ScreenShot
| Created | 2024.06.17 14:33 | Machine | s1_win7_x6401 |
| Filename | psyzh | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 0fece9d4a04aae570fa8673cc1fdb912 | ||
| sha256 | 944cafe87ce3c4de19655600649a64010ddfdb9f20192c1ffbdb085017fd288c | ||
| ssdeep | 6144:KqXxMqiQNFy5SbAcBMXL1rqyfVSIOubTi:DMqJNs5Jcib1un/8 | ||
| imphash | a513929f6d508044e000a112afe4c1e3 | ||
| impfuzzy | 24:agYk4yArjoTgVOlJcDYWC+ndQByUqOyVCxvOfPoO+lEcfWftjhIuHRyv0SJdB:4rjkWDndv1VAOnn+ecfGtt40SJdB | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x421000 GlobalMemoryStatus
0x421004 FindResourceA
0x421008 IsBadStringPtrW
0x42100c GetCPInfo
0x421010 LoadLibraryExW
0x421014 GetConsoleAliasA
0x421018 GetComputerNameW
0x42101c GetTickCount
0x421020 GetUserDefaultLangID
0x421024 SetProcessPriorityBoost
0x421028 GlobalAlloc
0x42102c GlobalFindAtomA
0x421030 LoadLibraryW
0x421034 GlobalUnlock
0x421038 GetLastError
0x42103c SetLastError
0x421040 GetProcAddress
0x421044 BuildCommDCBW
0x421048 GetDiskFreeSpaceW
0x42104c LoadLibraryA
0x421050 OpenMutexA
0x421054 InterlockedExchangeAdd
0x421058 CreateHardLinkW
0x42105c FindFirstVolumeMountPointW
0x421060 GetNumberFormatW
0x421064 FoldStringW
0x421068 EnumResourceTypesW
0x42106c GetModuleFileNameA
0x421070 GlobalUnWire
0x421074 lstrcatW
0x421078 OutputDebugStringA
0x42107c TerminateJobObject
0x421080 GetWindowsDirectoryW
0x421084 OpenFileMappingA
0x421088 WriteProcessMemory
0x42108c HeapFree
0x421090 GetModuleHandleW
0x421094 ExitProcess
0x421098 DecodePointer
0x42109c GetCommandLineW
0x4210a0 HeapSetInformation
0x4210a4 GetStartupInfoW
0x4210a8 HeapAlloc
0x4210ac IsProcessorFeaturePresent
0x4210b0 HeapCreate
0x4210b4 InitializeCriticalSectionAndSpinCount
0x4210b8 DeleteCriticalSection
0x4210bc LeaveCriticalSection
0x4210c0 EnterCriticalSection
0x4210c4 EncodePointer
0x4210c8 UnhandledExceptionFilter
0x4210cc SetUnhandledExceptionFilter
0x4210d0 IsDebuggerPresent
0x4210d4 TerminateProcess
0x4210d8 GetCurrentProcess
0x4210dc TlsAlloc
0x4210e0 TlsGetValue
0x4210e4 TlsSetValue
0x4210e8 TlsFree
0x4210ec InterlockedIncrement
0x4210f0 GetCurrentThreadId
0x4210f4 InterlockedDecrement
0x4210f8 WriteFile
0x4210fc GetStdHandle
0x421100 GetModuleFileNameW
0x421104 FreeEnvironmentStringsW
0x421108 GetEnvironmentStringsW
0x42110c SetHandleCount
0x421110 GetFileType
0x421114 QueryPerformanceCounter
0x421118 GetCurrentProcessId
0x42111c GetSystemTimeAsFileTime
0x421120 RtlUnwind
0x421124 Sleep
0x421128 WideCharToMultiByte
0x42112c GetACP
0x421130 GetOEMCP
0x421134 IsValidCodePage
0x421138 HeapSize
0x42113c RaiseException
0x421140 HeapReAlloc
0x421144 LCMapStringW
0x421148 MultiByteToWideChar
0x42114c GetStringTypeW
EAT(Export Address Table) is none
KERNEL32.dll
0x421000 GlobalMemoryStatus
0x421004 FindResourceA
0x421008 IsBadStringPtrW
0x42100c GetCPInfo
0x421010 LoadLibraryExW
0x421014 GetConsoleAliasA
0x421018 GetComputerNameW
0x42101c GetTickCount
0x421020 GetUserDefaultLangID
0x421024 SetProcessPriorityBoost
0x421028 GlobalAlloc
0x42102c GlobalFindAtomA
0x421030 LoadLibraryW
0x421034 GlobalUnlock
0x421038 GetLastError
0x42103c SetLastError
0x421040 GetProcAddress
0x421044 BuildCommDCBW
0x421048 GetDiskFreeSpaceW
0x42104c LoadLibraryA
0x421050 OpenMutexA
0x421054 InterlockedExchangeAdd
0x421058 CreateHardLinkW
0x42105c FindFirstVolumeMountPointW
0x421060 GetNumberFormatW
0x421064 FoldStringW
0x421068 EnumResourceTypesW
0x42106c GetModuleFileNameA
0x421070 GlobalUnWire
0x421074 lstrcatW
0x421078 OutputDebugStringA
0x42107c TerminateJobObject
0x421080 GetWindowsDirectoryW
0x421084 OpenFileMappingA
0x421088 WriteProcessMemory
0x42108c HeapFree
0x421090 GetModuleHandleW
0x421094 ExitProcess
0x421098 DecodePointer
0x42109c GetCommandLineW
0x4210a0 HeapSetInformation
0x4210a4 GetStartupInfoW
0x4210a8 HeapAlloc
0x4210ac IsProcessorFeaturePresent
0x4210b0 HeapCreate
0x4210b4 InitializeCriticalSectionAndSpinCount
0x4210b8 DeleteCriticalSection
0x4210bc LeaveCriticalSection
0x4210c0 EnterCriticalSection
0x4210c4 EncodePointer
0x4210c8 UnhandledExceptionFilter
0x4210cc SetUnhandledExceptionFilter
0x4210d0 IsDebuggerPresent
0x4210d4 TerminateProcess
0x4210d8 GetCurrentProcess
0x4210dc TlsAlloc
0x4210e0 TlsGetValue
0x4210e4 TlsSetValue
0x4210e8 TlsFree
0x4210ec InterlockedIncrement
0x4210f0 GetCurrentThreadId
0x4210f4 InterlockedDecrement
0x4210f8 WriteFile
0x4210fc GetStdHandle
0x421100 GetModuleFileNameW
0x421104 FreeEnvironmentStringsW
0x421108 GetEnvironmentStringsW
0x42110c SetHandleCount
0x421110 GetFileType
0x421114 QueryPerformanceCounter
0x421118 GetCurrentProcessId
0x42111c GetSystemTimeAsFileTime
0x421120 RtlUnwind
0x421124 Sleep
0x421128 WideCharToMultiByte
0x42112c GetACP
0x421130 GetOEMCP
0x421134 IsValidCodePage
0x421138 HeapSize
0x42113c RaiseException
0x421140 HeapReAlloc
0x421144 LCMapStringW
0x421148 MultiByteToWideChar
0x42114c GetStringTypeW
EAT(Export Address Table) is none