ScreenShot
Created | 2024.06.16 09:58 | Machine | s1_win7_x6403 |
Filename | sc.exe | ||
Type | PE32+ executable (console) x86-64, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : mailcious | ||
VT API (file) | |||
md5 | 1c7ce77089b1bc88099485ff0c30a928 | ||
sha256 | db74c9cf550a01d6961af9d5155a93d926484b7d7b255a1a2f2ba74d33d77717 | ||
ssdeep | 24576:OPtYRHuLzYT4a+LTHgBPpgWU4sfvSH7WBUCXTZXTTV5reBBPb:iqRHKzYRI34sCbWBvD9V5rOPb | ||
imphash | c2d457ad8ac36fc9f18d45bffcd450c2 | ||
impfuzzy | 24:ibVjh9wOuuTkkboVaXOr6kwmDgUPMztxdEr6tl:AwOuUjXOmokx0ol |
Network IP location
Signature (2cnts)
Level | Description |
---|---|
notice | The binary likely contains encrypted or compressed data indicative of a packer |
info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
Level | Name | Description | Collection |
---|---|---|---|
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsPE64 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x5521a0 WriteFile
0x5521a8 WriteConsoleW
0x5521b0 WerSetFlags
0x5521b8 WerGetFlags
0x5521c0 WaitForMultipleObjects
0x5521c8 WaitForSingleObject
0x5521d0 VirtualQuery
0x5521d8 VirtualFree
0x5521e0 VirtualAlloc
0x5521e8 TlsAlloc
0x5521f0 SwitchToThread
0x5521f8 SuspendThread
0x552200 SetWaitableTimer
0x552208 SetProcessPriorityBoost
0x552210 SetEvent
0x552218 SetErrorMode
0x552220 SetConsoleCtrlHandler
0x552228 RtlVirtualUnwind
0x552230 RtlLookupFunctionEntry
0x552238 ResumeThread
0x552240 RaiseFailFastException
0x552248 PostQueuedCompletionStatus
0x552250 LoadLibraryW
0x552258 LoadLibraryExW
0x552260 SetThreadContext
0x552268 GetThreadContext
0x552270 GetSystemInfo
0x552278 GetSystemDirectoryA
0x552280 GetStdHandle
0x552288 GetQueuedCompletionStatusEx
0x552290 GetProcessAffinityMask
0x552298 GetProcAddress
0x5522a0 GetErrorMode
0x5522a8 GetEnvironmentStringsW
0x5522b0 GetCurrentThreadId
0x5522b8 GetConsoleMode
0x5522c0 FreeEnvironmentStringsW
0x5522c8 ExitProcess
0x5522d0 DuplicateHandle
0x5522d8 CreateWaitableTimerExW
0x5522e0 CreateThread
0x5522e8 CreateIoCompletionPort
0x5522f0 CreateFileA
0x5522f8 CreateEventA
0x552300 CloseHandle
0x552308 AddVectoredExceptionHandler
0x552310 AddVectoredContinueHandler
EAT(Export Address Table) is none
kernel32.dll
0x5521a0 WriteFile
0x5521a8 WriteConsoleW
0x5521b0 WerSetFlags
0x5521b8 WerGetFlags
0x5521c0 WaitForMultipleObjects
0x5521c8 WaitForSingleObject
0x5521d0 VirtualQuery
0x5521d8 VirtualFree
0x5521e0 VirtualAlloc
0x5521e8 TlsAlloc
0x5521f0 SwitchToThread
0x5521f8 SuspendThread
0x552200 SetWaitableTimer
0x552208 SetProcessPriorityBoost
0x552210 SetEvent
0x552218 SetErrorMode
0x552220 SetConsoleCtrlHandler
0x552228 RtlVirtualUnwind
0x552230 RtlLookupFunctionEntry
0x552238 ResumeThread
0x552240 RaiseFailFastException
0x552248 PostQueuedCompletionStatus
0x552250 LoadLibraryW
0x552258 LoadLibraryExW
0x552260 SetThreadContext
0x552268 GetThreadContext
0x552270 GetSystemInfo
0x552278 GetSystemDirectoryA
0x552280 GetStdHandle
0x552288 GetQueuedCompletionStatusEx
0x552290 GetProcessAffinityMask
0x552298 GetProcAddress
0x5522a0 GetErrorMode
0x5522a8 GetEnvironmentStringsW
0x5522b0 GetCurrentThreadId
0x5522b8 GetConsoleMode
0x5522c0 FreeEnvironmentStringsW
0x5522c8 ExitProcess
0x5522d0 DuplicateHandle
0x5522d8 CreateWaitableTimerExW
0x5522e0 CreateThread
0x5522e8 CreateIoCompletionPort
0x5522f0 CreateFileA
0x5522f8 CreateEventA
0x552300 CloseHandle
0x552308 AddVectoredExceptionHandler
0x552310 AddVectoredContinueHandler
EAT(Export Address Table) is none