ScreenShot
| Created | 2024.06.14 09:27 | Machine | s1_win7_x6401 |
| Filename | onecommander.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | |||
| md5 | 55757364d854adc3fc1e5cb59532f1c3 | ||
| sha256 | 58ca3c309de385bb0a975f4b7c9d94cb0adf6feef9c75038bc997c8b0e638465 | ||
| ssdeep | 49152:RYY8ksnnhumByOZi/9YKpWBPA12a0rm4lKUYR+8ZduE2ak38upZjR5Es+WC7TCnN:H61BJIYKpjalKUk+8stpNEOfajHW2o | ||
| imphash | 5929190c8765f5bc37b052ab5c6c53e7 | ||
| impfuzzy | 48:qJrKxMCy9cmwKeFR+2u42xQ2HpdXiX1PJOmSnlTJGfYJ861k1vcqTjz:qJexMCyamCRHu42xQ2HPXiX1PgblTJGh | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| info | One or more processes crashed |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14061047c AddAtomA
0x140610484 AddVectoredExceptionHandler
0x14061048c CloseHandle
0x140610494 CreateEventA
0x14061049c CreateFileA
0x1406104a4 CreateIoCompletionPort
0x1406104ac CreateMutexA
0x1406104b4 CreateSemaphoreA
0x1406104bc CreateThread
0x1406104c4 CreateWaitableTimerExW
0x1406104cc DeleteAtom
0x1406104d4 DeleteCriticalSection
0x1406104dc DuplicateHandle
0x1406104e4 EnterCriticalSection
0x1406104ec ExitProcess
0x1406104f4 FindAtomA
0x1406104fc FormatMessageA
0x140610504 FreeEnvironmentStringsW
0x14061050c GetAtomNameA
0x140610514 GetConsoleMode
0x14061051c GetCurrentProcess
0x140610524 GetCurrentProcessId
0x14061052c GetCurrentThread
0x140610534 GetCurrentThreadId
0x14061053c GetEnvironmentStringsW
0x140610544 GetErrorMode
0x14061054c GetHandleInformation
0x140610554 GetLastError
0x14061055c GetProcAddress
0x140610564 GetProcessAffinityMask
0x14061056c GetQueuedCompletionStatusEx
0x140610574 GetStartupInfoA
0x14061057c GetStdHandle
0x140610584 GetSystemDirectoryA
0x14061058c GetSystemInfo
0x140610594 GetSystemTimeAsFileTime
0x14061059c GetThreadContext
0x1406105a4 GetThreadPriority
0x1406105ac GetTickCount
0x1406105b4 InitializeCriticalSection
0x1406105bc IsDBCSLeadByteEx
0x1406105c4 IsDebuggerPresent
0x1406105cc LeaveCriticalSection
0x1406105d4 LoadLibraryExW
0x1406105dc LoadLibraryW
0x1406105e4 LocalFree
0x1406105ec MultiByteToWideChar
0x1406105f4 OpenProcess
0x1406105fc OutputDebugStringA
0x140610604 PostQueuedCompletionStatus
0x14061060c QueryPerformanceCounter
0x140610614 QueryPerformanceFrequency
0x14061061c RaiseException
0x140610624 RaiseFailFastException
0x14061062c ReleaseMutex
0x140610634 ReleaseSemaphore
0x14061063c RemoveVectoredExceptionHandler
0x140610644 ResetEvent
0x14061064c ResumeThread
0x140610654 SetConsoleCtrlHandler
0x14061065c SetErrorMode
0x140610664 SetEvent
0x14061066c SetLastError
0x140610674 SetProcessAffinityMask
0x14061067c SetProcessPriorityBoost
0x140610684 SetThreadContext
0x14061068c SetThreadPriority
0x140610694 SetUnhandledExceptionFilter
0x14061069c SetWaitableTimer
0x1406106a4 Sleep
0x1406106ac SuspendThread
0x1406106b4 SwitchToThread
0x1406106bc TlsAlloc
0x1406106c4 TlsGetValue
0x1406106cc TlsSetValue
0x1406106d4 TryEnterCriticalSection
0x1406106dc VirtualAlloc
0x1406106e4 VirtualFree
0x1406106ec VirtualProtect
0x1406106f4 VirtualQuery
0x1406106fc WaitForMultipleObjects
0x140610704 WaitForSingleObject
0x14061070c WerGetFlags
0x140610714 WerSetFlags
0x14061071c WideCharToMultiByte
0x140610724 WriteConsoleW
0x14061072c WriteFile
0x140610734 __C_specific_handler
msvcrt.dll
0x140610744 ___lc_codepage_func
0x14061074c ___mb_cur_max_func
0x140610754 __getmainargs
0x14061075c __initenv
0x140610764 __iob_func
0x14061076c __lconv_init
0x140610774 __set_app_type
0x14061077c __setusermatherr
0x140610784 _acmdln
0x14061078c _amsg_exit
0x140610794 _beginthread
0x14061079c _beginthreadex
0x1406107a4 _cexit
0x1406107ac _commode
0x1406107b4 _endthreadex
0x1406107bc _errno
0x1406107c4 _fmode
0x1406107cc _initterm
0x1406107d4 _lock
0x1406107dc _memccpy
0x1406107e4 _onexit
0x1406107ec _setjmp
0x1406107f4 _strdup
0x1406107fc _ultoa
0x140610804 _unlock
0x14061080c abort
0x140610814 calloc
0x14061081c exit
0x140610824 fprintf
0x14061082c fputc
0x140610834 free
0x14061083c fwrite
0x140610844 localeconv
0x14061084c longjmp
0x140610854 malloc
0x14061085c memcpy
0x140610864 memmove
0x14061086c memset
0x140610874 printf
0x14061087c realloc
0x140610884 signal
0x14061088c strerror
0x140610894 strlen
0x14061089c strncmp
0x1406108a4 vfprintf
0x1406108ac wcslen
EAT(Export Address Table) Library
0x14060d690 _cgo_dummy_export
KERNEL32.dll
0x14061047c AddAtomA
0x140610484 AddVectoredExceptionHandler
0x14061048c CloseHandle
0x140610494 CreateEventA
0x14061049c CreateFileA
0x1406104a4 CreateIoCompletionPort
0x1406104ac CreateMutexA
0x1406104b4 CreateSemaphoreA
0x1406104bc CreateThread
0x1406104c4 CreateWaitableTimerExW
0x1406104cc DeleteAtom
0x1406104d4 DeleteCriticalSection
0x1406104dc DuplicateHandle
0x1406104e4 EnterCriticalSection
0x1406104ec ExitProcess
0x1406104f4 FindAtomA
0x1406104fc FormatMessageA
0x140610504 FreeEnvironmentStringsW
0x14061050c GetAtomNameA
0x140610514 GetConsoleMode
0x14061051c GetCurrentProcess
0x140610524 GetCurrentProcessId
0x14061052c GetCurrentThread
0x140610534 GetCurrentThreadId
0x14061053c GetEnvironmentStringsW
0x140610544 GetErrorMode
0x14061054c GetHandleInformation
0x140610554 GetLastError
0x14061055c GetProcAddress
0x140610564 GetProcessAffinityMask
0x14061056c GetQueuedCompletionStatusEx
0x140610574 GetStartupInfoA
0x14061057c GetStdHandle
0x140610584 GetSystemDirectoryA
0x14061058c GetSystemInfo
0x140610594 GetSystemTimeAsFileTime
0x14061059c GetThreadContext
0x1406105a4 GetThreadPriority
0x1406105ac GetTickCount
0x1406105b4 InitializeCriticalSection
0x1406105bc IsDBCSLeadByteEx
0x1406105c4 IsDebuggerPresent
0x1406105cc LeaveCriticalSection
0x1406105d4 LoadLibraryExW
0x1406105dc LoadLibraryW
0x1406105e4 LocalFree
0x1406105ec MultiByteToWideChar
0x1406105f4 OpenProcess
0x1406105fc OutputDebugStringA
0x140610604 PostQueuedCompletionStatus
0x14061060c QueryPerformanceCounter
0x140610614 QueryPerformanceFrequency
0x14061061c RaiseException
0x140610624 RaiseFailFastException
0x14061062c ReleaseMutex
0x140610634 ReleaseSemaphore
0x14061063c RemoveVectoredExceptionHandler
0x140610644 ResetEvent
0x14061064c ResumeThread
0x140610654 SetConsoleCtrlHandler
0x14061065c SetErrorMode
0x140610664 SetEvent
0x14061066c SetLastError
0x140610674 SetProcessAffinityMask
0x14061067c SetProcessPriorityBoost
0x140610684 SetThreadContext
0x14061068c SetThreadPriority
0x140610694 SetUnhandledExceptionFilter
0x14061069c SetWaitableTimer
0x1406106a4 Sleep
0x1406106ac SuspendThread
0x1406106b4 SwitchToThread
0x1406106bc TlsAlloc
0x1406106c4 TlsGetValue
0x1406106cc TlsSetValue
0x1406106d4 TryEnterCriticalSection
0x1406106dc VirtualAlloc
0x1406106e4 VirtualFree
0x1406106ec VirtualProtect
0x1406106f4 VirtualQuery
0x1406106fc WaitForMultipleObjects
0x140610704 WaitForSingleObject
0x14061070c WerGetFlags
0x140610714 WerSetFlags
0x14061071c WideCharToMultiByte
0x140610724 WriteConsoleW
0x14061072c WriteFile
0x140610734 __C_specific_handler
msvcrt.dll
0x140610744 ___lc_codepage_func
0x14061074c ___mb_cur_max_func
0x140610754 __getmainargs
0x14061075c __initenv
0x140610764 __iob_func
0x14061076c __lconv_init
0x140610774 __set_app_type
0x14061077c __setusermatherr
0x140610784 _acmdln
0x14061078c _amsg_exit
0x140610794 _beginthread
0x14061079c _beginthreadex
0x1406107a4 _cexit
0x1406107ac _commode
0x1406107b4 _endthreadex
0x1406107bc _errno
0x1406107c4 _fmode
0x1406107cc _initterm
0x1406107d4 _lock
0x1406107dc _memccpy
0x1406107e4 _onexit
0x1406107ec _setjmp
0x1406107f4 _strdup
0x1406107fc _ultoa
0x140610804 _unlock
0x14061080c abort
0x140610814 calloc
0x14061081c exit
0x140610824 fprintf
0x14061082c fputc
0x140610834 free
0x14061083c fwrite
0x140610844 localeconv
0x14061084c longjmp
0x140610854 malloc
0x14061085c memcpy
0x140610864 memmove
0x14061086c memset
0x140610874 printf
0x14061087c realloc
0x140610884 signal
0x14061088c strerror
0x140610894 strlen
0x14061089c strncmp
0x1406108a4 vfprintf
0x1406108ac wcslen
EAT(Export Address Table) Library
0x14060d690 _cgo_dummy_export