ScreenShot
| Created | 2024.06.09 15:57 | Machine | s1_win7_x6401 |
| Filename | 8910.unp.exe | ||
| Type | MS-DOS executable, MZ for MS-DOS | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | f8d212919820b46438d8b921fd6e0857 | ||
| sha256 | ad86acc90048d300077f47e47f665920857ce73bab2ea8f35c9c10ef21371feb | ||
| ssdeep | 384:ZCAW/NSw1LtWrGoVDxo7yRvFGPaL/n2DiNMPjfgZ5Rs6NAQiO7vvxlLYcGjz:Ysw1LOtfp/izAAzO7DV2z | ||
| imphash | 02bf6e404bb76f41472e550a8f126c0a | ||
| impfuzzy | 96:ARS1RRff8aREtLSLpIBikWSgMHL5kUtF3ACNmXk9KeRXuVyIp:1fzcCMHL5kUteI5XuVyM | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.DLL
0x406000 FindFirstFileW
0x406004 FindNextFileW
0x406008 FindClose
0x40600c GetFileAttributesW
0x406010 GetConsoleWindow
0x406014 SetUnhandledExceptionFilter
0x406018 GetCurrentProcess
0x40601c TerminateProcess
0x406020 IsProcessorFeaturePresent
0x406024 IsDebuggerPresent
0x406028 GetModuleHandleW
0x40602c QueryPerformanceCounter
0x406030 GetCurrentProcessId
0x406034 GetCurrentThreadId
0x406038 GetSystemTimeAsFileTime
0x40603c InitializeSListHead
0x406040 UnhandledExceptionFilter
MSVCP140.DLL
0x406048 ?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
0x40604c ?_Xlength_error@std@@YAXPBD@Z
0x406050 ?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
0x406054 ??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
0x406058 ?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
0x40605c ?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
0x406060 ?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
0x406064 ??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
0x406068 ??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
0x40606c ?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
0x406070 ??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
0x406074 ??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
0x406078 ?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
0x40607c ?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
0x406080 ?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
0x406084 ??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
0x406088 ?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
0x40608c ?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
0x406090 ?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
0x406094 ?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
0x406098 ?always_noconv@codecvt_base@std@@QBE_NXZ
0x40609c ??Bid@locale@std@@QAEIXZ
0x4060a0 ?_Getname@_Locinfo@std@@QBEPBDXZ
0x4060a4 ??1_Locinfo@std@@QAE@XZ
0x4060a8 ??0_Locinfo@std@@QAE@HPBD@Z
0x4060ac ??1_Lockit@std@@QAE@XZ
0x4060b0 ??0_Lockit@std@@QAE@H@Z
0x4060b4 ?_Xruntime_error@std@@YAXPBD@Z
0x4060b8 ?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z
0x4060bc ?_New_Locimp@_Locimp@locale@std@@CAPAV123@_N@Z
0x4060c0 ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
0x4060c4 ?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
0x4060c8 ?global@locale@std@@SA?AV12@ABV12@@Z
0x4060cc ??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
USER32.DLL
0x4060d4 ShowWindow
VCRUNTIME140.DLL
0x4060dc __current_exception_context
0x4060e0 __current_exception
0x4060e4 _except_handler4_common
0x4060e8 __std_exception_copy
0x4060ec __std_exception_destroy
0x4060f0 __CxxFrameHandler3
0x4060f4 memcpy
0x4060f8 _CxxThrowException
0x4060fc memset
0x406100 memmove
API-MS-WIN-CRT-ENVIRONMENT-L1-1-0.DLL
0x406108 _wgetenv
API-MS-WIN-CRT-FILESYSTEM-L1-1-0.DLL
0x406110 _lock_file
0x406114 _unlock_file
0x406118 _wmkdir
API-MS-WIN-CRT-HEAP-L1-1-0.DLL
0x406120 _set_new_mode
0x406124 malloc
0x406128 _callnewh
0x40612c free
API-MS-WIN-CRT-LOCALE-L1-1-0.DLL
0x406134 _configthreadlocale
API-MS-WIN-CRT-MATH-L1-1-0.DLL
0x40613c __setusermatherr
API-MS-WIN-CRT-RUNTIME-L1-1-0.DLL
0x406144 _cexit
0x406148 _seh_filter_exe
0x40614c _set_app_type
0x406150 _crt_atexit
0x406154 _initterm
0x406158 _initterm_e
0x40615c exit
0x406160 _exit
0x406164 __p___argc
0x406168 __p___argv
0x40616c _c_exit
0x406170 _register_thread_local_exe_atexit_callback
0x406174 _register_onexit_function
0x406178 _initialize_onexit_table
0x40617c _initialize_narrow_environment
0x406180 _configure_narrow_argv
0x406184 _controlfp_s
0x406188 terminate
0x40618c _invalid_parameter_noinfo_noreturn
0x406190 _get_initial_narrow_environment
0x406194 _wsystem
API-MS-WIN-CRT-STDIO-L1-1-0.DLL
0x40619c setvbuf
0x4061a0 __p__commode
0x4061a4 fwrite
0x4061a8 _set_fmode
0x4061ac fgetwc
0x4061b0 _fseeki64
0x4061b4 fgetc
0x4061b8 ungetwc
0x4061bc fputwc
0x4061c0 fclose
0x4061c4 fflush
0x4061c8 fsetpos
0x4061cc ungetc
0x4061d0 fgetpos
EAT(Export Address Table) is none
KERNEL32.DLL
0x406000 FindFirstFileW
0x406004 FindNextFileW
0x406008 FindClose
0x40600c GetFileAttributesW
0x406010 GetConsoleWindow
0x406014 SetUnhandledExceptionFilter
0x406018 GetCurrentProcess
0x40601c TerminateProcess
0x406020 IsProcessorFeaturePresent
0x406024 IsDebuggerPresent
0x406028 GetModuleHandleW
0x40602c QueryPerformanceCounter
0x406030 GetCurrentProcessId
0x406034 GetCurrentThreadId
0x406038 GetSystemTimeAsFileTime
0x40603c InitializeSListHead
0x406040 UnhandledExceptionFilter
MSVCP140.DLL
0x406048 ?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
0x40604c ?_Xlength_error@std@@YAXPBD@Z
0x406050 ?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
0x406054 ??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
0x406058 ?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
0x40605c ?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
0x406060 ?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
0x406064 ??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
0x406068 ??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
0x40606c ?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
0x406070 ??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
0x406074 ??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
0x406078 ?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
0x40607c ?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
0x406080 ?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
0x406084 ??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
0x406088 ?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
0x40608c ?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
0x406090 ?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
0x406094 ?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
0x406098 ?always_noconv@codecvt_base@std@@QBE_NXZ
0x40609c ??Bid@locale@std@@QAEIXZ
0x4060a0 ?_Getname@_Locinfo@std@@QBEPBDXZ
0x4060a4 ??1_Locinfo@std@@QAE@XZ
0x4060a8 ??0_Locinfo@std@@QAE@HPBD@Z
0x4060ac ??1_Lockit@std@@QAE@XZ
0x4060b0 ??0_Lockit@std@@QAE@H@Z
0x4060b4 ?_Xruntime_error@std@@YAXPBD@Z
0x4060b8 ?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z
0x4060bc ?_New_Locimp@_Locimp@locale@std@@CAPAV123@_N@Z
0x4060c0 ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
0x4060c4 ?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
0x4060c8 ?global@locale@std@@SA?AV12@ABV12@@Z
0x4060cc ??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
USER32.DLL
0x4060d4 ShowWindow
VCRUNTIME140.DLL
0x4060dc __current_exception_context
0x4060e0 __current_exception
0x4060e4 _except_handler4_common
0x4060e8 __std_exception_copy
0x4060ec __std_exception_destroy
0x4060f0 __CxxFrameHandler3
0x4060f4 memcpy
0x4060f8 _CxxThrowException
0x4060fc memset
0x406100 memmove
API-MS-WIN-CRT-ENVIRONMENT-L1-1-0.DLL
0x406108 _wgetenv
API-MS-WIN-CRT-FILESYSTEM-L1-1-0.DLL
0x406110 _lock_file
0x406114 _unlock_file
0x406118 _wmkdir
API-MS-WIN-CRT-HEAP-L1-1-0.DLL
0x406120 _set_new_mode
0x406124 malloc
0x406128 _callnewh
0x40612c free
API-MS-WIN-CRT-LOCALE-L1-1-0.DLL
0x406134 _configthreadlocale
API-MS-WIN-CRT-MATH-L1-1-0.DLL
0x40613c __setusermatherr
API-MS-WIN-CRT-RUNTIME-L1-1-0.DLL
0x406144 _cexit
0x406148 _seh_filter_exe
0x40614c _set_app_type
0x406150 _crt_atexit
0x406154 _initterm
0x406158 _initterm_e
0x40615c exit
0x406160 _exit
0x406164 __p___argc
0x406168 __p___argv
0x40616c _c_exit
0x406170 _register_thread_local_exe_atexit_callback
0x406174 _register_onexit_function
0x406178 _initialize_onexit_table
0x40617c _initialize_narrow_environment
0x406180 _configure_narrow_argv
0x406184 _controlfp_s
0x406188 terminate
0x40618c _invalid_parameter_noinfo_noreturn
0x406190 _get_initial_narrow_environment
0x406194 _wsystem
API-MS-WIN-CRT-STDIO-L1-1-0.DLL
0x40619c setvbuf
0x4061a0 __p__commode
0x4061a4 fwrite
0x4061a8 _set_fmode
0x4061ac fgetwc
0x4061b0 _fseeki64
0x4061b4 fgetc
0x4061b8 ungetwc
0x4061bc fputwc
0x4061c0 fclose
0x4061c4 fflush
0x4061c8 fsetpos
0x4061cc ungetc
0x4061d0 fgetpos
EAT(Export Address Table) is none