ScreenShot
| Created | 2024.06.20 19:31 | Machine | s1_win7_x6401 |
| Filename | spphost.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 3 detected (AIDetectMalware, MALICIOUS, MxResIcn) | ||
| md5 | 358f68588c7f515fcf638b0141fea937 | ||
| sha256 | 19e2639a1a919aad17700a903d31930f6ff6c3ca2d850999f613504a554b729b | ||
| ssdeep | 3072:70VPJwm17dkYntPisvVMQrfctQZE0RbrfHMoNpmWo8qxU/RFVxsnDT:70VPJwmgYntPisNdXZEOHHrpm1XUZLxo | ||
| imphash | 5e2d8ff302ecf8ed0528a463eb95501d | ||
| impfuzzy | 48:P1sOsBYrlnA7viNgV9RYLStQwE1L4IrBSA:P1sOsBwlA7viNgV9aL4MV | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 3 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14000bc50 CloseHandle
0x14000bc58 CreateFileW
0x14000bc60 EnumCalendarInfoW
0x14000bc68 FindClose
0x14000bc70 FindFirstFileW
0x14000bc78 FindNextFileW
0x14000bc80 GetCurrentProcess
0x14000bc88 GetCurrentProcessId
0x14000bc90 GetCurrentThreadId
0x14000bc98 GetFileSize
0x14000bca0 GetModuleFileNameW
0x14000bca8 GetModuleHandleA
0x14000bcb0 GetModuleHandleW
0x14000bcb8 GetProcAddress
0x14000bcc0 GetStartupInfoW
0x14000bcc8 GetSystemDirectoryW
0x14000bcd0 GetSystemTimeAsFileTime
0x14000bcd8 InitializeSListHead
0x14000bce0 IsDebuggerPresent
0x14000bce8 IsProcessorFeaturePresent
0x14000bcf0 QueryPerformanceCounter
0x14000bcf8 ReadFile
0x14000bd00 RegisterApplicationRestart
0x14000bd08 RtlCaptureContext
0x14000bd10 RtlLookupFunctionEntry
0x14000bd18 RtlVirtualUnwind
0x14000bd20 SetFilePointer
0x14000bd28 SetUnhandledExceptionFilter
0x14000bd30 TerminateProcess
0x14000bd38 UnhandledExceptionFilter
0x14000bd40 VirtualProtect
0x14000bd48 WriteProcessMemory
ADVAPI32.dll
0x14000bd58 RegOpenKeyExW
0x14000bd60 RegSetValueExA
MSVCP140.dll
0x14000bd70 ?_Xlength_error@std@@YAXPEBD@Z
api-ms-win-core-path-l1-1-0.dll
0x14000bd80 PathCchRemoveFileSpec
VCRUNTIME140.dll
0x14000bd90 _CxxThrowException
0x14000bd98 __C_specific_handler
0x14000bda0 __CxxFrameHandler3
0x14000bda8 __current_exception
0x14000bdb0 __current_exception_context
0x14000bdb8 __std_exception_copy
0x14000bdc0 __std_exception_destroy
0x14000bdc8 memcpy
0x14000bdd0 memmove
0x14000bdd8 memset
api-ms-win-crt-stdio-l1-1-0.dll
0x14000bde8 __p__commode
0x14000bdf0 __stdio_common_vswprintf
0x14000bdf8 _set_fmode
api-ms-win-crt-runtime-l1-1-0.dll
0x14000be08 _c_exit
0x14000be10 _cexit
0x14000be18 _configure_narrow_argv
0x14000be20 _crt_atexit
0x14000be28 _exit
0x14000be30 _get_narrow_winmain_command_line
0x14000be38 _initialize_narrow_environment
0x14000be40 _initialize_onexit_table
0x14000be48 _initterm
0x14000be50 _initterm_e
0x14000be58 _invalid_parameter_noinfo_noreturn
0x14000be60 _register_onexit_function
0x14000be68 _register_thread_local_exe_atexit_callback
0x14000be70 _seh_filter_exe
0x14000be78 _set_app_type
0x14000be80 exit
0x14000be88 terminate
api-ms-win-crt-string-l1-1-0.dll
0x14000be98 _stricmp
0x14000bea0 strlen
0x14000bea8 wcscat_s
api-ms-win-crt-heap-l1-1-0.dll
0x14000beb8 _callnewh
0x14000bec0 _set_new_mode
0x14000bec8 free
0x14000bed0 malloc
api-ms-win-crt-math-l1-1-0.dll
0x14000bee0 __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll
0x14000bef0 _configthreadlocale
EAT(Export Address Table) is none
KERNEL32.dll
0x14000bc50 CloseHandle
0x14000bc58 CreateFileW
0x14000bc60 EnumCalendarInfoW
0x14000bc68 FindClose
0x14000bc70 FindFirstFileW
0x14000bc78 FindNextFileW
0x14000bc80 GetCurrentProcess
0x14000bc88 GetCurrentProcessId
0x14000bc90 GetCurrentThreadId
0x14000bc98 GetFileSize
0x14000bca0 GetModuleFileNameW
0x14000bca8 GetModuleHandleA
0x14000bcb0 GetModuleHandleW
0x14000bcb8 GetProcAddress
0x14000bcc0 GetStartupInfoW
0x14000bcc8 GetSystemDirectoryW
0x14000bcd0 GetSystemTimeAsFileTime
0x14000bcd8 InitializeSListHead
0x14000bce0 IsDebuggerPresent
0x14000bce8 IsProcessorFeaturePresent
0x14000bcf0 QueryPerformanceCounter
0x14000bcf8 ReadFile
0x14000bd00 RegisterApplicationRestart
0x14000bd08 RtlCaptureContext
0x14000bd10 RtlLookupFunctionEntry
0x14000bd18 RtlVirtualUnwind
0x14000bd20 SetFilePointer
0x14000bd28 SetUnhandledExceptionFilter
0x14000bd30 TerminateProcess
0x14000bd38 UnhandledExceptionFilter
0x14000bd40 VirtualProtect
0x14000bd48 WriteProcessMemory
ADVAPI32.dll
0x14000bd58 RegOpenKeyExW
0x14000bd60 RegSetValueExA
MSVCP140.dll
0x14000bd70 ?_Xlength_error@std@@YAXPEBD@Z
api-ms-win-core-path-l1-1-0.dll
0x14000bd80 PathCchRemoveFileSpec
VCRUNTIME140.dll
0x14000bd90 _CxxThrowException
0x14000bd98 __C_specific_handler
0x14000bda0 __CxxFrameHandler3
0x14000bda8 __current_exception
0x14000bdb0 __current_exception_context
0x14000bdb8 __std_exception_copy
0x14000bdc0 __std_exception_destroy
0x14000bdc8 memcpy
0x14000bdd0 memmove
0x14000bdd8 memset
api-ms-win-crt-stdio-l1-1-0.dll
0x14000bde8 __p__commode
0x14000bdf0 __stdio_common_vswprintf
0x14000bdf8 _set_fmode
api-ms-win-crt-runtime-l1-1-0.dll
0x14000be08 _c_exit
0x14000be10 _cexit
0x14000be18 _configure_narrow_argv
0x14000be20 _crt_atexit
0x14000be28 _exit
0x14000be30 _get_narrow_winmain_command_line
0x14000be38 _initialize_narrow_environment
0x14000be40 _initialize_onexit_table
0x14000be48 _initterm
0x14000be50 _initterm_e
0x14000be58 _invalid_parameter_noinfo_noreturn
0x14000be60 _register_onexit_function
0x14000be68 _register_thread_local_exe_atexit_callback
0x14000be70 _seh_filter_exe
0x14000be78 _set_app_type
0x14000be80 exit
0x14000be88 terminate
api-ms-win-crt-string-l1-1-0.dll
0x14000be98 _stricmp
0x14000bea0 strlen
0x14000bea8 wcscat_s
api-ms-win-crt-heap-l1-1-0.dll
0x14000beb8 _callnewh
0x14000bec0 _set_new_mode
0x14000bec8 free
0x14000bed0 malloc
api-ms-win-crt-math-l1-1-0.dll
0x14000bee0 __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll
0x14000bef0 _configthreadlocale
EAT(Export Address Table) is none