusive
0x425044 WakeAllConditionVariable
0x425048 QueryPerformanceCounter
0x42504c GetSystemTimeAsFileTime
0x425050 GetModuleHandleW
0x425054 GetProcAddress
0x425058 GetStringTypeW
0x42505c GetCPInfo
0x425060 IsProcessorFeaturePresent
0x425064 GetCurrentProcessId
0x425068 InitializeSListHead
0x42506c IsDebuggerPresent
0x425070 UnhandledExceptionFilter
0x425074 SetUnhandledExceptionFilter
0x425078 GetStartupInfoW
0x42507c GetCurrentProcess
0x425080 TerminateProcess
0x425084 CreateFileW
0x425088 RaiseException
0x42508c RtlUnwind
0x425090 GetLastError
0x425094 SetLastError
0x425098 InitializeCriticalSectionAndSpinCount
0x42509c TlsAlloc
0x4250a0 TlsGetValue
0x4250a4 TlsSetValue
0x4250a8 TlsFree
0x4250ac FreeLibrary
0x4250b0 LoadLibraryExW
0x4250b4 ExitThread
0x4250b8 FreeLibraryAndExitThread
0x4250bc GetModuleHandleExW
0x4250c0 GetStdHandle
0x4250c4 WriteFile
0x4250c8 GetModuleFileNameW
0x4250cc ExitProcess
0x4250d0 GetCommandLineA
0x4250d4 GetCommandLineW
0x4250d8 HeapAlloc
0x4250dc HeapFree
0x4250e0 CompareStringW
0x4250e4 LCMapStringW
0x4250e8 GetLocaleInfoW
0x4250ec IsValidLocale
0x4250f0 GetUserDefaultLCID
0x4250f4 EnumSystemLocalesW
0x4250f8 GetFileType
0x4250fc FlushFileBuffers
0x425100 GetConsoleOutputCP
0x425104 GetConsoleMode
0x425108 ReadFile
0x42510c GetFileSizeEx
0x425110 SetFilePointerEx
0x425114 ReadConsoleW
0x425118 HeapReAlloc
0x42511c FindClose
0x425120 FindFirstFileExW
0x425124 FindNextFileW
0x425128 IsValidCodePage
0x42512c GetACP
0x425130 GetOEMCP
0x425134 GetEnvironmentStringsW
0x425138 FreeEnvironmentStringsW
0x42513c SetEnvironmentVariableW
0x425140 SetStdHandle
0x425144 GetProcessHeap
0x425148 HeapSize
0x42514c WriteConsoleW
EAT(Export Address Table) is none
KERNEL32.dll
0x425000 VirtualAlloc
0x425004 WaitForSingleObjectEx
0x425008 CloseHandle
0x42500c FreeConsole
0x425010 CreateThread
0x425014 WideCharToMultiByte
0x425018 GetCurrentThreadId
0x42501c GetExitCodeThread
0x425020 EnterCriticalSection
0x425024 LeaveCriticalSection
0x425028 InitializeCriticalSectionEx
0x42502c DeleteCriticalSection
0x425030 EncodePointer
0x425034 DecodePointer
0x425038 MultiByteToWideChar
0x42503c LCMapStringEx
0x425040 ReleaseSRWLockExclusive
0x425044 WakeAllConditionVariable
0x425048 QueryPerformanceCounter
0x42504c GetSystemTimeAsFileTime
0x425050 GetModuleHandleW
0x425054 GetProcAddress
0x425058 GetStringTypeW
0x42505c GetCPInfo
0x425060 IsProcessorFeaturePresent
0x425064 GetCurrentProcessId
0x425068 InitializeSListHead
0x42506c IsDebuggerPresent
0x425070 UnhandledExceptionFilter
0x425074 SetUnhandledExceptionFilter
0x425078 GetStartupInfoW
0x42507c GetCurrentProcess
0x425080 TerminateProcess
0x425084 CreateFileW
0x425088 RaiseException
0x42508c RtlUnwind
0x425090 GetLastError
0x425094 SetLastError
0x425098 InitializeCriticalSectionAndSpinCount
0x42509c TlsAlloc
0x4250a0 TlsGetValue
0x4250a4 TlsSetValue
0x4250a8 TlsFree
0x4250ac FreeLibrary
0x4250b0 LoadLibraryExW
0x4250b4 ExitThread
0x4250b8 FreeLibraryAndExitThread
0x4250bc GetModuleHandleExW
0x4250c0 GetStdHandle
0x4250c4 WriteFile
0x4250c8 GetModuleFileNameW
0x4250cc ExitProcess
0x4250d0 GetCommandLineA
0x4250d4 GetCommandLineW
0x4250d8 HeapAlloc
0x4250dc HeapFree
0x4250e0 CompareStringW
0x4250e4 LCMapStringW
0x4250e8 GetLocaleInfoW
0x4250ec IsValidLocale
0x4250f0 GetUserDefaultLCID
0x4250f4 EnumSystemLocalesW
0x4250f8 GetFileType
0x4250fc FlushFileBuffers
0x425100 GetConsoleOutputCP
0x425104 GetConsoleMode
0x425108 ReadFile
0x42510c GetFileSizeEx
0x425110 SetFilePointerEx
0x425114 ReadConsoleW
0x425118 HeapReAlloc
0x42511c FindClose
0x425120 FindFirstFileExW
0x425124 FindNextFileW
0x425128 IsValidCodePage
0x42512c GetACP
0x425130 GetOEMCP
0x425134 GetEnvironmentStringsW
0x425138 FreeEnvironmentStringsW
0x42513c SetEnvironmentVariableW
0x425140 SetStdHandle
0x425144 GetProcessHeap
0x425148 HeapSize
0x42514c WriteConsoleW
EAT(Export Address Table) is none